Launch SAP GUI from browser
I first wrote this article on my blog , so that I wouldn’t look and remember again, but since no one reads the blog, I wanted to share this information with everyone who suddenly came in handy.
While working on the idea of a password reset service in SAP R / 3 systems, the question arose of how to launch the SAP GUI with the necessary parameters from the browser? Since this idea implied the use of a web service, first processing SOAP from SAP GUI at the request and sending an email with a link to a web page with a password reset script to the initial one, and then displaying to the user a message about successful password reset and displaying this initial password , I wanted that on this page there was also a link to launch SAP GUI. Moreover, this link would open the necessary system, moreover, preferably, immediately with the login and password fields filled in: the user would only have to fill in the productive password twice.
Launching SAP Logon - for our purpose it was not interesting, and when launching sapgui.exe it was impossible to specify the client and user name, but it was possible to start a system that was not defined in SAP Logon. On the other hand, the launch of the SAP GUI with arbitrary server parameters was not particularly relevant: if we solve the problem of resetting a user password, then most likely he already has the necessary string in SAP Logon, with the necessary settings and does not have to go with his own. But the specified requirements were met by the SAP GUI Shortcut technology and the actual sapshcut.exe program, which made it possible to run the SAP GUI using a certain “shortcut”.
Solving the problem in the forehead: running sapshcut.exe directly from the browser using an ActiveX object:
')
The solution is bad: firstly, it works only in Internet Explorer, secondly, it requires appropriate security settings in the browser, which in the organization can be banned at the domain level, and even if allowed, the browser gives the user a window with a frightening warning:
Solution №2 dug up on the Internet: creating your own web protocol . Allows you to run the application you need via a link indicating the protocol that we register in Windows in the registry in the HKEY_CLASSES_ROOT section. Since SAP GUI Shortcut has its own section in this section, you can add a URL Protocol string parameter with an empty value:
This protocol runs sapgui.exe with the / SHORTCUT parameter, which is what we need:
Well, or if we want to make an arbitrary protocol (for example, sapshcut ), then you can register it using the following reg-file:
Now, if we make a link on the web page with the Sapgui.Shortcut.File protocol in the same way:
we should see a window like this:
And everything seems fine, but when you click on the button "Allow" we see:
Oops, the browser turned the space into% 20. Well, other characters will also be encoded into their numeric code with the percent symbol. And the most annoying thing is that nothing can be done at the browser level (everything is done according to the standard) - the browser does not like these characters, and the Windows command interpreter does not work with such coded values. And one more minus - the whole string is passed as a parameter, including the name of the protocol and even a colon ( sapgui.shortcut.file:) . Moreover, although the same sapshcut.exe can discard everything that is not a parameter for it (it starts with the symbol “-“, then the name, “=” and the value), i.e. a line like " sapgui.shortcut.file: -system = SID " still rolls, then without a space " sapgui.shortcut.file: -system = SID " does not work anymore.
It turns out that, in principle, there are two options for using a URI protocol:
Those. This option is also discarded as unfit for us.
Then I began to think that I’ll have to say goodbye to the idea of running the SAP GUI with the necessary parameters from the browser, but then I had the idea that you could make a shortcut in SAP Logon and copy it to the desktop. I used this method once, but before that the label file was not specifically looked at. And it turned out that this shortcut is a plain text file with the extension .sap . And if you run it in Windows, the SAP GUI starts up with the parameters specified in this file. "Bingo!"
The format of this file is approximately the following (there may still be a transaction to be started at the start, but I omitted it):
It seems to be all that is needed: the system identifier, the client, and the user name, and even the password. And even additional parameters: Title - window title, GuiSize - the size of the running window (full screen or not) and Reuse - whether to open a new window or use one already open with the same system. But immediately a nuance came out - the SAP Logon password could not be set, the line was blocked. It turned out that this was done for security reasons: it stores all the shortcuts created in SAP Logon in the sapshortcut.ini file (next to saplogon.ini in the Windows user profile) and there, although they are encrypted, they are not too strong and you can decode. But you can also allow it by changing the value of one parameter in the registry (the default value is 0 ):
This unlocks the "Password" field on the label creation form in SAP Logon for input:
And when entering a password in this field, it will be placed in the corresponding line
sapshortcut.ini , but when dragging a shortcut to the desktop, it doesn’t appear there - but you can add it there manually. The password is encrypted, for 111111 it will be the following: PW_49B02219D1F6, for 222222 - PW_4AB3211AD2F5. But we are more interested in the fact that this password is encrypted in one way, independent of the particular PC, and if we reset the password to the initial one, then we can use one previously known value in this field. Well, if we want to use a randomly created password, then we will have to understand the algorithm of this cipher. But, judging by the examples given, it will be easy to do. By the way, in SAP GUI 7.40 this field disappeared altogether from the form, but it correctly perceives the file with the filled-in password.
That is, it turns out that in the browser it is enough to click on the link to the file with the .sap extension and with the required format - and it will offer to open it as a file of the SAP GUI Shortcut type (of course, on a PC with an installed SAP GUI) and open the SAP GUI window with the specified parameters (if the SID pair and client are in the SAP Logon list on this PC).
But it is clear that no one will simply create and store files on the site in advance - they must be generated on the basis of the necessary parameters. For example, you can create a PHP script to generate shortcuts ( sapshcut.php ):
If you do not specify a username and password, we get the following window with login and password requests:
If you transfer only the login - the login field will be filled, and the password field is empty. If we give the user both the login and password, but the user on the PC in the registry has the EnablePassword key in the [HKEY_CURRENT_USER \ Software \ SAP \ SAPShortcut \ Security] section set to 0, then we will get the same. And only if this key is set to 1 and we transfer both the name and the initial password, the system will immediately ask you to enter the new permanent password twice. What was required to get.
As a result, we have the following set of options considered as an illustration of the above:
I came up with the last option. But it is also possible, instead of generating SAP shortcuts, to use, for example, the generation of CMD files, which, when opened from a browser, will open the SAP GUI window for you. Below is an example ( sapguicmd.php ) of a direct launch of the SAP GUI with the full connection string, without the need to have an SAP Logon configured:
While working on the idea of a password reset service in SAP R / 3 systems, the question arose of how to launch the SAP GUI with the necessary parameters from the browser? Since this idea implied the use of a web service, first processing SOAP from SAP GUI at the request and sending an email with a link to a web page with a password reset script to the initial one, and then displaying to the user a message about successful password reset and displaying this initial password , I wanted that on this page there was also a link to launch SAP GUI. Moreover, this link would open the necessary system, moreover, preferably, immediately with the login and password fields filled in: the user would only have to fill in the productive password twice.
Launching SAP Logon - for our purpose it was not interesting, and when launching sapgui.exe it was impossible to specify the client and user name, but it was possible to start a system that was not defined in SAP Logon. On the other hand, the launch of the SAP GUI with arbitrary server parameters was not particularly relevant: if we solve the problem of resetting a user password, then most likely he already has the necessary string in SAP Logon, with the necessary settings and does not have to go with his own. But the specified requirements were met by the SAP GUI Shortcut technology and the actual sapshcut.exe program, which made it possible to run the SAP GUI using a certain “shortcut”.
Solving the problem in the forehead: running sapshcut.exe directly from the browser using an ActiveX object:
')
function openSAPGui(sid, client, user, password) { var shell = new ActiveXObject("WScript.Shell"); shell.run('sapshcut.exe -system="'+sid+'" -client='+client+' -user="'+user+'" -pw="'+password+'" -language=RU'); } The solution is bad: firstly, it works only in Internet Explorer, secondly, it requires appropriate security settings in the browser, which in the organization can be banned at the domain level, and even if allowed, the browser gives the user a window with a frightening warning:
Solution №2 dug up on the Internet: creating your own web protocol . Allows you to run the application you need via a link indicating the protocol that we register in Windows in the registry in the HKEY_CLASSES_ROOT section. Since SAP GUI Shortcut has its own section in this section, you can add a URL Protocol string parameter with an empty value:
This protocol runs sapgui.exe with the / SHORTCUT parameter, which is what we need:
Well, or if we want to make an arbitrary protocol (for example, sapshcut ), then you can register it using the following reg-file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\sapshcut]
@="sapshcut Handler"
"URL Protocol"=""
[HKEY_CLASSES_ROOT\sapshcut\DefaultIcon]
@="sapshcut.exe"
[HKEY_CLASSES_ROOT\sapshcut\shell]
[HKEY_CLASSES_ROOT\sapshcut\shell\open]
[HKEY_CLASSES_ROOT\sapshcut\shell\open\command]
@="sapshcut.exe \"%1\""
Now, if we make a link on the web page with the Sapgui.Shortcut.File protocol in the same way:
<a href='Sapgui.Shortcut.File: -system=SID -client=200'>SID200</a>
we should see a window like this:
And everything seems fine, but when you click on the button "Allow" we see:
Oops, the browser turned the space into% 20. Well, other characters will also be encoded into their numeric code with the percent symbol. And the most annoying thing is that nothing can be done at the browser level (everything is done according to the standard) - the browser does not like these characters, and the Windows command interpreter does not work with such coded values. And one more minus - the whole string is passed as a parameter, including the name of the protocol and even a colon ( sapgui.shortcut.file:) . Moreover, although the same sapshcut.exe can discard everything that is not a parameter for it (it starts with the symbol “-“, then the name, “=” and the value), i.e. a line like " sapgui.shortcut.file: -system = SID " still rolls, then without a space " sapgui.shortcut.file: -system = SID " does not work anymore.
It turns out that, in principle, there are two options for using a URI protocol:
- Use without parameters: We create a whole bunch of protocols for all our systems of the SIDMANDT type, such as AAA200 , BBB200 , etc. If you just need to run the system you need, then the option is quite working, but in our case it doesn’t fit, since you want to transfer the user’s login too, and you don’t do it in this way.
- Use a wrapper program to call sapshcut.exe or sapgui.exe . The essence of this program is simple - it should take the line that the browser sends to it via the web protocol and turn it into the representation that Windows accepts, i.e. turns all character codes back into characters (maybe even parses the string by parameters) and already calls the SAP GUI guaranteed by the right command. In our case, it also doesn’t quite fit (so I didn’t even write it), because it’s already not enough for us to add the protocol to all user PCs (it’s still all over the domain, although it’s better to avoid this practice), but we’ll need to add program to place on the PC, and even constantly monitor that it will not go away when reinstalling the software on the PC.
Those. This option is also discarded as unfit for us.
Then I began to think that I’ll have to say goodbye to the idea of running the SAP GUI with the necessary parameters from the browser, but then I had the idea that you could make a shortcut in SAP Logon and copy it to the desktop. I used this method once, but before that the label file was not specifically looked at. And it turned out that this shortcut is a plain text file with the extension .sap . And if you run it in Windows, the SAP GUI starts up with the parameters specified in this file. "Bingo!"
The format of this file is approximately the following (there may still be a transaction to be started at the start, but I omitted it):
[System]
Name=SID
Client=200
[User]
Name=
Language=RU
Password=
[Function]
Title=
[Configuration]
GuiSize=Maximized
[Options]
Reuse=0
It seems to be all that is needed: the system identifier, the client, and the user name, and even the password. And even additional parameters: Title - window title, GuiSize - the size of the running window (full screen or not) and Reuse - whether to open a new window or use one already open with the same system. But immediately a nuance came out - the SAP Logon password could not be set, the line was blocked. It turned out that this was done for security reasons: it stores all the shortcuts created in SAP Logon in the sapshortcut.ini file (next to saplogon.ini in the Windows user profile) and there, although they are encrypted, they are not too strong and you can decode. But you can also allow it by changing the value of one parameter in the registry (the default value is 0 ):
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\SAP\SAPShortcut\Security]
"EnablePassword"="1"
This unlocks the "Password" field on the label creation form in SAP Logon for input:
And when entering a password in this field, it will be placed in the corresponding line
sapshortcut.ini , but when dragging a shortcut to the desktop, it doesn’t appear there - but you can add it there manually. The password is encrypted, for 111111 it will be the following: PW_49B02219D1F6, for 222222 - PW_4AB3211AD2F5. But we are more interested in the fact that this password is encrypted in one way, independent of the particular PC, and if we reset the password to the initial one, then we can use one previously known value in this field. Well, if we want to use a randomly created password, then we will have to understand the algorithm of this cipher. But, judging by the examples given, it will be easy to do. By the way, in SAP GUI 7.40 this field disappeared altogether from the form, but it correctly perceives the file with the filled-in password.
That is, it turns out that in the browser it is enough to click on the link to the file with the .sap extension and with the required format - and it will offer to open it as a file of the SAP GUI Shortcut type (of course, on a PC with an installed SAP GUI) and open the SAP GUI window with the specified parameters (if the SID pair and client are in the SAP Logon list on this PC).
But it is clear that no one will simply create and store files on the site in advance - they must be generated on the basis of the necessary parameters. For example, you can create a PHP script to generate shortcuts ( sapshcut.php ):
<?php $queries = array(); parse_str($_SERVER['QUERY_STRING'], $queries); $Title = $queries['Title']; $Size = $queries['Size']; $SID = $queries['SID']; $Client = $queries['Client']; if($Client == '') { $Client=200; }; $Lang = $queries['Language']; if($Lang=='') { $Lang = 'RU'; }; $User = $queries['Username']; if($User<>'') { $Password = $queries['Password']; }; $filename = $SID.$Client.'.sap'; header('Content-disposition: attachment; filename='.$filename); header('Content-type: application/sap'); echo "[System]\r\n"; echo "Name=".$SID."\r\n"; echo "Client=".$Client."\r\n"; echo "[User]\r\n"; echo "Name=".$Username."\r\n"; echo "Language=".$Lang."\r\n"; if($Password<>'') echo "Password=".$Password."\r\n"; echo "[Function]\r\n"; if($Title<>'') {echo "Title=".$Title."\r\n";} else {echo "Title= \r\n";}; echo "[Configuration]\r\n"; if($Size=='max') { echo "GuiSize=Maximized\r\n"; }; echo "[Options]\r\n"; echo "Reuse=0\r\n"; ?>
If you do not specify a username and password, we get the following window with login and password requests:
If you transfer only the login - the login field will be filled, and the password field is empty. If we give the user both the login and password, but the user on the PC in the registry has the EnablePassword key in the [HKEY_CURRENT_USER \ Software \ SAP \ SAPShortcut \ Security] section set to 0, then we will get the same. And only if this key is set to 1 and we transfer both the name and the initial password, the system will immediately ask you to enter the new permanent password twice. What was required to get.
As a result, we have the following set of options considered as an illustration of the above:
<html> <head> <script> function openSAPGui(sid, client, user, password) { var shell = new ActiveXObject("WScript.Shell"); shell.run('sapshcut.exe -system="'+sid+'" -client='+client+' -user="'+user+'" -pw="'+password+'" -language=RU'); } </script> </head> <body> <a href='' onclick="javascript:openSAPGui('SID', '200', 'test', '');"/>Example 1: Execute sapshcut.exe (ActiveX)<br> <a href='Sapgui.Shortcut.File: -system=SID -client=200'>Example 2: Open sapshcut.exe (URI)</a><br> <a href='sapshcut.php?SID=SID&Client=200&User=test'>Example 3: Open file .sap (SAP GUI Shortcut)</a><br> </body> </html>
I came up with the last option. But it is also possible, instead of generating SAP shortcuts, to use, for example, the generation of CMD files, which, when opened from a browser, will open the SAP GUI window for you. Below is an example ( sapguicmd.php ) of a direct launch of the SAP GUI with the full connection string, without the need to have an SAP Logon configured:
<?php $queries = array(); parse_str($_SERVER['QUERY_STRING'], $queries); $Title = $queries['Title']; $ROUTER = $queries['ROUTER']; $ROUTERPORT = $queries['ROUTERPORT']; $HOST = $queries['HOST']; $PORT = $queries['PORT']; $MESS = $queries['MESS']; $LG = $queries['LG']; $filename = 'SAPGUI_'; if($MESS<>'') $filename = $filename.$MESS; if($HOST<>'') $filename = $filename.$HOST; if($PORT<>'') $filename = $filename.'_'.$PORT; $filename = $filename.'.cmd'; header('Content-disposition: attachment; filename='.$filename); header('Content-type: application/cmd'); echo "@echo off\r\n"; echo "chcp 1251\r\n"; echo "echo ".$Title."\r\n"; echo "set SAP_CODEPAGE=1504\r\n"; echo 'if exist "%ProgramFiles(x86)%\SAP\FrontEnd\SapGui\sapgui.exe" set gui=%ProgramFiles(x86)%\SAP\FrontEnd\SapGui\sapgui.exe'."\r\n"; echo 'if exist "%ProgramFiles%\SAP\FrontEnd\SapGui\sapgui.exe" set gui=%ProgramFiles%\SAP\FrontEnd\SapGui\sapgui.exe'."\r\n"; echo "set logon="; if($ROUTER<>'') echo "/H/".$ROUTER; if($ROUTERPORT<>'') echo "/S/".$ROUTERPORT; if($MESS<>'') echo "/M/".$MESS; if($HOST<>'') echo "/H/".$HOST; if($PORT<>'') echo "/S/".$PORT; if($LG<>'') echo "/G/".$LG; echo "\r\n"; echo '"%gui%" %logon%'."\r\n"; ?> Source: https://habr.com/ru/post/446998/
All Articles