cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP AD with SSO XI 31

Former Member
0 Kudos

Hi everybody

I´m trying to configure LDAP AD with Single Sign On but in BO documentation only can find that this is possible with SiteMinder.

Somebody plz can tell me how Configure LDAP SSO with SiteMinder? and if exists another way to do this without SiteMinder.

Thanks.

BO: XI 3.1

SO: Windows Server 2003

LDAP AD

View Entire Topic
BasicTek
Advisor
Advisor
0 Kudos

Do you intend to use the LDAP plugin or the AD one? You have much better SSO options with the AD one (see the sticky post at the top of this forum).

Regards,

Tim

Former Member
0 Kudos

Hi Tim,

I am already using a LDAP authentication which is connecting to a Windows AD server (because at the future we will work in Linux). At this moment I can login using my AD User and in authentication type in Infoview I choose LDAP. Everything is ok but now we want to implement SSO and in BO Documentation I read this is possible with Siteminder (I think CA Siteminder or exists another similar product???) I want to now How I can configure SSO for a LDAP authentication with Siteminder and if is necesary to use Siteminder or exists another way??

We are developing a .net application and we want this app can open a BO document but without to re-enter a user and password again. BO has a LDAP Authentication at this moment using a Windows AD Server (LDAP -AD).

Do you think that is possible to use this authentication with Siteminder to obtain SSO and in this way obtain that application can open a document with credentials of the computer (AD Credentials).??

Thanks for your help.

BasicTek
Advisor
Advisor
0 Kudos

siteminder is a 3rd party app and configuration should be sought through their company's docs.

If you have users that are authenticated with siteminder then we can auto log them into BO by either configuring the LDAP - siteminder plugin to the siteminder web agent. Requires 6x web agent running in 4x compatibility mode with a shared secret enabled.

We can also pass the usernames using trusted authentication. requires the user parameter that siteminder uses to store the username (usually sm-user).

If you plan to keep your CMS on windows then SSO is a piece of cake no and no 3rd party programs would be required. With the CMS on "nix" you will need to authenticate prior to accessing the BO system for any type of SSO. Honestly SSO is not the right description in both cases above it's trusted auth (passwords are never negotiated just usernames passed).

Regards,

Tim

Former Member
0 Kudos

Hi Tim.

Thanks for reply.

You can explain about trusted authentication, we are trying with this but I believe something is missing. We follow the steps in BO documentation, we enabled trusted authentication in Enterprise authentication and made changes in web.xml. Plz you can send me steps for this configuration and what else we must change I believe login page must change but we dont know how.

Thanks in advance.

Sandra

BasicTek
Advisor
Advisor
0 Kudos

trusted authentication is documented in the XI 3.1 admin guide located on help.sap.com

You must supply the authentication external to BO and then select one of the methods to supply the username to BO (REMOTE_USER and HTTP_HEADER are the most commonly used).

Until you know what 3rd party product will be supplying username to BO and how they will be passed there is nothing to configure as the steps are fully dependent on this info.

Regards,

Tim