cancel
Showing results for 
Search instead for 
Did you mean: 

Single Sign-On and password expiration

Former Member
0 Kudos
1,056

Hi

I would like to use SSO - mainly because of frequent logons in Solution Manager (ABAP<->webdynpro). I have SSO configured and working, but there are still few questions I would like to ask.

We have common admin user, which is a Service type user (its password does not expire, user can logon more than once). Because this admin user is shared between more administrators and has to be reliable, we decided to use password based SSO (no client certificates).

I have made some research, but I'm not able to find how to setup SSO for service type user, or how to exclude one dialog user from password expiration policy (in both ABAP and Java) and allow him more logons.

Ok, and now the promised question: what is the best scenario in this case? Or maybe better: how did you resolved this issue?

The system is Solman 7.1 SP08

Thanks

View Entire Topic
Former Member
0 Kudos

Hi,

Do you want user to login in Solution manager without password(SSO).

If yes then Can you connect this solution manager to any Active directory where all the user whome you want to SSO are present. IF yes them we can configure SPnego between this solution manager and Active directory which will allow then to login on the IE without password.

So it would looks like

Active direcory ------(Spnego)-----> SOLMAN url in IE ------(Certificate exchnages with backend abap)------> Sap webdynpro application.

If you activate SPnego and set parameter login/password_change_for_SSO=3 expiry will not take in account.

Hope this helps.

Thanks

Rishi abrol

Former Member
0 Kudos

Hi,

I know about this option, but it is not suitable for our needs.

But thanks for your help anyway

anujkhator
Explorer
0 Kudos

Hi Tomas,

With Netweaver 7.3 EHP 1 , Security policy can be set on individual users even in ABAP stack. You can use this setting to extend the password expiration period for few users.

Could you please elaborate more on your requirement of password based SSO. Are you referring to Auto-Enroll parameter set to OFF ?

Thanks,

Anuj

Former Member
0 Kudos

Anuj Suresh Khator wrote:

With Netweaver 7.3 EHP 1 , Security policy can be set on individual users even in ABAP stack. You can use this setting to extend the password expiration period for few users.

This is news to me. Can you share the details? Link to documentation, for example? Maybe you mean the following link? Cool stuff.

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/41/019a4dba8d4afcb9e6a12003e40a2a/frameset.htm

anujkhator
Explorer
0 Kudos

Samuli,

Yes, the link you have pasted in the above post is the correct one. It explains - how to create new security policies and assign it to users using SU01.

Thanks,

Anuj

Former Member
0 Kudos

Hi

This looks nice and I'm looking forward to try it. But I would like to use SSO in Solman, which is NW 7.0

But thanks anyway