on 2004 Sep 20 12:53 AM
Hi,
I'm configured my portal to authenticate against LDAP,
with NT Authentication,my SAP R3 systems is based with on employee number for example ( a field inside the ADS )
Is there away to create a SAPLOGON Ticket with another
attribute beside the Username ?? How can I configure the
value transfered to the SAPLOGON Ticket?
thanks
Amit Yosha
Hi Amit,
you can configure the portal to add (exactly one!) second user ID to a user's SAP Logon Ticket (the portal's ID will always be present). For logon attempts to SAP systems, this ID will be used instead of the defaul ID.
This second ID will always be a user's logon ID of a designated SAP ABAP sytem (e.g. R/3), called the SAP reference system.
To do so, create (if not already done) an entry for the system in the system landscape editor (use template SAP_R3_Dedicated or SAP_R3_LoadBalanced, whatever applies to your environment). Be sure to set the attribute "R/3 reference system" to 1 and to set the user mapping type to "user". Also, don't forget to assign an alias for the system object.
Now users can map their portal user ID to the reference system's ID by selecting "personalize" --> "user mapping" and then choosing the reference system.
For more information, see also the portal's security guide, available on service.sap.com/securityguide.
Regards,
Dominik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yuri,
I regret you can't. The ticket holds a maximum of two user IDs: One for the portal and non-SAP applications, the second one (if a reference system has been defined) for SAP servers.
Thus, if you non-SAP system uses IDs different from the portal ID, you will have to perform the mapping on your own in the backend system.
Regards,
DOminik
Yuri,
it means that you will retrieve the user ID from the ticket and perform a lookup (using some custom coding) against a mapping table, say a database or an LDAP directory. You won't change the ticket itself because
a) you would need the isssuing system's private kesy for this
b) you would need a "tickt creation API" for this
c) this would cause the ticket to become invalid for the portal.
Hope I could make things clear regarding the user mapping.
Bye,
Dominik
User | Count |
---|---|
68 | |
10 | |
10 | |
7 | |
6 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.