- SAP Community
- Products and Technology
- Additional Q&A
- Single Sign on-Questions
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Single Sign on-Questions
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 12-15-2008 10:48 AM
Hi Gurus,
We are having more than 150 SAP systems with a mixuture of both Global and local systems, these systems are accessed by many users( Not all the users) across the globe. The systems in users log on pad are restricted based on the regions, Meaning user u201CXu201D from Asia pacific region, he or she can view systems be relevant to that region. All the users are supposed to access the SAP systems via single-sign on and this is implemented in our landscape. But we are getting frequent password change requests even though the SSO technology has been implemented. Based on the investigations we found that this issue is occurring due to incorrect SAP LOGON.INI file entry, which means the systems are not updated with correct SNC entries in the SAP LOGON.INI file.
We would like to know the below,
1). what can be the best approach to resolve the above reported problem?
2). Is there any provision to update the SAPLOGON.INI and SERVICE file centrally in SAP GUI software (Please note some of the users are having SAPLOGON.INI file locally). What we want to achieve is that if we make any changes to SAPLOGON.INI and SERVICES files at centrally located distribution point that should be reflected in the systems which are connected to this distribution point.
3). If the above requested provision is not available in the SAP GUI software, can you suggest any other tools which will full-fill the above requirement.
Looking forward for your expert suggestions.
Kind Regards
Praveen Kumar
Accepted Solutions (0)
Answers (3)
Answers (3)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Erik Jensen ,
Apologize, It is not clear to me yet, The operating system which we are using is WIndows 2003.
Seems it looks too technical to me..
Kind Regards
Praveen Kumar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Erik Jensen ,
Could you please explain more on this please, how and the procedures.
Please note The systems in users log on pad are restricted based on the regions, Meaning user u201CXu201D from Asia pacific region, he or she can only view systems be relevant to that region other systems will not be visible.
Thanks in advance!
Kind Regards
Praveen Kumar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
well, in any regard, it sounds like you need a way to provide different subsets of users different .ini files, right? I use network group membership here through Active Directory. So, in a logon script, I query that user's network membership. Essentially, if user is in X group, copy the X .ini. If in Y, then copy Y file, etc. If you are able to do something similar in using your network directory to determine the user's region, you should be able to give users the right systems in the pad. You could also call NwSapSetup packages containing the right .ini file too, although I haven't distributed files with NwSapSetup before (but it says you can do it).
I don't know what OS, directory structure, or SAPGUI versions you're running, but my script is like this:
>
ifmember "Americas"
if not errorlevel 1 goto ASIAtest
xcopy "
server\LogonScriptSource\Americas\saplogon.ini" c:\windows\ /y
:ASIAtest
ifmember "Asia"
if not errorlevel 1 goto Africatest
xcopy "
server\LogonScriptSource\Asia\saplogon.ini" c:\windows\ /y
...
Hope this helps a little, Erik
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
The current version of NwSapSetup allows you to package and distribute saplogon.ini (and other files probably too through scripting events) to remote clients. If you aren't using NwSapSetup, you can still copy the files through network logon scripts. I've done that before by checking network group membership through a script, and then xcopying the files to the local machines on startup.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Single supplier declaration per transaction - Preference Management in Financial Management Q&A
- C4C - COD_SALESORDER_SIMULATE return the error: Material & is not listed and therefore not allowed in CRM and CX Questions
- SAP Solution Manager System Availability Reports in Technology Q&A
- Maintenance Single Cycle Plan in Product Lifecycle Management Q&A
- Analyze Expensive ABAP Workload in the Cloud with Work Process Sampling in Technology Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.