01-14-2009 8:18 AM
Hi gurus,
I need to know when a user has logged in our system using SSO, or if he has used his password, but I don't find anything about.
Could you tell me how can I log this parameter??
Thank you
Pablo
01-15-2009 9:29 AM
Hi Pablo,
from my knowledge the way of logging on is not recorded (also not in SM19). There is only one way to trace the way of logging in, which should be used only for short term (as the data volume is high) as per [SAP Note 495911|https://service.sap.com/sap/support/notes/495911]
b.rgds,
Bernhard
01-15-2009 10:22 AM
> from my knowledge the way of logging on is not recorded (also not in SM19).
Sorry, that's wrong - of course this information is contained in the Security Audit Log entry.
01-15-2009 10:36 AM
01-15-2009 10:47 AM
01-15-2009 10:54 AM
I just checked and the SM19 logs only give the Type of login and the result, but not the Authentication method.
I remember a similar thread a while ago which discussed the various options available (including both the audit log and the trace mentioned by Bernhard).
The search indexes are currently not working very well, but I will add a link to it when I find it (or you might find it first).
Found via google =>
Cheers,
Julius
Edited by: Julius Bussche on Jan 15, 2009 12:02 PM
Added reference.
01-15-2009 10:55 AM
Thanks Rajvansh,
I know this trax. But when I audit login events and look for access type, I have just this options:
The user has logged onto the system.
Possible Types (= Access Types):
A = Dialog logon (SAPGUI)
B = Background job start
H = HTTP logon
U = User switch (internal call)
' ' = Password check (API, internal call)
SSO and password access have the same type "A". Here are two examples:
11:46:59 XXXXX XXXX SESSION_MANAGER SAPMSYST Logon Successful (Type=A)
11:47:08 XXXXX XXXX SESSION_MANAGER SAPMSYST Logon Successful (Type=A)
Could you help me??
01-15-2009 11:08 AM
> And where can I find this information? How can I access to it?
Are you looking for a programmatic check?
If yes, for which purpose?
The Security Audit Log is controlled by ABAP transactions SM19 and SM20.
This allows to audit events (SM20 looks similiar to the System Log, SM21).
01-15-2009 11:29 AM
Hello Wolfgang,
I just need to know which users are using SSO and which are using the tradicional logon method.
Best regards
01-15-2009 11:44 AM
Thank you very much Julius.
I realize that size of this logs is a problem, and I need a permanent solution. Maybe it would be a good idea develop a Z program to extract relevant information from it (for example, each night or more frecuently) and clear files.
What do you think about this?
01-15-2009 1:03 PM
> I just checked and the SM19 logs only give the Type of login and the result, but not the Authentication method.
Oh, well - I was wrong.
Yes, only in case of unsucessful logon attempts the return code is contained in the audit log. And the return code is a clear indicator (see SAP Note 320991) for the attempted authentication method.
So it's true - the Security Audit Log does not tell you how the user was authenticated.
01-15-2009 1:14 PM
> Hello Wolfgang,
>
> I just need to know which users are using SSO and which are using the tradicional logon method.
>
> Best regards
For which purpose?
If for auditing, then the Security Audit Log should be enriched by the missing feature (to log also the "effective authentication method" respectively the "attempted authentication method"). Unfortenately that feature request requires a coordinated ABAP and kernel patch; most likely it will be rejected (for shipped releases).
If you intend to programmatically check on the "effective authentication method" in order to use this for access control decisions, then the answer is: sorry, but we do not offer such a feature.
Assuming that you intend to simply log which user is using SNC when logging onto an ABAP system with SAPGUI, then there is a kind of solution for you:
you can use the existing SAPGUI logon user-exit (see SAP Note 37724) to call function module SNC_GET_MY_INFO in order to check whether your communication partner (= SAPGUI) has a (valid) SNC name (PNAME_USER NE SPACE). In that particular case, this is equivalent to "user has authenticated via SNC". And I assume that this is what you intended (notice: you cannot determine whether the user has logged onto the system using SAPGUI with SAP Logon Tickets, i.e. when using some Portal iViews).
01-15-2009 2:32 PM
> Oh, well - I was wrong.
I was also sure that I had seen something like it before.
> Yes, only in case of unsucessful logon attempts the return code is contained in the audit log. And the return code is a clear indicator (see SAP Note 320991) for the attempted authentication method.
So you were half correct, but the wrong half
I guess that as an information source (to be able to do something to a set of users) one could see whether the user is still using the password even although they have other authentication methods available by the fact that they change the passwords (or simply instruct the system to delete the password when they use a non-ABAP password to authenticate).
For forensics, this might be a bit more difficult though (except for initial passwords used for the first time). But there might be some obscure way of finding out. Unfortunately I cannot remember exactly what my idea was in the thread with Tim (see link above) - but in the end it was not viable if I do remember that part correctly.
I will dig around in my mails to see whether I can find it.
Cheers,
Julius
01-16-2009 1:28 PM
10-08-2015 8:47 PM
Hi Pablo,
I know its old thread but still would like to know whether you got solution what you are looking for.
because I am also looking for information on about tables or place where SAP stores the information about the authentication method which user used to logon to SAP system. for example like below
Logon successful (type=A, method=P ) - Means user logged on using SAP GUI using user name and password
Logon successful (type=A, method=H) - Means user logged on using SSO.
Please share me the information if you have answers.
Regards,
Krishna R
12-21-2015 3:05 AM
Hi Krishna,
We are using SSO to login to SAP system. I have checked the SM20 logs for myself.
I see multiple entries with Logon Type as 'A' & 'B' and method as 'T' & 'P'. I don't know why the logon method is shown as 'P' when I always login with SSO.
Regards,
Surya
04-13-2016 8:18 PM