cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AS-Java Landscape using Portal UME

Go to solution
Former Member

on ‎03-13-2006 6:48 AM

0 Kudos

Greetings,

We have an EP6 portal and AS-Java application server to run J2EE applications.

The Portal UME is configured to authenticate users against both LDAP (AD) and WAS DB.

Users access the J2EE applications through the portal, and therefore will have a Logon ticket issued by the Portal. I wish to configure the AS-Java server to:

1) accept SAP Logon Tickets issued by the portal (this is well documented so should be straight forward).

2) authenticate the users against the same data sources as the portal (they are the same users).

To do the second step, I assume that the AS-Java server would need to go through the Portal's UME? This step is not clear and I cannot find any documentation on it.

Is this the right approach? If not - what is the correct architecture to SSO from the Portal onto the AS-Java server? If so - how do I find the documentation to configure this?

Thanks,,,

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

MichaelShea
Product and Topic Expert
Product and Topic Expert
‎03-13-2006 8:01 AM
0 Kudos

The UME is a component of the AS. The portal uses the UME of the AS for authentication. If you attempt to authenticate at the AS level, then the UME is used.

http://help.sap.com/saphelp_nw04s/helpdata/en/5b/5d2706ebc04e4d98036f2e1dcfd47d/frameset.htm

The portal is just one application that can make use of the UME.

Did I answer your question? Or am I being dense?

-Michael

Show replies
Show replies
Former Member
‎03-14-2006 2:14 AM
0 Kudos

Micheal,

Thanks for the answer - I'm probably not being very clear.

I'm OK with the UME concepts. My issue is that a user of the portal, and the applications running on a seperate AS-Java instance is stored in either the Portals Database or Active Directory LDAP depending on whether they are an external users (DB) or employee (AD). No problems accessing AD from the AS-Java instance, but I want to also authenicate users against the Portal Database (this is what I am trying to work out).

To do this, do I point the AS-Java UME to the Portal UME, or simply reference the Portal UME from the Java applicatiuon running on the AS-Java instance?

Cheers...

MichaelShea
Product and Topic Expert
Product and Topic Expert
‎03-14-2006 7:42 AM
0 Kudos

Kim,

After speaking to my colleagues, I came up with the following.

The architecture of the AS Java does not allow you to share the local database. With that in mind, I have the following suggestions.

1. Migrate your application to the same server as the portal. This way they access the same user sources.

2. Create a second LDAP for external users with read-write access. Both the UME in the portal system and the plain AS for Java system then use both LDAPs as the data sources. This option is technically more complicated and may require you to make some comprimizes on how you configure UME properties. I recommend you get some consulting help with that option.

Hope this helps!

-Michael

Former Member
‎03-14-2006 10:40 PM
0 Kudos

Micheal,

Thanks - appreciate that.

We are considering Option 1, but like some of the independance that comes with having a seperate system for the J2EE applications, e.g. the ability to shut down Java for maintenance without bringing the portal down.

The main reason that we store external users in the Database is that we need the EP6 password management capabilities and these are only possible with the Database - not LDAP.

Question: is there a way of configuring AS-Java to use the Portal's UME rather than it's own? This would solve the problem. Or as you say - is it not possible to share the local Database? I understand that you wouldn't be able to share the database directly but am wondering if there is a way of sharing a UME?

Thanks again.

MichaelShea
Product and Topic Expert
Product and Topic Expert
‎03-15-2006 6:51 AM
0 Kudos

Sorry Kim, as far as I know it cannot be done.

-Michael

Former Member
‎03-16-2006 1:30 AM
0 Kudos

Thanks anyway.

Answers (0)

Ask a Question