on 02-14-2009 2:05 PM
Has anyone gotten single sign-on with Compliant User Provisioning to work? I've got my java stack authenticating kerberos tickets through SPNEGO with LDAP as the user data source. It works fine on every other application (RAR, SPM, ERM) except for CUP, which requires users to login. Is there anyway to force single sign-on inside of CUP or will my users always be required to type in their passwords for requesting and approving access?
Hi !
SSO can embedded in the Portal system using the AC Launchpad. Portal administrator can create a URL iview and hence the Launchpad can be accessed from Portal . Have you tried this way?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
William,
There used to be a guide about this on BPX but it seems SAP is reorganizing it. One of my customer has done this and it is working fine for them.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Frank,
For me, the AC launch pad opens the approver page directly. The link takes you to main page of CUP and I don't need to click on user login link.
That is how AC launch pad works.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
William-
You can have your Requestors go directly into the Requestor page, via SSO. For Kerberos, you have to set up a redirection. We have several customers that are utilizing this. There will be a How-to-Guide published in BPX very soon in how to set that up for GRC.
Ankur
SAPBusinessObjects GRC RIG
Daniela,
Thank you, that's exactly what I was looking for, but I'm currently getting an error stating the following:
Application error occurred during request processing.
Details: com.sap.engine.services.servlets_jsp.server.exceptions.WebIllegalArgumentException: Cannot redirect to "null" location.
My redirection URL looks like this:
http://<server>:<port>/RedirectApp/?redirecturl=http://<server>:<port>/AE/index.jsp
Does that look right? What support pack were you able to get this working on?
William,
I agree with Sahad. I have done SSO implementation for AC at couple of customers. I created a document about this when I was at SAP. I can not find that document but here is a link to another document.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
My guess is that the real question is not wether you can SSO to the AC Launchpad (which you can easily), but whether a CUP approver can click on a link and get to the approval screen without having to log in again.
As the CUP approval link does not go via the Launchpad, this is currently not possible.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.