cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC CUP 5.3 SP06: Single Sign-On

Go to solution
Former Member

on ‎02-14-2009 2:05 PM

0 Kudos

Has anyone gotten single sign-on with Compliant User Provisioning to work? I've got my java stack authenticating kerberos tickets through SPNEGO with LDAP as the user data source. It works fine on every other application (RAR, SPM, ERM) except for CUP, which requires users to login. Is there anyway to force single sign-on inside of CUP or will my users always be required to type in their passwords for requesting and approving access?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-14-2009 5:26 PM
0 Kudos

Hi !

SSO can embedded in the Portal system using the AC Launchpad. Portal administrator can create a URL iview and hence the Launchpad can be accessed from Portal . Have you tried this way?

Show replies
Show replies

Answers (3)

Answers (3)

Former Member
‎02-19-2009 10:06 PM
0 Kudos

William,

There used to be a guide about this on BPX but it seems SAP is reorganizing it. One of my customer has done this and it is working fine for them.

Regards,

Alpesh

Show replies
Show replies
Former Member
‎02-16-2009 6:02 AM
0 Kudos

Frank,

For me, the AC launch pad opens the approver page directly. The link takes you to main page of CUP and I don't need to click on user login link.

That is how AC launch pad works.

Regards,

Alpesh

Show replies
Show replies
koehntopp
Product and Topic Expert
Product and Topic Expert
‎02-16-2009 9:02 AM
0 Kudos

Hi Alpesh,

I'm well aware how launch pad works

Still, what people are looking for is SSO from the link in their email to the individual request approval page.

The link an approver receives will not send you to launch pad, so no SSO.

Frank.

Former Member
‎02-16-2009 2:45 PM
0 Kudos

Frank's got it spot-on. I realize that we can SSO to the launchpad, which I can do now, but I can't have my requestors go through the launchpad to make new CUP requests. They must go to the requestor page. Do you have any idea if this is on the plans for CUP, Frank?

former_member366047
Contributor
‎02-18-2009 5:57 PM
0 Kudos

William-

You can have your Requestors go directly into the Requestor page, via SSO. For Kerberos, you have to set up a redirection. We have several customers that are utilizing this. There will be a How-to-Guide published in BPX very soon in how to set that up for GRC.

Ankur

SAPBusinessObjects GRC RIG

Former Member
‎02-19-2009 10:03 PM
0 Kudos

Ankur,

How soon will this how-to guide be available? Do you, by any chance, have any tips on me getting this information now? I have a hard go-live date coming up the first week of March that would make this information very useful.

Thanks.

former_member366047
Contributor
‎02-20-2009 12:38 AM
0 Kudos

William-

It will be posted by next week at the latest. I would keep checking.

Ankur

SAPBusinessObjects GRC

Former Member
‎02-20-2009 8:57 AM
0 Kudos

Hi William,

we have successfully configured SSO redirecting with SAP note 1252589.

There's a small redirect application attached - the requestors then get a different link using the redirect URL, will be authenticated and led to the request form.

Hope that helps.

Regards,

Daniela

Former Member
‎02-23-2009 4:35 PM
0 Kudos

Daniela,

Thank you, that's exactly what I was looking for, but I'm currently getting an error stating the following:

Application error occurred during request processing. 
  Details:   com.sap.engine.services.servlets_jsp.server.exceptions.WebIllegalArgumentException: Cannot redirect to "null" location.

My redirection URL looks like this:

http://<server>:<port>/RedirectApp/?redirecturl=http://<server>:<port>/AE/index.jsp

Does that look right? What support pack were you able to get this working on?

Former Member
‎02-23-2009 4:48 PM
0 Kudos

Ok, the link from the e-mail works correctly without the above error; it signs on the approver automatically, but what would be the link that I would send my requestors to to sign them in automatically?

Former Member
‎02-14-2009 7:46 PM
0 Kudos

William,

I agree with Sahad. I have done SSO implementation for AC at couple of customers. I created a document about this when I was at SAP. I can not find that document but here is a link to another document.

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/7010a978-038e-2b10-3e8d-bc8e9a4d...

Regards,

Alpesh

Show replies
Show replies
koehntopp
Product and Topic Expert
Product and Topic Expert
‎02-14-2009 10:14 PM
0 Kudos

My guess is that the real question is not wether you can SSO to the AC Launchpad (which you can easily), but whether a CUP approver can click on a link and get to the approval screen without having to log in again.

As the CUP approval link does not go via the Launchpad, this is currently not possible.

Ask a Question