Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

R3-UME password synchronization

Go to solution
Former Member

‎06-02-2009 3:38 PM

0 Kudos

Greetings

I have the users on the R3 systems who should change their password each period of time. Also I handle the user data base on the J2EE system using the SAP UME. This is for the webdynpro apps.

I would like to make that each time that an user change his password on R3 the J2EE system, or the webdynpro apps, for the user to change his password on the UME.

Ive been thinking on some developments to try to know when the user changed his password on R3 and use a webdynpro app to force the user to change his password on the UME.

I hope you can help me with some configuration solution or point me on the solution of the problem.

Thanks in advance

Jean Carlo

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎06-03-2009 12:22 PM

0 Kudos

this would be a major development. still, i advise against it. i'd go for a SSO (even a poor mans SSO could do for a little while) or at least providing the passwords for the whole landscape using a corporate LDAP.

11 REPLIES 11

Go to solution
Former Member

‎06-03-2009 12:22 PM

0 Kudos

this would be a major development. still, i advise against it. i'd go for a SSO (even a poor mans SSO could do for a little while) or at least providing the passwords for the whole landscape using a corporate LDAP.

Go to solution
Former Member

‎06-03-2009 12:28 PM

0 Kudos

Why don't you just point your UME to the ABAP system as user store?

Is this impacted by single stack systems?

Cheers,

Julius

Go to solution
tim_alsop
Active Contributor

‎06-03-2009 12:42 PM

0 Kudos

I agree with Julius - using ABAP as user store is an obvious solution. If you cannot do this for some reason, then you could consider using external authentication for both Java and ABAP stacks. In my experience, many companies decide to make both stacks use Active Directory as an authentication server. Then, passwords changed in Active Directory are effective when users logon to both environments and no need to do any custom development or sync passwords. There are many posts on this forum related to SSO and how to setup SSO with ABAP and JAVA environments.

Thanks,

Tim

Go to solution
Former Member

‎06-03-2009 5:28 PM

0 Kudos

thanks for the advice, but I have to deal with UME and ABAP for certains applications.

Now Im triying to at least change some UME parameters from the R3 system, on an user exit maybe

do you think this is possible?

Go to solution
Former Member

‎06-04-2009 11:07 AM

0 Kudos

I did some developments

A bapi on on the ABAP side check the password change date and on the J2EE side a function checks the password information on the UME side and then force the user to change his password if its needed

Your advice its very good, but for this one I cant change the way in wich user database were set up

Thanks

Go to solution
Former Member
In response to Former Member

‎06-04-2009 11:24 AM

0 Kudos

Out of curiosity, as you have 2 seperate user databases and the ABAP one is taking the lead here.

What happens if the user does not exist on the ABAP side?

What happens if the user voluntarily changes their password on the Java side the day before the ABAP system forces a new password?

Just some thoughts

Cheers,

Julius

Go to solution
Former Member

‎06-04-2009 12:26 PM

0 Kudos

If the user does not exist the Bapi will fail and no check would be made.

Im not checking the time the UME password has, the ABAP side is the one to be followed about the password time rule, so I will just compare time date of both to make a choice.

The idea was kind of take the User Exit of the password change on ABAP and mark the corresponding UME user as "password change needed".

Go to solution
Former Member
In response to Former Member

‎06-04-2009 12:38 PM

0 Kudos

If they anyway need to remember 2 passwords and have the possibility of them being different and can also be changed voluntarily each day, then this requirement seems rather strange to me.

What does it aim to achieve? It is not synchronizing the passwords in any way.

Cheers,

Julius

ps: Sorry for being nosey

Go to solution
Former Member

‎06-04-2009 2:00 PM

0 Kudos

The requirement its that if the ABAP password expires then the UME password should expire too.

If I could manage to keep those password synchronized then I would solve the problem and make the password management better. I couldnt accomplish this so now I just want to make the user change his UME password each time he change the ABAP one

I know there are other solutions but I have some requirements stablished and cant change it, only work around it a bit

Go to solution
WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎06-05-2009 9:07 AM

0 Kudos

As already advised previously (by Julius): configure UME to use the ABAP system as data source.

That's the only reliable way to achieve the intended behavior.

Go to solution
Former Member
In response to Former Member

‎07-12-2009 8:28 PM

0 Kudos

Hi all,

I came to this topic maybe 10th time in my 6-years professional life with SAP. And I still cannot get any reason why SAP R/3 is so unique and different that it cannot authenticate users in LDAP natively, like any other JEE or .net or Lotus or whatever else. LDAP is a must and most of organizations will never connect SAP NW systems to ABAP userstore. Hopefully someone from SAP watches...

Regards

Pavol