07-27-2009 4:52 PM
HI all ,
i want to do user mapping on the BE and i need some help.
1.I go to the table VUSREXTID in SM30 and put the external name and internal name on it
the problem is that the issuer is read only so how i add it to the user entry .
in report RSUSREXT there is only place to put the bname and not the external name
(also the issuer ).
assume i have user
i01234
and i want to mapp it to BE user ALEX
with issuer 'SAP com'
How i can do that?
Regards
Joy
07-27-2009 6:02 PM
If this mapping is about "X.509 client certiticate mapping" then [SAP Note 1080218|https://service.sap.com/sap/support/notes/1080218] (point 1 and 2) might be of interest for you.
Applying the correction of that note will enable you to upload X.509 certificates which will then be parsed; subject and issuer information will be retrieved from the uploaded certificate to populate the mapping entry fields. You only have to specify the ABAP userID to which the certificate should be assigned to.
Best regards, Wolfgang
PS: ABAP transaction EXTID_DN is a shortcut for SM30, VUSREXTID and type = DN ...
Edited by: Wolfgang Janzen on Jul 27, 2009 7:03 PM
07-27-2009 5:10 PM
>
> 1.I go to the table VUSREXTID in SM30 and put the external name and internal name on it
> the problem is that the issuer is read only so how i add it to the user entry .
Click on the button "New Entry" to enter the values you want to add aqnd save at last.
> in report RSUSREXT there is only place to put the bname and not the external name
> (also the issuer ).
Use the above table to do this,
>
> assume i have user
>
Regards,
Dipanjan
07-27-2009 7:48 PM
HI Dipanjan,
When i do that (new entry ) the field of the issuer is read only so i cant put there the issuer ,
any idea way ?
regards
Joy
07-27-2009 5:15 PM
Don't know in which release you are... have a look on the below SAP Notes on Certificate based Logon:
[Note 195918 - Performance when generating external names USREXTID|https://service.sap.com/sap/support/notes/195918]
[Note 353836 - Certificate logon: Reports RSUSREXTID and RSUSREXT|https://service.sap.com/sap/support/notes/353836]
Regards,
Dipanjan
07-27-2009 6:02 PM
If this mapping is about "X.509 client certiticate mapping" then [SAP Note 1080218|https://service.sap.com/sap/support/notes/1080218] (point 1 and 2) might be of interest for you.
Applying the correction of that note will enable you to upload X.509 certificates which will then be parsed; subject and issuer information will be retrieved from the uploaded certificate to populate the mapping entry fields. You only have to specify the ABAP userID to which the certificate should be assigned to.
Best regards, Wolfgang
PS: ABAP transaction EXTID_DN is a shortcut for SM30, VUSREXTID and type = DN ...
Edited by: Wolfgang Janzen on Jul 27, 2009 7:03 PM
07-27-2009 7:52 PM
HI Wolfgang,
i need to do the mapping for saml do u have any documentation for it ?
Regards
Joy
07-28-2009 6:40 AM
HI,
There is some one that can help me to map be user to external user include issuer ?
one thing that i miss here how i put the issuer .
please help
Regards
Joy
Edited by: Joy Stpr on Jul 28, 2009 8:49 AM
07-28-2009 8:28 AM
>
> HI Wolfgang,
>
>
> i need to do the mapping for saml do u have any documentation for it ?
>
>
> Regards
> Joy
Sure - have a kind look on [SAP Note 1254821|https://service.sap.com/sap/support/notes/1254821]: if you cannot use RSUSREXTID (e.g. because the ABAP userID is not contained in the SAML Name Identifier) then you can use the attached Z_SAML_TRUST to implement your own mapping function. In the near future a Badi will be provided (so that it's easier to implement own mapping routines which are then available when using RSUSREXTID).
07-28-2009 9:21 AM
H I Wolfgang,
i read the note thanks,
what i do now is using the report but i don't think that i do it right.
where i put the extrenal id
1. i put the bname in the user -> avito
2. External ID type ->SA
3. prefix for external name - > STS::0w|DEVWDF58\C0568456
4. Optional: Issuer's Name -> CN=localhost, OU=SP, O=MIT
C0568456 is the external user ID
when i check the entry on the table :usrextid
in EXTID field i get :
STS::0w|DEVWDF58\avitoC0568456
and not STS::0w|DEVWDF58\C0568456
the be name avito is concatenate to the external user.
could u tell me please how could i get the value:
STS::0w|DEVWDF58\C0568456
when i try to use the table in SM30 and i enter the value i don't find where i can put
the issuer .
Thanks for your time !
Regards
Joy
07-28-2009 10:21 AM
If you want to map "STS::0w|DEVWDF58\C0568456" to "AVITO" you cannot use RSUSREXTID since "AVITO" is not contained in "STS::0w|DEVWDF58\C0568456".
With RSUSREXTID you could only map "STS::0w|DEVWDF58\C0568456" to "C0568456" or map "STS::0w|DEVWDF58\AVITO" to "AVITO" - both using the prefix ""STS::0w|DEVWDF58\".
In your case you have to use the report Z_SAML_TRUST of [SAP Note 1254821|https://service.sap.com/sap/support/notes/1254821] - see my previous reply.