Solved: Help with user mapping

Former Member · ‎07-27-2009

HI all ,

i want to do user mapping on the BE and i need some help.

1.I go to the table VUSREXTID in SM30 and put the external name and internal name on it

the problem is that the issuer is read only so how i add it to the user entry .

in report RSUSREXT there is only place to put the bname and not the external name

(also the issuer ).

assume i have user

i01234

and i want to mapp it to BE user ALEX

with issuer 'SAP com'

How i can do that?

Regards

Joy

WolfgangJanzen · ‎07-27-2009

If this mapping is about "X.509 client certiticate mapping" then [SAP Note 1080218|https://service.sap.com/sap/support/notes/1080218] (point 1 and 2) might be of interest for you.

Applying the correction of that note will enable you to upload X.509 certificates which will then be parsed; subject and issuer information will be retrieved from the uploaded certificate to populate the mapping entry fields. You only have to specify the ABAP userID to which the certificate should be assigned to.

Best regards, Wolfgang

PS: ABAP transaction EXTID_DN is a shortcut for SM30, VUSREXTID and type = DN ...

Edited by: Wolfgang Janzen on Jul 27, 2009 7:03 PM

sdipanjan · ‎07-27-2009

>

> 1.I go to the table VUSREXTID in SM30 and put the external name and internal name on it

> the problem is that the issuer is read only so how i add it to the user entry .

Click on the button "New Entry" to enter the values you want to add aqnd save at last.

> in report RSUSREXT there is only place to put the bname and not the external name

> (also the issuer ).

Use the above table to do this,

>

> assume i have user

>

Regards,

Dipanjan

Former Member · ‎07-27-2009

HI Dipanjan,

When i do that (new entry ) the field of the issuer is read only so i cant put there the issuer ,

any idea way ?

regards

Joy

sdipanjan · ‎07-27-2009

Don't know in which release you are... have a look on the below SAP Notes on Certificate based Logon:

[Note 195918 - Performance when generating external names USREXTID|https://service.sap.com/sap/support/notes/195918]

[Note 353836 - Certificate logon: Reports RSUSREXTID and RSUSREXT|https://service.sap.com/sap/support/notes/353836]

Regards,

Dipanjan

WolfgangJanzen · ‎07-27-2009

If this mapping is about "X.509 client certiticate mapping" then [SAP Note 1080218|https://service.sap.com/sap/support/notes/1080218] (point 1 and 2) might be of interest for you.

Applying the correction of that note will enable you to upload X.509 certificates which will then be parsed; subject and issuer information will be retrieved from the uploaded certificate to populate the mapping entry fields. You only have to specify the ABAP userID to which the certificate should be assigned to.

Best regards, Wolfgang

PS: ABAP transaction EXTID_DN is a shortcut for SM30, VUSREXTID and type = DN ...

Edited by: Wolfgang Janzen on Jul 27, 2009 7:03 PM

Former Member · ‎07-27-2009

HI Wolfgang,

i need to do the mapping for saml do u have any documentation for it ?

Regards

Joy

Former Member · ‎07-28-2009

HI,

There is some one that can help me to map be user to external user include issuer ?

one thing that i miss here how i put the issuer .

please help

Regards

Joy

Edited by: Joy Stpr on Jul 28, 2009 8:49 AM

WolfgangJanzen · ‎07-28-2009

>


> HI Wolfgang,
> 
> 
> i need to do the mapping for saml do u have any documentation for it ?
> 
> 
> Regards
> Joy

Sure - have a kind look on [SAP Note 1254821|https://service.sap.com/sap/support/notes/1254821]: if you cannot use RSUSREXTID (e.g. because the ABAP userID is not contained in the SAML Name Identifier) then you can use the attached Z_SAML_TRUST to implement your own mapping function. In the near future a Badi will be provided (so that it's easier to implement own mapping routines which are then available when using RSUSREXTID).

Former Member · ‎07-28-2009

H I Wolfgang,

i read the note thanks,

what i do now is using the report but i don't think that i do it right.

where i put the extrenal id

1. i put the bname in the user -> avito

2. External ID type ->SA

3. prefix for external name - > STS::0w|DEVWDF58\C0568456

4. Optional: Issuer's Name -> CN=localhost, OU=SP, O=MIT

C0568456 is the external user ID

when i check the entry on the table :usrextid

in EXTID field i get :

STS::0w|DEVWDF58\avitoC0568456

and not STS::0w|DEVWDF58\C0568456

the be name avito is concatenate to the external user.

could u tell me please how could i get the value:

STS::0w|DEVWDF58\C0568456

when i try to use the table in SM30 and i enter the value i don't find where i can put

the issuer .

Thanks for your time !

Regards

Joy

WolfgangJanzen · ‎07-28-2009

If you want to map "STS::0w|DEVWDF58\C0568456" to "AVITO" you cannot use RSUSREXTID since "AVITO" is not contained in "STS::0w|DEVWDF58\C0568456".

With RSUSREXTID you could only map "STS::0w|DEVWDF58\C0568456" to "C0568456" or map "STS::0w|DEVWDF58\AVITO" to "AVITO" - both using the prefix ""STS::0w|DEVWDF58\".

In your case you have to use the report Z_SAML_TRUST of [SAP Note 1254821|https://service.sap.com/sap/support/notes/1254821] - see my previous reply.