cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User Authentication Process from User to SAP Portal via Active Directory?

Former Member

on ‎05-12-2010 3:14 PM

0 Kudos

Please can you give me information or let me know if there is any documentation on the authentication process when a user logs onto a SAP Portal (7.1), where the SAP Portal calls an Active Directory server to authenticate the user?

The reason I am asking is because I have been told by my server team that the SAP Portal sends the username to the AD server and the AD server responds with the password. i.e. the check is done on the Portal and not on the AD server.

However if I enter an incorrect password, I can see that the AD server registers a bad password attempt. This would suggest that what the server team are telling me is incorrect and that the authentication is actually being performed on the AD server.

Thanks.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎05-13-2010 5:00 AM
0 Kudos

If you are talking about using AD (LDAP server) as UME datasource for your portal server, then the initial authentication should be done within LDAP. i.e. within your logon attempt, username and password will be sent to AD, if it's success, J2EE will generate SAP logon ticket, which will be used for authentication to the other application after the logon (if applications are configured to accept logon tikect). no username/password will be sent to AD until logon ticket is expired.

In case you are talking about SSO, please refer to http://help.sap.com/saphelp_nw70ehp1/helpdata/en/43/4bd58c6c5e5f34e10000000a1553f6/content.htm

Show replies
Show replies
Former Member
‎05-13-2010 12:03 PM
0 Kudos

Thank you for the information.

Yes we are using the AD as the UME data source. Therefore we are requesting that users enter their AD username and password into the Portal, then they are authenticated by the AD service.

Further to this, please can you clarify (or point me at some documentation) more detail on how the SAP Portal 7.1 handles the authentication process.

i.e. which scenario is correct:

1) The SAP Portal sends the username and password to the AD server.

The AD server then responds with the reply to say:

a) Invalid details (i.e. the username and/or password is incorrect)

b) The password is correct

2) The SAP Portal sends the username to the AD server

The AD server then responds with:

a) No response (indicating that the username is unknown)

b) The password in a hashed format (which the Portal can then compare to the password the user has supplied - this will then be verified to be correct or incorrect)

3) Other

Thanks.

Former Member
‎05-13-2010 10:15 PM
0 Kudos

Hi Paul,

It should be scenario 1, and there is no big difference between UME for NW 7.0 and UME for 7.1

I didn't found a document talking about UME authentication against LDAP explicitly, but if you refer the datasource configuration

for example this one:

https://cw.sdn.sap.com/cw/docs/DOC-108845

(this is an examplf for multiple LDAP, but you could check your own datasource configuration xml within your UME configuration)

You should be able to understand how SAP J2EE UME will handle user/password logon.

Cheers,

Denny

Ask a Question