01-21-2011 11:08 AM
Hi all,
We are integrating ABAP with LDAP Directory. I leant that passwords between the two CANNOT be synchronized.
Is it possible for a user to log in with LDAP credentials and not be asked for the ABAP passwords at all?
I am aware that if users are accessing backend services though a portal (UME-LDAP integrated), he is logged into the portal using the LDAP credentials and is not prompted for the separate backend passwords (SSO). Is this scenario possible with ABAP-LDAP integration? How would this be achieved?
Any inputs will be greatly appreciated.
Thanks and regards,
Rosun
01-21-2011 11:27 AM
This is because in the Java Stack the login modules can be configured, but on the ABAP stack they cannot - you have to use the "hardcoded" options which it offers.
As a workaround, some folks use the portal as a "launchpad" for SAPGui shortcuts and rely on logon tickets between the portal and the backend ABAP system to authenticate. On the surphace, this feels like Single-Sign-On and they even call it that.... but it is not.
- There is no way for the ABAP password to be synchronized back to the AD via LDAP.
- You can use password "hooks" to synchronize the initial password from AD back to the ABAP system(s).
Rather go for a real SSO.
Cheers,
Julius
01-25-2011 5:03 AM
Hi Julius,
Thanks for the reply.
Could you elaborate on what you mean by "launchpad" for SAPGui shortcuts? How would this differ from a regular SSO? I am a bit lost here. In this case, is it that the user launching the shortcut will no more be prompted for the ABAP password?
Thanks and regards,
Rosun