09-14-2011 6:22 PM
Hello everyone,
I am doing the configuration of the CUA between a server R / 3, SOLMAN, Portal and AD. Require users of AD, are replicated to the server SOLMAN.
So now I can do this without problem, but I need to synchronize AD password with SAP, with the evidence I've only managed to tell me to assign the missing initial password.
Someone will know if I can use the pass as defined in the AD in the SAP, and when changing the AD to be updated in SAP.
from already thank you very much.
09-14-2011 8:34 PM
What you are looking for is Single-Sign-On then but your approach expecting synchronization is not correct; that is not SSO and will create many headaches for you...
If you search here for "kerberos AND SSO" then you will quickly find what you are looking for (and chances are good that it will find you anyway
Another option is to point the UME of the portal at the AD and then have the portal issue logon tickets to launch the SAPGui against accepting systems of these tickets - but this builds a dependency for you into the portal availability and is more of a trust chain that real SSO. It also involves some risks related to logon ticket cookies themselves.
If you drop the synchronization approach, then you will easily find a solution.
Cheers,
Julius
09-14-2011 9:04 PM
He had sought such a solution, but do not want to implement SSO.
Try to see the solution via kerberos but did not have the correct libraries for the OS (HP UNIX), so now I have to justify everything you can and can not be done by the CUA, and if it is possible to implement communication between SOLMAN (HP UNIX) and MAD.
Any suggestions are welcome.
thanks
Manuel
09-15-2011 5:10 PM
Hi,
If you want to use AD authentication with NO SSO then you might want to consider the following:
Solutions 3, 4 or 5 on http://sap.cybersafe.com/solutions-overview
Thanks,
Tim