cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SUP: Authentication at a SAP NW ABAP system (no LDAP)

Former Member

on ‎02-15-2013 8:45 PM

0 Kudos

Dear all,

we are planning to develop a mobile application with the help of SUP. This application is intended to synchronize data from a remote SAP NetWeaver ABAP system. User information is stored in the SAP system’s ABAP user store.

Is it possible to use the SAP system’s user store for user authentication, i.e. the user provides his credentials to the mobile application and the Sybase Unwired Server, respectively the MBOs running thereon, authenticate the user against the SAP system? Most sample SUP scenarios are based on LDAP servers as user store which is why I am asking this particular question.

I do have one additional question: Which user account is used to retrieve data from the distant SAP system? Is the account of a previously authenticated user used or a “neutral” technical user? In our case, users have particular permissions in the SAP system, determining which data can be accessed. Hence, we would like to use the user accounts of the true end users for obtaining data and not the account of a technical/service user which might be equipped with additional permissions and thus be able to access more data.

Thanks and best regards,

Markus

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Kevin_SAP
Advisor
Advisor
‎06-29-2015 3:34 PM
0 Kudos

Sorry for the slow response as I just saw this.

I assume this is 2.x or Sidecar since you mention MBO.  You can try using ClientPropgatingLoginModule or, depending how the system is configured, HTTPLoginModule.

Thanks,

Kevin

Show replies
Show replies
Former Member
‎06-29-2015 3:38 PM
0 Kudos

Hi Kevin,

I have the exact same query as Markus - the system is SMP3.0 SP6 - but we are using the MBO part.

Do you mean these modules?

com.sybase.security.core.ClientValuePropagatingLoginModule

com.sybase.security.http.HttpAuthenticationLoginModule

Best regards,

Mark.

Kevin_SAP
Advisor
Advisor
‎06-29-2015 6:36 PM
0 Kudos

Correct, but it's also based on design of the MBO to forward credentials.  I haven't seen ClientPropagation used before myself, but it would be feasible to forward the values to backend.  I have seen that mainly if they just want to forward userid. 

I think HTTPAuthentication would be better for this use-case though, you could probably configure a Web App URL for Basic-Auth in Netweaver gateway and authentication in SMP that way and design the MBO to use client credentials.  Just be advised, the web application in Netweaver needs to support Basic Authentication, not Form-Based.

Thanks,

Kevin

Former Member
‎06-30-2015 5:10 PM
0 Kudos

Hi Kevin,

thanks for the response.

I'm struggling to gather the parameters for configuring the client propagation username and password, but have our developers helping with that.

For the http authentication, if I use for example, the http ping service for basic authentication, will this allow the underlying JCo RFC connection to work? Is there a suitable standard Service?

Wwill the whole MBO need to be reconfigured to connect via HTTP under this scenario? If so this will likely need a bunch of new web services. Have I missed the point?

Best regards,

Mark.

Kevin_SAP
Advisor
Advisor
‎06-30-2015 6:29 PM
0 Kudos

It's documented:  http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.dc01909.0234/doc/html/asc12....  Check under Propagating a Client's Credentials to Backend Datasource

Former Member
‎06-29-2015 1:06 PM
0 Kudos

Hi Markus,

did you ever solve this problem?

Show replies
Show replies
Ask a Question