Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSF configuration and Single Sign On

Former Member

‎03-13-2007 3:06 PM

0 Kudos

Hello,

We are utilizing the portal UME to authenticate via Active Directory LDAP. We are using Portal single sign on tickets to then authenticate into SAP R/3.

The problem we are having concerns how electronic signatures authenticate. It seems that SSF points to the local SAP R/3 authentication mechanism for electronic signatures, for example, tcodes CO60, QA11, etc. We were not planning on needing an active "internal" R/3 password, but due to the e-sig using the internal authentication mechanism, we have to set a local SAP password in R/3. Is there a way to configure SSF to use an external authentication source, for example, like a connection back to the portal UME?

Thanks in advance,

Ryan

3 REPLIES 3

Former Member

‎03-13-2007 3:44 PM

0 Kudos

Hi Ryan,

if you use the SSF mechanism within R/3 this can only use the information stored in the local user database of the R/3 system.

Sorry.

regards,

Patrick

Former Member

‎03-13-2007 4:01 PM

0 Kudos

You can also have a look to http://help.sap.com/saphelp_nw2004s/helpdata/en/53/251a355d0c4d78e10000009b38f83b/frameset.htm

Cheers,

-Sunil

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎03-13-2007 4:28 PM

0 Kudos

Well, I asssume that you are referring to the mechanism known as "system signature" (user is prompted to enter a valid combination of userID and password which is validated by the system; if correct, the system will apply a digital signature - using a system-specific certificate).

Yes, by default "userID and password" refer to the local user management.

<a href="https://service.sap.com/sap/support/notes/552449">SAP Note 552449</a> describes a solution for the SAP Workplace (a kind of predecessor of the SAP Enterprise Portal, however ABAP-based, not J2EE-based).

Theoretically you could instruct an ABAP system to call an SAP J2EE engine (which is then acting as RFC server) for remote password validation (-> delegation). You need to implement a Java method and make it available via JCO (as remote callable "function module") so that is can be called via RFC from an ABAP system. As long as it implements the same function interface as the ABAP function module SUSR_LOGIN_CHECK_RFC it is possible to use it in the same way as described in <a href="https://service.sap.com/sap/support/notes/552449">SAP Note 552449</a> .

Keep in mind: that's just an idea - it is up to you to proof it's feasibility (and also to support that solution ...).

Regards, Wolfgang