on 12-04-2013 8:56 AM
Hello,
We want to integrate AS JAVA with AD for the purpose of Authentication. It means when user will login to IDM UI, his/her password will be authenticated against AD. IS this inegration possible without provisioning the user into AS JAVA? I want user to login into IDM UI and raise self-service request without user provisioning to AS JAVA. Is it possible or advisible to implement this way?
Thanks,
Dhiman Paul.
Hi,
I am able to configure AD as authentication source for AS JAVA login. Now user's password is getting authenticated against AD. But I have encountered another problem.
When user is locked in AD but the user is able to login into AS JAVA IDM UI. In reality user's authentication must fail as he is locked in AD. It looks like to me AD to AS JAVA automatic synchronization is not working properly.
Any thought how I can resolve this?
Thanks,
Dhiman Paul.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dhiman Paul wrote:
We want to integrate AS JAVA with AD for the purpose of Authentication. It means when user will login to IDM UI, his/her password will be authenticated against AD. IS this inegration possible without provisioning the user into AS JAVA?
It works if the Portal UME is pointed to AD and you have configured your IdM Portal Role so that authenticated users ("authenticated users" Portal group) will get the self-service access. But the user must exist in IdM.
Check out the IdM UI installation guide the configuration of the IdM Portal Role is explained there.
regards, Tero
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Dhiman,
Yes it is possible to have AS JAVA authenticating against AD. During the configuration of Data sources in identity management of AS JAVA, select Microsoft ADS (Deep Hierarchy) + Database as the data source and provide the required details.
I would suggest you to implement such a way that you provision the user to the AS JAVA also, so that all the connected systems with IDM will have the identity information. Any specific reason you don't want to provision to AS JAVA ?
Also, as per my knowledge, it should work even the user is not provisioned to AS JAVA, as in actual the authentication happens against AD.
For more information look LDAP Directory as Data Source (SAP Library - Identity Management of the Application Server Java)
Thanks,
Krishna.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.