cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Web Service Security agains LDAP

Go to solution
AntonioSanz
Active Participant

on ‎02-17-2014 8:40 AM

0 Kudos

Hi experts,

I need to implement several web services in SAP PI 7.3.

In my integration scenario, several systems (web, mobile devices,.... ) need to access to information in backend systems (SAP ERP, .....). So we decided make available this information via web service in SAP PI.

But we need give access to this information based on a user/password with is on an external LDAP (Windows Active Directory). For instance, one user could access to sales data webservice but not to invoice data webservice.

I have some questions. Perhaps anyone here can clarify me:

.- It is possible in SAP PI to "connect" web services with my LDAP to be able to do the authentication in an automatic way (some configuration done by basis team)??

.- Does anyone done this before? How do you suggest me to implement this? I havent found much documentation in sdn.

My idea is next: inside SAP PI, implement a BPM which call the LDAP and with the information I collect, inside the BPM decide to go ahead if it has right permissions or not.

Thanks to all.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-17-2014 10:28 AM
0 Kudos

Hi Antonio,

Are you on Java-only? In this case, one possible scenario I can think of is to connect the Java UME of PI to the LDAP server. This would ensure that the user which is used by the webservice caller to access the PI service is authorized against LDAP. However, this would change the whole PI UME authorization to LDAP.

Please check:

http://help.sap.com/saphelp_nw73/helpdata/en/12/7678123c96814bada2c8632d825443/content.htm

Best Regards

Harald

Show replies
Show replies
AntonioSanz
Active Participant
‎02-21-2014 10:11 AM
0 Kudos

We are using dual stack, but I have thougth that your recommendation will fit our requirements.

Many thanks for your comments.

AntonioSanz
Active Participant
‎02-26-2014 5:33 PM
0 Kudos

Hello Harald,

"However, this would change the whole PI UME authorization to LDAP." Do you mean that the users will be now in LDAP. I mean, my user in SAP PI for instance, will I have to create it in LDAP?? And also, all the SAP PI users??? What will happend with them?

Many thanks

Former Member
‎02-27-2014 11:27 AM
0 Kudos

Hi Antonio,

You should read carefully the different possibilities to connect the UME to an LDAP. Depending on the selected solution, the behaviour is different. Please check:

LDAP Directory as Data Source - Identity-Management - SAP Library

Best Regards

Harald

Answers (0)

Ask a Question