on 12-16-2014 2:57 PM
Hi,
How do i achieve user authentication on SAP Gui through MSAD (LDAP). Please note, i do not want Single Sign On (SSO). I want following:
1, User login to Windows 7/MAC desktop authenticated from Microsoft Active Directory account
2, User opens SAP Gui client and logs on to ECC instance once again using the user/ID password of corporate active directory.
I do not want SSO where user clicks on sap gui connection and it automatically connects to instance without asking user credentials.
Please let me know how could i achieve this.
Thanks
Vik
Hi Vikas
As Patrick mentioned, there is no native support built into the ABAP AS for LDAP authentication via SAPGUI.
As an option and If you have SAP Identity Management you could look at deploying the password hook, this provides an enterprise password of same password approach. Hence end users can enter their MSAD password to gain access to SAP via SAPGUI - it works well.
SAP Identity Management : Password Hook Configuration Guide
http://scn.sap.com/docs/DOC-17112
The SAP NetWeaver Identity Management Password Hook is a password hook DLL that can be installed on the Microsoft domain controller(s) in the password verification chain. The hook intercepts password changes in the Microsoft domain and distributes it to other applications using the SAP NetWeaver Identity Management Identity Center.
Hope it helps.
Rgrds
Craig
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Vik,
SAP NetWeaver ABAP can only authenticate against an LDAP using some SSO mechanism. There is no native support built into the application server. Using SAP NetWeaver Single Sign-On, you can also configure the system to do an authentication using the LDAP server when starting the SAP-GUI connection, which to my understanding is what you want.
Kind regards,
Patrick
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Patrick,
Yes I want to authenticate from LDAP, but want user to again insert user id/password in Gui connection. I don't want direct connection to sap gui, once user logs on into his desktop.
This is only to add additional security and also keep single password for desktop and SAP authentication.
Thanks
vik
Hi Vik,
as said, this is possible using the SAP Single Sign-On product, however there is no native support in SAP NW ABAP to do this. The only other option is the one mentioned by Craig, although in the end the users will have to still maintain to passwords and the password policies most likely will differ and you have two places to reset passwords.
Regards,
Patrick
User | Count |
---|---|
84 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.