Hi All -
We are experiencing an issue which someone may have had.
We are logging on to the AS ABAP system with SAML 2.0, and the nameID is the personnel number, which is in turn our user master ID.
To be clear:
User ID in SAP = PERNR
Personnel Nr = PERNR
Infotype 0105/0001 = PERNR
The Identity Provider system reaches out to Active Directory and gets the personnel number for the logged on user, this is in turn what is presented back to the SAP ECC System. As you can see we have our user ID's created the same as the PERNR, so the infotype 0105/0001 is also set up to be the pernr.
The problem we face is that sometimes the user's personnel number is incorrectly keyed into the Active directory system. In this case the user is logged in to Self-Service with an incorrect user, and this is therefore a data breach. I would like to do some additional validation to address this issue.
I have set break-points in most of the SAML classes, and tried a number of different options, but am running out of ideas. We have also thought about using the email address, but found that not all employees have an email, and so this option was not selected.
Any input here will be appreciated.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.