08-27-2007 8:54 AM
We're implementing BI 7.0 including BI Java and SAP EP for end user
access.
I have two question about SSO method when we're using BI Java.
I know we can simply configure SSO logon ticket with BI-Java(EP
included) and BI-ABAP through BI template installer and we already
succeeded in that case.
But the problem is we want to change it to user mapping SSO method for
some our internal reason.
After we configure user mapping SSO, we've got SSO failed error when we
call BI-Java stuff like BEx Web Application iView.
After many testing implemented, we found SSO Logon ticket with user
mapping (using SAP reference system). It seems working now.
But our question is "Is it no problem when we use SSO logon ticket with
user mapping?" Is there any restriction or issue?
One more question is we can ONLY use user base mapping when reference
system used. How can we assign BI-ABAP users to EP Group?
08-29-2007 6:11 AM
Hi,
1. It's Ok to use user mapping as your logon method. it mey be a little complicated then SSO logon ticket because you'll need to map every user manualy unless you you map you EP groups to ABAP users(see the next section)
2. in the Identity menagment find the group you want to map and look for the tab "user mapping for system access" (same as for regular user).
08-29-2007 5:34 PM
An SAP Logon Ticket can only contain two "userIDs":
one "ABAP userID" and one "Java / EP username".
So, when the SAP Logon Ticket is created by a Java system and if an ABAP system is configured as "reference system" it's possible that both "userIDs" are contained in the ticket.
<u>Notice</u>: ABAP systems only evaluate the "ABAP userID" information contained in a ticket (and also create SAP Logon Tickets containing the "ABAP userID", only).
Best regards, Wolfgang
09-04-2007 2:03 PM
I have a ticket I like that:
A Java / EP username ans a "ABAP ID" are both in a ticket.
I would like to use the "<b>ABAP ID</b>" and not the "Java EP username " from the ticket as my portal user in a second portal who gets logged in via the SAP Logon Ticket.
The LoginModule would do exactly what EvaluateTicketLoginModule does.
Accept it would use the "ABAP user" as the portal user.
Is a Login Module for this available or do I have to write/modify my own?
09-04-2007 3:09 PM
Hi,
Did i understood you well, you trying to connect from one portal to another portal?
09-04-2007 5:17 PM
Yes, I would like to call an iView from a second portal via URL iView Integration.
This is the integration scenario, fedrated portal will not work here.
Therefore I would like to use SAP Ticket and use the ABAP user from that ticket to authenticate against the "backend portal"