Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Single sign on: Portal, cProjects, ERP

Johnny_B_
Active Participant

‎09-19-2007 5:15 PM

0 Kudos

Hello Experts,

I need advice on a SSO problem:

We have an ERP2005 with approx. 500 users. On a seperate machine we have a dual stack Netweaver 7 with Portal and cProjects (on the NW ABAP stack).

Now that the prototype was accepted, all 500 users from the ERP system should be able to access the portal and cprojects.

How should I configure SSO in this case ?

Currently, the Portal UME is linked to the Netweaver ABAP stack. WE would need user authentification in the ERP system, but still I need the user to be also authenticated in the NW ABAP stack because cProjects is installed there. Do I need to configure CUA (central user administration) for this scenario ? Any other options ?

Your help on this topic is highly appreciated!

Johannes

6 REPLIES 6

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎09-19-2007 5:48 PM

0 Kudos

Well, the usage of a Central User Administration (CUA) would ensure that the users (in the ABAP systems) have the same userID in the cProject and in the ERP system.

That is essential since SAP Logon Tickets (issued by the Portal) can contain only two "identities": an "ABAP userID" and an "EP user name". That implies that the "ABAP userID" is identical for all ABAP-based backend systems in the Portal landscape.

Regards, Wolfgang

Johnny_B_
Active Participant
In response to WolfgangJanzen

‎09-19-2007 6:33 PM

0 Kudos

Hi Wolfgang,

yes, this is my intentiion: the userID should be the same on both systems.

Still, I am not sure what to do, here my idea:

- activate CUA with ERP as central system

- distribute all userIDs to the child ABAP system

- link the portal UME to the ERP ABAP stack

- now authentication should be on the ERP ABAP stack, while the cProjects ABAP application on the netweaver should work with logon tickets

- hope that it works

Johannes

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to WolfgangJanzen

‎09-20-2007 8:54 AM

0 Kudos

Well, you have mentioned that you are using a DualStack (NetWeaver Java: Portal, NetWeaver ABAP: cProjects). In that case it might make more sense to use the ABAP part of the DualStack as CUA master system.

Other than that, I agree with your idea.

Johnny_B_
Active Participant
In response to WolfgangJanzen

‎09-20-2007 9:39 AM

0 Kudos

Hi Wolfgang,

Yes I have a dual stack, but the authentication should happen in the ERP APAB stack, not in the NW ABAP stack - in this case the users can logon to the portal using their exisiting ERP credentials.

Actually I configured it as described above and it works now!

Only the CUA gave me some headaches, because it suddenly deleted all user roles in the ERP system, they were unrecoverable.

However, now it is ok.

Thanks for your messages!

Johannes

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to WolfgangJanzen

‎09-20-2007 10:19 AM

0 Kudos

Of course, you can configure the UME (NW Java part of the DualStack) to use a different ABAP backend system as "user store". By default, it is using "its ABAP stack" - that's why I've recommended it (assuming that you have the free choice).

Johnny_B_
Active Participant

‎09-20-2007 9:39 AM

0 Kudos

solved