Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Tips for setting up SPNEGO between ADS and portal using ABAP ume

Former Member

‎05-11-2008 2:04 PM

0 Kudos

Hello,

I wish to setup SPNEGO so users who logon to the microsoft network using active directory will be be able to perform a SSO to EP-7 with an ABAP UME. User name in ADS and ABAP is different.

I need some tips on how to approach this configuration. Documentation examples and maybe someone who can share with me his\hers experience in a similliar configuration.

Thanks

Boaz

2 REPLIES 2

tim_alsop
Active Contributor

‎05-12-2008 8:35 AM

0 Kudos

Boaz,

This is not possible using the SAP supplied SPNEGO login module. Instead, you need to use a third-party, SAP certified login module that uses SPNEGO protocol, that has better support for mapping authenticated principal name of user onto a SAP user name. I work for a company that has such a product. It uses the same mapping information which is stored in ABAP engine and used for SAP GUI SNC-based authentication (administered via SU01 t-code). When a user authenticates via the J2EE login module, our product looks in this table (USRACL) on ABAP engine to find which SAP user to issue an SSO2 ticket for. If you also plan to implement SNC-based SSO for SAP GUI users, this means you can administer the mapping in one place (e.g. on ABAP engine).

Thanks,

Tim

Former Member

‎05-16-2008 8:51 AM

0 Kudos

Tim,

Actually there is a solution. Look in:

/people/holger.bruchelt/blog/2008/03/10/configuring-spnego-with-abap-datasource

Regards

Boaz