07-17-2008 3:46 AM
Hi All,
I have a scenario, We have windows user id which are authenticating against LDAP.
We have portal user id (different from windiws ones) which are authenticating against CUA (Cetral for all ECCs, portals) which we can't change for some reason.
Now we want to achieve Kerberos authentication for SSO. What aaproach can we choose
like is it some way we can have some mapping within LDAP...somthing like aias of LDAP id as CUA ids
or some other approach.
Please let me know guys..we need to come up with something soon.
Thanks in Advance
07-17-2008 8:31 AM
Alok,
You may be aware that if you use SNC for SAP GUI then the mapping of the SNC name onto a SAP user is configured in a table in ABAP engine called USRACL. This table is often maintained using the SU01 t-code. If you are using the SAP supplied SPNEGO login module, the mapping requires attributes to be added to your AD schema which contain the SAP user for a particular authenticated principal in AD.
The reason why I mentioned USRACL table, was for clear understanding of the mapping requirement, and also because there is a SAP certified product available from a SAP partner that uses this table with SPNEGO, so there is no need for any schema updates.
I hope this helps ?
Regards,
Tim