cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO with SAP structurals Authorizations

Former Member

on ‎05-22-2014 4:22 PM

0 Kudos

Hi Colleagues,

I would like to know if it´s possible works with Nakisa OrgChart and SAP strut. Authorization at same time.

We have installed Nakisa OrgChart 4.0SP1, we know that nakisa support SAP strut. Authorization with user/pass logon screen, but it´s supported by Nakisa a SSO authorization method with strut. Authorization?.

Someone know or has experience with this configuration?

Regads

Albano

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

StephenMillard
Active Contributor
‎05-22-2014 4:29 PM
0 Kudos

Hi Albano.

Yes it is.


The authentication mechanism will permit access, but it is the fact that it would be a live connection and the SAP connection string would not have the user credentials specified that then forces OrgChart to pass through the user's SAP credentials for the SAP connection.  Hence the checks against structural auths will then use the user's own credentials.

We've certainly used it with no issues in some pre 4.1 versions (when it has been available as an option) where users have used SSO for login.

Regards,

Stephen.

Show replies
Show replies
Former Member
‎05-22-2014 5:02 PM
0 Kudos

Hi Stephen,

Thanks, It´s a very usefull information for us, we are working with OrcChart SP1 and our build support est. authorization. really we have checked this with a logon screen and it works properly.

We are planning force Nakisa Login with UME Netweaver authentication, but We are not sure if this configuration it´s right, We have doubts about how nakisa can read the SAP user password for struc. athorizations, it's technically possible?

Regards,

Albano

StephenMillard
Active Contributor
‎05-22-2014 5:28 PM
0 Kudos

First off I need to preface this with the fact that I've no experience of working with UME and Nakisa logins.

If you take the case of SSO via logon tickets for a Portal solution, in these instances, the authentication is handled via session tokens.  You login to the Portal, but the Portal does not send the password back (via your browser) to OrgChart to use.  Rather the tokens are used instead and when that is passed across, ECC knows who the user is and establishes the connection using the correct set of credentials.

Presumably the LDAP integration for UME would work by provision of a similar session token which would then work in the same way.  This assumes there's some sort of trust set between ECC and wherever the data is coming from.

Obviously I can't attest to this being how it would work, but just that you don't always need to pass a user ID and password to a system to establish an identity - it's the entire basis of single sign on and access federation.

If there is no trust between ECC and the data source, then I would not see this approach working as there would be no token being passed in that ECC would recognise as valid.

I'm also not sure what you mean by "force Nakisa login".  The method by which the user logs in drives the choice of authentication method you would configure in OrgChart.  Are you looking at Active Directory Integration for the login for this?

Regards,

Stephen.

Former Member
‎05-22-2014 5:40 PM
0 Kudos

Yes, it´s right. We are looking at AD for login to Nakisa.

Really, We don´t use SAP Portal, We have installed Netweaver in Nakisa server used as middleware software. In these case I suppose, this configuration it´s not possible?

Much thanks,

Albanoo

Ask a Question