SAML with Logon Alias?

Former Member · ‎04-09-2007

Our J2EE uses ABAP as datasource and we have succesfully tested using the logon alias field in the SU01 record to enable logging into the J2EE app with that alias.

Questions:

1.) When we enable the logon alias to be used by the J2EE per this doc:

http://help.sap.com/saphelp_nw2004s/helpdata/en/f3/a193e2f6ee1b45ac2e386468d3c272/frameset.htm

We are barred from using the SAP logon ID after setting the "LogonWithAlias = true" in the BasicPasswordLoginModule. It's one or the other, but not both. Is there a workaround to enable using both the SAP Logon ID as well as the Alias?

2.) Can we use the "LogonWithAlias" in other J2EE logon modules? Specifically we'd like to use it in the SAMLLoginModule so that our external authentication mechanism, which uses unique IDs that are not SAP login IDs, can pass an ID that would be set in the user's SU01 ABAP logon data.

Former Member · ‎04-11-2007

Hi Dave,

re 1) The LogonWithAlias is an all or nothing switch and only honored by the BasicPasswordLoginModule.

re 2) for mapping users with SAML, please have a look at the docs. The docs

<a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/40/099c4167d5164c9e4b1e347c8cdc73/frameset.htm">provide a sample module to do the mapping</a>.

regards,

Patrick

Former Member · ‎04-11-2007

What confuses is me about the mapping module is that I'm unclear on where the mapping table would exist? If the SAML module passes a user ID of 123456 and we use this mapping module to map that ID to real SAP login ID: jsmith, where is that table/logic to do the actual mapping?

Former Member · ‎04-16-2007

Hi Dave,

the mapping module needs access to some datasource where this data is maintained. Depending on the datasource, the way to access the data may be different.

Regards,

Patrick