on 10-30-2007 9:49 PM
Greetings Everyone,
I have developed a few ETL type scripts with PHP and SAPRFC. It was decided by other powers that the user to be given RFC access would be a single CPIC user. My dilemma now, is how can I make sure that users logged in to the intranet portal only have access to data controlled by their SAP username, which is the same name they login to the portal with, and not the roles/activity groups of the CPIC user id. Any help on this issue would be greatly appreciated!
Thanks,
Christopher
Actually they must login via RFC as their user as well (that whole license deal) but you can do a user switch after they login as well so the intial connection is one thing but then the named user logs in afterward.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Do you have an example? I follow what you are saying but I'm not sure how to put it together. I should also mention that users sign in through Secude Secure Login and then are granted access to the SAP interface. Originally, I had hoped that I could parse the ticket generated on the client side and then somehow through the RFC connection match them up. I was not successfully able to parse the certificate though. If anyone has any thoughts or advice along that path I would love to hear it. Ultimately, that is how I would like to secure and track the user from SECUDE to the RFC connection.
Hello Christopher,
if the Secude Secure Login provides your User a SAP Logon Ticket Cookie then you can use this Coding to establish the connection using that ticket:
[code]<?php
$ticket = $_COOKIE["MYSAPSSO2"];
$login = array (
"ASHOST"=>"application.server.domain",
"SYSNR"=>"00",
"CLIENT"=>"002",
"MYSAPSSO2"=>$ticket,
);
$rfc = saprfc_open ($login );
if (! $rfc ) { echo "SSO2 RFC connection failed"; exit; }
echo "SSO2 OK<br>";
?>[/code]
Regards
Gregor
Greetings Craig,
I have been stuck on another issue the past few day with one of my ETL scripts. I apologize I have not had time to keep up with this thread, though I would very much like a solution. The SAP system is Rel. 40B. Could you also explain the licensing requirements regarding an internet user a bit more or point me in the direction of where in the EULA of this requirement? I would much appreciate it.
Greetings Gregor,
Thank you for your response! This is exactly the kind of solution I am seeking, however, the only file that is generated when the SECUDE user logins is a file in the client os temp path called `pepperbox.pse`. I am assuming the is a non-coventional placement of the PKIX certificate. I need to whip something up in VBScript that passes this file to the PHP server so that I can see if I can parse it for the information I am looking for. I am hoping that there is a solution to this that can be thought of.
Thank You,
Christopher Caruso
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.