Skip to Content
0
Former Member
Dec 20, 2007 at 04:45 PM

Passing alternate account name in SAP Logon Ticket to another portal

91 Views

Hello,

We have two portals running EP7.0 SP 13. The first portal, PQ2, is configured to use multiple LDAP domains per OSS note 762419. Per this note, our Portal user accounts are defined as the LDAP attribute user principal name. Therefore, user 'mtarr' in LDAP would have the portal account name 'mtarr@domain.company.com'.

We are using an SAP Reference System and automatically mapping an LDAP attribute to allow portal user 'mtarr@domain.company.com' to log into the back-end ABAP systems (R3 and BI) as user 'mtarr'. The alternate LDAP attribute which contains the correct, short user id is passed in the login ticket automatically to these systems. This scenario is configured it works perfectly in our environment. (That's the good part!)

The problem I am having is that we also want to make this PQ2 portal a consumer in a federated portal environment. The producer portal is called "JB4" and its UME is tied to the ABAP stack of our BI system. Therefore, the JB4 user id's are the shortened id's used in the ABAP stack while the PQ2 portal has the long UPN account names. I'm finding that I cannot see the producers content from the PQ2 portal with my long user account passing a SAPLogon Ticket to the JB4 portal. If I temporarily switch the front-end portal to use short user names that match the JB4 portal, the federated content is available.

It appears to me that the feature that allows me to map an alternate LDAP attribute to the SAP user id in the SAP Logon ticket only works for ABAP system and not for Java based systems. The Java-based system appears to want the user id's to match exactly. Is this the standard behavior for SAP Logon Tickets?

Regards,

Mike Tarr

Edited by: Michael Tarr on Dec 20, 2007 7:02 PM