Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Synchronizing password between two SAP

Go to solution
Former Member

‎04-10-2008 10:26 AM

0 Kudos

Hi experts,

I've looked at this very interesting forum but as of now I have not been able to catch the answer for the issue I'm working on... so here it is :

I need to synchronise the user password of two SAP platform that have the same set of users. I have been testing FM 'SUSR_USER_CHANGE_PASSWORD_RFC' which is working great but with plain text password. Do you know if the same kind of function exists with crypted password ?

Thanks for your inputs !

If you need more details, let me know

(PS I am working on SAP SRM 4.0 and abap version is 620)

1 ACCEPTED SOLUTION

Go to solution
tim_alsop
Active Contributor

‎04-10-2008 2:28 PM

0 Kudos

Hi,

If you are not looking for SSO, and in fact looking to make sure passwords on two separate ABAP systems are same, maybe you need CUA (central user administration) so that this can sync passwords between two separate user stores ? The CUA product from SAP uses RFCs to communicate with the non-master servers and make sure that user store is in sync.

Thanks,

Tim

8 REPLIES 8

Go to solution
martin_voros
Active Contributor

‎04-10-2008 11:56 AM

0 Kudos

Hi

First of all, there are BAPI* for working with users (BAPI_USER_*).

1) maybe you can use SNC (I found this article http://searchsap.techtarget.com/tip/0,289483,sid21_gci1222189,00.html)

2) To create web service for this purpose and use https.

3) Home made solution create wrapper for BAPI and use standard RFC to call this wrapper. Instead of sending password in plain text, you will encrypt it and then send it. You have to find some FM or class which provides encryption.You will have to store encryption key on each system. Previous solutions are better.

Cheers

Go to solution
WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎04-10-2008 2:20 PM

0 Kudos

So far, each and every time when someone is asking for "password synchronization" functionality, it turns out that he's actually interested in setting up Single Sign-On (SSO).

I assume that you are not the very first exception, so (most likely) you are actually looking for a SSO solution.

Are you using only SAPGUI or also browsers to access the ABAP systems? If you are using SAPGUI, then SNC would be the right approach to achieve SSO.

Go to solution
tim_alsop
Active Contributor

‎04-10-2008 2:28 PM

0 Kudos

Hi,

If you are not looking for SSO, and in fact looking to make sure passwords on two separate ABAP systems are same, maybe you need CUA (central user administration) so that this can sync passwords between two separate user stores ? The CUA product from SAP uses RFCs to communicate with the non-master servers and make sure that user store is in sync.

Thanks,

Tim

Go to solution
WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to tim_alsop

‎04-10-2008 2:39 PM

0 Kudos

No, password synchronization is not supported by the SAP Central User Management (CUA) solution. That's clearly stated in [SAP Note 376856|https://service.sap.com/sap/support/notes/376856].

Go to solution
tim_alsop
Active Contributor
In response to tim_alsop

‎04-10-2008 2:44 PM

0 Kudos

Wolfgang,

Thankyou for correcting me. I guess this is why SNC is so common, even when CUA is used by a SAP customer. I hadn't fully appreciated that before now.

Regards,

Tim

Go to solution
Former Member
In response to tim_alsop

‎04-10-2008 3:14 PM

0 Kudos

Let me give some details :

We have an SRM server plugged with a BW. Users are acceeding to SRM through the web, when they connect for the first time they change their password. After this when they launch BW queries, the authentification part on BW is handled through SRM and ITS therefore no issue.

But sometimes they bookmark some queries that directly access the BW server. When they do this, the system is asking for the BW password which is in most of the time the initial one, but the users don't know that and try to log in with their SRM password.

So the request is to copy and paste the SRM password on the BW, so it can be transparent to the user.

I forgot to mention that the customer wants it for yesterday ! So I am looking for a workaround first and maybe a more robust solution for the future.

Am I going to be hurt if I update USR02 directly ?

Anyway, thanks for your help

Go to solution
tim_alsop
Active Contributor
In response to tim_alsop

‎04-10-2008 3:57 PM

0 Kudos

Manuel,

The best solution is to use SNC/Kerberos for BW and SPNEGO Web nased logon for SRM, so that the authentication to both SRM and BW systems is via external authetnication, and using the same authentication method. The user will then benefit from Single SignOn and not get confused.

It doesn't actually take that long to implement above, and I don't think there is any alternative, or "quick fix" you could use.

Thanks,

Tim

Go to solution
Former Member
In response to tim_alsop

‎04-10-2008 4:06 PM

0 Kudos

There are alternative solutions to address your requirement. One of them is e.g. to use client certificates - via SNC or SSL. That way no passwords are transfered in the first place.

Note that this doesn't necessarily require a PKI. With an addiitonal certificate server, you can use various authentication mechanisms - even SAP user name and password - and create short-term client certificates. This would require an addiitonal 3rd-party product, though.

Peter