cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to implement SSO on Abap+Java NW04s systems

Former Member

on ‎07-31-2008 10:07 AM

0 Kudos

We instalelled EP 70 , based on Abap+Java scenario.

We did the installation using the UME default userstore Abap.

Now we want to implement the SSO, using the Microsoft Active Directory. We read note 994791 about SPnego, but this note seems to refer only to Sap As Java systems.

Neverthless we are trying to apply it.

Anyway despite we configured the kerberos features (as for sdn weblogs and the LDAP connection is successfull, the J2EE cannot be started successfully.

Obviously all the users and roles are missing on the LDAP, and we need to clarify how to manage this.

Do we have to replicate into the LDAP all the previous Abap userstore elements ?

Or we have to do in a different manner ?

regards

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎08-01-2008 10:23 AM
0 Kudos

up please

Pratically we would like to do that the users once they do the logon in the network, they are authotized to go in to the EP70 without a further logon.

How we can do that ?

The SSO should be already in place thanks to the SPNEGO, infact the EP logon page does not appear anymore.

BUt we recive erros due to missing roles.

Are there any way to map the EP roles/group to the AD roles/group ?

Obviously we would like to avoid to buy an Identity management tool.

regards

Show replies
Show replies
Former Member
‎08-01-2008 12:03 PM
0 Kudos

Hi Roberto,

I didnt understand your scenario completely to help you. Any how If you want to implement SSO for end users to the ABAP engine you can do this with the help of Kerboros or GSC API. if you want to configure SSO for end users to J2EE/EP system user kerboros and update key store (under services in visual admin tool) accordingly. LDAP configuraiton is different and SSO configuraiton is different. If you coonect UME to ADS (or any LDAP) you can centrally manage users. if you configure SSO users can logon to system with out entering username / password. download pdf https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e26...

in this pdf you may get required configuraiton.

Thanks,

Kiran.

Former Member
‎08-01-2008 2:20 PM
0 Kudos

Roberto,

Our portal point to LDAP w/ read-only. We customized AD, add few fields saproles, sapgroups etc. We synced R/3 users to LDAP (LDAPMAP, LDAP), SAP groups, roles are updated in the new custom fields in AD. Our AD folks wrote MIIS scripts to take the sapgroups to update standard AD groups field, so in portal user, group matching is done. Portal roles are local and assigned to groups so maintenance is just assigning portal roles sap groups. Hope this helps.

-RK

Former Member
‎08-10-2008 12:34 PM
0 Kudos

We have Ep70 with ABAp+Java and we followed the suggestions on the blog

and it seems working but I have some questions:

Please which is the final advantage to use the SPnego Wizard in an

Abap+Java scenario with an ABAP userstore ?

I mean, if we start from ABAP+JAVA instance with an ABAP datasource and

we are aware now that it cannot be changed, the logon to the EP is

always done via users created and managed in the ABAP stack.

That also using the SPnego wizard.

At the end we have to continue anyway to create and manage users in the

ABAP stack.

We did some test and seems it's possible to login to the EP only with

users created on the Abap Side.

If we try to acces using a pure LDAP user it cannot logon.

We did a mistake or we miss something ?

carlos_suaza
Explorer
‎05-04-2009 5:30 PM
0 Kudos

Hi Roberto,

We both have the same problem, i follow this post "Configuring SPNego with ABAP datasource -- Part 2" /people/holger.bruchelt/blog/2009/03/02/configuring-spnego-with-abap-datasource--part-2, but the J2EE is not runing yet since the configuration above, please tell us if your solve the problem.

Thanks

Carlos

Ask a Question