Skip to Content
avatar image
Former Member

SAPGUI SNC logon and digital signature

Dear all,

I have setup in a test environment a sap logon with SNC in order to use the active directory authentication instead of SAP R/3 User and Password. It works well. So I can enter directly in the system without specify R3 user and R3 password. My users have no to maintain R/3 password anymore.

Now I have a problem. For some transactions we have implemented the digital signature in order to have a further authentication when we want to perform some critical task. An example is releasing dms document in CV02N transaction.

Our customizing for digital signature is:

System signature with authorization by R/3 user ID/password

The other options are:

User signature with ext. security product with verification

User signature with ext. security product w/o verification

So the system still ask to the users their R/3 password for the authentication when they try to "sign" a document.

Do you think there is a way to configure the system in order to ask and check the active directory user password instead of R/3 password? Where can I found documentation about it ?

My system is SAP R/3 4.70 ext 2 on windows 2003 r2 sp2 x64.

My active directory is based on Windows 2003 x32 sp2 in native mode.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Oct 13, 2010 at 06:01 PM

    Hi,

    We are running SAP ECC Version 6.0 wih Netweaver 7.1. We also talked with SAP about this and they have given a small BADI to disable the R3 user id and Password prompt. However, they informed us to write a own coding to activate/authenticate with LDAP.

    Wondering, what need to modify and which functional module. I saw the below from one of the thread...Please let me know what to modify in the coding to make the LDAP authentication works.

    +There are some options for what changes need to be made to the SSFT_PPPI_SIGN function module:+

    +1. It could be changed to call a SAP supplied function module called LDAP_SIMPLEBIND. This would mean that a user and password entered by user would then be checked with LDAP server (e.g. Active Directory) instead of the user and password entered being checked with SAP user store, which of course won't work when SNC is enabled because user SAP passwords are then deactivated.+

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 13, 2010 at 08:02 AM

    > My system is SAP R/3 4.70 ext 2 on windows 2003 r2 sp2 x64.

    No.

    You could add your vote here to the comments --> https://wiki.sdn.sap.com/wiki/display/Security/ElectronicSignatureextendedtoLDAPforSSO

    However I cannot see this being backported to 4.7 "Enterprise" release, so you will need to modify the function module SSFT_PPPI_SIGN to add the LDAP bind to the authentication method or replace the local method to ponit to your AD.

    Note that encryption is not supported here!

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded