Easyiest LDAP-SSO Config

Simplest Solution for LDAP Configuration in Enterprise Portal 7.0 with Maintaining Already Existing SSO with Other SAP Applications:

Applies to: SAP Net Weaver Portal

Summary This document provides step by step guidance on how to connect LDAP as a Data source for UME in EP7.0 and mainly explains a scenario of SAP EP portal which has SSO with other SAP Application with already existing user, now we need to configure LDAP Directory as data source of EP without disturbing the already existing SSO between EP and SAP application say SAP BW.

Author:: Pooja Gehani

Company: Satyam Computers Ltd

Created on: 20 April 2009

Author Bio Pooja Gehani is working as a SAP Technical consultant with Satyam Computer Services Ltd. Skill set includes SAP Enterprise Portal.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com © 2009 SAP AG 1


Table of Contents Procedure: ..........................................................................................................................................................3

LDAP Configuration: .......................................................................................................................................3 Step 1: Go to System admin—System Configuration---UME Configuration.................................................................3 Step 2: Click on Modify Configuration button: ..............................................................................................................3 Step 3: Select you’re Data Source; it should be read only AD + Database..................................................................3 Step 4: After selecting the data source type click on LDAP sever tab:.........................................................................4 Step 5: Post entering the fields click on test connection button to check whether the information added by us is apt or not:...........................................................................................................................................................................4 Step 6: After test Connection you can check the message whether the connection is fine or not: ..............................5 Step 7: As the connection test is successful now we need to save the details: for that click on Save all changes ......5 Step 8: The successfully saved changes message is visible : .....................................................................................5 Step 9: Restart the server. ...........................................................................................................................................6

Post LDAP Configuration:...................................................................................................................................6 Allocate Roles to the ID:..................................................................................................................................6

Related Content................................................................................................................................................10 Disclaimer and Liability Notice..........................................................................................................................11



Procedure: We need to configure LDAP in EP7.0

Then allocate specific role to the new user.

Make sure the new user exists in SAP Application backend (SAP BW) so that SSO doesnt fail.

LDAP Configuration:

Step 1: Go to System admin—System Configuration---UME Configuration

Step 2: Click on Modify Configuration button:

Step 3: Select you’re Data Source; it should be read only AD + Database.

The user management engine (UME) can use an LDAP directory as its data source for user management data .LDAP directory has a hierarchy flat or deep of users and groups that is supported by the UME.

After selecting Data Source: in our case I used Microsoft ADS Read Only (Deep Hierarchy) +Database:



Step 4: After selecting the data source type click on LDAP sever tab:

There in we need to fill some essential fields:

Server Name: - name of the LDAP Server. Server Port: - Port for the LDAP Server (default 389). User: - User id for connecting to the LDAP. Password: - Password for the user used for connecting to the LDAP. User Path: - User Path for the users in LDAP directory. Group Path: - Group Path for the groups in the LDAP directory.

Enter the Unique attribute to which UME unique ID needs to be mapped. The attribute will be used as login id for the LDAP user. (e.g. samaccountname )

Note: Don’t forget to check this field

Step 5: Post entering the fields click on test connection button to check whether the information added by us is apt or not:



Step 6: After test Connection you can check the message whether the connection is fine or not:

Step 7: As the connection test is successful now we need to save the details: for that click on Save all changes

Step 8: The successfully saved changes message is visible :



Step 9: Restart the server.

Post LDAP Configuration: We need to check whether the user is able to login with the Network ID:

Post login the user will not be able to view anything as the user is new to portal and has no allocated Roles the id:

Allocate Roles to the ID: Procedure: Login to the portal with admin credentials Go to user admin –identity management—click on the network id of the new user whom u want to allocate roles and allocate specific roles to the user ID.



Now click on modify and click on Assigned Roles after that select portal Roles under available Roles and the role id of the role you want to assign to the User id.

After which select the role id and click on Add button:



After which select the role id and click on Add button:

Finally save the settings.

Next login with the network ID of the new user and now we will be able to see the allocated Role under the login



Now you will observe that the Role is visible but the information is not as portal is asking for secondary Login but this does not mean SSO is failed this issue is failed because the new user doesn’t exist at the Backend.

Now ask your basis consult to create the same user at the backend (SAP BW in our case).

Now post that login again with your network credentials and yu will be able to view the information (BW Report in our case).

Hence we configured LDAP to portal and now the user can login to portal with network Credentials and view the information from other SAP Application (SAP BW in our case) without secondary login relevant to them on the basis of allocation of roles.



Related Content http://help.sap.com/saphelp_nw70/helpdata/EN/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm

SAP Note

1. https://service.sap.com/sap/support/notes/736471

2. , https://service.sap.com/sap/support/notes/675633

For more information, visit the Portal and Collaboration homepage.


http://help.sap.com/saphelp_nw70/helpdata/EN/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm

https://service.sap.com/sap/support/notes/736471

https://service.sap.com/sap/support/notes/675633

https://www.sdn.sap.com/irj/sdn/nw-portalandcollaboration



Disclaimer and Liability Notice This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade.

SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document, and anyone using these methods does so at his/her own risk.

SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or code sample, including any liability resulting from incompatibility between the content within this document and the materials and services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of this document.

Easyiest LDAP-SSO Config

Documents

Transcript of Easyiest LDAP-SSO Config