Configuring the Portal for SAP R/3 Authentication 

Use

This section describes how to set up the Enterprise Portal so that users logging on to the portal are authenticated against user data in an SAP R/3 System.

If you synchronize user data from a SAP Web AS to the corporate LDAP directory, passwords are not written to the corporate LDAP directory. In this case you must set up the portal to authenticate users against the SAP Web AS or another SAP R/3 System directly.

Generally, it makes most sense to authenticate against the SAP Web AS that is synchronized with the corporate LDAP directory. However, in theory, you can authenticate against any SAP R/3 System. For example, if you have set up the SAP Web AS to synchronize user data to other SAP Systems, you could authenticate against one of these systems.

There are no restrictions as to which release of SAP R/3 the portal can authenticate against.

 

Prerequisites

Each user that exists in the corporate LDAP directory must also exist in the specified R/3 system.

 

Procedure

There are two steps to setting up the Enterprise Portal for authentication against an SAP R/3 System. First you must add the information for connecting via RFC to the R/3 System in the system file saprfc.ini. Then you have to configure the portal to connect to the R/3 System.

Enter RFC connection details for R/3 System in saprfc.ini file

...

      1.      Create a text file called saprfc.ini at c:\winnt\system32 on your Portal Server.

This file contains connection and RFC specific parameters needed to connect or to accept an RFC connection. The RFC library reads this file. The full path and name of the file can be defined in the environment variable RFC_INI.

      2.      Enter the RFC parameters for the R/3 System against which you want the portal to authenticate in the file.

You must enter one of the following two combinations of parameters:

Combination 1

(Connect to specific R/3 application server)

Combination 2

(Connect to R/3 using load balancing)

Explanation

DEST

DEST

Free text that names the RFC connection. You must enter this name in the configuration tool in the next step below.

TYPE=A

TYPE=B

Type of remote host

·       A means connect to a specific R/3 application server

·       B means connect to R/3 using load balancing feature

SYSNR

 

SAP System number

ASHOST

 

SAP application server

 

R3NAME

Name of R/3 System

 

MSHOST

SAP message server

 

GROUP

Logon group

 

The following are two examples of entries in saprfc.ini.

DEST=RFC_TEST
TYPE=A
SYSNR=53
ASHOST=thehost.company.com
RFC_TRACE=ON

 

or

 

DEST=MY_DEST
TYPE=B
R3NAME=ABV
MSHOST=themessageserver.company.com
GROUP=MYLOGONGROUP

      3.      Save the file.

 

Configure the portal to use the R/3 System for authentication

...

      1.      Log on to the portal as an administrator.

      2.      Start the configuration tool by choosing System Configuration ® User Management Configuration.

      3.      Choose the Authentication Server tab.

      4.      Set the User Authentication Type to SAP-based system.

      5.      Enter the client of the logical system you want to log on against, a language that the system supports, and the RFC destination of the SAP System. This RFC destination refers to the name that you gave the connection in the DEST parameter in saprfc.ini.

      6.      Restart the IIS.

 

Result

When a user logs on to the portal, his or her user credentials are authenticated against the SAP R/3 System.

We strongly recommend that you configure Secure Network Communications (SNC) on the connection between the portal and the SAP R/3 System used for authentication, otherwise user data will be transmitted in plain text.