Defining an SAP Reference System for User Data 

Use

When you use SAP logon tickets for Single Sign-On to SAP Systems, users must have the same user IDs in all SAP Systems that are configured to use SAP logon tickets. If the SAP user IDs are different to the portal user IDs, you must define an SAP reference system. Users then map their portal user ID to the user ID in the SAP reference system.

The mapped user ID is included in the SAP logon ticket and enables Single Sign-On using logon tickets to all SAP Systems in which the user has the same user ID.

Prerequisites

Users have the same ID in all SAP component systems that are configured to use logon tickets for Single Sign-On. Passwords do not have to be identical.

Procedure

You need to define the system as a SAP reference system in the systems.xml file and enter the data required to connect to the SAP reference system using the Java Connector (JCo) in the jcodestinations.xml file.

Define SAP Reference System in systems.xml file

  1. Open the systems.xml file as described in Defining Component Systems.
  2. In the system attributes of the SAP reference system, add the following line:

    3. <pcd:Attribute name="r3usernamereference" value="1" />

    You are not allowed to define any credentials attributes for the SAP reference system.

  3. If required, define the UserMappingType attribute as described in Attributes for User Mapping.
  4. Save your changes.

The following is an example of an entry for a SAP reference system in the systems.xml file:

 

<System name="RefSys">
    <Attributes>
        <pcd:Attribute name="r3usernamereference" value="1" />
        <pcd:Attribute name="UserMappingType" value="user" />
    </Attributes>
</System>

 

Enter connection data for SAP Reference System in jCodestinations.xml file

  1. Open the jCodestinations.xml file as described in Defining JCo Destinations.
  2. Enter a name for the JCo destination system. This can be any name. For example:

    3. <wpl:Destination name="ABC">

  3. Enter the name of the system in the systems.xml file that you defined in the first step of this procedure. For example:

    4. <wpl:SYSTEM>RefSys</wpl:SYSTEM>

    You should only use the wpl:system tag for a JCo destination that refers to a SAP reference system.

  4. Then enter the data required to connect to the system. For example:

    5. <wpl:LOGONMETHOD>UIDPW</wpl:LOGONMETHOD>
    <wpl:TYPE>3</wpl:TYPE>
    <wpl:MSHOST>p0123.mycompany.com</wpl:MSHOST>
    <wpl:GROUP>PUBLIC</wpl:GROUP>
    <wpl:LANG>EN</wpl:LANG>
    <wpl:R3NAME>ABC</wpl:R3NAME>
    <wpl:CLIENT>050</wpl:CLIENT>
    <wpl:MSSERVER>sapgw12</wpl:MSSERVER>
    <wpl:SERVERNAME>sapportals.ksm</wpl:SERVERNAME>

    The logon method used by the user mapping tool will always be user ID and password (UIDPW) regardless of what logon method you specify. This is because the user mapping tool has to test whether the user ID and password entered by the user or administrator are correct.

  5. Save your changes.

 

The following is an example of an entry for a SAP reference system in the jcodestinations.xml file:

 

<wpl:Destination name="ABC">
    <wpl:SYSTEM>RefSys</wpl:SYSTEM>
    <wpl:LOGONMETHOD>UIDPW</wpl:LOGONMETHOD>
    <wpl:TYPE>3</wpl:TYPE>
    <wpl:MSHOST>p0123.mycompany.com</wpl:MSHOST>
    <wpl:GROUP>PUBLIC</wpl:GROUP>
    <wpl:LANG>EN</wpl:LANG>
    <wpl:R3NAME>ABC</wpl:R3NAME>
    <wpl:CLIENT>050</wpl:CLIENT>
    <wpl:MSSERVER>sapgw12</wpl:MSSERVER>
    <wpl:SERVERNAME>sapportals.ksm</wpl:SERVERNAME>
</wpl:Destination>

 

Result

When users start the user mapping function, one of the component systems that they can select is the SAP reference system. They can map their portal user ID to their user ID in this reference system. The user mapping function connects to the SAP reference system to verify that the password entered by the user is correct.

The next time the user logs on to the portal, the portal generates a SAP logon ticket for the user that contains both his or her portal user ID and mapped user ID.