The User Management Engine (UME) provides a centralized user management for all Java applications and can be configured to work with user management data from multiple data sources. It is seamlessly integrated in the J2EE Engine of SAP Web Application Server Java (SAP Web AS Java) as its default user store and can be administrated using the administration tools of SAP Web AS Java.
UME adds business value by enabling you to leverage your existing system infrastructure by accessing user-related data on an existing corporate directory, an SAP Web Application Server ABAP system, a database, or any combination of these. In addition it reduces administrative overhead by allowing you to perform centralized user administration.
UME runs as a service in the J2EE Engine of the SAP Web AS Java and is set up as the default user store of the J2EE Engine.
UME can be configured to read and write user-related data from and to multiple data sources, such as Lightweight Directory Access Protocol (LDAP) directories, the system database of the J2EE Engine, and the ABAP user management of a SAP Web Application Server.
The following figure illustrates the architecture of UME.
In the figure, user data is stored in one or more data sources. Each type of data source has its own persistence adapter. The persistence manager consults the persistence adapters when creating, reading, writing, and searching user management data. The application programming interface (API) is a layer on top of the persistence manager.
In the persistence manager, you configure which data is written to or read from which data source, so that the applications using the API do not have to know any details about where user management data is stored.
UME allows you to replicate user data to external systems. The above figure illustrates this. A replication manager replicates UME data to external systems. User data that is written to the persistence manager is also written to the replication manager. The replication manager generates XML documents and sends them to the external systems, which process them and perform the corresponding actions.
The user management administration console enables administrators to perform routine administration tasks such as creating or searching for users and groups, and assigning users and groups to roles. You can also set up UME for e-mail notification, whereby e-mails are automatically sent to users or administrators on specific events, for example, if an administrator locks a user account, the user receives an e-mail informing him or her of this.
You can define a password policy including settings such as minimum and maximum length of passwords, number of failed logons before a user is locked, and so on.
UME provides self-service scenarios that allow users to register themselves as new users or to change their own data (address, password, and so on). It is also possible to set up an approval workflow, whereby administrators approve newly registered users.
UME logs important security events, such as successful and failed user logons, and creation or modification of users, groups and roles.
UME allows you to import and export user data from and to external systems.
· For information on configuring UME, see UME Configuration. Here you can find information on configuring the data sources that UME uses to read and write user management data, and other configuration options.
· For information on administration with UME, see UME User Administration. The UME provides an administration console for performing administrative tasks such as searching for and creating users, groups, and roles.
· For reference material on UME, see UME Reference. This includes information on UME properties and configuration files.