User Store
Use
The dual-stack installation of SAP PI assumes that users are maintained in the ABAP user store. If required, PI can be integrated with an LDAP-based user administration as described under Integration of User Management in Your System Landscape in the SAP NetWeaver Security Guide.
This applies to both service users and dialog users.
General principle for user administration in a standard installation of SAP PI:
-
Each PI component that resides on SAP NetWeaver AS refers to the ABAP user management of the SAP NetWeaver AS of the Integration Server. PI Java applications that run on an SAP NetWeaver AS authenticate against the users maintained in the ABAP user management.
There are two exceptions to this rule, in which SAP user administration cannot be used:
-
Adapter Engine (Java SE)
This Adapter Engine keeps user information in property files. Although sensitive data such as passwords is stored in an obfuscated form, we recommend that you also secure these property files by using the functions of your operating system.
More information: Adapters Running in the Adapter Engine (Java SE) .
-
Users for logging on to receiver systems
To deliver an XML message to a receiver business system, the Integration Server has to log on to the receiver system. The Integration Directory informs the Integration Server and Adapter Engines about the user and authentication method to use for logging on. Back-end users are kept in the database of the Integration Directory and are transferred to the directory cache of the Integration Server. Confidential data such as passwords is stored in the secure store of the directory server and in an obfuscated form in the persistent cache on the Integration Server. To secure the communication between the Integration Directory and the Integration Server as well, we recommend that you configure SSL for this communication.