Show TOC

Using Rules for User Mapping in Basic Password Login ModuleLocate this document in the navigation structure

Context

BasicPasswordLoginModule can use different rules to map users authenticated with their password to users in the User Management Engine (UME). By default, it maps the users to the value of their logon IDs. However, you can define mapping to another user attribute or account attribute. This means that users will be able to log on using options such as their e-mail address, last name, or a custom attribute in the UME.

You define the rule for user mapping by creating a set of login module options.

The following table summarizes the login module options for user mapping.

Name

Possible Values

Description

UserMappingMode

(case insensitive values)

Required for user mapping. Specifies the user mapping mode. AS Java retrieves users using the value of the specified property.

LogonID

The mapping property is the logon ID. This is the default value.

LogonAlias

The mapping property is the logon alias. For users from the ABAP data source, the logon alias may be different from their logon ID. For AS Java users, the logon alias is the same as the logon ID.

Email

The mapping property is the user's e-mail address (as defined in the corresponding user attribute).

UserAttribute

The mapping property is a user attribute in the UME. It can be a predefined property or a custom property. For custom properties, you also need to specify UserMappingAttributeNamespace .

AccountAttribute

The mapping property is an account attribute (realm, principal, and so on).

UserMappingAttribute

<attribute name>

If UserMappingMode is set to UserAttribute , this option specifies the name of the user attribute for the mapping.

UserMappingAttributeNamespace

<attribute namespace>

Specifies the attribute namespace in the UME.

Procedure

  1. Using SAP NetWeaver Administrator, go to the configuration options for BasicPasswordLoginModule . For more information, see Managing Login Modules .
  2. Construct the required mapping rule by adding the corresponding set of login module options (see the examples below).
  3. Save the changes to the login module.

Results

Once you have configured BasicPasswordLoginModule 's options for user mapping, when a user tries to log on, AS Java attempts to map the user ID attribute specified during logon to the specified user or account attribute in the UME database. In other words, AS Java will recognize this user as the user whose specific attribute has the same value as the user ID used during logon.

Example

Example 1: User Mapping by E-Mail

Donna Moore is an employee at the MyCompany corporation. Some of the attributes of her account in AS Java's UME database are:

Logon ID

s13345dmoore

Last Name

Moore

First Name

Donna

E-mail Address

donna.moore@mycompany.com

To avoid using the complex logon IDs for its employees, MyCompany uses user mapping to employees' e-mail addresses.

This is done with the following option for BasicPasswordLoginModule :

Option

Value

UserMappingMode

Email