For content-sharing interactions between SAP NetWeaver portals in your federation network, users on the consumer portal must also exist in the user store used by the producer portal; otherwise runtime authorization for remote-based content will fail. The reason for this is that remote content is executed on the producer portal using the user profile from the consumer.
Content sharing between SAP NetWeaver Portal and non-SAP portals does not support user authentication; therefore, users on the consumer portal do not need to be configured in the user store on the producer portal.
A single user store can be implemented in various ways using various hardware or software solutions. Some examples include the following:
Single user store: Using a single physical user store that serves all your portal installations.
Distributed user stores with exact duplication: Using two or more distributed user stores, typically one at each portal installation, which are exact replicas of one another.
Distributed user stores with partial duplication: Using two or more distributed user stores, typically one at each portal installation, where only portal users that are assigned to remote content are copied to the user store on the producer portal.
Since the federated portal network uses logon tickets for authentication, the user logon IDs must be identical on both the consumer portal and the producer portal. For example, if you are using user stores of different types within the network, for example LDAP on consumer and ABAP on producer, the logon IDs must be identical across the user bases.
The federated portal network supports all user stores supported by SAP NetWeaver Portal. For more information on the supported user data sources and how to configure them, see UME Data Sources .