Entering content frameProcedure documentation Configuring the PAS Service File Locate the document in its SAP Library structure

To configure the PAS's service file specify the parameters as indicated in the tables below.

General PAS Service File Parameters

Parameter

Allowed Values

Description

~xgateway

sapextauth

Specifies that the XGateway sapextauth should be used.

~extauthtype

NTLM, NTPassword, LDAP, X509, HTTP, DLL

Not case sensitive

Specifies the type of external authentication. The following types are allowed:

  • Windows NTLM authentication (NTLM)
  • Verification of user ID and password on the Windows NT domain controller (NTPassword)
  • Authentication on a directory server using an LDAP bind (LDAP)
  • X.509 client certificates and SSL client authentication (X509)
  • Authentication using an arbitrary mechanism that sets the user ID in an HTTP header variable (HTTP)
  • Authentication using a partner product (DLL)

~extid_type

NT, LD, UN, or <user-defined>

The type of external identification used for the mapping in table USREXTID. This parameter does not need to be specified if ~extauthtype = NTLM, NTPassword, or x509.

If you set the type to UN, then you do not need to maintain the user mapping in USREXTID. In this case, the external authentication mechanism must provide the user’s ID for the SAP system directly.

~mysapcomgetsso2cookie

1

Requests the creation of a logon ticket after the user has been authenticated.

~dont_recreate_ticket

0 (create ticket with each request),
1 (create ticket once only)

Determines whether a ticket should be created with each request or only created if no ticket is present.

~redirectHost

<Host_name>

Data that is used for the redirect URL. The defaults for each of the parameters is the value of the current request.

In ~redirectQS you can define extra parameters for the redirected service.

~redirectPath

<Path>

~redirectQS

<Query_string>

~redirectHttps

0 (use HTTP),
1 (use HTTPS)

  

~login_to_upcase

0 (do not convert),
1 (convert)

Convert the ~login string (user ID) to uppercase before submitting the ticket request to the backend.

This may be necessary if the user ID entries in the mapping table (USREXTID) are maintained in capital letters. (The entries in USREXTID are case-sensitive.)

Parameters Specific for the Authentication Mechanism Type NTPassword

Parameter

Allowed Values

Description

~ntdomain

<Windows NT domain>

If your users exist in a single Windows NT domain, then you can use this parameter to define the domain in the service file. Otherwise, you need to include the domain in the login template.

Parameters Specific for the Authentication Mechanism Type LDAP

Parameter

Allowed Values

Description

~ldaphost

<Directory server host>

Host name for the directory server.

~ldapport

<LDAP port>

LDAP port used on the directory server. Default = 389

~timeout

<integer value>

Time out in seconds for a directory search.

~maxtrials

<integer value>

Maximum number of logon attempts before terminating.

~ldapsapuid

<ldap_attribute>

The name of the directory server’s attribute that contains the SAP System user ID.

~ldapuid

<ldap_attribute>

The name of the attribute that contains the user’s ID for the directory server.

~ldapbasedn

<base_Distingiushed_Name>

The base Distinguished Name to use when searching for the user’s ID in the directory.

Recommendation

Specify the parameters ~ldapuid and ~ldapbasedn in the PAS service file as the generic parts of the user’s Distinguished Name for the directory. The user then only has to provide his or her user-specific part at logon.

Example

For example, Alice‘s complete Distinguished Name for the directory is CN=ALICE, O=MyCompany, C=US. If you specify ~ldapuid = CN and ~ldapbasedn = O=MyCompany, C=US in the PAS service file then Alice only has to provide her user ID ALICE when logging on.

Parameters Specific for the Authentication Mechanism Type HTTP

Parameter

Allowed Values

Description

~remote_user_alias

<header_variable>

Name of the HTTP header variable that contains the user’s ID.

Parameters Specific for the Partner Mechanism Type DLL

Parameter

Allowed Values

Description

~extauthmodule

<Path>

Path and file name to your external library.

The exact method to use depends on your operating system. For example, for Windows NT/2000/XP systems, you can specify this parameter to a library located in a directory that the system can find using the PATH environment variable.

However, to make sure the system can find the library, we recommend using the complete path and file name. For example:

Windows: C:\SAP\ITS\extmodule.dll

Unix/Linux: /usr/lib/extmodule.so

See also:

Structure linkExamples

 

 

 

Leaving content frame