To configure the PAS's service file specify the parameters as indicated in the tables below.
General PAS Service File Parameters
Parameter |
Allowed Values |
Description |
~xgateway |
sapextauth |
Specifies that the XGateway sapextauth should be used. |
~extauthtype |
NTLM , NTPassword, LDAP, X509, HTTP, DLL |
Not case sensitive Specifies the type of external authentication. The following types are allowed:
|
~extid_type |
NT , LD, UN, or <user-defined> |
The type of external identification used for the mapping in table USREXTID. This parameter does not need to be specified if ~extauthtype = NTLM, NTPassword, or x509.If you set the type to UN, then you do not need to maintain the user mapping in USREXTID. In this case, the external authentication mechanism must provide the user’s ID for the SAP system directly. |
~mysapcomgetsso2cookie |
1 |
Requests the creation of a logon ticket after the user has been authenticated. |
~dont_recreate_ticket |
0 (create ticket with each request), |
Determines whether a ticket should be created with each request or only created if no ticket is present. |
~redirectHost |
<Host_name> |
Data that is used for the redirect URL. The defaults for each of the parameters is the value of the current request. In ~redirectQS you can define extra parameters for the redirected service. |
~redirectPath |
<Path> |
|
~redirectQS |
<Query_string> |
|
~redirectHttps |
0 (use HTTP), |
|
~login_to_upcase |
0 (do not convert), |
Convert the ~login string (user ID) to uppercase before submitting the ticket request to the backend.This may be necessary if the user ID entries in the mapping table (USREXTID) are maintained in capital letters. (The entries in USREXTID are case-sensitive.) |
Parameters Specific for the Authentication Mechanism Type NTPassword
Parameter |
Allowed Values |
Description |
~ntdomain |
<Windows NT domain> |
If your users exist in a single Windows NT domain, then you can use this parameter to define the domain in the service file. Otherwise, you need to include the domain in the login template. |
Parameters Specific for the Authentication Mechanism Type LDAP
Parameter |
Allowed Values |
Description |
~ldaphost |
<Directory server host> |
Host name for the directory server. |
~ldapport |
<LDAP port> |
LDAP port used on the directory server. Default = 389 |
~timeout |
<integer value> |
Time out in seconds for a directory search. |
~maxtrials |
<integer value> |
Maximum number of logon attempts before terminating. |
~ldapsapuid |
<ldap_attribute> |
The name of the directory server’s attribute that contains the SAP System user ID. |
~ldapuid |
<ldap_attribute> |
The name of the attribute that contains the user’s ID for the directory server. |
~ldapbasedn |
<base_Distingiushed_Name> |
The base Distinguished Name to use when searching for the user’s ID in the directory. |
Specify the parameters
~ldapuid and ~ldapbasedn in the PAS service file as the generic parts of the user’s Distinguished Name for the directory. The user then only has to provide his or her user-specific part at logon.For example, Alice‘s complete Distinguished Name for the directory is
CN=ALICE, O=MyCompany, C=US. If you specify ~ldapuid = CN and ~ldapbasedn = O=MyCompany, C=US in the PAS service file then Alice only has to provide her user ID ALICE when logging on.Parameters Specific for the Authentication Mechanism Type HTTP
Parameter |
Allowed Values |
Description |
~remote_user_alias |
<header_variable> |
Name of the HTTP header variable that contains the user’s ID. |
Parameters Specific for the Partner Mechanism Type DLL
Parameter |
Allowed Values |
Description |
~extauthmodule |
<Path> |
Path and file name to your external library. The exact method to use depends on your operating system. For example, for Windows NT/2000/XP systems, you can specify this parameter to a library located in a directory that the system can find using the PATH environment variable.However, to make sure the system can find the library, we recommend using the complete path and file name. For example: Windows: C:\SAP\ITS\extmodule.dllUnix/Linux: /usr/lib/extmodule.so |
See also:
Examples