Entering content frameProcess documentation Verifying User ID/Password on the Windows NT Domain Controller Locate the document in its SAP Library structure

Purpose

With this PAS option, the user’s Windows ID and password are verified on the Windows NT domain controller. The user must therefore provide his or her Windows domain user ID and password when he or she accesses the PAS service. The PAS then verifies this information with the Windows domain controller. If successful, then the user’s ID in the SAP system is obtained from the user external ID mapping table and a logon ticket is created for the user. Single Sign-On is then available to SAP services using the logon ticket.

Prerequisites

For the prerequisites for using Windows NT domain authentication for PAS, see the following topics:

Process Flow

See the graphic below:

Using User ID and Password Verification on the Windows NT domain controller

This graphic is explained in the accompanying text

The process is as follows:

  1. The user accesses the PAS service for using the Windows NT domain controller password verification (for example, sapntpwauth).
  2. The user provides his or her Windows NT user ID (with domain) and password.
  3. The PAS sends the user's ID and password to the Windows NT domain controller to be verified.
  4. If the user’s ID and password could be verified, then the PAS passes this ID to the SAP system application server.
  5. The SAP system searches for a matching user ID in the user external ID mapping table.
  6. If successful, the PAS creates a logon ticket for the user, which it sets in the user's Web browser.
  7. The PAS redirects the user to the designated service (for example, myservice).

Result

The user accesses the SAP service after authenticating him or herself using his or her Windows NT domain user ID and password.

When the user accesses further SAP services, the logon ticket is used for Single Sign-On access.

 

Leaving content frame