Parameter

Allowed Values

Description

~xgateway

sapextauth

Specifies that the XGateway sapextauth should be used.

~extauthtype

NTLM, NTPassword, LDAP, X509, HTTP, DLL

Not case sensitive

Specifies the type of external authentication. The following types are allowed:

·        Windows NTLM authentication ( NTLM)

·        Verification of user ID and password on the Windows NT domain controller ( NTPassword)

·        Authentication on a directory server using an LDAP bind ( LDAP)

·        X.509 client certificates and SSL client authentication ( X509)

·        Authentication using an arbitrary mechanism that sets the user ID in an HTTP header variable ( HTTP)

·        Authentication using a partner product ( DLL)

~extid_type

NT, LD, UN, or <user-defined>

The type of external identification used for the mapping in table USREXTID. This parameter does not need to be specified if ~extauthtype = NTLM, NTPassword, or x509.

If you set the type to UN, then you do not need to maintain the user mapping in USREXTID. In this case, the external authentication mechanism must provide the user’s ID for the SAP system directly.

~mysapcomgetsso2cookie

1

Requests the creation of a logon ticket after the user has been authenticated.

~dont_recreate_ticket

0 (create ticket with each request),
1 (create ticket once only)

Determines whether a ticket should be created with each request or only created if no ticket is present.

~redirectHost

<Host_name>

Data that is used for the redirect URL. The defaults for each of the parameters is the value of the current request.

In ~redirectQS you can define extra parameters for the redirected service.

~redirectPath

<Path>

~redirectQS

<Query_string>

~redirectHttps

0 (use HTTP),
1 (use HTTPS)

~login_to_upcase

0 (do not convert),
1 (convert)

Convert the ~login string (user ID) to uppercase before submitting the ticket request to the backend.

This may be necessary if the user ID entries in the mapping table (USREXTID) are maintained in capital letters. (The entries in USREXTID are case-sensitive.)

Parameter

Allowed Values

Description

~ntdomain

<Windows NT domain>

If your users exist in a single Windows NT domain, then you can use this parameter to define the domain in the service file. Otherwise, you need to include the domain in the login template.

Parameter

Allowed Values

Description

~ldaphost

<Directory server host>

Host name for the directory server.

~ldapport

<LDAP port>

LDAP port used on the directory server. Default = 389

~timeout

<integer value>

Time out in seconds for a directory search.

~maxtrials

<integer value>

Maximum number of logon attempts before terminating.

~ldapsapuid

<ldap_attribute>

The name of the directory server’s attribute that contains the SAP System user ID.

~ldapuid

<ldap_attribute>

The name of the attribute that contains the user’s ID for the directory server.

~ldapbasedn

<base_Distingiushed_Name>

The base Distinguished Name to use when searching for the user’s ID in the directory.

Parameter

Allowed Values

Description

~remote_user_alias

<header_variable>

Name of the HTTP header variable that contains the user’s ID.

Parameter

Allowed Values

Description

~extauthmodule

<Path>

Path and file name to your external library.

The exact method to use depends on your operating system. For example, for Windows NT/2000/XP systems, you can specify this parameter to refer to a library located in a directory that the system can find using the PATH environment variable.

However, to make sure the system can find the library, we recommend using the complete path and file name. For example:

Windows: C:\SAP\ITS\extmodule.dll

Unix/Linux: /usr/lib/extmodule.so