Use this procedure to map users of the ABAP service provider to the external user IDs sent by a SAML 2.0 identity provider in the chosen name ID format. On the Name ID Management tab, you can set mappings for single users for most name ID formats. For more information, see SAP Note 1362866 .
You have agreed the name ID format you are using and what the resulting name ID looks like for your users with the administrator of the identity provider.
If you mass configure user mappings, you have determined what common factor to use to create the external ID. You can choose from the following:
User ID
Logon alias
A value determined by a custom BAdI
You must create your own BAdI. SAP provides the BAdI USREXTIDMAPPING as an example of an implementation of this type.
Performing Mass Configuration of Mapping Data
In transaction SA38, open report RSUSREXT.
In the User section, determine the selection criteria for the users to which you want to map external IDs.
In the Ext. Name Changed section, enter the following data:
Choose an external ID type to match the name ID format as listed in the following table:
Name ID Format |
External ID Type |
---|---|
|
SA |
Kerberos |
KB |
Transient |
SA |
Windows Name |
NT |
X.509 Subject Name |
DN |
Unspecified |
SA |
Enter any text that is to appear before or after the common part of the external name ID.
For X.509, enter CN= as the prefix and , O=EXAMPLE, C=US as the suffix.
For unspecified, add a prefix using the pattern <trusted_provider>: <name_qualifier>:.
Choose the source for the common part of the external name ID.
Enter further options as required.
Choose .
Mapping a Single User
In transaction SM30, open view VUSREXTID.
Choose an external ID type to match the name ID format as listed in the following table:
Name ID Format |
External ID Type |
---|---|
|
SA |
Kerberos |
KB |
Transient |
SA |
Windows Name |
NT |
X.509 Subject Name |
DN |
Unspecified |
SA |
Edit the table entries.
Save your entries.