Show TOC

Maintaining the User Mapping for Incoming Connections that Use AuthenticationLocate this document in the navigation structure

Use

For incoming connections that use SSL with client authentication, the server must be able to determine the SAP user ID to use for the connection. This is done using a mapping table (table USREXTID) on the AS ABAP. Here, you maintain the mapping between the Distinguished Name provided with the public-key certificate used for the connection and the user ID on the AS ABAP.

Note

Multiple incoming connections can use the same public-key certificate and user ID. You must maintain an entry for each distinct incoming public-key certificate.

Prerequisites

You know the Distinguished Name used for specific connections. You can find the Distinguished Names in the corresponding PSE that is used for each connection. For more information, see Specifying that a Connection Should Use SSL.

Procedure
  1. Using table view maintenance (transaction SM30), maintain the table view VUSREXTID.

  2. Enter DN as the External ID Type.

  3. Check for any existing entries for the Distinguished Names used for the connections. If there are existing entries, make sure the user mapping is set up the way you want it to be.

  4. Create entries for those Distinguished Names that are not already maintained. Choose New entries and enter the data as required.

  5. Save the data.

Recommendation

If you use a pattern for mapping user IDs to Distinguished Names, you can use the report RSUSREXTID to maintain the mapping for several users at once.

Example

Hash val.for Ext.ID

External ID

User

Act.

Not activated

CN=MyUser, O=MyCompany, C=US

MYUSER

Activated

Note

The hash value for external IDs is used for external IDs that are too long for the External ID field.