Single
Sign-On to SAP Systems
This section summarizes the different scenarios for Single Sign-On (SSO) to SAP Systems. Which method of SSO you use with a SAP System depends on various parameters, such as the release of the system. There are different prerequisites, for example, users must have the same user ID in all SAP Systems that are accessed via SSO with logon tickets.
Use the figure below to determine which method of SSO to use with a specific SAP System.
Scenario 1: Single Sign-On using logon tickets without user mapping
Users must have the same user IDs in all SAP systems that are accessed with SSO with logon tickets. If the SAP user IDs are the same as the portal user IDs, user mapping is not required. Do the following:
...
1. Configure Portal Server for SSO with Logon Tickets
2. Configure SAP Systems to Accept and Verify Logon Tickets
Scenario 2: Single Sign-On using logon tickets with user mapping
If users have different users IDs in the SAP Systems than in the portal, you must define a SAP reference system and map each user's user ID to their user ID in the reference system. Do the following:
...
1. Define an SAP Reference System for User Data
2. Configure Portal Server for SSO with Logon Tickets
3. Configure SAP Systems to Accept and Verify Logon Tickets
4. (Optional) You can choose to store and retrieve mapped user IDs from an attribute in your LDAP directory. For details on how to set this up, see Using an LDAP Directory Attribute as the ABAP User ID.
5.
Users or
administrators must map portal user IDs to user IDs in the SAP Reference
System as described in
User
Mapping.
Scenario 3: Single Sign-On using user ID and password with user mapping
Use this method of SSO in the following cases:
· The SAP System has release 3.1I.
· Users have a different user ID in the SAP System in question than in the reference SAP System used for logon tickets.
You must perform the following step: Configuring SSO with User ID and Password to SAP Systems.