Hello Experts,
I am working through the configuration of (semi) SSO for Inventory Manager on SAP Mobile Platform 3.0 sp07 pl02 and have encountered an issue which I hope someone can assist me with.
Background:
The customer wants mobile device users to authenticate to Inventory Manager using their Active Directory username and password.
I have followed the SSO configuration steps in the IM42 installation guide https://websmp110.sap-ag.de/~sapidb/012002523100004850152016E/SAPIM42_Installation.pdf
We have configured our Enterprise Portal to use an ABAP datasource with LDAP integration.
Enterprise Portal uses a stand alone ABAP system performing CUA functions as its datasource
LDAP is MSAD
Inventory Manager runs on SMP 3.0 sp07 and uses ECC as its backend (separate ABAP system to CUA)
SAP IDs match LDAP SAM accounts
(of note, SSO authentication using Portal as the logon ticket issuing system works fine for NWBC to ECC. Thus we are sure the trusts, exchange of certificates has been performed correctly)
The issue:
As per best practices, with SSO integrated into the SAP landscape, we have deactivated passwords for all users.
When testing authentication to Inventory Manager (using ATE), we supply the LDAP username and password but get an authentication error. (This is with deactivated passwords in all SAP systems)
When we set a password for the user in ECC (Inventory Manager backend), and we ensure the password is different to the LDAP password of the user (to avoid invalid test results), we authenticate successfully.
For both authentication attempts (unsuccessful and successful), we can see successful authentication against Portal (in logs), but then varied results when the logon ticket is passed to the ECC backend, depending if the user has a password set or deactivated.
So, it would seem strange that the user is required to have a password set in the ECC backend, even though we are using logon tickets issued by the portal.
Has anyone encountered this issue and may know of a solution which will enable us to continue to deactivate passwords in all SAP systems for users?
Regards,
Patrick