on 08-22-2014 7:57 AM
Hi,
If the portal or java instance is setup as UME = LDAP read only + database pointing to AD and the user is then assgined roles/groups in the Java UME with access to allow logon.
1. What is the password of the users to use?
2. I know the AD password is definitly not synchronised as it is one way encrypted. Does the user needs to be set a new password in portal to login with?
3. Will this password be stored on the Java UME only?
4. what happens if the users AD password changes, will it affect the password stored in the Java UME?
Thank you.
John
Hi
Please try to implement Kerbarose between Your AD and portal .
i think it will suffice for two way authentication .
there will be principle name which is stored in your java ume and that is mapped with your AD entry with kerbarose encryption.
Regards
Dishant .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello John,
since we use that setting, too, lets see, what I can tell you. ^^
1. What is the password of the users to use?
> The password of their AD-account.
2. I know the AD password is definitly not synchronised as it is one way encrypted. Does the user needs to be set a new password in portal to login with?
> No, they can derectly use their AD-account (username and password).
3. Will this password be stored on the Java UME only?
> I'm not sure, but I'd say "no". I don't think it is stored in the UME (since the LDAP is connected and the information about the account and password status come from there).
4. what happens if the users AD password changes, will it affect the password stored in the Java UME?
> If the user changes his/her AD-password, that he/she can logon to the portal with that new password immediately. So I don't think, there is any connection to the portal UME database.
Regards,
Steffi.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Steffi, are these information documented in any SAP guides? I tried to look through the NW Java install/config/security guide and was unable to find this infiormation stated. I'm planning to do a proof of concept to verify this but it will be good if I have something from SAP to validate.
User | Count |
---|---|
84 | |
25 | |
12 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.