cancel
Showing results for 
Search instead for 
Did you mean: 

Authentication issue in SMP from Windows AD (Active Directory)

Pavan_Golesar
Active Participant

Hello Gurus,

Current we are implementing SMP platform Native mobile app. I required your advise and suggestions for below scenario :

Current design :

Have ECC (Installed in different box) and NW (installed in different box) trusted RFC connection maintained between ECC & NW to consume ODATA services.

1) Our mobile app will authenticate through windows AD server. (user maintained / created as "MobileUser1" in AD and ECC server) *User id is same in both the servers

2) Is it mandatory to maintain the same user "MobileUser1"  in (NW server) ? to access for creating the orders, pull / sync the data

3) If we maintain "Mobileuser1" in NW server then how can we handle if AD user password changes then it's mandatory to change and create the same password in NW & ECC??

Any Help will Appreciated.

Thanks in Advance.

Regards

PavanG

Accepted Solutions (1)

Accepted Solutions (1)

EkanshCapgemini
Active Contributor
0 Kudos

Hi Pavan,

You would set up SSO among AD, SMP, GW and ECC. In case of SSO, the same username has to be maintained in all the systems so you would need MobileUser1 created in NW GW system as well.

SSO does not affects on password change in one system. This SSO would work with accepting the login ticket from the active directory. If the user is validated in AD, AD will issue a login ticket that would be accepted by all other systems and would allow to login.

Regards,

Ekansh

Pavan_Golesar
Active Participant
0 Kudos

Hello Ekansh ,

Thanks Quite informative

Currently (We are not having Single Sign-on), App authentication through AD is success, but issue is whenever AD password expires, NW servers also requires to change and maintain the same password created for AD authentication. else we gets an error message "Forbidden 401".

Appreciate your suggestions and thoughts over this current situation.


Also , Do we have any resource (Document or something)which could be refereed to?

I also found these useful links.

Using Logon Tickets

Using Logon Tickets for Single Sign-On

Regards,

--PavaG

Message was edited by: Pavan Golesar

Pavan_Golesar
Active Participant
0 Kudos

Thanks . Closing thread.

Regards,

PG

Answers (0)