SAP Knowledge Base Article - Preview

1909814 - SSO fails incorrect user mapping between LDAP & ABAP

Symptom

For SSO purposes, the authentication in the portal uses user mapping between the LDAP user and the ABAP user. When the user which logs in into the system is different in the LDAP and in the backend (this is, when the user mapping is needed) the SSO fails, even if the user mapping seems to be correctly done.

In the traces we can see errors like:

User mapping has been requested for principal "JOHN DOE (John Doe)" (unique ID: "USER.CORP_LDAP.j_doe") and system "SAP_ECC_HResources" (system landscape: "EnterprisePortal"). The system is the SAP reference system and it is configured to use logon method "SAPLOGONTICKET".
15:39:29:042 Path J_DOE HTTP Worker [@193834439],5,D... ...PPersistence.principalDatabagExists

No user mapping data available for principal "JOHN DOE (John Doe)" (unique ID: "USER.CORP_LDAP.j_doe") and system "SAP_ECC_HResources" (system landscape: "EnterprisePortal"). Reason: No logon data found in principal attributes.


Read more...

Environment

  • SAP NetWeaver 7.3
  • SAP enhancement package 1 for SAP NetWeaver 7.3
  • SAP NetWeaver 7.4
  • SAP NetWeaver 7.5

Product

SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.3

Keywords

SSO, LDAP, user mapping, ume.usermapping.refsys.mapping.type , KBA , BC-JAS-SEC-UME , User Management Engine , BC-JAS-SEC , Security, User Management , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.