For SSO purposes, the authentication in the portal uses user mapping between the LDAP user and the ABAP user. When the user which logs in into the system is different in the LDAP and in the backend (this is, when the user mapping is needed) the SSO fails, even if the user mapping seems to be correctly done.
In the traces we can see errors like:
User mapping has been requested for principal "JOHN DOE (John Doe)" (unique ID: "USER.CORP_LDAP.j_doe") and system "SAP_ECC_HResources" (system landscape: "EnterprisePortal"). The system is the SAP reference system and it is configured to use logon method "SAPLOGONTICKET".
15:39:29:042 Path J_DOE HTTP Worker [@193834439],5,D... ...PPersistence.principalDatabagExists
No user mapping data available for principal "JOHN DOE (John Doe)" (unique ID: "USER.CORP_LDAP.j_doe") and system "SAP_ECC_HResources" (system landscape: "EnterprisePortal"). Reason: No logon data found in principal attributes.
- SAP NetWeaver 7.3
- SAP enhancement package 1 for SAP NetWeaver 7.3
- SAP NetWeaver 7.4
- SAP NetWeaver 7.5
SSO, LDAP, user mapping, ume.usermapping.refsys.mapping.type , KBA , BC-JAS-SEC-UME , User Management Engine , BC-JAS-SEC , Security, User Management , How To
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.