Re: How to read user name - SAML2
Hi,yes, you are correct. We have Gateway, we have backend SAP system and we have user authenticated on our nonSAP portal by SAML2 - this scenario is working - but I need the user name from the portal -...
View ArticleRe: Lock or delete of SAPCPIC and TMSADM users
Very often these users are being (mis)used without people knowing it. You can start analyzing the users usage via Sm19/sm20 and/or the STAD or via specific software tools.Before deleting the users, you...
View ArticleRe: How to read user name - SAML2
Hi Patrick,and do you know how can I retrieve this user name from SAML2 response directly on Gateway system? - you are right that I can then save this user name to one field of the data model. Or do...
View ArticleWhen and where does the profile S_A.SHOW come from?
I am trying to setup a 3rd party password reset product and in the documentation they ask you to create a profile based on other "included" profiles. One in particular S_A.SHOW Basis: Display...
View ArticleRe: How to read user name - SAML2
Hi, I haven't tested it but I don't think that email address is passed back to service provider. I assume that an identity provider just issues a logon ticket for a service user. So it's quite possible...
View ArticleRe: Link between end-user field and authorization object
Hi, there is is no such a link. The fields of authorization objects can't be directly mapped to the database fields. The logic is built into applications. For example object M_BEST_BSA. It controls...
View ArticleRe: Link between end-user field and authorization object
Hi Sanddie, Sanddie wrote: "I need to know which authorization objects are behind as well as which Tcodes,this way I will be able to identify the roles using the authorization object/tcode and in the...
View ArticleRe: When and where does the profile S_A.SHOW come from?
It has been deprecated, along with a bunch of other ancient profiles. Roles should be used now. Even SAP_ALL and NEW have been replaced (but dont tell anyone who insists on having the old profiles...)....
View ArticleRe: Link between end-user field and authorization object
Next best would be the F1 key and navigate to the technical field object to be able to where-used-list it. But that is not scalable. It is easier to get to know the authorization objects more...
View ArticleRe: How to read user name - SAML2
It seems the actual requirement is user specific authorizations on backend and authentication would be the correct means to that end, but there is an alternative: After authentication of service user...
View ArticleRe: SAP instance doesn't come up after setting up SNC
Hi, We had a very similar issue (see below the sapgui trace) with NW SSO 2.0. @Luciano, did you solve it ? *** ERROR => SncPEstablishContext() failed for target='p:CN=XXXXX@yyyyyy.com'...
View ArticleRe: How to read user name - SAML2
Hi, I think you can't distinguish directly because your identity provider maps every non sap user to one sap user. So for SAP system it always look like one account (service user). To confirm this...
View ArticleRe: Roles show old Activities for Object S_ALV_LAYO
Hi Abhishek "It seems that steps after upgrade i.e. tcode SU25 were not executed" - seems you have answered your question? That aside, debugging and finding AGR_1251 tables means you just found PFCG...
View ArticleRe: How to read user name - SAML2
Hi Jiri, even with SAML2, you have to have a user in the system that matches the credentials provided by the SAML2 IdP, you just do not need to provide the username and password to the end user. So...
View ArticleRe: SU25 UPG ENHP : how to find modified roles?
Hello Colleen,thank you very much for your helpfull explanation. When we launch the program SU2X_COMPARE_ROLES_WITH_DEFLTS we find 106 roles with red traffic light. Double clicking on them we go to...
View ArticleRe: SU25 UPG ENHP : how to find modified roles?
Hi Bob I don't believe you can as the changes may be due to SU24 changes brought in by Step 2A and Step 2B There is no magic button (that I'm aware off) for PFCG "undo". You can either look at change...
View ArticleRe: SU25 UPG ENHP : how to find modified roles?
Hi Colleen,in your opinion can we restore the situation by SU25 step3 from QA (not yet upgarded)? In your opinion could be sufficient to transport afterwards the usobx_c and uosbt_c table content from...
View ArticleRe: SU25 UPG ENHP : how to find modified roles?
Hi Bob I'm not really in a position to provide advise without knowing your system-landscape and what the strategy was for your upgrade as well as security role build. I read your posts as a contractor...
View ArticleSAP Charm Tool License Cost and Information Requeset
Hello, We are considering to implement a transport management tool. We wouldlike to implement SAP Charm Tool for our SAP Solution Manager toutilize the Charm features and capabilities. Since we already...
View ArticleRe: SAP Charm Tool License Cost and Information Requeset
Hi Yahya, As far as I know Solution Manager is free of cost. But from commercial aspects, I would recommend you to raise a ticket in xx-ser-las at service market place and take the confirmation from...
View Article