Ume Ldap Abap Info

Session ID: AGS351User Managementand Authorizations

The Details

SAP AG 2005, SAP TechEd ’05 / AGS351 / 2

Contributing Speakers

TechEd Vienna:Frank Buchholz

Security Product Manager, SAP AG

Jens KosterSecurity Product Manager, SAP AG

Oliver NoconRIG Specialist, SAP AG

TechEd Boston:Larry Justice

Platinum Security Consultant, SAP America

Jens KosterSecurity Product Manager, SAP AG

Gerlinde ZibulskiSecurity Product Manager, SAP Labs LLC


Learning Objectives

As a result of this workshop, you willbe able to:

Explain and use Central User Administration (CUA)Understand and use LDAP directory synchronizationConfigure and use the User Management Engine (UME)

User Management OverviewCentral User Administration (CUA)SAP LDAP ConnectorPortal User ManagementRole Integration ScenarioSummary

User Management OverviewCentral User Administration (CUA)SAP LDAP ConnectorPortal / Java User ManagementRole Integration ScenarioSummary


Decentralized User Maintenance

Each SAP System has its own user data store

Decentralized user maintenance

Inconsistencies can occur between address data

SAP R/3Enterprise

SAPEBP

SAPBW

SAPAPO

SAP…


CUA central systemSAP release as of 4.6C

ALE ALE

SAP 6.xCUA client

SAP 4.6CUA client

SAP 4.5CUA client

Central User Administration

Users can be administratedin central SAP system

Automatic distribution toclient SAP systems

Local administration stillpossible (back distribution)

No inconsistencies

Central locks possible


CUA central systemSAP release as of 6.10

ALE ALE

SAP 6.xCUA client

SAP 4.6CUA client

SAP 4.5CUA client

Directory

Central User Administration & LDAP Synchronization

LDAPsynchronization


Enterprise Portalwith User Management

Engine (UME)

LDAPsynchronization


ALE ALE

SAP 4.6CUA client

SAP 4.5CUA client

Persistencestore

Directory

CUA & LDAP Synchronization & Enterprise Portal

SAP J2EE Engine

SAP ABAP +J2EE Engine

SAP NetWeaverCUA client



Engine (UME) CUA central systemSAP release as of 6.10

ALE ALE

SAP 4.6CUA client

SAP 4.5CUA client

Persistencestore

CUA & Enterprise Portal (No Directory)

SAPCUA client

ALE

Alternateconfiguration I

SAP J2EE Engine





Engine (UME)

LDAPsynchronization


ALE ALE

SAP 4.6CUA client

SAP 4.5CUA client

optionalDirectory

CUA & LDAP Synchronization & Enterprise Portal I

SAPCUA client

ALE

Alternateconfiguration II

Persistencestore

SAP J2EE Engine




Enterprise Portal with UME andCUA central system

LDAPsynchronization

ALE ALE

SAP 4.6CUA client

SAP 4.5CUA client

optionalDirectory

CUA & LDAP Synchronization & Enterprise Portal II

SAPABAP +

J2EEEngine



Alternateconfiguration III


HRsystem 4.0 and higherwith PlugIn System (PI 2001.2)4.5 with PlugIn System (Pl 2001.2)

Data Retrieval in PersonnelManagement via Query or ABAPReport

SAP Web AS as of 6.10Directory

Replication

RFC

As of 4.70 HR can beconnected directly tothe LDAP directory

HR Data Replication from SAPin an LDAP Enabled Directory Service


mySAP Business Suite: FI, CO, MM, …CUA child systems

LDAP

synchronization

Enterprise Portal withUser ManagementEngine

PersistenceOption

EP6

Integrated User Management

Central UserAdministration

Directory

HR

Email

Operatingsystem

Otherapplications

MetaDirectory

ALE ALE

UME

EmployeeData


SAPHR

Email

Telephony

Operatingsystem

NonSAPapplications


SAP Identity Management and Siemens Identity Management I


Engine (UME)

Provisioning incl.SPML integration*

Provisioning

load employeedata

*SPML integration available as of SAP NetWeaver NW 2004s SPS5 und NW 2004 SPS14

Prov

isio

ning

and

Syn

chro

niza

tion

Acco

unt a

nd g

roup

man

agem

ent,

valid

atio

n an

d re

conc

iliat

ion

DirX IdentityDirX Directory

ProvisioningPassword Management

SelfserviceMetadirectory

Audit

HiPath SIcurity DirXIdentity Management


Siemens HiPath SIcurity DirX and DirX Identity complement SAPNetWeaver with Identity Management for heterogeneous landscapes

The solution provides uniform identity provisioning for the SAPEnterprise Portal and all SAP applications as well as nonSAPapplications

SAP ships Siemens HiPath SIcurity DirX and HiPath SIcurity DirXIdentity demo license starting with NetWeaver 2004s rampup phase

Customer BenefitsSecure and centralized management of user identities and their accessrights for all enterprise applicationsRegulatory complianceIncreased operational efficiency and end user productivityReduced administration and helpdesk costs

SAP Identity Management and Siemens Identity Management II

Overview User ManagementCentral User Administration (CUA)SAP LDAP ConnectorPortal / Java User ManagementRole Integration ScenarioSummary


Note that

‘system’ alway

s means:

client in

a system

Set Up of System Infrastructure

Setting Up ALE communication users

Define logical systemslater on, systems are always referred to by theirlogical system ID

Define RFC destinations between central systemand child systems

Switch on the Central User Administration

Define field attributes

Migrate users

} USER

} ALE

} CUA

Steps to go through


TechEd: CUA System Landscape

CUA Master

Logical system name: NWSCLNT100

Used RFC Destinations:NWSCLNT001 with RFC user CUA_NWS_001NWSCLNT100 with RFC user CUA_NWSNWSCLNT200 with RFC user CUA_NWS_200

RFC User: CUA_NWSRoles of RFC user:SAP_BC_USR_CUA_CENTRALSAP_BC_USR_CUA_SETUP_CENTRAL

CUA ClientLogical system name: NWSCLNT001Used RFC Destinations:

NWSCLNT100 with RFC user CUA_NWSRFC User: CUA_NWS_001Roles of RFC user:

SAP_BC_USR_CUA_CLIENTSAP_BC_USR_CUA_SETUP_CLIENT

CUA ClientLogical system name: NWSCLNT200Used RFC Destinations:

NWSCLNT100 with RFC user CUA_NWSRFC User: CUA_NWS_200Roles of RFC user:

SAP_BC_USR_CUA_CLIENTSAP_BC_USR_CUA_SETUP_CLIENT

Central system to client system(used for user distribution)Client system to central system(used for user migration and status response)

RFC Destinations

RFC Users have user type ‘communication’and belong to the user group ‘SUPER’


Demo

DemoandExercise


CUA HandsOn

In the following exercise you will review the setup of theCentral User Administration:

1. Log on to the SAP System NWS client 100 (see next slide fordetailed connection data)

2. Review the definition of logical systems and the assignmentof logical systems to clients in Transaction SALE

3. Perform a connection test of RFC destination NWSCLNT2004. Review the CUA system landscape (Transaction SCUA)

Which system is the central system? Which are the client systems?5. Review the configuration for field distribution

(Transaction SCUM)6. Display Log Files for the Central User Administration

(Transaction SCUL)


System Information for this Exercise

SAP System Information

SAP System ID: NWS

IP Address: 10.22.80.213 (iwdfvm1027)

SAPRouter String: /H/sapgateb.wdf.sap.corp/S/3292/H/

System Number: 03

Client 100

User: AGS351<Group Number>(Group Number provided by speaker)

Password: demo123


Review the Logical Systems I

•Start transaction SALE

•Expand the node Sending and Receiving Systems

•Expand the node Logical Systems

•Click on Define Logical Systems


Review the Logical Systems II

You should find these entries

•Go back using the green arrow


Review the Logical Systems III

•Click on Assign Logical System to Client


Review the Logical Systems IV

•Display the entriesfor Client 100


Review the Logical Systems V

You should seethese entries


Review the RFC Connections I

•Start transaction SM59

•Expand the ABAP Connections node

•Double click on NWSCLNT200


Review the RFC Connections II

•Test this connection!


Review the RFC Connections III

Test was successful !!!


CUA Review I: What is the CUA Landscape?

•Start transaction SCUA and click on Display


•The CUA central system is client 100

•This CUA has two client systems: 001 and 200

CUA Review II: What is the CUA Landscape?


Look up the Configuration for Field Distribution in CUA

•Start transaction SCUM (Nice name, isn’t it?)


Look up Log Files for CUA I

•Start transaction SCUL•Additionally check “Successful”•Execute the report


Look up Log Files for CUA II

Messages relating todistributed objectsappear according tothe selection you made


HR

Email

Telephony

Operatingsystem

Otherapplications

MetaDirectory


User Management –Directory Integration


Directories serve as central repository for master data,which is used by several different applications

Every authorized application can modify this data

Access to this data is provided using the standardizedLightweight Directory Access Protocol (LDAP)

Hundreds of other application and hardware supplierssupport this protocol

SAP systems can be connected to such a directory to shareparts of their user data or database content (e.g. HR data)with other applications

Directory Benefits


/

C=GB C=DE

o=CompuNeto=SAP

DIT: Directory Information Tree

Information Model –Hierarchical Structure


ou=Security Consulting

cn=Anton Schmidt

ou=Sales

o=SAP AG

c=DE

cn=Anton Schmidt, ou=Security Consulting, o=SAP AG, c=DE

The way through the DIT defines the identification of an objectAbsolute and relative namesDistinguished names have to be uniqueRelative distinguished names are unique in their naming context

Information Model –Names in the Tree

cn=Xaver Huber cn=Norbert Hofer cn=Kurt Wagner


cn

givenName

sn

telephone

mail

person

employeeID

title

department

function

orgPersoncn

givenName

sn

telephone

mail

top

person

orgPerson

inetOrgPersonSAPaddonUM

object class hierarchy

orgUnit

(SAP schema extension)

Information Model –Object Class Hierarchy


operational attribute20010730175352ZmodifyTimestamp

ABC:000:sapDeveloperXYZ:100:sapAdministrator

MSMITH

[email protected]

+496227 747474

Smith

Max

inetOrgPersonsapAddOnUM

CN=D505050;O=SAPAG;C=DE

optional attributetelephoneNumber

Attribute (SAP)sapUserName

multivalue attribute (SAP)sapRoles

optional attributemail

naming attribute (DN)Uid

mandatory attributesn

singlevalue attributegivenName

special attributeobject class

Information Model –Entries in the DIT

mailto:[email protected]


Application Server

Call Function‘LDAP_XXX‘

Work Process LDAPConnector

Function‘LDAP_XXX‘

LDAP Client

LDAP Server

Directory

RFC

LDAP

Executable LDAP_RFC shipped since Release 4.6A

Loads LDAP library of operating system at runtime

LDAP Connector


Configure LDAP Connection

1. Configure LDAP Connector

2. Enter LDAP System User Data

3. Enter LDAP Server Connection Data

4. Configure Field Mapping

Later steps in TechEd Demo Scenario:

1. Create users using Portal UME

2. Synchronize data betweenDirectory and SAP


Demo

DemoandExercise


LDAP HandsOn

In this exercise you will prepare the LDAP connector and server, which youwill use later in the session to run a user synchronization

1. Create the RFC connection LDAPCONNECTOR_<Group Number> for the LDAPconnector (connection type: T, gateway host: iwdfvm1027, gateway service:3303). Enter the same name as the Program ID for the registered serverprogram

2. Configure the LDAP connector with your newly created RFC destination andactivate the connector (Transaction LDAP, Function: Connector)

3. Make sure that the LDAP admin user LDAPADMIN is already configured in thesystem (Transaction LDAP, Function: System Users)

4a. Create the LDAP server TECHED_LDAP_<Group Number> with the dataprovided on the next slide (Transaction LDAP, Function: Server Names)

4b. Import the Mapping Proposal for your server. Change the mapping for theattribute sapUsername into the attribute uid

4c. Set the synchronization options to IMPORT for the following attributes: uid,givenName, sn. Save your server settings

4d. Log on to your group’s LDAP server using your LDAP Connector (TransactionLDAP) and look up LDAP server entries for attributes uid and sn



SAP System Information: See Slide No. 22

LDAP Server:

LDAP Connector: LDAPConnector_<Group Number>

LDAP Server: TECHED_LDAP_<Group Number>

IPAddress: 10.22.80.215 (iwdfvm1029)

Port Number: 389

Product Name: Microsoft Windows 2003 Active Directory(Application Mode)

LDAP Version: LDAP Version 3

LDAP Application: User

Base Entry of LDAPserver: ou=users,o=sap,c=de

System Logon: LDAPADMIN


Create a New RFC Destination for Your LDAP Connector I

•Start transaction SM59 and click on Create


Create a New RFC Destination for Your LDAP Connector II

Choose the group number providedby the instructors:

LDAPCONNECTOR_<group number>


LDAPCONNECTOR_<group number>


Configure the LDAP Connector I

•Start transaction LDAP

•Click on Connector


Configure the LDAP Connector II

Click on the Change Button

1

Confirm this popup2


Configure the LDAP Connector III

Click on New Entries


Configure the LDAP Connector IV

•Choose your group’s RFC destination and choose the values above

•Save your entries

•The lights should now turn green! (Otherwise click on the activate button)


Review the Data of the LDAP Admin User I

Click on System Users.


Review the Data of the LDAP Admin User II

You should see this result

•Go back with the green arrow twice


Create the LDAP Server I

Click on LDAP Servers


Create the LDAP Server II

Click on the Change Button


Create the LDAP Server III

Click on the New Entries Button


Create the LDAP Server IV

1. Enter the data shown above. As the groupnumber, choose the number provided bythe instructor

2. Save your entries3. Then double click on mapping

1

2


TECHED_LDAP_<group number>

3


Create the LDAP Server V

1. Go via the menu Utilities and ImportProposals. This will import theappropriate LDAP server proposals

2. Accept the popup

1

2


Create the LDAP Server VI

Double click on sapUsername to changethe attribute name


Create the LDAP Server VII

Change the attribute name to the value ‘uid’and go back twice using the green arrow

1

2


Create the LDAP Server VIII

Double click on “Synchronization”


Create the LDAP Server IX

•Check the below fields to be imported from the directory

•Go back using the green arrow and save the data

1

2


Test the LDAP Connection I

1

2

•Select your group’s LDAP server and LDAP connector

•Choose “Log On”to log on to your LDAP server


Test the LDAP Connection II

Choose “Use System User”and continue with “Execute”

1

2


Test the LDAP Connection III

The push buttons should all be active now

•Press “Find”to search for objects in your LDAP server


Test the LDAP Connection IV

Enter the attributes “uid”and“sn”and continue your searchclicking on “Execute”

1

2


Test the LDAP Connection V

Congratulations!

The SAP system is successfullyconnected to the LDAP server!


SAPEnterprise

Portal

ApplicationsAccessing UserManagement

User ManagementCore Layer

Persistence Manager

DatabaseLDAP

DirectorySAP

System

PersistenceAdapters

API for Users, Groups and Roles(for local Java Applications)

Architecture Overview –User Management Engine

User PersistenceStore

… otherJ2EE

Application

SPML

SPML = Service Provisioning Markup Language


Persistence Manager I

Central place for reading and writing userspecific dataUsersGroupsRole assignments

Uses Persistence Adapters to read/write data

Supports database, LDAP directory and SAP system asrepository

User ManagementCore Layer

Persistence Manager

DatabaseLDAP

DirectorySAP

System

PersistenceAdapters

User PersistenceStore


Persistence Manager II

User PartitioningSpecific user sets can be distributed across different repositories

Persistence Manager

DatabaseLDAP

DirectoriesSelfregistered,external users

Internal users

Example:

Persistence Manager

DatabaseLDAP

DirectoryRole assignments

(portalspecific data)General user data

(application independent)

Example:

Attribute PartitioningSpecific user attributes can be distributed across differentrepositories


Persistence Manager III

Type PartitioningSpecific data types can be distributed across different repositories

Persistence Manager

DatabaseSAP

SystemGroups Users

Example:


Enterprise Portal 6.0 –Identity Management

Webbased user administration

End user selfregistrationUser can create account in the portalWorkflow for approval of registration request by administrator

Password management & policiesConfigurable expiration datesInitial passwords and forced change at first logonLimit of failed logon attempts

Flexible user persistence layerLDAP directory, database or SAP system as user store

Delegated administration


UME User Administration I

WebDynprobased Administration GUI

User Administration Functions:

Create usersCopy usersModify usersSearch for usersAssign users andgroups to role(s)


UME User Administration II

User Administration Functions (cont.):

Set or autocreate passwordSet date & time for user accountactivationLock/unlock usersView user account historyApprove/deny selfregistered usersAdapt attributes contained inselfregistrationEMail notifications for specified events


Overview SAP Roles

Portal RolesPortal Roles

ABAP

… define, what isdisplayed in the

Portal

ABAP RolesABAP Roles

Java

UME RolesUME Roles

J2EE Security RolesJ2EE Security Roles

… define, whatauthorizations the

user has in thebackend system

or


Main Role Concepts in SAP NetWeaver

Single roles inABAPbased

systems

Portal Roles

(= UME Roles)

SAP Enterprise Portal

Generate Authorization Roles in ABAP fromUser Interface Roles in the Portal

Roles in ABAPbased systems(roles in transaction PFCG)


ABAP Roles and Portal Roles: A Comparison

Portal Roles carry the user interfaceinformation but (almost) no authorizationinformation.

Authorizations must still be maintained inthe backend systems.

Roles (single roles) carryauthorization information.

The Profile Generator is part of therole administration in transactionPFCG.

The content of Authorization Rolescan be generated using the definitionof Portal Roles

Portal RolesABAP Authorization Roles


Scenarios for Role Integration

When using different SAP components, different scenarios for managingidentities are possible.

The following slides describe an example using the following components:

SAP Enterprise PortalABAP based SAP SystemsDirectory Server

Scenario A:The administrators use the UME to maintain users and portal role assignmentsPortal roles and related ABAP authorization roles are linked togetherThe system ensures that necessary ABAP authorization roles are assigned, too

Scenario B:The administrators use the CUA to maintain users and role assignmentsPortal roles and related ABAP roles are linked togetherThe system ensures that necessary Portal roles are assigned, too


Enterprise Portal

Enterprise Portal


Developmentsystems forcustomizing

Portal RoleMaintenance

1

TransferRole Information

2

Transfer RoleInformation toCUA

5

Transport toproductive systems

4

CUA

AuthorizationRole

Maintenance(using WP3R)

3

Scenario A: Role Maintenance


Enterprise Portal

CUA

Scenario A: User Management based on the CUA


UserMaintenance

1

Portal RoleAssignment

2

AuthorizationRole Assignmentusing transaction

WP3R

4

Publish RoleAssignment

3 ALE ALE

Variant IUsers get roles inbackend systems

6

Persistence Store


Enterprise Portal

CUA

Scenario A: User Management based on the CUA


UserMaintenance

1


2


WP3R

4


3 ALE ALE

Persistence Store

BackVariant I

Users get roles inbackend systems

5

User iscreated in CUA

1


Enterprise Portal

CUA


DirectoryUser

Maintenance1


2


WP3R

5SynchronizeUser Data

3


4

LDAPsynchronization

ALE ALE

Persistencestore

Variant II

Scenario A: User Management based on a Directory

Users get roles inbackend systems

6


Role GroupAssignment

5

SAP backend AuthorizationRole EQUALS Group in the

Enterprise Portal !

Enterprise Portal

Developmentsystems forcustomizing


CUA

AuthorizationRole

Maintenance(using PFCG)

3

Transport toproductive systems

4

Maintain auth.role templatesfor the Portal

2

Scenario B: Role Maintenance

Portal RoleMaintenance

1

Persistence Store


Enterprise Portal


CUA

Scenario B: User Management based on the CUA

UserMaintenance

1

RoleAssignment

2

ALE ALE

Users getauthorization roles

in the backendsystems

Users get groupsand indirect roles

in the Portal

3

SAP backend AuthorizationRole EQUALS Group in the

Enterprise Portal !

Persistence Store


Demo

DemoandExercise


Exercises

1. Create user “teched<Group Number>”in the portal using thePortal User Management toolFirst name: teched, last name: test, Email: [email protected] andassign the Portal role “backend_admin”to the newly created user

2. Replicate this user into the CUA central system via LDAPsynchronization

3. Transfer the role assignment for Portal role “backend_admin”tothe central system of the CUA (System NWSCLNT100SR)

4. Generate role assignment in CUA for your created user (teched<Group Number>)

5. Verify the ABAP role assignment to the user using transactionSU01

6. Log on to the portal with user teched<Group Number> and verifythat you have access to the transactions




SAP System Information:See Slide No. 22

SAP Enterprise Portal

URL: http://iwdfvm1029.wdf.sap.corp:50000/irj

User for Logon: AGS351<Group Number>(Group Number is provided by instructor)

Password: demo123

User to be created: teched<Group Number>

http://iwdfvm1029.wdf.sap.corp:50000/irj


Logon to the Portal

1

2


Step 1: Create Portal User and Assign Portal Role I

21

•Enter the new user IDhere: teched<groupnumber>

•Enter a new password (2x)and memorize it for lateruse!

•Enter first name and lastname

•Enter any email address•Set Language if you like

4

3

5


Step 1: Create Portal User and Assign Portal Role II

21

1. Enter “backend_admin”and click “Go”2. Mark the entry3. Click on „Add“4. Click on „Save“

4

3


Step 2: Create ABAP User with LDAP Sync I

1

1. Select „Sync Users into CUA“2. Enter “teched<group number>”3. Execute the transaction

2

3


Step 2: Create ABAP User with LDAP Sync II

You should see this result


Step 3: Verify User Creation I

1

2

• Logon to the NWS using the Windows Gui• Start transaction SU01• Enter user name teched<group number>• Click on „Display“


Step 3: Verify User Creation II

The user’s master data will be displayed


Step 4: Transfer User Assignment I

1

3

4

2

3. Select “NWSCLNT100”

4. Click “Next”


Step 4: Transfer User Assignment II

12

3

4

1. Enter “backend_admin”

2. Click “Search”

3. Select Role (check)

4. Click “Next”


Step 4: Transfer User Assignment III

1


Step 4: Transfer User Assignment IV

You should seethese messages

(Refresh, if you don’tsee all the messagesright away)


Step 5: Assign ABAP Roles to User I

1. Click “Assign Backend Roles”

2. Enter “teched<group number>”

3. Click Execute

1

2

3


Step 5: Assign ABAP Roles to User II

1 2

1. Expand Subtree

2. Click “Propose”


Step 5: Assign ABAP Roles to User III

1


Step 5: Assign ABAP Roles to User IV

1


Step 5: Assign ABAP Roles to User V

1


Step 6: Verify ABAP Role Assignment I

1

2

• Logon to the NWS using the Windows Gui• Start transaction SU01• Enter user name teched<group number>• Click “Display”


Step 6: Verify ABAP Role Assignment II


Step 7: Logon to Portal with Newly Created User I

1

2


Step 7: Logon to Portal with Newly Created User II

1

2


Step 7: Logon to Portal with Newly Created User III

Congratulations!!!

You have successfully created auser in your system landscape witha portal role and appropriatebackend authorizations

Overview User ManagementCentral User Administration (CUA)SAP LDAP ConnectorPortal /Java User ManagementRole Integration ScenarioSummary


SAP offers a stable and widely used CentralUser Administration for SAP systems

SAP offers LDAP directory integration

SAP offers a User Management Engine forthe Enterprise Portal

Summary


Further Information (Boston)

Related Workshops/Lectures at SAP TechEd 2005AGS101 An Overview of User Management and AuthorizationsAGS103 Identity Management –Streamlining the User Provisioning Process

Between HR, LDAP, and CUAAGS104 SAP MIC Tool –SAP NetWeaver in Support of SarbanesOxley

RequirementsAGS105 Security PrimerAGS201 SarbanesOxley Compliance –Challenges and BenefitsCD261 Using Authorizations in Java Application Development

Related SAP Education Training Opportunitieshttp://www.sap.com/education/ ADM940960

Public Web:www.sap.comNetWeaver Developer‘s Guide: www.sdn.sap.com/sdn/developersguide.sdnSAP Developer Network: www.sdn.sap.com SAP Netweaver Platform SecuritySAP Customer Services Network: www.sap.com/services/

http://www.sap.com/education/ADM940-960

http://www.sap.com

http://www.sdn.sap.com/sdn/developersguide.sdn

http://www.sdn.sap.com

http://www.sap.com/services/


Further Information (Vienna)

Public Web:www.sap.comNetWeaver Developer‘s Guide: www.sdn.sap.com/sdn/developersguide.sdnSAP Developer Network: www.sdn.sap.com SAP Netweaver Platform SecuritySAP Customer Services Network: www.sap.com/services/

Related Workshops/Lectures at SAP TechEd 2005AGS104 SAP MIC Tool –SAP NetWeaver in Support of SarbanesOxleyRequirementsFri, 9:15 a.m. – 10:15 a.m., L3

AGS106 Virus Scanning of Documents in SAP ApplicationsThu, 6:00 p.m. – 7:00 p.m., L3

AGS200 Increasing Infrastructure Security by using Application GatewaysFri, 10:45 a.m. – 12:45 p.m., L4

AGS202, Security in SAP Internet Transaction Server (ITS) LandscapesFri, 11:45 a.m. – 12:45 p.m., L3

AGS350, Configuring J2EE & SAP NetWeaver Portal UME AuthenticationThu, 2:15 p.m. – 4:15 p.m., H2

Related SAP Education Training Opportunitieshttp://www.sap.com/education/ ADM940960

http://www.sap.com

http://www.sdn.sap.com/sdn/developersguide.sdn

http://www.sdn.sap.com

http://www.sap.com/services/

http://www.sap.com/education/ADM940-960


Q&A

Questions?

[email protected]

URL: http://service.sap.com/security


http://service.sap.com/security


Please complete your session evaluation.

Be courteous — deposit your trash,and do not take the handouts for the following session.

Feedback

Thank You !


No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The informationcontained herein may be changed without prior notice.Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP,Intelligent Miner, WebSphere, Netfinity, Tivoli, and Informix are trademarks or registered trademarks of IBM Corporation.Oracle is a registered trademark of Oracle Corporation.UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.Java is a registered trademark of Sun Microsystems, Inc.JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.MaxDB is a trademark of MySQL AB, Sweden.SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos aretrademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentionedare the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.

The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purposewithout the express prior written permission of SAP AG.This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intendedstrategies, developments, and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business, productstrategy, and/or development. Please note that this document is subject to change and may be changed by SAP at any time without notice.SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics,links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limitedto the implied warranties of merchantability, fitness for a particular purpose, or noninfringement.SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use ofthese materials. This limitation shall not apply in cases of intent or gross negligence.The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use ofhot links contained in these materials and does not endorse your use of thirdparty Web pages nor provide any warranty whatsoever relating to thirdparty Webpages.

Copyright 2005 SAP AG. All Rights Reserved

Ume Ldap Abap Info

Documents

Transcript of Ume Ldap Abap Info