Previous      Contents      Next
Sun Java System Identity Manager 6.0 Resources Reference 2005Q4M3

---

SAP Enterprise Portal

The SAP Enterprise Portal adapter is defined in the com.waveset.adapter.SAPPortalResourceAdapter class.

This adapter supports the following versions of SAP Enterprise Portal:

6.20 SP2+

Identity Manager Installation Notes

The SAP Enterprise Portal adapter does not require any additional installation procedures.

Resource Configuration Notes

The idmservice.par portal archive file must be deployed onto the SAP Enterprise Portal. The idmservice.par file can be found in the root folder of the install image.

The portal archive defines the com.sap.portal.prt.soap.IDMService portal service, which is required by the SAP Enterprise Portal adapter. The adapter communicates with the portal service via SOAP calls to manage the objects on the Portal.

A Portal administrator must install the idmservice.par. This is done through the administrative user interface for SAP Enterprise Portal by selecting the idmservice.par as the file to upload.

Usage Notes

The SAP Enterprise Portal adapter accomplishes user provisioning by indirectly using the SAP User Management Engine (UME). The adapter communicates with the Identity Manager portal service. The portal service in turn makes direct UME calls.

To communicate with the Identity Manager service installed on the SAP Portal, the Identity Manager Portal Service Endpoint resource attribute must be configured.

An example endpoint is:

https://myhost:50000/irj/servlet/prt/soap/com.sap.portal.prt.soap.IDM Service

The SAP Portal Administrator and SAP Portal Administrator Password resource attributes define the username and password of an administrator of the SAP Portal.

The Test Configuration button verifies that the endpoint, username, and password are valid by performing a status call on the Identity Manager portal service.

Security Notes

To enhance security, configure the following:

The com.sap.portal.prt.soap.IDMService portal service should only be accessible through an SSL-encrypted port exposed by the Portal.
The com.sap.portal.prt.soap.IDMService/high_safety Security Zone should be modified to include only the SAP super_admin role.

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.

Feature	Supported?
Enable/disable account	Yes
Rename account	No
Pass-through authentication	Yes
Before/after actions	No
Data loading methods	Import directly from resource   Reconcile with resource

Account Attributes

The following table lists the SAP Enterprise Portal user account attributes.
Unless otherwise noted, the data type for all account attributes is String.

Identity Manager User Attribute	Resource User Attribute	Description
sap_groups	groups	SAP groups in which the user is a direct member
sap_roles	roles	SAP roles in which the user is a directory member
title	title	The user’s academic title or title of nobility
firstname	firstName	The user’s first name
lastname	lastName	The user’s last name
fullname	displayName	The user’s display name
email	email	The user’s default email address
telephone	telephone	The user’s default telephone number
fax	fax	The user’s default fax number
cellPhone	cellPhone	The user’s default cell phone number
street	street	The street of the user’s home address
city	city	The city of the user’s home address
state	state	The state or province of the user’s home address
zipcode	zip	The postal code of the user’s home address
country	country	The ISO-3166 two-letter uppercase code of the country where the user lives. This value does not necessarily match the country specified in the locale.
timeZone	timeZone	The user’s time zone.
locale	locale	The user's locale, such as en_US or fr_CA.
currency	currency	The three letter uppercase code of the user's currency, such as USD, EUR, or YEN
screenReader	screenReader	Boolean. Enables or disables the user's screen reading capability.
department	department	The user’s department
jobTitle	jobTitle	The user’s job title
salutation	salutation	The user’s form of address, such as Mr., Mrs., or Dr.

Resource Object Management

SAP Groups and Roles are supported.

Identity Template

$accountId$

Sample Forms

A sample form is available at sample/forms/SAPPortalUserForm.xml is available. When this sample form is used, you must also import sample/rules/SAPPortalUserFormRules.xml.

Troubleshooting

Use the Identity Manager debug pages to set trace options on the following class:

com.waveset.adapter.SAPPortalResourceAdapter

Additionally, you can set the following Identity Manager logging parameters for the resource instance:

Log File Path
Maximum Log File Size
Log Level

To view the log for the portal service on the SAP Enterprise Portal server, see the WEB-INF/portal/logs/idm.log file on the SAP server installation file

The portal service uses the logger idm_logger, which is defined in the PAR in the PORTAL-INF/logger/logger.xml file. By default, the idm_logger is set to log ALL messages

Previous      Contents      Next

---

Copyright 2006 Sun Microsystems, Inc. All rights reserved.