The credentials that are supplied in the connection string are only used in the development tools for development purposes. K2 has a built-in SSO provider that allows end users to cache thier SAP credentials through the K2 workspace (User Preferences->Security Labels) So whenever a SmartObject, that uses a K2 connect service object, is accessed the SAP credentials for the user accessing the SmartObject are used to make the connection. The current version of K2 Connect does not support caching credentials on behalf of another user. This functionality is being looked at for the next version of K2 Connect.
I hope this helps.
Regards,
Eric
Okay, that makes sense. However, if our users don't know their SAP credentials, then we have a problem, right? Our end users log on through the SAP portal using the SSO ticket (through Kerberos using their Active Directory/Windows password) to log into the SAP Systems with an SSO2 ticket to authenticate them to make sure they have access to that particular SAP system. They do not know their SAP system ID and password at all. Nor will it be given to them. So caching credentials in the Workspace is going to be impossible if it needs the SAP backend ID and password.
The only option that I can think of would be to use the K2 api and write an application to do impersonated credential caching. It should be possible to create an application that can use the internal K2 impersonation to impersonate the end users and allow you to programmatically cache the credentials for each user.
-Eric
Hello All,
Can i know how this issue is fixed?I have same issue at my end
What issue are you experiencing?
I believe K2 connect authentication can be configured one of three ways depending on needs:
1. K2 Single Sign On
a. Having the user login to K2 Workspace and cache their credential against an SAP credential/label
b. Having some custom code to prompt and cache the credential during runtime
For more detail see:
http://help.k2.com/kb000360
2. SAP Single Sign On
http://help.k2.com/kb000689
3. Static Authentication
- any users can execute SAP smartobjects