Credentials used for K2 Connect

  • 12 October 2009
  • 5 replies
  • 1 view

Badge +1

Is it possible to explain how credentials are passed to SAP systems using K2 Connect? 


We currently use SSO to connect using Kerberos in our environment to our SAP environments.  Our end users do not know their SAP system password.  I see that I have to put a UserID and Password in the connection string when entering a new SAP system and registering.  How is this UserID and password used?  How do end users then connect?  Does it use the connection string ID and password to connect or their own? 


Thanks!


5 replies

Badge +8

The credentials that are supplied in the connection string are only used in the development tools for development purposes.  K2 has a built-in SSO provider that allows end users to cache thier SAP credentials through the K2 workspace (User Preferences->Security Labels)  So whenever a SmartObject, that uses a K2 connect service object, is accessed the SAP credentials for the user accessing the SmartObject are used to make the connection.  The current version of K2 Connect does not support caching credentials on behalf of another user.  This functionality is being looked at for the next version of K2 Connect.


I hope this helps.


Regards,


Eric

Badge +1

Okay, that makes sense.  However, if our users don't know their SAP credentials, then we have a problem, right?   Our end users log on through the SAP portal using the SSO ticket (through Kerberos using their Active Directory/Windows password) to log into the SAP Systems with an SSO2 ticket to authenticate them to make sure they have access to that particular SAP system.  They do not know their SAP system ID and password at all.  Nor will it be given to them.   So caching credentials in the Workspace is going to be impossible if it needs the SAP backend ID and password. 

Badge +8

The only option that I can think of would be to use the K2 api and write an application to do impersonated credential caching.  It should be possible to create an application that can use the internal K2 impersonation to impersonate the end users and allow you to programmatically cache the credentials for each user.


-Eric

Badge +2

Hello All,

Can i know how this issue is fixed?I have same issue at my end

Userlevel 5
Badge +18

What issue are you experiencing?


 


I believe K2 connect authentication can be configured one of three ways depending on needs:


 


1.  K2 Single Sign On


 


a.  Having the user login to K2 Workspace and cache their credential against an SAP credential/label


b.  Having some custom code to prompt and cache the credential during runtime


 


For more detail see:


http://help.k2.com/kb000360


 


2.  SAP Single Sign On


http://help.k2.com/kb000689


 


3. Static Authentication


- any users can execute SAP smartobjects

Reply