User Authentication in ADF BC

Similar Messages

• Best way Of providing user authentication using ADF security...

  Hi,
  I have a web application . I want to implement to ADF security to the application.. What is the best approach of doing this? I have the user information in the database tables along with the roles and other information. I want to these tables for authorization ?
  What is the best approach to do this? It would be great if u could help ..
  I ma using 11g release 2
  Thanks in advance.
  Rakesh

  Hi,
  Thanks for the quick response.
  I have been looking at the post but i found one of the forum post in which the person was saying the SQLAuthentication doesnt work ..
  "Be wary when using ADF Security (OPSS) with a SQLAuthenticator.
  This is feedback I got in SR 3-4124753004 :
  "If the you want to use DB as the identity store, then the supported way is to buy OVD server license and configure DB adapter in OVD and then configure an OVD authenticator in Weblogic. SQLAuthenticator will not be used as identity store. And, we do not recommend to use LibOVD for DB identity store. OVD server is the recommended and supported way."
  related bugs are :
  - bug 13876651, "FMW CONTROL SHOULD NOT ALLOW MANAGING USERS GROUPS FROM SQL AUTHENTICATOR"
  - enhancement request 12864498, "OPSS : ADDMEMBERSTOAPPLICATIONROLE : THE SEARCH FOR ROLE FAILED"
  related forum threads are :
  - "ADF Security : identity store : tables in a SQL database"
  - "OPSS : addMembersToApplicationRole : The search for role failed"
  regards
  Jan Vervecken"
  Is this true?
  Rakesh

• User authentication in FDM

  Hi friends,
  1) I am using FDM 9.3.1, we can i create a user in FDM using user management and we are creating simple user authentication vb script in FDM but still we are able to access that user with any password.
  2)I also donot know how to configure fdm with shared services.
  But i think we can create some user in FDM without any need of shared services and we can authenticate that user by writing vb user authentication script.
  Pls help me for both these problems

  Hi,
  How SRDEMO calls the login page which asks the username and password and later use it in other pages?
  Its using container managed security: Look at infrastructure/SRLogin.jspx
  Is there exists any document which describe How user connection(userid and password) information is authenticated and preserve later in other pages of the ADF applicaton?
  In container managed authentication, the username can be accessed from the JSf external context. The password isn't
  Is there exists any example which does the database user authentication instead of application user authentication in ADF BC and used in later forms?
  Yes, you can configure container managed authentication to use a custom JAAS LoginModule instead
  http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
  Is there exists some pre-login( on-logon) triggers kind of stuff in ADF as it was in forms?
  Using ADF Business Components that would be the prepareSession() method that is called on the application module
  Frank

• Programmatic User Authentication in JHS 10.1.2

  Hi,
  I've been trying to use JHS 10.1.2. and the Programmatic User Authentication example of 9.0.5.2 but this obviously does not seem to work.
  Could you please supply information how to enable programmatic User Authentication in JSH 10.1.2?
  Thanks
  William

  William,
  We are currently working on upgrading the old "JHeadstart Demo" to the JHeadstart ADF release. This demo will include programmatic user authentication. We have not scheduled the next patch release yet, but may 2005 seems realistic at this point.
  In the meantime, you could start off with the implementation provided in the non-ADF Jheadstart release, and upgrade it to the ADF release. I know of one customer who did that. It is not that hard, the approach will largely stay the same. An authentication filter checks whether the user is already logged on by checking some session attribute and will forward to an authenticate user action that validates the username/password.
  Steven Davelaar,
  JHeadstart Team.

• User Authentication for subfolder not working in Web Browser

  We are using Oracle Application Server 10.1.2.3 and Database Server 10.2.0.5 for our application.
  One of the functionalities of the Application is to send emails with attachments.
  The logic is that the Application would generate the attachment file on the Application Server.
  Then a database package uses Oracle's utl_http package/procedures(more specifically utl_http.request_pieces where the single argument is a URL) to pick up the file from the Application Server via URL, attach the file and send the email.
  Exchange and Relay Server is also set in the Application.
  The problem is that the folder containing the folder which stores the attachments is having user authentication set.
  Example : The main folder is /apps/interface, this folder requires a valid user when it is accessed via URL on a web browser.
  Alias created in httpd.conf
  Alias /int-dir/ "/apps/interface/"
  The folder /apps/interface/email/ is the folder where the attachment files are generated and stored.
  Application Server : 10.12.213.21
  Database Server : 10.12.213.22
  Email Server : 10.12.213.44
  Configuration as per httpd.conf
  Alias /int-dir/ "/apps/interface/"
  <Location /int-dir/>
  AuthName "Interface folder"
  AuthType Basic
  AuthUserFile "/u01/app/oracle/as10g/oasmid/Apache/Apache/conf/.htpasswd"
  require user scott
  </Location>
  <Location /int-dir/email>
  Options Indexes Multiviews IncludesNoExec
       Order deny,allow
       Deny from all
       Allow from 10.12.213.21
       Allow from 10.12.213.22
       Allow from 10.12.213.44
  </Location>
  Using the above configuration the Application is able to attach the files and send the email, however, when we access the following URL :
  http://10.12.213.21:7778/int-dir/ - it prompts for user authentication
  However if we use the following URL :
  http://10.12.213.21:7778/int-dir/email/ - it does not prompt for user authentication, and all the files in the folder are displayed in the browser.
  I have tried so many things including AllowOverride, .htaccess, but i am not able to get user authentication for the email folder.
  Please help me if you can.
  Thanking you in advance,
  GLad to give any more information that i can.
  dxbrocky

  Thanks for your response.  I fixed the problem by selecting "full site" or "full website" at bottom of the web page.  After making this selection the zoom function returned.  Thanks again for your interest.

• User Authentication failed

  Hi all,
  I like to share one of my peculiar issue with you and like to get a solution as well.
  I am trying to install a portal server with r3load based method. I did a java export of mssql Portal server and suceefully imported in the newly installed server.The server is up and running.I also completed the post installation activites like SLD ,SSO and Jco creation. I am not able to log in to the java page using administrator user and also other users..It keep on saying that user authentication is failed.
  But the beauty is that using the same adminsitrator user i am logging in the visaul administrator .
  I dont know where the problem and also i verified the log files under cluset/server nodes. There i found the log as  follows  --- > Connection is already closed and no longer associated with a managed connection,,
  I dont know where i am missing. Due to this I reinstalled the server and imported again..But the same problem is existing to me. Anyone have suggestion on this please do reply.
  Thanks and Regards
  Vijay

  Hi,
  Thnaks for reply. Its only a java system ,, So no activity needs to be done in SU01. I checked the table in database..the users are exisitng as well in the table.
  FYI: I am able to log in visaul admin but not in the java pages like
  http://<hostname>:port/
  http://<hostname>:port/irj
  Hope i explained  my problem it in right way
  Regards
  Vijay

• Email Receiver Dynamic User Authentication, is it possible?

  Hello Experts,
  I have a scenario SAP ECC->SAP PI->Gmail Mail Server, now the interface is working fine, the thing is that I want to configure the user Authentication in a dynamic way, I tried to doit in a UDF in the Message Mapping, using the dynamic values for:
  TServerLocation
  TAuthKey
  fields, but is not working, am I using the correct header fields?, or is there another way to change this parameters?, thanks in advance for your answers.
  Regards,
  Julio Cesar

  Hello Gopal,
  Im using Plain, it works fine if I fill up the fields for User and Password in the comm channel, but if I try using the fields in a Dynamic way is not working, thanks for your answer.
  Regards,
  Julio

• Use Microsoft Online Directory Services as a user authentication provider for our own SharePoint farm?

  Hi,
  I've managed to configure my farm so that  Microsoft Online Directory Services (Office 365 etc.) can be used for STS authentication, but what I'm actually trying to do is allow user authentication - that is, I'm hoping to be able to use the user's
  O365 credentials to authenticate them in my own farm so they can view certain parts of it. If I need to write my own login form or authentication provider or whatever that's fine, as long as the user doesn't need to enter anything when they access my farm
  (provided they already have cached O365 credentials in their browser session).
  FWIW I actually need to be able to support the possibility that users are coming from multiple O365 tenancies, whereby each site collection will be configured to allow users from a different O365 tenancy (more or less).
  If it's not possible to do with my own development farm on a PC, it is possible if the farm is hosted in Azure?
  Thanks
  Dylan

  Hi  Dylan,
  According to your description, my understanding is that you want to use Microsoft Online Directory Services as a user authentication provider for your SharePoint farm.
  For your demand, you can configure a hybrid topology for your SharePoint farm:
  http://technet.microsoft.com/en-us/library/jj838715(v=office.15).aspx
  http://technet.microsoft.com/en-us/library/dn197168(v=office.15).aspx
  Thanks,
  Eric
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
  contact [email protected]
  Eric Tao
  TechNet Community Support

• User Authentication in Web Dynpro Java

  Hi guys,
  I was just wondering how user authentication can be achieved in WDJ? In Web Dynpro ABAP this comes for free when you launch an application. However, in WDJ we can deploy and call the URL without any authentication at all. Is there a way to configure this or do we really have to code this? Thanks! Generous points will be awarded!

  Hi Alex,
  check this links,
  Re: User Authentication in Web Dynpro Application
  Authentication of Web Dynpro
  Using Web Dynpro authentication for a Web Service call
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/dd48d990-0201-0010-92a3-c3ed7e9fd244
  http://help.sap.com/saphelp_nw04s/helpdata/en/04/ee8b8b0d23b746854897adc5611c1d/frameset.htm
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/8304e990-0201-0010-ed8b-d978f1e67b1e
  Regards,
  vino

• End-to-End user authentication with XI

  Dear community,
  we sit in a situation where the customer wants to have an end-to-end-authentication throughout an integration process.
  The setup is as follows: a dialog-user in a legacy system uses an application that triggers an integration process through XI into SAP ERP. The dialog-user in the legacy system must be used for authentication in XI as well as SAP ERP.
  To avoid having to re-create all users in XI and SAP ERP, ideally an LDAP instance would be used for authentication.
  Based on my knowledge, the above scenario is not possible with XI and there is a 2 year old thread discussing the same without any positive outcome:
  XI and user authentication VS R/3 systems
  Nevertheless I consider this requirement as a pretty standard one. Has there been any development in this area - or how have similar customer requirements been met ?
  Thanks a lot in advance !
  Jochen

  Hi Jochen,
  i've heard rumours saying that credential forwarding will be incorporated in the next XI release as it is a rather frequent requirement by customers and will make live much easier.
  Maybe you can get a statement through your clients SAP account representative on the release date and the planned feature.
  Regards
  Christine

• GRC AC 10.0 - CUP User Authentication

  Hi All
  We have installed GRC AC 10.0 as a part of ramp up implementation. We will soon start with the configuration steps. For user interfacing we have 2 options (1) NWBC (2) Portal. Architecture of GRC AC 10.0 is based on webdynpro ABAP.
  Now we had a question wherein if we choose NWBC as a front end, then how do we integrate the LDAP for CUP user authentication.
  If we need to integrate LDAP as a authentication source for users in CUP, do we have the only option of going with Portal as a user interface.
  Please advise.
  Thank you.
  Anjan pandey

  > That feature in AC 10.0 is called End User Login and will have it's own URL to access via browser.
  Thanks Frank for your response. I did go through the RKT documents and seems that there is a link through which the end users will create request. we have also planned to setup a LDAP connectivity for user authentication.
  Thanks.
  Anjan Pandey

• How to manage User Session in Adf ?

  Is there any guide line to manage the user session in adf ?

  View layer Http session if it is not a desktop based application. Model layer also you can store session using
  getSession().getUserData()But before that the information you provided is not enough. You need to describe in more detail of what session and what exactly are you looking for

• CE 7.2 NWDS wdp ws client user authentication error

  Hello CE 7.2  experts !
  I am running a CE 7.2 sp 01 env with NWDS. In my landscape I have some webservices running on PI 7.1.
  I am trying to develop a webdynpro webservice client. When run gets user authentication errors.
  I have configured the Service Groups, provider systems, http destinations etc for this webservice.
  After I have successfully build and deployed the wdp app I am getting error on the wdp gui screen like this:
  Exception on execution of web service with WSDL URL 'http://xxxxxxx.lxx.xxxx.xxx:50000/dir/wsdl?p=sa/595aaad7bedb3cf89546e4651ea9954d' with operation 'GetBudgetRequest_out' in interface 'GetBudgetRequest_out'
  And in log trace:
  Invalid Response code (401). Server <http://xxxxxxx.lxx.xxxx.xxx:50000/XISOAPAdapter/MessageServlet?senderParty=&senderService=SLF&receiverParty=&receiverService=&interface=GetBudgetRequest_out&interfaceNamespace=http%3A%2F%2Fsfso.no%2Fagresso%2Fslf> returned message <Unauthorized>. Http proxy info:  none
  [EXCEPTION]
  com.sap.engine.services.webservices.espbase.client.bindings.exceptions.TransportBindingException: Invalid Response code (401). Server <http://xxxxxxx.lxx.xxxx.xxx:50000/XISOAPAdapter/MessageServlet?senderParty=&senderService=SLF&receiverParty=&receiverService=&interface=GetBudgetRequest_out&interfaceNamespace=http%3A%2F%2Fsfso.no%2Fagresso%2Fslf> returned message <Unauthorized>. Http proxy info:  none
  at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.handleSOAPResponseMessage(SOAPTransportBinding.java:561)
  at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.call_SOAP(SOAPTransportBinding.java:1316)
  at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.callWOLogging(SOAPTransportBinding.java:952)
  at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.call(SOAPTransportBinding.java:907)
  at com.sap.engine.services.webservices.espbase.client.dynamic.impl.DInterfaceInvokerImpl.invokeOperation(DInterfaceInvokerImpl.java:76)
  at com.sap.tc.webdynpro.model.webservice.model.WSGenericModelClassExecutable.execute(WSGenericModelClassExecutable.java:73)
  at com.sap.tc.webdynpro.model.webservice.gci.WSTypedModelClassExecutable.execute(WSTypedModelClassExecutable.java:49)
  at com.sap.demo.wd_slf_proj.wd.comp.slf_getbalancecomp.SLF_GetBalanceCustom.executeRequest_GetBudgetRequest_Out(SLF_GetBalanceCustom.java:189)
  at com.sap.demo.wd_slf_proj.wd.comp.slf_getbalancecomp.wdp.InternalSLF_GetBalanceCustom.executeRequest_GetBudgetRequest_Out(InternalSLF_GetBalanceCustom.java:153)
  at com.sap.demo.wd_slf_proj.wd.comp.slf_getbalancecomp.SLF_GetBalanceCompView.onActionSendReq(SLF_GetBalanceCompView.java:187)
  at com.sap.demo.wd_slf_proj.wd.comp.slf_getbalancecomp.wdp.InternalSLF_GetBalanceCompView.wdInvokeEventHandler(InternalSLF_GetBalanceCompView.java:165)
  at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:142)
  at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:75)
  at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.doHandleActionEvent(ProcessingEventPhase.java:159)
  at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.execute(ProcessingEventPhase.java:94)
  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162)
  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110)
  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97)
  at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:514)
  at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:55)
  at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1652)
  at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1466)
  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingStandalone(ApplicationSession.java:884)
  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessing(ApplicationSession.java:856)
  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:343)
  at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:315)
  at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doContent(AbstractDispatcherServlet.java:87)
  at com.sap.tc.webdynpro.serverimpl.wdc.DispatcherServlet.doContent(DispatcherServlet.java:76)
  at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doPost(AbstractDispatcherServlet.java:62)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
  at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)
  at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:38)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:400)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:203)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:438)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:427)
  at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
  at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:80)
  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
  at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:268)
  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
  at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
  at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
  at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
  at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
  at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
  at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
  at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:54)
  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
  at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:42)
  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
  at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:447)
  at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:264)
  at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
  at com.sap.engine.core.thread.execution.Executable.run(Executable.java:115)
  at com.sap.engine.core.thread.execution.Executable.run(Executable.java:96)
  at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:315)
  Any help / hits are appreciated.
  Hope to get a prompt solution.
  best regards,
  Ajeet Phadnis

  Hi,
  I hope please upgrade SP01 to SP05.
  Please look at these two forums
  [forum1|Error executing webservice in BPM; and [forum2|Call to sr.esworkplace fails;
  Hope this is help full for u
  Regards
  Vijay

• How to provide user authentication to a PDF form

  Guys I have develop a webservice on XI , and I am calling that webservice using PDF forms developed in WebDynpro . The problem is the webservice needs user authentication and I don't know how to pass user id and password from pdf form to web service . Can anybody help me out
  Thanks
  Manish

  I don't know what you mean by "printed entries"; you mean filled-in form fields?

• SAP User Authentication via Windows Active Directory

  The non-profit company I work for as an SAP Security Admin has been using SAP since 1999.  We are currently running ECC 6.0, BI 7.0, and CRM 7.0.  With fewer than 300 SAP users, we have not implemented CUA, so each of our multiple clients in these systems is managed independently. 
  The company recently licensed and implemented some non-SAP software to be used by all of our employees (~1200) in keeping track of & catagorizing their work time; a very handy feature of this software is that it depends upon Windows Active Directory for user authentication.  Therefore, each employee logs into this time-keeping package by entering his/her standard PC userID & password.  If you can log onto your PC, you can log into the time-keeping software. 
  That got me thinking & researching, because our SAP users - especially those who have access to three or more SAP clients - must maintain their passwords independently in each SAP client that they hope to access in the future.  I'm certainly not the first person who has thought of how nice it would be to permit SAP users to log into all SAP clients across the landscape in which they have defined userIDs, using the same password that they are using to log into their PCs (i.e., the password that is stored & maintained in Windows Active Directory).  My quest has led me to find presentations on this topic that typically involve modules we aren't using & very complicated configurations that we really lack the time & resources to employ; or, to third-party solution providers who claim to be certified SAP partners who would love to sell us more software to provide this convenience, usually irelated to single sign-on, LDAP, etc.  The lowest pricing tier for such software usually would cover many times the number of SAP users we have to serve here - and it feels like trying to push in a tack using a sledgehammer.  It is true that we have not used the same userID for our PCs that we have defined in SAP, so there would need to be some way to translate from one to the other, but our PC password rules are consistent with those we have configured in SAP clients, so it seems to me it should be very simple.   Can anyone lead me to a more straightforward solution?  If not, can you articulate why this has to be so complicated using SAP software when it seems so simple using relatively inexpensive timekeeping sotware?

  >
  Gagan Deep Kaushal wrote:
  > Hi Tim,
  >
  > Its nice to see video.
  >
  > Is that mean using different username on OS and SAP level still we can achieve SSO.
  >
  > Correct if if am wrong.
  > The only thing we need to maintain SNC name.
  Once installed, yes. This is all you need to maintain when users are added. You can even use LDAP if you like to sync all user info between SAP and MS AD domain, but this cannot sync the password, so using SNC authentication instead of using SAP passwords is ideal.
  >
  > So for user test1 i can manage name as p:test2.....  ??
  Yes, that is correct. The mapping is maintained using standard SAP user management, such as su01. The user in AD domain might have long account name, e.g. "firstname.verylonglastname" which is too big for use as a SAP username so you can map this long AD account name onto a SAP user called FIRSTLAST in one or more SAP clients.
  >
  > I think that is what Ronald is also looking, user name need not to be same.
  >
  > Regards,
  > Gagan Deep Kaushal