SPML a SAP

Question

Hi Softerra's team

I'm trying to use SAP Netweaver SPML interface to provision SAP account right after AD account creation.
I'm trying to configure a SPML connector but i don't understand how to configure it : SAP SPML interface provide the XML schema only through a post request (i can get it with fiddler) so i can't achieve this first basic step.

Do you have any clue about that ?

Thanks in advance

Comments

Hello,

We didn't test SPML Connectors against SAP Netweaver SPML interface. Does it support SPML v2.0?
In order to help you we need a sample SOAP message used by SAP SPML interface.

---

Sorry for the delay. It seems to be very difficult to get information about SAP inner functions, and i have to go back and forth with my ERP team.
As far as i know SAP use SPML 1.0 so i would understand a no go at this point :-) but i can parse the data with a SPML 2.0 toolkit.
Even with 1.0, it seems that the real problem is tied to the fact that the schema is exposed through a post request and not a basic get request (and so i cannot create a connector).
You'll find below the schema, and a ppt http://www.oasis-open.org/committees/do ... ithSAP.pdf that explain the whole process in details.
Thanks for your help, but once again, i would understand the lack of support with SPML 1.0 (but SAP interop would be a huge plus for you :-) think about it)

Regards

<?xml version="1.0" encoding="UTF-8"?>  
<SOAP-ENV:Envelope xmlns:SOAP-ENV="<http://schemas.xmlsoap.org/soap/envelope/>">  
 <SOAP-ENV:Header/>  
 <SOAP-ENV:Body>  
 <schemaResponse requestID="schema\_01" result="urn:oasis:names:tc:SPML:1:0#success">  
 <schema minorVersion="0" majorVersion="1">  
 <providerIdentifier providerIDType="urn:oasis:names:tc:SPML:1:0#URN">  
 <providerID>SAP</providerID>  
 </providerIdentifier>  
 <schemaIdentifier schemaIDType="urn:oasis:names:tc:SPML:1:0#GenericString">  
 <schemaID>SAPprincipals</schemaID>  
 </schemaIdentifier>  
 <objectClassDefinition name="sapuser" description="Representation of user objects of SAP Systems">  
 <memberAttributes>  
 <attributeDefinitionReference name="logonname" required="false"/>  
 <attributeDefinitionReference name="isserviceuser" required="false"/>  
 <attributeDefinitionReference name="firstname" required="false"/>  
 <attributeDefinitionReference name="lastname" required="false"/>  
 <attributeDefinitionReference name="salutation" required="false"/>  
 <attributeDefinitionReference name="title" required="false"/>  
 <attributeDefinitionReference name="jobtitle" required="false"/>  
 <attributeDefinitionReference name="mobile" required="false"/>  
 <attributeDefinitionReference name="displayname" required="false"/>  
 <attributeDefinitionReference name="description" required="false"/>  
 <attributeDefinitionReference name="password" required="false"/>  
 <attributeDefinitionReference name="oldpassword" required="false"/>  
 <attributeDefinitionReference name="email" required="false"/>  
 <attributeDefinitionReference name="fax" required="false"/>  
 <attributeDefinitionReference name="locale" required="false"/>  
 <attributeDefinitionReference name="timezone" required="false"/>  
 <attributeDefinitionReference name="validfrom" required="false"/>  
 <attributeDefinitionReference name="validto" required="false"/>  
 <attributeDefinitionReference name="certificate" required="false"/>  
 <attributeDefinitionReference name="lastmodifydate" required="false"/>  
 <attributeDefinitionReference name="islocked" required="false"/>  
 <attributeDefinitionReference name="ispassworddisabled" required="false"/>  
 <attributeDefinitionReference name="telephone" required="false"/>  
 <attributeDefinitionReference name="department" required="false"/>  
 <attributeDefinitionReference name="id" required="false"/>  
 <attributeDefinitionReference name="securitypolicy" required="false"/>  
 <attributeDefinitionReference name="datasource" required="false"/>  
 <attributeDefinitionReference name="assignedroles" required="false"/>  
 <attributeDefinitionReference name="allassignedroles" required="false"/>  
 <attributeDefinitionReference name="assignedgroups" required="false"/>  
 <attributeDefinitionReference name="allassignedgroups" required="false"/>  
 <attributeDefinitionReference name="company" required="false"/>  
 <attributeDefinitionReference name="streetaddress" required="false"/>  
 <attributeDefinitionReference name="city" required="false"/>  
 <attributeDefinitionReference name="zip" required="false"/>  
 <attributeDefinitionReference name="pobox" required="false"/>  
 <attributeDefinitionReference name="country" required="false"/>  
 <attributeDefinitionReference name="state" required="false"/>  
 <attributeDefinitionReference name="orgunit" required="false"/>  
 <attributeDefinitionReference name="accessibilitylevel" required="false"/>  
 <attributeDefinitionReference name="passwordchangerequired" required="false"/>  
 </memberAttributes>  
 </objectClassDefinition>  
 <objectClassDefinition name="saprole" description="Representation of role objects of SAP Systems">  
 <memberAttributes>  
 <attributeDefinitionReference name="member" required="false"/>  
 <attributeDefinitionReference name="uniquename" required="true"/>  
 <attributeDefinitionReference name="displayname" required="true"/>  
 <attributeDefinitionReference name="description" required="false"/>  
 <attributeDefinitionReference name="lastmodifydate" required="false"/>  
 <attributeDefinitionReference name="id" required="false"/>  
 <attributeDefinitionReference name="datasource" required="false"/>  
 </memberAttributes>  
 </objectClassDefinition>  
 <objectClassDefinition name="sapgroup" description="Representation of group objects of SAP Systems">  
 <memberAttributes>  
 <attributeDefinitionReference name="member" required="false"/>  
 <attributeDefinitionReference name="uniquename" required="true"/>  
 <attributeDefinitionReference name="displayname" required="true"/>  
 <attributeDefinitionReference name="description" required="false"/>  
 <attributeDefinitionReference name="lastmodifydate" required="false"/>  
 <attributeDefinitionReference name="id" required="false"/>  
 <attributeDefinitionReference name="datasource" required="false"/>  
 <attributeDefinitionReference name="assignedroles" required="false"/>  
 <attributeDefinitionReference name="allassignedroles" required="false"/>  
 <attributeDefinitionReference name="distinguishedname" required="false"/>  
 </memberAttributes>  
 </objectClassDefinition>  
 <attributeDefinition name="logonname" description="Unique name and logonid" type="xsd:string"/>  
 <attributeDefinition name="firstname" description="First name" type="xsd:string"/>  
 <attributeDefinition name="lastname" description="Last name" type="xsd:string"/>  
 <attributeDefinition name="salutation" description="Salutation" type="xsd:string"/>  
 <attributeDefinition name="title" description="Title" type="xsd:string"/>  
 <attributeDefinition name="jobtitle" description="Title of the job" type="xsd:string"/>  
 <attributeDefinition name="mobile" description="Mobile number" type="xsd:string"/>  
 <attributeDefinition name="telephone" description="Complete telephone number" type="xsd:string"/>  
 <attributeDefinition name="displayname" description="Display name" type="xsd:string"/>  
 <attributeDefinition name="description" description="Human readable description" type="xsd:string"/>  
 <attributeDefinition name="password" description="Logon password" type="xsd:string"/>  
 <attributeDefinition name="oldpassword" description="Logon password" type="xsd:string"/>  
 <attributeDefinition name="email" description="Email address" type="xsd:string"/>  
 <attributeDefinition name="fax" description="Complete fax number" type="xsd:string"/>  
 <attributeDefinition name="locale" description="Locale code" type="xsd:string"/>  
 <attributeDefinition name="timezone" description="Timezone" type="xsd:string"/>  
 <attributeDefinition name="validfrom" description="Date the user gets valid" type="xsd:string"/>  
 <attributeDefinition name="validto" description="Date the user gets invalid" type="xsd:string"/>  
 <attributeDefinition name="certificate" description="User certificate (base 64 encoding)" type="xsd:string"/>  
 <attributeDefinition name="lastmodifydate" description="Date of last change" type="xsd:string"/>  
 <attributeDefinition name="islocked" description="Is user locked" type="xsd:boolean"/>  
 <attributeDefinition name="ispassworddisabled" description="Is password disabled" type="xsd:boolean"/>  
 <attributeDefinition name="uniquename" type="xsd:string"/>  
 <attributeDefinition name="member" description="Assigned members" multivalued="true" type="xsd:string"/>  
 <attributeDefinition name="department" description="Department code" type="xsd:string"/>  
 <attributeDefinition name="id" description="Backend id" type="xsd:string"/>  
 <attributeDefinition name="isserviceuser" description="Specifies if object is a technical user" type="xsd:string"/>  
 <attributeDefinition name="securitypolicy" description="Specifies the type of the user (default,technical,unknown)" type="xsd:string"/>  
 <attributeDefinition name="datasource" description="Specifies the home data source of the object, readonly" type="xsd:string"/>  
 <attributeDefinition name="assignedroles" description="List of all directly assigned roles" type="xsd:string"/>  
 <attributeDefinition name="allassignedroles" description="List of all assigned roles, readonly" type="xsd:string"/>  
 <attributeDefinition name="assignedgroups" description="List of all directly assigned groups" type="xsd:string"/>  
 <attributeDefinition name="allassignedgroups" description="List of all assigned groups, readonly" type="xsd:string"/>  
 <attributeDefinition name="distinguishedname" description="Returns the LDAP distinguished name if the object is stored on an LDAP server" type="xsd:string"/>  
 <attributeDefinition name="company" description="Name of the assigned company" type="xsd:string"/>  
 <attributeDefinition name="streetaddress" description="Home address of the user" type="xsd:string"/>  
 <attributeDefinition name="city" description="Name of the city" type="xsd:string"/>  
 <attributeDefinition name="zip" description="Postal code of the city" type="xsd:string"/>  
 <attributeDefinition name="pobox" description="PO box" type="xsd:string"/>  
 <attributeDefinition name="country" description="Contry code following ISO code 3166" type="xsd:string"/>  
 <attributeDefinition name="state" description="Name of a state" type="xsd:string"/>  
 <attributeDefinition name="orgunit" description="Name of an organization" type="xsd:string"/>  
 <attributeDefinition name="accessibilitylevel" description="Accessibility level of the user" type="xsd:string"/>  
 <attributeDefinition name="passwordchangerequired" description="Specifies if the provided password is a productive one, can only be set to true if a secure transport layer is used" type="xsd:string"/>  
 </schema>  
 </schemaResponse>  
 </SOAP-ENV:Body>  
</SOAP-ENV:Envelope>

---

Hello,

Unfortunately using Adaxes it is impossible to connect to SPML v1.0 providers. To get the schema Adaxes uses the ListTargets request, which is not defined in SPML v1.0.

---

Hello sroux

Have you found a solution to create SAP Users from Adaxes?

Thank you
gustav

Answer 1

Hello Gustav,

SAP Netweaver SPML interface still supports only the 1.0 version of the language, which makes it incompatible with Adaxes, but there is a workaround. Based on a discussion we've found in Netweaver community, it seems to be possible to run PowerShell scripts from Netweaver. On the other hand, you can access Adaxes functionality from external applications using PowerShell. So, instead of using SPML, you can create PowerShell scripts that create, update, delete users etc via Adaxes, and then add those scripts to Netweaver SAP workflows.

To get information on how to run scripts with Netweaver, you can start with the following thread: https://scn.sap.com/thread/3733827.

For information on how to perform various tasks in Adaxes with the help of PowerShell, have a look at section Sample Scripts in our SDK. in particular, here's an example on how to create a user: http://www.adaxes.com/sdk/?SampleScript ... ounts.html. If you find difficulties with making up the actual scripts, we will help you.