Skip to Content

No doubt: There is certainly a significant amount of hype around Identity Management these days. It is one of the most mentioned topics in security-related IT magazines, websites and conferences. And the reason is simple: As companies move toward Service-Oriented Architectures (SOA), Identity Management plays a critical role in securing access to applications as well as access to the services themselves. With SOA, applications typically require to access identity data within and beyond the organization’s boundaries over standard protocols.

This is where the Common Standards – Security – Service Provisioning Markup Language (SPML) comes into play: A proven industry standard, ratified by OASIS, and supported by many vendors and platform, including SAP NetWeaver. SPML helps to automate the steps required to manage (create, amend, and revoke) user or system access entitlements, aka Identity Provisioning. De-provisioning, such as when an employee leaves a company, is done by closing access accounts. In this context, SPML defines the concepts and operations of an XML-based provisioning request-and-response protocol.

In my one-hour lecture, you’ll get an in-depth insight into SPML and you’ll learn how you can use it to streamline your identity business processes. Here is the list of topics I’ll cover in my session:

  • Identity Management: A short primer
  • The role of SPML in Identity Management
  • SPML in SAP NetWeaver
  • Get your hands dirty: Coding an SPML Client
  • Live Demo: Using the SPML Interface

As you can see from the agenda, I’ll conclude the session with a live demo that shows how to code an SPML client application that performs certain identity management functions using the SPML interface in SAP NetWeaver. The client will utilize an open source library, OpenSPML, to create SPML requests and parse the responses received from SAP NetWeaver AS Java.

If you want to learn more on Identity Management and SPML, I’d be happy to welcome you in my session and recommend the following readings:

To report this post you need to login first.

5 Comments

You must be Logged on to comment or reply to a post.

  1. Miloslav Mil
    Hello Martin,
    According to several documentation and presentation I understand I can create user account via SMPL at the ABAP user store (PST) if I have it as UME user source. Is also supported ABAP roles assignment through SPML (Java API)?

    Thank you
    Best Regards

    (0) 
    1. Martin Raepple Post author
      Hi Miroslav,

      role assignment is supported by the SPML interface via the modifyRequest. A sample request that assigns the “SampleRole” role to an existing UME user “SampleUser” looks like this:

       
      ROLE.UME_ROLE_PERSISTENCE.un:SampleRole
       

       
         
      USER.PRIVATE_DATASOURCE.un:SampleUser
         

       

      HTH, Best regards
      Martin

      (0) 
      1. Miloslav Mil
        Hi Martin,
        so in the scenario in which I use the UME as a primary role assignemnt engine via SPML in AS Java for portal and ABAP roles therefore I need not to use ABAP API for ABAP role assignment even if I can use e.g. NetWeaver Identity Management…?

        I know If I use ABAP user store as UME user source, ABAP roles are visible in the UME as groups and I cannot change user assignment to these groups from user administrator point of view.

        Thanks
        Yours Sincerely

        (0) 
        1. Martin Raepple Post author
          Hi Miloslav,

          SAP NetWeaver 6.40 and 7.00 does not support this type of ABAP Role Assignment via SPML. In SAP NetWeaver 7.10, this scenario is supported if you configure your connection between Java and ABAP Stack writeable.

          Best regards
          Martin

          (0) 
          1. Miloslav Mil
            Hi Martin,

            I see, is there for planning purposes any preview documents or something similar?

            When probably will be SAP NetWeaver 7.10 released with support related to portal and their UME involving SPML and ABAP stack? Because I only know about PI, MI and CE 7.1 release within accelerated innovation.

            Thanks a lot for your replies
            Kind Regards

            (0) 

Leave a Reply