Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using 'Global User ID' as Subject Name Identifier for IAS/CALM auth #23

Closed
nrgsap opened this issue Jan 10, 2025 · 3 comments
Closed

Using 'Global User ID' as Subject Name Identifier for IAS/CALM auth #23

nrgsap opened this issue Jan 10, 2025 · 3 comments
Assignees
@laurabranitsch
Labels
not-doc-issue Reported issue is not a documentation issue. type/content-gaps Something essential is missing in the documentation.

Comments

@nrgsap
Copy link

nrgsap commented Jan 10, 2025

When authenticating to Cloud ALM via Identity Authentication Service, is it possible to use the 'Global User ID' as the Subject Name Identifier?
If so, how should this be configured on the Cloud ALM side? In particular which field on the Cloud ALM side could hold the 'Global User ID'?
Are there length restrictions on the User ID on Cloud ALM that would prevent using the Global User ID generated by IAS?
If using 'Global User ID' to link identities, is it also mandatory to maintain the same email address in both places?

If the above is possible, can it be documented in the help pages somewhere?

I would love to be able to test these questions myself, but unfortunately I do not have access to a Cloud ALM system.
@laurabranitsch laurabranitsch self-assigned this Jan 10, 2025
@laurabranitsch laurabranitsch added follow-up-with/po Clarification with product owner needed. in-discussion This item is being discussed internally type/content-gaps Something essential is missing in the documentation. labels Jan 10, 2025
@laurabranitsch
Copy link
Collaborator

Hi @nrgsap, thanks for reaching out! I've forwarded your questions to one of our product experts and will get back to you as soon as possible when I hear back.

@laurabranitsch
Copy link
Collaborator

Here's their reply:

The default value used as user ID is the email address. It is possible to use the global User ID as subject name identifier, however this is usually a GUID and not very user friendly to read.
To change the subject name identifier, the application configuration for SAP Cloud ALM in the Identity Authentication Service must be adapted. If the global user ID is selected as subject name identifier, then this value will be used as user name when a user logs into SAP Cloud ALM.
There is no length restriction for the User ID.
However it should not be necessary to use the global user ID as user ID inside the application in order to use it to link objects between applications. The global user ID is intended to be used as additional information to link users across applications.

As this alternative configuration, although possible, is not the recommended approach, we've decided not to add it to our official documentation.
However, I do hope this answers your questions. If not, feel free to reopen this issue.

@laurabranitsch laurabranitsch added not-doc-issue Reported issue is not a documentation issue. and removed follow-up-with/po Clarification with product owner needed. in-discussion This item is being discussed internally labels Jan 10, 2025
@nrgsap
Copy link
Author

nrgsap commented Jan 13, 2025

Thank you very much for your answer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@laurabranitsch laurabranitsch

Labels
not-doc-issue Reported issue is not a documentation issue. type/content-gaps Something essential is missing in the documentation.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@laurabranitsch @nrgsap