Hello Kai,
One possibility would be the following:
1. Configure RFID-based authentication using Secure Login Server and Secure Login Client. As a result a short-lived X.509 certificate will be issued for the user.
2. Configure the Portal with two-factor authentication: first factor shall be the certificate issued at step 1 and second factor will be the password. In this case the user id will be preset and won't be possible to be changed.
Documentation:
1. RFID-based authentication - Enterprise Security with SAP Single Sign-On
2. Two-factor authentication with certificate and password - Risk-Based Authentication Login Module Options - One-Time Password Authentication - SAP Library
Regards,
Dimitar