Hello,
As a first step please check the following SAP note and import the policy scripts from it, or at least "SAP.txt" and "SAP_util_rsa.txt": http://service.sap.com/sap/support/notes/2225027. Afterwards configure the following script for TOTPLoginModule:
#include "SAP";
#include "SAP_util_rsa";
function validatePasscode(config, context, result, username, passcode) {
SAP.util.rsa.PasscodeValidator.validate(config, context, result, username, passcode);
}
function onFirstStageLogin(config, context, result) {
result.setLoginInfoMessage("Enter RSA SecurID passcode to log on");
config.setProperty("otp.use.external.passcode.validation", "yes");
}
The procedure to configure and enable policy script is described here: Configuring the One-Time Password Administration UI for Policy Scripts - One-Time Password Authentication - SAP Library
The script above will re-use your setup for SLS. In case you do not use the default Radius destination name you may need to modify a bit the script:
#include "SAP";
#include "SAP_util_rsa";
function validatePasscode(config, context, result, username, passcode) {
config.setProperty("rsa.login.module.option.RadiusDestination", "OtherRSADestination");
SAP.util.rsa.PasscodeValidator.validate(config, context, result, username, passcode);
}
function onFirstStageLogin(config, context, result) {
result.setLoginInfoMessage("Enter RSA SecurID passcode to log on");
config.setProperty("otp.use.external.passcode.validation", "yes");
}
Where "OtherRSADestination" is the name of the destination configured in /slac -> Destination Management.
Let me know if you need any further details.
Best regards,
Dimitar Mihaylov