Hi Eric,
You can usethe userprincipalname to mangae the portal logons, however from there to the backend you can use attribute mapping. Ask them to create a new attribute sapID and then setup user mapping.
That should work. I have implemented such a scenario on many occasions:
Using an LDAP Directory Attribute as the ABAP User ID - Authentication on the Portal - SAP Library
Doug Volkwyn.