Skip to Content
0
Jun 06, 2013 at 12:58 PM

SSO for Webdynpros GRC 10 based on X.509 Certificates

52 Views

Hi All,

We have upgraded our GRC to GRC 10. Our SNC Product is unable to support SSO for Webdynpros. We are evaluating usage of X.509 certificates. In our organization PKI exists. Every user has one certificate but only for using Infrastructure services. In the test phase we have used these certificates and have been successful in establishing the SSO.

However we are not recommended to use this certificate for application authenication. Now this where the problem arises.

As this system is pure AS ABAP, we need to know if we could have client authentication (browsers) based on OID. The reason being OID will be unique to our application in our company's infrastructure, which will be created by our PKI team. But i am not able to configure in STRUST and/or CERTRULE a filter based on this OID.

On one of the blogs (link below) for AS JAVA this could be possible.

http://wiki.sdn.sap.com/wiki/display/Security/User+Mappings+in+the+Authentication+Framework+of+SAP+NetWeaver+Application+Server+(AS)+Java

So wondering if we can achieve this or there is any other way to do so. We are not installing or do not have SAP's Secure Login Server nor Secure Client on client machines.

I welcome suggestions, tips and tricks to get this working only using the X.509 Certificate (SAML 2.0 & SPNEGO are currently out of scope).

Regards,

Abhijeet