on 08-29-2013 5:00 PM
All,
We are running BCM / CDT version: 7.0.4.116
all our end-users PC run on Windows7 enterprise edition
IE 8 is the browser everyone uses.
CRM ICWEB is at 7.0 EHP2 sp5
Currently, when they launch CDT in their IE browsers, they are prompted to login with credentials that are specific to BCM. We are not linked to our windows LDAP/AD system or using X.509 certificates.
So that's pretty much my question. is there a way to link the CDT login to use windows AD? that would be the best option since the userID matches between AD/BCM and CRM ICWEB. If so, could someone point me to this documentation? I have searched but have been unsuccessful.
If that isn't an option, then I guess the other other seems to be X.509. Now, we as a company are already placing user certs in the browser certificate area in IE for all our users. unfortunately, the user certs do not exactly match the user names. for example, my browser cert says CN=John Smith. But my userID is smithj
In SAP abap, that is easily resolved by updating the VUSREXTID view where you can tell SAP to equate CN=John Smith with smithj. The entire abap sso setup for webdynpro/BSP, etc is much more complicated than that, I know, but just as an example, that at least shows how to get around that issue.
So does BCM have anything like that, or do I now need to be in the business of manually putting certs into the end-user browsers. I hope not.
Anyway, I'm open to suggestions on how to get away from users having to remember yet another password to get into the BCM CDT.
Feel free to comment.
thanks, as usual
NICK
Hi Nick,
Please check note 1835438. We have made some additional modifications to allow additional attributes to be used with SSO.
Best regards,
Lloyd Goveia
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Nick and BCM Experts,
Any solutions for this issue ? I am facing a similar issue. Pls help.
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Nick,
Thank you for your quick response.
I said I have similar issue but not the same issue..
We are facing some kinds of logs which are generated in AD Audit report with X.509N user trying to connect to AD server not user why this is happening ?
Note: We haven't used any X.509 user for SSO still, then why it is coming..
I haven't used any Ldifde in CDT as well.
Any suggestion pls..
Thanks
Hello Nick,
As Anton already said you can find very detailed instructions how to request the CDT SSO login certificate (X.509) in Creating_SSO_Certificate.pdf user guide, but if you'll need more information about that you can check BCM 7.0 Installation Guide paragraph 4.3 Client Certificates. There you will find, for example, how to apply your certificate to Monitoring users as well.
P.S. Main BCM user guides can be found in SAP Support Portal under Release & Upgrade Info - Installation & Upgrade Guides - SAP Solution Extensions - SAP Business Communications Management (BCM) - BCM 7.0 - BCM 7.0 Guides
Regards,
Alex
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Alex,
Quite honestly, the guides are lacking when it comes to X.509 in my opinion. or at least I am too inexperienced to use them. I have read the guides when it comes to authentication and they gloss over it very lightly in my opinion. Like I told Anton:
but still, that note/attachment is missing a few things for me to fill in the blanks.
how do I get to this "microsoft active directory certificate services"? is that a URL from inside BCM IA, SC?
we have our own company internal MS AD service like this, but we don't have the option of selecting the "Web Browser Certificate".
So I'm still stuck since our default certif in our browsers has only CN=First Lastname
Hello Nick,
Look through the note 1841895, hope it will be helpful.
Also in this note there is attachment: Creating_SSO_Certificate.pdf.
BR,
Anton.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Anton,
thanks for replying. but still, that note/attachment is missing a few things for me to fill in the blanks.
how do I get to this "microsoft active directory certificate services"? is that a URL from inside BCM IA, SC?
we have our own company internal MS AD service like this, but we don't have the option of selecting the "Web Browser Certificate".
So I'm still stuck since our default certif in our browsers has only CN=First Lastname
thanks
NICK
User | Count |
---|---|
7 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.