Skip to Content
author's profile photo Former Member
Former Member

CDT single sign on SSO or AD authentication

All,

We are running BCM / CDT version: 7.0.4.116

all our end-users PC run on Windows7 enterprise edition

IE 8 is the browser everyone uses.

CRM ICWEB is at 7.0 EHP2 sp5

Currently, when they launch CDT in their IE browsers, they are prompted to login with credentials that are specific to BCM. We are not linked to our windows LDAP/AD system or using X.509 certificates.

So that's pretty much my question. is there a way to link the CDT login to use windows AD? that would be the best option since the userID matches between AD/BCM and CRM ICWEB. If so, could someone point me to this documentation? I have searched but have been unsuccessful.

If that isn't an option, then I guess the other other seems to be X.509. Now, we as a company are already placing user certs in the browser certificate area in IE for all our users. unfortunately, the user certs do not exactly match the user names. for example, my browser cert says CN=John Smith. But my userID is smithj

In SAP abap, that is easily resolved by updating the VUSREXTID view where you can tell SAP to equate CN=John Smith with smithj. The entire abap sso setup for webdynpro/BSP, etc is much more complicated than that, I know, but just as an example, that at least shows how to get around that issue.

So does BCM have anything like that, or do I now need to be in the business of manually putting certs into the end-user browsers. I hope not.

Anyway, I'm open to suggestions on how to get away from users having to remember yet another password to get into the BCM CDT.

Feel free to comment.

thanks, as usual

NICK

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

4 Answers

  • Best Answer
    Posted on Aug 30, 2013 at 03:45 PM

    Hi Nick,

    Please check note 1835438. We have made some additional modifications to allow additional attributes to be used with SSO.

    • Client Certificate Is Mandatory
      When selected, the client must always provide a valid certificate in
      order to log on to the BCM system. The default value is not selected.
      This variable takes effect only when the variable Use Client Certificate
      (CoS) for Client Authentication is selected. After changing the variable
      value restart the Connection Server.
    • Client Certificate's Attribute Used for SSO
      Select the attribute that is used to authenticate a user with client
      certificate of the subject's common name (CN), e-mail address (E) or
      fully qualified name (FQN). If the e-mail address (E) is selected, the
      e-mail address from Subject Alternative Name extension of the
      certificate is used, if present. Otherwise the e-mail address from the
      Subject Name field is used.

    Best regards,

    Lloyd Goveia

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Lloyd,

      I responded to the other 2 guys. so you can see that. but still, thanks for replying. we are already at that version. So I will check to see if what you wrote will apply to me.

      many thanks, I will let you know.

      NICK

  • author's profile photo Former Member
    Former Member
    Posted on Aug 30, 2013 at 09:22 AM

    Hello Nick,

    As Anton already said you can find very detailed instructions how to request the CDT SSO login certificate (X.509) in Creating_SSO_Certificate.pdf user guide, but if you'll need more information about that you can check BCM 7.0 Installation Guide paragraph 4.3 Client Certificates. There you will find, for example, how to apply your certificate to Monitoring users as well.

    P.S. Main BCM user guides can be found in SAP Support Portal under Release & Upgrade Info - Installation & Upgrade Guides - SAP Solution Extensions - SAP Business Communications Management (BCM) - BCM 7.0 - BCM 7.0 Guides

    Regards,

    Alex

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Alex,

      Quite honestly, the guides are lacking when it comes to X.509 in my opinion. or at least I am too inexperienced to use them. I have read the guides when it comes to authentication and they gloss over it very lightly in my opinion. Like I told Anton:

      but still, that note/attachment is missing a few things for me to fill in the blanks.

      how do I get to this "microsoft active directory certificate services"? is that a URL from inside BCM IA, SC?

      we have our own company internal MS AD service like this, but we don't have the option of selecting the "Web Browser Certificate".

      So I'm still stuck since our default certif in our browsers has only CN=First Lastname

  • author's profile photo Former Member
    Former Member
    Posted on Aug 30, 2013 at 08:06 AM

    Hello Nick,

    Look through the note 1841895, hope it will be helpful.

    Also in this note there is attachment: Creating_SSO_Certificate.pdf.

    BR,

    Anton.

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Anton,

      thanks for replying. but still, that note/attachment is missing a few things for me to fill in the blanks.

      how do I get to this "microsoft active directory certificate services"? is that a URL from inside BCM IA, SC?

      we have our own company internal MS AD service like this, but we don't have the option of selecting the "Web Browser Certificate".

      So I'm still stuck since our default certif in our browsers has only CN=First Lastname

      thanks

      NICK

  • author's profile photo Former Member
    Former Member
    Posted on Aug 16, 2016 at 07:27 AM

    Dear Nick and BCM Experts,

    Any solutions for this issue ? I am facing a similar issue. Pls help.

    Thanks

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.