cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CDT single sign on SSO or AD authentication

Go to solution
Former Member

on ‎08-29-2013 5:00 PM

0 Kudos

All,

We are running BCM / CDT version: 7.0.4.116

all our end-users PC run on Windows7 enterprise edition

IE 8 is the browser everyone uses.

CRM ICWEB is at 7.0 EHP2 sp5

Currently, when they launch CDT in their IE browsers, they are prompted to login with credentials that are specific to BCM.  We are not linked to our windows LDAP/AD system or using X.509 certificates.

So that's pretty much my question.  is there a way to link the CDT login to use windows AD?  that would be the best option since the userID matches between AD/BCM and CRM ICWEB.  If so, could someone point me to this documentation?  I have searched but have been unsuccessful.

If that isn't an option, then I guess the other other seems to be X.509.  Now, we as a company are already placing user certs in the browser certificate area in IE for all our users.  unfortunately, the user certs do not exactly match the user names.  for example, my browser cert says CN=John Smith.  But my userID is smithj

In SAP abap, that is easily resolved by updating the VUSREXTID view where you can tell SAP to equate CN=John Smith with smithj.  The entire abap sso setup for webdynpro/BSP, etc is much more complicated than that, I know, but just as an example, that at least shows how to get around that issue.

So does BCM have anything like that, or do I now need to be in the business of manually putting certs into the end-user browsers.  I hope not.

Anyway, I'm open to suggestions on how to get away from users having to remember yet another password to get into the BCM CDT.

Feel free to comment.

thanks, as usual

NICK

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

lloyd_goveia
Active Participant
‎08-30-2013 4:45 PM
0 Kudos

Hi Nick,

Please check note 1835438. We have made some additional modifications to allow additional attributes to be used with SSO.

  • Client Certificate Is Mandatory
    When selected, the client must always provide a valid certificate in
    order to log on to the BCM system. The default value is not selected.
    This variable takes effect only when the variable Use Client Certificate
    (CoS) for Client Authentication is selected. After changing the variable
    value restart the Connection Server.
  • Client Certificate's Attribute Used for SSO
    Select the attribute that is used to authenticate a user with client
    certificate of the subject's common name (CN), e-mail address (E) or
    fully qualified name (FQN). If the e-mail address (E) is selected, the
    e-mail address from Subject Alternative Name extension of the
    certificate is used, if present. Otherwise the e-mail address from the
    Subject Name field is used.

Best regards,

Lloyd Goveia

Show replies
Show replies
Former Member
‎09-05-2013 6:51 PM
0 Kudos

Lloyd,

I responded to the other 2 guys.  so you can see that.  but still, thanks for replying.  we are already at that version.  So I will check to see if what you wrote will apply to me.

many thanks, I will let you know.

NICK

Answers (3)

Answers (3)

Former Member
‎08-16-2016 8:27 AM
0 Kudos

Dear Nick and BCM Experts,

Any solutions for this issue ? I am facing a similar issue. Pls help.

Thanks

Show replies
Show replies
Former Member
‎08-16-2016 3:07 PM
0 Kudos

Hey Rahaman,

As stated by some other folks in the thread, you must use X.509 certs to do SSO for CDT/contactCenter.  It does work, we are doing that now.  There is plenty of documentation out there on how to set it up.

Nick

Former Member
‎08-16-2016 5:02 PM
0 Kudos

Hi Nick,

Thank you for your quick response.

I said I have similar issue but not the same issue..

We are facing some kinds of logs which are generated in AD Audit report with X.509N user trying to connect to AD server not user why this is happening ?

Note: We haven't used any X.509 user for SSO still, then why it is coming..

I haven't used any Ldifde in CDT as well.

Any suggestion pls..

Thanks

Former Member
‎08-16-2016 5:20 PM
0 Kudos

Hey Rahaman,

This thread was originally created for suggested ways to connect to CDT/BCM SSO.  So really, I would suggest you create a new thread and also open a message with SAP support!

Have a great day!

NICK

Former Member
‎08-30-2013 10:22 AM
0 Kudos

Hello Nick,

As Anton already said you can find very detailed instructions how to request the CDT SSO login certificate (X.509) in Creating_SSO_Certificate.pdf user guide, but if you'll need more information about that you can check BCM 7.0 Installation Guide paragraph 4.3 Client Certificates. There you will find, for example, how to apply your certificate to Monitoring users as well.

P.S. Main BCM user guides can be found in SAP Support Portal under Release & Upgrade Info - Installation & Upgrade Guides - SAP Solution Extensions -  SAP Business Communications Management (BCM) -  BCM 7.0 - BCM 7.0 Guides

Regards,

Alex

Show replies
Show replies
Former Member
‎09-05-2013 6:49 PM
0 Kudos

Alex,

Quite honestly, the guides are lacking when it comes to X.509 in my opinion.  or at least I am too inexperienced to use them.  I have read the guides when it comes to authentication and they gloss over it very lightly in my opinion.  Like I told Anton:

but still, that note/attachment is missing a few things for me to fill in the blanks. 

how do I get to this "microsoft active directory certificate services"?  is that a URL from inside BCM IA, SC?

we have our own company internal MS AD service like this, but we don't have the option of selecting the "Web Browser Certificate".

So I'm still stuck since our default certif in our browsers has only CN=First Lastname

Former Member
‎08-30-2013 9:06 AM
0 Kudos

Hello Nick,

Look through the note 1841895, hope it will be helpful.

Also in this note there is attachment: Creating_SSO_Certificate.pdf.

BR,

Anton.

Show replies
Show replies
Former Member
‎09-05-2013 6:48 PM
0 Kudos

Anton,

thanks for replying.  but still, that note/attachment is missing a few things for me to fill in the blanks.

how do I get to this "microsoft active directory certificate services"?  is that a URL from inside BCM IA, SC?

we have our own company internal MS AD service like this, but we don't have the option of selecting the "Web Browser Certificate".

So I'm still stuck since our default certif in our browsers has only CN=First Lastname

thanks

NICK

Ask a Question