Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restriction on personal client certificates in SAP Web Dispatcher

Former Member

‎11-19-2013 10:33 AM

0 Kudos

Hello all,

I've configured our SAP Web Dispatcher to verify client certificates (icm/HTTPS/verify_client = 1 or 2).

The root CA of the client certificates installed on the users' PC's was added to the certificate list of the server PSE-file of the web dispatcher.

When I now want to access a SAP application via the web dispatcher, I indeed receive a popup where I can select my personal certificate to use.

So everything fine so far.

Next step is to restrict access on the individual (or personal) client certificates in order to allow only access for certain authorized users.

Is there a way in the web dispatcher to define a permission table with only allowed distinguished named of the personal client certificates?

Or do I have to add all the authorized personal client certificates in the PSE-file of the webdispatcher (instead of adding only the root CA of those personal client certificates)?

Thank you

3 REPLIES 3

Former Member

‎11-19-2013 12:39 PM

0 Kudos

This message was moderated.

Former Member

‎11-19-2013 9:22 PM

0 Kudos

You will have to forward the user X.509 certificate from the Web Dispatcher to the backend system where you can map certificates to users and restrict access further with authorizations.

Former Member
In response to Former Member

‎11-19-2013 11:03 PM

0 Kudos

So there's no possibility to block it directly in the web dispatcher? Because I want to avoid unnecessary traffic to the backend systems and I also want to avoid defining the permission (or denial) list on each backend.