Skip to Content
avatar image
Former Member

How to replace X509 by SAML2


As of today we are connecting to CRM 7.0 system using X509 certificate and assuming all is done properly user can login without having to enter any credentials.

In near future we want to basicaly replace X509 by a SAML2 authentication process.

In order to achieve this we have configured a trusted provider (type Identity provider) in SAML2 tcode.

It seems to work fine for SAML2 process (a collagues trace the process) BUT still user is getting a prompt to confirm usage of X509 certificate.

In addition if the user doesn't want to use the certificate (= click "Cancel") then starts a long chain of windows security popup:

the server ... at SAP NetWeaver Application Server [...] requires a username and password

At the end of that long chain of windows security popup the SAP CRM netweaver Web AS logon page opens

I tried to play with CRM_LOGON Service config but no effect.

What is missing between SAML2 which seems to return the token and CRM netweaver not able to get it (and thus ptompting for credentials)

thanks for your help

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • Oct 13, 2014 at 10:09 PM

    Hi Fabien,

    You need to check the configuration of your CRM's SSL setting. When SSL is enabled, there are two options. The default one is asking for a certificate, which in your case, is incorrect. The second option is do not ask for certificate. You need to change your SSL setting to the second option.


    Chenyang Xiong

    Add comment
    10|10000 characters needed characters exceeded