Skip to Content
Oct 09, 2014 at 12:56 PM

How to replace X509 by SAML2



As of today we are connecting to CRM 7.0 system using X509 certificate and assuming all is done properly user can login without having to enter any credentials.

In near future we want to basicaly replace X509 by a SAML2 authentication process.

In order to achieve this we have configured a trusted provider (type Identity provider) in SAML2 tcode.

It seems to work fine for SAML2 process (a collagues trace the process) BUT still user is getting a prompt to confirm usage of X509 certificate.

In addition if the user doesn't want to use the certificate (= click "Cancel") then starts a long chain of windows security popup:

the server ... at SAP NetWeaver Application Server [...] requires a username and password

At the end of that long chain of windows security popup the SAP CRM netweaver Web AS logon page opens

I tried to play with CRM_LOGON Service config but no effect.

What is missing between SAML2 which seems to return the token and CRM netweaver not able to get it (and thus ptompting for credentials)

thanks for your help