on 08-17-2020 2:44 PM
Hello,
I am looking for a way to use SAP NW SSO X.509 Certificate instead of Assertion Ticket for SSO between on SAP ABAP System webservice to the next SAP ABAP System webservice (No J2EEs envolved).
The users get SAP NWSSO Client Zertificates at the moment and are asked for choosing the right certificate anytime switching the system.
Because of security reasons we like to use X.509 and DN of the users instead of assertion tickets, especially we can not guarantee the identical identity of SAP user accounts with same name.
Can I use the X.509 certificate insted of assertion ticket?
Perhaps it would be better to suppress the question to select the right client X.509 certificate. But I have no idea how.
Best Regards
Andreas
Dear Andreas ,
1. Map X.509 certificate (chronological name) with ABAP user in the view VUSREXTID
2. Create a trusted between ABAP systems and deactivate password in the front-end system
3. Ensure to grant authorizations (S_RFC, S_RFCACL, S_SERVICE ) in both systems
another approach is rule-based certificate mapping.
Thanks , Sankar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Andreas,
As long as you have the certificate mapped to an ABAP user, it should work.
Keep in mind that you also need to change the "Logon Data" tab in SICF for the service you want, changing to alternative logon procedure and having only the "Logon Using SSL Certificate" on the list (or, at least, have it as the first option).
You can use the SM50 logon trace (SAP Note 495911) to verify whether it works.
Regards,
Cris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.