Skip to Content

SSO Secure Login Client to Microsoft certificate store integration based on X.509 certificates

Oct 28, 2016 at 08:35 AM


avatar image

Hi experts

We are trying to implement SSO for SAP GUI based on X.509 certificates. We already have Secure Login Client installed on client PCs and existing Public Key Infrastructure (PKI). User certificates are imported to Windows certificate store on PCs. CA certificate imported also. I have all certificate files if needed.

The question is how to start to using user's certificates in Secure Login Client in Windows PC from MS Windows storage or from .crt files?



10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Stephan Andre
Nov 01, 2016 at 10:39 AM

Hi Valery,

how do you roll out your end user certificates? If there is an existing PKI, maybe Active Directory Certificate Service, then you should already see such certificates in Secure Login Client.

Now you have to configure your ABAP system accordingly, i.e. run SNCWIZARD, get a PKI certificate for the SNC SAPCrypto PSE, and change your SAP Logon connection to use SNC.

Finally, in SU01, create proper SNC user names.

Now Secure Login Client (I guess you run the current version 3.0 SP01) will simply do SNC once you start a connection in SAP GUI.

There is a lot of documentation about this standard use case, like the product guide or even videos.

-- Stephan

10 |10000 characters needed characters left characters exceeded