Skip to Content
avatar image
Former Member

Using Client Certificates via an Intermediary Server

Hi,

We are planning to use client certificates for authentication for connection to Biller Direct application ( web application running over Netwearver J2EE). Biller direct will be accessed from the internet by the customers.

As per our design, customer will conenct using HTTPS and SSL will terminate at the the Intermediary Server and from there we plan to use HTTP conenction to connect to J2EE Server.

As per SAP documenttaion, the intermediary server passes the useru2019s certificate to the J2EE Engine in a header variable and the J2EE Engine accepts this certificate based on its trust relationship to the intermediary server.

I have a question, if we use this mechansim do we have to mainatin User's cerificate in user master or this is not needed as we are accepting the connection from the intermediary server which is trusted by the J2EE engine.

Thanks,

Vikrant Sud

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Mar 16, 2009 at 08:49 AM

    Hi,

    > have a question, if we use this mechansim do we have to mainatin User's cerificate in user master or >this is not needed as we are accepting the connection from the intermediary server which is trusted by >the J2EE engine.

    I think it depends from your Biller Direct application.

    In my company we use Rosettanet B2B with SAP XI and have this setup :

    Internet -- https --> Apache -- https --> Web dispatcher -- https --> SAP J2EE PI

    The client certificate from the B2B partner is sent up to SAP PI and we did not have to set the certificate in the user mast.

    We did have to import the certificate in the J2EE keystore and to configure the Rosettanet connector.

    Regards,

    Olivier

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Mar 16, 2009 at 02:17 PM

    In our company users come in through our corporate portal (Intermediary server using SSL) and we have set-up SSO from the corporate portal to sap enterprise portal using http header logon module.

    You don't have to maintain user certificate in user master. You just have to configure the http header logon module on the J2EE engine.

    Users logs on to intermediary server > intermediary server directs the request to J2EE with the user name in the header > J2EE checks UME and if the user ID exists, logs on the user

    Add comment
    10|10000 characters needed characters exceeded