using X509 and kerberos on the same netweaver

g_vanrooij · ‎10-11-2018

Hi Experts,

We have two front-ends accesing the Fiori Launchpad

Fiori app using X509 certificate
Desktop browser using Kerberos

Kerberos works fine for the desktop users

If we enable X509 it also works fine for the Fiori app but the Desktop users are presented a popup to select a client certificate and they are getting a logonscreen. Pressing F5 (refresh the page) is causing a succesfull login.

We also tried to set the order in the sicf for the USHELL service but still this issues remains.

1Logon Through HTTP Fields

2SPNEGO Authentication

3Logon Through SSL Certificate

4SAP Logon/Assertion Ticket

5SAP Assertion Ticket

Thanks in advance,

Glenn

former_member202592 · ‎10-11-2018

Hi Glenn,

Since you selected the 'SAP Single Sign-On' tag for this question I believe you're using the SAP Single Sign-On product.

The Secure Login Implementation Guide contains an entire section dedicated to how you can combine X.509 and Kerberos authentication.

Check the following documents to better understand how to perform this configuration:

Authentication with X.509 Certificates and Kerberos

Supporting Authentication with Kerberos and X.509 on SAP NetWeaver AS ABAP

Cheers,

Filipe Santos

geferson_hess · ‎10-11-2018

Hello,

I believe the best approach will be to create an alias to Fiori service. For example, app users can access the alias and desktop users will access the service.
Then, you can configure two different logon order (one for the service and one for the alias).

Regards,
Geferson Hess

using X509 and kerberos on the same netweaver

Accepted Solutions (0)

Answers (2)

Answers (2)

Re: How to create TMG and use in changing PO numbe...

Datasphere Working Capital Dashboard for SAP S/4HA...

Re: Submit program with multiple values

Re: FLP: Should we use CONF or CUST scope for Tech...

Re: create payment term (FI-MM)