SSO thru Digital Certificate

Former Member · ‎10-06-2010

Dear Techis.

Good Day!

I am trying to implement SSO function for webase Gui (HTTPS and SAP ECC 6 AS ABAP System) and using Digital Certificate for the user authentication.

I have already done the followings:

1- I have configured my SAP ECC AS ABAP Server for SSO / HTTPS.

2- My server is signed with SAP AG test root Server certificate.

3- I am using x.509 Client certificate

4- I have mapped this client certificate in table USREXTID

5- I have also installed the above client certificate in my browser.

But when I try to access the Server thru HTTPS web link, I get the windows give certificate error message (which is acceptable)

u201CThe Security Certificate presented by this website was not issued by a trusted certificate authorityu201D

I proceed with u201CContinueu201D option.

The System asks for the user ID and password and work fine after providing user ID/ PW.

My question is that, why my digital certificate is not being used / processed for the authentication?

Looking forward for the positive replies.

Regards

Saqib Ayub Khan

mvoros · ‎10-06-2010

Hi,

it looks like authentication using SSL certificate failed and the system went back to backup method (user name and password). Have you tried to activate tracing in SMICM (Goto -> Tracelevel -> Set) to see what the problem is?

Cheers

Former Member · ‎10-06-2010

Dear Martin Voros

Thanks for the reply.

Yes my SMICM trace level is 3, but I have not been able to identify any error message there.

Since its trace level is 3, it wouldnu2019t be a good idea to post it here!

Can I attaché / send it separately? Or can you tell me what exactly should I try to find from the SMICM log?

Former Member · ‎10-06-2010

Hi,

>3- I am using x.509 Client certificate

This client certificate must be signed and the certification authorities must be imported in STRUST. Did you do that ?

Regards,

Olivier

Former Member · ‎10-06-2010

Dear Olivier

I am using http://www.getacert.com/ web site to generate the certificate, can you pls. elaborate more how can I include my certificate in STRUST? Actually I believe I canu2019t include my certificate with Private Key (i.e in the form of Personal Information Exchange (.p12), I have to save it in (.cer) and then include it in STRUST, if itu2019s the case? Then yes I have done that u2026

Is there any way I can share my screenshots on this forum? I believe there is a small thing I am missing somewhere.

Are you using the same scenario in your environment?

Regards

Former Member · ‎10-07-2010

I have uploaded the SMICM trace file on the link below and highlighted some finding with gray color!

[SMICM Trace|http://www.zshare.net/download/81220708a199f079/]

Regards

Saqib

mvoros · ‎10-07-2010

Hi,

it looks like your browser does not return any certificate (line status = "new SSL session, NO client cert") and therefore your application server continues with username/password option. I can't see why it does not send anything. Have you tried with different browser?

Cheers

Former Member · ‎10-07-2010

Dear Martin Voros

Thanks for the advice, I have already checked it with the Chrome, but it didnu2019t work with it

But now I have just downloaded and installed Firefox. Now with this change I can see some different in SMICM logs as well. You may find it from the below link!

http://www.zshare.net/download/81231149a5af37c4/

Thanks for the advice, I believe we are near to solve it.

Regards

Saqib