Skip to Content
author's profile photo Former Member
Former Member

SAP Netweaver SSO on SAP Portal


We are implementing SAP Netweaver SSO 1.0 SP3 solution in order to authenticate the users by using X.509 protocol, on SAP Portal 7.3 system. Unfortunately, we couldn't find a implementation guide for the scenario. The question is anybody implemented this product in order to enable SSO on the SAP Portal.

Best regards,

Orkun Gedik

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Best Answer
    Posted on Jun 13, 2012 at 07:09 AM


    Do you have x.509 certificates already issued to users, which they can use to authenticate to the portal ? I am interested to hear why you don't use Integrated Windows Authentication to authenticate users to portal ?



    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Gedik,

      I don't know your SAP NW Java Version. There are some features on SSO and user mapping:

      There you find the following:


      ● Users possess valid X.509 client certificates

      ● The user’s client certificates are imported into their client system’s Web browsers

      --> This is done automatically via SAP NW SSO if you use secure login server and secure login client

      This you need to read:

      1. Using the Key Storage service, make sure the CA’s root certificate exists as a CERTIFICATE entry in the TrustedCAs view. If it is not already there, then import it into this view. For more information, see Managing Entries. --> secure login server of SAP NW SSO

      2. Using the SSL Provider service:

      a. Select whether the J2EE Engine should:

      ■ Request (but not require) that the user presents a client certificate for authentication.

      ■ Require that client certificates are to be used for authentication.

      b. Import the CA’s root certificate into the Trusted Certification Authorities list. (Choose Add.)

      See also Managing the Credentials and Trusted Certificates to Use SSL.
      3. Configure the ClientCertLoginModule for establishing the J2EE Engine user ID from the client certificate and filtering provided certificates.

      For more information, see Modifying Client Certificate Authentication Options.
      4. Adjust the login module stacks and configure the login modules for those applications that accept client certificates as the authentication mechanism.

      Question on user mapping:

      On AS Java, an alternativ name can be maintained and mapped to the user. But please check please all options on the documentation

      Authentication schemes (keep in mind):

      The SAP NetWeaver Portal relies on the AS Java for the majority of its authentication and SSO needs. Portal servers can additionally use authentication schemes and reference systems for user authentication and SSO.



Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.