Defining Parser for Client
Certificate 
Use
If you use authentication using client certificates, the X.500 name in the client certificate is mapped to a portal user. In this step, you define the parser used to extract user information from the client certificate. You can use the default parser shipped with the portal or define your own custom parser.
Default parser
The default parser takes the common name (CN) of the X.500 name of the certificate owner in the client certificate and uses this as the portal user. For example, if the X.500 name of the certificate is CN=Smith, OU=Marketing, O=MyCompany Ltd., C=DE, this certificate is mapped to the portal user Smith.
You can configure the parser so that additional restrictions apply. For example, you can configure the parser to only accept client certificates that have OU=MyCompany in the certificate owner name. By configuring the parser, you prevent scenarios where two people with the same CN part in their certificate are mapped to the same portal user. For example, if you do not configure the parser, two certificates with certificate owners CN=Smith, OU=Marketing, O=MyCompany Ltd., C=DE and CN=Smith, OU=Development, O=Hacker Ltd., C=DE will both map to the user Smith. For this reason, we strongly recommend that you configure the parser with care. For details on configuring the parser, see SAP Note 578366.
Custom parser
...
You can also define your own parser. To do this, you must create a new COM object implementing the certificate parser interface and register it in the registry. Then this parser will appear as an option in the configuration tool. For detailed information on the certificate parser interface, see the section on User Management in Unification ® Unification Server Programmer Reference.
Prerequisites
· You have administrator rights in the portal.
· You have set up the portal to support user authentication using client certificates.
· You have restricted the trusted root certification authorities in the portal Web server so that only certificates of portal users are accepted. For instructions on how to do this, refer to your Web server documentation.
Procedure
...
1. Start the configuration tool by choosing System Configuration ® User Management Configuration.
If you are calling the configuration tool from the Unification Server, choose Unification Server ® <Unifier Project> ® User Management ® Security & Configuration
2. Choose the Certificate tab.
3. In the Certificate Object field, choose the parser that is to be used to extract user data from the client certificate.
Unless you have defined your own specific parser, you will only have the choice of using the default parser here.
4. Choose Apply.
You need to restart the portal Web server (Microsoft Internet Information Server) and the Java servlet engine for your changes to take effect. However, do not restart these until you have completed all the tabs of the configuration tool.