Entering content frame

Procedure documentation Configuring the Use of Client Certificates for Authentication Locate the document in its SAP Library structure

Use

Use this procedure to configure the use of client certificates for authentication when users access the SAP J2EE Engine using an end-to-end connection. For cases where they access the server via an intermediary server that terminates the connection, see Configuring the Use of Client Certificates via an Intermediary Server.

Prerequisites

·        The SAP J2EE Engine is configured to support SSL.

·        The public-key certificates belonging to the users exist as files in the file system with either the extension .crt (DER encoded or Base-64 encoded) or .cert (Base 64 encoded).

·        The issuing CA’s root certificate either exists in the TrustedCAs view in the Key Storage service or it is available in the file system as a DER-encoded or Base-64-encoded certificate.

Procedure

...

       1.      Using the Key Storage service, make sure the CA’s root certificate exists as a CERTIFICATE entry in the TrustedCAs view. If it is not already there, then import it into this view.

For more information, see Structure linkManaging Entries.

       2.      Using the SSL Provider service:

                            a.      Select whether the SAP J2EE Engine should:

§         Request (but not require) that the user presents a client certificate for authentication.

§         Require that client certificates are to be used for authentication.

                            b.      Import the CA’s root certificate into the Trusted Certification Authorities list. (Choose Add.)

See also Structure linkManaging the Credentials and Trusted Certificates to Use SSL.

       3.      Using the Security Provider service, adjust the login module stacks for those applications that  accept client certificates as the authentication mechanism. Insert the login module ClientCertLoginModuleinto the corresponding templates or login module stacks for the applications.

For more information, see Managing Authentication Modules.

       4.      Maintain the user’s certificate information in his or her user account.

Note

If you use an LDAP directory for the user store, then you can alternatively store the certificates in the directory. In this case you need to map the relevant attributes. For more information, see Attribute Mapping for Client Certificates.  

Result

The selected applications accept client certificates for user authentication.

 

Leaving content frame