Legacy Mapping Global Search
User Authentication and Single Sign-On
Download
Print
Fullscreen

Was this page helpful to you?

Procedure documentationConfiguring the AS ABAP to Use X.509 Client Certificates

 

You can use this procedure to enable the use of client certificates for authentication with SAP NetWeaver Application Server (AS) ABAP.

Prerequisites

The AS ABAP is enabled to use SSL. For more information, see Configuring the AS ABAP for Supporting SSL.

Procedure

  1. Set the profile parameter icm/HTTPS/verify_client to the value 1 (accept certificates) or 2 (require certificates).

    Note Note

    If you are configuring X.509 certificate logon for message-based authentication with Web services, you do not have to set this parameter.

    End of the note.

  2. Restart the IC manager using transaction SMICM.

  3. Maintain the SSL server PSE of the server.

    Use the trust manager (transaction STRUST) and import the root certificate of the issuing CA into the certificate list of this PSE.

  4. Map users to the distinguished names of their certificates.

    Recommendation Recommendation

    We recommend you use rule-based certificate mappings.

    For more information, see Rule-Based Certificate Mapping.

    If you previously used manual mapping in table USREXTID and do not want to migrate to rule-based mapping, you can continue to use the legacy method.

    For more information, see Mapping X.509 Certificates in Table USREXTID.

    End of the recommendation.

Result

The AS ABAP can accept X.509 client certificates for user authentication.

Related Content

The following content is not part of SAP product documentation. For more information, see the following disclaimer Information published on SAP site .

SAP Community Network (SCN)

Product Availability

Support Information

Share this: Icon-weibo