Start of Content Area

Function documentation Using X.509 Client Certificates on the AS ABAP  Locate the document in its SAP Library structure

Use

Users who access the AS ABAP from a Web browser and present a valid client certificate can be authenticated on the server using the SSL protocol.

For this scenario, the information contained in the certificate is passed to the server and the user is logged on to the server based on this information. User authentication takes place in the underlying SSL security protocols and no user ID and password entries are necessary.

Integration

Public-Key Infrastructure / Trust Center Services

To authenticate with client certificates, users must receive their X.509 client certificates from a trusted Certification Authority. The AS ABAP uses the established Public Key Infrastructure (PKI) to verify the identity of certificate owners and to issue, validate, renew, and revoke certificates. If you use X.509 client certificates for authentication, then you need access to a PKI. You can either establish your own PKI or you can rely on a Trust Center for these tasks.

For more information, see Public-Key Technology.

Using SSL for Client Authentication

When using X.509 client certificates, users are authenticated on the AS ABAP using the SSL protocol. Therefore, HTTPS connections are necessary for the communication between the Web browser and the AS ABAP.

Prerequisites

      Users possess valid X.509 client certificates issued by a trusted CA.

      The user’s client certificates are imported in their client system’s Web browsers.

      The AS ABAP is configured to support HTTPS connections and SSL. For more information, see Using the Secure Sockets Layer Protocol.

      The user's identification, the Distinguished Name, that is specified in his or her certificate must map to a valid user ID on the AS ABAP.

Features

The integrity and confidentiality of the authentication credentials is provided using the SSL protocol and PKI technology. In addition, users can produce digital signatures using the client certificates to establish higher levels of trust and non-repudiation for business transactions.

Once users receive their client certificates from the CA, they can use them to access the AS Java and passwords are no longer used for authentication purposes. In addition, users can use their certificates for secure access to other Intranet or Internet services.

Activities

For more information about enabling the use of client certificates for an SSO integration of the AS ABAP, see the following sections:

·        Login with Client Certificates

Information about configuring the use of client certificates for the Internet Connection Framework (ICF) of the AS ABAP. The ICF enables Web-based access to the AS ABAP.

·        Configuring the AS ABAP to use Client Certificates

Information about additional configuration parameters related to enabling SSL and maintaining the user certificate mapping on the AS ABAP.

      Using SAP Passports Provided by the SAP Trust Center Service 

Information about getting certificates for users from the SAP Trust Center Service.

 

 

 

 

End of Content Area