Example Configuration: SSO with X.509

Use

Example application configuration for X.509 user authentication.

Procedure

Start Management Cockpit

On any computer on the network, in a supported browser, enter the URL for the Management Cockpit and log in. The URL has the format: https://<host_name>:<https_admin_port>/Admin/

Create a New Application

  1. On the Applications page, choose New.

  2. In the New Application dialog box, enter the following values:

    Field

    Value

    ID

    com.sap.fiori.client

    Unique application identifier in reverse domain notation. This is the application identifier that the application developer assigns or generates during application development. The administrator uses the application ID to register the application with the server, and the client application uses the application ID to send requests to the server.

    Name

    Descriptive name for the application, for example, SAP Fiori Client

    Vendor

    (Optional) Vendor who developed the application, for example, SAP SE

    Type

    Hybrid

    Description

    (Optional) Short description of the application

  3. Save your entries.

Define the Back-End Connection

  1. On the Back End page, configure the following:

    Field

    Value

    Endpoint

    The URL the application uses to access business data on the Fiori front end server. It has the following format:

    https://<frontendserverhost>:<port>/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-client=<client>&sap-language=EN

    Certificate alias

    tech_user

    Rewrite Mode

    Rewrite in backend

    SSO Mechanisms

    Add X.509

  2. Save your entries.

Define Authentication Mechanisms

  1. On the Authentication page, enter a name for the new security profile.

  2. Under Authentication Providers, choose Add.

  3. Add the X.509 User Certificate authentication provider and configure the following:

    Field

    Value

    Authentication Providers

    X.509 User Certificate

    Control Flag

    optional

    Certificate attribute as principal:

    Name of the field in the certificate subject DN to be added as principal. If not configured, the entire subjectDN is added as the name of the principal for the authenticated subject.

    Example: CN

  4. Save your entries.