Maintaining the User's Certificate Information

Prerequisites

  • The UME property ume.logon.allow_cert is set to TRUE .

    You can edit this property with the SAP NetWeaver Administrator:

    1. Go to Start of the navigation pathConfiguration Management Next navigation step Security  Next navigation step  Authentication and Single Sign-OnEnd of the navigation path.

    2. Choose the Properties sub-tab and choose the Modify button.

    3. Select the checkbox of the ume.logon.allow_cert property.

    4. Save the changes.

  • You have user administration rights for using the UME user management administration console.

Context

When using SSL and client certificates for user authentication, the user is identified using a client certificate. To allow the AS Java to identify users, their client certificate must be available in their user account. There are several options:

  • The administrator imports users certificates manually and adds them to the user's data. The following procedure describes the steps required.

  • Users map their own certificates to their user ID at logon. The administrator does not need to perform any steps.

  • Users' certificates are already stored as a user attribute on the LDAP directory. In this case you need to map the relevant attributes. For more information, see Attribute Mapping for Client Certificates . You do not need to perform the steps in the following procedure.

Procedure


  1. Start identity management.

    For more information, see User Administration Console .

  2. Select a user.

  3. Modify the user.

  4. On the Certificates tab, maintain the user's certificate.

Results

The user can log on to the AS Java using SSL and this client certificate for authentication.