Show TOC

Mapping X.509 Certificates in Table USREXTIDLocate this document in the navigation structure


Use this procedure to map users of SAP NetWeaver Application Server (AS) ABAP to external IDs used in X.509 certificates.


Maintaining table USREXTID is a manual process. We recommend you use rule-based mapping for X.509 certificates.


If you mass configure user mappings, you have determined what common factor to use to create the external ID. You can choose from the following:

  • User ID

  • Logon alias

  • A value determined by a custom BAdI

    You must create your own BAdI. SAP provides the BAdI USREXTIDMAPPING as an example of just such an implementation.


Performing Mass Configuration of Mapping Data

  1. In transaction SA38, open report RSUSREXT.

  2. In the User section, determine the selection criteria for the users to which you want to map external IDs.

  3. In the Ext. Name Changed section, enter the following data:

    • Enter DN in the External ID type field.

    • Enter any text that is to appear before or after the common part of the external name ID.


      Enter CN= as the prefix and , O=EXAMPLE, C=US as the suffix.

    • Choose the source for the common part of the external name ID.

  4. Enter further options as required.

  5. Choose Execute.

Mapping a Single User

  1. In transaction SM30, open view VUSREXTID.

  2. Enter DN in the External ID type field.

  3. Edit the table entries.

  4. Set the Activated indicator to activate the client certificate logon for the user.

  5. Save your entries.