You can use this procedure to configure the login module stacks of applications to enable the SAP NetWeaver Application Server (AS) Java to authenticate users based on established mapping of client certificates to user IDs in the UME data source of the AS Java.
To use this mode for client certificate authentication, you have to establish a mapping between the client certificate and the user ID. The AS Java enables you to map client certificates to user IDs manually with the Identity Management functions of the AS Java. Alternatively, you can add the CertPersisterLoginModule to the login module stack for client certificate authentication to map automatically client certificates to user IDs on first successful logon with another authentication mechanism.
To map certificates to user IDs during logon, add the login modules for client certificate authentication to the login module stacks for the applications that use authentication with client certificates.
For more information about setting up login module stacks, see Managing Authentication Policy for AS Java Components .
This is the default behavior when you do not configure any options for the ClientCertLoginModule .
You can map user IDs to client certificates either manually or by configuring the AS Java to map certificates to user IDs automatically during the first user logon. For more information, see the following sections:
Users can access AS Java applications with client certificates. The AS Java determines the user ID based on the mapping between the client certificate and the user ID in the UME data source.