For access to SAP systems that use a Web-based frontend (for example, Web Dynpro or SAP GUI for HTML) you can use the Secure Sockets Layer (SSL) protocol client certificates for client or user authentication. The authentication takes place using the underlying protocols and no user intervention is necessary, which also provides for a Single Sign-On environment.
Tools
AS ABAP: Table maintenance (transaction SM30)
AS Java: Key Storage service
Prerequisites
The systems have been configured for the use of SSL and client certificates.
For more information, see:
Tasks on Demand
The tasks involved when using client certificates for user authentication are primarily configuration tasks. The table below lists the tasks.
Reason |
Task |
More Information |
---|---|---|
Maintain the user's certificate information |
AS ABAP: Maintain the mapping in the USREXTID table. AS Java: There are several options:
|
AS ABAP: Configuring the AS ABAP for Supporting SSL AS Java: Maintaining the User's Certificate Information and Attribute Mapping for Client Certificates |
Renewing a user's certificate |
If the user's Distinguished Name changed, then you must adjust the mapping entry or re import the user's certificate accordingly. |
See the policy provided by the Certification Authority (CA) that issued the user certificate. |
Renewing a server certificate |
AS ABAP:
AS Java:
|
See the policy provided by the CA that issued the server certificate. |