Maintaining the User's Certificate Information 

Use

When using SSL and client certificates for user authentication, the user is identified using a client certificate. To allow the AS Java to identify users, their client certificate must be available in their user account. There are several options:

●      The administrator imports users certificates manually and adds them to the user’s data. The following procedure describes the steps required.

●      Users map their own certificates to their user ID at logon. The administrator does not need to perform any steps.

●      Users’ certificates are already stored as a user attribute on the LDAP directory. In this case you need to map the relevant attributes. For more information, see Attribute Mapping for Client Certificates. You do not need to perform the steps in the following procedure.

Prerequisites

●      The UME property ume.logon.allow_cert is set to TRUE.

You can edit this property with the SAP NetWeaver Administrator:

                            a.      Go to Configuration Management → Security → Authentication.

                            b.      Choose the Properties sub-tab and choose the Modify button.

                            c.      Select the checkbox of the ume.logon.allow_cert property.

                            d.      Save the changes.

●      You have user administration rights for using the UME user management administration console.

Procedure

...

       1.      Start identity management.

For more information, see User Administration Console.

       2.      Select a user.

       3.      Modify the user.

       4.      On the Certificates tab, maintain the user’s certificate.

If the Certificates tab does not appear, check the UME parameter ume.logon.allow.cert.

Result

The user can log on to the AS Java using SSL and this client certificate for authentication.