Enabling Principal Propagation on the Fiori Front-End Server
Configure the ICM to trust the system certificate you created for principal propagation, and map temporary certificates to ABAP users.
Prerequisites
The Fiori front-end server is enabled to use SSL.
The Fiori front-end server trusts the technical user certificate from SAP Mobile Platform Server.
For more information, see Configuring the Fiori Front-End Server to Trust SAP Mobile Platform.
Procedure
Configure the ICM to Trust the Technical User Certificate
Start the Profile Editor (transaction
RZ10
)Use the value help to select the profile to edit, for example, the DEFAULT profile.
Select the
Extended maintenance
radio button, and then chooseChange
.Create the following parameters:
Issuer of the technical user certificate:
Parameter name:
icm/HTTPS/trust_client_with_issuer
Example values:
CN=MyCompany CA, O=Trust Community, C=DE
Subject of the technical user certificate:
Parameter name:
icm/HTTPS/trust_client_with_subject
Example values:
CN=SCC, OU=HCP Scenarios, O=Trust Community, C=DE
Save the profile.
Open the ICM Monitor (transaction
SMICM
) and restart the ICM:Choose
Administration
ICM
Exit Hard
Global
.Verify that the two profile parameters have been taken over by ICM as desired:
Choose
Goto
Parameters
Display
.
Map Temporary Certificates to Users
You can do this manually in the system as described below or make use of an identity management solution (IDM) for a more comfortable approach. For large numbers of users, rule-based certificate mapping is a good way to save time and effort. For more information, see “Rule-Based Certificate Mapping” in the NetWeaver Platform documentation at http://help.sap.com/nw_platform
.
Open Assignment of External ID to Users (transaction
EXTID_DN
).Switch to edit mode.
Create a new entry.
Specify the subject of the certificate as External ID.
In the
User
field, provide the appropriate ABAP user, for example JOHNDOE.Save the mapping.
Repeat the steps for all users that shall be supported for the scenario.