Use
An X.509 client certificate is a digital "identification card" for use in the Internet, also known as a public-key certificate.
A user who accesses the SAP Web Application Server and presents a valid certificate is authenticated on the server using the SSL protocol. The information contained in the certificate is passed to the server and the user is logged on to the server based on this information. User authentication takes place in the underlying protocols and no user ID and password entries are necessary.
Integration
Public-Key Infrastructure / Trust Center Services
Users need to receive their X.509 client certificates as part of a public-key infrastructure (PKI). The role of the PKI is to verify the identity of certificate owners and to issue, validate, renew, and revoke certificates. If you use X.509 client certificates for authentication, then you need access to a PKI. You can either establish your own PKI or you can rely on a Trust Center for these tasks.
Using SSL for Client Authentication
When using X.509 client certificates, users are authenticated on the SAP Web Application Server using the SSL protocol. Therefore, HTTPS connections are necessary for the communication between the users' Web browsers and the SAP Web Application Server.
Prerequisites
Features
Activities
The corresponding URL must use HTTPS.
Result
If the SSL authentication was successful and the user can be mapped to a SAP System user ID, then the user is logged on to the system. No user ID or password entries are necessary.
If however, the system cannot correctly map the user ID, or the SSL authentication failed, then the system checks for a logon ticket. If no ticket exists, then the system prompts the user for user ID and password using the HTTP basic authentication prompt.