For access to SAP systems that use a Web-based frontend (for example, Web Dynpro or SAP GUI for HTML) you can use the Secure Sockets Layer (SSL) protocol client certificates for client or user authentication. The authentication takes place using the underlying protocols and no user intervention is necessary, which also provides for a Single Sign-On environment.
ABAP: Table maintenance (transaction SM30)
J2EE Engine: Key Storage service
The use of SSL and client certificates is configured on the systems. For more information, see:
· ABAP: Configuring the SAP Web AS for Supporting SSL
· ABAP: Configuring the System for Using X.509 Client Certificates
· J2EE Engine: Configuring the Use of SSL on the SAP J2EE Engine
· J2EE Engine: Using Client Certificates for User Authentication
The tasks involved when using client certificates for user authentication are also primarily configuration tasks. The tasks that are occasionally necessary are shown in the table below.
Administrative Tasks when Using Client Certificates
Reason |
Task |
More Information |
Maintain the user’s certificate information |
ABAP: Maintain the mapping in table USREXTID J2EE Engine: There are several options: · The user maps his or her own certificate. · You import the user’s certificate into the Key Storage service. · The user’s certificate is stored in an LDAP directory server and you use the corresponding attribute mapping. |
ABAP: None J2EE Engine: Maintaining the User's Certificate Information and Attribute Mapping for Client Certificates |
Renewing a user’s certificate |
If the user’s Distinguished Name changed, then you must adjust the mapping entry or re-import the user’s certificate accordingly. |
See the policy provided by the Certification Authority (CA) that issued the user certificate. |
Renewing a server certificate |
ABAP: Generate a certificate request, send it to the CA, import the certificate request response. J2EE Engine: Generate a certificate request, send it to the CA, and import the response. See step 4 in Creating the Server's Key Pair to Use for SSL.
|
See the policy provided by the CA that issued the server certificate. |
See also:
· ABAP: Using X.509 Client Certificates
· J2EE Engine: Using Client Certificates for User Authentication