X509 based logon – 5 – Test

Published by Tobias Hofmann on

2 min read

After configuring your NW ABAP instance to support user logons with X.509 certificates, it is time to test the correct setup. The test is simple: access a HTTP service like Web Gui and log on by sending a user certificate.

Activate SAP Web Gui service

Tx: SICF

Select webgui and activate the service. The open the context menu of the node and click on test service. A web browser will open the following URL:

https://vhcalnplci:44300/sap/bc/gui/sap/its/webgui?sap-client=001

Normally you see a warning message. That’s because the ICM service is not configured to use a valid HTTPS server certificate. You can ignore the warning and instruct your browser to open the web site.

After trusting the server certificate for HTTPS, the browser will aks you the provide a certificate. This is because ICM was configured to ask for a certificate and your user certificate was added to the browser keystore.

Select the certificate and send it to NW ABAP. ICM will validate it and obtain a valid user session from NW. You will be logged on and see the start screen of SAP Web Gui for HTML. You just logged on to SAP without providing your password.

Let the world know
Categories: BasisSAP

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

1 Comment

SSO Logon with X.509 certificate | It's full of stars! · July 24, 2020 at 10:00

[…] Test […]

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.