This configuration is about enabling the user to log on via X.509 and get a valid SAP user assigned by mapping a property from the certificate to an SAP user property. Mapping the user via a wizard is the recommended approach. For this to work, you need to enable certificate Read more…
This approach is considered legacy, deprecated and is not recommended any longer by SAP. I just include this here as a reference for those that cannot update. Tx: SM30 Table VUSREXTID External ID Type DN Add a new entry. Switch to edit mode. Click on new entries A new entry Read more…
The user needs to have a valid X.509 certificate to be able log on at the SAP System (via ICM service). This certificate is issued by the intermediate CA. Create a CSR for a user and let the intermediate CA sign it. Following my own blogs, I get a certificate Read more…
Certificates are based on trust. Trust is established by trusting a PKI and the CA that issues certificates. To establish the trust needed for X.509 based user logon, import the certificates of the issuing PKI. In my case, I do have a root CA and intermediate CA. I’ll have to Read more…
SAP Help Configuring the SAP Web AS for Supporting SSLicm/HTTPS/verify_clientConfiguring the AS ABAP to Use X.509 Client Certificates A pre-requisite is to configure NW ABAP to support TLS / HTTPS. To be able to log on to NW ABAP using a X.509 user certificate, the ICM service must be configured Read more…
Die SAP Hauptversammlung fand am 20. Mai statt. Die eigentlichen Themen (Gewinn, Wachstum, Dividende) einer HV fanden wenig Interesse in den Medien. Dafür das was der Aufsichtsratsvorsitzende sagte. Ausgiebig wurden die Infos zu dem Ende des Co-CEO Models aufgenommen.* Seine Infos zum Abgang von Bill McDermott gingen etwas unter, fanden Read more…
SAP Help OAuth 2.0 Service Sample request in my Gitlab repo I’ll show how you can obtain an OAuth 2.0 token in SAP Cloud Platform (SCP) and manage it for authentication of apps. For the example detailed here, I am going to use an OAuth authorization grant of type client Read more…
Problem After sending a request to the access token endpoint /sap/bc/sec/oauth2/token you get an internal server error 500. Investigation Tx: SA38 Program: SEC_TRACE_ANALYZER Run program. Select OAuth varian: click on Get Variants Click on Activate Trace is active. Reproduce the issue. The log trace for the user will show the Read more…
To be able to log in to your SAML 2.0 IdP after a SP redirect, the SP must be configured in your IdP. While this sounds obvious, it can be confusing when you have several clients in your IdP and several IdP in your SP. For instance, you must ensure Read more…
Scenario A user authenticated against the SAML 2.0 IdP. The OAuth client is sending the SAML 2.0 Response containing the user assertions to the NetWeaver ABAP system. An error of type invalid grant is returned. Error message: { “error”: “invalid_grant”, “error_description”: “Provided authorization grant is invalid. Exception was Attribute ‘Recipient’ of element ‘SubjectConfirmationData’ is invalid. For more information, consult the kernel traces or the OAuth 2.0 trouble shooting SAP note 1688545” } Root cause The OAuth client is sending the SAML Read more…