It's full of stars!

  • All Content
  • About

x509

Basis Cloud OData SAP SAP Cloud

Troubleshooting WebIDE connection error to on premise ABAP system

Assume that you use SAP WebIDE for developing an application and that you have to consume an OData service from an on-premise NetWeaver ABAP system. In SCP, the destination is configured, and SAP Cloud Connector is working. For principal propagation, X.509 is used. Problem When you select the OData service Read more…

By Tobias Hofmann, 5 yearsJuly 27, 2020 ago
Basis SAP Security Technology

SSO Logon with X.509 certificate

SSO logon with an X.509 certificate offers some benefits. In this blog, I’ll cover the main benefits, problems and attention areas when using X.509 for SSO. As a practical example the X.509 logon with NetWeaver ABAP is shown. To access an ICM service on a NetWeaver ABAP system (NW ABAP), Read more…

By Tobias Hofmann, 5 yearsJuly 24, 2020 ago
Basis SAP

X.509 troubleshooting – Enabling trust between NetWeaver and intermediate server

ICM in NetWeaver ABAP is not reading the HTTP header and accepting the transmitted X.509 certificate simply like that. I’ll show here a picture that shows what an intermediate server is sending to NetWeaver. You can see that two certificates are transmitted to SAP: the user X.509 as well as Read more…

By Tobias Hofmann, 5 yearsJuly 21, 2020 ago
Basis SAP

X.509 troubleshooting – Send X.509 Certificate in HTTP Header

In many cases a proxy is placed between the end user and the SAP backend, like a Web Dispatcher. User –> Proxy (intermediate) –> SAP The proxy / intermediate receives the user certificate, extracts and adds it to HTTP header SSL_CLIENT_CERT. When a connection to the SAP backend is opened, Read more…

By Tobias Hofmann, 5 yearsJuly 20, 2020 ago
Basis SAP

X509 based logon – 5 – Test

After configuring your NW ABAP instance to support user logons with X.509 certificates, it is time to test the correct setup. The test is simple: access a HTTP service like Web Gui and log on by sending a user certificate. Activate SAP Web Gui service Tx: SICF Select webgui and Read more…

By Tobias Hofmann, 5 yearsJuly 17, 2020 ago
Basis SAP

X509 based logon – 4.4 – User logon with rule based mapping – Specific user

For this configuration step, the same pre-requisites as for 4.2 apply. This option is like a technical user with X.509. The logon is done with a X.509 certificate, and a fix SAP user is assigned. That is, your user will always log on with the same user id in SAP, Read more…

By Tobias Hofmann, 5 yearsJuly 16, 2020 ago
Basis SAP

X509 based logon – 4.3 – User logon with rule based mapping – Alias

Besides mapping a X.509 user to a given user ID in an SAP system, you can also map the user by an alias or to a specific user. In step 4.3 I’ll show the configuration for alias mapping, and in 4.4 for a specific user. Create alias for user Tx: Read more…

By Tobias Hofmann, 5 yearsJuly 15, 2020 ago
Basis SAP

X509 based logon – 4.2 – User logon with rule based mapping – user name

This configuration is about enabling the user to log on via X.509 and get a valid SAP user assigned by mapping a property from the certificate to an SAP user property. Mapping the user via a wizard is the recommended approach. For this to work, you need to enable certificate Read more…

By Tobias Hofmann, 5 yearsJuly 14, 2020 ago
Basis SAP

X509 based logon – 4.1 – Enable users for logon on NW ABAP – Mapping table

This approach is considered legacy, deprecated and is not recommended any longer by SAP. I just include this here as a reference for those that cannot update. Tx: SM30 Table VUSREXTID External ID Type DN Add a new entry. Switch to edit mode. Click on new entries A new entry Read more…

By Tobias Hofmann, 5 yearsJuly 13, 2020 ago
Basis SAP

X509 based logon – 3 – Create a user certificate

The user needs to have a valid X.509 certificate to be able log on at the SAP System (via ICM service). This certificate is issued by the intermediate CA. Create a CSR for a user and let the intermediate CA sign it. Following my own blogs, I get a certificate Read more…

By Tobias Hofmann, 5 yearsJuly 10, 2020 ago

Posts navigation

1 2 Next
  • Datenschutzerklärung
  • Impressum
  • Cookie-Erklärung
Hestia | Developed by ThemeIsle