Use of SNC/SSO with certificates
Is it possible to configure the SNC matching of user id's and SNC names to not use the full distinguished name ?
We would like to enable SSO/SNC using certificates.
Please support here
Thanks in advance,
Wolfgang Janzen replied
> Is it possible to configure the SNC matching of user id's and SNC names to not use the full distinguished name ?
> We would like to enable SSO/SNC using certificates.
> Please support here
> Thanks in advance,
I assume that you are referring to the SNC mappings defined in an ABAP stack (SU01: SNC tab -> table USRACL). This mapping is independent from the SNC product being used. The mapping is based on the so-called "canonical SNC name" - on the entire one, not on parts of it.
So the answer is "no" (regarding SNC mappings).
If you are referring to "X.509 client certificate mappings" (mutual SSL authentication) then there is some light at the end of the tunnel: with NWAS ABAP 7.1 Enhancement Pack 1 (7.11) a new feature is available: "rule-based certificate mapping". The rule engine allows to configure that only certain parts of the subject name are relevant for the mapping.
However, the "classic" certificate mapping (ABAP transaction EXTID_DN, table USREXTID) always takes the entire subject name (in the ABAP-specific printable notation).