01-07-2009 2:29 PM
I have a web service that I would like to run as part of a nightly script. I currently use username/password authentication, but it is not acceptable to have them hard coded, due to Sarbanes-Oxley rules. SAP's site claims to support authentication with x.509 certificates, but is unclear on the implementation details. How could I go about setting up and using a public/private key pair in SAP?
01-07-2009 9:09 PM
Not really a portal question, and maybe you'll get a better result in a security forum...
However, briefly, yes, the AS Java supports X509 certificates as an authentication mechansm. You need to use Visual Admin to generate a server side certificate, then you need the client side to register its own X509 certificate and then in the Java user admin you need to associate the client certificate with a known user. Now when the client executes the web service call it can pass the certificate and the AS Java will back translate the certificate to a real username.
01-08-2009 12:23 PM
Hi,
For information, the abap stack is also able to use X.509 certificates as an authentication method.
Regards,
Olivier
01-07-2009 11:32 PM