Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Is a Public/Private Key Pair possible in SAP?

Former Member

‎01-07-2009 2:29 PM

0 Kudos

I have a web service that I would like to run as part of a nightly script. I currently use username/password authentication, but it is not acceptable to have them hard coded, due to Sarbanes-Oxley rules. SAP's site claims to support authentication with x.509 certificates, but is unclear on the implementation details. How could I go about setting up and using a public/private key pair in SAP?

3 REPLIES 3

Former Member

‎01-07-2009 9:09 PM

0 Kudos

Not really a portal question, and maybe you'll get a better result in a security forum...

However, briefly, yes, the AS Java supports X509 certificates as an authentication mechansm. You need to use Visual Admin to generate a server side certificate, then you need the client side to register its own X509 certificate and then in the Java user admin you need to associate the client certificate with a known user. Now when the client executes the web service call it can pass the certificate and the AS Java will back translate the certificate to a real username.

Former Member
In response to Former Member

‎01-08-2009 12:23 PM

0 Kudos

Hi,

For information, the abap stack is also able to use X.509 certificates as an authentication method.

Regards,

Olivier

Former Member

‎01-07-2009 11:32 PM

0 Kudos

Moved to Security Forum... (and cross-posts deleted)