cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Provisioning 3rd party systems using SPML

Go to solution
Former Member

on ‎12-28-2009 1:30 PM

0 Kudos

In our setup we have a legacy systems based on CICS which we need to provision. A web service has been developed on the CICS side which we can use to provision users and privileges through using the VDS as an intermediary. The VDS will then interact with our legacy web service through SPML. Certain challenges do however exist. Our web service requires a proper client side authentification with a standard X.509 certificate, which the webservice then will validate to make sure that it is an authenticated user that is making the request. As far as I know there is no standard way to implement this, but how could one think up a solution? Where are certificates stores?

Best regards,

Anders

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-28-2009 10:50 PM
0 Kudos

Hi Anders, I had looked at doing something like this in SQL Server using SSL. We ended up not going down this road but I do recall that the certificate had to be installed on the SQL Server box for https and then import that certificate into the IDM server at the platform level. I know this doesn't solve your issue but hopefully it will help.

Scott

Show replies
Show replies
Former Member
‎12-29-2009 7:35 AM
0 Kudos

Hi Scott, we were considering something like this which I guess would be similar to setting up trust between the NetWeaver AS and the system we wish to provision. In our case the VDS and the NetWeaver AS are physically on the same system so in principle this solution might work. However, we do need to be able to identify different users that interact with our legacy system i.e. each user should have their own certificate, so that might be a problem as far as I can see.

I have noted though that the VDS has something called a Keystore reference, which appears to be able to hold several certificates for interaction with other systems. Would anyone have any experience with the setup of such a Keystore?

Best regards,

Anders

Former Member
‎02-01-2010 7:30 PM
0 Kudos

Can't have any more questions open

./Anders

Former Member
‎02-02-2010 1:27 PM
0 Kudos

Anders, I don't have direct experience with your scenario, but I did set up the keystore with SSL cert to SQL Server. This blog post helped me set up the keystore in the SAP JVM in IDM so perhaps it will help you.

/people/nghia.nguyen/blog/2009/11/30/securing-the-transport-layer-between-sap-idm-and-ldap

Best of Luck,

Scott

Answers (0)

Ask a Question