Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Why is authentication using X.509 certificates in JCO secure?

Former Member

‎05-03-2010 3:03 PM

0 Kudos

Hi,

when connecting from a Java application to an AS ABAP using JCO, I can put the following into the user id and password parameters:

a) my user id / my password

b) $MYSAPSSO2$ / SAP logon ticket

c) $X509CERT$ / base64 encoded X.509 certificate

When using option c) ... can anybody tell me what exactly happens?

Is the base64 encoded X.509 certificate my public key signed by some signer CA (or signed by myself when using self-signed certificates)?

Do I need to be in possession of the fitting private key part for this certificate? And if so, do I need to somehow make this private key available for JCO in order to do some handshaking as HTTPS does? Or is my private key sent to the ABAP server?

What do I need to set up on the ABAP side in order to make this work?

I tried to find my way through the JCO and SNC documentation which turned out to be quite cumbersome. Any pointers to the according documentation are very much appreciated.

Thanks!

Jens

4 REPLIES 4

former_member257889
Explorer

‎06-30-2010 12:16 AM

0 Kudos

Hi my friend

The AS ABAP supports among authentication and SSO mechanisms the Secure Network Communications (SNC) and SSL and X.509 client certificates as

If you see [here|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/e5/4344b6d24a05408ca4faa94554e851/frameset.htm]:

"An X.509 client certificate is a digital also know a public-key. A user who accesses the SAP

Web Application Server and presents a valid certificate is authenticated on the server using the SSL protocol.

The information contained in the certificate is passed to the server and the user is logged on to the server based on this information."

"When using X.509 client certificates, users are authenticated on the SAP Web Application Server

using the SSL protocol. Therefore, HTTPS connections are necessary for the communication between

the users' Web browsers and the SAP Web Application Server."

See [Using the Secure Sockets Layer Protocol with the AS ABAP|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/3a/7cddde33ff05cae10000000a128c20/frameset.htm]

Thanks and best regards,

Alvaro Raminelli

tim_alsop
Active Contributor

‎06-30-2010 8:04 AM

0 Kudos

if you have a Kerberos server (e.g. Active Directory) in your network, you can also use Kerberos to secure the connection between a Java application (via JCO) and an ABAP system. This is done using SNC, but using a Kerberos library with SNC instead of a library that supports x.509 certificates.

Thanks

Tim

former_member259859
Explorer
In response to tim_alsop

‎02-12-2021 2:19 AM

0 Kudos

Hi Tim

Can you share some links about user os SNC(kerberos (AD) ) + JCO

I need send a request through a web Page( with SSO/AD) to broker message server and a consume by micro service application (after some time ) and request SAP using JCO (without password, only using the previous kerberos ticket)

thanks

tim_alsop
Active Contributor
In response to tim_alsop

‎02-12-2021 7:41 AM

0 Kudos

Erico

I want to check that I understand your requirement. A user logs onto a web page on a web server (what is this web server running on?) and then you want to use JCO library on the web server to run an RFC on AS ABAP system without asking the user for their password. Is this correct?

Thanks

Tim