Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Portal Certificate Login / Basic Authentication

Former Member

‎06-17-2011 11:02 AM

0 Kudos

Hi .

We've setup our Portal to login by either client certs of basic authentication. The client cert is stored on a smart card device. On each access to the smartcard a user dialog prompts the user to enter the password of the smartcard.

Some users have several user IDs. Client certificate can IMHO only mapped to one user ID. First question: Is it possible to map a client cert to more than one user ID in UME?

2)

If the smartcard is in cardreader and the user opens the portal login page, portal always requests the client certificate (since it is present). If the user clicks cancel, then an error page is shown. The user should have the ability to login using basic authentication user/password, even the certificate is present. At the moment we need to advice the users to remove the smartcard before trying to login. What I am looking for is something like

https://portal.com/irj/login&j_authscheme=basicauthentication <- do not request client cert, prompt for userid password

https://portal.com/ijr/login/certlogonportlet <- requests client cert

Thanks for your help

Philipp

3 REPLIES 3

Former Member

‎06-17-2011 12:22 PM

0 Kudos

Hi,

Question 1 : I don't think it's possible to map a client cert to several user ids. IMHO, it would not make sense.

Question 2 : Check if your Portal login stack is correctly configured : this should be possible to acheive.

Regards,

Olivier

Former Member

‎06-17-2011 10:22 PM

0 Kudos

For the ABAP stack you can force the logon screen.

For Java stacks you would need to make it application specific.

I agree with Olivier - the use case for 1) is suspect.

If your problem is tht system admins are also ESS endusers (for example) then you can give them a different network zone to work from as admin with a different SSO ID. From a risk perspective it is the same... you should only give admin access to people whom you trust and accept being monitored.

Cheers,

Julius

Former Member
In response to Former Member

‎06-20-2011 9:05 AM

0 Kudos

Well, as for case 1, our customers use abab stack for several years. Many users access abap using smartcard with SNC connection. In ABAP stacks with SNC enabled, the user can choose the user / client at the login screen. A user can have several test users, all assigned to the certificate (snc string in su01). I think this should be possible in java stack aswell.

thanks, Philipp