Hello,

I had the same problem and solved it as follows: You can generate a x.509 certificate file at your Active Directory DC (e.g. via http://DCservername/certsrv) and save the certificate as a .pfx file. Then, simply rename the file suffix to .p12 which is the file format for Safari (and Firefox).

Now you have two possibilities to transfer the certificate to your Apple device. Simply send it via email and install the attached file or use Apple's iPhone Configuration Utility (OK, if you've Sybase Afaria, you have a third option).

Hope this helps,

Herwig

Hi Jim,

I have looked into this myself. We use SONICWALL Aventail Connect VPN servers. With those, I have spoken to the consultants that specialise in Aventail and they can configure a multitude of SSO options between the VPN server and the SAP systems. I am no expert with Aventail and I don't know what VPN server you use, but I know with Aventail it is theoretically possible (we have yet to action this). When you access a service via Aventail, it automatically requests authentication based on your AD credentials and optionally (based on config) a SecureID pin (if you want two factor authentication). Then it is up to configuration of the Aventail service to achieve SSO with your SAP system. From my thinking, if you have a SAP Portal or NetWeaver Java WAS you could route the calls via that, since the Java stack has more options for authentication (you could even code an authentication module there if necessary). Once you have a SSO cookie in your browser it can communication freely with your BSP.

Hope this helps.

Rgds

John