on 08-06-2012 3:43 PM
Hello,
I would like to test the new SAML 2.0 SSO functionality in Abap Server 7.02.
I have configured and activated saml2 and configured our external idp as documented in
http://help.sap.com/saphelp_tm80/helpdata/en/46/631b92250b4fc1855686b4ce0f2f33/frameset.htm
I would like to import the private key/certificate generated for my abap server.
In tx strust, I have not find a way to import this cert/key, providing
pem files or pkcs12 files.
I have the following tabs:
---
Sytem PSE
- SAP System
SSF Collaboration Integration
SSF SAML2 Service Provider - E
SSF SAML2 Service Provider - S
---
How could I proceed to import?
Thanks in advance for your answers.
hi benoit,
for me, it looks like somthing is wrong with you certificate, maybe you need a new one with basic constraints.
Zitat aus: Inst/Config. Admin Guide SSO:
BasicConstraints | This option defines whether the subject of the certificate is a Certification Authority and how deep a certification path may exist through that Certification Authority. Checking this option will open the following sub-options: Is critical? If you select this option, the basic constraints parameter is required in the certificate for communication to be successful. Is CA? This option defines whether the subject of the certificate is a Certification Authority. When you select this option, the Path Length field opens. Enter the number of levels for which the constraints are valid. |
br
julius
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi benoit,
you can use the tx STRUSTSSO2, this is a extended version of tx STRUST.
lg
julius
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
okay, i understand, maby this helps you out:
http://help.sap.com/saphelp_nw70/Helpdata/en/0d/9ce63bab134b39a52e340255d7650c/content.htm
it was the only note if found about import pkcs12 files:
Hinweis 1300880 - Digital Invoice Mexico: Import Certificates
for a pkcs12 file you can not use tx strust, you must work with the sapgenpse.
lg julius
Hello,
Thanks for this conversion mechanism.
Unfortunately, I have a few problems with it:
---
PKCS#12/PFX file contains 1 keypair:
1. FriendlyName = "nplhost.unige.ch"
X.509v3 (type=Both) RSA-2048 (signed with sha1WithRsaEncryption)
Subject="CN=nplhost.unige.ch"
Issuer ="CN=nplhost.unige.ch"
ERROR in import_p12: (9/0x0009) af_verify_Certificates failed
ERROR in af_verify_Certificates: (12851/0x3233) Verification of one certificate of path failed because there are no basic constraints
ERROR in check_basicConstraints: (12851/0x3233) Verification of one certificate of path failed because there are no basic constraints
---
Would you know what this error means?
Thanks in advance for your help.
User | Count |
---|---|
94 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.