Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

SAP Secure Login Client on MAC with x.509

Has anyone installed the SAP Secure Login Client on a MAC and used x.509 certificates instead of Kerberos?  According to the SAP help documentation this is possible as follows.  Are there any work arounds that need to be implemented when using the SAP GUI Java Client for MAC with SAP Secure Login Client?

Configuring Secure Login Client on a Mac Client

By default, Secure Login Client uses Kerberos to authentication at an SAP GUI with an SNC connection. Nevertheless you can also configure your Mac client to use X.509 certificates.

Context

  • Kerberos is the default authentication mode of your Mac client for logging on to an SAP GUI. You need not do anything because Kerberos is already available after the installation. Since your Mac client belongs to Microsoft Active Directory, Kerberos-based authentication mode is supported (see the related link).
  • If you want to use X.509 certificates as authentication mode for the SAP GUI with SNC, you must configure it in the OS X System Preference Pane.

Procedure

  1. Open the Secure Login Client in your Applications folder or in the System Preferences window.
  2. In the parameter Select your SSO method of the Single Sign-On section, switch to Use your selected certificate.
  3. Go to the parameter Select your certificate and choose the certificate you want to use for certificate-based authentication to SAP GUI with an SNC connection.

    Note
    Another option is configuring authentication with X.509 certificates in the Keychain view of OS X. You find the preferred certificate as a Secure Login identity preference.
    CautionDo not switch certificates in the Secure Login preference pane while changing the settings in the Secure Login Identity Preference of the OS X Keychain. You risk getting an inconsistent configuration.

Related Information

Secure Login Client for OS X

Tags:
Former Member
Not what you were looking for? View more on this topic or Ask a question