cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Secure Login Client on MAC with x.509

Former Member

on ‎10-13-2015 3:37 PM

0 Kudos

Has anyone installed the SAP Secure Login Client on a MAC and used x.509 certificates instead of Kerberos?  According to the SAP help documentation this is possible as follows.  Are there any work arounds that need to be implemented when using the SAP GUI Java Client for MAC with SAP Secure Login Client?

Configuring Secure Login Client on a Mac Client

By default, Secure Login Client uses Kerberos to authentication at an SAP GUI with an SNC connection. Nevertheless you can also configure your Mac client to use X.509 certificates.

Context

  • Kerberos is the default authentication mode of your Mac client for logging on to an SAP GUI. You need not do anything because Kerberos is already available after the installation. Since your Mac client belongs to Microsoft Active Directory, Kerberos-based authentication mode is supported (see the related link).
  • If you want to use X.509 certificates as authentication mode for the SAP GUI with SNC, you must configure it in the OS X System Preference Pane.

Procedure

  1. Open the Secure Login Client in your Applications folder or in the System Preferences window.
  2. In the parameter Select your SSO method of the Single Sign-On section, switch to Use your selected certificate.
  3. Go to the parameter Select your certificate and choose the certificate you want to use for certificate-based authentication to SAP GUI with an SNC connection.

    Note
    Another option is configuring authentication with X.509 certificates in the Keychain view of OS X. You find the preferred certificate as a Secure Login identity preference.
    CautionDo not switch certificates in the Secure Login preference pane while changing the settings in the Secure Login Identity Preference of the OS X Keychain. You risk getting an inconsistent configuration.

Related Information

Secure Login Client for OS X

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member200373
Participant
‎10-13-2015 4:02 PM
0 Kudos

Well, we do so, inside SAP

What´s your concrete problem with it?

We do not support short-lived Secure Login Server certificate enrollment in our Secure Login Client on Mac yet. So you need to have a certificate form somewhere else that can be selected in our configuration pane UI.

-- Stephan

Show replies
Show replies
Former Member
‎10-13-2015 4:19 PM
0 Kudos

We use x.509 short lived certificates in our Windows clients.  We have used the zero foot print web client on Mac's but have requirements to make them work just like the Windows users which are using an SNC connection and single sign on.  We are installing the fat SAP GUI Mac client (JAVA) and the SAP Secure Login client for Mac SPS 6.  Some information states that this is only provided through Kerberos currently, but the help documentation states "Nevertheless you can also configure your Mac client to use x.509 certificates."  It is unclear if this is a short lived certificate or something else. 

former_member200373
Participant
‎10-13-2015 4:24 PM
0 Kudos

Got it. So SLC on Mac supports existing X.509 certificates only yet.

Ask a Question