cancel
Showing results for 
Search instead for 
Did you mean: 

Desktop Connection for SAP CRM and NW SSO x.509 Certificate

yakcinar
Active Contributor
0 Kudos

Hello,

I implemented NW SSO in our SAP landscape and implemented it on our CRM system.

I want to use SSO on Desktop Connection for SAP CRM, professional edition Release 2.0 SP04.

I am trying to implement it using admin the guide's X.509 Certificate-Based Authentication section

(https://websmp207.sap-ag.de/~sapdownload/012002523100012038332015E/DCN_Admin_Guide_11_8.pdf)

Unfortunately I could not succeed in getting the certificate on Desktop Connection for SAP CRM - Login screen although the certificate is imported to the store.

What I did is;

* Exported NW SSO Root Certificate in x.509 format.

* Imported the Root certificate to  Trusted Root Certification Authorities store of Local Computer. (Explained in detail in )

Did anybody use NW SSO on Desktop Connection for SAP CRM?

Can you help about the issue, please?

Thanks and Regards,

Yuksel AKCINAR

Accepted Solutions (0)

Answers (1)

Answers (1)

donka_dimitrova
Contributor
0 Kudos

Hello Yuksel,

You will be able to find here:

https://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000764122&_SCENARIO=01100035870000000202&

This guide: "Administrator's Guide Deskt. Conn. prof. ed. 2.0 SP04 Patch2"

On page 32 of this guide there is a procedure how to configure X.509 Certificate-Based Authentication for Desktop Connection for SAP CRM.

If this will not be helpful, you have to create a CSS ticket.

Regards,

Donka DImitrova

yakcinar
Active Contributor
0 Kudos

Hello Donka,

Thank you for the reply.

I used the same guide.

Unfortunately Local computers store does not come  under Trusted Root Certification Authorities when I want to install certificate as mentioned in step 7.

"7. Expand the Trusted Root Certification Authorities store and select the Local Computer store below it."

I used mmc and add snap-in Certificates and installed the certificate to Local Computer certificate store as seen below.

Stil certificate does not come on login screen.

Regards,

Yuksel AKCINAR

donka_dimitrova
Contributor
0 Kudos

Hello Yuksel,

It seems that you have successfully installed the root certificate.

Please, make sure that there is also a User certificate for this user in the "Personal" folder. The User certificate is the one that has to be used for the X.509 authentication.

Regards,

Donka

yakcinar
Active Contributor
0 Kudos

Hello Donka,

There is also user secure login client certificate on Personal folder as you can see below

Regards,

Yuksel AKCINAR

LutzR
Active Contributor
0 Kudos

Hi Yuksel, I haven't played with this for a while. But from my memory I would say that you also need to import all relevant Intermediate CA certificates into the clients' trust store. In this case the "Secure Login User Su..." CA. It should be possible to put the whole chain into one .p7b file and import them client side as one package.

Regards,

Lutz

donka_dimitrova
Contributor
0 Kudos

Hello Yuksel,

Plese, make sure that you start the Desktop Connection for SAP CRM only when the SLS certificate is already enrolled. I am not sure that the certificate will be displayed in the drop-down if you first start the solution, and then enroll the SLS X.509 certificate, and then look back at the solution.


If you are sure that the SLS X.509 certificate is enrolled first and is available in the certificate store, and then you start the Desktop Connection for SAP CRM  and you don't see the certificate, Please, create a CSS message on the SAP CRM component, explaining that you are trying to configure SSO based on X.509 certificates. Explain that you are facing the following problem: The X.509 certificate of the user (available in the certificate store of the user) is not properly displayed in the drop-down for selection during the authentication process.

Regards,

Donka

yakcinar
Active Contributor
0 Kudos

Hello Lutz,

Thank you for your help.

I did export the root certificate as .p7b and installed it as seen below.

They are on both personal and Trusted Root Cert Authorisations (Local Computer).

Still I donot get the cert on login screen.

Thanks and Regards,

Yuksel AKCINAR

yakcinar
Active Contributor
0 Kudos

Hello Donka,

Thank you for the answer.

Since I am loging in other systems using SLS, certificate is already enrolled before I open Desktop tool.

I opened an OSS message. Waiting for an answer.

Thanks and Regards,

Yuksel AKCINAR