cancel
Showing results for 
Search instead for 
Did you mean: 

Authentication on the SAP Web Application Server ABAP using the client cert

Former Member
0 Kudos

Hi Guys,

I have configured SAP Web AS ABAP for SSL and to use the client certificates. I have mapped the user in the table USREXTID.

when the user tests for the connection like

https://xyz.com:1443/sap/xi/engine?type=entry, it is asking for the user id and password and the client certificate authentication is not working.

I found the following info on the help site

An X.509 client certificate is a digital "identification card" for use in the Internet, also known as a public-key certificate.

A user who accesses the SAP Web Application Server and presents a valid certificate is authenticated on the server using the SSL protocol. The information contained in the certificate is passed to the server and the user is logged on to the server based on this information. User authentication takes place in the underlying protocols and no user ID and password entries are necessary

Result

If the SSL authentication was successful and the user can be mapped to a SAP System user ID, then the user is logged on to the system. No user ID or password entries are necessary.

If however, the system cannot correctly map the user ID, or the SSL authentication failed, then the system checks for a logon ticket. If no ticket exists, then the system prompts the user for user ID and password using the HTTP basic authentication prompt.

I have checked the mapping in the table USREXTID and everything is fine and i dont know why still it is asking for the user id and password

any help or suggestions would be appreciated

Thanks,

Srini

Edited by: srinivas kapu on Jun 23, 2008 10:49 AM

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hello, have you gotten anywhere with this? I am trying to do inbound https using a certificate for authentication, but am running into problems. Seems the user is not able to authenticate, and they cannot use a username/password.

I added the certificate to STRUST (outbound is working fine), created a new user in SU01, and created a new entry in USREXTID mapping the user I created to the certificate.

Still get nowhere. Appreciate any advice you may have.

Former Member
0 Kudos

Hi Larry,

The problem is solved and the problem was with the certificate and it was not authorised by a CA after that everything was fine.

the entries in the table should be done manually dont load from the certificate, go to SM31 and from the entries select the view and DN.

I also had the scenario where i have done HTTPS on the receiver side and it is working fine.

For HTTPS to work you need to try with the HTTP destination and select the type of authentication there.

Thanks,

Srini

Former Member
0 Kudos

Hi,

Yes, you are right as the User ID and passowrd request will pop-up if the user is not mapped or not able to authenticate as per the SSL certificate.

But hae checked the User ID that you are trying to map is not locked in SAP system. if it was locked then also this kind of window will be populated.

Thanks

swarup

Former Member
0 Kudos

Hi Swarup,

I have checked and the user is not locked. The user i have defined as a system user.

any help would be appreciated

Thanks,

Srini