on ‎2004 Nov 25 10:38 AM
Hello all,
I configured my portal solution to login using client certificates and SSL. On the login screen I am asked to prompt my user ID / password so a mapping between certificate and user ID can be established.
After having done, logging on to the portal for the second time doesn't work using the certificate - I am prompted to enter my uid/pwd again.
Does somebody have a hint on what I could have done wrong?
Request clarification before answering.
I'm not giving up, eventhough I seem to be the only person having a problem with client certificates. According to http://help.sap.com/saphelp_nw04/helpdata/de/8a/8bc061dcf64638aa695f250ce7ca78/content.htm there is the need to define an additional login module "CertPersisterLoginModule" with the classname "com.sap.security.core.server.jaas.CertPersisterLoginModule". Unfortunately I was not able to find this class neither on the file system nor in the security.jar. Is it possible that this class is missing? That could be the reason for not being able to map the certificates to the portal users, since this class is doing that.
Andreas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi guys,
This scenario describes the configuration steps needed to implement the automatic client cert-to-user mapping.
1. Adding CertPersisterLoginModule to the list of available login modules
a. Start Visual Administrator and go to Server->Services->Security Provider->Runtime(tab)->User Management(tab).
b. Press "Manage Security Stores"
c. Select "UME User Store" and press "Add Login Module"
d. Check "Use a specific editor for the login module options" and press OK.
e. In the popup window enter:
Class Name = com.sap.security.core.server.jaas.CertPersisterLoginModule
Display Name = CertPersisterLoginModulef. Press OK. Now you have to see the newly created CertPersisterLoginModule in the Login Modules tab.
2. Configuring the application stack.
a. In the Visual Administrator go to Server->Services->Security Provider->Runtime(tab)->Policy Configurations(tab).
b. Select the application stack (or template) referring to the EP or the desired application. If you have created your own application stack, select it and apply the following modules:
EvaluateTicketLoginModule SUFFICIENT ume.configuration.active=true
ClientCertLoginModule OPTIONAL
CreateTicketLoginModule SUFFICIENT ume.configuration.active=true
BasicPasswordLoginModule REQUISITE
CertPersisterLoginModule OPTIONAL ume.configuration.active=true
CreateTicketLoginModule OPTIONAL ume.configuration.active=true3. Check the configuration:
a. Access the EP via https, e.g. https://myephost.mydomain.com:50001/irj. The first time you access this page you will be prompted for user ID and password. Next time you request that URL you have to go directly to the EP main page.
b. Access the EP via http, e.g. http://myephost.mydomain.com:50000/irj. The portal behavior must not be affected.
Best regards,
Tsvetomir
Hello All,
CertPersisterLoginModule should be available from SP10. It is there in SP11 onwards. J2EE with Client certificates works fine after that and all the help topics in this thread.
Any body who did it with IISProxy? I am trying hard but it looks like as soon as a certificate is passed to IIS Proxy it fails - It fails even to direct to HTTP site.
I need some help and I have many observations. So any body who can help?
Contact me [email protected]
Regards
Ash
| User | Count |
|---|---|
| 8 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.