on 2018 May 16 11:16 AM
Hello community,
I want to protect one of my JAVA Servlets with Client Certificate Auhtentication:
String user = request.getRemoteUser();
//Authenticates the User
if (user != null) {
_Logger.info("User already authenticated");
}
else {
//authenticate the User
LoginContext loginContext;
try {
loginContext = LoginContextFactory.createLoginContext("CERT");
loginContext.login();
//update the user
user = request.getRemoteUser();
} catch (LoginException e) {
_Logger.error("Authentication failed: ", e);
return;
}
}
I created a certificate and signed it with my CA. I added the certificate to a keystore and uploaded it to SCP as described here:
https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/0d7cf63b75a94f869895186a2d3...
In addition I added the domain cert.hana.ondemand.com to my java application.
When I call my servlet, for example with the tool "SoapUi" or with JAVA HttpClient and send the Certificate I always geht the Loginexception:
avax.security.auth.login.LoginException: Client certificate is not available in the request
Has anybody an idea what is getting wrong?
Best Regards and Thanks in advance,
Chris
Request clarification before answering.
Hi Ivan,
Thank you so much for your answer.
Yes I added the "cert" domain to my application and used the "cert" Url in my request.
I used the following command to deploy my application without a application.properties file. Is this file required and how can I set the vm arguments there?
neo deploy --host hana.ondemand.com --account <acc> --application <app> --user <user> --vm-arguments "-Dcom.sap.cloud.crypto.clientcert.mapping_mode=CN"
I used a Custom CA (created by myself) to sign my client certificate. Maybe that is the problem? How can I use one of the above mentioned CAs (I am not an expert in certificates)?
I have configured a SAML IDP which I use for my applications hosted on SCP and it works fine.
But I have a scenario, where customers are calling my cloud services in their backend systems. In this scenario SAML is not possible as it is "machiene to machiene" communication. In this scenario I want to use client certificates for authentication. Or do you see a better way for doing that?
Best Regards,
Chris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
| User | Count |
|---|---|
| 8 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.