cancel
Showing results for 
Search instead for 
Did you mean: 
Read only

SAP Cloud Platform JAVA Servlet: Client Certificate Authentication not working

christoffer_fuss
Participant
0 Likes
1,978

Hello community,

I want to protect one of my JAVA Servlets with Client Certificate Auhtentication:

 String user = request.getRemoteUser();   
 //Authenticates the User
 if (user != null) {
    _Logger.info("User already authenticated");
 } 
 else {  
   //authenticate the User    
   LoginContext loginContext;
   try {
       loginContext = LoginContextFactory.createLoginContext("CERT");
       loginContext.login();
       //update the user
       user = request.getRemoteUser();
   } catch (LoginException e) {
      _Logger.error("Authentication failed: ", e);
       return;
   } 
 } 
     

I created a certificate and signed it with my CA. I added the certificate to a keystore and uploaded it to SCP as described here:

https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/0d7cf63b75a94f869895186a2d3...

In addition I added the domain cert.hana.ondemand.com to my java application.

When I call my servlet, for example with the tool "SoapUi" or with JAVA HttpClient and send the Certificate I always geht the Loginexception:

avax.security.auth.login.LoginException: Client certificate is not available in the request

Has anybody an idea what is getting wrong?

Best Regards and Thanks in advance,

Chris

View Entire Topic
alex_zhu2
Product and Topic Expert
Product and Topic Expert
0 Likes

Hi Chris,

I got the same scenario as yours, backend system connects to the cloud service.

Did you resolve this issue? I am very curiouse about your solution for this issue.

Thanks a lot.

Alex.

christoffer_fuss
Participant

Hi Alex,

I switched to "API Management Service". Here the client certificate authentication was working fine and the service was matching my requirements fine.

Best Regards,

Chris

alex_zhu2
Product and Topic Expert
Product and Topic Expert
0 Likes

Thank you Chris.

a_wuttig
Explorer
0 Likes

maybe OAuth Client Credentials Flow is also a good way for machine to machine communication.