1633696 - X.509 client authentication via SAP Web Dispatcher | SAP Knowledge Base Article

SAP Knowledge Base Article - Preview

1633696 - X.509 client authentication via SAP Web Dispatcher

Symptom

X.509 client certificate authentication via SAP Web Dispatcher with End-to-End SSL and ICM - Configuration Overview

The configuration of X.509 client certificate authentication for the Netweaver AS Java increases in complexity when the communication first goes through intermediary servers such as the SAP Web Dispatcher and ICM. 

This Knowledge Based Article is intended to provide an overview of the configurations steps required to implement client certificate authentication on the Application Server Java for a very specific case where: 

  • The SAP Web Dispatcher is installed in front of a Netweaver Application Server with ABAP and Java and all https requests to the Netweaver Application Server with ABAP and Java go through the Web Dispatcher.
  • The SAP Web Dispatcher is configured to not terminate incoming SSL connections but to tunnel the SSL connection to the Application Server with ABAP and Java where ICM terminates the SSL connection.
  • If ICM determines that an initial https request was intended for the Application Server Java, ICM establishes a new SSL connection to the Application Server Java and forwards the request to it, where the end users client certificate is used for authentication

Read more...

Environment

Netweaver AS Java 6.40

Netweaver AS Java 7.00

Netweaver AS Java 7.01

Netweaver AS Java 7.02

 

Product

SAP NetWeaver 2004 ; SAP NetWeaver 7.0 ; SAP enhancement package 1 for SAP NetWeaver 7.0 ; SAP enhancement package 2 for SAP NetWeaver 7.0 ; SAP enhancement package 3 for SAP NetWeaver 7.0

Keywords

SSL Java ICM Web Dispatcher End-to-End SSL AcceptClientCertWithoutSSL ProxyServersCertificates PROT=ROUTER , KBA , BC-JAS-SEC-LGN , Logon, SSO , BC-CST-IC , Internet Communication Manager , BC-CST-WDP , Web Dispatcher , BC-SEC-SSL , Secure Sockets Layer Protocol , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.