If you are using Google Chrome and SAP Passport and you are tired of constantly selecting certificates while browsing SAP sites I have something for you. The following procedure has been tested on Windows 8.1 Enterprise and Chrome 30÷37, but should work on Windows 7/8 as well as other Chrome versions:
- Download and extract Chrome policy templates from here: http://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip
- Start the Local Group Policy Editor: Start > Run > gpedit.msc > OK
- Right-click on Computer Policy > Computer Configuration > Administrative Templates and choose Add/Remove Templates...
- Click Add..., choose policy_templates\windows\adm\en-US\chrome.adm (from the already downloaded and extracted policy templates) and click Open (Note: if your Windows language is different from en-US choose the chrome.adm from the respective language folder)
- Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Google > Google Chrome > Content Settings
- Double-click on Automatically select client certificates for these sites
- Click Enabled
- Click Show... in the Options pane
- Consecutively add the following lines:
{"pattern":"https://[*.]sap.corp","filter":{"ISSUER":{"CN":"SAP Passport CA"}}}
{"pattern":"https://[*.]sap.com","filter":{"ISSUER":{"CN":"SAP Passport CA"}}}
{"pattern":"https://[*.]sap-ag.de","filter":{"ISSUER":{"CN":"SAP Passport CA"}}}
- Click OK
- Re-launch Chrome
- Done. No more annoying pop-ups!
If you're on a Mac you'll have to create/edit file /Library/Preferences/com.google.Chrome.plist and insert the following code (extend it for more server addresses):
<plist version="1.0">
<dict>
<key>AutoSelectCertificateForUrls</key>
<array>
<string>{"pattern":"[*.]sap.corp","filter":{"ISSUER":{"CN":"SAP Passport CA"}}}</string>
<string>{"pattern":"[*.]sap.com","filter":{"ISSUER":{"CN":"SAP Passport CA"}}}</string>
<string>{"pattern":"[*.]sap-ag.de","filter":{"ISSUER":{"CN":"SAP Passport CA"}}}</string>
</array>
</dict>
</plist>
Note: for some users (SAP employees and not partners/clients) the issuer should be SSO_CA instead of SAP Passport CA
Special thanks to steffen and boris.tsirulnik for their contribution to this post!