In this blog we are going to see how to configure Web Dispatcher and its profile parameters to allow X509 certificate via Web Dispatcher.
Prerequisite:
To get X509 working with oData and SMP you may refer to
By end of this blog we would achieve the following:
As part of the configurations, we shall follow these sequence below:
Let us being:
Importing Certificate into WD
Login to web dispatcher admin URL:
Eg: http://xxxxxxxx/sap/admin/public/default.html
Navigate to SSL & Trust Configuration and PSE Management.
You should be able to see options Manage PSE, you will have 3 options:
Select SAPSSLC
Under Trusted Certificates, click on “Import Certificate”, Select the Root Certificate and Import it
For security reasons, I have hidden the details. However, the steps are simple and you should be able to continue the confirmations and get them working with this procedure.
Click on “Import Certificate” again and select your Intermediate Certificate if you have them
Click on “Import Certificate” again and select your SMP Certificate which is signed by Intermediate Certificate / Root Certificate
Repeat the same steps for SAPSSLS and import all the three certificates.
Configuring SAPSSLC
After the import the configurations looks like this:
Where Subject “CN=XXX” is the XXX Certificate which will be used as Impersonator in SMP Server.
Modifying the Profile Parameters:
Login to WD Remote System and Navigate to the following path:
C:\WD Installation Path\sap\WDS\SYS\profile
Open the file – WD_FILE_NAME
a. Adding Message Server
b. Adding ICM and Cipher
c. Modify the “mod_rules” as required according to your setup
Configuring SMP Impersonator Role
a. Login to SMP Sandbox and Navigate to Settings and Select the X509 Security profile and then click on Role Mapping
b. Click on Impersonator
c. Import the WD Certificate to Physical Role Mapping, click on Browse and Select the certificate and add the Role to Mapped Role. The detail should like this
d. Click on Save and Save to get back to Setting Screen.
The configurations are completed and you should be able to test X509 with Web Dispatcher.
This should help you get the authentication with X509 from Web-Dispatcher.
Looking forward for your comments and feedback.
Regards,
Nagesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
10 | |
9 | |
7 | |
6 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 |