christopher.leonard

    2 Posts

    SAP Netweaver Identity Management 7.2 (IDM) is now available for download via the SAP Service Marketplace at www.service.sap.com/swdc . Also released is the latest patch SP3. With this new release Oracle 11 database is now supported (from SP2 onwards) which will allow those planning to upgrade their database also to continue using the supported version of SAP Netweaver Identity Management.



    Information on this latest release can be found at http://www.sdn.sap.com/irj/sdn/nw-identitymanagement . There have been a number of performance improvements in this release and some enhancements such as better interfacing with SAP Business Objects Access Control and Identity federation.



    Which should be of interest to those running IDM is the guide to optimizing performance for dispatchers which  can be found at the following link

    http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/1069b670-621a-2e10-9598-99d3b7d99a69

    which should be useful considering the criticality of ensuring that provisionings within Identity Center are executed in a timely manner.

    For tracing issues within the Identity Center some new notes have been released namely


    1642374 Tracing Issues in ABAP provisionings

    1649585 Tracing SPML in AS JAVA Repositories

    A new feature is the possibility to trace individual user entries in the Identity Center which should make tracing potential issues much easier now.

    <body><p>I wanted to allow my user’s logon to my ABAP server using X.509 client certificates. I knew of the SAP Passports option to enable this but could not find any guide outside the online help that detailed exactly how this could be done and how to resolve often encountered problems in this scenario. </p><p>In my case I configured this on the SAP netweaver 7.3 ABAP server. The customizing is well documented in the online help via the url </p><p>[http://help.sap.com/saphelp_nw73/helpdata/en/49/32de01e8945716e10000000a42189b/frameset.htm | http://help.sap.com/saphelp_nw73/helpdata/en/49/32de01e8945716e10000000a42189b/frameset.htm]</p><p>The main steps taken were</p><ul><li>Ensure https was configured (note 510007 detailed the config) on the system</li><li>Create the entry CERTRQ in table SSFAPPLIC and then create an entry in transaction SSFA with the same CERTRQ name. This will then show in transaction STRUST a new entry called CERTRQ with a red X. Highlighting this and right clicking the mouse will allow you to generate the required PSE file. Important here is that the algorithm is set to DSA and the key length is set to 1024 bits. The naming convention used for the PSE was CN=mycompany.com, OU=<installation number>-<Company Name>, O=SAP Trust Community, C=DE</li></ul><p> </p><ul><li>I Set the profile parameter <tt>login/certificate_request_subject to CN=&UNAME, OU=&WPOU, O=SAP Trust Community, C=DE</tt><tt> and</tt><tt> login/certificate_request_ca_url</tt><tt> to </tt><tt>https://tcs.mysap.com/invoke/tc/usercert</tt></li></ul><p><tt></tt></p><ul><li>Once the PSE was generated in STRUST a certificate request was sent via a support ticket to SAP to have it signed by the SAP Trust Services service. When the response was received this was imported into the CERTRQ PSE. Important here was that the signed response and the root CA was imported in the same step</li></ul><p> </p><p>I then tested the CERTREQ BSP in transaction SICF to see if it would work. This gave the error below <img  />//weblogs.sdn.sap.com/weblogs/images/26738/compressedx.509blog.jpg|height=202|alt=Error|width=350|src=https://weblogs.sdn.sap.com/weblogs/images/26738/compressedx.509blog.jpg! </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p>I first checked that the certificate in STRUST was successfully signed i.e. if you see the text </p><p><img  /></body>

    Filter Blog

    By date: