Re: Implementing SSO to AS Java with X.509 Client Certificate and a Web Dispatcher

Hi Patrick,

what does the ICM trace say with regards to certificate verification of the client certificate. Does it accept the certificate?

In my opinion my WD "lost" the X.509 client certificate, so could not sens it to AS Java (Portal)

[Thr 139697796617984] ->> SapSSLGetPeerInfo(sssl_hdl=0x7f0ddc0008c0, &cert=0x7f0ded8afa18, &cert_len=0x7f0ded8afa34,

[Thr 139697796617984] &subject_dn=0x7f0ded8afa10, &issuer_dn=0x7f0ded8afa00, &cipher=0x7f0ded8afa08)

[Thr 139697796617984] Current Cipher: SSL_RSA_WITH_RC4_128_SHA

[Thr 139697796617984] <<- SapSSLGetPeerInfo(sssl_hdl=0x7f0ddc0008c0)==SAP_O_K

[Thr 139697796617984] out: cert_len = <no cert>

[Thr 139697796617984] out: cipher = "SSL_RSA_WITH_RC4_128_SHA"

[Thr 139697796617984] HttpSubHandlerItDeactivate: handler 0: HttpAuthHandler

[Thr 139697796617984] HttpSubHandlerCall: Call Handler: HttpModHandler (0x7f0de8001320/0x7f0de8000a70), task=TASK_REQUEST(1), header_len=976

[Thr 139697796617984] ->> SapSSLGetPeerInfo(sssl_hdl=0x7f0ddc0008c0, &cert=0x7f0ded8af9d8, &cert_len=0x7f0ded8afa2c,

[Thr 139697796617984] &subject_dn=0x7f0ded8af9d0, &issuer_dn=0x7f0ded8af9c8, &cipher=0x7f0ded8af9c0)

[Thr 139697796617984] <<- SapSSLGetPeerInfo(sssl_hdl=0x7f0ddc0008c0)==SAP_O_K

[Thr 139697796617984] out: cert_len = <no cert>

[Thr 139697796617984] out: cipher = "SSL_RSA_WITH_RC4_128_SHA"

What happens if you set the communication to HTTP between WDISP and JAVA?

Maybe I'm wrong, but HTTPS is a prerequisite using X.509 client certificate

In your config I can't see the following statement in the WDISP config:

I omitted in my post,sorry

icm/server_port_0 = VCLIENT=1,PROT=HTTP,PORT=80,EXTBIND=1, TIMEOUT=900

icm/server_port_1 = VCLIENT=1,PROT=HTTPS,PORT=443,EXTBIND=1, TIMEOUT=900

Is the client certificate of the WDISP trusted by the J2EE system?

Yes, I import into trusted CAs

Do you have a VCLIENT also set in the WDISP config to request a client cert for the user?

I set in the following way:

icm/server_port_0 = VCLIENT=1,PROT=HTTP,PORT=80,EXTBIND=1, TIMEOUT=900

icm/server_port_1 = VCLIENT=1,PROT=HTTPS,PORT=443,EXTBIND=1, TIMEOUT=900

Thank you very much!

Fabrizio

Re: Implementing SSO to AS Java with X.509 Client Certificate and a Web Dispatcher

Trending Articles

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

Activation error during step MAIN_SHDRUN/ACT_UPG - DB Prozedur Proxy

Main Rahoon ya Na Rahun Lyrics Translation | Bas Itna Hai Tumse Kehna

Army Public Schools Admission Entry Test Syllabus Papers

New Malayalam kambi Audio Talk Sussiyude cycle paditham

Nalgonda District Police Office Mobile Numbers List in Telangana State

Black Angus Grilled Artichokes

Who Is Sisanda Jonas? | Biography| Profile| History Of South African Media...

Felon with a Loaded Firearm Arrested Near Ohlone Greenway

Does brandi on storage wars smoke in real life

SPYAIR – RAGE OF DUST [Mora FLAC 24bit/96kHz]

Moondru Mudichu 27-05-2016 – Polimer tv Serial

Throw Back: Samini — Where My Baby Dey (Prod by Kaywa)

Ndebele names

Critical Reasoning (CR) | Re: Outsourcing is the practice of obtaining from...

Practice Sheet of Right form of verbs for HSC Students

Film – Atacul cavaleriei ușoare – The Charge of the Light Brigade (1968)...

Mp3 Download: Mdu - Nammer

SANIDAPA LIVE IN GADAMBUWANA 2017

Ulster's King Coke Barney 'Rubble' Morgan leaves mansion to rot