Hello,
Our customer has existing PKI (client certificates) which they want to use to logon to Secure Login Server using “heavy” Secure Login Client (not web client) for employees.
Their reasons are:
- They want to have two factor authentication (PIN for X.509)
- Somebody had this idea…
- They want to check CRL for existing PKI certificates
- They have a bunch of “old” ABAP systems they don’t want to upgrade to version supporting CRL check directly on SNC handshake
Based on documentation I’ve told them, that UME authentication is possible. Finally I’ve found in installation guide, that only basic authentication is supported with UME and Secure Login Client which is installed locally on the PC.
I think that following questions are for developer of Secure Login Client.
- Is it possible to use another client certificate (I don’t know which object/framework is used for SSL comunication) to establish communication between Secure Login Client and Secure Login Server over HTTPS?
- Would it be possible to use new value for parameter pseType to make Secure Login Client to not prompt for username/password and just establish SSL with client certificate?
PS: I’m currently trying to configure workaround using Kerberos (SPNego) configuration but with Authentication configured for X.509 certificate.
Best Regards,
Honza Vrzak