Hello Experts,
Need some help on how to force SAP Secure Login Client to use X.509 user certificate's 'Subject Alternative Name' attribute as a mapping field for SSO instead of using 'Subject Name' field as it does out of the box.
Problem description:
We have configured NW SSO 2.0 SP04 test solution on our ERP 6.04/NW7.01 ABAP system using SAP CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.30 pl40 (Sep 25 2014) MT-safe. We are using X.509 user certificates generated by our own MSAD PKI.
Secure Login Client takes certificate's 'Subject Name' attribute field as a user's mapping field for establishing trust and allowing user to logon using SSO to SAP system, but the problem is that our 'Subject Name' contains Common Name attribute which is NON-unique and with special characters.
Having that in mind, SNC User mapping is hard to define and maintain.
Question: Is it possible to use X.509's 'Subject Alternative Name' attribute within Secure Login Client application? That field is unique for each user.
Regards,
Stanislaw Przytulski