Scribd Logo
Unggah

Selamat datang di Scribd!

  • Securing Connections To AS ABAP With SNC - Security and Identity Management - SCN Wiki PDF

    Diunggah oleh

    ivan
    48 tayangan5 halaman

    Judul Asli

    Securing Connections to AS ABAP with SNC - Security and Identity Management - SCN Wiki.pdf

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    48 tayangan5 halaman

    Securing Connections To AS ABAP With SNC - Security and Identity Management - SCN Wiki PDF

    Diunggah oleh

    ivan

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 5

    3/8/2016

    SecuringConnectionstoASABAPwithSNCSecurityandIdentityManagementSCNWiki

    GettingStarted Newsletters

    Welcome,Guest

    Login

    Register

    Store

    SearchtheCommunity

    Products

    Services&Support

    AboutSCN

    Downloads

    Industries

    Training&Education

    Partnership

    DeveloperCenter

    LinesofBusiness

    UniversityAlliances

    Events&Webinars

    Innovation

    SecurityandIdentityManagement / / SecuritywithinIDM

    SecuringConnectionstoASABAPwithSNC
    CreadoporChristopherLeonard,modificadoporltimavezenoct18,2012

    Purpose
    SettingupsecuredconnectionsisrequiredforprovisioningpasswordstoanASABAPServerfromtheSAPNetweaverIdentityManagementsolution7.1.

    Overview
    WewilllookatthevariousstepsrequiredtoinstallthesecuritylibariesontheIDMsystemtoenableSNC.

    InstallSAPcryptolib
    SAPprovidesitsowncryptographiclibrarySapcryptolibandacommandlinetoolSAPGENPSEinordertosetupyourSNCPSE(PersonalSecurityEnvironment)ontheIDMserver.Youcandownload
    thesefromServiceMarketplace.Seenote397175.
    ThestepstosetupSNCareasfollows:
    ThesapcryptolibdllandSAPGENPSE.exefilesarecopiedtotheIDMserveregD:\usr\sap\IdM\IdentityCenter\SAPCryptoandasubdirectoyD:\usr\sap\IdM\IdentityCenter\SAPCrypto\sec.The
    sapcryptoliblicensefileisthenplacedinthesecdirectory(.lstfileonwindows)
    SettheenvironmentalvariableSECUDIRtopointtotheD:\usr\sap\IdM\IdentityCenter\SAPCrypto\secdirectory.ThisissothattheSYSTEMuserrunningtheIDMsolutioncanaccessthePSEand
    credentialfilesrequiredatruntime

    TocheckyourinstallationrunthecommandSAPGENPSEwhichwilloutputtheversionofsapcryptolibinstalledandthevalueoftheSECUDIRvariable.

    https://wiki.scn.sap.com/wiki/display/Security/Securing+Connections+to+AS+ABAP+with+SNC

    1/5

    3/8/2016

    SecuringConnectionstoASABAPwithSNCSecurityandIdentityManagementSCNWiki

    GeneratePSEfilesforSNC
    NowcreatethePSEfilerequiredforSNC.TheSAPGENPSE.exetoolresidesinthesapcryptofolderthereforeusingthecommandlinefromthisdirectorycallthesapgenpsecommandsapgenpseget_pse
    pIC.pse"CN=IDM,OU=SAP,C=DE>youcanpresstheenterkeywhenpromptedforPINbothtimesifyoudonotwishtoPINprotectthePSEfilehoweveryoucanenteraPINinthisstep.

    FortheIdentityCentretoaccessthePSEatruntimeitrequiresacredential(storedinthefilecred_v2)thereforethiscanbecreatedbyrunningthecommandsapgenpsesecloginpic.pseOSYSTEM

    NowthepublickeycertificatemustbeexportedfromtheIdentityCenter'sPSEfilesothatitcanbeimportedtotheABAPstack.Runthecommandsapgenpseexport_own_certoidm.crtwhichcreatesthe
    certificateinthesamefolderasthesapgenpsetool

    https://wiki.scn.sap.com/wiki/display/Security/Securing+Connections+to+AS+ABAP+with+SNC

    2/5

    3/8/2016

    SecuringConnectionstoASABAPwithSNCSecurityandIdentityManagementSCNWiki

    ConfiguretheSNCsettingsintheASABAPserver
    NowlogintotheABAPstackandopentransactionSTRUST>expandtheSNCfolderanddoubleclickedontheservernamesothatitisselected.Thebuttonimportcertificateischosenwhichallowsthe
    selectionofthecertificateoftheIdentityCenterthathadbeenexportedinthepreviousstep.TheAddcertificatetolist
    buttonensuredthatthecertificatewassavedtotheSNCPSEoftheABAPstack

    UsingthesamescreendoubleclickedontheOwncertificateandchosethebuttonExportcertificateandsavedtheABAPcerttomypcforexporttotheIdentityCenterchoosingBase64asthefileformat.

    https://wiki.scn.sap.com/wiki/display/Security/Securing+Connections+to+AS+ABAP+with+SNC

    3/5

    3/8/2016

    SecuringConnectionstoASABAPwithSNCSecurityandIdentityManagementSCNWiki

    TheABAPcertificatemustnowbeimportedintotheIDMPSEfile.IplacedtheABAPcertificateinthesamedirectoryassapgenpseandthenranthecommandsapgenpsemaintain_pkap12.crtpic.pse

    NowbothsystemshavetheirSNCcertiifcatesexchanged.TheABAPstacknowneedstohavetheIDMsystemaddedtotheUSRACLEXTtabletoallowconnections.CalltransactionSM30andmaintain
    tableUSRACLEXT.Addanewentry>enterthecommunicationuserusedtoconnecttotheABAPsystemintheuserfield.TheSNCnamewillbetheuniquedistinguishednamenamegivenwhentheIDM
    PSEwascreatedegCN=IDM,OU=SAP,C=DE.Makesuretoplaceap:beforetheSNCnameiep:CN=IDM,OU=SAP,C=DE.

    https://wiki.scn.sap.com/wiki/display/Security/Securing+Connections+to+AS+ABAP+with+SNC

    4/5

    3/8/2016

    SecuringConnectionstoASABAPwithSNCSecurityandIdentityManagementSCNWiki

    SNCisnowenabled.TherepositoryconstantsforSNCthenneedtobeupdatedwiththespecificdetails.SeetheIdentityManagementforSAPSystemLandscapes:ConfigurationGuideintheappendix
    setttingsformoredetails.

    RelatedContent
    RelatedDocuments
    http://scn.sap.com/docs/DOC8397

    RelatedNotes
    snc
    ContactUs
    Privacy

    SAPHelpPortal
    TermsofUse

    LegalDisclosure

    Copyright

    https://wiki.scn.sap.com/wiki/display/Security/Securing+Connections+to+AS+ABAP+with+SNC

    idm

    identity

    management

    password

    provisioning

    FollowSCN

    5/5

    Anda mungkin juga menyukai