Skip to Content

For quite some time now, I was unsuccesfully trying to get SSO to the SAP Community Network and SAP Marketplace to work using my SAP Passport.

 

The first I tried, was to install the SAP Passport via http://service.sap.com/, then clicking on the link on the top-right corner ‘Benefit from Single Sign-On’.

 

This approach failed, since the resulting screen didn’t show the ‘Choose the key length‘ dropdown properly, which resulted in an error response.

 

After some googling, I learnt I could simply export a certificate from my desktop’s certificate store, attach the certificate to an email, open the email on my iPad, and by clicking on the certificate attachment it would install on my device. Sounded simple enough.

 

However…

Internet Explorer 7 on my XP laptop allows me to export my SAP Passport in DER and Base-64 encoded X.509 format, as well as PKCS #7 format, but not PKCS #12. I suspected I needed the private key too, but wasn’t sure. The certificate export wizard didn’t let me export the private key, stating ‘The associated private key is marked as not exportable. Only the certificate can be exported.‘ Oh well.

 

I exported the certificate in the three formats available, attached it to an email, and sent it to myself. Clicking on the first certificates in the email received on my iPad resulted in a simple install wizard, resulting in an added entry ‘Profile S00071nnn‘ under ‘Settings > General‘. However, I wasn’t able log on to SCN or SAP Marketplace using certificate logon… I removed the certificate, and repeated the above steps using the remaining certificate formats, but same results…

 

I headed over to FireFox, but it let me export the certificates in more or less the same formats. Repeating the same steps as I did for IE7 resulted in me still not being able to login via my SAP Passport.

 

I then posted the question to SCN forum (Anyone know how to install the SAP/SDN SSO certificate on iOS device?), hoping someone would know the answer, but unfortunately I received no usable replies.

 

Months later, I needed to review a certain certificate in FireFox 4, but instead of clicking the ‘View…‘ button, I clicked the ‘Backup…‘ button next to it. Lo and behold, it allowed me to export in PKCS12 format!

 

The backup procedure added an extra step of providing a password, which should be entered upon import. I determined the private key would thus be exported as well. Following the already familiar sequence of emailing to iPad and installing the certificate finally let me log on to SCN in a pleasantly seamless way!

 

For your convenience, the steps I took are listed below:

 

  1. In FireFox, go to ‘Tools > Options‘. Select the ‘Encryption‘ tab and click ‘View Certificates‘. The Certificate Manager will now pop up.
  2. Select your SAP Passport certificate, and click the ‘Backup…‘ button
  3. Save your certificate backup in PKCS12 format
  4. You are now asked to enter a password. This password will be used when importing on your iOS device
  5. After completing, you’ll get a success message, stating the private key has also been exported.
  6. Attach the resulted file to an email which can be opened from your iPad/iPhone.
    Note: Although I haven’t tested it myself, I’m sure you could also use tools like DropBox or Evernote to transfer the file to your mobile device.
    Open the email, and tap on the attachment
  7. You will now switch from Mail to Settings, and a popup shows the certificate you want to install. Tap the ‘Install‘ button.
    You might get a warning, stating the profile is unsigned. If that happens, just tap the ‘Install Now‘ button
  8. You are now asked to enter the password you’ve been given to the file earlier. Enter the password, and tap ‘Next
  9. Although untrusted, your certificate is now succesfully installed! Tap the ‘Done‘ button to finish the import.
  10. Open Safari, browse to http://www.sdn.sap.com/irj/sdn and log in using the ‘Certificate Login‘ option.
    Et voila, you’re seamlessly logged on

I hope this would be of benefit to you, and may lead us to use SCN from our iDevices in a hassle-free way.

To report this post you need to login first.

12 Comments

You must be Logged on to comment or reply to a post.

  1. Tom Cenens
    Hello Robin

    First off thx for sharing, I bet many community will find this information usefull. I tested dropbox on ipad2 to perform the certificate install but dropbox doesnt recognize the certificate extension. I used the mail method as described in your blog which works fine.

    Kind regards

    Tom

    (0) 
    1. Robin van het Hof Post author
      Hi Tom,

      Thanks for the comment, and sharing the info on Dropbox.

      On a sidenote, since Evernote does not allow me to attach certificates using my free account, I cannot test this too… However, I hope the mail method would work for most community members.

      Best regards,
      Robin

      (0) 
  2. Ron Blechner

    Thanks a bunch.  It saved a lot of frustration.  I have to admit, I’m surprised the process isn’t better documented by SAP.

    (0) 

Leave a Reply