Hierarchy
⤷ BC-SEC (Application Component) Security
⤷ SUSR_CERT (Package) User Administration: Certificate administration
Basic Data
Data Element | CERT_OPT_IDXORDER_SUBJECT |
Short Description | Ignore position of attributes in subject name |
Data Type
Category of Dictionary Type | D | Domain |
Type of Object Referenced | No Information | |
Domain / Name of Reference Type | CERT_BOOLEAN | |
Data Type | CHAR | Character String |
Length | 1 | |
Decimal Places | 0 | |
Output Length | 1 | |
Value Table |
Further Characteristics
Search Help: Name | ||
Search Help: Parameters | ||
Parameter ID | ||
Default Component name | ||
Change document | ||
No Input History | ||
Basic direction is set to LTR | ||
No BIDI Filtering |
Field Label
Length | Field Label | |
Short | 10 | Subj. Pos |
Medium | 20 | Ignore subject pos. |
Long | 40 | Ignore position of attributes in subject |
Heading | 55 | Ignore position of attributes in subject name |
Documentation
Definition
In the default configuration, the filter for certificate subject evaluates the attributes and their values in strict order from back to front. For example, a rule using the filter "C=DE, O=SAP" expects the subject field of the certificate to include these two entries with C=DE in the second to last position and O=SAP is the final position. If this is not the case, the rule does not apply to the certificate.
Use this option to lift this restriction on the position and order in which these attributes appear in the subject field. In most cases, certification authorities (CA) do not vary the order of the attributes in the subject names. This option then ignores the position in which the attributes appear and only applies if the attributes and values match.
Example
Assume a filter with the following values: "C=DE, O=SAP" (The rule expects attribute C in the second to last position and the attribute O in the last position)
· Certificate subject 1: "CN=User, C=DE"
The rule does not apply because O=SAP is missing.
· Certificate subject 2: "CN=User, C=DE, O=SAP AG"
The rule applies since the attributes C and O match and are in the correct order.
· Certificate subject 3: "O=SAP AG, C=DE, CN=User"
The rule does not apply since attributes C and O are not in the last and second to last positions in the subject name, despite the fact that the values match.
If you activate this option, the second and third examples apply, because the rule is only checking that the attributes exist and that their values match. Order and position in the subject name are irrelevant. The first example still does not apply since the O attribute is missing.
History
Last changed by/on | SAP | 20110908 |
SAP Release Created in | 731 |