Hierarchy
⤷ BC-SEC (Application Component) Security
⤷ SUSR_CERT (Package) User Administration: Certificate administration
Basic Data
Data Element | CERT_OPT_IDXORDER_SUBJECTALT |
Short Description | Ignore position of attribute in subject alternative name |
Data Type
Category of Dictionary Type | D | Domain |
Type of Object Referenced | No Information | |
Domain / Name of Reference Type | CERT_BOOLEAN | |
Data Type | CHAR | Character String |
Length | 1 | |
Decimal Places | 0 | |
Output Length | 1 | |
Value Table |
Further Characteristics
Search Help: Name | ||
Search Help: Parameters | ||
Parameter ID | ||
Default Component name | ||
Change document | ||
No Input History | ||
Basic direction is set to LTR | ||
No BIDI Filtering |
Field Label
Length | Field Label | |
Short | 10 | SubAlt Pos |
Medium | 20 | Ignore sub alt pos. |
Long | 40 | Ignore position of attr. in subject alt |
Heading | 55 | Ignore position of attribute in subject alt. name |
Documentation
Definition
In the default configuration, a rule evaluates the logon attribute of a subject alternative name by its value and position. For example, a rule using the logon attribute "rfc822Name" expects the subject alternative name field of the certificate to include this entry in the final position. If this is not the case, the rule does not apply to the certificate.
Use this option to lift this restriction on the position in which the logon attribute appears in the subject alternative name field. In most cases, certification authorities (CA) do not vary the order of the attributes in the subject alternative names. This option then ignores the position in which the attribute appears and only applies if the attribute exists.
Example
Assume the following logon attribute: "rfc822Name" (The rule expects the attribute in the last position)
· Certificate subject alternative name 1: "rfc822Name=user@sap.com"
The rule applies because the logon attribute position is as expected.
· Certificate subject alternative name 2: "rfc822Name=user@sap.com, dNS=www.sap.com"
The rule does not apply because the logon attribute position is not as expected.
If you activate this option, the second example applies, because the rule is only checking that the attribute exists. The position in the subject alternative name is irrelevant.
History
Last changed by/on | SAP | 20110908 |
SAP Release Created in | 731 |