Understand the role of user credentials and X.509 certificates in single sign-on authentication.
During mutual certificate authentication, the client presents a certificate to Unwired Server. In order for authentication to succeed, the client’s certificate, or more typically the Certificate Authority (CA) that signed the client certificate must be present in the Unwired Server truststore. Unlike SSO, in a normal JCo connection, the user name is a technical user, and all RFCs are executed in the SAP EIS as that user and not as the end user. The technical user is granted all rights and roles within SAP to allow it to execute the range of RFCs behind the MBOs. However, in the context of SSO to SAP, a technical user certificate is added to the Unwired Server certificate trust store as part of the SNC set up. The technical user certificate is issued by the SAP server and is trusted by the SAP server to impersonate other users. So, once the technical user certificate is authenticated when the SNC connection is established, the SAP server further trusts that the credentials (SSO2 or X.509 values) given to identify the end user are validated by Unwired Server and the SAP server executes the EIS operations as that asserted end-user.