SAP S-User service marketplace certificate in Chromium on Linux

For my job, I have to surf the SAP service marketplace every once in a while. For everyone who has done this before: It is no fun if you don’t have a SAP browser certificate in place since you will end up constantly putting in your S-user and password. Not sure why SAP load balances by actually exposing the different servers, but hey, that’s what they got the certificates for, right?

So for everyone wondering how to get this done nicely in Chromium on Linux: here it goes.

  1. Log in on https://support.sap.com with your S-user. And by log in, I mean actually pressing the “Login” on top so that it says “Welcome, xxx” in the upper status bar
  2. Get your certificate by clicking on your name and going to “Get a browser certificate (SAP Passport)”… this should prompt you with another password entry and afterwards Chromium should give you a message that you have a certificate installed now
  3. Brilliantly, Chromium will, however, keep on bugging you about selecting this certificate every time you look at a SAP service page. Easier than password entry, but can still be improved!
  4. Add automatic certificate selection to your chromium policy. This means to add the following file as root
    /etc/chromium-browser/policies/managed/sap_certificate.json
    {
     "AutoSelectCertificateForUrls": ["{\"pattern\":\"[*.]sap.com\",\"filter\":{\"ISSUER\":{\"
     CN\":\"SAP Passport CA\"}}}","{\"pattern\":\"[*.]sap-ag.de\",\"filter\":{\"ISSUER\":{\"CN\"
     :\"SAP Passport CA\"}}}"]
     }

    Obviously, the file can be named any way you want (as long as it’s *.json), this is just a suggestion 🙂

     

And voila, this should enable you to browse around the wonderful SAP world without nagging popups!