{"id":53737,"date":"2020-07-27T12:15:27","date_gmt":"2020-07-27T10:15:27","guid":{"rendered":"https:\/\/xiting.com\/?post_type=press&#038;p=53737"},"modified":"2026-06-08T12:34:39","modified_gmt":"2026-06-08T10:34:39","slug":"cba-microsoft-edge","status":"publish","type":"news","link":"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/","title":{"rendered":"CBA (certifcate-based authentication): Warum dieses Feature im neuen Edge Browser so n\u00fctzlich ist"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"53737\" class=\"elementor elementor-53737\" data-elementor-post-type=\"news\">\n\t\t\t\t<div class=\"elementor-element elementor-element-79b93fa e-flex e-con-boxed e-con e-parent\" data-id=\"79b93fa\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3e43790 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"3e43790\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">CBA (certifcate-based authentication): Warum dieses Feature im neuen Edge Browser so n\u00fctzlich ist<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-e64d578 e-con-full e-flex e-con e-child\" data-id=\"e64d578\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-930689b elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"930689b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-calendar-alt\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">27. Juli 2020<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6211574 elementor-widget__width-auto elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"6211574\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-equals\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">News<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-26e5c69 elementor-widget__width-auto elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"26e5c69\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-user\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Carsten Olt<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d5c871d elementor-widget elementor-widget-image\" data-id=\"d5c871d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"2560\" height=\"1383\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/shutterstock_1022824408-scaled.jpg\" class=\"attachment-full size-full wp-image-11249\" alt=\"\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/shutterstock_1022824408-scaled.jpg 2560w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/shutterstock_1022824408-300x162.jpg 300w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/shutterstock_1022824408-1024x553.jpg 1024w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/shutterstock_1022824408-768x415.jpg 768w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/shutterstock_1022824408-1536x830.jpg 1536w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/shutterstock_1022824408-2048x1107.jpg 2048w\" sizes=\"(max-width: 2560px) 100vw, 2560px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e128f85 elementor-widget elementor-widget-text-editor\" data-id=\"e128f85\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><\/p><p>Bei Verwendung von CBA (certificate-based authentication) k\u00f6nnen sich Benutzer mithilfe eines Clientzertifikats authentifizieren. Das Zertifikat wird anstelle des Benutzernamens und Kennworts verwendet. Durch die Verwendung der zertifikatbasierten Authentifizierung k\u00f6nnen Administratoren ihren Benutzern den Zugriff auf SAP und Non-SAP Ressourcen erm\u00f6glichen, ohne dass Anmeldeinformationen eingegeben werden m\u00fcssen. So weit so gut!<\/p><p><\/p><p>Ich hatte in meinen SAP-Security-Projekten in der Vergangenheit schon h\u00e4ufiger den Fall, dass sich w\u00e4hrend (und manchmal auch nach) der Einf\u00fchrung von SAP Single Sign-On auf Basis von X.509 Zertifikaten, folgendes bestimmtes Problem ergab:<\/p><p><\/p><ul><li>Die Clients des Unternehmens melden sich mit einem TLS-Client-Zertifikat bei SAP an.<\/li><li>Durch den SAP Secure Login Server werden dazu tempor\u00e4re Zertifikate ausgestellt.<\/li><li>Der Secure Login Server wird als Sub CA 1 zur vorhandenen Corporate Root CA betrieben.<\/li><li>Zur Absicherung der WLAN-Infrastruktur (802.1x EAP-TLS) stellt das Unternehmen den Anwendern nun ein weiteres Benutzer-Zertifikat per Auto-Enrollment bereit.<\/li><li>Aussteller dieses WLAN-Zertifikats ist die Sub CA 2 der vorhandenen Corporate Root CA.<\/li><li>Beide Zertifikate enthalten aufgrund deren Anforderungen die erforderlichen Eigenschaften f\u00fcr eine TLS-Client-Authentifizierung, insbesondere die EKU \u201eClient Authentication\u201c.<\/li><\/ul><p><\/p><p><strong>Da haben wir den Salat!<\/strong><\/p><p><\/p><p>Beim Client ergibt sich aus dieser Situation ein Usability-Problem, das sehr unsch\u00f6n werden kann. Beide Zertifikate akzeptiert der Browser \u2013 oder um genau zu sein der TLS f\u00e4hige Webanwendungsserver \u2013 als verwendbares TLS-Client-Authentifizierungszertifikat. \u00d6ffnet der Anwender nun beispielsweise sein Fiori Launchpad, erscheint ein Auswahldialog. Erschwerend kommt meist dazu, dass die beiden Zertifikate im Auswahldialog nur schwer zu unterscheiden sind. Problematisch wird es dann, wenn der SAP-Anwender nun (versehentlich) sein WLAN-Zertifikat verwendet, und schon erscheint ungewollt der Anmeldebildschirm.<\/p><p><\/p><p>Das Problem habe ich im Mai 2019 in einem Blog beschrieben und auch m\u00f6gliche L\u00f6sungen dazu. Den Blog findet Ihr <a href=\"https:\/\/www.xiting.us\/sap-single-sign-on-insider-tips-volume-5\/\">hier<\/a>.<\/p><p><\/p><p>Damals konnten wir keine L\u00f6sung finden, um die Zertifikatsauswahl \u00fcber einen Browser (Internet Explorer, Chrome) einzuschr\u00e4nken bzw. zu steuern. Der neue Browser Microsoft\u00a0Edge\u00a0Browser basiert auf\u00a0Chrome\u00a0und wurde im Januar 2020 ver\u00f6ffentlicht. Diese Version l\u00e4sst sich mittels Richtlinien (GPO) \u00a0konfigurieren.<\/p><p><\/p><p>An sich nichts berauschend Neues, aber das hat mich auf die F\u00e4hrte gebracht. Hintergrund war auch hier ein Kundenprojekt, wobei das Unternehmen hier ein zentrales TLS-Client-Authentifizierungszertifikat nutzte. Doch der neue Edge Browser ist da etwas \u201ezickig\u201c und verlangt, dass eine bestimmte Policy AutoSelectCertificateForUrls aktiv konfiguriert wird, ansonsten wird f\u00fcr keine Site eine automatische Auswahl durchgef\u00fchrt. Dieses nette Feature liefert uns also die L\u00f6sung f\u00fcr unser Problem. Basierend auf URL-Mustern kann der Microsoft Edge Browser f\u00fcr eine Liste von Websites automatisch das korrekte Client-Zertifikat ausw\u00e4hlen, wenn die Site eines anfordert, herrlich! ?<\/p><p><\/p><p>Ich lasse Euch mit diesem Blog an meinen Erkenntnissen teilhaben, vielleicht st\u00f6\u00dft ja auch jemand beim Googlen nach einer L\u00f6sung auf diesen Blog!<\/p><p><\/p><h2 id=\"h-der-testaufbau\">Der Testaufbau<\/h2><p><\/p><h3 id=\"h-clientsystem-windows-10-client-pc\"><strong>Clientsystem: Windows 10 Client PC<\/strong><\/h3><p><\/p><p>Bereitstellung eines Benutzerzertifikats im Windows-Zertifikatsspeicher<\/p><p><\/p><p>Das Zertifikat wurde von einem SAP Secure Login Server ausgestellt, dies spielt jedoch keine Rolle, da die hier gezeigten Vorgaben mit allen Zertifikaten funktionieren.<\/p><p><\/p><figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"1143\" height=\"343\" class=\"wp-image-11339\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_1-1.png\" alt=\"\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_1-1.png 1143w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_1-1-300x90.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_1-1-1024x307.png 1024w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_1-1-768x230.png 768w\" sizes=\"(max-width: 1143px) 100vw, 1143px\" \/><\/figure><p><\/p><p><strong>Zielsystem: SAP NW AS ABAP<\/strong><\/p><p><\/p><p><strong>URL: <\/strong><a href=\"https:\/\/icm.sapnwsso.local:50444\/sap\/bc\/gui\/sap\/its\/webgui?sap-client=001&amp;sap-language=DE\">https:\/\/icm.sapnwsso.local:50444\/sap\/bc\/gui\/sap\/its\/webgui?sap-client=001&amp;sap-language=DE<\/a><\/p><p><\/p><p>Das Zielsystem ist f\u00fcr die Authentifizierung mit Client Zertifikaten konfiguriert.<\/p><p><\/p><figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"1188\" height=\"424\" class=\"wp-image-11352\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_2-1.png\" alt=\"\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_2-1.png 1188w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_2-1-300x107.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_2-1-1024x365.png 1024w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_2-1-768x274.png 768w\" sizes=\"(max-width: 1188px) 100vw, 1188px\" \/><\/figure><p><\/p><p><strong>Benutzerzertifikat: CN=COLT, OU=Demo, O=Xiting GmbH, C=DE<\/strong><\/p><p><\/p><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"835\" height=\"460\" class=\"wp-image-11341\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_3.png\" alt=\"\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_3.png 835w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_3-300x165.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_3-768x423.png 768w\" sizes=\"(max-width: 835px) 100vw, 835px\" \/><\/figure><p><\/p><h2 id=\"h-das-nachgestellte-problemverhalten\">Das nachgestellte Problemverhalten<\/h2><p><\/p><p>Sobald die URL aufgerufen wird, erscheint am Edge die Zertifikatsauswahl, obwohl nur ein passendes Zertifikat vorhanden ist.<\/p><p><\/p><p>Ganz genau, an exakt dieser Stelle w\u00fcrden im Problemfall jetzt alle passenden TLS-Zertifikate angezeigt werden und der Benutzer m\u00fcsste die Auswahl treffen.<\/p><p><\/p><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1905\" height=\"746\" class=\"wp-image-11343\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_4.png\" alt=\"\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_4.png 1905w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_4-300x117.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_4-1024x401.png 1024w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_4-768x301.png 768w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_4-1536x601.png 1536w\" sizes=\"(max-width: 1905px) 100vw, 1905px\" \/><\/figure><p><\/p><h2 id=\"h-technischer-hintergrund-der-policy-beschreibung-von-microsoft\">Technischer Hintergrund der Policy \u2013 Beschreibung von Microsoft<\/h2><p><\/p><h3 id=\"h-autoselectcertificateforurls\"><strong>AutoSelectCertificateForUrls<\/strong>\u00a0<\/h3><p><\/p><p>Policy Name: \u00a0\u00a0 <strong>AutoSelectCertificateForUrls<\/strong><\/p><p><\/p><p>Description: \u00a0\u00a0\u00a0\u00a0 Automatically select client certificates for these sites<\/p><p><\/p><p>Policy Path: \u00a0\u00a0\u00a0\u00a0\u00a0 Microsoft Edge\\Content settings<\/p><p><\/p><p>Compatibility: \u00a0 Microsoft Edge version 77 Windows 7 or later<\/p><p><\/p><p>Machine: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Yes | HKLM\\Software\\Policies\\Microsoft\\Edge\\AutoSelectCertificateForUrls<\/p><p><\/p><p>User: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Yes | HKCU\\Software\\Policies\\Microsoft\\Edge\\AutoSelectCertificateForUrls<\/p><p><\/p><p>Specify a list of sites, based on URL patterns, for which Microsoft Edge should automatically select a client certificate, if the site requests one.<\/p><p><\/p><p>The value must be an array of stringified JSON dictionaries. Each dictionary must have the form { &#8222;pattern&#8220;: &#8222;$URL_PATTERN&#8220;, &#8222;filter&#8220; : $FILTER }, where $URL_PATTERN is a content setting pattern. $FILTER restricts from which client certificates the browser will automatically select.<\/p><p><\/p><p>Independent of the filter, only certificates will be selected that match the server&#8217;s certificate request. For example, if $FILTER has the form { &#8222;ISSUER&#8220;: { &#8222;CN&#8220;: &#8222;$ISSUER_CN&#8220; } }, additionally only client certificates are selected that are issued by a certificate with the CommonName $ISSUER_CN.<\/p><p><\/p><p>If $FILTER contains an &#8222;ISSUER&#8220; and a &#8222;SUBJECT&#8220; section, a client certificate must satisfy both conditions to be selected. If $FILTER specifies an organization (&#8222;O&#8220;), a certificate must have at least one organization which matches the specified value to be selected. If $FILTER specifies an organization unit (&#8222;OU&#8220;), a certificate must have at least one organization unit which matches the specified value to be selected. If $FILTER is the empty dictionary {}, the selection of client certificates is not additionally restricted.<\/p><p><\/p><p>If you don&#8217;t configure this policy, auto-selection isn&#8217;t done for any site.<\/p><p><\/p><p><strong>EXAMPLES<\/strong><\/p><p><\/p><p>SOFTWARE\\Policies\\Microsoft\\Edge\\AutoSelectCertificateForUrls\\1 = {&#8222;pattern&#8220;:&#8220;https:\/\/www.contoso.com&#8220;,&#8220;filter&#8220;:{&#8222;ISSUER&#8220;:{&#8222;CN&#8220;:&#8220;certificate issuer name&#8220;, &#8222;L&#8220;: &#8222;certificate issuer location&#8220;, &#8222;O&#8220;: &#8222;certificate issuer org&#8220;, &#8222;OU&#8220;: &#8222;certificate issuer org unit&#8220;}, &#8222;SUBJECT&#8220;:{&#8222;CN&#8220;:&#8220;certificate subject name&#8220;, &#8222;L&#8220;: &#8222;certificate subject location&#8220;, &#8222;O&#8220;: &#8222;certificate subject org&#8220;, &#8222;OU&#8220;: &#8222;certificate subject org unit&#8220;}}}<\/p><p><\/p><h2 id=\"h-konfiguration-microsoft-edge-mittels-richtlinien\">Konfiguration Microsoft Edge mittels Richtlinien<\/h2><p><\/p><h3 id=\"h-download-der-admx-templates-fur-edge\"><strong>Download der ADMX-Templates f\u00fcr Edge<\/strong><\/h3><p><\/p><p>Infos z. B. hier: <a href=\"https:\/\/www.prajwaldesai.com\/admx-templates-for-microsoft-edge\/\">https:\/\/www.prajwaldesai.com\/admx-templates-for-microsoft-edge\/<\/a><\/p><p><\/p><p>Erstellen einer neuen GPO<\/p><p><\/p><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"614\" height=\"292\" class=\"wp-image-11345\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_5.png\" alt=\"\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_5.png 614w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_5-300x143.png 300w\" sizes=\"(max-width: 614px) 100vw, 614px\" \/><\/figure><p><\/p><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1387\" height=\"610\" class=\"wp-image-11347\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_6.png\" alt=\"\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_6.png 1387w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_6-300x132.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_6-1024x450.png 1024w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_6-768x338.png 768w\" sizes=\"(max-width: 1387px) 100vw, 1387px\" \/><\/figure><p><\/p><p>Konfigurierte Regel: <strong>{&#8222;pattern&#8220;:&#8220;https:\/\/icm.sapnwsso.local&#8220;,&#8220;filter&#8220;:{&#8222;ISSUER&#8220;:{&#8222;CN&#8220;:&#8220;SSO3 SLS User-CA&#8220;}, &#8222;SUBJECT&#8220;:{&#8222;O&#8220;: &#8222;Xiting GmbH&#8220;}}}<\/strong><\/p><p><\/p><p>Ergebnis: Das User-Zertifikat muss <strong>O=Xiting GmbH<\/strong> beinhalten und von der Issuing CA <strong>SSO3 SLS User-CA<\/strong> ausgestellt worden sein.<\/p><p><\/p><h2 id=\"h-finaler-test-am-client\">Finaler Test am Client<\/h2><p><\/p><p>Anwenden der Policy<\/p><p><\/p><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"725\" height=\"129\" class=\"wp-image-11349\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_7.png\" alt=\"\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_7.png 725w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_7-300x53.png 300w\" sizes=\"(max-width: 725px) 100vw, 725px\" \/><\/figure><p><\/p><p>Kontrolle der Policy<\/p><p><\/p><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"896\" height=\"484\" class=\"wp-image-11360\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_8.png\" alt=\"\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_8.png 896w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_8-300x162.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_8-768x415.png 768w\" sizes=\"(max-width: 896px) 100vw, 896px\" \/><\/figure><p><\/p><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1150\" height=\"412\" class=\"wp-image-11358\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_9.png\" alt=\"\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_9.png 1150w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_9-300x107.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_9-1024x367.png 1024w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_9-768x275.png 768w\" sizes=\"(max-width: 1150px) 100vw, 1150px\" \/><\/figure><p><\/p><p>Test 1: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Aufruf einer anderen Website f\u00fcr welche keine Policy existiert.<\/p><p><\/p><p>Ergebnis: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Zertifikatsauswahldialog (!)<\/p><p><\/p><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1185\" height=\"442\" class=\"wp-image-11356\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_10.png\" alt=\"\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_10.png 1185w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_10-300x112.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_10-1024x382.png 1024w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_10-768x286.png 768w\" sizes=\"(max-width: 1185px) 100vw, 1185px\" \/><\/figure><p><\/p><p>Test 2: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Aufruf der gew\u00fcnschten Website<\/p><p><\/p><p>Ergebnis: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Automatische Anmeldung (!)<\/p><p><\/p><figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1401\" height=\"356\" class=\"wp-image-11354\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_11.png\" alt=\"\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_11.png 1401w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_11-300x76.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_11-1024x260.png 1024w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/cba_edge_11-768x195.png 768w\" sizes=\"(max-width: 1401px) 100vw, 1401px\" \/><\/figure><p><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>CBA (certifcate-based authentication): Warum dieses Feature im neuen Edge Browser so n\u00fctzlich ist 27. Juli 2020 News Carsten Olt Bei Verwendung von CBA (certificate-based authentication) k\u00f6nnen sich Benutzer mithilfe eines Clientzertifikats authentifizieren. Das Zertifikat wird anstelle des Benutzernamens und Kennworts verwendet. Durch die Verwendung der zertifikatbasierten Authentifizierung k\u00f6nnen Administratoren ihren Benutzern den Zugriff auf SAP [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":28576,"template":"elementor_header_footer","class_list":["post-53737","news","type-news","status-publish","has-post-thumbnail","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.8 (Yoast SEO v27.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>CBA: Warum dieses Feature im neuen Edge Browser so n\u00fctzlich ist<\/title>\n<meta name=\"description\" content=\"CBA erm\u00f6glicht Benutzern sich mithilfe eines Clientzertifikats zu authentifizieren. Dieses wird anstelle eines Benutzernamens und Kennworts verwendet.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CBA (certifcate-based authentication): Warum dieses Feature im neuen Edge Browser so n\u00fctzlich ist\" \/>\n<meta property=\"og:description\" content=\"Erfahren Sie aus erster Hand von neuen Releases, Partnerschaften und Entwicklungen rund um SAP-Sicherheit und Berechtigungsmanagement.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiting\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XitingAG\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-08T10:34:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiting.com\/wp-content\/uploads\/2023\/02\/shutterstock_1022824408-scaled-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1383\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data1\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/news\\\/cba-microsoft-edge\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/news\\\/cba-microsoft-edge\\\/\"},\"author\":{\"name\":\"Carsten Olt\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#\\\/schema\\\/person\\\/3c32c7de1132d012e263720a9f3300a2\"},\"headline\":\"CBA (certifcate-based authentication): Warum dieses Feature im neuen Edge Browser so n\u00fctzlich ist\",\"datePublished\":\"2020-07-27T10:15:27+00:00\",\"dateModified\":\"2026-06-08T10:34:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/news\\\/cba-microsoft-edge\\\/\"},\"wordCount\":975,\"publisher\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/news\\\/cba-microsoft-edge\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/shutterstock_1022824408-scaled-1.jpg\",\"inLanguage\":\"de-DE\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/news\\\/cba-microsoft-edge\\\/\",\"url\":\"https:\\\/\\\/xiting.com\\\/de\\\/news\\\/cba-microsoft-edge\\\/\",\"name\":\"CBA: Warum dieses Feature im neuen Edge Browser so n\u00fctzlich ist\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/news\\\/cba-microsoft-edge\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/news\\\/cba-microsoft-edge\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/shutterstock_1022824408-scaled-1.jpg\",\"datePublished\":\"2020-07-27T10:15:27+00:00\",\"dateModified\":\"2026-06-08T10:34:39+00:00\",\"description\":\"CBA erm\u00f6glicht Benutzern sich mithilfe eines Clientzertifikats zu authentifizieren. Dieses wird anstelle eines Benutzernamens und Kennworts verwendet.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/news\\\/cba-microsoft-edge\\\/#breadcrumb\"},\"inLanguage\":\"de-DE\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/xiting.com\\\/de\\\/news\\\/cba-microsoft-edge\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"de-DE\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/news\\\/cba-microsoft-edge\\\/#primaryimage\",\"url\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/shutterstock_1022824408-scaled-1.jpg\",\"contentUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/shutterstock_1022824408-scaled-1.jpg\",\"width\":2560,\"height\":1383},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/news\\\/cba-microsoft-edge\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/xiting.com\\\/de\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"News\",\"item\":\"https:\\\/\\\/xiting.com\\\/de\\\/news\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"CBA (certifcate-based authentication): Warum dieses Feature im neuen Edge Browser so n\u00fctzlich ist\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/xiting.com\\\/de\\\/\",\"name\":\"Xiting\",\"description\":\"Your Expert for SAP Security\",\"publisher\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/xiting.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de-DE\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#organization\",\"name\":\"Xiting\",\"url\":\"https:\\\/\\\/xiting.com\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de-DE\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/xiting-logo.svg\",\"contentUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/xiting-logo.svg\",\"width\":1,\"height\":1,\"caption\":\"Xiting\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/XitingAG\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/1345129\\\/\",\"https:\\\/\\\/www.instagram.com\\\/xiting.global\\\/\",\"https:\\\/\\\/www.crunchbase.com\\\/organization\\\/xiting\"],\"description\":\"Xiting wurde 2008 von erfahrenen SAP-Beratern in der Schweiz gegr\u00fcndet. Heute f\u00fchren wir ein engagiertes Team von 140 Mitarbeitenden an mehreren weltweiten Niederlassungen. Unsere hochqualifizierten SAP Security Consultants stehen f\u00fcr einen ausgepr\u00e4gten Qualit\u00e4tsanspruch und unterst\u00fctzen \u00fcber 700 nationale und internationale Kunden mit erstklassigen SAP-Dienstleistungen \u2013 sowohl Remote als auch mit Vor-Ort-Betreuung.\",\"email\":\"info@xiting.ch\",\"telephone\":\"+41 43422 8803\",\"legalName\":\"Xiting AG\",\"foundingDate\":\"2008-06-01\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"51\",\"maxValue\":\"200\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/xiting.com\\\/de\\\/#\\\/schema\\\/person\\\/3c32c7de1132d012e263720a9f3300a2\",\"name\":\"Carsten Olt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de-DE\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g\",\"caption\":\"Carsten Olt\"},\"description\":\"Carsten Olt has been working as a Managing SAP Security Consultant since 2016, responsible for Secure Authentication &amp; SSO and SAP Cloud Security Services at Xiting in Germany. As a member of the IAM team, he is also a team leader who conveys the company's goals and strategies to employees and has organizational responsibility. With a security-minded approach, Carsten has international project and IT security experience in many industries. He has been working in IT-Security since 2001, specializing in SAP security since 2010. He is a subject matter expert for SAP Single Sign-On 3.0 and a trainer for the WDESSO course. His current focus is on supporting customers in solving authentication and security challenges within hybrid SAP landscapes, as well as designing and implementing holistic authentication concepts. Carsten is an ISACA CISA and a former MCP and RHCE with an ISP background, and he looks at security from different angles. He also translates between SAP and IT security vocabulary. Carsten has in-depth experience in multi-vendor architectures and MSFT\\\/Azure components, dealing with all the requirements concerning SAML 2.0, OAuth, OpenID Connect, SCIM, X.509 CBA &amp; PKI, MFA, SAP SSO, and Secure Network Communications, Kerberos\\\/SPNEGO, data security and encryption, as well as digital signatures. Carsten is experienced in SAP on-premises components such as S\\\/4HANA, ABAP, and Java, as well as security solutions like SSO 3.0. Since 2019, he has focused on SAP-Cloudified environments, specifically the SAP Cloud Identity Services and SAP BTP, as well as SaaS integrations concerning IAM. He deals with hybrid SAP security in conjunction with Azure Active Directory, ADDS, ADFS, ADCS, Reverse Proxies\\\/WAF, SAP Web Dispatcher, SAP Cloud Connector, third-party products, and infrastructure components.\",\"sameAs\":[\"https:\\\/\\\/x.com\\\/jsterr@xiting.de\"],\"url\":\"https:\\\/\\\/xiting.com\\\/de\\\/author\\\/carsten-olt\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"CBA: Warum dieses Feature im neuen Edge Browser so n\u00fctzlich ist","description":"CBA erm\u00f6glicht Benutzern sich mithilfe eines Clientzertifikats zu authentifizieren. Dieses wird anstelle eines Benutzernamens und Kennworts verwendet.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/","og_locale":"de_DE","og_type":"article","og_title":"CBA (certifcate-based authentication): Warum dieses Feature im neuen Edge Browser so n\u00fctzlich ist","og_description":"Erfahren Sie aus erster Hand von neuen Releases, Partnerschaften und Entwicklungen rund um SAP-Sicherheit und Berechtigungsmanagement.","og_url":"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/","og_site_name":"Xiting","article_publisher":"https:\/\/www.facebook.com\/XitingAG","article_modified_time":"2026-06-08T10:34:39+00:00","og_image":[{"width":2560,"height":1383,"url":"https:\/\/xiting.com\/wp-content\/uploads\/2023\/02\/shutterstock_1022824408-scaled-1.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Gesch\u00e4tzte Lesezeit":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/#article","isPartOf":{"@id":"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/"},"author":{"name":"Carsten Olt","@id":"https:\/\/xiting.com\/de\/#\/schema\/person\/3c32c7de1132d012e263720a9f3300a2"},"headline":"CBA (certifcate-based authentication): Warum dieses Feature im neuen Edge Browser so n\u00fctzlich ist","datePublished":"2020-07-27T10:15:27+00:00","dateModified":"2026-06-08T10:34:39+00:00","mainEntityOfPage":{"@id":"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/"},"wordCount":975,"publisher":{"@id":"https:\/\/xiting.com\/de\/#organization"},"image":{"@id":"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/#primaryimage"},"thumbnailUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2023\/02\/shutterstock_1022824408-scaled-1.jpg","inLanguage":"de-DE"},{"@type":"WebPage","@id":"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/","url":"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/","name":"CBA: Warum dieses Feature im neuen Edge Browser so n\u00fctzlich ist","isPartOf":{"@id":"https:\/\/xiting.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/#primaryimage"},"image":{"@id":"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/#primaryimage"},"thumbnailUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2023\/02\/shutterstock_1022824408-scaled-1.jpg","datePublished":"2020-07-27T10:15:27+00:00","dateModified":"2026-06-08T10:34:39+00:00","description":"CBA erm\u00f6glicht Benutzern sich mithilfe eines Clientzertifikats zu authentifizieren. Dieses wird anstelle eines Benutzernamens und Kennworts verwendet.","breadcrumb":{"@id":"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/#breadcrumb"},"inLanguage":"de-DE","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/"]}]},{"@type":"ImageObject","inLanguage":"de-DE","@id":"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/#primaryimage","url":"https:\/\/xiting.com\/wp-content\/uploads\/2023\/02\/shutterstock_1022824408-scaled-1.jpg","contentUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2023\/02\/shutterstock_1022824408-scaled-1.jpg","width":2560,"height":1383},{"@type":"BreadcrumbList","@id":"https:\/\/xiting.com\/de\/news\/cba-microsoft-edge\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiting.com\/de\/"},{"@type":"ListItem","position":2,"name":"News","item":"https:\/\/xiting.com\/de\/news\/"},{"@type":"ListItem","position":3,"name":"CBA (certifcate-based authentication): Warum dieses Feature im neuen Edge Browser so n\u00fctzlich ist"}]},{"@type":"WebSite","@id":"https:\/\/xiting.com\/de\/#website","url":"https:\/\/xiting.com\/de\/","name":"Xiting","description":"Your Expert for SAP Security","publisher":{"@id":"https:\/\/xiting.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiting.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de-DE"},{"@type":"Organization","@id":"https:\/\/xiting.com\/de\/#organization","name":"Xiting","url":"https:\/\/xiting.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"de-DE","@id":"https:\/\/xiting.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/08\/xiting-logo.svg","contentUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/08\/xiting-logo.svg","width":1,"height":1,"caption":"Xiting"},"image":{"@id":"https:\/\/xiting.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XitingAG","https:\/\/www.linkedin.com\/company\/1345129\/","https:\/\/www.instagram.com\/xiting.global\/","https:\/\/www.crunchbase.com\/organization\/xiting"],"description":"Xiting wurde 2008 von erfahrenen SAP-Beratern in der Schweiz gegr\u00fcndet. Heute f\u00fchren wir ein engagiertes Team von 140 Mitarbeitenden an mehreren weltweiten Niederlassungen. Unsere hochqualifizierten SAP Security Consultants stehen f\u00fcr einen ausgepr\u00e4gten Qualit\u00e4tsanspruch und unterst\u00fctzen \u00fcber 700 nationale und internationale Kunden mit erstklassigen SAP-Dienstleistungen \u2013 sowohl Remote als auch mit Vor-Ort-Betreuung.","email":"info@xiting.ch","telephone":"+41 43422 8803","legalName":"Xiting AG","foundingDate":"2008-06-01","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"51","maxValue":"200"}},{"@type":"Person","@id":"https:\/\/xiting.com\/de\/#\/schema\/person\/3c32c7de1132d012e263720a9f3300a2","name":"Carsten Olt","image":{"@type":"ImageObject","inLanguage":"de-DE","@id":"https:\/\/secure.gravatar.com\/avatar\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g","caption":"Carsten Olt"},"description":"Carsten Olt has been working as a Managing SAP Security Consultant since 2016, responsible for Secure Authentication &amp; SSO and SAP Cloud Security Services at Xiting in Germany. As a member of the IAM team, he is also a team leader who conveys the company's goals and strategies to employees and has organizational responsibility. With a security-minded approach, Carsten has international project and IT security experience in many industries. He has been working in IT-Security since 2001, specializing in SAP security since 2010. He is a subject matter expert for SAP Single Sign-On 3.0 and a trainer for the WDESSO course. His current focus is on supporting customers in solving authentication and security challenges within hybrid SAP landscapes, as well as designing and implementing holistic authentication concepts. Carsten is an ISACA CISA and a former MCP and RHCE with an ISP background, and he looks at security from different angles. He also translates between SAP and IT security vocabulary. Carsten has in-depth experience in multi-vendor architectures and MSFT\/Azure components, dealing with all the requirements concerning SAML 2.0, OAuth, OpenID Connect, SCIM, X.509 CBA &amp; PKI, MFA, SAP SSO, and Secure Network Communications, Kerberos\/SPNEGO, data security and encryption, as well as digital signatures. Carsten is experienced in SAP on-premises components such as S\/4HANA, ABAP, and Java, as well as security solutions like SSO 3.0. Since 2019, he has focused on SAP-Cloudified environments, specifically the SAP Cloud Identity Services and SAP BTP, as well as SaaS integrations concerning IAM. He deals with hybrid SAP security in conjunction with Azure Active Directory, ADDS, ADFS, ADCS, Reverse Proxies\/WAF, SAP Web Dispatcher, SAP Cloud Connector, third-party products, and infrastructure components.","sameAs":["https:\/\/x.com\/jsterr@xiting.de"],"url":"https:\/\/xiting.com\/de\/author\/carsten-olt\/"}]}},"_links":{"self":[{"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/news\/53737","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/news"}],"about":[{"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/types\/news"}],"author":[{"embeddable":true,"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/users\/9"}],"version-history":[{"count":6,"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/news\/53737\/revisions"}],"predecessor-version":[{"id":61602,"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/news\/53737\/revisions\/61602"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/media\/28576"}],"wp:attachment":[{"href":"https:\/\/xiting.com\/de\/wp-json\/wp\/v2\/media?parent=53737"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}