Configure parameters in the SAP system (BASIS)

In this topic, you learn how to configure parameters in your SAP system to enable the connection to Neptune DXP - Open Edition.

This topic describes a procedure outside the Neptune DXP - Open Edition. We cannot guarantee that this task is always up-to-date.

The following parameters need to be maintained in the SAP default profile: Transaction RZ10.


Add the following values to the parameters Transaction RZ10:

  • icm/HTTPS/verify_client=1 - This is mandatory.

  • login/certificate_mapping_rulebased=1 - This is mandatory.

  • icm/HTTPS/trust_client_with_subject=[Value of Issuer of the Neptune DXP - Open Edition certificate] - This is usually optional but in some cases mandatory when the certificate is sent from a web dispatcher.

  • icm/HTTPS/accept_ccert_for_x_forwarded_for_requests=true - This is often not needed. You can enable acceptance of client certificates for requests containing x-forwarded-for header, see SAP help.

icm/HTTPS/verify_client=1 is a mandatory parameter for authentication to work. Check whether icm/server_port_<xx> has a VCLIENT option. If it is present, it will overwrite the icm/HTTPS/verify_client value, if set. Check the above link to the SAP help if you run into the problem with the setup of Principal Propagation between Neptune DXP - Open Edition and SAP.


  • You have configured parameters in your SAP system to enable a connection to Neptune DXP - Open Edition.