@@ -42,8 +40,6 @@ Required
`-a`, `--account`
-
-
@@ -51,8 +47,6 @@ Subaccount technical name
`Type`: string \(up to 30 characters; lowercase letters and numbers, starting with a letter\)
-
-
|
@@ -60,8 +54,6 @@ Subaccount technical name
`-h`, `--host`
-
-
@@ -69,8 +61,6 @@ Enter a region host.
`Type`: URL. For acceptable values, see [Regions](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/350356d1dc314d3199dca15bd2ab9b0e.html "You can deploy applications in different regions. Each region represents a geographical location (for example, Europe, US East) where applications, data, or services are hosted.") :arrow_upper_right:.
-
-
|
@@ -78,8 +68,6 @@ Enter a region host.
`-i`, `--id`
-
-
@@ -89,8 +77,6 @@ ID of the virtual machine
`Condition`: Use either `--id` or `--name`
-
-
|
@@ -98,8 +84,6 @@ ID of the virtual machine
`-p`, `--password`
-
-
@@ -107,8 +91,6 @@ To protect your password, enter it only when prompted by the console client and
`Type`: string
-
-
|
@@ -116,8 +98,6 @@ To protect your password, enter it only when prompted by the console client and
`-n`, `--name`
-
-
@@ -127,8 +107,6 @@ Name of the virtual machine
`Condition`: Use either `--id` or `--name`
-
-
|
@@ -136,8 +114,6 @@ Name of the virtual machine
`-u`, `--user`
-
-
@@ -145,8 +121,6 @@ Use your email, SAP ID, or user name.
`Type`: string
-
-
|
diff --git a/docs/50-administration-and-ops-neo/unsubscribe-862d00e.md b/docs/50-administration-and-ops-neo/unsubscribe-862d00e.md
index 8685913..e4c115c 100644
--- a/docs/50-administration-and-ops-neo/unsubscribe-862d00e.md
+++ b/docs/50-administration-and-ops-neo/unsubscribe-862d00e.md
@@ -36,8 +36,6 @@ To list all parameters available for this command, execute `neo help unsubscribe
Required
-
-
@@ -45,8 +43,6 @@ Required
`-a`, `--account`
-
-
@@ -56,8 +52,6 @@ This is the subaccount of the consumer that is to be unsubscribed.
`Type`: string \(up to 30 characters; lowercase letters and numbers, starting with a letter\)
-
-
|
@@ -65,8 +59,6 @@ This is the subaccount of the consumer that is to be unsubscribed.
`-b`, `--application`
-
-
@@ -76,8 +68,6 @@ This parameter must be specified in the format :
`Type`: string \(up to 30 characters; lowercase letters and numbers, starting with a letter\)
-
-
|
@@ -85,8 +75,6 @@ This parameter must be specified in the format :
`-u`, `--user`
-
-
@@ -96,8 +84,6 @@ To be able to execute this command, the specified user must be a member of both
`Type`: string
-
-
|
@@ -105,8 +91,6 @@ To be able to execute this command, the specified user must be a member of both
`-p`, `--password`
-
-
@@ -114,8 +98,6 @@ To protect your password, enter it only when prompted by the console client and
`Type`: string
-
-
|
@@ -123,8 +105,6 @@ To protect your password, enter it only when prompted by the console client and
`-h`, `--host`
-
-
@@ -132,8 +112,6 @@ Enter a region host.
`Type`: URL, for acceptable values see [Regions](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/350356d1dc314d3199dca15bd2ab9b0e.html "You can deploy applications in different regions. Each region represents a geographical location (for example, Europe, US East) where applications, data, or services are hosted.") :arrow_upper_right:.
-
-
|
diff --git a/docs/50-administration-and-ops-neo/update-applications-with-zero-downtime-a10f6c2.md b/docs/50-administration-and-ops-neo/update-applications-with-zero-downtime-a10f6c2.md
index b5d4eae..350a4a5 100644
--- a/docs/50-administration-and-ops-neo/update-applications-with-zero-downtime-a10f6c2.md
+++ b/docs/50-administration-and-ops-neo/update-applications-with-zero-downtime-a10f6c2.md
@@ -116,7 +116,7 @@ For example, if your application runs on two application processes, you need to
**Related Information**
-[rolling-update](rolling-update-3f5d412.md "The rolling-update command performs update of an application without downtime in one go.")
+[rolling-update](rolling-update-3f5d412.md "The rolling-update command performs update of a Java application without downtime in one go.")
[Perform Soft Shutdown](perform-soft-shutdown-17e8e96.md "Soft shutdown enables an operator to stop an application or application process in a way that no data is lost. Using soft shutdown gives sufficient time to finish serving end user requests or background jobs.")
diff --git a/docs/50-administration-and-ops-neo/update-db-binding-b4f86d5.md b/docs/50-administration-and-ops-neo/update-db-binding-b4f86d5.md
index d604155..981395d 100644
--- a/docs/50-administration-and-ops-neo/update-db-binding-b4f86d5.md
+++ b/docs/50-administration-and-ops-neo/update-db-binding-b4f86d5.md
@@ -29,8 +29,6 @@ You can set a new pair of database user and password, change the keystore, or sw
Required
-
-
@@ -38,8 +36,6 @@ Required
`--db-password`
-
-
@@ -49,8 +45,6 @@ Password of the database user used to access the database
To protect your password, enter it only when prompted by the console client and not explicitly as a parameter in the properties file or the command line
-
-
|
@@ -58,15 +52,11 @@ To protect your password, enter it only when prompted by the console client and
`--db-user`
-
-
Name of the database user used to access the database. Use it to set password-based authentication and for bindings to productive HANA instances and databases. If omitted, you must specify `--keystore-name`
-
-
|
@@ -74,15 +64,11 @@ Name of the database user used to access the database. Use it to set password-ba
`--keystore-name`
-
-
Name of the keystore used to access the database. Use it to set authentication with an X.509 client certificate and for bindings to HANA databases on HANA 2 MDC systems \(only for HANA MDC databases with version 2.00.056 or higher\). If omitted, you must specify `--db-user`.
-
-
|
@@ -90,8 +76,6 @@ Name of the keystore used to access the database. Use it to set authentication w
`--keystore-password`
-
-
@@ -101,8 +85,6 @@ Password of the keystore used to access the HANA database
To protect your password, enter it only when prompted by the console client and not explicitly as a parameter in the properties file or the command line.
-
-
|
@@ -110,8 +92,6 @@ To protect your password, enter it only when prompted by the console client and
`-s`, `--data-source`
-
-
@@ -121,8 +101,6 @@ Default:
The application will be able to access this database via the specified data source.
-
-
|
@@ -130,15 +108,11 @@ The application will be able to access this database via the specified data sour
`-a`, `--account`
-
-
Subaccount technical name
-
-
|
@@ -146,15 +120,11 @@ Subaccount technical name
`-b`, `--application`
-
-
Application name
-
-
|
@@ -162,8 +132,6 @@ Application name
`-h`, `--host`
-
-
@@ -171,8 +139,6 @@ Enter a region host.
`Type:` URL, for acceptable values see [Regions and Hosts Available for the Neo Environment](https://help.sap.com/viewer/ea72206b834e4ace9cd834feed6c0e09/Cloud/en-US/d722f7cea9ec408b85db4c3dcba07b52.html)
-
-
|
@@ -180,8 +146,6 @@ Enter a region host.
`-p`, `--password`
-
-
@@ -189,8 +153,6 @@ To protect your password, enter it only when prompted by the console client and
`Type:` string
-
-
|
@@ -198,8 +160,6 @@ To protect your password, enter it only when prompted by the console client and
`-u`, `--user`
-
-
@@ -207,8 +167,6 @@ Use your e-mail, SAP ID, or user name
`Type:` string
-
-
|
diff --git a/docs/50-administration-and-ops-neo/upload-domain-certificate-bb54abf.md b/docs/50-administration-and-ops-neo/upload-domain-certificate-bb54abf.md
index be1695f..5ee1c9d 100644
--- a/docs/50-administration-and-ops-neo/upload-domain-certificate-bb54abf.md
+++ b/docs/50-administration-and-ops-neo/upload-domain-certificate-bb54abf.md
@@ -35,8 +35,6 @@ To list all parameters available for this command, execute `neo help upload-doma
Required
-
-
@@ -44,8 +42,6 @@ Required
`-a`, `--account`
-
-
@@ -53,8 +49,6 @@ Subaccount technical name
`Type`: string \(up to 30 characters; lowercase letters and numbers, starting with a letter\)
-
-
|
@@ -62,8 +56,6 @@ Subaccount technical name
`-h`, `--host`
-
-
@@ -71,8 +63,6 @@ Enter a region host.
`Type`: URL. For acceptable values, see [Regions](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/350356d1dc314d3199dca15bd2ab9b0e.html "You can deploy applications in different regions. Each region represents a geographical location (for example, Europe, US East) where applications, data, or services are hosted.") :arrow_upper_right:.
-
-
|
@@ -80,8 +70,6 @@ Enter a region host.
`-p`, `--password`
-
-
@@ -89,8 +77,6 @@ To protect your password, enter it only when prompted by the console client and
`Type`: string
-
-
|
@@ -98,8 +84,6 @@ To protect your password, enter it only when prompted by the console client and
`-u`, `--user`
-
-
@@ -107,8 +91,6 @@ Use your email, SAP ID, or user name.
`Type`: string
-
-
|
@@ -116,8 +98,6 @@ Use your email, SAP ID, or user name.
`-n`, `--name`
-
-
@@ -129,8 +109,6 @@ If you upload a certificate not based on a CSR generated via `generate-csr`, you
The certificate name must start with a letter and can only contain lowercase letters \(a-z\), uppercase letters \(A-Z\), numbers \(0-9\), underscores \( \_ \), and hyphens \(-\).
-
-
|
@@ -138,8 +116,6 @@ The certificate name must start with a letter and can only contain lowercase let
`-l`, `--location`
-
-
@@ -155,8 +131,6 @@ Location of a file containing certificate data
`Maximum file size`: 20 KB
-
-
|
@@ -168,8 +142,6 @@ Location of a file containing certificate data
Optional
-
-
@@ -177,8 +149,6 @@ Optional
`-f`, `--force`
-
-
@@ -186,8 +156,6 @@ Overwrites an existing SSL certificate. For example, this parameter lets you upd
The `--force` option is also useful if you had to and you did not upload an intermediate certificate for some reason. Note that the intermediate certificate must be added to the file that contains the SSL certificate.
-
-
|
@@ -195,8 +163,6 @@ The `--force` option is also useful if you had to and you did not upload an inte
`-k`, `--key-location`
-
-
@@ -211,8 +177,6 @@ If you want to upload a signed certificate that is not based on a CSR generated
`Maximum file size`: 4 KB
-
-
|
diff --git a/docs/50-administration-and-ops-neo/upload-keystore-dea2506.md b/docs/50-administration-and-ops-neo/upload-keystore-dea2506.md
index f2b4081..5f46585 100644
--- a/docs/50-administration-and-ops-neo/upload-keystore-dea2506.md
+++ b/docs/50-administration-and-ops-neo/upload-keystore-dea2506.md
@@ -29,8 +29,6 @@ To list all parameters available for this command, execute `neo help upload-keys
Required
-
-
@@ -38,8 +36,6 @@ Required
`-a`, `--account`
-
-
@@ -49,8 +45,6 @@ The account for which you provide username and password.
`Type`: string \(up to 30 characters; lowercase letters and numbers, starting with a letter\)
-
-
|
@@ -58,8 +52,6 @@ The account for which you provide username and password.
`-h`, `--host`
-
-
@@ -67,8 +59,6 @@ Enter a region host.
`Type`: URL, for acceptable values see [Regions](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/350356d1dc314d3199dca15bd2ab9b0e.html "You can deploy applications in different regions. Each region represents a geographical location (for example, Europe, US East) where applications, data, or services are hosted.") :arrow_upper_right:.
-
-
|
@@ -76,8 +66,6 @@ Enter a region host.
`-l`,`--location`
-
-
@@ -85,8 +73,6 @@ Path to a keystore file to be uploaded from the local file system. The file exte
`Type`: string
-
-
|
@@ -94,8 +80,6 @@ Path to a keystore file to be uploaded from the local file system. The file exte
`-u`, `--user`
-
-
@@ -103,8 +87,6 @@ Use your email, SAP ID or user name
`Type`: string
-
-
|
@@ -116,8 +98,6 @@ Use your email, SAP ID or user name
Optional
-
-
@@ -125,8 +105,6 @@ Optional
`-b`, `--application`
-
-
@@ -137,8 +115,6 @@ Application name
`Type`: string \(up to 30 characters; lowercase letters and numbers, starting with a letter\)
-
-
|
@@ -146,15 +122,11 @@ Application name
`-w`, `--overwrite`
-
-
Overwrites a file with the same name if such already exists. If you do not explicitly include the `--overwrite` argument, you will be notified and asked if you want to overwrite the file.
-
-
|
diff --git a/docs/50-administration-and-ops-neo/version-7f6d786.md b/docs/50-administration-and-ops-neo/version-7f6d786.md
index fd47c14..79e0a95 100644
--- a/docs/50-administration-and-ops-neo/version-7f6d786.md
+++ b/docs/50-administration-and-ops-neo/version-7f6d786.md
@@ -43,8 +43,6 @@ To list all parameters available for this command, execute `neo help` version in
Required
-
-
@@ -52,15 +50,11 @@ Required
`-c`, `--commands`
-
-
Lists all commands available in the SDK and their versions.
-
-
|
@@ -68,15 +62,11 @@ Lists all commands available in the SDK and their versions.
`-j`, `--jars`
-
-
Lists all JAR files in the SDK and their versions.
-
-
|
@@ -84,15 +74,11 @@ Lists all JAR files in the SDK and their versions.
`-u`, `--updates`
-
-
Checks if there are any updates and hot fixes for the SDK and whether the SDK version is still supported. It also provides the version of the latest available SDK.
-
-
|
@@ -104,8 +90,6 @@ Checks if there are any updates and hot fixes for the SDK and whether the SDK ve
Optional
-
-
@@ -113,8 +97,6 @@ Optional
`--output` ``
-
-
@@ -124,8 +106,6 @@ Prints the output in the specified format.
`Type`: string
-
-
|
diff --git a/docs/50-administration-and-ops-neo/view-directory-usage-analytics-feature-set-b-a287782.md b/docs/50-administration-and-ops-neo/view-directory-usage-analytics-feature-set-b-a287782.md
index 775affb..0a1cb04 100644
--- a/docs/50-administration-and-ops-neo/view-directory-usage-analytics-feature-set-b-a287782.md
+++ b/docs/50-administration-and-ops-neo/view-directory-usage-analytics-feature-set-b-a287782.md
@@ -28,15 +28,11 @@ The directory *Usage Analytics* page contains two views that display the same us
View
-
-
Description
-
-
|
@@ -44,15 +40,11 @@ Description
**Service Usage**
-
-
Displays high-level usage information for a selected service or business application subscriptions according to the directory from which you accessed the *Usage Analytics* page. You can also drill down and view usage data for specific subdirectories and subaccounts that are located in this directory.
-
-
|
@@ -60,15 +52,11 @@ Displays high-level usage information for a selected service or business applica
**Directory/Subaccount Usage**
-
-
Displays high-level usage information for all services and business application subscriptions according to the directory from which you accessed the *Usage Analytics* page. You can also drill down and view usage data for specific subdirectories and subaccounts that are located in this directory.
-
-
|
diff --git a/docs/50-administration-and-ops-neo/view-subaccount-usage-analytics-8f4d9db.md b/docs/50-administration-and-ops-neo/view-subaccount-usage-analytics-8f4d9db.md
index 5df223c..a6cc372 100644
--- a/docs/50-administration-and-ops-neo/view-subaccount-usage-analytics-8f4d9db.md
+++ b/docs/50-administration-and-ops-neo/view-subaccount-usage-analytics-8f4d9db.md
@@ -23,15 +23,11 @@ The subaccount *Usage Analytics* page contains views that display usage at diffe
View
-
-
Description
-
-
|
@@ -39,8 +35,6 @@ Description
**Subaccount**
-
-
@@ -48,8 +42,6 @@ Displays high-level usage information for your subaccount relating to services a
Some information in this view is displayed only for global account admins.
-
-
|
@@ -57,15 +49,11 @@ Some information in this view is displayed only for global account admins.
**Services**
-
-
Displays usage per service plan for the region of the subaccount, and the selected metric and period. Information is shown for all services whose metered consumption in the subaccount is greater than zero.
-
-
|
diff --git a/docs/50-administration-and-ops-neo/working-with-environments-using-the-btp-cli-48db155.md b/docs/50-administration-and-ops-neo/working-with-environments-using-the-btp-cli-48db155.md
index 82ce0cd..52fc631 100644
--- a/docs/50-administration-and-ops-neo/working-with-environments-using-the-btp-cli-48db155.md
+++ b/docs/50-administration-and-ops-neo/working-with-environments-using-the-btp-cli-48db155.md
@@ -14,22 +14,16 @@ Use the SAP BTP command line interface \(btp CLI\) to manage runtime environment
Task
-
-
Run the command ...
-
-
|
Command help
-
-
|
@@ -37,22 +31,16 @@ Command help
Get all available environments for a subaccount
-
-
`btp list accounts/available-environment`
-
-
|
[btp list accounts/available-environment](https://help.sap.com/docs/BTP/btp-cli/btp-list-accounts-available-environment.html)
-
-
|
@@ -60,22 +48,16 @@ Get all available environments for a subaccount
Get details about an environment available for a subaccount
-
-
`btp get accounts/available-environment`
-
-
|
[btp get accounts/available-environment](https://help.sap.com/docs/BTP/btp-cli/btp-get-accounts-available-environment.html)
-
-
|
@@ -83,22 +65,16 @@ Get details about an environment available for a subaccount
Get all environment instances of a subaccount
-
-
`btp list accounts/environment-instance`
-
-
|
[btp list accounts/environment-instance](https://help.sap.com/docs/BTP/btp-cli/btp-list-accounts-environment-instance.html)
-
-
|
@@ -106,22 +82,16 @@ Get all environment instances of a subaccount
Get a specific environment instance of a subaccount
-
-
`btp get accounts/environment-instance`
-
-
|
[btp get accounts/environment-instance](https://help.sap.com/docs/BTP/btp-cli/btp-get-accounts-environment-instance.html)
-
-
|
@@ -129,22 +99,16 @@ Get a specific environment instance of a subaccount
Create an environment instance in a subaccount
-
-
`btp create accounts/environment-instance`
-
-
|
[btp create accounts/environment-instance](https://help.sap.com/docs/BTP/btp-cli/btp-create-accounts-environment-instance.html)
-
-
|
@@ -152,22 +116,16 @@ Create an environment instance in a subaccount
Update the plan and/or configuration parameters of an environment in a subaccount
-
-
`btp update accounts/environment-instance`
-
-
|
[btp update accounts/environment-instance](https://help.sap.com/docs/BTP/btp-cli/btp-update-accounts-environment-instance.html)
-
-
|
@@ -175,22 +133,16 @@ Update the plan and/or configuration parameters of an environment in a subaccoun
Delete environment instances of a subaccount
-
-
`btp delete accounts/environment-instance`
-
-
|
[btp delete accounts/environment-instance](https://help.sap.com/docs/BTP/btp-cli/btp-delete-accounts-environment-instance.html)
-
-
|
diff --git a/docs/50-administration-and-ops-neo/working-with-external-resource-providers-using-the-btp-cli-48d7688.md b/docs/50-administration-and-ops-neo/working-with-external-resource-providers-using-the-btp-cli-48d7688.md
index f83f24a..7d32d69 100644
--- a/docs/50-administration-and-ops-neo/working-with-external-resource-providers-using-the-btp-cli-48d7688.md
+++ b/docs/50-administration-and-ops-neo/working-with-external-resource-providers-using-the-btp-cli-48d7688.md
@@ -16,22 +16,16 @@ Creating a resource provider instance allows your global account to connect to y
Task
-
-
Run the command...
-
-
|
Command help
-
-
|
@@ -39,22 +33,16 @@ Command help
List all resource provider instances in a global account
-
-
`btp list accounts/resource-provider`
-
-
|
[btp list accounts/resource-provider](https://help.sap.com/docs/BTP/btp-cli/btp-list-accounts-resource-provider.html)
-
-
|
@@ -62,22 +50,16 @@ List all resource provider instances in a global account
Get details about a resource provider instance
-
-
`btp get accounts/resource-provider`
-
-
|
[btp get accounts/resource-provider](https://help.sap.com/docs/BTP/btp-cli/btp-get-accounts-resource-provider.html)
-
-
|
@@ -85,22 +67,16 @@ Get details about a resource provider instance
Create a resource provider instance
-
-
`btp create accounts/resource-provider`
-
-
|
[btp create accounts/resource-provider](https://help.sap.com/docs/BTP/btp-cli/btp-create-accounts-resource-provider.html)
-
-
|
@@ -108,22 +84,16 @@ Create a resource provider instance
Update a resource provider instance
-
-
`btp update accounts/resource-provider`
-
-
|
[btp update accounts/resource-provider](https://help.sap.com/docs/BTP/btp-cli/btp-update-accounts-resource-provider.html)
-
-
|
@@ -131,22 +101,16 @@ Update a resource provider instance
Delete a resource provider instance
-
-
`btp delete accounts/resource-provider`
-
-
|
[btp delete accounts/resource-provider](https://help.sap.com/docs/BTP/btp-cli/btp-delete-accounts-resource-provider.html)
-
-
|
diff --git a/docs/50-administration-and-ops-neo/working-with-global-accounts-directories-and-subaccounts-using-the-btp-cli-85a683e.md b/docs/50-administration-and-ops-neo/working-with-global-accounts-directories-and-subaccounts-using-the-btp-cli-85a683e.md
index 0fd5522..98ff817 100644
--- a/docs/50-administration-and-ops-neo/working-with-global-accounts-directories-and-subaccounts-using-the-btp-cli-85a683e.md
+++ b/docs/50-administration-and-ops-neo/working-with-global-accounts-directories-and-subaccounts-using-the-btp-cli-85a683e.md
@@ -19,22 +19,16 @@ Use the SAP BTP command line interface \(btp CLI\) to manage operations with glo
Task
-
-
Run the command...
-
-
|
Command help
-
-
|
@@ -42,22 +36,16 @@ Command help
Get details about a global account, and the account structure \(directories and subaccounts\) of the global account.
-
-
`btp get accounts/global-account`
-
-
|
[btp get accounts/global-account](https://help.sap.com/docs/BTP/btp-cli/btp-get-accounts-global-account.html)
-
-
|
@@ -65,22 +53,16 @@ Get details about a global account, and the account structure \(directories and
Update the display name and/or description of a global account.
-
-
`btp update accounts/global-account`
-
-
|
[btp update accounts/global-account](https://help.sap.com/docs/BTP/btp-cli/btp-update-accounts-global-account.html)
-
-
|
@@ -105,22 +87,16 @@ Directories allow you to organize and manage your subaccounts according to your
Task
-
-
Run the command...
-
-
|
Command help
-
-
|
@@ -128,22 +104,16 @@ Command help
Get details about a directory and list the subaccounts and subdirectories in the directory
-
-
`btp get accounts/directory`
-
-
|
[btp get accounts/directory](https://help.sap.com/docs/BTP/btp-cli/btp-get-accounts-directory.html)
-
-
|
@@ -151,22 +121,16 @@ Get details about a directory and list the subaccounts and subdirectories in the
Create a directory
-
-
`btp create accounts/directory`
-
-
|
[btp create accounts/directory](https://help.sap.com/docs/BTP/btp-cli/btp-create-accounts-directory.html)
-
-
|
@@ -174,22 +138,16 @@ Create a directory
Update a directory
-
-
`btp update accounts/directory`
-
-
|
[btp update accounts/directory](https://help.sap.com/docs/BTP/btp-cli/btp-update-accounts-directory.html)
-
-
|
@@ -197,22 +155,16 @@ Update a directory
Delete a directory
-
-
`btp delete accounts/directory`
-
-
|
[btp delete accounts/directory](https://help.sap.com/docs/BTP/btp-cli/btp-delete-accounts-directory.html)
-
-
|
@@ -220,22 +172,16 @@ Delete a directory
Change the set of enabled features \(user and entitlement management\) for a directory
-
-
`btp enable accounts/directory`
-
-
|
[btp enable accounts/directory](https://help.sap.com/docs/BTP/btp-cli/btp-enable-accounts-directory.html)
-
-
|
@@ -243,22 +189,16 @@ Change the set of enabled features \(user and entitlement management\) for a dir
List the user-defined labels assigned to a directory
-
-
`btp list accounts/labels`
-
-
|
[btp list accounts/label](https://help.sap.com/docs/BTP/btp-cli/btp-list-accounts-label.html)
-
-
|
@@ -276,15 +216,11 @@ List the custom properties assigned to a directory
`btp list accounts/custom-property`
-
-
[btp list accounts/custom-property](https://help.sap.com/docs/BTP/btp-cli/btp-list-accounts-custom-property.html)
-
-
|
@@ -307,22 +243,16 @@ For more information, see [Directories \[Feature Set B\]](../10-concepts-neo/acc
Task
-
-
Run the command...
-
-
|
Command help
-
-
|
@@ -330,8 +260,6 @@ Command help
List all subaccounts in a global account
-
-
@@ -346,8 +274,6 @@ btp list accounts/subaccount
[btp list accounts/subaccount](https://help.sap.com/docs/BTP/btp-cli/btp-list-accounts-subaccount.html)
-
-
|
@@ -355,22 +281,16 @@ btp list accounts/subaccount
Get details about a subaccount
-
-
`btp get accounts/subaccount`
-
-
|
[btp get accounts/subaccount](https://help.sap.com/docs/BTP/btp-cli/btp-get-accounts-subaccount.html)
-
-
|
@@ -378,22 +298,16 @@ Get details about a subaccount
Create a subaccount
-
-
`btp create accounts/subaccount`
-
-
|
[btp create accounts/subaccount](https://help.sap.com/docs/BTP/btp-cli/btp-create-accounts-subaccount.html)
-
-
|
@@ -401,22 +315,16 @@ Create a subaccount
Update a subaccount
-
-
`btp update accounts/subaccount`
-
-
|
[btp update accounts/subaccount](https://help.sap.com/docs/BTP/btp-cli/btp-update-accounts-subaccount.html)
-
-
|
@@ -424,22 +332,16 @@ Update a subaccount
Delete a subaccount
-
-
`btp delete accounts/subaccount`
-
-
|
[btp delete accounts/subaccount](https://help.sap.com/docs/BTP/btp-cli/btp-delete-accounts-subaccount.html)
-
-
|
@@ -447,22 +349,16 @@ Delete a subaccount
Move a subaccount
-
-
`btp move accounts/subaccount`
-
-
|
[btp move accounts/subaccount](https://help.sap.com/docs/BTP/btp-cli/btp-move-accounts-subaccount.html)
-
-
|
@@ -470,22 +366,16 @@ Move a subaccount
List the user-defined labels assigned to a subaccount
-
-
`btp list accounts/labels`
-
-
|
[btp list accounts/label](https://help.sap.com/docs/BTP/btp-cli/btp-list-accounts-label.html)
-
-
|
@@ -503,15 +393,11 @@ List the custom properties assigned to a subaccount
`btp list accounts/custom-property`
-
-
[btp list accounts/custom-property](https://help.sap.com/docs/BTP/btp-cli/btp-list-accounts-custom-property.html)
-
-
|
@@ -519,22 +405,16 @@ List the custom properties assigned to a subaccount
Get all available regions for global account
-
-
`btp list accounts/available-region`
-
-
|
[btp list accounts/available-region](https://help.sap.com/docs/BTP/btp-cli/btp-list-accounts-available-region.html)
-
-
|
diff --git a/docs/50-administration-and-ops-neo/working-with-multitenant-applications-using-the-btp-cli-c1b0fcc.md b/docs/50-administration-and-ops-neo/working-with-multitenant-applications-using-the-btp-cli-c1b0fcc.md
index 99655f2..69aedb3 100644
--- a/docs/50-administration-and-ops-neo/working-with-multitenant-applications-using-the-btp-cli-c1b0fcc.md
+++ b/docs/50-administration-and-ops-neo/working-with-multitenant-applications-using-the-btp-cli-c1b0fcc.md
@@ -14,22 +14,16 @@ Use the SAP BTP command line interface \(btp CLI\) to manage the multitenant app
Task
-
-
Run the command...
-
-
|
Command help
-
-
|
@@ -37,22 +31,16 @@ Command help
Get all applications to which a subaccount is entitled to subscribe
-
-
`btp list accounts/subscription`
-
-
|
[btp list accounts/subscription](https://help.sap.com/docs/BTP/btp-cli/btp-list-accounts-subscription.html)
-
-
|
@@ -60,22 +48,16 @@ Get all applications to which a subaccount is entitled to subscribe
Get details of a multitenant application in a subaccount
-
-
`btp get accounts/subscription`
-
-
|
[btp get accounts/subscription](https://help.sap.com/docs/BTP/btp-cli/btp-get-accounts-subscription.html)
-
-
|
@@ -83,22 +65,16 @@ Get details of a multitenant application in a subaccount
Subscribe to an application from a subaccount
-
-
`btp subscribe accounts/subaccount`
-
-
|
[btp subscribe accounts/subaccount](https://help.sap.com/docs/BTP/btp-cli/btp-subscribe-accounts-subaccount.html)
-
-
|
@@ -116,15 +92,11 @@ Update the plan of an existing subscription
`btp update accounts/subscription`
-
-
[btp update accounts/subscription](https://help.sap.com/docs/BTP/btp-cli/btp-update-accounts-subscription.html)
-
-
|
@@ -132,22 +104,16 @@ Update the plan of an existing subscription
Unsubscribe an application from a subaccount
-
-
`btp unsubscribe accounts/subaccount`
-
-
|
[btp unsubscribe accounts/subaccount](https://help.sap.com/docs/BTP/btp-cli/btp-unsubscribe-accounts-subaccount.html)
-
-
|
diff --git a/docs/50-administration-and-ops-neo/working-with-resources-of-the-sap-service-manager-using-the-btp-cli-fe6a53b.md b/docs/50-administration-and-ops-neo/working-with-resources-of-the-sap-service-manager-using-the-btp-cli-fe6a53b.md
index ebb514e..7b14627 100644
--- a/docs/50-administration-and-ops-neo/working-with-resources-of-the-sap-service-manager-using-the-btp-cli-fe6a53b.md
+++ b/docs/50-administration-and-ops-neo/working-with-resources-of-the-sap-service-manager-using-the-btp-cli-fe6a53b.md
@@ -26,22 +26,16 @@ For detailed descriptions of all SAP Service Manager CLI commands, see [SAP Serv
Task
-
-
Run the command ...
-
-
|
Command help
-
-
|
@@ -49,22 +43,16 @@ Command help
List all registered platforms in the current subaccount
-
-
`btp list services/platform`
-
-
|
[btp list services/platform](https://help.sap.com/docs/BTP/btp-cli/btp-list-services-platform.html)
-
-
|
@@ -72,22 +60,16 @@ List all registered platforms in the current subaccount
Get details about a specific platform registered in the current subaccount
-
-
`btp get services/platform`
-
-
|
[btp get services/platform](https://help.sap.com/docs/BTP/btp-cli/btp-get-services-platform.html)
-
-
|
@@ -95,22 +77,16 @@ Get details about a specific platform registered in the current subaccount
Register a new platform in the current subaccount
-
-
`btp register services/platform`
-
-
|
[btp register services/platform](https://help.sap.com/docs/BTP/btp-cli/btp-register-services-platform.html)
-
-
|
@@ -118,22 +94,16 @@ Register a new platform in the current subaccount
Update an existing platform registered in the current subaccount
-
-
`btp update services/platform`
-
-
|
[btp update services/platform](https://help.sap.com/docs/BTP/btp-cli/btp-update-services-platform.html)
-
-
|
@@ -141,22 +111,16 @@ Update an existing platform registered in the current subaccount
Unregister an existing platform in the current subaccount
-
-
`btp unregister services/platform`
-
-
|
[btp unregister services/platform](https://help.sap.com/docs/BTP/btp-cli/btp-unregister-services-platform.html)
-
-
|
@@ -174,22 +138,16 @@ Unregister an existing platform in the current subaccount
Task
-
-
Run the command ...
-
-
|
Command help
-
-
|
@@ -197,22 +155,16 @@ Command help
List all registered brokers in the current subaccount
-
-
`btp list services/broker`
-
-
|
[btp list services/broker](https://help.sap.com/docs/BTP/btp-cli/btp-list-services-broker.html)
-
-
|
@@ -220,22 +172,16 @@ List all registered brokers in the current subaccount
Get a specific service broker in the current subaccount
-
-
`btp get services/broker`
-
-
|
[btp get services/broker](https://help.sap.com/docs/BTP/btp-cli/btp-get-services-broker.html)
-
-
|
@@ -243,22 +189,16 @@ Get a specific service broker in the current subaccount
Register a new service broker in the current subaccount
-
-
`btp register services/broker`
-
-
|
[btp register services/broker](https://help.sap.com/docs/BTP/btp-cli/btp-register-services-broker.html)
-
-
|
@@ -266,22 +206,16 @@ Register a new service broker in the current subaccount
Update an existing service broker in the current subaccount
-
-
`btp update services/broker`
-
-
|
[btp update services/broker](https://help.sap.com/docs/BTP/btp-cli/btp-update-services-broker.html)
-
-
|
@@ -289,22 +223,16 @@ Update an existing service broker in the current subaccount
Unregister an existing service broker in the current subaccount
-
-
`btp unregister services/broker`
-
-
|
[btp unregister services/broker](https://help.sap.com/docs/BTP/btp-cli/btp-unregister-services-broker.html)
-
-
|
@@ -322,22 +250,16 @@ Unregister an existing service broker in the current subaccount
Task
-
-
Run the command ...
-
-
|
Command help
-
-
|
@@ -345,22 +267,16 @@ Command help
List all service instances associated with the current subaccount.
-
-
`btp list services/instance`
-
-
|
[btp list services/instance](https://help.sap.com/docs/BTP/btp-cli/btp-list-services-instance.html)
-
-
|
@@ -368,22 +284,16 @@ List all service instances associated with the current subaccount.
Get details about a specific service instance associated with the current subaccount.
-
-
`btp get services/instance`
-
-
|
[btp get services/instance](https://help.sap.com/docs/BTP/btp-cli/btp-get-services-instance.html)
-
-
|
@@ -391,22 +301,16 @@ Get details about a specific service instance associated with the current subacc
Create a new service instance of the service you want to consume.
-
-
`btp create services/instance`
-
-
|
[btp create services/instance](https://help.sap.com/docs/BTP/btp-cli/btp-create-services-instance.html)
-
-
|
@@ -414,22 +318,16 @@ Create a new service instance of the service you want to consume.
Delete an existing service instance.
-
-
`btp delete services/instance`
-
-
|
[btp delete services/instance](https://help.sap.com/docs/BTP/btp-cli/btp-delete-services-instance.html)
-
-
|
@@ -437,22 +335,16 @@ Delete an existing service instance.
Share a service instance
-
-
`btp share services/instance`
-
-
|
-
-
|
@@ -460,22 +352,16 @@ Share a service instance
Unshare a service instance
-
-
`btp unshare services/instance`
-
-
|
-
-
|
@@ -508,22 +394,16 @@ Unshare a service instance
Task
-
-
Run the command ...
-
-
|
Command help
-
-
|
@@ -531,22 +411,16 @@ Command help
List all service bindings associated with the current subaccount.
-
-
`btp list services/binding`
-
-
|
[btp list services/binding](https://help.sap.com/docs/BTP/btp-cli/btp-list-services-binding.html)
-
-
|
@@ -554,22 +428,16 @@ List all service bindings associated with the current subaccount.
Get details about a specific service binding associated with the current subaccount.
-
-
`btp get services/binding`
-
-
|
[btp get services/binding](https://help.sap.com/docs/BTP/btp-cli/btp-get-services-binding.html)
-
-
|
@@ -577,22 +445,16 @@ Get details about a specific service binding associated with the current subacco
Create a new binding between an existing service instance and an application.
-
-
`btp create services/binding`
-
-
|
[btp create services/binding](https://help.sap.com/docs/BTP/btp-cli/btp-create-services-binding.html)
-
-
|
@@ -600,22 +462,16 @@ Create a new binding between an existing service instance and an application.
Delete an existing binding between a service instance and an application.
-
-
`btp delete services/binding`
-
-
|
[btp delete services/binding](https://help.sap.com/docs/BTP/btp-cli/btp-delete-services-binding.html)
-
-
|
@@ -633,22 +489,16 @@ Delete an existing binding between a service instance and an application.
Task
-
-
Run the command ...
-
-
|
Command help
-
-
|
@@ -656,22 +506,16 @@ Command help
List all service plans of services available for consumption that are associated with your current subaccount.
-
-
`btp list services/plan`
-
-
|
[btp list services/plan](https://help.sap.com/docs/BTP/btp-cli/btp-list-services-plan.html)
-
-
|
@@ -679,22 +523,16 @@ List all service plans of services available for consumption that are associated
Get details about a specific service plan of a service that is available for consumption and associated with your current subaccount.
-
-
`btp get services/plan`
-
-
|
[btp get services/plan](https://help.sap.com/docs/BTP/btp-cli/btp-get-services-plan.html)
-
-
|
@@ -712,22 +550,16 @@ Get details about a specific service plan of a service that is available for con
Task
-
-
Run the command ...
-
-
|
Command help
-
-
|
@@ -735,22 +567,16 @@ Command help
List all service offerings associated with your current subaccount.
-
-
`btp list services/offering`
-
-
|
[btp list services/offering](https://help.sap.com/docs/BTP/btp-cli/btp-list-services-offering.html)
-
-
|
@@ -758,22 +584,16 @@ List all service offerings associated with your current subaccount.
Get details about a specific service offering associated with your subaccount.
-
-
`btp get services/offering`
-
-
|
[btp get services/offering](https://help.sap.com/docs/BTP/btp-cli/btp-get-services-offering.html)
-
-
|
diff --git a/docs/60-security-neo/application-identity-provider-dc61853.md b/docs/60-security-neo/application-identity-provider-dc61853.md
index 1dba8f5..1bcf5a0 100644
--- a/docs/60-security-neo/application-identity-provider-dc61853.md
+++ b/docs/60-security-neo/application-identity-provider-dc61853.md
@@ -71,22 +71,16 @@ You need to configure how the local service provider communicates with the ident
Local Service Provider Configuration
-
-
Description
-
-
|
When to Use
-
-
|
@@ -94,22 +88,16 @@ When to Use
Default
-
-
The local provider's own trust settings will inherit the SAP BTP default configuration \(which is trust to **SAP ID service**\).
-
-
|
For testing and exploring the scenario
-
-
|
@@ -117,22 +105,16 @@ For testing and exploring the scenario
None
-
-
The local provider will have no trust settings, and it will not participate in any identity federation scenario.
-
-
|
For disabling identity federation for your account
-
-
|
@@ -140,22 +122,16 @@ For disabling identity federation for your account
Custom
-
-
The local provider settings will have a specific configuration, different from the default configuration for SAP BTP.
-
-
|
For identity federation with a corporate identity provider or Identity Authentication tenant
-
-
|
@@ -169,15 +145,11 @@ In addition, you can configure the following local service provider settings:
Local Service Provider Configuration \(Additional\)
-
-
Description
-
-
|
@@ -185,15 +157,11 @@ Description
Principal Propagation
-
-
If you set it to *Enabled*, you enable applications to propagate principal information to each other. Choose this value if you want to enable application-to-application single sign-on. Otherwise, set this option to *Disabled*.
-
-
|
@@ -201,15 +169,11 @@ If you set it to *Enabled*, you enable applications to propagate principal infor
Force authentication
-
-
If you set it to *Enabled*, you enable force authentication for your application \(despite SSO, users will have to re-authenticate each time they access it\). Otherwise, set this option to *Disabled*.
-
-
|
@@ -349,15 +313,11 @@ After clicking *Save* you should get a message that you can proceed with the con
Field
-
-
|
Description
-
-
|
@@ -365,15 +325,11 @@ After clicking *Save* you should get a message that you can proceed with the con
Metadata File
-
-
|
The metadata XML file of the identity provider.
-
-
|
@@ -381,15 +337,11 @@ After clicking *Save* you should get a message that you can proceed with the con
Name
-
-
|
The entity ID of the IdP, also known as the issuer.
-
-
|
@@ -397,15 +349,11 @@ After clicking *Save* you should get a message that you can proceed with the con
Description
-
-
|
A short description of the IdP.
-
-
|
@@ -413,8 +361,6 @@ After clicking *Save* you should get a message that you can proceed with the con
Assertion Consumer Service
-
-
|
@@ -424,8 +370,6 @@ After clicking *Save* you should get a message that you can proceed with the con
In the common case, select *Application Root* as value.
If you have an identity provider that would not send the SAML assertion to unknown URLs to them, select the *Assertion Consumer Service* option. This is the case with Microsoft ADFS, for example.
-
-
|
@@ -433,15 +377,11 @@ After clicking *Save* you should get a message that you can proceed with the con
Single Sign-on URL
-
-
|
The IdP's endpoint \(URL\) to which the SP's authentication request will be sent.
-
-
|
@@ -449,15 +389,11 @@ After clicking *Save* you should get a message that you can proceed with the con
Single Sign-on Binding
-
-
|
The SAML-specified HTTP binding used by the SP to send the authentication request.
-
-
|
@@ -465,8 +401,6 @@ After clicking *Save* you should get a message that you can proceed with the con
Single Logout URL
-
-
|
@@ -484,15 +418,11 @@ After clicking *Save* you should get a message that you can proceed with the con
|
Signature Algorithm
-
-
|
The cryptographic algorithm used to compute the digest of the digital signatures in the SAML protocol messages.
-
-
|
@@ -500,15 +430,11 @@ After clicking *Save* you should get a message that you can proceed with the con
Signing Certificate
-
-
|
The X.509 certificate used by the IdP to digitally sign the SAML protocol messages.
-
-
|
@@ -516,15 +442,11 @@ After clicking *Save* you should get a message that you can proceed with the con
User ID Source
-
-
|
Location in the SAML assertion from where the user's unique name \(ID\) is taken when logging into the Cloud. If you choose subject, this is taken from the name identifier in the assertions's subject \(\) element. If you choose attribute, the user's name is taken from an SAML attribute in the assertion.
-
-
|
@@ -532,15 +454,11 @@ After clicking *Save* you should get a message that you can proceed with the con
Source Value
-
-
|
Name of the SAML attribute that defines the user ID on the cloud.
-
-
|
@@ -548,15 +466,11 @@ After clicking *Save* you should get a message that you can proceed with the con
User ID Prefix
-
-
|
An optional prefix added to the user ID on the cloud.
-
-
|
@@ -564,15 +478,11 @@ After clicking *Save* you should get a message that you can proceed with the con
User ID Suffix
-
-
|
An optional suffix appended to the user ID on the cloud.
-
-
|
@@ -580,8 +490,6 @@ After clicking *Save* you should get a message that you can proceed with the con
Enabled
-
-
|
@@ -599,8 +507,6 @@ After clicking *Save* you should get a message that you can proceed with the con
|
Only for IDP-initiated SSO
-
-
|
@@ -618,15 +524,11 @@ After clicking *Save* you should get a message that you can proceed with the con
|
Only for OAuth2 SAML Bearer flow
-
-
|
The IdP will only be used to validate SAML Assertions received via the OAuth SAML Bearer Flow. This allows a more fine-granular and secure control of which IdPs are allowed during login.
-
-
|
@@ -744,15 +646,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
Field
-
-
|
Description
-
-
|
@@ -760,8 +658,6 @@ You may need to use a different identity provider \(IdP\) for each security scen
Only for IDP-initiated SSO
-
-
|
@@ -779,15 +675,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
|
Only for OAuth2 SAML Bearer flow
-
-
|
The IdP will only be used to validate SAML Assertions received via the OAuth SAML Bearer Flow. This allows a more fine-granular and secure control of which IdPs are allowed during login.
-
-
|
@@ -805,15 +697,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
Technical Key of Region
-
-
|
Service Provider Name
-
-
|
@@ -821,15 +709,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-eu1
-
-
|
https://netweaver.ondemand.com
-
-
|
@@ -837,15 +721,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-eu2
-
-
|
https://eu2.hana.ondemand.com/
-
-
|
@@ -853,15 +733,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-eu3
-
-
|
https://eu3.hana.ondemand.com
-
-
|
@@ -869,15 +745,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-us1
-
-
|
https://us1.hana.ondemand.com/
-
-
|
@@ -885,15 +757,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-us2
-
-
|
https://us2.hana.ondemand.com
-
-
|
@@ -901,15 +769,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-us3
-
-
|
https://us3.hana.ondemand.com
-
-
|
@@ -917,15 +781,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-us4
-
-
|
https://us4.hana.ondemand.com
-
-
|
@@ -933,15 +793,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-ap1
-
-
|
ap1.hana.ondemand.com
-
-
|
@@ -949,15 +805,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-ap2
-
-
|
https://ap2.hana.ondemand.com
-
-
|
@@ -965,15 +817,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-jp1
-
-
|
https://jp1.hana.ondemand.com
-
-
|
@@ -981,15 +829,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-jp2
-
-
|
https://jp2.hana.ondemand.com
-
-
|
@@ -997,15 +841,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-cn1
-
-
|
https://cn1.hana.ondemand.com
-
-
|
@@ -1013,15 +853,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-cn2
-
-
|
https://cn2.hana.ondemand.com
-
-
|
@@ -1029,15 +865,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-br1
-
-
|
https://br1.hana.ondemand.com
-
-
|
@@ -1045,15 +877,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-br2
-
-
|
https://br2.hana.ondemand.com
-
-
|
@@ -1061,15 +889,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
neo-ae1
-
-
|
https://ae1.hana.ondemand.com
-
-
|
@@ -1077,15 +901,11 @@ You may need to use a different identity provider \(IdP\) for each security scen
CA1
-
-
|
https://ca1.hana.ondemand.com
-
-
|
diff --git a/docs/60-security-neo/audit-log-retrieval-api-usage-for-the-neo-environment-e4d818d.md b/docs/60-security-neo/audit-log-retrieval-api-usage-for-the-neo-environment-e4d818d.md
index 83f5482..d009302 100644
--- a/docs/60-security-neo/audit-log-retrieval-api-usage-for-the-neo-environment-e4d818d.md
+++ b/docs/60-security-neo/audit-log-retrieval-api-usage-for-the-neo-environment-e4d818d.md
@@ -213,15 +213,11 @@ The retrieved audit logs are in JSON format. The semantics of the JSON fields ar
JSON field
-
-
Semantic description
-
-
|
@@ -229,15 +225,11 @@ Semantic description
UUID
-
-
Unique identifier of the audit log message
-
-
|
@@ -245,15 +237,11 @@ Unique identifier of the audit log message
Category
-
-
Category of the audit log message. It could be one of the predefined audit log types \(audit.security-events , audit.configuration , audit.data-access or audit.data-modification\) or a subcategory provided when invoking the “log” method with “subcategory” parameter \( e.g. audit.data-modification.test , audit.data-access.my-sub-category etc.\)
-
-
|
@@ -261,8 +249,6 @@ Category of the audit log message. It could be one of the predefined audit log t
User
-
-
@@ -289,15 +275,11 @@ The user that has executed the auditable event. The result of the user field cou
Tenant
-
-
|
Tenant ID owner of the auditable event.
-
-
|
@@ -305,15 +287,11 @@ Tenant ID owner of the auditable event.
Account
-
-
Account ID owner of the auditable event.
-
-
|
@@ -321,15 +299,11 @@ Account ID owner of the auditable event.
Application
-
-
Application that has generated the audit log event.
-
-
|
@@ -337,15 +311,11 @@ Application that has generated the audit log event.
Time
-
-
Timestamp \(UTC+0\) when the auditable event is generated.
-
-
|
@@ -353,15 +323,11 @@ Timestamp \(UTC+0\) when the auditable event is generated.
Message
-
-
Audit log message text.
-
-
|
@@ -369,15 +335,11 @@ Audit log message text.
InstanceId
-
-
Instance ID where the event has occurred if applicable.
-
-
|
@@ -385,15 +347,11 @@ Instance ID where the event has occurred if applicable.
FormatVersion
-
-
Audit log message format.
-
-
|
diff --git a/docs/60-security-neo/auditing-and-logging-information-for-oauth-2-0-service-17d6fd1.md b/docs/60-security-neo/auditing-and-logging-information-for-oauth-2-0-service-17d6fd1.md
index fafb24f..58f467e 100644
--- a/docs/60-security-neo/auditing-and-logging-information-for-oauth-2-0-service-17d6fd1.md
+++ b/docs/60-security-neo/auditing-and-logging-information-for-oauth-2-0-service-17d6fd1.md
@@ -13,22 +13,16 @@ Here you can find a list of the security events that are logged by OAuth 2.0 Ser
Event grouping
-
-
What events are logged
-
-
|
How to identify related log events
-
-
|
@@ -36,15 +30,11 @@ How to identify related log events
Authorization code
-
-
Issue OAuth authorization code
-
-
|
@@ -52,8 +42,6 @@ Issue OAuth authorization code
Distincted by tenantId:""
-
-
|
@@ -61,8 +49,6 @@ Distincted by tenantId:""
Delete OAuth authorization code
-
-
@@ -70,8 +56,6 @@ Delete OAuth authorization code
Distincted by tenantId:""
-
-
|
@@ -79,15 +63,11 @@ Distincted by tenantId:""
Access token
-
-
Issue access token for client credentials flow
-
-
|
@@ -97,8 +77,6 @@ Issue access token for client credentials flow
Distincted by tenantId:""
-
-
|
@@ -106,8 +84,6 @@ Distincted by tenantId:""
Issue access token from authorization code
-
-
@@ -115,8 +91,6 @@ Issue access token from authorization code
Distincted by tenantId:""
-
-
|
@@ -124,8 +98,6 @@ Distincted by tenantId:""
Issue access token from refresh token
-
-
@@ -133,8 +105,6 @@ Issue access token from refresh token
Distincted by tenantId:""
-
-
|
@@ -142,8 +112,6 @@ Distincted by tenantId:""
Issue acccess token from SAML bearer assertion
-
-
@@ -153,8 +121,6 @@ Distincted by tenantId:""
Further refining of search: "operation":"Create access token from SAML bearer"
-
-
|
@@ -162,8 +128,6 @@ Further refining of search: "operation":"Create access token from SAML bearer"
Delete access token
-
-
@@ -171,8 +135,6 @@ Delete access token
Distincted by tenantId:""
-
-
|
@@ -180,15 +142,11 @@ Distincted by tenantId:""
Refresh token
-
-
Create refresh token
-
-
|
@@ -196,8 +154,6 @@ Create refresh token
Distincted by tenantId:""
-
-
|
@@ -205,15 +161,11 @@ Distincted by tenantId:""
OAuth client
-
-
Create OAuth client
-
-
|
@@ -221,8 +173,6 @@ Create OAuth client
Distincted by tenantId:""
-
-
|
@@ -230,8 +180,6 @@ Distincted by tenantId:""
Update OAuth client
-
-
@@ -239,8 +187,6 @@ Update OAuth client
Distincted by tenantId:""
-
-
|
@@ -248,8 +194,6 @@ Distincted by tenantId:""
Delete OAuth client
-
-
@@ -257,8 +201,6 @@ Delete OAuth client
Distincted by tenantId:""
-
-
|
@@ -266,15 +208,11 @@ Distincted by tenantId:""
Platform client
-
-
Create OAuth platform client
-
-
|
@@ -282,8 +220,6 @@ Create OAuth platform client
Distincted by "account":""
-
-
|
@@ -291,8 +227,6 @@ Distincted by "account":""
Delete OAuth platform client
-
-
@@ -300,8 +234,6 @@ Delete OAuth platform client
Distincted by "account":""
-
-
|
@@ -309,8 +241,6 @@ Distincted by "account":""
Create multi-tenant OAuth platform client
-
-
@@ -320,8 +250,6 @@ Distincted by "account":""
Further refining of search: "operation":"Create Multitenant Platform API client"
-
-
|
@@ -329,8 +257,6 @@ Further refining of search: "operation":"Create Multitenant Platform API client"
Create admin OAuth platform client
-
-
@@ -352,8 +278,6 @@ Distincted by:
Delete admin OAuth platform client
-
-
|
@@ -375,8 +299,6 @@ Distincted by:
Create external OAuth platform client
-
-
|
@@ -391,8 +313,6 @@ Distincted by:
Further refining of search: "operation":"Delete External Platform API client"
-
-
|
@@ -400,8 +320,6 @@ Further refining of search: "operation":"Delete External Platform API client"
Delete external OAutth platform client
-
-
@@ -416,8 +334,6 @@ Distincted by:
Further refining of search: "operation":"Delete External Platform API client"
-
-
|
diff --git a/docs/60-security-neo/authentication-configuration-4a46723.md b/docs/60-security-neo/authentication-configuration-4a46723.md
index d957126..c2a7754 100644
--- a/docs/60-security-neo/authentication-configuration-4a46723.md
+++ b/docs/60-security-neo/authentication-configuration-4a46723.md
@@ -35,15 +35,11 @@ If you select more than one option, SAP BTP will delegate authentication to the
Login Option
-
-
Descrption
-
-
|
@@ -51,15 +47,11 @@ Descrption
Trusted SAML 2.0 identity provider
-
-
Authentication is implemented over the Security Assertion Markup Language \(SAML\) 2.0 protocol, and delegated to SAP ID service or custom identity provider \(IdP\). The credentials users need to present depend on the IdP settings. See [Application Identity Provider](application-identity-provider-dc61853.md#loiodc618538d97610148155d97dcd123c24).
-
-
|
@@ -67,8 +59,6 @@ Authentication is implemented over the Security Assertion Markup Language \(SAML
User name and password
-
-
@@ -86,15 +76,11 @@ HTTP BASIC authentication with user name and password. The user name and passwor
Client certificate
-
-
|
Users authenticate with a client certificate installed in an on-premise SAP NetWeaver Application Server for Java system. See [Enabling Client Certificate Authentication](enabling-client-certificate-authentication-0d7cf63.md)
-
-
|
@@ -102,8 +88,6 @@ Users authenticate with a client certificate installed in an on-premise SAP NetW
Application-to-Application SSO
-
-
@@ -121,15 +105,11 @@ Used for AppToAppSSO destinations. See [Application-to-Application SSO Authentic
OAuth 2.0 token
-
-
|
Authentication is implemented over the OAuth 2.0 protocol. Users need to present an OAuth access token as credential. See [OAuth 2.0 Authorization Code Grant](oauth-2-0-authorization-code-grant-b7b5893.md).
-
-
|
diff --git a/docs/60-security-neo/authentication-e637f62.md b/docs/60-security-neo/authentication-e637f62.md
index d5a459f..2fe6bf5 100644
--- a/docs/60-security-neo/authentication-e637f62.md
+++ b/docs/60-security-neo/authentication-e637f62.md
@@ -37,29 +37,21 @@ SAP BTP supports the following default authentication methods:
Authentication Method
-
-
Default Options
-
-
|
Description
-
-
|
Sample Usecase
-
-
|
@@ -67,8 +59,6 @@ Sample Usecase
FORM
-
-
@@ -76,8 +66,6 @@ Trusted SAML 2.0 identity provider
Application-to-Application SSO
-
-
|
@@ -85,15 +73,11 @@ FORM authentication implemented over the Security Assertion Markup Language \(SA
\(Optional\) If you configure a connection with an on-premise user store, the existence of the user is also verified in the on-premise SAP NetWeaver AS Java system. See [Using an SAP System as an On-Premise User Store](using-an-sap-system-as-an-on-premise-user-store-71fdf1c.md).
-
-
|
You want to delegate authentication to your corporate identity provider.
-
-
|
@@ -101,15 +85,11 @@ You want to delegate authentication to your corporate identity provider.
BASIC
-
-
User name and password
-
-
|
@@ -138,8 +118,6 @@ Example 2: You have a corporate on-premise SAP NetWeaver AS Java system. You wan
Example 3: You have a corporate Identity Authentication tenant. You want application users to log in using the user name and password stored in the tenant.
-
-
|
@@ -147,29 +125,21 @@ Example 3: You have a corporate Identity Authentication tenant. You want applica
CERT
-
-
Client certificate
-
-
|
Used for authentication only with client certificate. See [Enabling Client Certificate Authentication](enabling-client-certificate-authentication-0d7cf63.md).
-
-
|
Users log in using their corporate client certificates.
-
-
|
@@ -177,8 +147,6 @@ Users log in using their corporate client certificates.
BASICCERT
-
-
@@ -186,22 +154,16 @@ User name and password
Client certificate
-
-
|
Used for authentication either with client certificate or with user name and password. See [Enabling Client Certificate Authentication](enabling-client-certificate-authentication-0d7cf63.md).
-
-
|
Within the corporate network, users log in using their client certificates. Outside that network, users log in using user name and password.
-
-
|
@@ -209,15 +171,11 @@ Within the corporate network, users log in using their client certificates. Outs
OAUTH
-
-
OAuth 2.0 token
-
-
|
@@ -233,8 +191,6 @@ Authentication according to the OAuth 2.0 protocol with an OAuth access token. S
You have a mobile application consuming REST APIs using the OAuth 2.0 protocol. Users log in using an OAuth access token.
-
-
|
@@ -242,8 +198,6 @@ You have a mobile application consuming REST APIs using the OAuth 2.0 protocol.
SAML2
-
-
@@ -251,22 +205,16 @@ Trusted SAML 2.0 identity provider
Application-to-Application SSO
-
-
|
See FORM.
-
-
|
See FORM.
-
-
|
@@ -495,15 +443,11 @@ Use the following components if you need to create a ticket for Authorization an
Suport Component
-
-
Description
-
-
|
@@ -511,15 +455,11 @@ Description
BC-NEO-SEC-IAM
-
-
Main support channel for tickets concerning Authorization and Trust Management in the Neo environment.
-
-
|
@@ -527,15 +467,11 @@ Main support channel for tickets concerning Authorization and Trust Management i
BC-NEO-SEC-CPG
-
-
Support for cryptographic services, including client certificate authentication and Keystore service.
-
-
|
diff --git a/docs/60-security-neo/commmon-errors-with-basic-authentication-in-sap-id-service-fa6645e.md b/docs/60-security-neo/commmon-errors-with-basic-authentication-in-sap-id-service-fa6645e.md
index 7e35bea..f412786 100644
--- a/docs/60-security-neo/commmon-errors-with-basic-authentication-in-sap-id-service-fa6645e.md
+++ b/docs/60-security-neo/commmon-errors-with-basic-authentication-in-sap-id-service-fa6645e.md
@@ -27,15 +27,11 @@ For more information about using BASIC authentication, see [Authentication](auth
Error Message
-
-
Description
-
-
|
@@ -43,15 +39,11 @@ Description
Your account is temporarily locked. It will be automatically unlocked in 60 minutes.
-
-
SAP ID Service has registered five unsuccessful login attempts for this account in a short time. For security reasons, your account is disabled for 60 minutes.
-
-
|
@@ -59,15 +51,11 @@ SAP ID Service has registered five unsuccessful login attempts for this account
Password authentication is disabled for your account. Log in with a certificate.
-
-
The owner of this account has disabled password authentication using their user profile settings in SAP ID service.
-
-
|
@@ -75,15 +63,11 @@ The owner of this account has disabled password authentication using their user
Inactive account. Activate it via your account creation confirmation email
-
-
This is a new account and you haven’t activated it yet. You will receive an e-mail confirming your account creating, and containing an account activation link.
-
-
|
@@ -91,15 +75,11 @@ This is a new account and you haven’t activated it yet. You will receive an e-
Login failed. Contact your administrator.
-
-
You cannot log in for a reason different from all others listed here.
-
-
|
diff --git a/docs/60-security-neo/enabling-client-certificate-authentication-0d7cf63.md b/docs/60-security-neo/enabling-client-certificate-authentication-0d7cf63.md
index cba5435..d6922d7 100644
--- a/docs/60-security-neo/enabling-client-certificate-authentication-0d7cf63.md
+++ b/docs/60-security-neo/enabling-client-certificate-authentication-0d7cf63.md
@@ -82,15 +82,11 @@ Use the following system properties to define user mapping:
System Property
-
-
Description
-
-
|
@@ -98,15 +94,11 @@ Description
`com.sap.cloud.crypto.clientcert.mapping_mode`
-
-
\(Mandatory\) Defines how the received client certificate is interpreted.
-
-
|
@@ -114,8 +106,6 @@ Description
`com.sap.cloud.crypto.clientcert.keystore_name`
-
-
@@ -147,29 +137,21 @@ For more information about the particular values you need to set, see the table
Mapping Mode
-
-
|
Description
-
-
|
How to Set
-
-
|
Example
-
-
|
@@ -177,15 +159,11 @@ Example
CN
-
-
The user name equals the common name \(CN\) of the certificate’s subject.
-
-
|
@@ -198,15 +176,11 @@ In addition, if you want to accept certificates from trusted certificate authori
If you want to accept certificates from any issuer, skip setting the `com.sap.cloud.crypto.clientcert.keystore_name` property.
-
-
|
A client certificate with *cn=myuser,ou=security* as a subject is mapped to a *myuser* user name.
-
-
|
@@ -214,15 +188,11 @@ A client certificate with *cn=myuser,ou=security* as a subject is mapped to a *m
CN@issuer
-
-
For this mapping mode, the user name is defined as *@*. Use this mapping mode when you have certificates with identical CNs.
-
-
|
@@ -244,8 +214,6 @@ To use this mapping mode, you have to set the following system properties:
A client certificate with *CN=john, C=DE, O=SAP, OU=Development* as a subject and *CN=SSO CA, O=SAP* as an issuer is received. The specified keystore with trusted issuers contains the same issuer, *CN=SSO CA, O=SAP*, that has an *sso\_ca* alias. Then the user name is defined as *john@sso\_ca*.
-
-
|
@@ -253,15 +221,11 @@ A client certificate with *CN=john, C=DE, O=SAP, OU=Development* as a subject an
wholeCert
-
-
For this mapping mode, the whole client certificate is compared with each entry in the specified keystore, and then the user name is defined as the alias of the matching entry.
-
-
|
@@ -290,8 +254,6 @@ The following client certificate is received:
The specified keystore contains the same certificate with an alias *john*. Then the user name is defined as *john*.
-
-
|
@@ -299,8 +261,6 @@ The specified keystore contains the same certificate with an alias *john*. Then
subjectAndIssuer
-
-
@@ -308,8 +268,6 @@ For this mapping mode, only the subject and issuer fields of the received client
Use this mapping mode when you want authentication by validating only the certificate’s subject and issuer.
-
-
|
@@ -328,8 +286,6 @@ To use this mapping mode, you have to set the following system properties:
A certificate with *CN=john.miller, C=DE, O=SAP, OU=Development* as a subject and *CN=SSO CA, O=SAP* as an issuer is received. The specified keystore contains a certificate with alias *john* that has the same subject and issuer fields. Then the user name is defined as *john*.
-
-
|
diff --git a/docs/60-security-neo/glossary-for-data-protection-and-privacy-a57e0ab.md b/docs/60-security-neo/glossary-for-data-protection-and-privacy-a57e0ab.md
index c8aaba2..d00568e 100644
--- a/docs/60-security-neo/glossary-for-data-protection-and-privacy-a57e0ab.md
+++ b/docs/60-security-neo/glossary-for-data-protection-and-privacy-a57e0ab.md
@@ -23,15 +23,11 @@ The following terms are general to SAP products. Not all terms may be relevant f
Term
-
-
Definition
-
-
|
@@ -39,15 +35,11 @@ Definition
**Blocking**
-
-
A method of restricting access to data for which the primary business purpose has ended.
-
-
|
@@ -55,15 +47,11 @@ A method of restricting access to data for which the primary business purpose ha
**Business purpose**
-
-
The legal, contractual, or in other form justified reason for the processing of personal data to complete an end-to-end business process. The personal data used to complete the process is predefined in a purpose, which is defined by the data controller. The process must be defined before the personal data required to fulfill the purpose can be determined.
-
-
|
@@ -71,15 +59,11 @@ The legal, contractual, or in other form justified reason for the processing of
**Consent**
-
-
The action of the data subject confirming that the usage of his or her personal data shall be allowed for a given purpose. A consent functionality allows the storage of a consent record in relation to a specific purpose and shows if a data subject has granted, withdrawn, or denied consent.
-
-
|
@@ -87,15 +71,11 @@ The action of the data subject confirming that the usage of his or her personal
**Data subject**
-
-
Any information relating to an identified or identifiable natural person \("data subject"\). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
-
-
|
@@ -103,15 +83,11 @@ Any information relating to an identified or identifiable natural person \("data
**Deletion**
-
-
Deletion of **personal data** so that the data is no longer available.
-
-
|
@@ -119,15 +95,11 @@ Deletion of **personal data** so that the data is no longer available.
**End of business**
-
-
Defines the end of active business and the start of residence time and retention period.
-
-
|
@@ -135,15 +107,11 @@ Defines the end of active business and the start of residence time and retention
**End of purpose \(EoP\)**
-
-
The point in time when the processing of a set of personal data is no longer required for the primary business purpose, for example, when a contract is fulfilled. After the EoP has been reached, the data is blocked and can only be accessed by users with special authorizations \(for example, tax auditors\).
-
-
|
@@ -151,15 +119,11 @@ The point in time when the processing of a set of personal data is no longer req
**End of purpose \(EoP\) check**
-
-
A method of identifying the point in time for a data set when the processing of **personal data** is no longer required for the primary **business purpose**. After the **EoP** has been reached, the data is **blocked** and can only be accessed by users with special authorization, for example, tax auditors.
-
-
|
@@ -167,15 +131,11 @@ A method of identifying the point in time for a data set when the processing of
**Personal data**
-
-
Any information relating to an identified or identifiable natural person \("data subject"\). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
-
-
|
@@ -183,15 +143,11 @@ Any information relating to an identified or identifiable natural person \("data
**Purpose**
-
-
The information that specifies the reason and the goal for the processing of a specific set of personal data. As a rule, the purpose references the relevant legal basis for the processing of personal data.
-
-
|
@@ -199,15 +155,11 @@ The information that specifies the reason and the goal for the processing of a s
**Residence period**
-
-
The period of time between the end of business and the end of purpose \(EoP\) for a data set during which the data remains in the database and can be used in case of subsequent processes related to the original purpose. At the end of the longest configured residence period, the data is blocked or deleted. The residence period is part of the overall retention period.
-
-
|
@@ -215,15 +167,11 @@ The period of time between the end of business and the end of purpose \(EoP\) fo
**Retention period**
-
-
The period of time between the end of the last business activity involving a specific object \(for example, a business partner\) and the deletion of the corresponding data, subject to applicable laws. The retention period is a combination of the residence period and the blocking period.
-
-
|
@@ -231,8 +179,6 @@ The period of time between the end of the last business activity involving a spe
**Sensitive personal data**
-
-
@@ -252,8 +198,6 @@ A category of personal data that usually includes the following type of informat
**Technical and organizational measures \(TOM\)**
-
-
|
diff --git a/docs/60-security-neo/managing-roles-db8175b.md b/docs/60-security-neo/managing-roles-db8175b.md
index a82fb86..af7b333 100644
--- a/docs/60-security-neo/managing-roles-db8175b.md
+++ b/docs/60-security-neo/managing-roles-db8175b.md
@@ -25,15 +25,11 @@ In SAP BTP, you can use Java EE roles to define access to the application resour
Term
-
-
|
Description
-
-
|
@@ -41,8 +37,6 @@ Description
Role
-
-
@@ -60,8 +54,6 @@ Roles allow you to diversify user access to application resources \(role-based a
Predefined roles
-
-
|
@@ -88,8 +80,6 @@ Predefined roles can be:
Custom roles
-
-
|
@@ -99,8 +89,6 @@ You can add custom roles to an application to configure additional access permis
Custom roles are visible and accessible only within the subaccount where they are created. That’s why different accounts subscribed to the same application could have different custom roles.
-
-
|
@@ -108,8 +96,6 @@ Custom roles are visible and accessible only within the subaccount where they ar
User
-
-
@@ -130,8 +116,6 @@ Users are principals managed by identity providers \(SAP ID service or others\).
Group
-
-
|
@@ -144,8 +128,6 @@ For each identity provider \(IdP\) for your subaccount, you define a set of rule
See [Using a Custom Identity Provider](application-identity-provider-dc61853.md#loiodc618538d97610148155d97dcd123c24).
-
-
|
@@ -330,22 +312,16 @@ For each different identity provider \(IdP\), you can define a set of rules spec
IdP Group Type
-
-
|
Description
-
-
|
Example
-
-
|
@@ -353,22 +329,16 @@ For each different identity provider \(IdP\), you can define a set of rules spec
Default group
-
-
|
All users logged by this IdP will have this group assignment.
-
-
|
All users logged by the company IdP can be assigned to the group *Internal*. You may decide to give this group the role *Access Internal Corporate Portal*.
-
-
|
@@ -376,22 +346,16 @@ For each different identity provider \(IdP\), you can define a set of rules spec
Assertion-based group
-
-
|
Determined by values of attributes in the SAML 2.0 assertion.Only the IdP users that have the required values will be assigned to it.
-
-
|
The users with SAML 2.0 assertion containing the attribute `contract=temporary` will be assigned to the group *TEMPORARY*. The users with SAML 2.0 assertion containing the attribute `contract=permanent` will be assigned to the group *PERMANENT*. The two groups will have different role assignments.
-
-
|
@@ -424,15 +388,11 @@ For each different identity provider \(IdP\), you can define a set of rules spec
Equals
-
-
|
Choose *Equals* if you want the value of the SAML 2.0 assertion attribute to match exactly the string you specify. Note that if you want to use more sophisticated relations, such as "starts with" or "contains", you need to use the *Regular expression* option.
-
-
|
@@ -440,8 +400,6 @@ For each different identity provider \(IdP\), you can define a set of rules spec
Regular expression
-
-
|
@@ -455,8 +413,6 @@ For each different identity provider \(IdP\), you can define a set of rules spec
**Example 2**: You want all users with name starting with admin to be added to group *Administrators*. Hence, you choose the mapping rule to be userid, matched using the following regular expression:
*^\(admin\).\**
-
-
|
@@ -520,22 +476,16 @@ The table below shows the VM system properties available for configuring role ca
VM Property
-
-
Description
-
-
|
Default Value
-
-
|
@@ -543,22 +493,16 @@ Default Value
com.sap.security.um.ratelimiter.cache.maximum\_user\_entries
-
-
The maximum user entries stored in the role cache.
-
-
|
1000
-
-
|
@@ -566,22 +510,16 @@ The maximum user entries stored in the role cache.
com.sap.security.um.ratelimiter.cache.validity
-
-
The cache validity in time.
-
-
|
5 \(in minutes\)
-
-
|
@@ -589,22 +527,16 @@ The cache validity in time.
com.sap.security.um.ratelimiter.cache.time\_period
-
-
The time period for role caching.
-
-
|
2 \(in minutes\)
-
-
|
@@ -612,22 +544,16 @@ The time period for role caching.
com.sap.security.um.ratelimiter.cache.maximum\_requests\_per\_user
-
-
The maximum requests per user stored in the role cache.
-
-
|
20
-
-
|
diff --git a/docs/60-security-neo/oauth-2-0-authorization-code-grant-b7b5893.md b/docs/60-security-neo/oauth-2-0-authorization-code-grant-b7b5893.md
index d5df66d..767c42a 100644
--- a/docs/60-security-neo/oauth-2-0-authorization-code-grant-b7b5893.md
+++ b/docs/60-security-neo/oauth-2-0-authorization-code-grant-b7b5893.md
@@ -39,22 +39,16 @@ The following table shows the roles defined by OAuth, and their respective entit
Role
-
-
Entity in SAP BTP
-
-
|
Description
-
-
|
@@ -62,22 +56,16 @@ Description
Resource owner
-
-
User
-
-
|
An entity that holds protected assets. This entity is capable of granting access to those assets under its control.
-
-
|
@@ -85,22 +73,16 @@ An entity that holds protected assets. This entity is capable of granting access
Resource server
-
-
Application
-
-
|
The server that hosts the resource owner's protected assets.
-
-
|
@@ -108,22 +90,16 @@ The server that hosts the resource owner's protected assets.
Client
-
-
Third-party application
-
-
|
The third party entity that needs to access the protected assets on behalf of the resource owner.
-
-
|
@@ -131,22 +107,16 @@ The third party entity that needs to access the protected assets on behalf of th
Authorization server
-
-
SAP BTP infrastructure
-
-
|
The server that manages the authentication and authorization of the different entities involved.
-
-
|
@@ -227,15 +197,11 @@ One of the ways to enforce scope checks for resources is to declare the resource
Element
-
-
Description
-
-
|
@@ -243,8 +209,6 @@ Description
Servlet filter class
-
-
@@ -252,8 +216,6 @@ Enter as value `com.sap.cloud.security.oauth2.OAuthAuthorizationFilter`.
On request it checks if the request contains a valid OAuth token to access the resources mapped to the configured scope.
-
-
|
@@ -261,15 +223,11 @@ On request it checks if the request contains a valid OAuth token to access the r
Protected resources
-
-
Could be given as URL pattern or servlet.
-
-
|
@@ -277,8 +235,6 @@ Could be given as URL pattern or servlet.
Initial parameters
-
-
@@ -370,22 +326,16 @@ In the table below the result handling between the authorization server and reso
Authorization server to resource server
-
-
|
Resource server to the API
-
-
|
Resource server to the filter
-
-
|
@@ -393,43 +343,31 @@ Resource server to the filter
**Code**
-
-
**Description**
-
-
|
**Return value / Exception**
-
-
|
**Description**
-
-
|
**Code**
-
-
|
**Description**
-
-
|
@@ -437,22 +375,16 @@ Resource server to the filter
`200`
-
-
`access_token` is valid
-
-
|
`True`
-
-
|
@@ -460,15 +392,11 @@ attribute "`user_id`" in the request
attribute "`client_id`" in the request
-
-
|
-
-
|
@@ -480,8 +408,6 @@ attribute "`user_id`" in the request
If `user-principal=true` -\>`request.getUserPrincipal(). getName()` returns `user_id`
-
-
|
@@ -489,22 +415,16 @@ If `user-principal=true` -\>`request.getUserPrincipal(). getName()` returns `use
`200`
-
-
`access_token` is valid
-
-
|
`False`
-
-
|
@@ -512,22 +432,16 @@ attribute "`reason`" in the request describing the reason for the result
`reason = "access_forbidden"`
-
-
|
`403`
-
-
|
Access is forbidden
-
-
|
@@ -535,22 +449,16 @@ Access is forbidden
`400`
-
-
`access_token` parameter is null, empty string, missing or it is given more than once
-
-
|
`False`
-
-
|
@@ -558,22 +466,16 @@ Attribute "`reason`" in the request describing the reason for the result
`reason = "missing_access_token`
-
-
|
`401`
-
-
|
-
-
|
@@ -581,22 +483,16 @@ Attribute "`reason`" in the request describing the reason for the result
`401`
-
-
`access_token` does not exist
-
-
|
`False`
-
-
|
@@ -604,22 +500,16 @@ Attribute "`reason`" in the request describing the reason for the result
`reason = "missing_access_token`
-
-
|
`401`
-
-
|
-
-
|
@@ -627,22 +517,16 @@ Attribute "`reason`" in the request describing the reason for the result
`401`
-
-
`access_token` has expired
-
-
|
`False`
-
-
|
@@ -650,22 +534,16 @@ Attribute "`reason`" in the request describing the reason for the result
`reason = "missing_access_token`
-
-
|
`401`
-
-
|
-
-
|
@@ -673,22 +551,16 @@ Attribute "`reason`" in the request describing the reason for the result
`401`
-
-
`access_token` is not issued for the current subscription
-
-
|
`False`
-
-
|
@@ -696,22 +568,16 @@ Attribute "`reason`" in the request describing the reason for the result
`reason = "missing_access_token`
-
-
|
`401`
-
-
|
-
-
|
@@ -719,15 +585,11 @@ Attribute "`reason`" in the request describing the reason for the result
`500`
-
-
Unexpected error \(no connection to the database\)
-
-
|
@@ -735,29 +597,21 @@ Unexpected error \(no connection to the database\)
\(extends `Exception`\)
-
-
|
Inherit message from the original exception
-
-
|
`500`
-
-
|
-
-
|
@@ -765,15 +619,11 @@ Inherit message from the original exception
-
-
-
-
|
@@ -781,29 +631,21 @@ Inherit message from the original exception
\(extends `Exception`\)
-
-
|
HTTP request to the authorization server fails
-
-
|
-
-
|
-
-
|
@@ -811,15 +653,11 @@ HTTP request to the authorization server fails
-
-
-
-
|
@@ -827,29 +665,21 @@ HTTP request to the authorization server fails
\(extends `Exception`\)
-
-
|
OAuth destination is not found or can’t get destination HTTP client
-
-
|
-
-
|
-
-
|
diff --git a/docs/60-security-neo/principal-propagation-between-neo-subaccounts-038c9de.md b/docs/60-security-neo/principal-propagation-between-neo-subaccounts-038c9de.md
index 3ddd937..3a3312e 100644
--- a/docs/60-security-neo/principal-propagation-between-neo-subaccounts-038c9de.md
+++ b/docs/60-security-neo/principal-propagation-between-neo-subaccounts-038c9de.md
@@ -71,15 +71,11 @@ The graphic below illustrates the overall setup of the scenario.
Field
-
-
|
Description
-
-
|
@@ -87,15 +83,11 @@ The graphic below illustrates the overall setup of the scenario.
Name
-
-
|
The *Local Provider Name* of the first subaccount, which you copied in step 1.
-
-
|
@@ -103,15 +95,11 @@ The graphic below illustrates the overall setup of the scenario.
Signing Certificate
-
-
|
The *Signing Certificate* of the first subaccount, which you copied in step 1.
-
-
|
@@ -155,15 +143,11 @@ Connect the first subaccount, to the second subaccount by describing the source
Field
-
-
|
Description
-
-
|
@@ -171,8 +155,6 @@ Connect the first subaccount, to the second subaccount by describing the source
Name
-
-
|
@@ -190,8 +172,6 @@ Connect the first subaccount, to the second subaccount by describing the source
|
URL
-
-
|
@@ -199,8 +179,6 @@ Connect the first subaccount, to the second subaccount by describing the source
The URL of the protected resource that you want to access \(the first application\). See [Configuring Application URLs](../50-administration-and-ops-neo/configuring-application-urls-7ceeaa5.md).
Example: `https://myappmysubaccount.hana.ondemand.com/`
-
-
|
@@ -208,15 +186,11 @@ Connect the first subaccount, to the second subaccount by describing the source
Authentication
-
-
|
AppToAppSSO
-
-
|
diff --git a/docs/60-security-neo/principal-propagation-from-the-cloud-foundry-to-the-neo-environment-391e9ed.md b/docs/60-security-neo/principal-propagation-from-the-cloud-foundry-to-the-neo-environment-391e9ed.md
index fb51268..0c6a696 100644
--- a/docs/60-security-neo/principal-propagation-from-the-cloud-foundry-to-the-neo-environment-391e9ed.md
+++ b/docs/60-security-neo/principal-propagation-from-the-cloud-foundry-to-the-neo-environment-391e9ed.md
@@ -178,15 +178,11 @@ Connect the two subaccounts by describing the connection properties in a destina
Field
-
-
|
Description
-
-
|
@@ -194,15 +190,11 @@ Connect the two subaccounts by describing the connection properties in a destina
Name
-
-
|
Technical name of the destination. It can be used later on to get an instance of that destination. It must be unique for the global account.
-
-
|
@@ -210,15 +202,11 @@ Connect the two subaccounts by describing the connection properties in a destina
Description
-
-
|
Free-text description.
-
-
|
@@ -226,15 +214,11 @@ Connect the two subaccounts by describing the connection properties in a destina
Type
-
-
|
HTTP
-
-
|
@@ -242,8 +226,6 @@ Connect the two subaccounts by describing the connection properties in a destina
URL
-
-
|
@@ -251,8 +233,6 @@ Connect the two subaccounts by describing the connection properties in a destina
The URL of the protected resource in the Neo environment.
Example: `https://myneoapp.hana.ondemand.com/myprotectedresource/`
-
-
|
@@ -260,15 +240,11 @@ Connect the two subaccounts by describing the connection properties in a destina
Authentication
-
-
|
OAuth2SAMLBearerAssertion
-
-
|
@@ -276,15 +252,11 @@ Connect the two subaccounts by describing the connection properties in a destina
Proxy Type
-
-
|
Internet
-
-
|
@@ -292,8 +264,6 @@ Connect the two subaccounts by describing the connection properties in a destina
Audience
-
-
|
@@ -303,8 +273,6 @@ Connect the two subaccounts by describing the connection properties in a destina
Copy the value from *cockpit* \> ** \> *Security* \> *Trust* \> *Local Service Provider* \> *Local Service Provider Name*.
![](images/NeoLocalProvider_7f8b61b.png)
-
-
|
@@ -312,15 +280,11 @@ Connect the two subaccounts by describing the connection properties in a destina
Client Key
-
-
|
The ID of the OAuth client for the application in the Neo environment.
-
-
|
@@ -328,8 +292,6 @@ Connect the two subaccounts by describing the connection properties in a destina
Token Service URL
-
-
|
@@ -337,8 +299,6 @@ Connect the two subaccounts by describing the connection properties in a destina
Copy the value of *Token Endpoint* from the following place: *cockpit* \> ** \> *Security* \> *OAuth* \> *Branding*.
![](images/OAuthTokenEndpoint_b08846c.png)
-
-
|
@@ -346,15 +306,11 @@ Connect the two subaccounts by describing the connection properties in a destina
Token Service User
-
-
|
The ID of the OAuth client for the application in the Neo environment.
-
-
|
@@ -362,15 +318,11 @@ Connect the two subaccounts by describing the connection properties in a destina
Token Service Password
-
-
|
The secret from the OAuth client.
-
-
|
@@ -378,15 +330,11 @@ Connect the two subaccounts by describing the connection properties in a destina
System User
-
-
|
Empty.
-
-
|
@@ -394,15 +342,11 @@ Connect the two subaccounts by describing the connection properties in a destina
authnContextClassRef
-
-
|
*urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession*
-
-
|
@@ -410,15 +354,11 @@ Connect the two subaccounts by describing the connection properties in a destina
nameIdFormat
-
-
|
*urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified* if the user ID will be propagated to the Neo application or *nameIdFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress* if the user email will be propagated to the Neo application.
-
-
|
diff --git a/docs/60-security-neo/principal-propagation-from-the-neo-to-the-cloud-foundry-environment-6e194f8.md b/docs/60-security-neo/principal-propagation-from-the-neo-to-the-cloud-foundry-environment-6e194f8.md
index b5f4afd..63ecb2e 100644
--- a/docs/60-security-neo/principal-propagation-from-the-neo-to-the-cloud-foundry-environment-6e194f8.md
+++ b/docs/60-security-neo/principal-propagation-from-the-neo-to-the-cloud-foundry-environment-6e194f8.md
@@ -223,15 +223,11 @@ Connect the first subaccount to the second subaccount by describing the source c
Field
-
-
|
Description
-
-
|
@@ -239,8 +235,6 @@ Connect the first subaccount to the second subaccount by describing the source c
Name
-
-
|
@@ -258,8 +252,6 @@ Connect the first subaccount to the second subaccount by describing the source c
|
URL
-
-
|
@@ -267,8 +259,6 @@ Connect the first subaccount to the second subaccount by describing the source c
The URL of the protected resource in the Cloud Foundry environment. See [Configuring Application URLs](../50-administration-and-ops-neo/configuring-application-urls-7ceeaa5.md).
Example: `https://.cfapps.eu10.hana.ondemand.com/`
-
-
|
@@ -276,15 +266,11 @@ Connect the first subaccount to the second subaccount by describing the source c
Authentication
-
-
|
OAuth2SAMLBearerAssertion
-
-
|
@@ -292,15 +278,11 @@ Connect the first subaccount to the second subaccount by describing the source c
Proxy Type
-
-
|
Internet
-
-
|
@@ -308,8 +290,6 @@ Connect the first subaccount to the second subaccount by describing the source c
Audience
-
-
|
@@ -330,8 +310,6 @@ Connect the first subaccount to the second subaccount by describing the source c
Example of audience/entityID:
`demo.aws-live-eu10`
-
-
|
@@ -339,15 +317,11 @@ Connect the first subaccount to the second subaccount by describing the source c
Client Key
-
-
|
In the cloud cockpit, navigate to the application in the Cloud Foundry environment \(** \> *Spaces* \> ** \> *Applications* \> **\). Open *Environment Variables*. Copy the value of the *clientid* property in *VCAP\_SERVICES* \> *xsuaa* \> *credentials*.
-
-
|
@@ -355,8 +329,6 @@ Connect the first subaccount to the second subaccount by describing the source c
Token Service URL
-
-
|
@@ -379,8 +351,6 @@ Connect the first subaccount to the second subaccount by describing the source c
Example of token service URL:
`https://demo.authentication.eu10.hana.ondemand.com/oauth/token/alias/demo.aws-live-eu10`
-
-
|
@@ -388,15 +358,11 @@ Connect the first subaccount to the second subaccount by describing the source c
Token Service User
-
-
|
In the cloud cockpit, navigate to the application in the Cloud Foundry environment \(** \> *Spaces* \> ** \> *Applications* \> **\). Open *Environment Variables*. Copy the value of the *clientid* property in *VCAP\_SERVICES* \> *xsuaa* \> *credentials*.
-
-
|
@@ -404,15 +370,11 @@ Connect the first subaccount to the second subaccount by describing the source c
Token Service Password
-
-
|
In the cloud cockpit, navigate to the application in the Cloud Foundry environment \(** \> *Spaces* \> ** \> *Applications* \> **\). Open *Environment Variables*. Copy the value of the *clientsecret* property in *VCAP\_SERVICES* \> *xsuaa* \> *credentials*.
-
-
|
@@ -420,15 +382,11 @@ Connect the first subaccount to the second subaccount by describing the source c
System User
-
-
|
Empty.
-
-
|
diff --git a/docs/60-security-neo/principal-propagation-to-oauth-protected-applications-310f39e.md b/docs/60-security-neo/principal-propagation-to-oauth-protected-applications-310f39e.md
index 613a544..ff2c43e 100644
--- a/docs/60-security-neo/principal-propagation-to-oauth-protected-applications-310f39e.md
+++ b/docs/60-security-neo/principal-propagation-to-oauth-protected-applications-310f39e.md
@@ -65,22 +65,16 @@ The graphic below illustrates the scenario implemented in terms of SAP BTP.
SAML Assertion Element
-
-
|
Value Description
-
-
|
Example
-
-
|
@@ -88,15 +82,11 @@ The graphic below illustrates the scenario implemented in terms of SAP BTP.
Name ID
-
-
|
The authenticated user ID.
-
-
|
@@ -117,8 +107,6 @@ The graphic below illustrates the scenario implemented in terms of SAP BTP.
|
Audience
-
-
|
@@ -133,22 +121,16 @@ The graphic below illustrates the scenario implemented in terms of SAP BTP.
|
Region Host
-
-
|
Description
-
-
|
Required Audience Value
-
-
|
@@ -156,22 +138,16 @@ The graphic below illustrates the scenario implemented in terms of SAP BTP.
hana.ondemand.com
-
-
|
Productive landscape, data center Europe
-
-
|
https://netweaver.ondemand.com
-
-
|
@@ -179,22 +155,16 @@ The graphic below illustrates the scenario implemented in terms of SAP BTP.
ap1.hana.ondemand.com
-
-
|
Productive landscape, data center Asia-Pasific \(Australia\)
-
-
|
ap1.hana.ondemand.com
-
-
|
@@ -202,30 +172,22 @@ The graphic below illustrates the scenario implemented in terms of SAP BTP.
https://us1.hana.ondemand.com
-
-
|
Productive landscape, data center United States \(US East\)
-
-
|
https://us1.hana.ondemand.com/
-
-
|
See [Regions and Hosts Available for the Neo Environment](../10-concepts-neo/regions-and-hosts-available-for-the-neo-environment-d722f7c.md).
-
-
@@ -250,15 +212,11 @@ The graphic below illustrates the scenario implemented in terms of SAP BTP.
|
Issuer ID
-
-
|
The issuer must have as value the OAuth client ID registered at SAP BTP \(in *Cockpit* \> *Security* \> *OAuth* \> *Clients* \> ** \> *Client ID*\).
-
-
|
@@ -279,15 +237,11 @@ The graphic below illustrates the scenario implemented in terms of SAP BTP.
|
Issuer Certificate
-
-
|
The identity provider signing certificate stored in the trust configuration of SAP BTP for this identity provider \(in *Cockpit* \> *Security* \> *Trust* \> *Application Identity Provider* \> * *General* \> *Signing Certificate*\).
-
-
|
@@ -305,15 +259,11 @@ The graphic below illustrates the scenario implemented in terms of SAP BTP.
|
\(Optional\) User Attributes
-
-
|
The attributes that will be assigned to the SAP BTP user.
-
-
|
diff --git a/docs/60-security-neo/protection-from-cross-site-request-forgery-1f5f34e.md b/docs/60-security-neo/protection-from-cross-site-request-forgery-1f5f34e.md
index 831b1eb..5795d29 100644
--- a/docs/60-security-neo/protection-from-cross-site-request-forgery-1f5f34e.md
+++ b/docs/60-security-neo/protection-from-cross-site-request-forgery-1f5f34e.md
@@ -39,29 +39,21 @@ SAP BTP provides two CSRF protection approaches:
CSRF Protection Mechanism
-
-
|
Description
-
-
|
When to Use
-
-
|
How to Use
-
-
|
@@ -69,29 +61,21 @@ How to Use
URL encoding approach
-
-
Based on the [CSRF Prevention Filter](http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CSRF_Prevention_Filter) provided by Apache Tomcat 7. The prevention mechanism is based on a token \(a nonce value\) generated on each request and stored in the session. The token is used to encode all URLs on the entry point sites. Upon request to a protected URL, the existence and value of the token is checked. The request is allowed to proceed only if the nonce from the token equals the one stored in the session. The prevention mechanism is applied for all URLs mapped to the filter except for specially defined entry points.
-
-
|
This is the most common CSRF protection. Use it for protecting resources that are supposed to be accessed via some sort of navigation. For example, if there is a reference to them in an entry point page \(included in links/post forms, and so on\).
-
-
|
See [Using the Apache Tomcat CSRF Prevention Filter](using-the-apache-tomcat-csrf-prevention-filter-e5be999.md).
-
-
|
@@ -99,29 +83,21 @@ See [Using the Apache Tomcat CSRF Prevention Filter](using-the-apache-tomcat-csr
Custom header approach
-
-
Based on a secret token \(a nonce value\) generated on server side and stored in the session, but unlike the first approach, here the token is transported as a custom header of the HTTP requests.
-
-
|
Use it when URL encoding is not suitable. For example, when protecting resources that are requested only as REST APIs \(one time requests that should be served independently from previous requests and are not included in links and HTML forms\). The same approach is implemented in other SAP web application servers like AS ABAP and HANA XS, and is supported by SAP UI5. Common scenarios that can benefit from this approach are those using ODATA services, REST, AJAX, etc.
-
-
|
See [Using Custom Header Protection](using-custom-header-protection-3756f3f.md).
-
-
|
@@ -129,29 +105,21 @@ See [Using Custom Header Protection](using-custom-header-protection-3756f3f.md).
Custom CSRF filtering implementation
-
-
If you cannot use URL encoding or custom header protection, you can implement your custom CSRF filtering
-
-
|
Use it when implementing single logout \(SLO\) for SAP BTP applications. Due to redirects to the SAML 2.0 identity provider, you cannot use the out-of-the-box approaches listed here \(custom header protection or URL encoding.
-
-
|
[Logout](logout-2eebf76.md)
-
-
|
diff --git a/docs/60-security-neo/protection-from-cross-site-scripting-xss-e643316.md b/docs/60-security-neo/protection-from-cross-site-scripting-xss-e643316.md
index be7d6b8..355a5db 100644
--- a/docs/60-security-neo/protection-from-cross-site-scripting-xss-e643316.md
+++ b/docs/60-security-neo/protection-from-cross-site-scripting-xss-e643316.md
@@ -84,15 +84,11 @@ It also has various methods for different data types that should be encoded:
Data Type
-
-
Code Sample for Encoding
-
-
|
@@ -100,15 +96,11 @@ Code Sample for Encoding
HTML / XML:
-
-
out = XSSEncoder.encodeHTML\( in \); / XSSEncoder.encodeXML\( val \);
-
-
|
@@ -116,15 +108,11 @@ out = XSSEncoder.encodeHTML\( in \); / XSSEncoder.encodeXML\( val \);
JavaScript:
-
-
out = XSSEncoder.encodeJavaScript\( val \);
-
-
|
@@ -132,15 +120,11 @@ out = XSSEncoder.encodeJavaScript\( val \);
URL:
-
-
out = XSSEncoder.encodeURL\( val \);
-
-
|
@@ -148,15 +132,11 @@ out = XSSEncoder.encodeURL\( val \);
CSS:
-
-
out = XSSEncoder.encodeCSS\( val \);
-
-
|
diff --git a/docs/60-security-neo/register-an-oauth-client-61d8095.md b/docs/60-security-neo/register-an-oauth-client-61d8095.md
index 42ce4d3..cfaeca2 100644
--- a/docs/60-security-neo/register-an-oauth-client-61d8095.md
+++ b/docs/60-security-neo/register-an-oauth-client-61d8095.md
@@ -28,15 +28,11 @@ To authorize a device to access an OAuth-protected application, you need to regi
Field
-
-
|
Description
-
-
|
@@ -44,15 +40,11 @@ To authorize a device to access an OAuth-protected application, you need to regi
*Name*
-
-
|
The client name.
-
-
|
@@ -60,15 +52,11 @@ To authorize a device to access an OAuth-protected application, you need to regi
*Description*
-
-
|
A free-text description of the client.
-
-
|
@@ -76,15 +64,11 @@ To authorize a device to access an OAuth-protected application, you need to regi
*Subscription*
-
-
|
The application for which you are registering this client. To be able to register for a particular application, this account must be subscribed to it. For more information, see [Register an OAuth Client](register-an-oauth-client-61d8095.md).
-
-
|
@@ -92,8 +76,6 @@ To authorize a device to access an OAuth-protected application, you need to regi
*ID*
-
-
|
@@ -111,15 +93,11 @@ To authorize a device to access an OAuth-protected application, you need to regi
|
*Confidential*
-
-
|
If you mark this box, the client ID will be protected with a password. You will need to supply the password here, and provide it to the client.Required. The ID of the client authorized to access the resource server running on
-
-
|
@@ -127,8 +105,6 @@ To authorize a device to access an OAuth-protected application, you need to regi
*Secret*
-
-
|
@@ -136,8 +112,6 @@ To authorize a device to access an OAuth-protected application, you need to regi
Required. The ID of the client authorized to access theA secret \(password\) that allows the authorization server to authenticate before the client on behalf of the resource owner \(user\).
It will also be needed by the client.
-
-
|
@@ -145,15 +119,11 @@ To authorize a device to access an OAuth-protected application, you need to regi
*Skip Consent Screen*
-
-
|
If you mark this option, no end user action will be required for authorizing this client. Otherwise, the end user will have to confirm granting the requested authorization.
-
-
|
@@ -161,15 +131,11 @@ To authorize a device to access an OAuth-protected application, you need to regi
*Redirect URI*
-
-
|
The application URI to which the authorization server will connect the client with the authorization code.
-
-
|
@@ -177,8 +143,6 @@ To authorize a device to access an OAuth-protected application, you need to regi
*Token Lifetime*
-
-
|
@@ -196,8 +160,6 @@ To authorize a device to access an OAuth-protected application, you need to regi
|
*Refresh Token Lifetime*
-
-
|
@@ -215,15 +177,11 @@ To authorize a device to access an OAuth-protected application, you need to regi
|
*Translations*
-
-
|
Optionally, you can provide translations of the client name and description for localization purposes. Choose the *Translations* button and enter the required language translation there.
-
-
|
diff --git a/docs/60-security-neo/securing-sap-hana-applications-4ed551f.md b/docs/60-security-neo/securing-sap-hana-applications-4ed551f.md
index 0ebffb3..d6d57d4 100644
--- a/docs/60-security-neo/securing-sap-hana-applications-4ed551f.md
+++ b/docs/60-security-neo/securing-sap-hana-applications-4ed551f.md
@@ -25,15 +25,11 @@ In this section, you can find information relevant for securing SAP HANA applica
Info Type
-
-
See
-
-
|
@@ -41,15 +37,11 @@ See
General security concepts for SAP HANA applications
-
-
[SAP HANA Security Guide](http://help.sap.com/hana/SAP_HANA_Security_Guide_en.pdf)
-
-
|
@@ -57,15 +49,11 @@ General security concepts for SAP HANA applications
Specific security concepts for SAP HANA applications running on SAP BTP
-
-
[Configure SAML 2.0 Authentication](../30-development-neo/configure-saml-2-0-authentication-2a71022.md)
-
-
|
diff --git a/docs/60-security-neo/security-development-6fafbaa.md b/docs/60-security-neo/security-development-6fafbaa.md
index d694a3d..e59e749 100644
--- a/docs/60-security-neo/security-development-6fafbaa.md
+++ b/docs/60-security-neo/security-development-6fafbaa.md
@@ -21,15 +21,11 @@ SAP BTP provides the following APIs for user management and authentication:
Package
-
-
Description
-
-
|
@@ -37,15 +33,11 @@ Description
**User Management API**
-
-
-
-
|
@@ -57,15 +49,11 @@ Description
`com.sap.security.um.service`
-
-
The user management API can be used to create and delete users or update user information.
-
-
|
@@ -73,15 +61,11 @@ The user management API can be used to create and delete users or update user in
**Authentication API**
-
-
-
-
|
@@ -89,15 +73,11 @@ The user management API can be used to create and delete users or update user in
`com.sap.security.auth.login`
-
-
The authentication API provides basic login modules and callback handlers implementations and a custom LoginContext implemenatation. It relies on the user management API to provide user information required during the authentication process.
-
-
|
@@ -105,15 +85,11 @@ The authentication API provides basic login modules and callback handlers implem
**Password Storage API**
-
-
-
-
|
@@ -121,15 +97,11 @@ The authentication API provides basic login modules and callback handlers implem
`com.sap.cloud.security.password`
-
-
The password storage API allows users to securely persist passwords and key phrases, such as passwords for keystore files.
-
-
|
diff --git a/docs/60-security-neo/security-events-logged-by-the-neo-services-2f02cbe.md b/docs/60-security-neo/security-events-logged-by-the-neo-services-2f02cbe.md
index 79b7a17..55fa63d 100644
--- a/docs/60-security-neo/security-events-logged-by-the-neo-services-2f02cbe.md
+++ b/docs/60-security-neo/security-events-logged-by-the-neo-services-2f02cbe.md
@@ -13,15 +13,11 @@ This document contains a list of the Neo services that log security events. The
Service
-
-
Audit log events page of the service
-
-
|
@@ -29,15 +25,11 @@ Audit log events page of the service
Custom Domain \(Neo\)
-
-
[Auditing and Logging Information](https://help.sap.com/docs/BTP/ea72206b834e4ace9cd834feed6c0e09/2b2c350cafe54fa587aac6b3c82c11f3.html)
-
-
|
@@ -45,15 +37,11 @@ Custom Domain \(Neo\)
OAuth 2.0
-
-
[Auditing and Logging Information for OAuth 2.0 Service](https://help.sap.com/viewer/ea72206b834e4ace9cd834feed6c0e09/Cloud/en-US/17d6fd1de6cb447da9ba19c99541e566.html)
-
-
|
@@ -61,15 +49,11 @@ OAuth 2.0
SAP Application Logging \(Neo\)
-
-
[Auditing and Logging Information](https://help.sap.com/docs/APPLICATION_LOGGING/f88a032109f0429caea276fc6e3a95f9/0be6d73289fc4060bec123f06dab9f5d.html)
-
-
|
@@ -77,15 +61,11 @@ SAP Application Logging \(Neo\)
SAP Cloud Integration \(Neo\)
-
-
[Auditing and Logging Information](https://help.sap.com/docs/CLOUD_INTEGRATION/368c481cd6954bdfa5d0435479fd4eaf/d1c7bfe00b7c448ab56d7b4d454475f9.html)
-
-
|
@@ -93,15 +73,11 @@ SAP Cloud Integration \(Neo\)
SAP HANA Service for SAP BTP in SAP Regions \(Neo\)
-
-
[Audit Logging](https://help.sap.com/docs/HANA_SERVICE_SAP_CP/d4790b2de2f4429db6f3dff54e4d7b3a/502682be3f734b19af8b307079b50cbd.html)
-
-
|
@@ -109,15 +85,11 @@ SAP HANA Service for SAP BTP in SAP Regions \(Neo\)
SAP Mobile Services
-
-
[Viewing the User Audit Log](https://help.sap.com/docs/SAP_MOBILE_SERVICES/38dbd9fbb49240f3b4d954e92335e670/39ebea2e25f946b7a7d6994689c0786c.html)
-
-
|
diff --git a/docs/60-security-neo/simplifying-oauth-2-0-authentication-with-destinations-c8b8c06.md b/docs/60-security-neo/simplifying-oauth-2-0-authentication-with-destinations-c8b8c06.md
index b283d88..aa848b5 100644
--- a/docs/60-security-neo/simplifying-oauth-2-0-authentication-with-destinations-c8b8c06.md
+++ b/docs/60-security-neo/simplifying-oauth-2-0-authentication-with-destinations-c8b8c06.md
@@ -21,22 +21,16 @@ Both APIs cache issued access tokens and automatically reuse them. In addition,
Scenario
-
-
Use Connectivity API
-
-
|
Details
-
-
|
@@ -44,8 +38,6 @@ Details
Client credentials
-
-
@@ -53,8 +45,6 @@ HttpDestination API
AuthenticationHeaderProvider API
-
-
|
@@ -62,8 +52,6 @@ If you use the HttpDestination API, a token is automatically issued based on the
If you use the AuthenticationHeaderProvider API, you need to generate client credentials headers and insert them in your request. See [Generate Client Credentials Headers](https://help.sap.com/docs/CP_CONNECTIVITY/b865ed651e414196b39f8922db2122c7/df6c1ffd39f0451594d737cf7638ce00.html?version=Cloud&locale=en-US).
-
-
|
@@ -71,22 +59,16 @@ If you use the AuthenticationHeaderProvider API, you need to generate client cre
SAML bearer assertion
-
-
AuthenticationHeaderProvider API
-
-
|
Generates OAuth authorization headers. See [Generate OAuth2SAMLBearerAssertion Headers](https://help.sap.com/docs/CP_CONNECTIVITY/b865ed651e414196b39f8922db2122c7/df6c1ffd39f0451594d737cf7638ce00.html?version=Cloud&locale=en-US)
-
-
|
diff --git a/docs/60-security-neo/trust-management-api-e757ea3.md b/docs/60-security-neo/trust-management-api-e757ea3.md
index 1cea607..2ea0457 100644
--- a/docs/60-security-neo/trust-management-api-e757ea3.md
+++ b/docs/60-security-neo/trust-management-api-e757ea3.md
@@ -51,22 +51,16 @@ See [Trust Management API Reference](https://api.sap.com/api/TrustManagementAPI/
Use Case
-
-
Description
-
-
|
Corresponding Trust Settings
-
-
|
@@ -74,8 +68,6 @@ Corresponding Trust Settings
Fully featured application identity providers
-
-
@@ -83,8 +75,6 @@ For delegating the authentication and authorization of your applications to a th
For more information, see [Authorization and Trust Management in the Neo Environment](authorization-and-trust-management-in-the-neo-environment-e6b196a.md).
-
-
|
@@ -96,8 +86,6 @@ For more information, see [Authorization and Trust Management in the Neo Environ
At least one fully featured \(not only for IdP-initiated SSO or only for OAuth 2.0 SAML Beared Flow\)
-
-
|
@@ -105,8 +93,6 @@ At least one fully featured \(not only for IdP-initiated SSO or only for OAuth 2
Configuration with application identity providers only for IdP-initiated single-sign on \(SSO\) or only for OAuth 2.0 SAML Bearer Flow
-
-
@@ -116,8 +102,6 @@ This allows a more fine-granular and secure control of which IdPs are allowed du
*Only for OAuth 2.0 SAML Bearer Flow*: The IdP will only be used to validate SAML Assertions received via the OAuth SAML Bearer Flow.
-
-
|
@@ -129,8 +113,6 @@ This allows a more fine-granular and secure control of which IdPs are allowed du
*Only for IdP-initiated SSO*: enabled or *Only for SAML Bearer Flow*: enabled
-
-
|
@@ -138,15 +120,11 @@ This allows a more fine-granular and secure control of which IdPs are allowed du
Principal propagation
-
-
Enables applications to propagate principal information to each other. Choose this use case if you want to enable application-to-application single sign-on.
-
-
|
@@ -160,8 +138,6 @@ None
*Principal Propagation*: enabled
-
-
|
@@ -169,15 +145,11 @@ None
Cross-subaccount principal propagation
-
-
Enables principal propagation between applications in different subaccounts. For more information, see [Principal Propagation Between Neo Subaccounts](principal-propagation-between-neo-subaccounts-038c9de.md#loio038c9de27e5c4867a3f13cda9e8c0823).
-
-
|
@@ -191,8 +163,6 @@ Enables principal propagation between applications in different subaccounts. For
*Only for IdP-initiated SSO*: enabled
-
-
|
diff --git a/docs/60-security-neo/trusted-certificate-authorities-for-client-certificate-authentication-fe95707.md b/docs/60-security-neo/trusted-certificate-authorities-for-client-certificate-authentication-fe95707.md
index d068639..ef6c9dd 100644
--- a/docs/60-security-neo/trusted-certificate-authorities-for-client-certificate-authentication-fe95707.md
+++ b/docs/60-security-neo/trusted-certificate-authorities-for-client-certificate-authentication-fe95707.md
@@ -25,22 +25,16 @@ To enable client certificate authentication in your application, users need to p
Subject DN
-
-
Issuer DN
-
-
|
SHA1
-
-
|
@@ -48,22 +42,16 @@ SHA1
C=DE, O=Atos, CN=Atos TrustedRoot 2011
-
-
C=DE, O=Atos, CN=Atos TrustedRoot 2011
-
-
|
2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21
-
-
|
@@ -71,22 +59,16 @@ C=DE, O=Atos, CN=Atos TrustedRoot 2011
CN=Amazon Root CA 1, O=Amazon, C=US
-
-
CN=Amazon Root CA 1, O=Amazon, C=US
-
-
|
8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16
-
-
|
@@ -94,22 +76,16 @@ CN=Amazon Root CA 1, O=Amazon, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
-
-
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
-
-
|
D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
-
-
|
@@ -117,22 +93,16 @@ D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
-
-
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
-
-
|
62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18
-
-
|
@@ -140,22 +110,16 @@ CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
CN=COMODO Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
-
-
CN=COMODO Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
-
-
|
EE:86:93:87:FF:FD:83:49:AB:5A:D1:43:22:58:87:89:A4:57:B0:12
-
-
|
@@ -163,22 +127,16 @@ EE:86:93:87:FF:FD:83:49:AB:5A:D1:43:22:58:87:89:A4:57:B0:12
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
-
-
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
-
-
|
AF:E5:D2:44:A8:D1:19:42:30:FF:47:9F:E2:F8:97:BB:CD:7A:8C:B4
-
-
|
@@ -186,22 +144,16 @@ AF:E5:D2:44:A8:D1:19:42:30:FF:47:9F:E2:F8:97:BB:CD:7A:8C:B4
CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
|
05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
-
-
|
@@ -209,22 +161,16 @@ CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
|
A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F
-
-
|
@@ -232,22 +178,16 @@ A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
|
A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
-
-
|
@@ -255,22 +195,16 @@ A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
|
DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4
-
-
|
@@ -278,22 +212,16 @@ DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
|
5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
-
-
|
@@ -301,22 +229,16 @@ CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=Entrust Root Certification Authority - G2, OU=\(c\) 2009 Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US
-
-
CN=Entrust Root Certification Authority - G2, OU=\(c\) 2009 Entrust, Inc. - for authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US
-
-
|
8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4
-
-
|
@@ -324,22 +246,16 @@ CN=Entrust Root Certification Authority - G2, OU=\(c\) 2009 Entrust, Inc. - for
CN=Entrust Root Certification Authority, OU=\(c\) 2006 Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, O=Entrust, Inc., C=US
-
-
CN=Entrust Root Certification Authority, OU=\(c\) 2006 Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, O=Entrust, Inc., C=US
-
-
|
B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9
-
-
|
@@ -347,22 +263,16 @@ B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9
CN=Entrust.net Certification Authority \(2048\), OU=\(c\) 1999 Entrust.net Limited, OU=www.entrust.net/CPS\_2048 incorp. by ref. \(limits liab.\), O=Entrust.net
-
-
CN=Entrust.net Certification Authority \(2048\), OU=\(c\) 1999 Entrust.net Limited, OU=www.entrust.net/CPS\_2048 incorp. by ref. \(limits liab.\), O=Entrust.net
-
-
|
50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31
-
-
|
@@ -370,22 +280,16 @@ CN=Entrust.net Certification Authority \(2048\), OU=\(c\) 1999 Entrust.net Limit
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
-
-
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
-
-
|
B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
-
-
|
@@ -393,22 +297,16 @@ B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
-
-
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
-
-
|
D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD
-
-
|
@@ -416,22 +314,16 @@ D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD
CN=Go Daddy Root Certificate Authority - G2, O=GoDaddy.com, Inc., L=Scottsdale, ST=Arizona, C=US
-
-
CN=Go Daddy Root Certificate Authority - G2, O=GoDaddy.com, Inc., L=Scottsdale, ST=Arizona, C=US
-
-
|
47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B
-
-
|
@@ -439,22 +331,16 @@ CN=Go Daddy Root Certificate Authority - G2, O=GoDaddy.com, Inc., L=Scottsdale,
CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
-
-
CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
-
-
|
09:3C:61:F3:8B:8B:DC:7D:55:DF:75:38:02:05:00:E1:25:F5:C8:36
-
-
|
@@ -462,22 +348,16 @@ CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
-
-
CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
-
-
|
CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7
-
-
|
@@ -485,22 +365,16 @@ CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7
CN=SAP Cloud Root CA, O=SAP SE, L=Walldorf, C=DE
-
-
CN=SAP Cloud Root CA, O=SAP SE, L=Walldorf, C=DE
-
-
|
6D:80:92:77:4A:F2:D5:ED:AE:3A:5C:99:D6:56:93:1C:21:97:A9:50
-
-
|
@@ -508,22 +382,16 @@ CN=SAP Cloud Root CA, O=SAP SE, L=Walldorf, C=DE
CN=SAP Global Root CA, O=SAP AG, L=Walldorf, C=DE
-
-
CN=SAP Global Root CA, O=SAP AG, L=Walldorf, C=DE
-
-
|
0A:B6:2A:F4:7F:E5:59:84:7D:79:8A:1F:C4:E1:7F:67:FD:7E:82:4C
-
-
|
@@ -531,22 +399,16 @@ CN=SAP Global Root CA, O=SAP AG, L=Walldorf, C=DE
CN=SAP Internet of Things CA, O=SAP IoT Trust Community II, C=DE
-
-
CN=SAP Internet of Things CA, O=SAP IoT Trust Community II, C=DE
-
-
|
45:53:D3:F2:22:58:FE:35:59:B1:84:9F:27:3B:8C:69:C2:4C:FA:15
-
-
|
@@ -554,22 +416,16 @@ CN=SAP Internet of Things CA, O=SAP IoT Trust Community II, C=DE
CN=SSO\_CA, O=SAP-AG, C=DE
-
-
CN=SSO\_CA, O=SAP-AG, C=DE
-
-
|
4D:11:61:08:30:D7:B3:1C:62:87:19:8E:95:D5:5F:3E:8F:05:E4:0B
-
-
|
@@ -577,22 +433,16 @@ CN=SSO\_CA, O=SAP-AG, C=DE
CN=Starfield Services Root Certificate Authority - G2, O=Starfield Technologies, Inc., L=Scottsdale, ST=Arizona, C=US
-
-
CN=Starfield Services Root Certificate Authority - G2, O=Starfield Technologies, Inc., L=Scottsdale, ST=Arizona, C=US
-
-
|
92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F
-
-
|
@@ -600,22 +450,16 @@ CN=Starfield Services Root Certificate Authority - G2, O=Starfield Technologies,
CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
-
-
CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
-
-
|
D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61
-
-
|
@@ -623,22 +467,16 @@ D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61
CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
-
-
CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
-
-
|
56:E0:FA:C0:3B:8F:18:23:55:18:E5:D3:11:CA:E8:C2:43:31:AB:66
-
-
|
@@ -646,22 +484,16 @@ CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
-
-
CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
-
-
|
9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
-
-
|
@@ -669,22 +501,16 @@ CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
-
-
CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
-
-
|
59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9
-
-
|
@@ -692,22 +518,16 @@ CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterpri
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
-
-
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
-
-
|
2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E
-
-
|
@@ -715,22 +535,16 @@ CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City
OU=Go Daddy Class 2 Certification Authority, O=The Go Daddy Group, Inc., C=US
-
-
OU=Go Daddy Class 2 Certification Authority, O=The Go Daddy Group, Inc., C=US
-
-
|
27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4
-
-
|
@@ -738,22 +552,16 @@ OU=Go Daddy Class 2 Certification Authority, O=The Go Daddy Group, Inc., C=US
OU=Starfield Class 2 Certification Authority, O=Starfield Technologies, Inc., C=US
-
-
OU=Starfield Class 2 Certification Authority, O=Starfield Technologies, Inc., C=US
-
-
|
AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
-
-
|
diff --git a/docs/60-security-neo/trusted-certificate-authorities-for-outbound-ssl-connections-b106362.md b/docs/60-security-neo/trusted-certificate-authorities-for-outbound-ssl-connections-b106362.md
index 9e4ca23..96adf46 100644
--- a/docs/60-security-neo/trusted-certificate-authorities-for-outbound-ssl-connections-b106362.md
+++ b/docs/60-security-neo/trusted-certificate-authorities-for-outbound-ssl-connections-b106362.md
@@ -31,22 +31,16 @@ Trusted certificate authorities:
Certificate Alias
-
-
Certificate Name
-
-
|
Certificate SHA1
-
-
|
@@ -54,22 +48,16 @@ Certificate SHA1
actalisauthenticationrootca \[jdk\]
-
-
CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT
-
-
|
F3:73:B3:87:06:5A:28:84:8A:F2:F3:4A:CE:19:2B:DD:C7:8E:9C:AC
-
-
|
@@ -77,22 +65,16 @@ F3:73:B3:87:06:5A:28:84:8A:F2:F3:4A:CE:19:2B:DD:C7:8E:9C:AC
affirmtrustcommercialca \[jdk\]
-
-
CN=AffirmTrust Commercial, O=AffirmTrust, C=US
-
-
|
F9:B5:B6:32:45:5F:9C:BE:EC:57:5F:80:DC:E9:6E:2C:C7:B2:78:B7
-
-
|
@@ -100,22 +82,16 @@ F9:B5:B6:32:45:5F:9C:BE:EC:57:5F:80:DC:E9:6E:2C:C7:B2:78:B7
affirmtrustnetworkingca \[jdk\]
-
-
CN=AffirmTrust Networking, O=AffirmTrust, C=US
-
-
|
29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F
-
-
|
@@ -123,22 +99,16 @@ CN=AffirmTrust Networking, O=AffirmTrust, C=US
affirmtrustpremiumca \[jdk\]
-
-
CN=AffirmTrust Premium, O=AffirmTrust, C=US
-
-
|
D8:A6:33:2C:E0:03:6F:B1:85:F6:63:4F:7D:6A:06:65:26:32:28:27
-
-
|
@@ -146,22 +116,16 @@ D8:A6:33:2C:E0:03:6F:B1:85:F6:63:4F:7D:6A:06:65:26:32:28:27
affirmtrustpremiumeccca \[jdk\]
-
-
CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US
-
-
|
B8:23:6B:00:2F:1D:16:86:53:01:55:6C:11:A4:37:CA:EB:FF:C3:BB
-
-
|
@@ -169,22 +133,16 @@ B8:23:6B:00:2F:1D:16:86:53:01:55:6C:11:A4:37:CA:EB:FF:C3:BB
amazonrootca1 \[jdk\]
-
-
CN=Amazon Root CA 1, O=Amazon, C=US
-
-
|
8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16
-
-
|
@@ -192,22 +150,16 @@ CN=Amazon Root CA 1, O=Amazon, C=US
amazonrootca2 \[jdk\]
-
-
CN=Amazon Root CA 2, O=Amazon, C=US
-
-
|
5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A
-
-
|
@@ -215,22 +167,16 @@ CN=Amazon Root CA 2, O=Amazon, C=US
amazonrootca3 \[jdk\]
-
-
CN=Amazon Root CA 3, O=Amazon, C=US
-
-
|
0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E
-
-
|
@@ -238,22 +184,16 @@ CN=Amazon Root CA 3, O=Amazon, C=US
amazonrootca4 \[jdk\]
-
-
CN=Amazon Root CA 4, O=Amazon, C=US
-
-
|
F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE
-
-
|
@@ -261,22 +201,16 @@ F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE
atostrustedroot2011
-
-
C=DE, O=Atos, CN=Atos TrustedRoot 2011
-
-
|
2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21
-
-
|
@@ -284,22 +218,16 @@ C=DE, O=Atos, CN=Atos TrustedRoot 2011
baltimorecybertrustca
-
-
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
-
-
|
D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
-
-
|
@@ -307,22 +235,16 @@ D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
buypassclass2ca \[jdk\]
-
-
CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
-
-
|
49:0A:75:74:DE:87:0A:47:FE:58:EE:F6:C7:6B:EB:C6:0B:12:40:99
-
-
|
@@ -330,22 +252,16 @@ CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
buypassclass3ca \[jdk\]
-
-
CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
-
-
|
DA:FA:F7:FA:66:84:EC:06:8F:14:50:BD:C7:C2:81:A5:BC:A9:64:57
-
-
|
@@ -353,22 +269,16 @@ DA:FA:F7:FA:66:84:EC:06:8F:14:50:BD:C7:C2:81:A5:BC:A9:64:57
camerfirmachambersca \[jdk\]
-
-
CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid \(see current address at www.camerfirma.com/address\), C=EU
-
-
|
78:6A:74:AC:76:AB:14:7F:9C:6A:30:50:BA:9E:A8:7E:FE:9A:CE:3C
-
-
|
@@ -376,22 +286,16 @@ CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A8274328
camerfirmachamberscommerceca \[jdk\]
-
-
CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
-
-
|
6E:3A:55:A4:19:0C:19:5C:93:84:3C:C0:DB:72:2E:31:30:61:F0:B1
-
-
|
@@ -399,22 +303,16 @@ CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA
camerfirmachambersignca \[jdk\]
-
-
CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid \(see current address at www.camerfirma.com/address\), C=EU
-
-
|
4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C
-
-
|
@@ -422,22 +320,16 @@ CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287,
certignaca \[jdk\]
-
-
CN=Certigna, O=Dhimyotis, C=FR
-
-
|
B1:2E:13:63:45:86:A4:6F:1A:B2:60:68:37:58:2D:C4:AC:FD:94:97
-
-
|
@@ -445,22 +337,16 @@ B1:2E:13:63:45:86:A4:6F:1A:B2:60:68:37:58:2D:C4:AC:FD:94:97
certumca \[jdk\]
-
-
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
-
-
|
62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18
-
-
|
@@ -468,22 +354,16 @@ CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
certumtrustednetworkca \[jdk\]
-
-
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
-
-
|
07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E
-
-
|
@@ -491,22 +371,16 @@ CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Techn
chunghwaepkirootca \[jdk\]
-
-
OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
-
-
|
67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0
-
-
|
@@ -514,22 +388,16 @@ OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
comodoaaaca \[jdk\]
-
-
CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
-
-
|
D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
-
-
|
@@ -537,22 +405,16 @@ D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
comodoeccca \[jdk\]
-
-
CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
-
-
|
9F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11
-
-
|
@@ -560,22 +422,16 @@ CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greate
comodorsaca
-
-
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
-
-
|
AF:E5:D2:44:A8:D1:19:42:30:FF:47:9F:E2:F8:97:BB:CD:7A:8C:B4
-
-
|
@@ -583,22 +439,16 @@ AF:E5:D2:44:A8:D1:19:42:30:FF:47:9F:E2:F8:97:BB:CD:7A:8C:B4
digicertassuredidg2 \[jdk\]
-
-
CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
|
A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F
-
-
|
@@ -606,22 +456,16 @@ A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F
digicertassuredidg3 \[jdk\]
-
-
CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
|
F5:17:A2:4F:9A:48:C6:C9:F8:A2:00:26:9F:DC:0F:48:2C:AB:30:89
-
-
|
@@ -629,22 +473,16 @@ F5:17:A2:4F:9A:48:C6:C9:F8:A2:00:26:9F:DC:0F:48:2C:AB:30:89
digicertassuredidrootca
-
-
CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
|
05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
-
-
|
@@ -652,22 +490,16 @@ CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
digicertglobalrootca\_g2
-
-
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
|
DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4
-
-
|
@@ -675,22 +507,16 @@ DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4
digicertglobalrootcalss2\_g3
-
-
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
|
A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
-
-
|
@@ -698,22 +524,16 @@ A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
digicertglobalrootg3 \[jdk\]
-
-
CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
|
7E:04:DE:89:6A:3E:66:6D:00:E6:87:D3:3F:FA:D9:3B:E8:3D:34:9E
-
-
|
@@ -721,22 +541,16 @@ CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
digicerthighassuranceevrootca
-
-
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
|
5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
-
-
|
@@ -744,22 +558,16 @@ CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
digicerttrustedrootg4 \[jdk\]
-
-
CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US
-
-
|
DD:FB:16:CD:49:31:C9:73:A2:03:7D:3F:C8:3A:4D:7D:77:5D:05:E4
-
-
|
@@ -767,22 +575,16 @@ DD:FB:16:CD:49:31:C9:73:A2:03:7D:3F:C8:3A:4D:7D:77:5D:05:E4
dtrustclass3ca2 \[jdk\]
-
-
CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE
-
-
|
58:E8:AB:B0:36:15:33:FB:80:F7:9B:1B:6D:29:D3:FF:8D:5F:00:F0
-
-
|
@@ -790,22 +592,16 @@ CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE
dtrustclass3ca2ev \[jdk\]
-
-
CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE
-
-
|
96:C9:1B:0B:95:B4:10:98:42:FA:D0:D8:22:79:FE:60:FA:B9:16:83
-
-
|
@@ -813,22 +609,16 @@ CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE
entrust\_ca\_2048
-
-
CN=Entrust.net Certification Authority \(2048\), OU=\(c\) 1999 Entrust.net Limited, OU=www.entrust.net/CPS\_2048 incorp. by ref. \(limits liab.\), O=Entrust.net
-
-
|
50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31
-
-
|
@@ -836,22 +626,16 @@ CN=Entrust.net Certification Authority \(2048\), OU=\(c\) 1999 Entrust.net Limit
entrust\_ev\_ca
-
-
CN=Entrust Root Certification Authority, OU="\(c\) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
-
-
|
B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9
-
-
|
@@ -859,22 +643,16 @@ B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9
entrust\_g2\_ca
-
-
CN=Entrust Root Certification Authority - G2, OU="\(c\) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
-
-
|
8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4
-
-
|
@@ -882,22 +660,16 @@ CN=Entrust Root Certification Authority - G2, OU="\(c\) 2009 Entrust, Inc. - for
entrustrootcaec1 \[jdk\]
-
-
CN=Entrust Root Certification Authority - EC1, OU="\(c\) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
-
-
|
20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47
-
-
|
@@ -905,22 +677,16 @@ CN=Entrust Root Certification Authority - EC1, OU="\(c\) 2012 Entrust, Inc. - fo
entrustrootcag4 \[jdk\]
-
-
CN=Entrust Root Certification Authority - G4, OU="\(c\) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
-
-
|
14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01
-
-
|
@@ -928,22 +694,16 @@ CN=Entrust Root Certification Authority - G4, OU="\(c\) 2015 Entrust, Inc. - for
gd-class2-root
-
-
OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
-
-
|
27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4
-
-
|
@@ -951,22 +711,16 @@ OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
gd\_intermediate
-
-
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
-
-
|
7C:46:56:C3:06:1F:7F:4C:0D:67:B3:19:A8:55:F6:0E:BC:11:FC:44
-
-
|
@@ -974,22 +728,16 @@ SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://cer
gdroot-g2
-
-
CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
-
-
|
47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B
-
-
|
@@ -997,22 +745,16 @@ CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale
geotrust\_pca\_g3\_root
-
-
CN=GeoTrust Primary Certification Authority - G3, OU=\(c\) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
-
-
|
03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD
-
-
|
@@ -1020,22 +762,16 @@ CN=GeoTrust Primary Certification Authority - G3, OU=\(c\) 2008 GeoTrust Inc. -
geotrustglobalca
-
-
CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
-
-
|
DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
-
-
|
@@ -1043,22 +779,16 @@ DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
geotrustprimaryca
-
-
CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
-
-
|
32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96
-
-
|
@@ -1066,22 +796,16 @@ CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
geotrustprimarycag2 \[jdk\]
-
-
CN=GeoTrust Primary Certification Authority - G2, OU=\(c\) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
-
-
|
8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0
-
-
|
@@ -1089,22 +813,16 @@ CN=GeoTrust Primary Certification Authority - G2, OU=\(c\) 2007 GeoTrust Inc. -
geotrustuniversalca
-
-
CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
-
-
|
E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79
-
-
|
@@ -1112,22 +830,16 @@ E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79
globalsignca
-
-
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
-
-
|
B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
-
-
|
@@ -1135,22 +847,16 @@ B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
globalsigneccrootcar4 \[jdk\]
-
-
CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
-
-
|
69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB
-
-
|
@@ -1158,22 +864,16 @@ CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
globalsigneccrootcar5 \[jdk\]
-
-
CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
-
-
|
1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA
-
-
|
@@ -1181,22 +881,16 @@ CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
globalsigneccrootcar6
-
-
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6
-
-
|
80:94:64:0E:B5:A7:A1:CA:11:9C:1F:DD:D5:9F:81:02:63:A7:FB:D1
-
-
|
@@ -1204,22 +898,16 @@ CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6
globalsignr3ca
-
-
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
-
-
|
D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD
-
-
|
@@ -1227,22 +915,16 @@ D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD
gtsrootcar1 \[jdk\]
-
-
CN=GTS Root R1, O=Google Trust Services LLC, C=US
-
-
|
E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A
-
-
|
@@ -1250,22 +932,16 @@ E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A
gtsrootcar2 \[jdk\]
-
-
CN=GTS Root R2, O=Google Trust Services LLC, C=US
-
-
|
9A:44:49:76:32:DB:DE:FA:D0:BC:FB:5A:7B:17:BD:9E:56:09:24:94
-
-
|
@@ -1273,22 +949,16 @@ CN=GTS Root R2, O=Google Trust Services LLC, C=US
gtsrootecccar3 \[jdk\]
-
-
CN=GTS Root R3, O=Google Trust Services LLC, C=US
-
-
|
ED:E5:71:80:2B:C8:92:B9:5B:83:3C:D2:32:68:3F:09:CD:A0:1E:46
-
-
|
@@ -1296,22 +966,16 @@ ED:E5:71:80:2B:C8:92:B9:5B:83:3C:D2:32:68:3F:09:CD:A0:1E:46
gtsrootecccar4 \[jdk\]
-
-
CN=GTS Root R4, O=Google Trust Services LLC, C=US
-
-
|
77:D3:03:67:B5:E0:0C:15:F6:0C:38:61:DF:7C:E1:3B:92:46:4D:47
-
-
|
@@ -1319,22 +983,16 @@ CN=GTS Root R4, O=Google Trust Services LLC, C=US
haricaeccrootca2015 \[jdk\]
-
-
CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
-
-
|
9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66
-
-
|
@@ -1342,22 +1000,16 @@ CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Acade
haricarootca2015 \[jdk\]
-
-
CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
-
-
|
01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6
-
-
|
@@ -1365,22 +1017,16 @@ CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic
identrustcommercial \[jdk\]
-
-
CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US
-
-
|
DF:71:7E:AA:4A:D9:4E:C9:55:84:99:60:2D:48:DE:5F:BC:F0:3A:25
-
-
|
@@ -1388,22 +1034,16 @@ DF:71:7E:AA:4A:D9:4E:C9:55:84:99:60:2D:48:DE:5F:BC:F0:3A:25
identrustpublicca \[jdk\]
-
-
CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US
-
-
|
BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD
-
-
|
@@ -1411,22 +1051,16 @@ BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD
letsencryptisrgx1 \[jdk\]
-
-
CN=ISRG Root X1, O=Internet Security Research Group, C=US
-
-
|
CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
-
-
|
@@ -1434,22 +1068,16 @@ CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
luxtrustglobalroot2ca \[jdk\]
-
-
CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU
-
-
|
1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F
-
-
|
@@ -1457,22 +1085,16 @@ CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU
microsoftecc2017 \[jdk\]
-
-
CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US
-
-
|
99:9A:64:C3:7F:F4:7D:9F:AB:95:F1:47:69:89:14:60:EE:C4:C3:C5
-
-
|
@@ -1480,22 +1102,16 @@ CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US
microsoftrsa2017 \[jdk\]
-
-
CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US
-
-
|
73:A5:E6:4A:3B:FF:83:16:FF:0E:DC:CC:61:8A:90:6E:4E:AE:4D:74
-
-
|
@@ -1503,22 +1119,16 @@ CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US
quovadisrootca1g3 \[jdk\]
-
-
CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM
-
-
|
1B:8E:EA:57:96:29:1A:C9:39:EA:B8:0A:81:1A:73:73:C0:93:79:67
-
-
|
@@ -1526,22 +1136,16 @@ CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM
quovadisrootca2 \[jdk\]
-
-
CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
-
-
|
CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7
-
-
|
@@ -1549,22 +1153,16 @@ CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7
quovadisrootca2g3 \[jdk\]
-
-
CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
-
-
|
09:3C:61:F3:8B:8B:DC:7D:55:DF:75:38:02:05:00:E1:25:F5:C8:36
-
-
|
@@ -1572,22 +1170,16 @@ CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
quovadisrootca3 \[jdk\]
-
-
CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
-
-
|
1F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85
-
-
|
@@ -1595,22 +1187,16 @@ CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
quovadisrootca3g3 \[jdk\]
-
-
CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM
-
-
|
48:12:BD:92:3C:A8:C4:39:06:E7:30:6D:27:96:E6:A4:CF:22:2E:7D
-
-
|
@@ -1618,22 +1204,16 @@ CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM
sapcloudrootca
-
-
CN=SAP Cloud Root CA, O=SAP SE, L=Walldorf, C=DE
-
-
|
6D:80:92:77:4A:F2:D5:ED:AE:3A:5C:99:D6:56:93:1C:21:97:A9:50
-
-
|
@@ -1641,22 +1221,16 @@ CN=SAP Cloud Root CA, O=SAP SE, L=Walldorf, C=DE
sapglobalrootca \[jdk\]
-
-
CN=SAP Global Root CA, O=SAP AG, L=Walldorf, C=DE
-
-
|
0A:B6:2A:F4:7F:E5:59:84:7D:79:8A:1F:C4:E1:7F:67:FD:7E:82:4C
-
-
|
@@ -1664,22 +1238,16 @@ CN=SAP Global Root CA, O=SAP AG, L=Walldorf, C=DE
secomscrootca1 \[jdk\]
-
-
OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
-
-
|
36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7
-
-
|
@@ -1687,22 +1255,16 @@ OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
secomscrootca2 \[jdk\]
-
-
OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
-
-
|
5F:3B:8C:F2:F8:10:B3:7D:78:B4:CE:EC:19:19:C3:73:34:B9:C7:74
-
-
|
@@ -1710,22 +1272,16 @@ OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
securetrustca \[jdk\]
-
-
CN=SecureTrust CA, O=SecureTrust Corporation, C=US
-
-
|
87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11
-
-
|
@@ -1733,22 +1289,16 @@ CN=SecureTrust CA, O=SecureTrust Corporation, C=US
sslrooteccca \[jdk\]
-
-
CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
-
-
|
C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A
-
-
|
@@ -1756,22 +1306,16 @@ C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A
sslrootevrsaca \[jdk\]
-
-
CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
-
-
|
74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A
-
-
|
@@ -1779,22 +1323,16 @@ CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston,
sslrootrsaca \[jdk\]
-
-
CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
-
-
|
B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB
-
-
|
@@ -1802,22 +1340,16 @@ B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB
starfieldclass2ca \[jdk\]
-
-
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
-
-
|
AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
-
-
|
@@ -1825,22 +1357,16 @@ AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
starfieldrootg2ca \[jdk\]
-
-
CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
-
-
|
B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E
-
-
|
@@ -1848,22 +1374,16 @@ B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E
starfieldservicesrootg2ca \[jdk\]
-
-
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
-
-
|
92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F
-
-
|
@@ -1871,22 +1391,16 @@ CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies
swisssigngoldg2ca
-
-
CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
-
-
|
D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61
-
-
|
@@ -1894,22 +1408,16 @@ D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61
swisssignplatinumg2ca
-
-
CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
-
-
|
56:E0:FA:C0:3B:8F:18:23:55:18:E5:D3:11:CA:E8:C2:43:31:AB:66
-
-
|
@@ -1917,22 +1425,16 @@ CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
swisssignsilverg2ca
-
-
CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
-
-
|
9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
-
-
|
@@ -1940,22 +1442,16 @@ CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
teliasonerarootcav1 \[jdk\]
-
-
CN=TeliaSonera Root CA v1, O=TeliaSonera
-
-
|
43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37
-
-
|
@@ -1963,22 +1459,16 @@ CN=TeliaSonera Root CA v1, O=TeliaSonera
thawteclass3
-
-
OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
-
-
|
A1:DB:63:93:91:6F:17:E4:18:55:09:40:04:15:C7:02:40:B0:AE:6B
-
-
|
@@ -1986,22 +1476,16 @@ A1:DB:63:93:91:6F:17:E4:18:55:09:40:04:15:C7:02:40:B0:AE:6B
thawteprimaryrootcag2 \[jdk\]
-
-
CN=thawte Primary Root CA - G2, OU="\(c\) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US
-
-
|
AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12
-
-
|
@@ -2009,22 +1493,16 @@ AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12
thawteprimaryrootcag3
-
-
CN=thawte Primary Root CA - G3, OU="\(c\) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
-
-
|
F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2
-
-
|
@@ -2032,22 +1510,16 @@ F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2
thawteprimaryrootcag4
-
-
CN=thawte Primary Root CA - G4, OU="\(c\) 2012 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
-
-
|
FA:7C:FB:B2:47:42:77:63:43:1B:7E:6D:75:81:2A:49:CC:8D:30:E4
-
-
|
@@ -2055,22 +1527,16 @@ FA:7C:FB:B2:47:42:77:63:43:1B:7E:6D:75:81:2A:49:CC:8D:30:E4
thawteroot
-
-
CN=thawte Primary Root CA, OU="\(c\) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
-
-
|
91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81
-
-
|
@@ -2078,22 +1544,16 @@ CN=thawte Primary Root CA, OU="\(c\) 2006 thawte, Inc. - For authorized use only
ttelesecglobalrootclass2ca \[jdk\]
-
-
CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
-
-
|
59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9
-
-
|
@@ -2101,22 +1561,16 @@ CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterpri
ttelesecglobalrootclass3ca \[jdk\]
-
-
CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
-
-
|
55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1
-
-
|
@@ -2124,22 +1578,16 @@ CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterpri
twcaglobalrootca \[jdk\]
-
-
CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW
-
-
|
9C:BB:48:53:F6:A4:F6:D3:52:A4:E8:32:52:55:60:13:F5:AD:AF:65
-
-
|
@@ -2147,22 +1595,16 @@ CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW
usertrusteccca \[jdk\]
-
-
CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
-
-
|
D1:CB:CA:5D:B2:D5:2A:7F:69:3B:67:4D:E5:F0:5A:1D:0C:95:7D:F0
-
-
|
@@ -2170,22 +1612,16 @@ D1:CB:CA:5D:B2:D5:2A:7F:69:3B:67:4D:E5:F0:5A:1D:0C:95:7D:F0
usertrustrsaca \[jdk\]
-
-
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
-
-
|
2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E
-
-
|
@@ -2193,22 +1629,16 @@ CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City
verisignclass1\_g1
-
-
OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
-
-
|
90:AE:A2:69:85:FF:14:80:4C:43:49:52:EC:E9:60:84:77:AF:55:6F
-
-
|
@@ -2216,22 +1646,16 @@ OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
verisignclass2\_g2
-
-
OU=VeriSign Trust Network, OU="\(c\) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
-
-
|
B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
-
-
|
@@ -2239,22 +1663,16 @@ B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
verisignclass3\_g1
-
-
OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
-
-
|
74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
-
-
|
@@ -2262,22 +1680,16 @@ OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
verisignclass3\_g2
-
-
OU=VeriSign Trust Network, OU="\(c\) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
-
-
|
85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F
-
-
|
@@ -2285,22 +1697,16 @@ OU=VeriSign Trust Network, OU="\(c\) 1998 VeriSign, Inc. - For authorized use on
verisignclass3\_g3
-
-
CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="\(c\) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
-
-
|
13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
-
-
|
@@ -2308,22 +1714,16 @@ CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="\(c\) 1999
verisignclass3\_g5
-
-
CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="\(c\) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
-
-
|
4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5
-
-
|
@@ -2331,22 +1731,16 @@ CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="\(c\) 2006
verisignclass3g4ca \[jdk\]
-
-
CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="\(c\) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
-
-
|
22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A
-
-
|
@@ -2354,22 +1748,16 @@ CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="\(c\) 2007
verisignroot
-
-
CN=VeriSign Universal Root Certification Authority, OU="\(c\) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
-
-
|
36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54
-
-
|
@@ -2377,22 +1765,16 @@ CN=VeriSign Universal Root Certification Authority, OU="\(c\) 2008 VeriSign, Inc
workplaceca
-
-
CN=mySAP.com Workplace CA \(dsa\), O=mySAP.com Workplace, C=DE
-
-
|
A1:7D:8B:51:8A:8F:BB:DE:A5:00:C8:1E:96:12:26:16:32:4A:34:C0
-
-
|
@@ -2400,22 +1782,16 @@ A1:7D:8B:51:8A:8F:BB:DE:A5:00:C8:1E:96:12:26:16:32:4A:34:C0
xrampglobalca \[jdk\]
-
-
CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US
-
-
|
B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6
-
-
|
diff --git a/docs/60-security-neo/using-an-sap-system-as-an-on-premise-user-store-71fdf1c.md b/docs/60-security-neo/using-an-sap-system-as-an-on-premise-user-store-71fdf1c.md
index 06d7c9c..0b88fe9 100644
--- a/docs/60-security-neo/using-an-sap-system-as-an-on-premise-user-store-71fdf1c.md
+++ b/docs/60-security-neo/using-an-sap-system-as-an-on-premise-user-store-71fdf1c.md
@@ -55,22 +55,16 @@ The properties are the following:
System Property
-
-
Value
-
-
|
Description
-
-
|
@@ -78,22 +72,16 @@ Description
`com.sap.cloud.security.um.user_provider_name`
-
-
*onpremise*
-
-
|
This property specifies what user provider the application VM uses.
-
-
|
@@ -101,22 +89,16 @@ This property specifies what user provider the application VM uses.
`com.sap.cloud.security.um.destination_name`
-
-
**
-
-
|
This property specifies the destination used by the on-premise user provider for the connection to the on-premise system. For more information about the destination, see [Managing Destinations](https://help.sap.com/viewer/b865ed651e414196b39f8922db2122c7/Cloud/en-US/e4f1d97cbb571014a247d10f9f9a685d.html "") :arrow_upper_right:.
-
-
|
@@ -192,22 +174,16 @@ You have to set the following properties for the destination of the cloud applic
Destination Property
-
-
Value
-
-
|
Description
-
-
|
@@ -215,22 +191,16 @@ Description
Name
-
-
**
-
-
|
The name of the destination must match with the value of system property `com.sap.cloud.security.um.destination_name`.
-
-
|
@@ -238,22 +208,16 @@ The name of the destination must match with the value of system property `com.sa
Type
-
-
*HTTP*
-
-
|
For more information, see [HTTP Destinations](https://help.sap.com/viewer/b865ed651e414196b39f8922db2122c7/Cloud/en-US/b068356dd7c34cf7ad6b6023deeb317d.html "") :arrow_upper_right:.
-
-
|
@@ -261,22 +225,16 @@ For more information, see [HTTP Destinations](https://help.sap.com/viewer/b865ed
URL
-
-
*https:// < AS Java Host\>:/scim/v1/* Or *http:// :/scim/v1/*
-
-
|
The URL to the on-premise AS Java system if it is exposed via reverse proxy. Or in case the on-premise systems is exposed via HANA Cloud Connector the virtual URL configured in Cloud Connector. In this case, the configured protocol should be http as the connectivity service is using secure tunneling to the on-premise system.
-
-
|
@@ -284,15 +242,11 @@ The URL to the on-premise AS Java system if it is exposed via reverse proxy. Or
Proxy Type
-
-
*Internet* or *OnPremise*
-
-
|
@@ -314,22 +268,16 @@ Proxy Type
Authentication
-
-
|
*BasicAuthentication* or *ClientCertificateAuthentication*
-
-
|
For the configuration of such an authentication, you need to specify the credentials of the service user from the on-premise system. For more information about the destination configuration, see [HTTP Destinations](https://help.sap.com/viewer/b865ed651e414196b39f8922db2122c7/Cloud/en-US/b068356dd7c34cf7ad6b6023deeb317d.html "") :arrow_upper_right:.
-
-
|
@@ -337,22 +285,16 @@ For the configuration of such an authentication, you need to specify the credent
User
-
-
**
-
-
|
This property is used for basic authentication only, and it specifies the name of the service user in the on-premise AS Java system.
-
-
|
@@ -360,22 +302,16 @@ This property is used for basic authentication only, and it specifies the name o
Password
-
-
**
-
-
|
This property is used for basic authentication only, and it specifies the service user's password.
-
-
|
diff --git a/docs/60-security-neo/using-custom-header-protection-3756f3f.md b/docs/60-security-neo/using-custom-header-protection-3756f3f.md
index d637c29..5c7d618 100644
--- a/docs/60-security-neo/using-custom-header-protection-3756f3f.md
+++ b/docs/60-security-neo/using-custom-header-protection-3756f3f.md
@@ -34,36 +34,26 @@ To better illustrate the mechanism we’ll use an example web application exposi
Number
-
-
Exposed with HTTP methods
-
-
|
REST API
-
-
|
Description
-
-
|
Type
-
-
|
@@ -71,36 +61,26 @@ Type
1
-
-
GET
-
-
|
/services/list
-
-
|
Prints customers list in the output.
-
-
|
non-modifying
-
-
|
@@ -108,36 +88,26 @@ non-modifying
2
-
-
POST
-
-
|
/services/customers/removeCustomer
-
-
|
Removes the first item from the customers list.
-
-
|
modifying
-
-
|
@@ -145,36 +115,26 @@ modifying
3
-
-
POST
-
-
|
/services/customers/addCustomer
-
-
|
Adds a customer to the customers list.
-
-
|
modifying
-
-
|
diff --git a/docs/60-security-neo/using-microsoft-active-directory-as-an-on-premise-user-store-28a03e4.md b/docs/60-security-neo/using-microsoft-active-directory-as-an-on-premise-user-store-28a03e4.md
index f503778..9656d3b 100644
--- a/docs/60-security-neo/using-microsoft-active-directory-as-an-on-premise-user-store-28a03e4.md
+++ b/docs/60-security-neo/using-microsoft-active-directory-as-an-on-premise-user-store-28a03e4.md
@@ -45,22 +45,16 @@ The properties are the following:
System Property
-
-
Value
-
-
|
Description
-
-
|
@@ -68,22 +62,16 @@ Description
`com.sap.cloud.security.um.user_provider_name`
-
-
*onpremise*
-
-
|
This property specifies what user provider the application VM uses.
-
-
|
@@ -91,22 +79,16 @@ This property specifies what user provider the application VM uses.
`com.sap.cloud.security.um.destination_name`
-
-
**
-
-
|
This property specifies the destination used by the on-premise user provider for the connection to the on-premise system. For more information about the destination, see [Managing Destinations](https://help.sap.com/viewer/b865ed651e414196b39f8922db2122c7/Cloud/en-US/e4f1d97cbb571014a247d10f9f9a685d.html "") :arrow_upper_right:.
-
-
|
diff --git a/docs/70-getting-support-neo/operating-model-in-the-neo-environment-07f4683.md b/docs/70-getting-support-neo/operating-model-in-the-neo-environment-07f4683.md
index df5e3ab..0864c5d 100644
--- a/docs/70-getting-support-neo/operating-model-in-the-neo-environment-07f4683.md
+++ b/docs/70-getting-support-neo/operating-model-in-the-neo-environment-07f4683.md
@@ -31,29 +31,21 @@ The responsibilities for operating the Neo environment are listed in the service
Process
-
-
Task
-
-
|
SAP
-
-
|
Customer
-
-
|
@@ -61,15 +53,11 @@ Customer
Communication Management
-
-
Appoint an English-speaking contact person and communicate the name to SAP. This is required to ensure timely processing of configuration change requests affecting the customer system, interacting with SAP for efficient incident processing, and other interaction between SAP and the customer.
-
-
|
@@ -80,8 +68,6 @@ Appoint an English-speaking contact person and communicate the name to SAP. This
x
-
-
|
@@ -89,8 +75,6 @@ x
Subscribe to the communication channels offered by SAP for receiving prompt information about any service disruptions, critical maintenance activities affecting the customer system, and change requests requiring action on the customer side.
-
-
@@ -101,8 +85,6 @@ Subscribe to the communication channels offered by SAP for receiving prompt info
x
-
-
|
@@ -110,15 +92,11 @@ x
Inform the customer about service disruptions and critical maintenance activities affecting the customer system.
-
-
x
-
-
|
@@ -131,22 +109,16 @@ x
Asset Management
-
-
|
Management of the hardware and infrastructure resources in the region, from acquisition through disposal. This includes the request and approval process, procurement management, life-cycle management, and disposal management.
-
-
|
x
-
-
|
@@ -159,15 +131,11 @@ x
Protect IT assets such as systems, network, and data from threats that arise from unauthorized physical access or physical influence on those assets.
-
-
|
x
-
-
|
@@ -180,22 +148,16 @@ x
Provisioning
-
-
|
Provisioning of resources and systems to customers in accordance with the ordered package and subscriptions. This includes the allocation and provisioning of technical \(physical and virtual\) resources, such as storage, network, compute units, systems, and database hosts, the deployment of the SAP application software and the proper initial configuration of quotas, service subscriptions, permissions, and trust configuration.
-
-
|
x
-
-
|
@@ -208,8 +170,6 @@ x
Provide quota according to the ordered package and subscriptions that can be used to enable resources and services \(for example, subscribing to a service\).
-
-
|
@@ -220,8 +180,6 @@ Provide quota according to the ordered package and subscriptions that can be use
x
-
-
|
@@ -229,22 +187,16 @@ x
Change Management
-
-
Apply regular product increments, as well as corrections to the infrastructure, systems, and services to avoid incidents with minimal possible disruption of normal operations. Ensure that all platform changes \(such as updates of the Java runtime or operating system patches, but not of the customer applications\) are evaluated, authorized, prioritized, planned, tested, implemented, documented, and reviewed prior to implementation.
-
-
|
x
-
-
|
@@ -257,15 +209,11 @@ x
Perform updates of the infrastructure, systems, and services in a bi-weekly cycle if required. Respectively, for selected services \(such as SAP HANA and SAP ASE\), offer self-services for applying controlled updates of new versions. Emergency changes, for example, triggered by Incident Management processes, have accelerated testing, approval, and implementation.
-
-
|
x
-
-
|
@@ -292,8 +240,6 @@ x
x
-
-
|
@@ -306,8 +252,6 @@ x
Adopt the latest patches or updates via the available self-services and by restarting applications when necessary. For example, when a security issue arises.
-
-
|
@@ -318,8 +262,6 @@ Adopt the latest patches or updates via the available self-services and by resta
x
-
-
|
@@ -327,22 +269,16 @@ x
Incident Management
-
-
Process incidents reported by the customer according to the Service Level Agreement. The incident is recorded and prioritized in the incident tracking system \(BCP\). Monitor the status and progress of the incident throughout its whole lifecycle and give regular status updates to the customer.
-
-
|
x
-
-
|
@@ -355,8 +291,6 @@ x
In the event of incidents, make reasonable effort to support end users and manage their incidents, to explore self-help tools to find already documented solutions, and to liaise with SAP support in the event of new problems to ensure timely processing of incidents affecting the resources in the customer account.
-
-
|
@@ -367,8 +301,6 @@ In the event of incidents, make reasonable effort to support end users and manag
x
-
-
|
@@ -376,8 +308,6 @@ x
Confirm incident resolution in the incident tracking system \(BCP\).
-
-
@@ -388,8 +318,6 @@ Confirm incident resolution in the incident tracking system \(BCP\).
x
-
-
|
@@ -397,22 +325,16 @@ x
Service Requests
-
-
Process service requests reported by the customer according to the Service Level Agreement. The service request is recorded and prioritized in the service request tracking system \(BCP\). Monitor the status and progress of the service request throughout its whole lifecycle and give regular status updates to the customer.
-
-
|
x
-
-
|
@@ -425,8 +347,6 @@ x
Confirm service request completion in the service request tracking system \(BCP\).
-
-
|
@@ -437,8 +357,6 @@ Confirm service request completion in the service request tracking system \(BCP\
x
-
-
|
@@ -446,22 +364,16 @@ x
Backup & Restore
-
-
Perform a backup of the database systems hosted in the subaccount. A database log backup is done every 10 minutes and stored on the primary storage. Every 2 hours the logs are transferred from primary to secondary storage. Full data backup is done every day.
-
-
|
x
-
-
|
@@ -474,15 +386,11 @@ x
Restore previously backed-up data to recover to a consistent state. Verify the completeness of the restored data based on log files created during the recovery and smoke tests to verify the system’s consistency.
-
-
|
x
-
-
|
@@ -495,15 +403,11 @@ x
Give regular status updates to the customer throughout the entire restore procedure.
-
-
|
x
-
-
|
@@ -516,8 +420,6 @@ x
Collaborate with SAP to ensure timely processing of data restores if required.
-
-
|
@@ -528,8 +430,6 @@ Collaborate with SAP to ensure timely processing of data restores if required.
x
-
-
|
@@ -537,8 +437,6 @@ x
Validate logical integrity and consistency of the restored data.
-
-
@@ -549,8 +447,6 @@ Validate logical integrity and consistency of the restored data.
x
-
-
|
@@ -558,15 +454,11 @@ x
User Access Management
-
-
Manage users, permissions, and security configurations within the subaccount.
-
-
|
@@ -577,8 +469,6 @@ Manage users, permissions, and security configurations within the subaccount.
x
-
-
|
@@ -586,22 +476,16 @@ x
System Monitoring
-
-
Ensure availability of the customer system according to the Service Level Agreements as agreed in the contractual agreement between SAP and the customer, by active monitoring, prompt issue detection, and incident prevention.
-
-
|
x
-
-
|
@@ -614,15 +498,11 @@ x
Monitor the resource consumption \(memory, CPU, storage\) to detect issues in technical operations.
-
-
|
x
-
-
|
@@ -635,22 +515,16 @@ x
Malware Management
-
-
|
Ensure that the infrastructure and platform services are free of viruses, spam, spyware, and other malicious software. If malware is detected, an auto-notification is generated, which is assessed and resolved by the operator.
-
-
|
x
-
-
|
@@ -663,15 +537,11 @@ x
Application Management
-
-
|
Design, develop, deploy, configure, maintain, and operate the application within the subaccount. This includes maintaining a staged environment for application delivery \(if required\), application resource management, and managing application availability and performance.
-
-
|
@@ -682,8 +552,6 @@ Design, develop, deploy, configure, maintain, and operate the application within
x
-
-
|
@@ -691,15 +559,11 @@ x
Provide infrastructure, tools, and application programming interfaces for the lifecycle management and operations of the application in the subaccount.
-
-
x
-
-
|
@@ -712,8 +576,6 @@ x
Regularly adopt the latest versions of the tools for lifecycle management and operations offered at the [SAP Development Tools site](https://tools.hana.ondemand.com/).
-
-
|
@@ -724,8 +586,6 @@ Regularly adopt the latest versions of the tools for lifecycle management and op
x
-
-
|
@@ -733,22 +593,16 @@ x
Network Management
-
-
Manage the network isolation of the subaccounts provisioned to the customer.
-
-
|
x
-
-
|
@@ -761,15 +615,11 @@ x
Operate the network infrastructure transparently for customers, ensuring elasticity, high availability, and security.
-
-
|
x
-
-
|
@@ -782,8 +632,6 @@ x
Create and manage own Web domain for the application in the subaccount to ensure data isolation.
-
-
|
@@ -794,8 +642,6 @@ Create and manage own Web domain for the application in the subaccount to ensure
x
-
-
|
@@ -803,15 +649,11 @@ x
Penetration Testing
-
-
Inform SAP about any penetration testing that shall be performed for the customer account and ask for their approval. Testing is not allowed on any resources shared with other customers. The results, if any, from the test are to be treated strictly as the confidential information of SAP and the customer are not to be shared with any person or entity without explicit written authorization from SAP. Customers are required to share the results with SAP and work together with SAP operations to mitigate or remedy any security issues.
-
-
|
@@ -822,8 +664,6 @@ Inform SAP about any penetration testing that shall be performed for the custome
x
-
-
|
@@ -831,22 +671,16 @@ x
Decommissioning
-
-
Ensure the secure deletion of data and/or hardware disposal. This includes the disassembling of systems along with peripherals and their removal from the region. Before dismantling and handover for further use or return to the vendor, the data is wiped securely from the system.
-
-
|
x
-
-
|
diff --git a/docs/70-getting-support-neo/providing-details-for-database-problems-in-the-neo-environment-7474922.md b/docs/70-getting-support-neo/providing-details-for-database-problems-in-the-neo-environment-7474922.md
index 155fb08..a499f09 100644
--- a/docs/70-getting-support-neo/providing-details-for-database-problems-in-the-neo-environment-7474922.md
+++ b/docs/70-getting-support-neo/providing-details-for-database-problems-in-the-neo-environment-7474922.md
@@ -23,29 +23,21 @@ If your problem is related to a database, the details you need to provide differ
Environment
-
-
|
Infrastructure Provider
-
-
|
Details You Need to Provide
-
-
|
How to Find the Details You Need
-
-
|
@@ -53,29 +45,21 @@ How to Find the Details You Need
Neo
-
-
SAP regions
-
-
|
Region and global account name
-
-
|
In the cockpit, open the affected subaccount, and copy the URL.
-
-
|
@@ -83,8 +67,6 @@ In the cockpit, open the affected subaccount, and copy the URL.
The database or schema ID
-
-
diff --git a/docs/70-getting-support-neo/support-components-08d1103.md b/docs/70-getting-support-neo/support-components-08d1103.md
index acc0969..bea6d48 100644
--- a/docs/70-getting-support-neo/support-components-08d1103.md
+++ b/docs/70-getting-support-neo/support-components-08d1103.md
@@ -32,15 +32,11 @@ A list of support components for SAP BTP services and tools. Filter for the serv
Name
-
-
|
Support Component
-
-
|
@@ -48,8 +44,6 @@ Support Component
SAP BTP Cockpit
-
-
@@ -59,8 +53,6 @@ BC-CP-CPT \[Feature Set B\]
BC-CP-CF-CPT \[Cloud Foundry environment UI\]
-
-
|
@@ -68,15 +60,11 @@ BC-CP-CF-CPT \[Cloud Foundry environment UI\]
SAP BTP Command Line Interface
-
-
BC-CP-TOOLS-CLI
-
-
|
@@ -84,15 +72,11 @@ BC-CP-TOOLS-CLI
SAP BTP Console Client
-
-
BC-NEO-CMDTOOL
-
-
|
@@ -100,15 +84,11 @@ BC-NEO-CMDTOOL
SAP UI Development Toolkit for HTML5 \(SAPUI5\)
-
-
CA-WDE
-
-
|
@@ -116,15 +96,11 @@ CA-WDE
SDK for SAP BTP, Neo Environment
-
-
BC-NEO-SDK
-
-
|
@@ -132,15 +108,11 @@ BC-NEO-SDK
SAP HANA Cockpit 2.0
-
-
HAN-CLS-CPT
-
-
|
@@ -156,15 +128,11 @@ HAN-CLS-CPT
Name
-
-
Support Component
-
-
|
@@ -172,15 +140,11 @@ Support Component
Deployment \(Neo Environment\)
-
-
BC-NEO-DPL
-
-
|
@@ -188,15 +152,11 @@ BC-NEO-DPL
Deployment \(Cloud Foundry Environment\)
-
-
BC-XS-SL-DS
-
-
|
@@ -212,15 +172,11 @@ BC-XS-SL-DS
Name
-
-
Support Component
-
-
|
@@ -228,15 +184,11 @@ Support Component
Infrastructure \(Neo environment\)
-
-
BC-NEO-IT-NW
-
-
|
@@ -244,15 +196,11 @@ BC-NEO-IT-NW
SAP Cloud Management Service
-
-
BC-NEO-CIS
-
-
|
@@ -260,15 +208,11 @@ BC-NEO-CIS
SAP Usage Data Management Service
-
-
BC-NEO-MET-REP
-
-
|
@@ -276,8 +220,6 @@ BC-NEO-MET-REP
SAP Audit Log service
-
-
@@ -285,8 +227,6 @@ BC-NEO-AUDITLOG \(Neo environment\)
BC-CP-CF-SEC-AUDITLG \(Cloud Foundry environment\)
-
-
|
@@ -294,15 +234,11 @@ BC-CP-CF-SEC-AUDITLG \(Cloud Foundry environment\)
SAP Streaming Analytics
-
-
HAN-SDS
-
-
|
@@ -310,8 +246,6 @@ HAN-SDS
SAP Cloud Application Programming Model \(CAP\)
-
-
@@ -325,8 +259,6 @@ BC-XS-CDX-NJS \(Node.js Runtime\)
BC-XS-CDX-TLS \(Tools, IDEs, Build, Deployment\)
-
-
|