Fix for Safari on Mac: Client Certificate no longer accepted, or slow authentication…

Now this is a very annoying behavior I’ve observed with Safari on Mac and accessing a variety of SAML2 protected sites – while other browsers such as Chrome don’t appear to have that problem. The authentication process may just hang, or also fail with an uninformative cookie error.

Ultimately, what helps is this: Search Keychain for “” – there’s probably one certificate starting with that name and having a longer extension:


You will see other certificates depending on it. Delete that certificate, at which point the others will show up as no longer valid:


Delete those too. You don’t even need to restart your browser. Just go back to the site where the authentication was not working, and refresh the page. It should work now.

By mnott on 2017/04/03 | Computer, Hacks, SAP | A comment?

Workaround for Lync Issues opening the Skype for Business application on IOS

I’ve been struggling with Lync (Skype for Business) issues this morning. Both iPhone and iPad suddenly no longer opened the Skype for Business application when clicking on a Lync link. So for example, a calendar invite may contain something like this:

Read more…

By mnott on 2016/10/26 | Computer, Hacks, SAP | A comment?

SAP Top Talent Fellow 2011

And here – as it arrived the same day – is the certificate that I was assigned SAP Top Talent in 2011 (actually, both in 2010 and 2011). My task was to develop ways to improve the SAP Labs Communication, working for our Chief Communication Officer.


By mnott on 2011/08/18 | SAP | A comment?

Installation Prerequisites for a normal AIX Installation of XIR3.1

I cannot remember how many times I’ve come on to projects, where though we were told that everything was in place so that we could directly start installing, in fact nothing was in place, no-one was available, and we just lost a lot of time. So, once and for all, here is my list of prerequisites that you please check to see whether you’ve executed all of them, before we come on site.

0. Make sure that you did upgrade your system according to the “Supported Platforms Guide” for your environment.

1. Have available a list of people that may help for the installation. Namely, these are a system administrator for the Unix system with root rights, and a dba who has dba rights on the database. Make sure these people are there and available and willing to help.

2. If you use Oracle as repository database for XI, make sure that you have created two users that are going to hold our repository and auditing schemas; so for example:

Make sure that your database server and client are set up to use Unicode character encoding.

3. Create the Unix user, say, bo, for the installation and set the bo user’s locale (LANG and LC_ALL) to one of the supported locales found in the Business Objects Enterprise platform documentation.

4. Create a directory like /opt/bo underneath which the user bo has full rights and make sure that this directory has 20 GB of space available.

5. As far as ulimits are concerned, the bo user must have all set to “unlimited”, except for core and nofiles.

6. Make sure, as a root user, that the available environment variable space is sufficient:

7. Check the previous settings like:

8. Make sure that the Oracle client (or other client if you use another database) is installed, and that the environment of the user bo is set up such that he can connect to the database:

9. Have all the installation CDs or archives already copied and extracted onto some space on that system in a directory where the bo user has read access to.

10. The previous point also applies to any fixpacks that may have come out.

12. Make sure that you have all the installation keys that you require.

13. Again, make sure that you in fact do have all the installation keys that you require!

14. Have a workstation PC with Windows XP SP2, 20 GB disk space, 2 GB RAM, local admin rights, allowed access to memory stick and internet (proxy is o.k.), available.

15. Have on that PC a copy of putty and have verified that with that ssh client you can access the target Unix System as user bo.

16. If you are going to install the SAP integration pack, have executed all steps on the SAP side of the game (import of transports, etc.). Have an SAP person (from SAP or from your team) available to check these settings and to configure the integration pack once we’ve installed it.

17. Have available a list of things that you want to check to define that the system is working as expected. If you do not have such a list, we’re going to assume that – according to your licenses – the execution of one of our sample reports for each report type that you have a license for is sufficient.

Please make sure that you follow through this checklist very closely. Do not hesitate to ask us. Ask us rather before we come on site and everyone gets very annoyed as things are not in place.

By mnott on 2009/01/29 | SAP | A comment?

Architectural Thoughts

Since the acquisition of Business Objects by SAP I’ve the pleasure to meet a substantial number of customers who have their SAP systems in place and want to add Business Objects Enterprise basically as an add-on onto the hardware they’re running SAP on. From their perspective, Business Objects is just an add-on to SAP, so why should it not be installed on the same hardware as any the SAP System?

Throughout this blog I’m going to collect some architectural thoughts about these and other issues, and I’ll keep them pretty short (as the blog is fed through my BlackBerry).

Now here’s the first, more architectural answer: Business Objects is a reporting environment that sees the SAP BW system as a data source just as any other data source it may take its data from. Just as you’d not exactly want to install Business Objects Enterprise on your Oracle Database server – already for availability reasons – it is likewise architecturally questionable to install Business Objects Enterprise on the SAP system.

The second answer is about performance: A Business Objects Enterprise System may likely be used by a large number of people to do ad hoc reporting. If this is the case, it can have a substantial performance impact. This is why Business Objects (should I say, Crystal) Enterprise was designed in a way that it can be spread across multiple boxes in order to balance the load and improve the availability.

Putting all on one box, alongside a system that may serve completely different purposes, does not sound, well, exactly clever.

Sales people think of Business Objects as an add-on that they can up sell. Technical people should think in different terms – from an architecture as well as from a performance perspective.


By mnott on | SAP | A comment?