We are finally setup correctly.
Jan, I just wish my username was something I could remember. I access SAP from several computers, so while the "single sign-on" certificate is nice, once set up, I still have to store my S-UserId somewhere, so I can look it up (actually single sign-on makes it even easier to forget your S-UserId, when you have to access the site from a new computer). Why not just use the individual's email address? Aren't those also unique? You can still use that S-UserID in the database to tie everything together, but let me log in with my email address. Just a thought.