Skip to Content
avatar image
Former Member

Single Sign-On with Kerberos

Hi,

Trying to configure sso with kerberos[NW SSO 2.0], followed the steps 1. Create service user in ADS 2.Copy Secure login library files to ABAP System [Unix]3.Configure SNC Profile parameters.

After the profile parameter changes, we did the application restart, but the system is not coming up and we found the following error in the trace file

  *** ERROR => DlLoadLib()==DLENOACCESS - dlopen("sncgss.so") FAILED

  "Unable to find library 'sncgss.so'."  [dlux.c       445]

N  *** ERROR => SncPDLInit()==SNCERR_INIT, Adapter #1 (sncgss.so) not loaded [sncxxdl.c  731]

Yes, the file is not available in the system, how to get the snc related files/libraries?

Regards,
Sam

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Jun 17, 2014 at 04:21 PM

    Hello Sam,

    As per the trace you've pasted, I assume that you have snc/gssapi_lib parameter set pointing to a sncgss.so (which is not the SLL library for NWSSO2.0 product).

    Therefore, first thing is to ensure that you have indeed downloaded the correct product (NWSSO2.0 -> check SAP Note 1876552) and correct point snc/gssapi_lib parameter to sapcryptolib.so.

    NOTE: Such error can occurs also if the file is not in the same path of parameter or if the user running your system has no authorization to access it.

    Best Regards,
    Guilherme de Oliveira

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Guilherme,

      Thanks for all your support, points awarded..:)

      Can you please provide some details on how to achive 2 factor authentication with nwsso?

      Regards,

      Sam

  • Jun 17, 2014 at 12:42 PM

    Hello Sam,

    In the SAP SSO 2.0 implementation guide here:

    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/70412b93-c972-3010-6a94-da49f9ba5192?QuickLink=index&overridelayout=true&58858231824548

    in chapter 4.7.2 you will be able to find the procedure for implementing SNC Kerberos Configuration.

    There is also a Note there that could be helpful "The Secure Login Library always uses a PSE file called SAPSNCSKERB.pse file for the keytab. The server does not start if the file has a different name."

    Check the implementation steps in the guide to see if you missed any.

    Best regards,

    Donka Dimitrova

    Add comment
    10|10000 characters needed characters exceeded


    • Hello Sam,

      You can try to test the Secure Login Library as described in step 5 of the procedure 4.2.3:

      "To verify Secure Login Library, use the sapgenpse command" (detils in the guide).

      If you have followed the steps 1 to 4 properly then the test will be successful and you will be able to see the path to the libsapcrypto.so (in the SLL directory). Please, make sure the extraction of the file

      SECURELOGINLIB.SAR  is performed successfully in the proper folder.

      Best regards,

      Donka Dimitrova