Skip to Content
avatar image
Former Member

SSO not working for crm web ui

Hi ,

I have configured SSO2 SP3 in our landscape using X.509 certificate.

SSO is working fine for ABAP systems but in crm system when i am executing transaction /ncrm_ui browser is asking for credentials or clicking on ITS url it is asking for credentials. I cleared the cache of browser and close all open session, then again i again try the same ,it is asking for credentials again.

Steps :

1. Secure Logon server is installed on portal NW 7.31 (Linux x86_64).

2. Secure login client is installed on client desktop(Windows 7)

3. Secure Login Library imported in ABAP system(ECC and CRM), path /usr/sap/<SID>/DVEBMGSxx/SLL

4. We are using latest commoncryptolib version 8.4.21, patch 8421 and JCE policy files downloaded from Oracle.

5. In client authentication profile we are using LDAP server authentication and LDAP server destination is maintained

6. For service user in LDAP SPN is maintained.

Parameters for CRM system(HPUX-IA64 11.31):

snc/identity/as = p:CN=SID, OU=SAP Web AS, O=SAP Trust Community, C=DE

snc/gssapi_lib = /usr/sap/SID/DVEBMGS11/SLL/libsapcrypto.sl

snc/enable = 1

snc/data_protection/min = 2

snc/data_protection/max = 3

snc/data_protection/use = 3

snc/accept_insecure_gui = 1

snc/accept_insecure_rfc = 1

snc/accept_insecure_cpic = 1

snc/permit_insecure_start = 1

snc/r3int_rfc_qop = 8

snc/r3int_rfc_secure = 0

snc/force_login_screen = 0

login/accept_sso2_ticket = 1

login/create_sso2_ticket = 2

In trace i have found that logon ticket is not generating and myssocnlt cookie is also not generating .But if i check transaction /nsso2 in my crm system everythings looks fine.

I have attached the document of SSO2 which we have used for configuration and trace when we are executing /ncrm_ui transaction

I have also refered Note 612670 and made changes accordingly but still no success , again it is asking for credentials.

Please help in resolving this issue.

Thanks,

SSO2_2.jpg (223.9 kB)
SSO2_1.jpg (227.0 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Jul 17, 2014 at 02:31 PM

    Hello Singhal,

    have you checked the important prerequisite from the SAP Note mentioned by you?

    "....this SSO support exists only for BSP applications (general: ICF applications) that run on the same logical ABAP system (= same client of a Web Application Server ABAP)...."


    is this true for your implementation?

    There are also some constraints mentioned in the same note...

    Best regards,

    Donka Dimitrova

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jul 17, 2014 at 04:24 PM

    Hi Donka,

    Yes its true in our implementation. On browser we are login into same client as in ABAP system.

    Thanks,

    Add comment
    10|10000 characters needed characters exceeded

    • Hello Sorabh,

      Considering the fact that there are too many prerequisites and constraints you consider and still you face the issue, my advice would be to post an official CSS message and to request for support.

      Best regard,

      Donka Dimitrova

  • avatar image
    Former Member
    Mar 18, 2015 at 10:18 PM

    Have you checked before you execute /ncrm_ui your SAP User GUI "parameters tab" ?

    First execute SU3 to check and/or set your User Parameters. Typically, parameter profiles as required input before executing transaction CRM_UI

    Add comment
    10|10000 characters needed characters exceeded