Skip to Content

Is it possible to configure client encryption only without SSO

Hello,

We are attempting to implement encryption of communication between a user desktop (SAPGUI/SAP NWBC) and SAP ABAP Application Server (SAP ECC 6.0 EHP7).

We have tried the following:

1. Download SAP Secure Login Library and configure it on ABAP Application Server

2. Configure it as per guide available on help.sap.com/nwsso.

3. Setup SNC on SAP ABAP server as per the guide and standard SNC parameters.

4. Download SAP SNC Client Encryption software from service.sap.com/swdc -> Installs and Upgrades ->Browse our Download Catalog -> SAP Cryptopgraphic Software -> SNC Client Encryption 1.0 -> Installation (Note : We don't have license for SAP NW Single Sign on available in the path SAP Netweaver and Complementary Products as we don't intend to use SSO).

5. Installed SAP SNC Client Encryption

6. Configured SAP Logon pad (SAP GUI 7.3 being used) entries to respond to SNC details, however checked the box which says, SNC logon with userid/password (no SSO required).

Everytime a login is attempted, we get the following in our SAPGUI trace:

*** ERROR => SncPEstablishContext() failed for target='p:CN=CT054577@xyz.com' [sncxxall.c 3386]

*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3352]

GSS-API(maj): No credentials were supplied

Unable to establish the security context

target="p:CN=CT054577@xyz.com"

<<- SncProcessOutput()==SNCERR_GSSAPI

There are couple of threads which point to similar issue, however one thread is unanswered and the other thread involves integration with Active Directory and hence may not be applicable for us. Since, we are not integrating with Active Directory (Kerberos Integration), nor do we want to use SSO, we simpy want to encrypt the communication channel between user desktop and SAP Application Server.

Not sure if we are doing the right thing and hence want to know if its possible in the first place.

Any help would be useful.

Regards,

Siddhesh


Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Best Answer
    Posted on Jul 21, 2014 at 06:53 PM

    Hi,

    The SAP client encryption library uses Kerberos, so that the Kerberos session key can be used to perform the encryption/decryption. The use of Kerberos requires a KDC (Kerberos Key Distribution Center) and Active Directory is often used as a KDC since users normally logon to their workstations using an AD user account. Do your users logon to their workstation using an AD account, or do you use some other credential store when users logon to Windows workstations ? The error message you show suggests that the user is not logged onto a domain, and this is why 'No credentials were supplied' is shown.

    Thanks

    Tim

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.