Presently we (Integration developers) are able to send IDOC messages from Windows client system to SAP using below SNC configuration and Kerberos:
SNC_MODE=1
SNC_PARTNERNAME=p/krb5:mst@CORP.COM
SNC_MYNAME=p:test@CORP.COM
SNC_LIB=G:\Projects\SAP_SNCEncryption\gx64krb5.dll
SNC_QOP=9
However now, there is a need to access the same SAP system using X.509 Certificate and below SNC configuration:
SNC_MODE=1
SNC_PARTNERNAME=p:CN=mst, OU=CORP
SNC_MYNAME=p:CN=test, OU=CORP
SNC_LIB=G:\Projects\SAP_SNCEncryption\sapcrypto.dll
SNC_QOP=9
May I know how to achieve secure logon using either Kerberos or Certificate, based on client SNC configurations? Intent is to retain the existing SPN identity (p:test@CORP.COM) of many Windows client system/user accessing SAP using Kerberos, and in parallel allow new Windows client systems to access SAP using X.509 Certificate using new SPN identity (p:CN=test, OU=CORP).