Hi, the SAP CommonCryptoLib must not be used in Single Sign-On scenarios without the need to acquire the SAP Single Sign-On 3.0 solution from SAP. Same applies for the "special" implementation and function-reduced variant SNC Client Encryption, where the same SNC library may be used on your ECC backend - but you are not allowed to combine SNC from client (SAP GUI) to server with SAP Login Tickets, even though it is technically possible to operate such a scenario. Not talking here about any other 3rd party SNC library implementation, not officially supported by SAP SE.

As soon as you drive SAP GUI with SNC, according to the standard, authentication should be done by standardized security token such as Kerberos Tickets or X.509 certificates.

See SAP Note 2117110: Recommendation to Replace SAP Logon Tickets with SAP Single Sign-On Solution.

Regards,

Carsten

Hi - I don't believe there is any issue here. Logon tickets will use the System PSE (accessed via transaction STRUSTSSO2) and not the SNC PSE therefore there is no conflict between the two mechanisms. Remember SAP Single Sign On uses the same crypto library SAPCommoncryptolib that is used as standard in the ABAP server.

Regards,

Chris

I looked at this https://archive.sap.com/discussions/thread/1360538 answer from Tim Alsop, but does not directly answer the question.