on 03-25-2017 3:55 PM
We are trying to implement SAP Single Sign On and SNC Client Encryption as follows:
A limited number of users will use Single Sign On with an Entrust token.
All other users will use passwords, but with SNC client Encryption.
We have successfully implemented both features, but are running into the following problem.
For the users who will use SNC client encryption only, we set the SAP Logon Entry SNC name as p:CN=SAPServiceXXX.
However, when the backend system also has the X.509 configuration enabled, the SNC name in the SAP logon gets automatically updated to the corresponding X.509 name and the SNC client encryption fails.
How can we prevent the automatic change of the SNC name ?
Hi Avinash,
you must use one SNC Name snc/identityas for both scenarios. The SNC Name in the sap logon is distributed by message server reading this parameter. just create a x.509 snc certificate from strust while keeping the name for snc client encryption. Or wait one month and use SNC Client Encryption 2.0 which is much simpler to implement and no longer only kerberos but also x.509 certificate based.
cheers,
Carsten
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.