cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Single Sign On - Kerberos And X.509

Go to solution
archandak
Explorer

on ‎03-25-2017 3:55 PM

0 Kudos

We are trying to implement SAP Single Sign On and SNC Client Encryption as follows:

A limited number of users will use Single Sign On with an Entrust token.

All other users will use passwords, but with SNC client Encryption.

We have successfully implemented both features, but are running into the following problem.

For the users who will use SNC client encryption only, we set the SAP Logon Entry SNC name as p:CN=SAPServiceXXX.

However, when the backend system also has the X.509 configuration enabled, the SNC name in the SAP logon gets automatically updated to the corresponding X.509 name and the SNC client encryption fails.

How can we prevent the automatic change of the SNC name ?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Colt
Active Contributor
‎03-30-2017 2:13 PM

Hi Avinash,

you must use one SNC Name snc/identityas for both scenarios. The SNC Name in the sap logon is distributed by message server reading this parameter. just create a x.509 snc certificate from strust while keeping the name for snc client encryption. Or wait one month and use SNC Client Encryption 2.0 which is much simpler to implement and no longer only kerberos but also x.509 certificate based.

cheers,

Carsten

Show replies
Show replies

Answers (0)

Ask a Question