GUI encryption without sso

430 Views Last edit Apr 11, 2018 at 07:04 PM 2 rev

Hello,

I'm working on encryption between SAP-GUI and Application-Server, uses Keberos.

I don't want to use sso.

Here a list what I have done so far.

Could you read this an advise what's wrong in Setup or what is missing.

Thanks in advance

Reinhard

0) Create SNC-User SAP/snc-ce-user ( checked with: setspn - Q )

1) Create Kerberos PSE

sapgenpse keytab -p $SECUDIR/SAPSNCSKERB.pse -a SNC-CE-USER@xxxx.yyyy

-y Password

2) Create SNC SAPCRYPTOLIB

4) After step 1) and 2) there are two files in /usr/sap/$sid/DEVBMGSxx/sec

5) sapgenpse seclogin -p $SECUDIR/SAPSNCSKERB.pse -x PW -O SAPServiceSRD

6) Installation of SNC Client Encryption 2.0

7) Settings in GUI

8) System Parameter

snc/r3int_rfc_secure 0

snc/r3int_rfc_qop 8

snc/data_protection/min 1

snc/data_protection/use 1

snc/accept_insecure_cpic 1

snc/accept_insecure_gui 1

snc/accept_insecure_rfc 1

snc/enable 1

snc/permit_insecure_start 1

snc/data_protection/max 3

snc/gssapi_lib $(SAPCRYPTOLIB)

RE-START SAP OK

BUT GOT an GUI ERROR

Activated Securtiy Trace. Seems to be ok.

d

Attachments

picture-0.jpg (54.7 kB)

picture-2.jpg (12.2 kB)

picture-4.jpg (49.6 kB)

picture.jpg (12.9 kB)

picture-5.jpg (39.6 kB)

picture-6.jpg (24.5 kB)

picture-7.jpg (49.1 kB)

picture-1.jpg (39.0 kB)