cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP SSO to BW

Former Member

on ‎06-24-2009 11:04 PM

0 Kudos

Our Configuration:

BOE XI 3.1 Fix Pack 1.6

CMS is one one server, Tomcat on another.

Established WinAD authentication using Kerberos

Installed and configured SAP Integration and server side trust.

Established that SAP authentication is working.

Imported roles to BOE, aliased SAP Accounts to WinAD accounts in BOE.

Set BW universe connections to use SSO.

Only works for one user, the other users get an error message "Unable to connect to SAP BW server Incomplete logon data"

All users on SAP side are present in the same roles.

As this is a development environment all users for BOE in SAP have full rights.

So, my problem is why does it work for only one user? (this suggests that the tickets are being exchanged correctly by the SAP BW server and the BOE server).

Any ideas and/or suggestions would be appreciated.

JW

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (12)

Answers (12)

Former Member
‎06-30-2009 10:50 PM
0 Kudos

Hi Ingo

I've checked the SAP Int Kit pdf and setting up client snc does not appear to be documented. I know you have provided some documentation but I cannot find it. Could you point to a url where I could download this documentation.

Thanks

Jon

Show replies
Show replies
IngoH
Active Contributor
‎07-02-2009 2:01 AM
0 Kudos

Hi Jon,

let me know if this helps:

http://ingohilgefort.blogspot.com/2009/07/businessobjects-and-snc-for-client.html

Ingo

Former Member
‎06-30-2009 3:58 AM
0 Kudos

Hi Ingo

OK. So the instructions in the SAP Integration kit PDF are somewhat light on this. Do you have something a little more helpful? Also do I need to involve a basis person to do something on the SAP/BW side?

Please provide details on the bulk aliasing, thankfully the SAP guid and WinAD guids are the same

Jon

Show replies
Show replies
IngoH
Active Contributor
‎06-30-2009 4:13 AM
0 Kudos

HI,

yes - you basically need to ensure that SNC is setup properly on the SAP Server for client authentication which in your case most likely means you need to use a different library.

the steps should be in the installation guide for the SAP Integration Kit

Ingo

Former Member
‎06-30-2009 2:33 AM
0 Kudos

Hi Ingo

- Do you want to use your SAP Credentials for achieving SSO for the BusinessObjects reports ?

Yes. By this I mean that the users SAP credentials will be transparent, it is a security layer to BW that we need.

- Do you want to use your Windows AD credentials to achieve SSO for the BusinessObjects reports ?

Yes

- What is the entry point for the initial user authentication ?

WinAD. The user opens the InfoView URL and SSO via Kerberos opens the InfoView portal. The user can then browse to a report that is using a BW universe with SSO to a BW cube. The user should be able to refresh the report data using their SAP credentials that have been aliased to their WinAD account in BOE.

BTW do you know of a utility that can do bulk aliasing? We will have about 300 users that will need to be aliased.

Jon

Show replies
Show replies
IngoH
Active Contributor
‎06-30-2009 3:49 AM
0 Kudos

Hi Jon,

so when you want to use Windows AD as the entry point that you need to configure CLIENT SIDE SNC - which is not SAP Crypto Lib.

on the mapping of Aliases I thought I did mention the registry entry earlier. The SAP Authentication has a registry entry that you can use the set the simplified usernames and assuming the usernames are identical you would then get the mapping automatically

Ingo

Former Member
‎07-21-2009 6:04 PM
0 Kudos

> 

> Hi Jon,
> 
> so when you want to use Windows AD as the entry point that you need to configure CLIENT SIDE SNC - which is not SAP Crypto Lib.
> 
> on the mapping of Aliases I thought I did mention the registry entry earlier. The SAP Authentication has a registry entry that you can use the set the simplified usernames and assuming the usernames are identical you would then get the mapping automatically
> 
> Ingo

Can you clarify the statement: "when you want to use Windows AD as the entry point that you need to configure CLIENT SIDE SNC - which is not SAP Crypto Lib.".

This is confusing because the blog you mention below says "SAP server needs to be setup for SNC and SNC library needs to be deployed on your BOE system" though you do not cover deploying the SNC library steps.

Where do we get the SNC library path from? Also, we do not see the SNC profile parameters in the Instance profile.

IngoH
Active Contributor
‎07-21-2009 6:14 PM
0 Kudos

Hi Michael,

SNC can be implemented with several different software vendors. The SAP Cryptographic Lib that was mentioned in this entry previously is made for server side trust - not for client side SNC.

you could use for example the Kerberos / NT version that is delivered but you can also use software from other companies. the deployment of the library depends on which one you selecting.

Ingo

Former Member
‎07-21-2009 6:21 PM
0 Kudos

> 

> Hi Jon,
> 
> so when you want to use Windows AD as the entry point that you need to configure CLIENT SIDE SNC - which is not SAP Crypto Lib.
> 
> on the mapping of Aliases I thought I did mention the registry entry earlier. The SAP Authentication has a registry entry that you can use the set the simplified usernames and assuming the usernames are identical you would then get the mapping automatically
> 
> Ingo

Can you clarify the statement: "when you want to use Windows AD as the entry point that you need to configure CLIENT SIDE SNC - which is not SAP Crypto Lib.".

This is confusing because the [blog|http://ingohilgefort.blogspot.com/2009/07/businessobjects-and-snc-for-client.html] you mention below says "SAP server needs to be setup for SNC and SNC library needs to be deployed on your BOE system" though you do not cover deploying the SNC library steps. When checking SAP Help, it alludes to sapcrypto.lib as being a prerequisite to using SNC.

Where do we get the SNC library path from? Also, we do not see the SNC profile parameters in the Instance profile.

IngoH
Active Contributor
‎07-21-2009 6:27 PM
0 Kudos

Hi,

this seems to be the same question as before. did you see the response above ?

ingo

IngoH
Active Contributor
‎07-21-2009 11:14 PM
0 Kudos

Hi,

when you want to integrate with Windows AD and use Windows AD as the first entry point for the user authentication and achieve SSO with your SAP system and BusinessObjects system you need to leverage client side SNC.

In the blog part 1

/people/ingo.hilgefort/blog/2009/07/03/businessobjects-enterprise-and-client-side-snc-part-1-of-2

i am showing the profile parameters for the SAP Server and I also included a link to the MSFT Kerberos implementation that you could leverage.

In part 2

/people/ingo.hilgefort/blog/2009/07/03/businessobjects-enterprise-and-client-side-snc-part-2-of-2

you see the steps that is required to configure the SNC options in the Central Managment Console.

these two blogs don't reference the SAP Cryptographic Library. You might have seen references in the installation guide for the Integration Kit for SAP Solutions - but that is in the chapter of server side trust - which is server side SNC and not client side SNC.

Ingo

Former Member
‎09-11-2009 10:41 PM
0 Kudos

Ingo,

From where do I get the SNC Library Path? Do I need to install any library files before this step?

Regards,

Vijay

IngoH
Active Contributor
‎09-11-2009 10:43 PM
0 Kudos

Yes - the libraries have to be on your BusinessObjects system.

Ingo

Former Member
‎09-11-2009 10:44 PM
0 Kudos

I've expanded SAP Cryptographic Library files that contains sapcrypto.dll to Business Objects server that I'm referencing in SNC Path. But still when I login with AD Credentials and create a report on BW Query I receive Incomplete Logon Data Error.

Regards,

Vijay

IngoH
Active Contributor
‎09-11-2009 10:46 PM
0 Kudos

Hi,

are we talking client side authentication via SNC or are we talking server side trust ?

SAP Crypto Lib can only be used for Server Side Trust.

Ingo

Former Member
‎09-11-2009 10:48 PM
0 Kudos

I need to be able to create WebI Reports on BW Data by using AD credentials. so for this requirement which library files do I need to install on BO server?

Regards,

Vijay

IngoH
Active Contributor
‎09-11-2009 10:50 PM
0 Kudos

Hi,

the SNC Libraries..... but SAP Crypto Libs are not for client side authentication.

You need to use the NTLM / Kerberos files or any other SNC software from a vendor.

Ingo

Former Member
‎09-11-2009 10:54 PM
0 Kudos

Hi Ingo,

Are NTLM / Kerberos files available for download in SAP Market place? Is there any documentation on how to install those libraries on BO server?

Thanks a lot for your help.

Vijay

IngoH
Active Contributor
‎09-13-2009 12:06 AM
0 Kudos

Hi,

you can find more details at help.sap.com on the documentation for your app server

ingo

Former Member
‎09-16-2009 9:10 PM
0 Kudos

Ingo,

Thank you so much for all the information. I've asked the above question because the sap system that we are using is on Aix environment and i understand kerberos/ntlm library are windows files..

Regards,

Vijay

IngoH
Active Contributor
‎09-18-2009 11:38 PM
0 Kudos

Hi,

has this been resolved ?

Ingo

Former Member
‎09-18-2009 11:48 PM
0 Kudos

Ingo,

Since our SAP system is on AIX we are looking for correct SNC library files that would enable client SNC. We did raise a case with SAP but still no information from them. Do you know if there are Kerberos library files provided by SAP for AIX to enable SNC?

Regards,

Vijay

IngoH
Active Contributor
‎10-31-2009 9:38 PM
0 Kudos

Hi Vijay,

if you can't find it on Service marketplace I suggest you open a OSS case.

ingo

Former Member
‎06-30-2009 1:02 AM
0 Kudos

Thanks Ingo

Could you point me to the relevant documentation on what is required. We have Kerberos working for WinAD SSO but I did not realise that it is required SAP database SSO.

Jon

Show replies
Show replies
IngoH
Active Contributor
‎06-30-2009 1:06 AM
0 Kudos

Hi Jon,

before I do that lets clarify the actual requirement:

- Do you want to use your SAP Credentials for achieving SSO for the BusinessObjects reports ?

- Do you want to use your Windows AD credentials to achieve SSO for the BusinessObjects reports ?

- What is the entry point for the initial user authentication ?

thanks

Ingo

Former Member
‎06-30-2009 12:42 AM
0 Kudos

Hi Ingo

Sorry for the confusion.

We need SSO to a BW database working for webi reports running off BW universes with SSO enabled. We have set up the crypto libs and server trust with SNC.

Only one SAP aliased to WinAD account works, the rest return the incomplete login data error. If I setup a enterprise BOE account and then alias this account to the SAP account that works for SSO this works also. But if for the same BOE account I alias to a different SAP account then SSO does not work.

As far as I can tell the SAP profiles on the BW system are exactly the same for all accounts in this instance.

Jon

Show replies
Show replies
IngoH
Active Contributor
‎06-30-2009 12:48 AM
0 Kudos

Hi Jon,

Server Side trust with the SAP crypto lib does not give you SNC client authentication - which you require when you want to use you Windows AD credentials for SSO.

Server Side trust is very different from the client authentication part. When you want to leverage your Windows AD credentials for achieving SSO to your SAP reports, then you need to setup SNC for client authentication with software like Secude or the Kerberos implementation.

Ingo

Former Member
‎06-30-2009 12:19 AM
0 Kudos

Hi

quick question: in the previous entries the error messages are referring to SAP Crytpo lib for the SNC part. SAP Crypto Lib is used for SERVER SIDE TRUST - not for client authentication.

Yes, I'm aware of this. We are trying to get SSO to BW to work. This is to ensure that end users get the data that they are entilted to see. We have used SAP authentication as part of the fault finding process. This ensures that users can get authenticated to SAP.

I included the dump (in a previous post) from using the SAPJCO demo suite to high light where I think the problem is.

Thanks

Jon

Show replies
Show replies
IngoH
Active Contributor
‎06-30-2009 12:24 AM
0 Kudos

Hi Jon,

on the one hand you mentioned you trying to get SSO to work, then you mentioned SNC, but you also mentioned that you are aware that SAP Crypto Lib is not SNC CLient AUTHENTICATION.

Perhaps you can clarify what exactly you mean by SSO because all the logfiles copies in the previous entries indicate that you are using the SAP Crypto Lib - which is NOT CLIENT AUTHENTICATION.

Ingo

Former Member
‎10-31-2009 2:54 PM
0 Kudos

Hi Ingo,

We are having a very similar problem setting up client Side SNC to SAP as described in your blogs.

We tried using the SNC name as p:DOMAIN\user as well as p:CN=...,OU=.... format but to no avail.

we think we have done the steps outlined in your post.

However we still get the dreaded error, "Unable to load the GSS-API DLL named ..."

I understand that sapcrypto.dll is NOT for client side SNC. So I downloaded the gssntlm.dll from sap. However I can't get rid of that error. No matter what file I use, 64-bit, 32-bit, gssntml, I still get the unable to load error.

My Question is: I am trying to determine whether,

Am I using the right library? am I getting problems loading the library?

Or is this error a generic error for some configuration error in my SNC settings either on SAP server or BOBJ side?

I did set SNC_LIB env variable; however the job of loading this library is done by Tomcat, right? Is there something else we need to do?

Thanks a lot

ac

IngoH
Active Contributor
‎10-31-2009 9:41 PM
0 Kudos

Hi Scott,

- what are the steps that you completed ?

- which software are you using ?

- when do you see the error message ?

Ingo

Former Member
‎11-01-2009 3:18 AM
0 Kudos

Hi Ingo,

-What are the steps that you completed ?

For a User in SAP, in the SNC tab, I activated the SNC settings by adding the SNC Name.

Also in SAP, I defined the bobj system.

In Business Objects CMC, I enabled SNC and in mutual auth, defined the name of the SAP system in the DN format.

I defined the SNC_LIB env variable on windows to point to the file name/path of gssntlm.dll library.

I defined the profile parameters including the library location on SAP.

- which software are you using ?

I am using XIR3.1 to go against SAP BW system.

I am using the gssntlm.dll library from SAP for 32-bit.

Trying to do client side SNC from bobj XIR31 to SAP bw 7.10

- when do you see the error message ?

I get the unable to load gss-api DLL error when trying to click on the "Role Import" tab.

thx

IngoH
Active Contributor
‎11-01-2009 5:53 PM
0 Kudos

HI Scott,

I assume you are looking to combine Windows AD and SAP Credentials:

For a User in SAP, in the SNC tab, I activated the SNC settings by adding the SNC Name.

Also in SAP, I defined the bobj system.

>> I assume transaction SNCO

In Business Objects CMC, I enabled SNC and in mutual auth, defined the name of the SAP system in the DN format.

I defined the SNC_LIB env variable on windows to point to the file name/path of gssntlm.dll library.

I defined the profile parameters including the library location on SAP.

- which software are you using ?

I am using XIR3.1 to go against SAP BW system.

I am using the gssntlm.dll library from SAP for 32-bit.

Trying to do client side SNC from bobj XIR31 to SAP bw 7.10

- when do you see the error message ?

I get the unable to load gss-api DLL error when trying to click on the "Role Import" tab.

- Did you configure Windows AD ?

- Did you map user aliases ?

see here:

SNC Part 1

/people/ingo.hilgefort/blog/2009/07/03/businessobjects-enterprise-and-client-side-snc-part-1-of-2

SNC Part 2

/people/ingo.hilgefort/blog/2009/07/03/businessobjects-enterprise-and-client-side-snc-part-2-of-2

Ingo

Former Member
‎11-01-2009 10:36 PM
0 Kudos

Hi Ingo,

thanks for the links; I have been using them to start my process.

- Did you configure Windows AD ?

Yes, AD SSO with kerberos is working fine.

- Did you map user aliases ?

Yes, I mapped SAP to AD aliases and also changed the Windows registry to use SimpleUserName as your blog suggested.

Not matter what changes I make, I do not get a different error message from "unable to load gssapi DLL".

Does the SAP server side library have to match the BOE side library?

I am using sapcrypto.dll on SAP side and gssmtlm.dll on the BOE side, would that work?

thx

Former Member
‎11-01-2009 10:50 PM
0 Kudos

Ingo,

I'd appreciate if you could confirm a few things from your blogs,

1. in Blog 2, you suggest to go to SAP SU0 and edit the user used for the purpose of setting up the entitlement system.

This is the user account entered in BOE CMS -> Authentication-> SAP page, correct?

2. you said to go to SNC tab for this user in SAP and write the SNC name in p: format.

If I enter the domain name of the user running the SIA , tomcat processes

p: DOMAIN\user , it gives an error, "Canonical name cannot be determined". It saves the name though.

Only if I enter an entry in the Distinguished Name (DN) format, does it give me the green check mark.

Is this right? Should I be proceeding with the p: DOMAIN\user format in spite of the error?

3. SNC name in the BOE CMS Authentication-> SAP-> Entitlement tab. Should this also be in p:DOMAIN\name format?

4. I am using the 32-bit library gssntlm.dll from SAP on BOE side. This is part of winsso.zip package. is that ok?

These points, I felt , had some anbiguity and would help me troubleshoot better.

thx a lot.

IngoH
Active Contributor
‎11-02-2009 5:39 PM
0 Kudos

Hi,

1. in Blog 2, you suggest to go to SAP SU0 and edit the user used for the purpose of setting up the entitlement system.

This is the user account entered in BOE CMS -> Authentication-> SAP page, correct?

yes

2. you said to go to SNC tab for this user in SAP and write the SNC name in p: format.

If I enter the domain name of the user running the SIA , tomcat processes

p: DOMAIN\user , it gives an error, "Canonical name cannot be determined". It saves the name though.

Only if I enter an entry in the Distinguished Name (DN) format, does it give me the green check mark.

Is this right? Should I be proceeding with the p: DOMAIN\user format in spite of the error?

This depends on which SNC software you are using.

3. SNC name in the BOE CMS Authentication-> SAP-> Entitlement tab. Should this also be in p:DOMAIN\name format?

see above

4. I am using the 32-bit library gssntlm.dll from SAP on BOE side. This is part of winsso.zip package. is that ok?

yes

Ingo

Former Member
‎11-02-2009 10:50 PM
0 Kudos

Hi Ingo,

When you say, "It depends on what SNC software you are using", are you referring to the crypto library on the SAP server?

Do I have to use the same gssntlm.dll on the SAP server or stick to sapcrypto.dll?

thx

IngoH
Active Contributor
‎11-02-2009 11:07 PM
0 Kudos

Hi Scott,

SAP Crypto is for Server to Server communication, which means you can not use if for client to server.

what I meant is that some of the settings depends on which SNC software you are using - there are lots of different SNC solutions out there.

Ingo

Former Member
‎11-02-2009 11:16 PM
0 Kudos

pardon my ignorance,

but what is an SNC solution? I thought all I needed was the library.

And if I am doing client-server SNC then I need gssntlm.dll on both BOE and SAP side, right?

thx

Former Member
‎11-02-2009 11:27 PM
0 Kudos

Scott,

I'd suggest to talk to your Basis team to find out if they have SNC enabled on SAP server. What I found from my analysis is if you are using SAP on windows environment you would get library files for Client side SNC that can be downloaded from marketplace else you would have to go through 3rd party SNC providers like Secude, Quest etc to get the library files to achieve SNC (which is an investment).

The canonical name error is generally caused if SNC is not enabled on SAP server.

Ingo: Correct me if my understanding is wrong.

Regards,

Vijay

Former Member
‎03-16-2010 5:51 PM
0 Kudos

Hello

Look at this note

1446067 - How to configure Server Side SNC for Business Objects XI 3.1 using

Kerberos / Windows AD

Regards.

IngoH
Active Contributor
‎03-16-2010 6:10 PM
0 Kudos

Hi Scott,

perhaps we should start from a different angle. What are the workflows you would like to realize ?

Ingo

Former Member
‎06-29-2009 10:54 PM
0 Kudos

Hi Ingo

what happens when you use the other SAP credentials and try to logon to InfoView with their AD credentials ?

Get the incomplete logon data error message when other uses try to refresh a webi report using a BW universe with SSO defined in the BW data connection

Can you logon with those users using the SAP authentication ?

Yes

Jon

Show replies
Show replies
IngoH
Active Contributor
‎06-29-2009 11:35 PM
0 Kudos

Hi Jon,

quick question: in the previous entries the error messages are referring to SAP Crytpo lib for the SNC part. SAP Crypto Lib is used for SERVER SIDE TRUST - not for client authentication.

Ingo

Former Member
‎06-29-2009 10:32 PM
0 Kudos

All SAP users have been aliased to the appropriate Windows AD users ?

Yes

So whats the error message you received ?

IDBD Unable to connect to SAP BW server ncomplete Login data

Can the users logon to InfoView with their AD credentials ?

Yes

Note: Only one user can successfully pass SAP login credentials to the SAP BW server.

Jon

Show replies
Show replies
IngoH
Active Contributor
‎06-29-2009 10:46 PM
0 Kudos

Hi,

what happens when you use the other SAP credentials and try to logon to InfoView with their AD credentials ?

Can you logon with those users using the SAP authentication ?

Ingo

Former Member
‎06-28-2009 2:33 AM
0 Kudos

SAP user accounts have been aliased to WinAD accounts

Show replies
Show replies
IngoH
Active Contributor
‎06-29-2009 3:31 PM
0 Kudos

Hi,

all SAP users have been aliased to the appropriate Windows AD users ?

So whats the error message you received ? Can the users logon to InfoView with their AD credentials ?

Ingo

Former Member
‎06-26-2009 6:21 AM
0 Kudos

Hi Ingo

As I pointed out in my orginal post, SSO works for one user, but not for any others that have been aliased. This suggests that BOE and SAP are exchanging certificates and that server side trust is working. I know this as the user that SSO works for the same WinAD and SAP login but different passwords. To eliminate WinAD as a cause we set up a BOE enterprise user and aliased that user to a SAP user. This failed with the incomplete login information error.

I have had this working at another site, but the SAP side was configured by their SAP service provider and these people have a diiferent skill level to the SAP service provider I'm working with at the moment.

In answer to your question Ingo, yes SNC has been configured on the BOE and SAP sides.

Jon

Show replies
Show replies
IngoH
Active Contributor
‎06-26-2009 5:16 PM
0 Kudos

Hi,

assuming you have SNC configured for client side authentication you need to Alias each SAP user with the AD users.

Ingo

Former Member
‎06-25-2009 3:04 PM
0 Kudos

Jon,

You need to log on to InfoView with your SAP logins.

Regards,

Roman

Show replies
Show replies
IngoH
Active Contributor
‎06-24-2009 11:46 PM
0 Kudos

Hi Jon,

are you logging on to InfoView with your SAP Credentials and trying to create the report ?

whats the initial step of user authentication towards the BOE server ?

Ingo

Show replies
Show replies
Former Member
‎06-25-2009 4:47 AM
0 Kudos

Hi Ingo

are you logging on to InfoView with your SAP Credentials and trying to create the report ?

No we log into Infoview via WinAD SSO

whats the initial step of user authentication towards the BOE server ?

As above WinAD.

The users WinAD credentials are aliased to their SAP credentials in BOE.

We ran the JCO test tool. The output:

Java Runtime:

Operating System: Windows 2003 5.2 for x86

Java VM: 1.5.0_12 Sun Microsystems Inc.

Java Codepage: Cp1252

Versions:

JCo API: 2.1.8 (2006-12-11)

JCo middleware: 2.1.8 (2006-12-11)

JCo library: 2.1.8 (2006-12-11)

RFC library: 710.0.135

Paths:

JCo classes: D:\Program%20Files%20(x86)\Business%20Objects\sapjco\sapjco.jar

JCo library: D:\Program Files (x86)\Business Objects\sapjco\sapjcorfc.dll

RFC library: System-defined path

jco.client.x509cert:

jco.client.snc_partnername: p:CN=!sysBusinessObjectsD, OU=Service Accounts, DC=zeus, DC=ghsewn, DC=com

jco.client.ashost: 10.116.6.40

jco.client.snc_mode: 1

jco.client.snc_myname: p:CN=!sysBusinessObjectsD, OU=Service Accounts, DC=zeus, DC=ghsewn, DC=com

jco.client.snc_lib: /usr/sap/BD2/SYS/exe/run/libsapcrypto.so

jco.client.sysnr: 40

jco.client.client: 800

jco.client.snc_qop: 3

JCO.createClient()..........................................ok

client.connect()............................................[Thr 1768] Thu Jun 25 15:31:59 2009

[Thr 1768] *** ERROR => SncPDLInit(): DlLoadLib("/usr/sap/BD2/SYS/exe/run/libsapcrypto.so")=DLENOACCESS

[Thr 1768] [sncxxdl.0340][Thr 1768] *** ERROR => SncPDLInit()==SNCERR_INIT, Adapter (#0) /usr/sap/BD2/SYS/exe/run/libsapcrypto.so not loaded

[Thr 1768] [sncxxdl.0604]failed

com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: SAP_CMINIT3 : rc=20 > Connect to SAP gateway failed

Connect_PM GWHOST=10.116.6.40, GWSERV=sapgw40, SYSNR=40

LOCATION CPIC (TCP/IP) on local host

ERROR Unable to load the GSS-API DLL

named "/usr/sap/BD2/SYS/exe/run/libsapcrypto.so"

TIME Thu Jun 25 15:31:59 200

RELEASE 710

COMPONENT SNC (Secure Network Communication)

VERSION 5

RC -1

MODULE sncxxdl.c

LINE 342

DETAIL SncPDLInit

SYSTEM CALL LoadLibrary

COUNTER 1

So this seems to indicate that SAP is unable to load the libsapcrypto.so

Jon

IngoH
Active Contributor
‎06-25-2009 3:10 PM
0 Kudos

Hi,

>>.InfoView with your SAP Credentials and trying to create the report ? No we log into Infoview via WinAD SSO whats the initial step of user authentication towards the BOE server ? As above WinAD. The users WinAD credentials are aliased to their SAP credentials in BOE. We ran the JCO test tool.

So you are logging on with Windows AD but want to use the SAP credentials for SSO. Have you configured SNC for client authentication ?

Ingo

Ask a Question