cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAProuter: How to cater for SSO using saprouter

Go to solution
former_member449168
Participant

on ‎09-27-2018 1:39 PM

0 Kudos

Hi

We are trying to open a connection to a customer's SAP system by using SAProuter from the supplier to the client. The client is running SAP, and the supplier needs to read data from the client's SAP system.

Currently we get the error that credentials are missing.

The client has confirmed that they are using Active Directory with Kerberos for SSO, and it seems like SSO is at the source of this error. How do we cater for SSO using SAProuter? For now, we are just trying to get a successful niping test.

The error on the supplier side is:

*** ERROR => SncPEstablishContext() failed for target='p:CN=MyCertName' [D:/depot/b 3638]
*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI  [D:/depot/bas/74 3604]
      GSS-API(maj): Miscellaneous failure
      GSS-API(min): A2210210:Verification of own certificate by server failed
    Unable to establish the security context
    target="p:CN=MyCertName"
<<- SncProcessInput()==SNCERR_GSSAPI
*** ERROR => NiSncIProcIn: SncProcessInput failed (sncrc=-4;0000000845A9B490;97) [nisnc.c      1003]

The error on the client side (destination) is:

*** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [/bas/753_REL/sr 1465]
      GSS-API(maj): No credentials were supplied
    Could't acquire ACCEPTING credentials for
    name="p:CN=MyCertName"
<<- SncProcessInput()==SNCERR_GSSAPI
*** ERROR => NiSncIProcIn: SncProcessInput failed (sncrc=-4;0x1d17270;1761) [nisnc.c      1003]
*** ERROR => NiSncIProcOpcode: NiSncIProcIn failed (rc=-17) [nisnc.c      337]
*** ERROR => NiBufIIn: NiBufIProcMsg failed (rc=-17) [nibuf.cpp    2828]
*** ERROR => NiBufReceive C12/-1 '158.xx.x.xxx' failed (rc=-17) [nirout.cpp   3326]

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

isaias_freitas
Advisor
Advisor
‎10-04-2018 6:46 PM

Hello Patricio,

Where are you seeing each error message?

At the supplier end, is it at the saprouter trace file (dev_rout)?

And on the client end? Is it an output from the niping command?

This seems to be related to the SNC setup (encryption between the two systems).

Regards,

Isaías

Show replies
Show replies
former_member449168
Participant
‎10-04-2018 9:41 PM
0 Kudos

Both errors are in the dev_rout files on the respective sides. You are correct that it might be related to SNC and not SSO, but I still have not idea how to fix this. Both sides we are starting saprouter with the -K parameter if that helps?

isaias_freitas
Advisor
Advisor
‎10-08-2018 10:40 PM
0 Kudos

OK, then review the SNC settings on each saprouter.

  • Are self-signed certificates being used?
  • Were the certificates exchanged between the saprouter's (PSE file), so they trust each other?
  • Is the correct value passed at the "-K" argument?

Answers (1)

Answers (1)

former_member449168
Participant
‎11-05-2018 10:46 AM
0 Kudos

Thanks Isaias. Problem was that they have imported our certificate incorrectly. Obvious at the end. Thanks.

Show replies
Show replies
isaias_freitas
Advisor
Advisor
‎11-05-2018 4:58 PM
0 Kudos

You are welcome!

Ask a Question