Skip to Content
Former Member
Nov 09, 2011 at 07:35 AM

Confused About BOBJ Client SNC



I have been doing a lot of reading on SDN and Ingo's blog on setting up client SNC for LiveOffice on Crystal Reports based on SAP BEx queries as well for Advanced Analysis for Excel. We do not have SAP Gui Client SNC/SSO using gssapi currently setup.

I need to understand how users can refersh the crystal reports via live office without logging in twice one for BOE and one for SAP and the same for Advanced Analysis. From my research if I am correct the first logon to BOE via WinAD can be avoided if we setup Kerberos SSO and set principal names on service account running the SIA.

My understanding is also that If we require to avoid the second logon for SAP BW we need to implement client SNC. For that I have done the RZ10 profile parameter changes as well as transfer of certificates from BOBJ and SAP system.

However its not working. In SAP authentication in CMC using the service account and its password (which is also running SIA since we need it for WinAD SSO) we can run Webi reports using SSO in Universe. However when we turn on SNC its showing error.

I have my doubts on the all the places where the SNC name needs to be provided and which format. I have used:

SIA Account = DOMAIN/service_account

SAP SNC0 tcode = p:DOMAIN/service_account

library path = C:\Program Files\SAP\Crypto\sapcrypto.dll

SNC name of SAP system = p: CN= SSL client SSL Client (Standard), OU=I0020254816, OU=SAP Web AS, O=SAP Trust Community, C=DE (taken from STRUST of SAP)

SNC Name of Enterprise System: : CN=, OU<domain>, OU=<domain>, OU=COM, O=BOBJ

su01 for service account, snc name = p:DOMAIN/service_account

RZ10 parameters:

snc/gssapi_lib = gssapi32.dll

snc/identity/as = sidadm@ ( says to use krb.dll with SAPService @

snc/accept_insecure_rfc = 1

snc/accept_insecure_r3int_rfc = 1

snc/accept_insecure_gui = 1

snc/accept_insecure_cpic = 1

snc/permit_insecure_start = 1

snc/data_protection/min = 1

snc/data_protection/max = 3

There is no end to end documentation for a complete password-less logon scenario BOBJ 4.0 + SAP in the admin guide so I am trying to conect the dots.

Any help is appreciated.