I have been doing a lot of reading on SDN and Ingo's blog on setting up client SNC for LiveOffice on Crystal Reports based on SAP BEx queries as well for Advanced Analysis for Excel. We do not have SAP Gui Client SNC/SSO using gssapi currently setup.
I need to understand how users can refersh the crystal reports via live office without logging in twice one for BOE and one for SAP and the same for Advanced Analysis. From my research if I am correct the first logon to BOE via WinAD can be avoided if we setup Kerberos SSO and set principal names on service account running the SIA.
My understanding is also that If we require to avoid the second logon for SAP BW we need to implement client SNC. For that I have done the RZ10 profile parameter changes as well as transfer of certificates from BOBJ and SAP system.
However its not working. In SAP authentication in CMC using the service account and its password (which is also running SIA since we need it for WinAD SSO) we can run Webi reports using SSO in Universe. However when we turn on SNC its showing error.
I have my doubts on the all the places where the SNC name needs to be provided and which format. I have used:
SIA Account = DOMAIN/service_account
SAP SNC0 tcode = p:DOMAIN/service_account
library path = C:\Program Files\SAP\Crypto\sapcrypto.dll
SNC name of SAP system = p: CN= SSL client SSL Client (Standard), OU=I0020254816, OU=SAP Web AS, O=SAP Trust Community, C=DE (taken from STRUST of SAP)
SNC Name of Enterprise System: : CN=, OU<domain>, OU=<domain>, OU=COM, O=BOBJ
su01 for service account, snc name = p:DOMAIN/service_account
snc/gssapi_lib = gssapi32.dll
snc/accept_insecure_rfc = 1
snc/accept_insecure_r3int_rfc = 1
snc/accept_insecure_gui = 1
snc/accept_insecure_cpic = 1
snc/permit_insecure_start = 1
snc/data_protection/min = 1
snc/data_protection/max = 3
There is no end to end documentation for a complete password-less logon scenario BOBJ 4.0 + SAP in the admin guide so I am trying to conect the dots.
Any help is appreciated.