cancel
Showing results for 
Search instead for 
Did you mean: 

SSO HP-UX (sap) and Windows 2008

Former Member
0 Kudos

hello colleagues:

I am currently setting up a HP-UX SSO (SAP) and Windows 2008, the steps performed are:

1. Installing on HP-UX liberia and configure keytab (OK)

2. Changing the parameters and enable the connection snc (OK):

snc / permit_insecure_start 1

snc / accept_insecure_cpic 1

snc/r3int_rfc_qop 8

snc/r3int_rfc_secure 0

snc / data_protection / use 3

snc / data_protection / min 2

snc / gssapi_lib / usr/sap/SOL/DVEBMGS00/SLL/libsecgss.sl

snc / enable 1

snc / data_protection / max 3

snc / accept_insecure_rfc 1

snc / identity / as p: CN = SAP / KerberosSID @ MIDOMAIN.COM

snc / accept_insecure_gui 1

snc / force_login_screen 0

Checking the proper authentication of the library in dev_w0 (CNS Enable) (OK)

3. configuring the SAP LOGON to do the SSO (OK)

4. Configure the user by the SU01 - Tab CNS (p: CN = USER@DOMAIN.COM), recognizes the canonical name (OK).

The problem occurs when you take the entrance to SAP, as it appears "or user name exists snc with p: CN = D765615231GBJGH9879789 ..." when will this data entry: the user settings: on the SU01 - SNC tab p: CN = D765615231GBJGH9879789 if I made ​​the SOO. I followed the Note 1635019 - but still continues to generate the problem. Becomes a problem when the keytab changes every 2 days by the prior p: CN = D765615231GBJGH9879789 ... change on the other p: CN = H3837GDF098392 ... having to change this in the configuration of the Board Index.

Any ideas to correct the problem?? In advance thank you very much ....

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Right, what I'm currently using SAP Netweaver SSO SP3 is the part of SAP used: SECURE_LOGIN_LIBRARY, and by the GUI for Windows use: SNC_CLIENT_ENCRYPTION, with this I am encrypción ensuring end-to-end,  all supported by the SAP NetWeaver SSO SP3

Kaempfer
Advisor
Advisor
0 Kudos

I added a screenshot. If you use this snc client encryption package of the SAP Marketplace, your SSO scenario will not work (this will perhaps change in future but right now this will not work).

For SAP GUI for WIndows you have to use Secure Login Client from SAP NetWeaver Single Sign-On package and not SNC Client Encyption (see screenshot).

Secure Login Client = SNC + SSO

SNC Client Encyption = ONLY SNC for SAP GUI for Windows

Regards

Matthias

Former Member
0 Kudos

He used the fact that samples in the capture of the screen, that nose is where I download the client encryption SNC SNC = ONLY for SAP GUI for Windows, I have searched the market place with no success, if by chance you have it you can send me to or give me a link reparra@gmail.com

Regards

Ramon Eduardo Parra Vera

Former Member
0 Kudos

I followed the instructions in the Note 1643878 - Release Notes for CNS Client Encryption and still brings me to the library that you show me the screen capture

Kaempfer
Advisor
Advisor
0 Kudos

Yes, SNC Client encryption provides a library on the client and on the server. With the libraries you are able to configure only the encryption between SAP GUI for Windows client and server. But you goal is to provide encryption and SSO. Are we here still on the same page?

Regards

Matthias

Former Member
0 Kudos

    Hi, Matthias, Desintale SNC for SAPGUI client, but I liberria generates error.

I could tell that I install and / or configure the SAPGUI for windows?

Yes we are on the same page

I am attaching the error:

Regards

Ramon

Kaempfer
Advisor
Advisor
0 Kudos

Where did you download the security library? From the package SNC Encryption Client or SAP NetWeaver Single Sign-On or .... ?

Regards

Matthias

Former Member
0 Kudos

The security libraries are downloaded from:

http://help.sap.com/nwsso10 -> installation -> components: secure login client + secure login sever + secure login library.

Kaempfer
Advisor
Advisor
0 Kudos

I would expect this SSO issues if you have delployed SNC Client Encryption on the client or on the server side

Did you perhaps install SNC Client Encryption component with the SAP GUI installation and not install the secure login client of SAP NW SSO?

Regards

Matthias

Former Member
0 Kudos

hi Matthias,

The SNC install Client Encryption is performed on both the server and client sap gui

Kaempfer
Advisor
Advisor
0 Kudos

So you goal is to achieve SSO right?

Witht the package SNC Client Encryption your are only able to encrypt the communication between the SAP GUI for Windows and the SAP system. No SSO!

You can use for example SAP NetWeaver Single Sign-On (or partner soutions), than you have encryption and single sign-on.

Regards

Matthias