cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Secure Login Library 1.0 to 2.0

Go to solution
alexander_tuerk2
Participant

on ‎05-15-2014 4:15 PM

0 Kudos

Dear Colleagues,

We are using SecureLoginClient 1.0 with SecureLibrary 1.0 for our SSO SAP GUI. Everything is working fine so far. Now we wanted to implement NWBC SSO where we need the Secure Library 2.0.

We checked in the document Secure Login for SAP Netweaver Single Sign-On Implementation Guide Chapter 4.4 Migrating Secure Login Library to SAP Netweaver Single Sign-on 2.0 from 1.0

In the procedure point 4 the document stats...

"you must make sure that an SNC PS2 called SAPSNCS.pse is available".... okay we don't have such a file in .../sec

We have a pse.zip file in /sec but it does not contain a pkcs#12 file.

So I am not sure how I should created the SAPSNCS.pse to continue.

Any ideas?

Alexander

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-15-2014 8:55 PM
0 Kudos

The PSE is required only in case you use X.509 certificates together with SNC. If you are planning on using Kerberos, you don't have to create the SNC PSE in STRUST.

Show replies
Show replies
alexander_tuerk2
Participant
‎05-20-2014 8:45 AM
0 Kudos

Hello Samuli,

This is what I have done

-> downloaded the new SLL 2.0 to a dedicated folder SLL20 /usr/sap/<SID>/DV*/SLL20

-> change in rz10 parameter snc/gssapi_lib to /usr/sap/<SID>/DV*/SLL/libsapcrypto.so

-> added in rz10 spnego/enable 1 and spnego/krbspnego_lib /usr/sap/<SID>/DV*/SLL/libsapcrypto.so

-> executed /usr/sap/<SID>/DV*/SLL20/sapgenpse keytab -p SAPSNCSKERB.pse -a <TECHNICAL USER NAME>

-> executed /usr/sap/<SID>/DV*/SLL20/sapgenpse seclogin -p SAPSNCSKERB.ps2 -o <sid>adm

-> executed spnego, uploaded the credentials

-> restarted the SAP Systems

Result: System is not comming up due the the following error message

Product Version = CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.10 pl40

SncIinit (): found snc/identity/as=p: <TECHNICAL USER NAME >

**** ERROR => SncPAcquireCred()==SNCERR_GSSAPI

GSS-API(maj): No credentials were supplied

Could't acquire ACCEPTING credentials for

name="p: <TECHNICAL USER NAME >"

FATAL SNCERROR - Accepting Credentials not available!

(debug hint: default acceptor = "p:CN=DummyCredential")

<<- SncInit()==SNCERR_GSSAPI

sec_avail = "false"

Any idea what I missed?

alexander_tuerk2
Participant
‎05-20-2014 11:24 AM
0 Kudos

Found the issue.

Forgot to add -x <password>

Regards,

Alexander

Answers (0)

Ask a Question