on 05-15-2014 4:15 PM
Dear Colleagues,
We are using SecureLoginClient 1.0 with SecureLibrary 1.0 for our SSO SAP GUI. Everything is working fine so far. Now we wanted to implement NWBC SSO where we need the Secure Library 2.0.
We checked in the document Secure Login for SAP Netweaver Single Sign-On Implementation Guide Chapter 4.4 Migrating Secure Login Library to SAP Netweaver Single Sign-on 2.0 from 1.0
In the procedure point 4 the document stats...
"you must make sure that an SNC PS2 called SAPSNCS.pse is available".... okay we don't have such a file in .../sec
We have a pse.zip file in /sec but it does not contain a pkcs#12 file.
So I am not sure how I should created the SAPSNCS.pse to continue.
Any ideas?
Alexander
The PSE is required only in case you use X.509 certificates together with SNC. If you are planning on using Kerberos, you don't have to create the SNC PSE in STRUST.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Samuli,
This is what I have done
-> downloaded the new SLL 2.0 to a dedicated folder SLL20 /usr/sap/<SID>/DV*/SLL20
-> change in rz10 parameter snc/gssapi_lib to /usr/sap/<SID>/DV*/SLL/libsapcrypto.so
-> added in rz10 spnego/enable 1 and spnego/krbspnego_lib /usr/sap/<SID>/DV*/SLL/libsapcrypto.so
-> executed /usr/sap/<SID>/DV*/SLL20/sapgenpse keytab -p SAPSNCSKERB.pse -a <TECHNICAL USER NAME>
-> executed /usr/sap/<SID>/DV*/SLL20/sapgenpse seclogin -p SAPSNCSKERB.ps2 -o <sid>adm
-> executed spnego, uploaded the credentials
-> restarted the SAP Systems
Result: System is not comming up due the the following error message
Product Version = CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.10 pl40
SncIinit (): found snc/identity/as=p: <TECHNICAL USER NAME >
**** ERROR => SncPAcquireCred()==SNCERR_GSSAPI
GSS-API(maj): No credentials were supplied
Could't acquire ACCEPTING credentials for
name="p: <TECHNICAL USER NAME >"
FATAL SNCERROR - Accepting Credentials not available!
(debug hint: default acceptor = "p:CN=DummyCredential")
<<- SncInit()==SNCERR_GSSAPI
sec_avail = "false"
Any idea what I missed?
User | Count |
---|---|
98 | |
11 | |
11 | |
10 | |
10 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.