on 05-28-2014 7:49 AM
public void nco() {
_ID = new MyBackendConfig();
RfcDestinationManager.RegisterDestinationConfiguration(_ID);
RfcDestinationManager.GetDestination("BD2");
}
...
public class MyBackendConfig : IDestinationConfiguration
{
public RfcConfigParameters GetParameters(String destinationName)
{
if ("BD2".Equals(destinationName))
{
RfcConfigParameters parms = new RfcConfigParameters();
RfcConfigParameters.AppServerHost, ConfigurationManager.AppSettings["AppServerHost"]);
RfcConfigParameters.SystemNumber, ConfigurationManager.AppSettings["SystemNumber"]);
RfcConfigParameters.Client, ConfigurationManager.AppSettings["Client"]); // Client
//parms.Add(RfcConfigParameters.User, ConfigurationManager.AppSettings["User"]);
//parms.Add(RfcConfigParameters.Password, ConfigurationManager.AppSettings["Password"]);
RfcConfigParameters.SncMode, "1");
RfcConfigParameters.SncPartnerName, "p:SAPServiceBD1@<domain.com>");
RfcConfigParameters.SncQOP, "9");
RfcConfigParameters.LogonGroup, "BW-DEV");
RfcConfigParameters.SystemID, "BD2");
RfcConfigParameters.Trace, "2");
...
}
...
}
Has this issue been resolved? I have a very similar problem and getting almost identical errors. We have a .Net4.0 app running on IIS7.5. I'm trying to use SNC for an SSO connection via Kerberos. I've got my app running with a service account that has unconstrained delegation. My SNC parameters are very similar to the original post on here.
I'm getting the identical error:
ERROR GSS-API(maj): No valid credentials provided (or available)
GSS-API(min): No Kerberos SSPI credentials available for
requested nam
name="p:myId@sub.contoso.com"
I think my delegation is configured correctly because I have tested it to other IIS servers. For example, I'm able to delegate my user's kerberos to other web servers. My SNC parameters look like so:
RfcConfigParameters.SncMode = "1";
RfcConfigParameters.SncLibraryPath = @"C:\qgsskrb5.dll";
RfcConfigParameters.SncPartnerName = "p:sap@sub.contoso.com";
RfcConfigParameters.SncMyName, "p:myId@sub.contoso.com";
My web server is running with a service account that has a SPN of the webserver. The sap@sub.contoso.com account has an SPN to the "sap\sap@sub.contoso.com"
We have a SAP GUI client that uses the same SNC library and that works correctly when I run from my local machine. However, my problem is I'm trying to mimic this on my .net web app with the delegation/impersonation.
Any help would be much appreciated!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Seungkwon,
When using SNC, also the SNC_NAME of the local instance is sent. Depending on the SNC implementation there could be a single one or multiple ones. In case you don't specify one, always the default one will be used. For being able to logon to the ABAP system, you need to map the identity defined by the SNC_NAME to some ABAP user in the ABAP system. How this needs to be done should be described in the documentation of the SNC Library that you are using.
Best regards,
Markus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Markus,
Thank you for your response.
We did setup AD user mappings in ABAP / SAP, which had been verified with SAP Frontend successfully authenticated with SSO.
For AD user details, we tried to fill-in the connetion parameters, but nothing applicable can be found (ie. SNC_Name / SncName not available in RfcConfigParameters class). And we also tried setting AD details to attrbiute "SncMyName", "SncSSO", which would raise "No Kerberos SSPI credentials available" error.
Setting AD details to SncMyName:
parms.Add(RfcConfigParameters.SncMyName, "p:henryw1@<domain.com>");
Best Regards.
Hi Seungkwon,
The RfcConfigParameters constant is SncMyName, which would be relevant in order to override the default value. In case the default value is sufficient, you can omit this parameter. I cannot tell you details about the configuration needed for that special SNC library that you use and need to refer to the vendor's documentation in this case.
Best regards,
Markus
Hi Seungkwon,
there is no special documentation for a .NET client. You need to check the documentation of the SNC solution that you are using for your landscape. How this needs to be configured is independent from the type of RFC client you use. It will be the same for NCo, JCo, and NW RFC SDK. Hence you need to look for a configuration documentation for this SNC solution. Therefore, you need to get the answers from someone else. Sorry, but I can't help in this case.
Best regards,
Markus
User | Count |
---|---|
76 | |
9 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.