on 10-21-2014 10:01 PM
Hello World,
Now I have to setup SSO for SAPgui <-> ERP6.0 (like "make it happen yesterday" 😉
I configured the MS Active Directory Service User, specified the Principle Name and configured settings in SPNEGO.
Installed SAPcrypto Lib on SAP Server and Secure Login Libs on Windows System (for Standard SAPgui).
Then I adjusted all SAP profile parameters and restarted SAP System.
All fine and well, but after I adjust settings in SAPgui SNC tab for the desired system and try to logon, I only get this error message:
> Specified target is unknown or unreachable
> p:CN=<AD-ServiceUserName>@<domain>.<name>
> Component: SNC
> Method: SndEstablishContext
> System Call: gss_init_sec_context
I replaced our server and domain names with placeholders, so don't be confused by the <...>
Our Windows Terminal Server is in the same domain as the Windows Kerberos Server, but our ERP systems are running on Linux and are not part of the Windows domain.
To be quite honest, I fail to see how the ERP server can reach the Kerberos server and I don't get how it is supposed to make its name/destination thus known to the world (-> snc/identity/as)
I pretty much followed this guideline when setting it all up: scn.sap.com/docs/DOC-40178
But it only refers to pure Windows environments, not a Windows (Client/MS-ActiveDir/Kerberos) & Linux (AS-ABAP) mix like we have.
Anybody can help out with this one?
Also, can I even install the SNC library into a standard SAPgui for SSO, or do I need to download the special SAP Secure Login Client for that (I know that one requires an extra license).
Hi Folks,
a little update on this epic saga.
I managed to confirm (via "klist") that on the backend the Linux ABAP Server knows the service user name "SL-ABAP-TST".
So I recon it must be the SAPgui which has a problem here, and I enabled the trace files on it to be sure.
Here is the output
errorlog.gui:
****************************************************************************************************
Sapgui 730 [Build 9036] Thu Oct 23 14:36:42 2014
: 'GSS-API(maj): Miscellaneous Failure
Fehler in SNC
M�chten Sie eine detaillierte Fehlerbeschreibung?
'
**************************************************
Sapgui 730 [Build 9036] Thu Oct 23 14:38:43 2014
: 'GSS-API(maj): Miscellaneous Failure
GSS-API(min): SSPI::IniSctx#1()==Specified target is unknown or unreac
target="p:CN=SL-ABAP-TST@ACME.CORP.LOCAL"
Time Thu Oct 23 14:38:39 2014
Component SNC (Secure Network Communication)
Release 730
Version 6
Module sncxxall.c
Line 3352
Method SncPEstablishContext
Return Code -4
System Call gss_init_sec_context
Counter 1
'
**************************************************
Sapgui 730 [Build 9036] Thu Oct 23 14:39:26 2014
: 'GSS-API(maj): Miscellaneous Failure
GSS-API(min): SSPI::IniSctx#1()==Specified target is unknown or unreac
target="p:CN=SL-ABAP-TST@ACME.CORP.LOCAL"
Fehler in SNC
M�chten Sie eine detaillierte Fehlerbeschreibung?
'
****************************************************************************************************
Could it be that I require SAP's Secure Login Library for this to work?
I am trying to "patch" the standard SAPgui with the SSO libs here, but am not sure if this is workable or not.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.