cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO with SAPgui -> SAP ABAP for Windows Network Users

former_member1012268
Participant

on ‎10-21-2014 10:01 PM

0 Kudos

Hello World,

Now I have to setup SSO for SAPgui <-> ERP6.0 (like "make it happen yesterday" 😉

I configured the MS Active Directory Service User, specified the Principle Name and configured settings in SPNEGO.

Installed SAPcrypto Lib on SAP Server and Secure Login Libs on Windows System (for Standard SAPgui).

Then I adjusted all SAP profile parameters and restarted SAP System.

All fine and well, but after I adjust settings in SAPgui SNC tab for the desired system and try to logon, I only get this error message:

> Specified target is unknown or unreachable

> p:CN=<AD-ServiceUserName>@<domain>.<name>

> Component:    SNC

> Method:        SndEstablishContext

> System Call:    gss_init_sec_context

I replaced our server and domain names with placeholders, so don't be confused by the <...>

Our Windows Terminal Server is in the same domain as the Windows Kerberos Server, but our ERP systems are running on Linux and are not part of the Windows domain.

To be quite honest, I fail to see how the ERP server can reach the Kerberos server and I don't get how it is supposed to make its name/destination thus known to the world (-> snc/identity/as)

I pretty much followed this guideline when setting it all up: scn.sap.com/docs/DOC-40178

But it only refers to pure Windows environments, not a Windows (Client/MS-ActiveDir/Kerberos) & Linux (AS-ABAP) mix like we have.

Anybody can help out with this one?

Also, can I even install the SNC library into a standard SAPgui for SSO, or do I need to download the special SAP Secure Login Client for that (I know that one requires an extra license).

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member1012268
Participant
‎10-27-2014 8:30 AM
0 Kudos

Hi Folks,

a little update on this epic saga.

I managed to confirm (via "klist") that on the backend the Linux ABAP Server knows the  service user name "SL-ABAP-TST".

So I recon it must be the SAPgui which has a problem here, and I enabled the trace files on it to be sure.

Here is the output

errorlog.gui:

****************************************************************************************************

Sapgui 730 [Build 9036] Thu Oct 23 14:36:42 2014

: 'GSS-API(maj): Miscellaneous Failure

Fehler in SNC

M�chten Sie eine detaillierte Fehlerbeschreibung?

'

**************************************************

Sapgui 730 [Build 9036] Thu Oct 23 14:38:43 2014

: 'GSS-API(maj): Miscellaneous Failure

GSS-API(min): SSPI::IniSctx#1()==Specified target is unknown or unreac

target="p:CN=SL-ABAP-TST@ACME.CORP.LOCAL"

Time        Thu Oct 23 14:38:39 2014

Component    SNC (Secure Network Communication)

Release        730

Version        6

Module        sncxxall.c

Line        3352

Method        SncPEstablishContext

Return Code    -4

System Call    gss_init_sec_context

Counter        1

'

**************************************************

Sapgui 730 [Build 9036] Thu Oct 23 14:39:26 2014

: 'GSS-API(maj): Miscellaneous Failure

GSS-API(min): SSPI::IniSctx#1()==Specified target is unknown or unreac

target="p:CN=SL-ABAP-TST@ACME.CORP.LOCAL"

Fehler in SNC

M�chten Sie eine detaillierte Fehlerbeschreibung?

'

****************************************************************************************************

Could it be that I require SAP's Secure Login Library for this to work?

I am trying to "patch" the standard SAPgui with the SSO libs here, but am not sure if this is workable or not.

Show replies
Show replies
Ask a Question