on 11-07-2014 6:44 AM
Hi all,
We are making a proof of concept on SSO on ABAP (SAP-GUI + web) via SAP Secure Login Client and SPNEGO for ABAP.
All youtube-video configrations have been performed . You know: Implementing SAP NetWeaver Single Sign-On 2.0 Based on Kerberos Tokens 2/4 - YouTube (and so on ).
When I try to logon on via SAP-GUI I get a: "GSS-API(maj): No credential were supplied Unable to establish the security context target="p:CN=SL-service-user@xyz.com"
The SNCAX_TEST programs works fine on the above service-user (defined in SPNEGO).
Service-user defined in SAP-GUI (SNC)
The end user in SU01 has been updated on SNC with the token name from the SAP Secure Login Client
Method: SncPEstablishContext
System call gss_init_sec_context
I have looked into SAP notes (error codes etc.) + googling this and other comminties without luck .
All your input/help is very welcome.
Thanks in advance
Peter
Hi Peter,
To have more information about your issue you should configure the trace in Secure Login Client. Please check the implementation guide here http://help.sap.com/download/sapsso/secure_login_impl_guide_en.pdf chapter 2.6.9 Tracing Secure Login Client.
Activate the Developer Traces and repeat your issue.
You can also check if the Server SNC Name configured in SAP GUI is the SPN of your Service Account in AD.
You can check if you get a kerberos ticket from your AD wiht the command "klist" in your client workstation.
KR
Valerie
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Just to recap - we had som domain name issue.
When resolved our SSO for ABAP now works like a charm :-).
Thanks for your input.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Peter,
Was your SAP system installed in a domain that was different than from where end users were logging in? If yes, did you have domain trust setup between these domains? The reason I ask is because I am facing a very similar error. My scenario is two separate domains with no domain trust. Any help would be greatly appreciated.
Sid
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.