on 06-22-2016 12:22 PM
Hello Experts,
We had already activated SNC for our ABAP systems Dev and QAS, both running on NW 7.0 Ehp2
System is up and running fine and we are able to activate SNC between RFCs of DEV and QAS systems
However, we have another requirement to activate SNC for GUI logon without SSO (No Single Sign on)
So, tried configuring System properties in GUI as below: (Gave SNC as defined in STRUST)
However, we are not successful as we are receiving below error.
I am missing few steps to configure SNC for GUI without SSO - Could you please help me?
FYI - We don't have AD in our landscape, please assist if we can configure SNC for GUI without AD.
Need to use standard SAP tools without paying anything extra for third party tools
Thanks,
Subbu
Hi Subbu, unfortunately you will not be successful.
All solutions that are free of charge are based on AD/Kerberos.
All solutions not based on AD use X.509 client certificates and will need some extra license.
I heard that SAP might provide an encryption only solution just based on X.509 server certificates (without necessity for client certificates) with SAP SSO 3.0 to be released next few weeks. But this will probably require the SAP SSO license.
I personaly would recommend to clarify with your key accounter if you cannot get this license for nothing but encryption as a goody.
Questions relating to this would probably best posted in the space.
Regards,
Lutz
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you very much both
So, even if I need only SNC without SSO - I need AD as pre-requisite right?
As my requirement is to just have SNC with GUI but not SSO - If we setup SNC for GUI with AD, any idea if i can still use user master records from SAP DB but not from AD
I watched the video available in "http://scn.sap.com/docs/DOC-40178" but this is still not clear
Please assist
Thanks,
Subbu
Hi Subbu, the current solution from SAP for SNC encryption without SSO is called SNC Client Encryption. With this solution traffic gets encrypted but authentication is still done via SAP DB password. SNC Client Encryption is a kind of stripped down SAP Single Sign-On product. SSO ability and X.509 ability were removed.
User master records will always remain in SAP DB regardless of authentication method.
The video is about the full SAP SSO solution.
Backend configuration for SNC CLient Encryption is the same. But the client is just an option in the GUI Installer and no separate add on. User mapping in SU01 is not needed or does not make sense because there is no SSO.
Regards,
Lutz
Lutz and Subbu,
I don't think it has to be specifically Microsoft Active Directory, but you will need some type of standard Kerberos Key Distribution Center (KDC). Active Directory is the most commonly used one, as the majority of businesses have Windows PCs and thus quite frequently a Windows Domain of some kind. Therefore, the instructions assume AD for the examples they give. However, some other kind of KDC for your network should work as well, but it has to be one that your network clients are setup to trust.
I am in the process right now of setting up SNC without SSO in my environment as well for our SAPGUI clients. We are using AD, however.
Cheers,
Matt
Hi Subbu,
Please refer to the attached guide delivered in the SAP KBA below:
2185235 - Using SNC Client Encryption (SCE) for Encrypting SAP GUI Connection with CommonCryptoLib
The document provides a step-by-step of how to properly configure SNC Client Encryption for encrypting your SAP GUI connection.
This product delivers SNC without SSO as explained by the other experts in this thread.
Cheers,
Filipe Santos
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Subbu,
Yes, Lutz is correct. We have only two free of charge authentication methods X.509 or Kerberos in SAP.
Regards,
Jegan Raj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.