cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SNC activation for SAP GUI without SSO

Go to solution
Former Member

on ‎06-22-2016 12:22 PM

0 Kudos

Hello Experts,

We had already activated SNC for our ABAP systems Dev and QAS, both running on NW 7.0 Ehp2

System is up and running fine and we are able to activate SNC between RFCs of DEV and QAS systems

However, we have another requirement to activate SNC for GUI logon without SSO (No Single Sign on)

So, tried configuring System properties in GUI as below: (Gave SNC as defined in STRUST)

However, we are not successful as we are receiving below error.

I am missing few steps to configure SNC for GUI without SSO - Could you please help me?

FYI - We don't have AD in our landscape, please assist if we can configure SNC for GUI without AD.

Need to use standard SAP tools without paying anything extra for third party tools

Thanks,

Subbu

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

LutzR
Active Contributor
‎06-22-2016 12:49 PM
0 Kudos

Hi Subbu, unfortunately you will not be successful.

All solutions that are free of charge are based on AD/Kerberos.

All solutions not based on AD use X.509 client certificates and will need some extra license.

I heard that SAP might provide an encryption only solution just based on X.509 server certificates (without necessity for client certificates) with SAP SSO 3.0 to be released next few weeks. But this will probably require the SAP SSO license.

I personaly would recommend to clarify with your key accounter if you cannot get this license for nothing but encryption as a goody.

Questions relating to this would probably best posted in the space.

Regards,

Lutz

Show replies
Show replies
Former Member
‎06-22-2016 4:11 PM
0 Kudos

Thank you very much both

So, even if I need only SNC without SSO - I need AD as pre-requisite right?

As my requirement is to just have SNC with GUI but not SSO - If we setup SNC for GUI with AD, any idea if i can still use user master records from SAP DB but not from AD

I watched the video available in "http://scn.sap.com/docs/DOC-40178" but this is still not clear

Please assist

Thanks,

Subbu

LutzR
Active Contributor
‎06-22-2016 4:41 PM
0 Kudos

Hi Subbu, the current solution from SAP for SNC encryption without SSO is called SNC Client Encryption. With this solution traffic gets encrypted but authentication is still done via SAP DB password. SNC Client Encryption is a kind of stripped down SAP Single Sign-On product. SSO ability and X.509 ability were removed.

User master records will always remain in SAP DB regardless of authentication method.

The video is about the full SAP SSO solution.

Backend configuration for SNC CLient Encryption is the same. But the client is just an option in the GUI Installer and no separate add on. User mapping in SU01 is not needed or does not make sense because there is no SSO.

Regards,

Lutz

Matt_Fraser
Active Contributor
‎06-22-2016 5:27 PM
0 Kudos

Lutz and Subbu,

I don't think it has to be specifically Microsoft Active Directory, but you will need some type of standard Kerberos Key Distribution Center (KDC). Active Directory is the most commonly used one, as the majority of businesses have Windows PCs and thus quite frequently a Windows Domain of some kind. Therefore, the instructions assume AD for the examples they give. However, some other kind of KDC for your network should work as well, but it has to be one that your network clients are setup to trust.

I am in the process right now of setting up SNC without SSO in my environment as well for our SAPGUI clients. We are using AD, however.

Cheers,

Matt

Answers (2)

Answers (2)

former_member202592
Participant
‎06-23-2016 8:59 AM
0 Kudos

Hi Subbu,


Please refer to the attached guide delivered in the SAP KBA below:


2185235 - Using SNC Client Encryption (SCE) for Encrypting SAP GUI Connection with CommonCryptoLib


The document provides a step-by-step of how to properly configure SNC Client Encryption for encrypting your SAP GUI connection.


This product delivers SNC without SSO as explained by the other experts in this thread.


Cheers,

Filipe Santos

Show replies
Show replies
former_member185488
Participant
‎06-22-2016 1:23 PM
0 Kudos

Hi Subbu,

Yes, Lutz is correct. We have only two free of charge authentication methods X.509 or Kerberos in SAP.

Regards,

Jegan Raj

Show replies
Show replies
Ask a Question