06-28-2016 3:38 PM
Hi Experts, We'd like to use SAPGUI SSO with Kerberos. ERP is installed under AD root domain (ROOT.COM) in the forest. Users belong to AD sub domain (SUBDOM.COM) however users UPN root domain (ROOT.COM) in the same forest. ERP is installed under ROOT.COM, service user is kerberos@ROOT.COM. 1. SNC name in user profile (SU01) is p:CN=TESTUSER@ROOT.COM (In CAPS) 2. Kerberos Token in SAP Secure Login client TESTUSER@ROOT.COM (In CAPS) 3. SAP Logon entry for SSO has SNC name, p:CN=SAP/SSO-@ROOT.COM (In CAPS) Then user tries to log on via the entry for SSO, the error message "No user exists with SNC name "p:CN=4933346D58BB455ASDSAFSHGFHSFGWI"" (I do not understand why it does not show any specific value) Kindly advice what setting is missing in our environment? Regards, Kunal Salunkhe
06-28-2016 3:49 PM
Hi Kunal,
every time you see this kind of "scrambled" SNC name you are dealing with "SNC Client Encryption" on the client side.
This is SAP's free of charge client library to enable SNC based encryption without supporting SSO. To support SSO you need "Secure Login Client" out of the "SAP SSO" license package or some different SSO tool from third party vendors.
So the scrambled SNC name is the way SAP disables SSO with their free-of-charge solution.
Regards,
Lutz
06-28-2016 3:49 PM
Hi Kunal,
every time you see this kind of "scrambled" SNC name you are dealing with "SNC Client Encryption" on the client side.
This is SAP's free of charge client library to enable SNC based encryption without supporting SSO. To support SSO you need "Secure Login Client" out of the "SAP SSO" license package or some different SSO tool from third party vendors.
So the scrambled SNC name is the way SAP disables SSO with their free-of-charge solution.
Regards,
Lutz
06-28-2016 8:49 PM
Hi Lutz
thanks for your quick response,
Our client has NW SSO license and we have used same OSS user to dowload the file - SAPSetupSLCXXX (Secure login client)
So I am not sure how do we get this "Secure Login Client" out of "SAP SSO" license package?
Can you please suggest?
Regards,
Kunal Salunkhe
06-29-2016 8:30 AM
Hi Kunal Salunkhe,
then you were probably hit by the uninstaller bug. There is a bug in old uninstallation routines that mess up SNC Client Encryption and Secure Login Client (SLC) during GUI Update.
So what we experienced here was that after a GUI update to 7.40 our SLC installations seemed to be downgrades to SNC Client Encryption.
The fix for us was to reinstall SLC.
Regards,
Lutz
06-29-2016 9:30 AM
Hi Lutz
thank you so much, you have helped us to fix the issue
As suggested by you we have insalled "Secure Login Client" once again & SSO working perfectly fine now.
Many many thanks once again
Regards,
Kunal Salunkhe
06-29-2016 11:42 AM