on 10-03-2016 11:11 AM
Hi Everyone,
I am currently working on enabling SNC for ABAP system using the latest SSO 3 which gives a lot of issues and it seems new tools introduced which replaces the need for sapcrypto.dll (which is part of new kernel) confuses the implementation process. Although i have the SAP standard configuration guide, i would like to reach out to the community members to know their experience in configuring SSO 3 and if possible share the steps and parameters in this regard
my environment is WIndows and the ABAP system is ECC
Thanks,
Shi
Sorry mate. it was me . the same person. Inadvertently I posted through the browser in which my company's S user was open
Thanks,
Shi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Kaushik
i managed to set the profile parameters and generate Keytab but getting beblow error while login
"no user exists with SNC name "p:CN=NAME@DOMAIN.COM"
I looked at the note 1635019 but that did not help fix the issue
below are the configurations i have made so far
1. Active Directory setup
SPN has been set as SAP/SAPService<SID>
UPN has been set as SAPService<SID>@<DOMAIN.COM>
2. Kerberos Parameters
snc/force_login_screen = 0
snc/permit_insecure_start = 1
snc/accept_insecure_rfc = 1
snc/accept_insecure_gui = 1
snc/accept_insecure_cpic = 1
snc/r3int_rfc_qop = 8
snc/r3int_rfc_secure = 0
snc/data_protection/use = 3
snc/data_protection/min = 2
snc/data_protection/max = 3
snc/enable = 1
snc/gssapi_lib = D:\usr\sap\<SID>\ASCS01\exe\sapcrypto.dll
snc/identity/as = p:CN=SAP/SAPService<SID>@<DOMAIN.COM>
spnego/enable = 1
3. Keytab file generated . PFA
4. SNC name set for users in SU01
p:CN=SAP/SAPService<SID>@<DOMAIN.COM>
5. Secure Network settings in GUI Properties
p:CN=SAP/SAPService<SID>@<DOMAIN.COM>
Thanks,
Shi
To get you started, 1st, how about I take you through the below links,
And of course our conversation in the below,
So, I guess, you can just let us know if further getting any issues on that matter.
Thanks,
Kaushik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Arunachalam,
Do you have a similar problem or you are the same person who created this discussion-thread?? If required any proper/correct/right answer, what i always suggest everyone everywhere to take the right path for that which is :- if you are a different person having similar issue, then apply the solution & if not working, then post as a new discussion thread instead of commenting/using other person place which can create confussion to users and also future Users who will go by this Discussion-Thread for similar matter solution. Or if you are the same person, then you should continue as the login which used for creating the discussion-thread.
Thanks,
Kaushik
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.