ITS - Secude SNC Credentials

Former Member · ‎09-12-2005

I've a problem with the new ITS 6.20 (PL18). I like to create a Instance on which one the Agate and the Wgate are encrypted with SNC from Secude.

At the moment the wgate works fine. No Errors are into the trace-files. But the Agate has some Problems.

Here the basis-trace from agate:

[Thr 2204]       GSS-API(maj): No credentials were supplied
[Thr 2204]       GSS-API(min): No credentials found for this name ( not logged on )
[Thr 2204]     Could't acquire ACCEPTING credentials for

[Thr 2204]     name="p:CN=SERVER1, OU=1, OU=2, O=3, C=4"

Does anybody know how the credentials should be called ?

in the XML-Config sheet (ItsRegistryIT1.xml) i wrote in the Secudir and the creddir (from secude-instruction). But the ITS don't find any credentials. They are called (cred_v2)at the moment, but i allready sampled with names like cred or cred_v5 etc.

The Config-File (ItsRegistryIT1.xml) is looking like that:


<section name="IT1">
 <key name="Programs">
   (...)
   <key name="AGate">
   (...)
   <key name="environment">
    <value name="SECUDIR" type="text">C:secudeagate</value>
    <value name="SNC_LIB" type="text">C:secudebinsecude.dll</value>
    <value name="creddir" type="text">C:secudeagate</value>
   </key>
   (...)

And again at the End (to play it safe )


(...)
 <key name="environment">
  <value name="SECUDIR" type="text">C:secudeagate</value>
  <value name="SNC_LIB" type="text">C:secudebinsecude.dll</value>
  <value name="creddir" type="text">C:secudeagate</value>
 </key>
</section>

I hope someone can help me.

Marco

Message was edited by: Marco Hochstrasser

Former Member · ‎09-14-2005

I solved the problem myself.

Because of the wrong assignment of the credentials many errors occur!

The following steps are necessary to run ITS 6.20 with Secude!

I take it that the wgate and the agate are onto the same server.

Firstly you have to create the credentials for Wgate as follows:

set Path=c:secudebin;%Path%
set CREDDIR=c:secudewgate
cacls c:secudewgate*wgate*.pse /E /G <web-server-useraccount>:R
secude seclogin -p c:secudewgate*wgate*.pse -O <web-server-useraccount>
cacls c:secudewgatecred_v2 /E /G <its-serviceaccount>:R

The same with the Agate-pse.

set Path=c:secudebin;%Path%
set CREDDIR=c:secudeagate
cacls c:secudeagate*agate*.pse /E /G <its-serviceaccount>:R
secude seclogin -p c:secudeagate*agate*.pse -O <its-serviceaccount>
cacls c:secudeagatecred_v2 /E /G <its-serviceaccount>:R

Additionally you can check with "secude seclogin -l" which credentials are installed yet.

Unlike the older ITS, the Configurationparameters of the ITS has to be set into the predefinded .XML Files, which are

located in D:\SAP\ITS\6.20\config (standard-installation)

There are two important Files.

The first is the ItsRegistryWGATE.xml.

With secude-lib's an all SNC's the Configurationfile is looking like that:


<section name="WGATE">
<i>[...]</i>
<key name="LocalWgates">
  <key name="WGATE_IIS_IT1">
   <key name="Global">
    <i>[...]</i>
    <key name="Instances">
    <i>[...]</i>
    <key name="IT1">
     <key name="Values">
      <i>[...]</i>
     </key>
     <key name="Agates">
      <key name="Agate1">
       <value name="Host" type="text">its_sapgm</value>
       <value name="PortAGate" type="text">sapavw00_IT1</value>
       <value name="PortMManager" type="text">sapavwmm_IT1</value>
       <value name="MultiProcess" type="text">no</value>
       <value name="Available" type="text">yes</value>
       <value name="Secure" type="text"><b>1</b></value>
       <value name="Type" type="text"><b>2</b></value>       
       <value name="SncNameAGate" type="text"><b>p:CN=agate, OU=Server, OU=Services, C=Country</b></value>
       <value name="SncNameWGate" type="text"><b>p:CN=wgate, OU=Server, OU=Services, C=Country</b></value>
      </key>
     </key>
     <key name="Headers"/>
    </key>
    <i>[...]</i>
   </key>
  </key>
 </key>
<key name="environment">
 <value name="SNC_LIB" type="text"><b>C:secudebinsecude.dll</b></value>
 <value name="creddir" type="text"><b>C:secudewgate</b></value>
</key>
</section>

The secound Configuration File is the ItsRegistry<SID>.xml

This file looks like that:


<section name="IT1">
 <key name="Programs">
 <i>[...]</i>
<key name="Connects">
 <value name="Host" type="text">its_sapgm</value>
 <value name="PortAGate" type="text">sapavw00_IT1</value>
 <value name="PortMManager" type="text">sapavwmm_IT1</value>
 <value name="Type" type="text">2</value>
 <value name="SncNameAGate" type="text"><b>p:CN=agate, OU=Server, OU=Services, C=Country</b></value>
 <value name="SncNameWGate" type="text"><b>p:CN=wgate, OU=Server, OU=Services, C=Country</b></value>
</key>
<i>[...]</i>
<key name="environment">
 <value name="SNC_LIB" type="text"><b>C:secudebinsecude.dll</b></value>
 <value name="creddir" type="text"><b>C:secudeagate</b></value>
</key>
</section>

After these steps the agate should connect without any problems directly and "secured" to the wgate. (If it works like that, you can see something like that into your wgate_sapbasis.trc)

<i>[Thr 3216] <<- SncProcessInput()==SAP_O_K
[Thr 3216]          return values = "(Privacy) in=88, back=0, out=12"
[Thr 3216] NiIRead: read 1922, 1 packs, MESG_IO, handle 1, data complete
[Thr 3216] ->> SncProcessInput(snc_hdl=018EBDE8, ibuf=0190E1E0, ilen=1922, &obuf=00D17220,
          &olen=00D1722C, &backbuf=00D17224, &backlen=00D17228)
[Thr 3216] <<- SncProcessInput()==SAP_O_K
[Thr 3216]          return values = "(Privacy) in=1922, back=0, out=1845"
[Thr 3216] NiIRead: read 88, 1 packs, MESG_IO, handle 1, data complete
[Thr 3216] ->> SncProcessInput(snc_hdl=018EBDE8, ibuf=01910210, ilen=88, &obuf=00D17220,
          &olen=00D1722C, &backbuf=00D17224, &backlen=00D17228)
[Thr 3216] <<- SncProcessInput()==SAP_O_K
[Thr 3216]          return values = "(Privacy) in=88, back=0, out=12"
[Thr 3216] <<- SncSessionDone()==SAP_O_K
[Thr 3216] NiICloseHandle: shutdown and close nihandle-socket 1-636
</i>

Regards

Marco

ITS - Secude SNC Credentials

Accepted Solutions (0)

Answers (1)

Answers (1)

Re: SAP Analytics Cloud 2000 rows limit

Re: CORS status error REST API Sap Build Apps

Re: The uploaded file is inval. Verify that the fi...

How to show custom Data in a Fiori App (RAP)

Re: Problem when uploading SAP HANA Readiness Chec...