Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

SSO issue: No Kerberos SSPI credentials available for requested name

Hello all,

I have setup an SSO scenario for my SAPGui environment with Windows Integrated Authentication

against my Solaris based SAP Systems.

This is my szenario:

- SAP Servers are installed on Solaris 10

- Domain Controller is a Windows 2003 with the forest in native 2003 mode

- Clients are Windows XP SP2

- SAPGui is version 7.10

- SAP Service User in AD: m00t1h

- SNC Identity (as in profile parameter snc/identity/as): p/krb5:m00t1h@IVV-VERBUND.DE

- SNC Library (as in profile partameter snc/gssapi_lib): /usr/local/kerberos/lib/64/libgssapi_krb5.so

Now my problem:

Whenever I try to connect to the SAP System with SSO from the SAPGui, I receive the following error:

GSS-API (maj): No valid credentials provided

GSS-API (min): No Kerberos SSPI credentials available for requested name

name="p:2031217@IVV-VERBUND.DE"

Where 2031217 is my SAP and my Windows Domain Username.

These are the steps I took to setup the SSO scenario:

- installed the MIT library 1.6.7 on the Solaris servers.

- created technical users for my SAP Systems in active directory.

- exported the kerberos key on the windows server

- imported the key in my keytable on the solaris side

- tested ability to authenticate a domain user from solaris command line to the windows AD - SUCCESS

kinit –V –k m00t1h

Authenticated to Kerberos v5

- configured a cronjob to renew the kerberos ticket

(* 0,3,6,9,12,15,18,21 * * * /usr/bin/kinit -k m00t1h)

- set the profile parameters in my SAP Systems according to given environemnt

- installed the SAP GSSAPI Keberos Wrapper library on the WIndows Clients

- set the SNC identity of the SAP Server (p/krb5:m00t1h@IVV-VERBUND.DE) in the SAPLOGON.ini

- created the SNC mapping for my user in SU01 (p:2031217@IVV-VERBUND.DE)

- activated SNC in the SAP System

- restarted the SAP System - SUCCESS. SAP system comes up and obtains a valid kerberos ticket (lifetime 10h)

- Try to authenticate via SAPGui - BANG

I have found a similar question in this thread

SSO with Kerberos: No valid credentials provided

but nobody answered it so far - so I thought to try my luck.

I'm in desperate need for help here, as I could not find valid information on this error in

Google or SAP help.

Kind regards (points promised),

Christian

Edited by: Christian Guenther on Jan 23, 2008 9:35 AM

Helpful Answer

by
Not what you were looking for? View more on this topic or Ask a question