cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Installation of SAPCryptolib

Former Member

on ‎06-01-2008 4:55 PM

0 Kudos

Hi!

I have the following question regarding to establishment of u201CELSTERu201D-approach on windows.

I set up the whole approach with user <sid>adm.

When I create a u201Cpair of keysu201D with commando u201Csapgenpse get_pse u2026u201D

I get 2 errors:

a) the directory u201Csecu201D could not be found

b) the file file u201Cticketu201D could not be found

The directory u201Csecu201D as well as the file u201Cticketu201D should exist under path F:\usr\sap\<sid>\DVEBMGS00\sec.

The problem is that the commando uses the path C:\Documens and Settings\<sid>adm\...

Question:

How can this setting be changed? Does some environment variable exist therefore?

The second problem I get with execution of commando for u201Ccreate of credentialsu201D.

The errors/warnings are:

c) No SSO for USER u201C<sid>admu201D with PSE file u201CC:\Documents and Settings\<sid>adm\sec\elster_file.pseu201D.

d) No readable SSO-Credentials available

Question:

How can I create the SSO for USER <sid>adm to avoid the errors above?

Is that possible to log in with user SAPService<sid> under Windows?

Thank you very much indeed!

regards

Thom

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎06-01-2008 8:54 PM
0 Kudos

Hi,

First of all, you'll need to add the following environment variables SECUDIR=F:\usr\sap\<sid>\DVEBMGS00\sec

SNC_LIB=<path>\sapcrypto.dll

Then try your stuff.

If you are E g using the GSS-API for single sign on you'll need this instead:

SECUDIR=F:\usr\sap\<sid>\DVEBMGS00\sec

SNC_LIB=C:\windows\system32\gssntlm.dll <== different

and also add 3 instance profile parameters:

snc/enable = 1

snc/gssapi_lib = C:\windows\system32\gssntlm.dll

snc/identity/as = p:<DOMAIN>\SAPService<SID>

Show replies
Show replies
Former Member
‎06-02-2008 10:29 AM
0 Kudos

Hi!

Thank you very much for your response!

When I execute the commando >F:\usr\sap\SRP\SYS\exe\run>sapgenpse seclogin -l 2>&1

I get the following information:

running seclogin with USER="srpadm"

0: CN=Elsterlohn, OU=Abrechnung, O=Portalshowcase, C=DE

C:\Documents and Settings\srpadm\sec\elster_SRP800.pse

NOT readable for srpadm

1: CN=Elsterlohn, OU=Abrechnung, O=Portalshowcase, C=DE

C:\Documents and Settings\srpadm\sec\elster_SRP800.pse

NOT readable for srpadm

NO readable SSO-Credentials available (total 2)

Questions:

1) Are the bold warning critical?

2) How can I create the SSO-Credentials?

Thank you very much!

THom

former_member185954
Active Contributor
‎06-02-2008 10:37 AM
0 Kudos

Hello Thom,

Make this file C:\Documents and Settings\srpadm\sec\elster_SRP800.pse readable to srpadm.

Regards,

Siddhesh

Former Member
‎06-02-2008 10:57 AM
0 Kudos

You need to add your user to the pse-file.

sapgenpse seclogin -p elster_SRP800.pse -O <user>

or, if you are logged on as the wanted user:

sapgenpse seclogin -p elster_SRP800.pse

Former Member
‎06-02-2008 6:14 PM
0 Kudos

Hi!

Thank you very much for your response.

It means I do not need to implement some additional steps for SSO credentials, only the both sapgenpse commandos.

Do I also need to make some additional steps in tcodes STRUST, SSFA?

An other question:

It seems that the company has some subsidiary companies.

Will the whole procedure be changed, regarding the installation of SAP BC and SAPCryptolib?

Do I need e.g. to create for every subsidiary company an separate .PSE file, pair of key, etc.?

Thank you very much!

Regards

Former Member
‎06-02-2008 10:47 PM
0 Kudos

When you set the parameter snc/enable you will get the possibility in SU01 to tell which windows-account should be tied to a user.

If you are running GSS-API you will need to distribute some dll-file to the client and then change the connection string in SAPLOGON.

Read more in OSS notes 352295, 595341.

If you prefer Kerberos read any installation guide.

E g [NW 7.0 SR3 WIN-ORA installation guide|https://websmp206.sap-ag.de/~sapidb/011000358700000346192008E]

Chapter 6.4 (starting at page 96) handles kerberos (how to configure central isntance, activate SSO in SAPLOGON and mapping sap user to windows user.

Former Member
‎06-03-2008 9:15 AM
0 Kudos

Hi Tomas,

could you please tell me, what are the next steps after the installation of SAP BC and SAP Cryptolib?

How does the FI-employee can send the data to the tax office?

Does he/she use the same sapgenpse commandos?

Is there some documentation regarging this?

Thank you very much!

Thom

former_member185954
Active Contributor
‎06-03-2008 9:27 AM
0 Kudos

Hello Thom,

I see that you are interested in configuring SSO. If you have installed sapcryptolib, then now you need to configure SSO.

Check this link:

http://help.sap.com/saphelp_nw04/helpdata/en/f8/18da3a82f9cc38e10000000a114084/frameset.htm

The link speaks about using Logon tickets (SSO)

On the left hand side, you will notice links for configuring the SSO.

Regards,

Siddhesh

Former Member
‎06-03-2008 10:24 AM
0 Kudos

I'm afraid that sending data to the tax office is a little unspecified.

What exactly is it you are trying to do ?

Former Member
‎06-03-2008 12:19 PM
0 Kudos

Hi!

I am responsible for the technical establishment of ELSTER (SAP Basis).

How can the FI-employees use the whole procedure after the installation of SAP BC and SAPCryptolib?

Is there some insctuctions/documenations?

regards

Thom

former_member185954
Active Contributor
‎06-03-2008 12:42 PM
0 Kudos

Hello Thom,,

I don't think the users are required to do anythign at their end. This is more of a server install/config work (SAP BASIS).

So nothing much would be required from their end.

Regards,

Siddhesh

Former Member
‎06-04-2008 9:57 AM
0 Kudos

Hello!

Thank you very much for your response!

Do you know whether some additional steps sohuld be executed after the installation of SAP Business Connector and SAPCryptolib?

I mean the settings in tcodes SSFA, STRUST?

Other question:

I have 2 systems installed on 2 Windows Server:

Which steps do I need to execute for the ELSTER-approach with SAP Business Connector?

1) Do I need to install SAP Business Connector on every Server?

2) What are the steps regarding SAPCryptolib (do I need to create .pse-file for every client)?

Thank you very much!

regards

Thom

Ask a Question