on 06-01-2008 4:55 PM
Hi!
I have the following question regarding to establishment of u201CELSTERu201D-approach on windows.
I set up the whole approach with user <sid>adm.
When I create a u201Cpair of keysu201D with commando u201Csapgenpse get_pse u2026u201D
I get 2 errors:
a) the directory u201Csecu201D could not be found
b) the file file u201Cticketu201D could not be found
The directory u201Csecu201D as well as the file u201Cticketu201D should exist under path F:\usr\sap\<sid>\DVEBMGS00\sec.
The problem is that the commando uses the path C:\Documens and Settings\<sid>adm\...
Question:
How can this setting be changed? Does some environment variable exist therefore?
The second problem I get with execution of commando for u201Ccreate of credentialsu201D.
The errors/warnings are:
c) No SSO for USER u201C<sid>admu201D with PSE file u201CC:\Documents and Settings\<sid>adm\sec\elster_file.pseu201D.
d) No readable SSO-Credentials available
Question:
How can I create the SSO for USER <sid>adm to avoid the errors above?
Is that possible to log in with user SAPService<sid> under Windows?
Thank you very much indeed!
regards
Thom
Hi,
First of all, you'll need to add the following environment variables SECUDIR=F:\usr\sap\<sid>\DVEBMGS00\sec
SNC_LIB=<path>\sapcrypto.dll
Then try your stuff.
If you are E g using the GSS-API for single sign on you'll need this instead:
SECUDIR=F:\usr\sap\<sid>\DVEBMGS00\sec
SNC_LIB=C:\windows\system32\gssntlm.dll <== different
and also add 3 instance profile parameters:
snc/enable = 1
snc/gssapi_lib = C:\windows\system32\gssntlm.dll
snc/identity/as = p:<DOMAIN>\SAPService<SID>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi!
Thank you very much for your response!
When I execute the commando >F:\usr\sap\SRP\SYS\exe\run>sapgenpse seclogin -l 2>&1
I get the following information:
running seclogin with USER="srpadm"
0: CN=Elsterlohn, OU=Abrechnung, O=Portalshowcase, C=DE
C:\Documents and Settings\srpadm\sec\elster_SRP800.pse
NOT readable for srpadm
1: CN=Elsterlohn, OU=Abrechnung, O=Portalshowcase, C=DE
C:\Documents and Settings\srpadm\sec\elster_SRP800.pse
NOT readable for srpadm
NO readable SSO-Credentials available (total 2)
Questions:
1) Are the bold warning critical?
2) How can I create the SSO-Credentials?
Thank you very much!
THom
Hi!
Thank you very much for your response.
It means I do not need to implement some additional steps for SSO credentials, only the both sapgenpse commandos.
Do I also need to make some additional steps in tcodes STRUST, SSFA?
An other question:
It seems that the company has some subsidiary companies.
Will the whole procedure be changed, regarding the installation of SAP BC and SAPCryptolib?
Do I need e.g. to create for every subsidiary company an separate .PSE file, pair of key, etc.?
Thank you very much!
Regards
When you set the parameter snc/enable you will get the possibility in SU01 to tell which windows-account should be tied to a user.
If you are running GSS-API you will need to distribute some dll-file to the client and then change the connection string in SAPLOGON.
Read more in OSS notes 352295, 595341.
If you prefer Kerberos read any installation guide.
E g [NW 7.0 SR3 WIN-ORA installation guide|https://websmp206.sap-ag.de/~sapidb/011000358700000346192008E]
Chapter 6.4 (starting at page 96) handles kerberos (how to configure central isntance, activate SSO in SAPLOGON and mapping sap user to windows user.
Hello Thom,
I see that you are interested in configuring SSO. If you have installed sapcryptolib, then now you need to configure SSO.
Check this link:
http://help.sap.com/saphelp_nw04/helpdata/en/f8/18da3a82f9cc38e10000000a114084/frameset.htm
The link speaks about using Logon tickets (SSO)
On the left hand side, you will notice links for configuring the SSO.
Regards,
Siddhesh
Hello!
Thank you very much for your response!
Do you know whether some additional steps sohuld be executed after the installation of SAP Business Connector and SAPCryptolib?
I mean the settings in tcodes SSFA, STRUST?
Other question:
I have 2 systems installed on 2 Windows Server:
Which steps do I need to execute for the ELSTER-approach with SAP Business Connector?
1) Do I need to install SAP Business Connector on every Server?
2) What are the steps regarding SAPCryptolib (do I need to create .pse-file for every client)?
Thank you very much!
regards
Thom
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.