Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

No credentials were supplied - Unable to establish the security context

Former Member
0 Kudos
7,467

Hi Experts

I have got the task to enable encryption between SAP GUI and SAP Server. Here is a brief description, what I have done so far:

1) installed SAPCRYPTOLIB

2) Configured STRTUST - like:

  • System PSE: CN=NET, OU=I0020276123, OU=SAP Web AS, O=SAP Trust Community, C=DE
  • SNC SAPCryptolib: CN=NET, OU=I0020276123, OU=SAP Web AS, O=SAP Trust Community, C=DE

3) RZ10 Parameters:

snc/enable = 1

snc/gssapi_lib = E:\usr\sap\NET\SYS\exe\uc\NTAMD64\sapcrypto.dll

snc/identity/as = p:CN=NET, OU=I0020276123, OU=SAP Web AS, O=SAP Trust Community, C=DE

snc/accept_insecure_gui = 0

4) SAP Logon:

Activated Secure Network Communication

SNC-navn: p:CN=NET, OU=I0020276123, OU=SAP Web AS, O=SAP Trust Community, C=DE

Enabled encryption

Ticked SNC-logon with user/passwords (without Single Sign-On)

When starting from SAP Logon i get this error message:

What am I missing? Would be a huge help if someone can point out the missing link.. Thanks a lot

9 REPLIES 9

Former Member
0 Kudos
1,027

SAP Cryptographic Library can't be used for SNC, it can only be used to validate X.509 certificates. If you require encryption download and configure SNC Client Encryption.

0 Kudos
1,027

Hi Kaski

Thanks for an instant reply. I am happy for that.

To start with this task, I did exactly what you are saying. I downloaded the SNC CLient Encryption and pathced my GUI with it, like mentioned in this article:

http://help.sap.com/saphelp_nw70ehp2/helpdata/en/d6/2c85a6706e40b599e64ba25b096ae6/content.htm

But as I can see it's only a patch for GUI. How can I be sure that the connection between my GUI and SAP Server is encrypted by applying this patch?

Isn't there anything els to do beside applying this patch?

And thanks again.

0 Kudos
1,027

With the parameter snc/accept_insecure_gui = 0 users can't logon without using SNC. All the involved steps are in the documentation you have found.

Former Member
0 Kudos
1,027

Hello Tariq,

I am also facing the same issue, did you got a solution?, if yes then please share.

Thanks

Crístian Vélez.

sebastian_broll
Explorer
0 Kudos
1,027

Hello Tariq,

unfortunately, Samuli's response is only partly correct.

Correct is, that SAPCRYPTOLIB is not supported for the use on the SAPGUI.

For enabling SNC in the backend, SAPCRYPTOLIB can be used.

Since you want to implement SNC on the SAPGUI<-->ABAP server network segment, any SNC solution except SAPCRYPTOLIB can be used - including Secure Client Encryption (SCE), which comes for free, but does not provide you with SSO functionality.

Finally, I'd like to point you to the actual cause for the error message that you noted in the developer traces.

When implementing SNC with SAPCRYPTOLIB, the library uses so called credentials, which are stored in a file named 'cred_v2' in order to map the SNC PSE to be used to the SNC name as specified by the profile parameter 'snc/identity/as'.

When maintaining your SNC PSE via transaction STRUST, the easiest way to create credentials is by asisgning a password to the PSE.

You can also create credentials using the command 'sapgenpse seclogin'. Please run 'sapgenpse seclogin -h' to get an overview of the available commands.

When using 'sapgenpse', please be careful to have the environment variables SECUDIR and USER set correctly.

Be certain not to forget that password (or PIN), as it can not be retrieved, and it can not be reset without knowing the actual password.

Regards,

sebastian

0 Kudos
1,027

Sebastian Broll wrote:

unfortunately, Samuli's response is only partly correct.

Correct is, that SAPCRYPTOLIB is not supported for the use on the SAPGUI.

For enabling SNC in the backend, SAPCRYPTOLIB can be used.

I thought the context of SAPGUI was assumed since the original poster had attached a screenshot from SAPGUI and describes the requirement to have encryption between SAPGUI and the backend. Anyway, I can't edit my original answer to emphasize the point you made.

The SAP Cryptographic Library contained in NWSSO has more functionality so it is also important to specify which library is being used.

Former Member
0 Kudos
1,027

Assign a password to SNC pse in strust - i hope it will solve the issue.

0 Kudos
1,027

I'm facing the same issue. I can't see if it was solved. Was it ? and How ?

Michel

0 Kudos
1,027

Hello,

I am also simply trying to configure encryption between the SAPGUI (on Windows) and my BW ABAP server on Solaris/Sparc 64 (UNIX).

I am experiencing the exact same situation... I think I have it all correct and my configuration virtually mirrors yours (Tariq) with the exception that I have the snc/accept_insecure_gui = 1.

What was the final resolution to your problem?

Thanks,

Jim