Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
rajesh_kumar71
Explorer
8,960

SNC - Secure Network Communication   Configuration between Enterprise Portal to BW system

Pre-Requisites:

Parameters to be checked before the configuration

  • login/accept_sso2_ticket    = 1
  • login/create_sso2_ticket    = 2 (recommended) or 1
  • snc/enable  = 1
  • icm/host name full. (SMICM – to check fully qualified hostname )

   

check https://help.sap.com  for the parameter values

  • snc/force_login_screen
  • snc/identity/as
  • snc/gssapi_lib
  • snc/permit_insecure_start
  • snc/r3int_rfc_qop
  • snc/r3int_rfc_secure
  • snc/accept_insecure_r3int_r
  • snc/accept_insecure_rfc
  • snc/accept_insecure_cpic
  • snc/accept_insecure_gui

STEP1:

Login to portal as a “administrator “ user  goto  http://<hostname:port/nwa

->click “configuration “ tab ->click “certificate and keys”

Note : parameter snc/enable=1 (to activate the SNC)

Login to portal as administrator  ->click  configuration  tab ->click  certificate and keys

Click the Ticket Key store entry listed under tab Key storage then select "SAPLogonTicketKeypair-cert "

Then click Export Entry Select Binary .x.509 format and Save it locally

STEP 2:

Login to ABAP system default client: XXX  Goto transaction STRUSTSSO2

Click  System PSE and then click   import certificate

Select the format Binary then click "Add to Certificate to List" then click "Add to ACL"

Fill portal SID and client 000 below

STEP3

Goto STRUSTSSO2 click System PSE -> click <FQDN > right side check the portal certificate info.

Create SNC SAP Cryptolib PSE file  right click the SNC SAP Cryptolib

Remove the default values of Org(opt) & comp/org and maintain the below values and SAVE

Now select SNC SAP Crypto pse and Double click the CN=<SID>, O=GM, C=US 

Press Export button   and export to your machine. 

Use the name <SIDof BW system>.cert

Select “Base64” as <SID>.cert

STEP4

Login to the Portal Server on the OS level (sidadm)

Goto file path:  /usr/sap/<SID>/JCXX/sec directory

Check the shared library and environmental variable are set 

/usr/sap/SID/JCXX/sec 

Set the environment variable for the path usr/sap/<SID>/JC<nn>/sec

<SID>adm> export SECUDIR=/usr/sap/<SID>/J<nn>/sec

STEP5:

Create the SAP_<any name for example J2EE>.pse file using the command

sapgenpse get_pse -p SAP_J2EE.pse -x j2eepin "CN=<SID>, O=<organization 2 letters>, C=<country code 2 letters>"

STEP6:

Then execute,

Sapgenpse  seclogin –p <please give any pse file name>.pse –x j2eepin –O <SID>adm

STEP7:

Generate the Portal SNC certificate with the command:

Sapgenpse export_own_certificate –p <pse name> -o <portal certificate>

  1. Ex. Sapgenpse export_own_cert –p <pse name>  –o <portal certificate>

STEP8:

Then  upload the SAP ECC certificate into Portal PSE with the command

  1. Ex. sapgenpse maintain_pk –p < please give any pse file name>.pse -a <SID BW system name>.cert

STEP9:

Transfer (Ftp) the file <SID>.cert from Portal Server to your machine

Login to BW system -> goto STRUSTSSO2 -> click SNC SAPCrypto -> double click

Then click  to import the file 

Then click  and finally save it

Before starting the following profile parameters need to be set in respective ABAP systems :

STEP10:

then Goto ->  SM30 and type the VSNCSYSACL and press Display

Select “ E” for external system

STEP11:

Goto SM30 and Enter USRACLEXT in Table/View field and press Display

Press “New Entries” and Add the SNC Name for Portal and “save” it

STEP12:

Creation of system’s in Portal System Administration->System landscape ->

Portal content -> SystemLandscapeRight click->System Landscape->  New -> 

Select option  then click  Next

STEP13:

How to get system information for web application server as and ITS

Goto se37 then press f8

Then provide the info :

FM name : RSBB_URL_PREFIX_GET

I_HANDLERCLASS : CL_RSR_WWW_HTTP

Clear the clear the I_message server entry -> execute (F8)

For getting the ICM info :

Goto se37

FM name : RSBB_URL_PREFIX_GET

I_HANDLERCLASS : CL_HTTP_EXT_ITS

Then clear   I_message server   entry -> execute (F8)

" save" the details and provide the system alias name 

Choose “next” and then “finish”

System is created now

STEP14:

System Landscape->click under this node you may find your newly created system ->right click the new system created ->click properties

Enter the SNC parameters in the system data container

Then conduct a system connection test , and this successfull test completes the SNC configuration between Enterprise Portal and BW system

Note : Login with the user same as in backend Don’t provide any user  and click the button “test”

3 Comments
petr_solberg
Active Contributor
0 Kudos

Hi Rajeshkumar,

this is an excellent blog showing all of the steps and will for sure be a lot  of help to people having to do this.

If I can suggest, in the pre-requisites, includes the step of

     download SAPCryptoLib

     install SAPCryptoLib

     enable juristiction policy

infact it would be nice if those steps were included with screenshots and then you would have the end to end implementation documented.

Furthermore, it would be useful to point out that there is a sequence for setting the Profile paramters on the R/3 system, because if they are all set at once and the system restarted logon will not be possible,

Another useful point is transaction SNC0 which shows the ACL tables and their contents, this is useful for trouble shooting.

All the best,

Andy.

rajesh_kumar71
Explorer
0 Kudos

Hi Andy,

Thanks for your comments and suggestions.

I will add the changes as mentioned and will update shortly

regards,

S.Rajeshkumar

Former Member
0 Kudos
Good Work Rajesh, Nice documents and Detailed Step by Step information.

As suggested by Andy, Can you add parameters sequence to set them in correct order.

Thanks,

Shivam
Labels in this area