cancel
Showing results for 
Search instead for 
Did you mean: 

SNC Kerberos for ABAP - SSO 3

siva123
Participant
0 Kudos
173

Hi Everyone,

I am currently working on enabling SNC for ABAP system using the latest SSO 3 which gives a lot of issues and it seems new tools introduced which replaces the need for sapcrypto.dll (which is part of new kernel) confuses the implementation process. Although i have the SAP standard configuration guide, i would like to reach out to the community members to know their experience in configuring SSO 3 and if possible share the steps and parameters in this regard

my environment is WIndows and the ABAP system is ECC

Thanks,

Shi

Accepted Solutions (0)

Answers (2)

Answers (2)

siva123
Participant
0 Kudos

Sorry mate. it was me . the same person. Inadvertently I posted through the browser in which my company's S user was open

Thanks,

Shi

kaus19d
Active Contributor
0 Kudos

So, coming back to your last query, it is not a die-hard/mandatory matter but to avoid any contigency in future who will access the matter even after you leave the organization, you can save in your D:\usr\sap\<SID>\ASCS01\exe location.

Thanks,

Kaushik

siva123
Participant
0 Kudos

Thanks Kaushik


i managed to set the profile parameters and generate Keytab but getting beblow error while login


"no user exists with SNC name "p:CN=NAME@DOMAIN.COM"

I looked at the note 1635019 but that did not help fix the issue

below are the configurations i have made so far

1. Active Directory setup

SPN has been set as SAP/SAPService<SID>

UPN has been set as SAPService<SID>@<DOMAIN.COM>

2. Kerberos Parameters

snc/force_login_screen = 0

snc/permit_insecure_start = 1

snc/accept_insecure_rfc = 1

snc/accept_insecure_gui = 1

snc/accept_insecure_cpic = 1

snc/r3int_rfc_qop = 8

snc/r3int_rfc_secure = 0

snc/data_protection/use = 3

snc/data_protection/min = 2

snc/data_protection/max = 3

snc/enable = 1

snc/gssapi_lib = D:\usr\sap\<SID>\ASCS01\exe\sapcrypto.dll

snc/identity/as = p:CN=SAP/SAPService<SID>@<DOMAIN.COM>

spnego/enable = 1

3. Keytab file generated . PFA

4. SNC name set for users in SU01

p:CN=SAP/SAPService<SID>@<DOMAIN.COM>

5. Secure Network settings in GUI Properties

p:CN=SAP/SAPService<SID>@<DOMAIN.COM>

Thanks,

Shi

kaus19d
Active Contributor
0 Kudos

Hi ,

To get you started, 1st, how about I take you through the below links,

Simple and Secure User Authentication with SAP Single Sign-On 2.0&lt;/title&gt;&lt;meta name=&quot;...

And of course our conversation in the below,

So, I guess, you can just let us know if further getting any issues on that matter.

Thanks,

Kaushik

0 Kudos

Thanks Kaushik

may i know where to copy the new library / client files to , in the server. As i think the SLL folder creation is not required , should i copy the SSO 3 files in to D:\usr\sap\<SID>\ASCS01\exe?

kaus19d
Active Contributor
0 Kudos

Hi Arunachalam,

Do you have a similar problem or you are the same person who created this discussion-thread?? If required any proper/correct/right answer, what i always suggest everyone everywhere to take the right path for that which is :- if you are a different person having similar issue, then apply the solution & if not working, then post as a new discussion thread instead of commenting/using other person place which can create confussion to users and also future Users who will go by this Discussion-Thread for similar matter solution. Or if you are the same person, then you should continue as the login which used for creating the discussion-thread.

Thanks,

Kaushik