on 07-17-2014 1:17 PM
Hi ,
I have configured SSO2 SP3 in our landscape using X.509 certificate.
SSO is working fine for ABAP systems but in crm system when i am executing transaction /ncrm_ui browser is asking for credentials or clicking on ITS url it is asking for credentials. I cleared the cache of browser and close all open session, then again i again try the same ,it is asking for credentials again.
Steps :
1. Secure Logon server is installed on portal NW 7.31 (Linux x86_64).
2. Secure login client is installed on client desktop(Windows 7)
3. Secure Login Library imported in ABAP system(ECC and CRM), path /usr/sap/<SID>/DVEBMGSxx/SLL
4. We are using latest commoncryptolib version 8.4.21, patch 8421 and JCE policy files downloaded from Oracle.
5. In client authentication profile we are using LDAP server authentication and LDAP server destination is maintained
6. For service user in LDAP SPN is maintained.
Parameters for CRM system(HPUX-IA64 11.31):
snc/identity/as = p:CN=SID, OU=SAP Web AS, O=SAP Trust Community, C=DE
snc/gssapi_lib = /usr/sap/SID/DVEBMGS11/SLL/libsapcrypto.sl
snc/enable = 1
snc/data_protection/min = 2
snc/data_protection/max = 3
snc/data_protection/use = 3
snc/accept_insecure_gui = 1
snc/accept_insecure_rfc = 1
snc/accept_insecure_cpic = 1
snc/permit_insecure_start = 1
snc/r3int_rfc_qop = 8
snc/r3int_rfc_secure = 0
snc/force_login_screen = 0
login/accept_sso2_ticket = 1
login/create_sso2_ticket = 2
In trace i have found that logon ticket is not generating and myssocnlt cookie is also not generating .But if i check transaction /nsso2 in my crm system everythings looks fine.
I have attached the document of SSO2 which we have used for configuration and trace when we are executing /ncrm_ui transaction
I have also refered Note 612670 and made changes accordingly but still no success , again it is asking for credentials.
Please help in resolving this issue.
Thanks,
Have you checked before you execute /ncrm_ui your SAP User GUI "parameters tab" ?
First execute SU3 to check and/or set your User Parameters. Typically, parameter profiles as required input before executing transaction CRM_UI
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Donka,
Yes its true in our implementation. On browser we are login into same client as in ABAP system.
Thanks,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Singhal,
If your SAP GUI is working with the SNC but the SSL is not working with the browser, you can try to test the SSL:
Testing the SSL Configuration - Network and Transport Layer Security - SAP Library
Best regards,
Donka Dimitrova
Hi Donka,
Forgot to mention, when i entered this url "https://host123.mycompany.com:443/sap/bc/bsp/sap/it00/default.htm", it initially asks for cerdentials.
After provinding credentials right side of screen appears blank.
Thanks,
Sorabh
Hello Singhal,
have you checked the important prerequisite from the SAP Note mentioned by you?
"....this SSO support exists only for BSP applications (general: ICF applications) that run on the same logical ABAP system (= same client of a Web Application Server ABAP)...."
is this true for your implementation?
There are also some constraints mentioned in the same note...
Best regards,
Donka Dimitrova
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.