Set up SAPGUI Single Sign-On (SSO) using Microsoft Kerberos with SAP Window Server

** Myself
Server Information
Host: SERVER1  
SID:   DEV
INST NO:   10
Domain: ABC.COM
Configuring the SAP Instance Procedure
...
       1.      Determine which variant of the library is appropriate for your application server platform. See the table below.
Kerberos Wrapper Library According to Platform
Platform
Library 2003/XP
Library 2000
32-bit Windows NT (Intel x86)
gssntlm.dll
gsskrb5.dll
64-bit Windows NT (x86_64)
gx64ntlm.dll
gx64krb5.dll
64-bit Windows NT (ia64/Itanium)
gi64ntlm.dll
gi64krb5.dll
For more information about how to get the library, see SAP Note 352295.

§         Choose gx64ntlm.dll
       2.      Copy the library to the appropriate Windows system directory on the primary application server instance:
       Drive:\%windir%\system32\
       Drive:\%windir%\SysWOW64\
Or
       D:\usr\sap\DEV\DVEBMGS10\exe\

§         Copy gx64ntlm.dll  to D:\usr\sap\DEV\DVEBMGS10\exe\

 3.      In the instance profile of the primary application server instance, set the profile parameters and  allow users to be able to log on to the SAP system using user ID and password.
Rz10-> DEFAULT
§         snc/enable = 1
§         snc/gssapi_lib = D:\usr\sap\DEV\DVEBMGS10\exe\gx64ntlm.dll
§         snc/identity/as = p:ABC.COM\SAPServiceDEV
§         snc/accept_insecure_cpic = 1
§         snc/accept_insecure_gui =1
§         snc/accept_insecure_rfc = 1
§         snc/permit_insecure_start = 1

4.      Stop and restart the SAP system so that the profile parameters take effect.

  
Configuring the SAP Front End Procedure
1.       Copy the file gssntlm.dll to the SAP GUI directory
§         C:\Program Files\SAP\FrontEnd\gssntlm.dll or C:\Windows\System32\

set the environment variable SNC_LIB
2.       Set the environment variable SNC_LIB for SNC search lib path for Single Sign-On.
§         Start-> Control Panel-> Select System
§         In the System Properties ,choose tab Advanced-> Environment variables , enter:
New->
    Variable name : SNC_LIB
    Variable value : C:\Program Files\SAP\FrontEnd\gssntlm.dll





3.       Set the required logon options to activate Single Sign-On.
§         In the SAP logon window, choose (Change Item and in the window that opens, Network TAB Select  Activate Secure Network Communication  
§         In the SNC Name field, enter:
p:ABC.COM\SAPServiceDEV

Maintaining the User mapping
1. Log on to the (CUA) SAP System.
§         SU01
         -> user <SAP Username>
          ->CHANGE
            -> SNC tab
              -> SNC name P:ABC.COM\SAPServiceDEV
                -> Select ,Unsecure communication Permitted
                  -> SAVE

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Loading