Добрый день. Просьба помочь, никак не получается настроить SNC Client Encryption without SSO. Специально поднял песочницу, чтобы описать шаги, которые выполняю.
I make SNC Client Encryption solution for ABAP sandbox (for next implantation to prod).
And i cant find full instructions with correct examples.
After all activities, i can connect with security lock, but without properly logon to system (there is offer to me for enter login and password ).
The main instruction, which i take for my steps (but I've got WinServer2008):
https://blogs.sap.com/2013/08/14/config ... arislinux/So, my steps:
1) The folder has been created E:\usr\sap\PD2\DVEBMGS02\SSL (Copy here SECURELOGINLIB, with snc.exe, seccrypt.dll and many others files)
2) Check for sapcrypto.dll is placed in the E:\usr\sap\PD2\SYS\exe\uc\NTAMD64
3) Domain user has been created Domain\SNCLogonPD2 with Pricipal name SAP/ServicePD2 (Our admin also add second record SAP/KerberosPD2) (set password PD2pass44)
4) I’ve set Variables SECUDIR=E:\usr\sap\PD2\DVEBMGS02\sec
5) E:\usr\sap\PD2\DVEBMGS02\SSL>snc crtpse (set password PD2pass44)
6) snc crtkeytab -s
SNCLogonPD2@DOMAIN.LOCAL (set password PD2pass44)
7) Profile parameters:
instance (or DEFAULT.PFL) profile:
snc/gssapi_lib E:\usr\sap\PD2\DVEBMGS02\SSL\secgss.dll
snc/identity/as p:CN=SAP/ServicePD2@DOMAIN.LOCAL
snc/data_protection/max 3
snc/data_protection/min 2
snc/data_protection/use 3
snc/r3int_rfc_secure 0
snc/r3int_rfc_qop 8
snc/permit_insecure_start 1
snc/accept_insecure_cpic 1
snc/accept_insecure_rfc 1
snc/force_login_screen 1
snc/enable 0
snc/accept_insecure_gui 1
ssf/name SAPSECULIB
ssf/ssfapi_lib $(ssl/ssl_lib)
ssl/ssl_lib $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)
sec/libsapsecu
Add the following entry to your start profile(s):
SETENV_XX (XX = next available value) SECUDIR=$(DIR_INSTANCE)/sec
SETENV_00 PATH=$(DIR_EXECUTABLE);%PATH%
SETENV_01 SECUDIR=$(DIR_INSTANCE)/sec
Restart the system
9) In STRUST make SNC SAPCRYPTOLIB certificate (RSA):
Owner: CN=SAP/ServicePD2@DOMAIN.LOCAL
10) Set parameter rz10: snc/enable 1
11) Restart the system
12) Install SNCCLNTCRYPT01_5-20008986.EXE to local machine for my SAP GUI
13) In SAP GUI, in the connection string in the folder Network set SNC NAME: p:CN=SAP/ServicePD2@DOMAIN.LOCAL
14) SU01 I set SNC NAME= p:CN=i.ivanov@DOMAIN.LOCAL for login TEST_SNC
15) Logon !!! But only screen for login and password (and i can succesfull enter with password). In low right hand, I can see closed lock. I hoped enter in the system and see my work menu.
What did I wrong during settings ? What I forgot ?