Hi Amerjit,
Yes all the other servers where I have done it are also Windows Servers.
When you say windows user environment is the environment where is the server?
↧
Re: Cannot set SECUDIR | Environmental Variable
↧
Re: Cannot set SECUDIR | Environmental Variable
Hi Andre,
It's a bit odd that it's not working as you expect on this machine if you have already set it up as per your other windows systems.
When you ran SET from a cmd prompt, I guess you didn't find SECUDIR in the output ?
Wherever you have defined user sh1adm you will set it there in the user environment.
I'm not in front of a Windows Server machine but this is how you'd go about it on Windows Desktop machines.
Logged on as sh1adm:
Open file explorer.
Right Click on Computer
Select properties
Advanced System Settings
Environment Variables
On the following screen you can set system wide or user specific environment variables. Set SECUDIR just for the user (you can use %variable% if you want).
Hope it helps.
KR,
Amerjit
↧
↧
Re: Cannot set SECUDIR | Environmental Variable
I didn't understand your question of "When you ran SET from a cmd prompt, I guess you didn't find SECUDIR in the output ?"
The commands I ran are these:
1. set SECUDIR=F:\usr\sap\SH1\DVEBMGS01\sec
2. sapgenpse keytab -p SAPSNCSKERB.pse -a SL-ABAP-SH1@<DOMAIN>
3. sapgenpse seclogin -p SAPSNCSKERB.pse -O snl\SAPServiceSH1 -N
The output where we can see that the environmental variable is defined is below:
It could be confirmed also in RZ11 and SECUDIR parameter:
I have never defined the environmental variable in the windows environment and I have aswell checked in the configurations which I succeeded and there is nothing related with the SECUDIR or SNC_LIB. However I can try do it, which is the variable I should add in the Environmental Variables?
One question:
I think my problem is with the user I am logging to the server. I have checked in the AD and the user sh1adm is not created there, could it be the problem? For my succeeded configurations the users are created in AD like dg1adm, qg1adm etc...
↧
Re: Cannot set SECUDIR | Environmental Variable
Hello André,
1. Have you cross checked as per the suggestion of Craig Davis
You must make sure that the SETENV_05 is unique (no other SETENV_05 entries) and that there are no other entries trying to set SECUDIR.
2. Please run the following commands from RSBDCOS0 when logged on to SH1 and check what is returned for SECUDIR. Please also do this in a system where you have SNC working properly and compare the results.
Run: SET
Run: sapcontrol -nr 01 -function GetEnvironment
3. Please see the following OSS notes that will help you with environment setting.
1827566 - How to set environment variables for SAP system?
31559 - Setting/changing environment variables
800240 - FAQ: SAP Cryptographic Library error analysis (App. Server)
Kind Regards,
Amerjit
↧
User not able to login using SSO
Hi guys,
I have a situation where user is not able to login using SSO and whenever he tries to login, it asks for the user credentials. We have checked the SNC and it is correct and there are no issues with the SNC because SSO is working fine for all the users.
Anyone have any idea? Any comments will be appreciated.
↧
↧
SAML Http redirection
Hi,
We use SAML in our NW Gateway 7.4 system.Our adress is https://testerp.abc.com/saml/idp.
We use HTTP Redirect in SSO Endpoints. If we don't use HTTP redirect SAML does not work.But i have a problem here. If i call sicf service from http it is redirecting to https://testerp.abc.com/saml/idp. How can i prevent this redirection? If i call a sicf service from HTTP i don't want it to redirect HTTPS.
Thank you,
Fatih
↧
Re: Success Factor Employee Central integration with ECC on-premise
Hi Dimitri,
1. You need access to SF provisioning portal.
2. Activate all the required services saml2, oData, cdc_ext_service
3. Change the logon procedure by removing basic authentication
4. Download the SF IDP certificate metadata from https://performancemanager10.successfactors.com/idp/samlmetadata?company=<companyID>
5. Setup your config via SAML2
This should set you up.
And you should be able to perform payroll configuration from SF-Admin Centre
Good luck.
↧
Re: LDAP Authentication for ABAP
Hi Donka,
Good ! Thanks you.
Regards,
Saravanan R
↧
Re: Identity Provider could not process the authentication request received
Hello Sanjiv,
was there any solution provided for this issue already?
Best regards,
Tobias
↧
↧
Cloud Identity user provisioning via corporate LDAP integration
I asked this already under Cloud Identity, but did not get any reply till now. As a customer needs an answer on this : Is there a possibility to achieve user provisioning with Cloud Identity via a corporate user store? Many companies have already LDAP-solutions like MS ADS in place where users and their organisational affiliation, roles and further rights are stored. Till now I found only ID federation. But many customers usually have a large number of users in their corporate user store with different kinds of attributes attached.
In SAP Cloud Identity roadmap user provisioning is alsoonly listed as a "planned feature". Are there any other solutions ?
Thanks in advance
Regards, Michael
↧
Re: User not able to login using SSO
Hi Vijay,
SSO means Single Sign-on where user doesn't have to type their username and password. User is able to login into Production system with her username and password but SSO is not working for her profile.
↧
Re: User not able to login using SSO
Hello Kasn,
What Vijay was asking you was not what is SSO but what is your SSO problem ?
You have mentioned SSO with SNC. Could you give more details on your problem.
Just because SNC is working it does not mean that SSO is working. SNC encrypt communications and does not provide SSO.
Please provide more info ideally with a screen shot so that we can try and decode what you haven't as yet really fully described.
Kind Regards,
Amerjit
↧
Re: User not able to login using SSO
hi, I am getting below error SncPDLInit==SNCERR_INIT unable to load GSS-API DLL named " %windir%\system32\gsskrb5.dll" Error in SNC and when I click on yes to see detailed description, it gives Error 126 ="The specified module could not be found."
↧
↧
Re: User not able to login using SSO
Hello,
Please check two things.
1. The dll exists in the location specified in the error.
2. SNC_LIB environment variable is set correctly.
Could you also let us know what version and patch level of SSO client you are using.
KR,
Amerjit
↧
Re: User not able to login using SSO
The dll doesn't exist in the location specified in the error. Can you please tell me how we can add it and where can I check SNC_LIB environment variable?
↧
Re: User not able to login using SSO
Hello,
You can open a cmd window and run the "set" command. That will show you the env vars set.
Please tell us what product and version and patch level you are using for SSO and for SNC.
KR,
Amerjit
↧
Re: Cloud Identity user provisioning via corporate LDAP integration
Hi Michael,
Yes, it is possible. For details check the online documentation at SAP Cloud Identity Service. Also the following blog might be helpful: How to Connect Your Cloud Applications with Your Corporate User Store.
Best regards,
Dimitar Mihaylov
↧
↧
Re: LDAP Authentication for ABAP
Please refer this example document . it may be useful How to configure SAP NetWeaver Single Sign-On for SAP GUI for Windows with Kerberos integration
Kindly let me know if you need any more information
↧
Re: Identity Provider could not process the authentication request received
Did you clear the browser cache and stored cookies, and did you restart the your browse?
refer this document Common System Messages on SCN
↧
Re: Cloud Identity user provisioning via corporate LDAP integration
Hi Dimitar,
thanks for your valuable answer . I knew both of this articles but it is "only" to authenticate with their corporate credentials " . What we are looking for is user provisioning meaning replication of users including their organisational assignment, their roles and attributes.
Are you aware of any solutions in this space ?
Regards,
Michael
↧