지금 지원 담당자와 채팅
지원 담당자와 채팅

Safeguard Authentication Services 6.0.1 - SSO for SAP Integration Guide

Creating the license CAB file

You can create the license CAB file with the makecab command.

To create the license CAB file

  1. Locate your license file and rename it to Quest-QAS-GSSAPI-for-SAP.asc

  2. Run the following command:

    makecab.exe Quest-QAS-GSSAPI-for-SAP.asc license.cab

    NOTE: You may need to download makecab.exe if it is not available on your system.

    This creates a file called license.cab.

  3. Copy the license.cab file to the directory containing the qas-sso-for-sap-<version>.msi and qas-sso-for-sap.mst files.

Silent install

This section describes how to perform a silent install by using the qas-sso-for-sap.mst transform file and the main MSI installer file.

To deploy Single Sign-on for SAP through Group Policy silently

  1. Open a command prompt window, navigate to the directory containing the qas-sso-for-sap-<version>.msi, qas-sso-for-sap.mst, and license.cab files.

  2. Run msiexec /i "qas-sso-for-sap-<version>.msi" TRANSFORMS="qas-sso-for-sap.mst" /qb.

Configuring the SAP GUI client on Windows XP

You can configure the SAP GUI client on Windows XP.

To configure the SAP GUI client on Windows XP

  1. Verify that the environment variable SNC_LIB contains the path to qgsskrb5.dll.

    The library is located in the folder where you installed Single Sign-on for SAP.

  2. Run the SAPlogin application.

  3. Select a server connection and click Change Item to open the properties.

    The SAP GUI client should already be installed and configured for normal password-based authentication.

  4. Click the Advanced button to open the Advanced Options.

  5. To enable SNC, select Enable Secure Network Communication.

  6. In the SNC Name field, enter the KPN of the SAP Server. For example, enter:

    p:sAMAccountName@realm

    This is the same KPN that was used for the SAP instance profile key snc/identity/as described in Enabling SNC on the SAP server.

  7. Select the Max. Available option to enable single sign-on as well as data integrity and encryption for all of the traffic between the SAP GUI client and the R3 server.

  8. Click OK to save these settings.

    You can now click the server name in SAPlogon to log onto the server without being prompted for a user name or password.

    Once you have configured the server connection to use SNC, it is now possible to create desktop shortcuts using SAPlogon. Shortcuts normally require a password to either be included with the shortcut (not recommended) or else the user is prompted for a password when the shortcut is activated. With SNC activated, however, it is only necessary to enter an arbitrary shortcut (a single letter will do) in the password field of the shortcut. This shortcut is not actually used for authentication, as the SAP system attempts authentication using GSSAPI first.

    The use of SNC and shortcuts allows SAP administrators to create desktop icons for users that will launch them directly into specific SAP applications, securely authenticating without the use of passwords.

Configuring the SAP GUI client on Windows Vista and above

You can configure the SAP GUI client on Windows Vista and newer operating systems.

To configure the SAP GUI client on Windows Vista

  1. Open SAP GUI Logon 7.10 and click New Item.

  2. On the Create New System Entry screen, select User Specified System and click Next.

  3. Ensure Connection Type is Custom Application Server.

    Enter the appropriate information in Application Server, System Number, and System ID, then click Next.

  4. Select the Activate Secure Network Communication option, and enter the Kerberos Principal Name (KPN) of the SAP Server.

    For example, enter:

    p:sAMAccountName@realm
  5. Click Next.

    Use the same KPN that you used for the SAP instance profile key snc/identity/ as described in Enabling SNC on the SAP server.

  6. Leave the defaults on this screen and click Finish.

    The new item you created will now appear on the SAP GUI log on.

  7. Click Logon and log in as a user who is set up to use SNC.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택