You can create the license CAB file with the makecab command.
To create the license CAB file
Locate your license file and rename it to Quest-QAS-GSSAPI-for-SAP.asc
Run the following command:
makecab.exe Quest-QAS-GSSAPI-for-SAP.asc license.cab
NOTE: You may need to download makecab.exe if it is not available on your system.
This creates a file called license.cab.
Copy the license.cab file to the directory containing the qas-sso-for-sap-<version>.msi and qas-sso-for-sap.mst files.
This section describes how to perform a silent install by using the qas-sso-for-sap.mst transform file and the main MSI installer file.
To deploy Single Sign-on for SAP through Group Policy silently
Open a command prompt window, navigate to the directory containing the qas-sso-for-sap-<version>.msi, qas-sso-for-sap.mst, and license.cab files.
Run msiexec /i "qas-sso-for-sap-<version>.msi" TRANSFORMS="qas-sso-for-sap.mst" /qb.
You can configure the SAP GUI client on Windows 10 and above.
To configure the SAP GUI client on Windows 10 and above
Verify that the environment variable SNC_LIB contains the path to qgsskrb5.dll.
The library is located in the folder where you installed Single Sign-on for SAP.
Run the SAPlogin application.
Select a server connection and click Change Item to open the properties.
The SAP GUI client should already be installed and configured for normal password-based authentication.
Click the Network tab to open Secure Network Settings.
To enable SNC, select Enable Secure Network Communication.
In the SNC Name field, enter the KPN of the SAP Server. For example, enter:
p:sAMAccountName@realm
This is the same KPN that was used for the SAP instance profile key snc/identity/as described in Enabling SNC on the SAP server.
Select the Maximum security settings available option to enable single sign-on as well as data integrity and encryption for all of the traffic between the SAP GUI client and the R3 server.
Click OK to save these settings.
You can now click the server name in SAPlogon to log onto the server without being prompted for a user name or password.
Once you have configured the server connection to use SNC, it is now possible to create desktop shortcuts using SAPlogon. Shortcuts normally require a password to either be included with the shortcut (not recommended) or else the user is prompted for a password when the shortcut is activated. With SNC activated, however, it is only necessary to enter an arbitrary shortcut (a single letter will do) in the password field of the shortcut. This shortcut is not actually used for authentication, as the SAP system attempts authentication using GSSAPI first.
The use of SNC and shortcuts allows SAP administrators to create desktop icons for users that will launch them directly into specific SAP applications, securely authenticating without the use of passwords.
By default, Single Sign-on for SAP performs automatic authentication using the credentials of the currently logged-in Windows user. In some situations, you might want users to provide an Active Directory user name and password when logging in to SAP. You can configure Single Sign-on for SAP to display a login prompt whenever a new authentication request is generated.
When you enable authentication prompting, users see an authentication dialog where they must enter an Active Directory user name and password in order to gain access to SAP. The user name can be in any one of these formats:
SAM account name (if the computer is joined to the user's domain)
<DOMAIN>\<SAM account name>
<SAM account name>@<DOMAIN>
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center
