SNC suppport

[paulovidalpereira]

Is there any change that this library will receive SNC login support?

[gkralik]

What would be needed?

[clcarver]

This would be amazing. I think what would be needed is the ability to provide the SNC name and what level of security would be needed. (https://help.sap.com/saphelp_nw70ehp3/helpdata/en/48/a88d7f5134307de10000000a42189b/frameset.htm) I tried to pass the SNC Lib and SNC QOP but that didn't work. Digging around I found that those parameters do not exist. I think the end goal would be to allow single sign on via third party software like TrustBroker.

[gkralik]

What do you mean by "... those parameters do not exist"?

Can you give me some example code so I can see what you tried?

[clcarver]

The link I provided shows that there are general connection parameters, and then client parameters. Looking at the docs for this .ini, it looks like the only parameters that are being use are the client parameters. So according to the SAP docs, there are some options for SNC, but I am unsure how to implement since they are not part of the client parameters passed in via the $options.

$this->handle = new SapConnection($this->config);

The config contains the Production array:

   [ 'connections' => [
        'Production' => [
            'ashost' => env('SAP_ASHOST_PROD'),
            'sysnr' => env('SAP_SYSNR_PROD'),
            'client' => env('SAP_CLIENT_PROD'),
            'lang' => env('SAP_LANG_PROD'),
            'snc_lib' => env('SAP_SNC_LIB_PROD'),
            'snc_qop' => env('SAP_SNC_QOP_PROD'),
        ],
  ]]

[gkralik]

The config you pass to the Connection constructor should look like this (no connection or Production keys):

$config = [
     'ashost' => env('SAP_ASHOST_PROD'),
     'sysnr' => env('SAP_SYSNR_PROD'),
     'client' => env('SAP_CLIENT_PROD'),
     'lang' => env('SAP_LANG_PROD'),
     'snc_lib' => env('SAP_SNC_LIB_PROD'),
     'snc_qop' => env('SAP_SNC_QOP_PROD'),
];

In general, you can use all of the settings in the link you provided either in the sapnwrfc.ini file or by directly passing them to the constructor.

[clcarver]

Sorry for the confusion, I have several different connections set up, the $config only has the 'Production' array, what the constructor receives is exactly as you describe. I do not have a problem connecting with a username and password, but it is not working using snc.

[gkralik]

I assume an exception is thrown when you try to connect with SNC? If yes, wrap the code in a try-catch and check the exception details (var_dump() should show some details). You can also try to increase the trace level and check the generated trace files for hints about what exactly fails.

I have never tried to connect with SNC, but I'm happy to help you debug the issue. If you post the trace file, make sure to remove all credentials ;-)

[gkralik]

From the header file (sapnwrfc.h):

When logging on with SNC, user&passwd are to be replaced by snc_qop, snc_myname, snc_partnername and optionally snc_lib.

(If snc_lib is not specified, the RFC library uses the "global" GSS library defined via environment variable SNC_LIB.)

In your connection options, you only have snc_qop and snc_lib, maybe that's the cause?

[gkralik]

Additionally, as per https://testhelpportal.com/viewer/e73bba71770e4c0ca5fb2a3c17e8e229/1610%20003/en-US/d9e8a740bbaa4d8f8bee6f7b173bd99f.html the parameters SNC_PARTNERNAME, SNC_LIB and SNC_MODE seem to be required.

[clcarver]

Thank you so much for the info. This looks really promising! I will try on Monday to get this working and get back to you. Have a good weekend.

[clcarver]

Just wanted to give an update to my progress. I have configured my connection to use the parameters as you described and I am getting a response back, but unable to log in. I need to install the trust broker software in order to get the SNC_LIB path, so I will be working with my internal IT department to get that figured out. Once I get that done I will report back with an update and if all is working, I will provide all the details on how to get it working. Thanks again for your direction and help!

[gkralik]

Have you managed to get it working?

[clcarver]

Hi, sorry for the long wait. I have yet to get it working but I have made some progress that might help others. I have installed our CyberSafe software but I am having issues getting Kerberos working with IIS. Very frustrating to say the least! From what I am told, once this is resolved I should be able to SSO into SAP. I will keep this thread updated regardless of the outcome.

[gkralik]

Any news on this?

[clcarver]

I have been in contact with the vendor multiple times but have had no luck. You can close this and if I can get it working I will come back and provide an update.