Downtime Announcement: Please note that SAP Community Wiki will be unavailable due to a system upgrade on Tuesday, August 11th between 7 and 11 AM CEST
Skip to end of metadata
Go to start of metadata
FAQ for using SAPcryptolib within the Business Objects Application Server

Question: Why is Sapcryptolib used


Answer: In order to secure the server to server connection between a Business Objects (BOBJ) server and SAP Backend system eg SAP BW, SNC (secure network communication) can be used. SAP customers can obtain this free of charge as per note 397175.

Question: Can SAPcryptolib be used for Single Sign On between the BOBJ application and the SAP Backend system


Answer:No. At present due to license agreements Sapcryptolib cannot be used in this way. SAP Netweaver Single SIgn On may provide this functionality in the future.  

Question: I am installing Sapcryptolib on the BOBJ server. What do I need to take care of


Answer: the environmental variable SECUDIR must be set on the server. This will point to a filepath of your choice. The license for sapcryptolib, credential file 'cred_v2' and the PSE file for SNC will be stored here. If you are running a UNIX server then the environmental variable USER must be set to the same user as the SIA user on your BOBJ server

Question: I need to create a so-called 'credential' on the BOBJ Server - what is this


Answer: the SIA user running the BOBJ application server will initialize the SNC environment. SNC needs a private and public keypair stored in a .pse file. The credential points ths SIA user to the correct keypair to use and pse file for the SNC connection at runtime.

Question: When testing the SNC connection from the BOBJ Server to the SAP backend I see credential errors in the trace file. What do I check


Answer: Generally the CPIC log on the BOBJ server will capture errors like 'credential not found for logged on user' . Check that you have created a credential for the SIA user. To do this first confirm that you see the cred_v2 file in the SECUDIR path. Then using a command prompt run the sapgenpse tool logged on as the SIA user and run the command sapgenpse seclogin -l . This will list all the credentials available to the SIA user. You should see one that matches the BOBJ Server SNC identity as set in the security settings of the CMC. This should point to the PSE file you created for the BOBJ server.