FAQ for using SAPcryptolib within the Business Objects Application Server
Question: Why is Sapcryptolib used
Answer: In order to secure the server to server connection between a Business Objects (BOBJ) server and SAP Backend system eg SAP BW, SNC (secure network communication) can be used. SAP customers can obtain this free of charge as per note 397175.
Question: Can SAPcryptolib be used for Single Sign On between the BOBJ application and the SAP Backend system
Answer:No. At present due to license agreements Sapcryptolib cannot be used in this way. SAP Netweaver Single SIgn On may provide this functionality in the future.
Question: I am installing Sapcryptolib on the BOBJ server. What do I need to take care of
Answer: the environmental variable SECUDIR must be set on the server. This will point to a filepath of your choice. The license for sapcryptolib, credential file 'cred_v2' and the PSE file for SNC will be stored here. If you are running a UNIX server then the environmental variable USER must be set to the same user as the SIA user on your BOBJ server
Question: I need to create a so-called 'credential' on the BOBJ Server - what is this
Answer: the SIA user running the BOBJ application server will initialize the SNC environment. SNC needs a private and public keypair stored in a .pse file. The credential points ths SIA user to the correct keypair to use and pse file for the SNC connection at runtime.
Question: When testing the SNC connection from the BOBJ Server to the SAP backend I see credential errors in the trace file. What do I check
Answer: Generally the CPIC log on the BOBJ server will capture errors like 'credential not found for logged on user' . Check that you have created a credential for the SIA user. To do this first confirm that you see the cred_v2 file in the SECUDIR path. Then using a command prompt run the sapgenpse tool logged on as the SIA user and run the command sapgenpse seclogin -l . This will list all the credentials available to the SIA user. You should see one that matches the BOBJ Server SNC identity as set in the security settings of the CMC. This should point to the PSE file you created for the BOBJ server.