Configuring SAP SSO for Winshuttle SAP Integration Server

Winshuttle Server Workers connect with SAP to upload and download data, and SAP SSO (Single Sign On) logon for Autorun functionality, or for using published Winshuttle Transaction and Winshuttle Query web services used by Winshuttle Forms.

Configuring SAP SSO

If a published web service does not use the ‘RunWithSapCreds’ method, an extra parameter (‘WindowsCreds’) is added to the ‘Run’ method. In this case the user will need to enter Windows credentials for this parameter.

In case of AutoRun, Windows Credentials need to be filled in Winshuttle Foundation.

Notes:
For SAP SSO logon scenarios, all users posting data using published web services or AutoRun in Winshuttle Server must have basic logon access rights on the machines where Winshuttle worker is installed.

When using Kerberos-based SSO, both SAP and Windows credentials need to be provided. For more information, see Winshuttle Foundation settings—Manage Credentials.

Because it is not practical to add all the users on all worker machines, it is recommended that you create a permissions group with the users, and then provide the group with logon access rights on all worker machines.

Note: In Winshuttle SAP Integration Server 11.1 and above, SSO and Non SSO modes can be used simultaneously with SAP SSO setting done on Worker machines.

Note: If you are using Negotiate Provider only, create a new Aname (e.g., <companyname>wfcentraladmin) and bind it to the SharePoint front-end machine 1 IP address. Then create a Cname (wfworkflowadmin.wse.wsmain.local) and bind it to the Aname. WIN-20706

Configuring 64-bit Worker Kerberos SAP SSO

Deploy SAP SSO logon on the machine where Winshuttle Worker is deployed.
The SAP SSO logon deployment creates an environment variable named SNC_LIB as a user environment variable. (See example at right.)
Under System Variables, click New, and then create the same SNC_LIB environment variable (Winshuttle Worker is a windows service and services use System environment variables.) Set its values as the path to gx64krb5.dll.

Alternative method: Define the path to the SNC library in the Worker configuration file. For more information, see the SNC_LIB section of the Configuring Winshuttle Server Worker to set the SNC_Lib parameter.

Note: If the SNC_LIB path is defined in the system environment variables and the Worker configuration file (i.e. you use both Options described above), the system environment variable will be ignored. Instead, the value defined in the Worker configuration file will be used when logging on to SAP from Winshuttle Server.

For a 64-bit machine, copy the 64-bit SSO logon DLL to C:\Windows\system32, and then set its value to the path of the System environment variable.
If you defined environment variables the previous step(s), restart the machine for the changes to take effect.

Configuring 32-bit Worker Kerberos SAP SSO

Deploy SAP SSO logon on the machine where Winshuttle Worker Launch GUI is deployed.
The SAP SSO logon deployment creates an environment variable named SNC_LIB as a user environment variable.
Under System Variables, click New, and then create the same SNC_LIB environment variable. (Winshuttle Worker Launch Gui is a windows service and services use System environment variables.) Set its values as the path to gsskrb5.dll.

Alternative method: Define the path to the SNC library in the Worker Launch Gui configuration file. For more information, see the SNC_Lib section of Configuring Worker Launch Gui to set the SNC_Lib parameter.

Note: If the SNC_LIB path is defined in the system environment variables and the Worker configuration file (i.e. you use both Option 1 and Option 2), the system environment variable is ignored. Instead, the value defined in the Worker Launch Gui configuration file will be used when logging on to SAP from Winshuttle Server.

If you defined environment variables the previous step(s), restart the machine for the changes to take effect.

Configuring SAP SSO for Winshuttle SAP Integration Server

On this page