SAP SSO problem: no credentials were supplied

Hi to all!

I am trying to implement SAP SSO for RHEL.

I created SPN:

setspn -L SAPServiceEW1

Registered ServicePrincipalNames for CN=SAPServiceEW1,CN=Users,DC=mydomain,DC=local:

        CN=SAPServiceEW1.MYDOMAIN.LOCAL/KerberosTDI

        p:CN=SAPServiceEW1.MYDOMAIN.LOCAL/KerberosTDI

        SAPServiceEW1.MYDOMAIN.LOCAL/KerberosTDI

        SAPServiceEW1/KerberosTDI

I created Kerberos keys:

snc -O SAPServiceEW1 status -V

------------------------------------------------------------------------------

------------ status    -------------------------------------------------------

------------------------------------------------------------------------------

Product version     : Secure Login Library 1.0 SP 4 Patch 3

                    : CryptoLib            8.3.7.12

                    :                      linux-gcc-4.3-x86-64

GSS library         : available

GSS library name    : libsecgss.so

PSE directory       : (existing) /home/ew1adm/sec

PSE file            : (existing) /home/ew1adm/sec/pse.zip

STRUST cred file    : (missing ) /home/ew1adm/sec/cred_v2

SNC config file     : (existing) /sap/usrsap/EW1/SLL/gss.xml

PSE accessible      : yes

PSE logged in       : yes

PSE credentials     : MasterPassword SystemDefault

Kerberos keyTab     :  8 entries

1: p:CN=SAPServiceEW1@MYDOMAIN.LOCAL (KeyType DES)

2: p:CN=SAPServiceEW1@MYDOMAIN.LOCAL (KeyType AES128)

3: p:CN=SAPServiceEW1@MYDOMAIN.LOCAL (KeyType AES256)

4: p:CN=SAPServiceEW1@MYDOMAIN.LOCAL (KeyType RC4)

5: SAPServiceEW1@MYDOMAIN.LOCAL (KeyType DES)

6: SAPServiceEW1@MYDOMAIN.LOCAL (KeyType AES128)

7: SAPServiceEW1@MYDOMAIN.LOCAL (KeyType AES256)

8: SAPServiceEW1@MYDOMAIN.LOCAL (KeyType RC4)

------------------------------------------------------------------------------

SNC keys registered :  0 entries

dev_w0:

SsfSapSecin: getenv(SECUDIR)=="/usr/sap/EW1/DVEBMGS00/sec"

N  SsfSapSecin: PSE /usr/sap/EW1/DVEBMGS00/sec/SAPSYS.pse found!

N

N  =================================================

N  === SSF INITIALIZATION:

N  ===...SSF Security Toolkit name SAPSECULIB .

N  ===...SSF library is /usr/sap/EW1/DVEBMGS00/exe/libsapcrypto.so .

N  ===...SSF default hash algorithm is SHA1 .

N  ===...SSF default symmetric encryption algorithm is AES128-CBC .

N  ===...SECUDIR="/usr/sap/EW1/DVEBMGS00/sec"

N  ===...loading of Security Toolkit successfully completed.

N  ===   CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.35 pl40 (Mar 16 2015) MT-safe

N  =================================================

N  SignInit: successfully obtained handle for Security Context cache

N  SPNegoInit: SPNego disabled ("spnego/enable" not set to 1)

M  JrfcVmcRegisterNativesDriver o.k.

M  CGROUPS: ThSetProcessPriority workerType=1

M  CGROUPS: changing prio of pid 17793 to medium

M  CGROUPS: disabled

E  Enqueue Info: rdisp/wp_no_enq=1, rdisp/enqname=<empty>, assume msk-ewm-tst_EW1_00

E  Enqueue Info: enque/use_pfclock2 = FALSE

E  EnqLockTableSizeCalculate: session quota = 100%

E  EnqLockTableCreate: create lock table (size = 67108864)

E  EnqLockTableMapToLocalContext: enque/use_pfclock2 = FALSE

GetWritePermissionForShm( pLocation = 281, pEnforce = 0 )

G  RelWritePermissionForShm( pLocation = 277, pEnforce = 0 )

N  SncInit():   found snc/data_protection/max=3, using 3 (Privacy Level)

N  SncInit():   found snc/data_protection/min=2, using 2 (Integrity Level)

N  SncInit():   found snc/data_protection/use=3, using 3 (Privacy Level)

N  SncInit(): found  snc/gssapi_lib=/usr/sap/EW1/SLL/libsecgss.so

N    File "/usr/sap/EW1/SLL/libsecgss.so" dynamically loaded as GSS-API v2 library.

N    The internal Adapter for the loaded GSS-API mechanism identifies as:

N    Internal SNC-Adapter (Rev 1.1) to SAP Netweaver Single Sign-On v1.x

N  SncInit():   found snc/identity/as=p:CN=SAPServiceEW1@MYDOMAIN.LOCAL

N  SncInit(): Accepting  Credentials available, lifetime=Indefinite

N  SncInit(): Initiating Credentials available, lifetime=Indefinite

M  ***LOG R1Q=> p:CN=SAPServiceEW1@MYDOMAIN.LOCAL [thxxsnc.c    300]

M  SNC (Secure Network Communication) enabled

SNC string in SAP GUI:

p:CN=SAPServiceEW1@MYDOMAIN.LOCAL

SNC Library for SAP GUI:

SNC_LIB=C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\lib\secgss.dll

There is settings in DEFAULT.PFL about SCN:

snc/enable=1

snc/permit_insecure_start=1

snc/accept_insecure_cpic=1

snc/r3int_rfc_qop=8

snc/r3int_rfc_secure=0

snc/data_protection/use=3

snc/data_protection/min=2

snc/data_protection/max=3

snc/identity/as=p:CN=SAPServiceEW1@MYDOMAIN.LOCAL

snc/gssapi_lib=/usr/sap/EW1/SLL/libsecgss.so

snc/force_login_screen=1

snc/accept_insecure_rfc=1

snc/accept_insecure_gui=1

ssf/name=SAPSECULIB

ssf/ssfapi_lib=$(ssl/ssl_lib)

ssl/ssl_lib=$(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)

sec/libsapsecu=$(ssl/ssl_lib)

But when I open the system in SAP GUI:

What I missed ? Thanks!!