Skip to Content
Author's profile photo Ingo Hilgefort

BusinessObjects Enterprise and client side SNC Part 1 of 2

I have seen frequently the question about using SNC in combination with BusinessObjects Enterprise and the BusinessObjects Integration for SAP Solutions. Most customers use SNC to combine the user authentication of for example Windows AD with the SAP credentials.

To configure BusinessObjects Enterprise to use SNC you the following tasks are needed:
– Configuring BusinessObjects Enterprise servers to start and run under an appropriate user account
– Configure the SAP system to trust your BusinessObjects Enterprise system
– Configure the SNC settings in the Central Management Console of BusinessObjects Enterprise
– Map SAP users as aliases to Windows AD users.

In this part we will look at the first two steps of these 4 items. In the following steps we will use the Microsoft NTLM implementation for SNC.

Some of the outlined steps might require different values depending on the SNC implementation software you are using but the general steps should help you to follow along.


BusinessObjects Enterprise services

As a technical pre-requisite your SAP server needs to be setup for SNC and the SNC library needs to be deployed on your BusinessObjects system. For client SNC to work properly in your BusinessObjects Enterprise system some services of your landscape need to be started with a user account which his configured for SNC.


For your SAP server the following profile parameters need to be configured (transaction RZ10):

Profile Paramater Value
snc/enable Set this parameter to the value 1 to activate SNC on the application server
sec/libsapsecu  Enter the full path including the file name to the SNC library on your SAP server
ssf/ssfapi_lib  Enter the full path including the file name to the SNC library on your SAP server
snc/gssapi_lib  Enter the full path including the file name to the SNC library on your SAP server
snc/identity/as Enter the Distinguished Name (DN) for your SAP system.

To configure your SAP system for example with Microsoft Kerberos you can find the complete details here.


On the BusinessObjects server you then also need to deploy the SNC library and create an environment variable entry called SNC_LIB that points to the complete path including the file name of the SNC library on your BusinessObjects Enterprise system.


Now for client side SNC, your application server (by default Tomcat), your Central Management Server and your processing tier (for example Crystal Reports Job server and Crystal Reports Processing server) needs to be run under a configured SNC account.

The processing tier is not a necessity for a client SNC configuration to work, but when you want to leverage the full functionality of your BusinessObjects platform the processing tier needs to be configured to leverage the established trust between your SAP and BusinessObjects system.

To setup those services to leverage the SNC account there are different options. In the following example we will use a single Server Intelligent Agent and configure it to use the SNC account. Another option would be to add a second Server Intelligent Agent and assign specific services to only that Server Intelligent Agent.

The SNC account that you setup needs to be a domain user.

  1. Start the Central Configuration Manager of your BusinessObjects Enterprise system (START • PROGRAMS • BUSINESSOBJECTS XI RELEASE 3.1 • BUSINESSOBJECTS ENTERPRISE • CENTRAL CONFIGURATION MANAGER).
  2. Select your Server Intelligence Agent (SIA) and stop the service.
  3. Select the Server Intelligence Agent and click on PROPERTIES.
  4. Uncheck the option LOG ON AS SYSTEM ACCOUNT and enter the SNC account in the syntax DOMAIN\USER. In my example the account is SAP_ALL\IHILGEFORT.
  5. Click OK and start the Server Intelligence Agent service.
  6. Now you need to follow the same steps and configure your application server to use the SNC account. In our example the application server is Tomcat.
  7. Select Tomcat in the Central Configuration Manager and stop the service.
  8. Click on PROPERTIES.
  9. Uncheck the option LOG ON AS SYSTEM ACCOUNT and enter the SNC account.
  10. Click OK and start your application service.

You now need to create a system ID in transaction SNC0 and configure it with your SNC account.

1. Logon to your SAP system and start transaction SNC0.
2. Click the button NEW ENTRIES.
3. Enter the name of your BusinessObjects system as System ID.
4. Enter the SNC account with the prefix “p:” into the SNC name field.

6. Click SAVE


This covers the first two steps and in the next part we will continue to configure the SNC options on the BusinessObjects Enterprise server.

Assigned tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Tim Alsop
      Tim Alsop
      I noticed in your example, you suggest using a domain user account. This works, but it means that when the BO software starts it will get credentials from AD and these credentials have a lifetime, so will eventually expire (e.g. after 1 weeek). I am working on a way to avoid the need to restart the BO software, but I need you to help. Can you please explain where the SNC configuration is stored, so we can add SNC_MYNAME= parameter to the RFC connection string ?


      Author's profile photo Ingo Hilgefort
      Ingo Hilgefort
      Blog Post Author
      hi Tim,

      you need a domain account to leverage SNC.
      in case there are questions I would suggest you create the entry in the forums.


      Author's profile photo Former Member
      Former Member
      What I want to do is allow a user (BI40)
      1. Login PC with his/her own AD domain user/pwd
      2. Open IE and click link to BI launchPad
         and get to the welcome page w/o pwd
      3. Click on a crystal report (UNX source)
         deployed via BW and can "view" and
         "view last inst." w/o being prompt for pwd.
      NOTE:Each user has an AD domain account as well as
           an BW account (not necessary w/ same name)

      Then I found this

      1396213 - How-To: Access BusinessObjects documents based on SAP data sources without providing SAP username and/or password

      Then now I found your blog here

      Hum.... CLIENT SNC OR SERVER SNC ?????
      Are you guys talking abount different things ?

      Author's profile photo Ingo Hilgefort
      Ingo Hilgefort
      Blog Post Author
      I would suggest you post your question to the forum for the SAP Integration. Its easier to follow up there

      Ingo Hilgefort

      Author's profile photo Former Member
      Former Member

      Hi Ingo,

      is there any 'walk through' for BOXI4.0 available?