Error in the configuration for sap logon tickets

Hi Forum,
I use Tcode crmd_order_bp to see the BP cockpit and the error message displays as
<b>Error in the configuration for SAP logon tickets</b>
But if I click "Yes", system displays cockpit.
How can I avoid this error.
Thanks in advance
Regards
Shridhar

You will still need to configure SSO (either by logon ticket or username/password). The data source access is done using the username/password configured in the UM Config dialog box.
I can see where you're coming from with your thinking, however logon-ticket-based SSO is probably the best approach.
Cheers,
Darren.

Similar Messages

  • What are the requirement for sap logon...

    HI expert ,
    i am working on remote site and i want install sap logon i have a hostname ,sap roting string system id , and instance no.i configured it but i am not able
    connect to application server message showing...
    partner sap routstring ip(115.115......:3299 not reached
    time
    component-ni
    release720
    version40
    module-nixxi.cpp
    line-3286
    method-nipconnect
    return code
    error no 10061
    error text wsaeconnrefused connection refused
    counter -7

    Hello Ashish,
    then you may need to check the router string carefully if it is correct. "connection refused" in your error message means, that either the program is not running and not listening to the port 3299 on the affected server, or connection data are wrong. Do you have a SAProuter trace and did SAProuter notice in the trace, that you are trying to connect to it?
    regards,
    Alwina

  • How to read the configuration for SAP GUI elements in Plant Maintenance module from SPRO and leverage the same in NWBC for HTML.

    Dear Members,
    Greetings for the day!
    I am working on NWBC for HTML in Plant Maintenance module.
    We have configured some changes in SPRO for customizing the UI elements( like visibility, mandatory ) like tabs and fields in transactions like IW21( Create Notification).
    As of now separate parallel configuration needs to be carried out in NWBC for HTML in PM module to achieve the same UI features for creating notifications and this is time consuming.
    Is there any way to read the configuration done in SPRO for the SAP GUI's and leverage the same in NWBC for HTML.
    Appreciate your time in responding to this.
    Thanks & Regards,
    Ram.

    >
    <IfModule mod_weblogic.c>
    WebLogicCluster 127.0.0.1:7005,127.0.0.1:7007,127.0.0.1:7003,127.0.0.1:7103,127.0.0.1:7104
    MatchExpression /app1
    </IfModule>
    <Location /weblogic>
    SetHandler weblogic-handler
    WebLogicCluster 127.0.0.1:7003,127.0.0.1:7005,127.0.0.1:7007,127.0.0.1:7103,127.0.0.1:7104
    DebugConfigInfo ON
    PathTrim /weblogic
    </Location>
    <IfModule mod_weblogic.c>
    WebLogicCluster 127.0.0.1:7003,127.0.0.1:7005,127.0.0.1:7007
    MatchExpression /app2
    </IfModule>
    <Location /weblogic>
    SetHandler weblogic-handler
    WebLogicCluster 127.0.0.1:7003,127.0.0.1:7005,127.0.0.1:7007
    DebugConfigInfo ON
    PathTrim /weblogic
    </Location>
    >
    This configuration is weird little bit. There is MatchExpression /app1 and MatchExpression /app2 and at the same time two <Location /weblogic> sections. Are you sure you understand what that configuration stands for?
    Try something like this ...
    <Location /app1>
    SetHandler weblogic-handler
    WebLogicCluster 127.0.0.1:7003,127.0.0.1:7005,127.0.0.1:7007,127.0.0.1:7103,127.0.0.1:7104
    DebugConfigInfo ON
    </Location>
    <Location /app2>
    SetHandler weblogic-handler
    WebLogicCluster 127.0.0.1:7003,127.0.0.1:7005,127.0.0.1:7007
    DebugConfigInfo ON
    </Location>
    where /app1 and /app2 are contexts of your weblogic applications.
    http://download.oracle.com/docs/cd/E11035_01/wls100/plugins/apache.html
    http://httpd.apache.org/docs/2.0/mod/core.html#location

  • What is the name of SAP LOGON Ticket?

    Hi Gurus,
    Once we passed our User id and password in portal logon page .it will pass the user credentails to server and it checks againts user profile which stores in LDAP.
    after we passed the logon information(userid and password) it will create a logon ticket?
    what is the name of that?
    Thanks in Advance,
    Dharani

    Hello,
    The logon ticket is stored as a session cookie and is called MYSAPSSO2.
    Regards,
    The-Hung Nguyen

  • Umw attribute responsible for user ID in SAP Logon Ticket

    In a typical portal login using the login module stack "ticket", I understand that j_user and j_password are used to login at the BasicPasswordLoginModule.
    With our UME running against an LDAP server, what attribute is responsible for the user ID of the generated SAP Logon Ticket at the CreateTicketLoginModule? It could be j_user or userid of the principal type account or the uniquename or loginid of the principal type user.
    Thanks,
    Florian

    i think it is by default but if you are using qoutes then you have to give it in upper case.
    select matnr into mara-matnr from mara where matnr = 'abc'.
    will not fetch any value here you have to give 'ABC'.
    regards
    shiba dutta

  • Setting the default resolution for sap logon

    Hi, ALL!
    I'm terribly tired of SAP interface. It's so uncomfortable for work.
    For example maybe you know khow to set the default resolution for sap logon to make it use its widgets of proper size. e.g. when i work with transfer rules, it has only half of screen for useful area (i use 1400x1050), and right part is just empty, but on the left very many small fields and you should constantly use scrollbars (i think you know it well). Maybe there is system customizing for this purpose.

    Hello Dmitry,
    There is no customizing for this - atleast to my knowledge.
    However, you should have to redo the settings again and again unless you are continuously re-sizing the main window.
    Cheers
    Aneesh

  • How to implement SSO to non-SAP systems using SAP logon ticket?

    Hello,
    We would like to implement Single Sign On between our SAP Netweaver system and a Siebel which is a non-SAP system using SAP logon tickets.
    Can anyone please give me some leads on this, in particular:
    1. Is there a JAVA API or an SAP plug-in that can be implemented on the Siebel machine to extract the SAP logon ticket?
    2. As the other machine might seat on a complete different domain, is it possible to implement SAP logon ticket without using cookies (perhaps through the HTTP header?
    3. In case you think using SAP logon tickets is not the best solution here I would be happy to hear any other suggestions you might have.
    Roy

    Hi,
    I'm currently using SAML as well. Unfortunately the SAP J2EE cannot work as authority (identity provider) but what you can do is using an open implementation of SAML such as opensso which is an open version of SUNs Java System access manager.
    There are a couple of other projects such as opensaml, apache's wss4j or shibboleth that might be interesting in this context.
    I just installed opensso and got it working with SAP J2EE 7.0 using SAPs JAAS SAMLLoginModule to authenticate users within SAP J2EE.
    In this scenario opensso serves as identity provider just as you need! There are a couple of Policy agents available on SUNs Download site you can use with Apache, Tomcat, JBOSS, WebSphere, Bea Web Logic etc. in order to authenticate! Otherwise you just directly authenticate against opensso. When installing opensso you can configure the type of user store you want  to use! By default it uses LDAP but you can also use different types of user store using JDBC or other mechanisms. Since you have a Directory Service you could easily connect it to your existing directory.
    There is also a way to map user ids directly in opensso by adding a uid mapping class. I created some documentation with lots of screenshots about using opensso with SAP J2EE. You can easily use opensso with any other system that supports SAML. In the case of SAP the usage is currently limited to SAML versions 1.0 and 1.1. Version 2.0 is not yet supported but should be in one of the following versions.
    Here are some links you might want to check:
    OpenSAML: https://spaces.internet2.edu/display/OpenSAML/Home
    wss4j: http://ws.apache.org/wss4j/
    shibboleth: http://shibboleth.internet2.edu/
    opensso: https://opensso.dev.java.net/
    On SDN you will find a documentation on how to connect SUN Java System Access Manager to SAP J2EE (see https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/906d9fc6-31b9-2910-1385-90edad7d7570). As I said opensso is based on the SUN Access Manager code and looks quite the same. So you can adapt this documentation in order to configure opensso or you can just ask me for the documentation.
    Hope this is helpful...
    Let me know if you need further assistance on this topic
    Cheers

  • SSO to Web Service using SAP Logon Ticket

    Hi,
    I have to do SSO using SAP Logon Ticket between my portal and a Java Web Service that is accessible over internet. I do have the WSDL file of this Web Service.
    I want to know:
    1. What changes are required in Web Service to configure it to read and accept Logon Ticket?
    2. What am I supposed to do at portal end to enable this process?
    Thanks,
    Vivek

    Hi Vivek & Raja,
    > is it that if the WS is a third party WS and running on a Non-SAP J2EE Server,
    > we can't implement SSO from Portal to it using SAP Logon Ticket?
    Right, if you cannot extend it's functionality, how should it do the ticket verification...
    @Raja:
    > SAP Logon Ticket is for authenticating to a SAP system, since yours in a
    > thirdparty ws, there is not need of SAP logonticket.
    On the other hand, that's not true. It is possible as well as often done to verify the SSO ticket on some third party system. This is also supported, for Java as well as for other systems, different articles about such scenarios have been published, also here on SDN.
    Hope it helps
    Detlev
    PS: Vivek, please consider rewarding points for helpful answers on SDN. Thanks in advance!

  • Problems with SAP Logon ticket

    Hi.
    I am trying to send SAP Logon ticket from ECC 6.0  to the backend legacy using Soap adapter in receiver side. I get the following error in SXMB_MONI, so it looks like AF is not accepting the ticket. Can anybody tell me please, how I can identify that the ticket has been received in PI's side?
    <Trace level="1" type="T">Principal Propagation connection attributes</Trace>
      <Trace level="1" type="T">Host = hostname</Trace>
      <Trace level="1" type="T">Port = 12345</Trace>
      <Trace level="1" type="T">Transport protocol = HTTP</Trace>
      <Trace level="1" type="T">Transport protocol vers = 1.0</Trace>
      <Trace level="1" type="T">Message protocol = 003000</Trace>
      <Trace level="1" type="T">Path = /MessagingSystem/receive/AFW/XI</Trace>
      <Trace level="1" type="T">Security: Logon Ticket</Trace>
      <Trace level="1" type="System_Error">Error while sending by HTTP (error code: 403, error text: Forbidden)</Trace>
      </Trace>
    Thanks, Jukka

    Hi.
    I have had some progress. Actually Principal Propagation works well now, thanks to instructions in http://help.sap.com/saphelp_nwpi711/helpdata/en/48/a9bbb97e28674be10000000a421937/frameset.htm
    But I think I have now found out that the principal progation might not be a direct answer to my problem. In the end of the day I should be able to deliver UsernameToken in my soap message header. Something like this:
    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      |          <wsu:Timestamp wsu:Id="Timestamp-12134742" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      |             <wsu:Created>2007-10-14T12:45:34.656Z</wsu:Created>
      |             <wsu:Expires>2007-10-14T12:46:34.656Z</wsu:Expires>
      |          </wsu:Timestamp>
      |          <wsse:UsernameToken wsu:Id="UsernameToken-33259721" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      |             <wsse:Username>test</wsse:Username>
      |             <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse:Password>
      |          </wsse:UsernameToken>
      |       </wsse:Security>
    I just have not found any documentation which I could utilize in Abap Proxy - PI 7.1 - Soap Receiver scenario. Just wondering should I create my own customized soap envelope and disable the Pi envelope in SOAP communication channel...
    Do you know if there's any "standard way" to configure this kind of configuration?
    Br. Jukka

  • How to Activate Send SAP Logon Ticket in Logon Security...??

    Hi
    I am trying to create RFC Destination for SAP EP 6.0. Here i need to activate <b>Send SAP Logon Ticket</b>. But that Activate Radio button is in disable mode. How to make it enable. Please Help me
    Best Regards
    Ravi Shankar B

    The F1 help for this option says:
    <i>When you activate this option, an attempt is made to create and send the SAP logon ticket for the current session, for a logon to the target system. Before you can create this ticket, the environment must be configured appropriately (for example, the profile parameter login/create_sso2_ticket must be set to 2).</i>
    So, J. has the right idea...
    Cheers

  • Windows Integrated Authentication & SAP Logon tickets

    1) We have configured windows authentication and the IISproxy on a SPS frontend server to our SAP portal environment.
    2)We have configured SAP logon tickets on the SAP portal (running on hp-ux).
    3) Both the IIS server and the sap portal server exist on the same domain inside our firewall (iis_server.lsv.internal_company_name.com and sap_portal_server.lsv.internal_company_name.com)
    4) A virtual URL has been created on the IIS server, http://sap_portal.external_company_name.com, using a domain alias.
    5) When an authenticated user is passed from the IIS server to the SAP portal the SAP logon ticket that is created is for external_company_name.com alias rather than lsv.internal_company_name.com. This logon ticket is not accepted by any of the backend SAP systems that have been configured to except logon tickets because they all exist in the lsv.internal_company_name.com domain.
    6) The portal security guide says:
    "The Portal Server issues a SAP logon ticket for the Internet domain or a sub-domain of the
    Portal Server only."
    Given this scenario, is there some configuration that can be added to allow the use of this alias or is there a bug in the SAP portal code that needs to be addressed?

    Hi,
    You cannot use the external alias. You can however set SSO on the portal not to look to the total url. For example it would work if you use:
    sap_portal_server.lsv.internal.company_name.com
    and
    sap_portal.external.company_name.com
    The prerequisite here is that at least the domain name should be the same i.e. the last two parts.
    Greetings,
    Vincent

  • SSO to non SAP Application using SAP Logon Ticket

    Hi Experts,
    I Have EP 7 SP 15 using SPNego Wizard to SSO with Active Directory and SSO between EP and ECC using SAP Certificates.
    Now I have a demand to SSO some JAVA based applications (non SAP) to my portal using the SAP Logon Ticket.
    I Have followed some blogs that directed me to use SAPSSOEXT (some libs) to read the MYSAPSSO2 cookie. The problem is that I didn't found this cookie, I even executed the command javascript:document to look for this cookie but the browser just show me the JSESSIONID info.
    Does anybody knows where I can find this cookie or if there's a better way to set up this SSO? It´s necessary to say that I cannot SSO these application to the kerberos protocol because some security reasons on my company.
    Thanks
    Armando

    Hi,
    I dont have much info related but i can giv u hint
    refer OSS Notes 442401 and 723896.
    When using SAP logon tickets for non-SAP applications, two different implementation options are available. The difference lies in where the ticket verification takes place.
    In the first case,  the SAP logon ticket is submitted to the web server filter located on the web server. The web server filter verifies the portal serveru2019s public key
    certificate using its local Personal Security Environment (PSE) and then populates the HTTP header field with the user ID for SSO to the non-sap web application.
    In the second case,  the SAP logon ticket is sent to the non-SAP application, which then verifies it using the ticket verification DLL and submits the user ID to the application for SSO.
    You can refer following link :-
    http://help.sap.com/saphelp_nw70/helpdata/EN/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
    user authentication and SSO
    http://help.sap.com/saphelp_nw70/helpdata/EN/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
    Authentication Using a Directory with SSO Integration Using Logon Tickets
    http://help.sap.com/saphelp_nw70/helpdata/EN/f8/3b514ca29011d5bdeb006094191908/frameset.htm
    SSO
    SAP Logon Ticket-based Single Sign-On
    http://help.sap.com/saphelp_nwce10/helpdata/en/45/b6af743753003ae10000000a11466f/frameset.htm

  • SSO using Kerberos with SAP Logon Tickets

    Hi,
    I am creating a Repository Manager for the Portal Knowledge Management System and I want to use SSO to a backend IIS application and I have a few questions here. 
    I have a three tiered architecture. 
    A.  The presentation tier (SAP Portal which has my Repository Manager implementation)
    B.  ASP.NET web service data layer.
    C.  Backend document management system which runs on IIS. 
    I have installed the ISAPI filter on my ASP.NET application server and have enabled this HOST account for delegation in MSAD 2003.   Server B will use Kerberos constrained delegation to access Server C, which is an IIS backend server. 
    My question is how do I pass an SAP Logon Ticket to an ASP.NET web service request from my Repository Manager implementation?  Basically how do I just make an HTTP request to an ASP.NET application from some portal iView or WebDynPro code and pass along the SAP Logon Ticket in the request so it can be interpreted by the ISAPI filter on the IIS server.  Does anyone have any sample code or an application here that does this?
    Thanks,
    Scott

    Hi Scott
    Did you managed to find out anything regarding how to pass SAP Logon ticket to ASP.NET Webservice. Can you share it with me?
    regards
    ram

  • SSO with SAP logon tickets to non-SAP web app

    I am trying to implement SSO to an oracle portal based web application using SAP logon tickets, but can't seem to find a way for it to work.  I thought maybe it would be a web server filter, but am unsure if this would work for oracle portal.  Anyone tried similar?
    Cindy

    Hi Cindy,
    If it is EP6 SP2 probably you can checkout the following document.
    http://service.sap.com/ep60
    Go to Documentation Help>How-To-Guides>Current How To Guides section.
    checkout the following how to guide.
    Perform Cross Domain SSO with SAP Logon tickets zip file.
    If you want the zip file please send an e-mail to
    [email protected]
    Regards
    -Venkat Malempati

  • Java client application + SAP Logon Tickets (SSO)

    Java client application + SAP Logon Tickets (SSO)
    Hello
    I have the following question, it is about connection between SAP Enterprise Portal and Java Application.
    After registration in Enterprise Portal (with Internet Explorer Browser) request is passed on to SAP backend system - cFolders (SSO methode)
    With internet browser functioned everything.
    How can one get, however, this Logon tickets with Java application and then be of use later for SOAP connection
    (everything with client java application)
    Thanks for quick help
    Edo

    Hi Edo,
    look at this https://media.sdn.sap.com/javadocs/NW04/SPS15/um/com/sap/security/api/ticket/TicketVerifier.html
    Best Regards
    Oliver

Maybe you are looking for

  • Printing appointment times in week view?

    I would like to print my appointment times when printing in week view, but can't find a way to do it. Possible?

  • Help with Intranet DB app..

    I am looking into Oracle for building an intranet database application for at most 10 users and ~1GB database. I am having trouble determining which licenses I would actually need. I just want to be able to add,edit, and feed sql queries into pre-gen

  • How to turn off laptop screen....

    when my PB is connected to my Plasma and how do I get the sound through my amp/speakers? Help appreciated. Cheers

  • 3 Questions from a new user

    How do you protect a form from being over-written when you do a save as ? When you do a save as can you have Reader automatically generate a unique name for the form each time you fill it out ? Can you run Professional in a batch mode and what functi

  • Accessing values in an array of JComboBoxes

    Hello. I am building a program to calculate a user's GPA. This is a class assignment and so has some requirements I'm meeting. There are two event handlers: One runs a loop to add course input lines; one calculates the GPA based on the inputs. There