J2EE role with SSO tickets

We are implementing EP and R/3 on MySAP ERP 2004. There are separate J2EE engines for portal and R/3. The R/3 j2ee accepts tickets from the portal and passes to ABAP instance. We are looking to deploy WebDynpro applications outside of the portal. Can the R/3 J2EE both issue tickets with authentication and accept tickets from the portal? Or should only the portal j2EE issue the login tickets?

Hi Stephen,
although I don't have practical experience with that, by reading through the docs I don't see a reason not to have a J2EE Engine as both ticket issuing and accepting system. Perhaps you could take a look at the configuration procedures in the docs and try them out. Here's the link: http://help.sap.com/saphelp_nw04/helpdata/en/53/695b3ebd564644e10000000a114084/frameset.htm
Hope that helps at least a bit!

Similar Messages

Problem accessing R/3 with SSO ticket from the EP6.0

Hi all,
I have seen this thread: Problem accessing R/3 with SSO ticket from the EP6.0
I know that it is possible to read SSO ticket from the Cookie in WebDynpro application.
Now we are at the first step, we don't know how to read SSO ticket from the Cookie in WebDynpro application with java code.
So anyone can help us?

Hi,
This has been discussed in a previous forum.Check this link.A code snippet is also there to read a cookie in webdynpro with this question
How to implement SSO between Portal, Webdypro and ABAP system?
I am not able to send the link exactly.
Regards,
Sowjanya.
Message was edited by: Sowjanya Chintala

SSO fails with logon ticket

Hi all ,
Could some advice on this .I have some issues with SSO with logon tickets .
My landscape consists of
- EP 6.0 SP on WAS J2EE 6.0
- ECC 5.0 SP7 on WAS ABAP 6.0
I am trying to do SSO between portal and ECC , where in portal is the ticket issuer
and my ECC accepts the ticket . Follwing are the steps I have done .
1. From keystore Administrator , I have downloaded the verity.der .
2. From my ECC system , run STRUSTSS02 transaction and done following activities
a. import the verity.der into certificate area ( selecte dfile format as binary )
b. Added certificate into PSE
c. Add to ACL ( here I have selected my portal SID , client
as 000 ( Do is need to give a different client ???...)
d. Saved everything
3. Then I have created a system object for my ECC system , given all the connector parametrs,
user management as logon ticket and created an alias too .
But when I tested is is failure
I have also created a JCO destination under the webdynpro content admin and selected the
logon ticket as the option , there also the test fails
Could any body advice what am I doing wrong ?
THanks
Aneez

Phani ,
Here is the trace .
M *** BEGIN USER TRACE UID >915< MODE >1< STEP >1< REQID >11685< TIME >053138< DATE >20050805< WP >0< WP_TYPE >DIA< CONV_ID >5028
N dy_signi_ext: SSO TICKET logon (client 110)
N mySAPUnwrapCookie: was called.
N HmskiFindTicketInCache: Trying to find logon ticket in ticket cache.
N HmskiFindTicketInCache: Try to find ticket with cache key: 110:F8906A99658752C18D6007083CC6D4A3 .
N HmskiFindTicketInCache: Couldn't find ticket in ticket cache.
N I don't need to ask RunningCompatibly to know: I'm >= 46C.
N mySAP: Got the following SSF Params:
N DN =CN=DV1
N EncrAlg=DES-CBC
N Format =PKCS7
N Toolkit =SAPSECULIB
N HashAlg =SHA1
N Profile =/usr/sap/DV1/DVEBMGS00/sec/SAPSYS.pse
N PAB =/usr/sap/DV1/DVEBMGS00/sec/SAPSYS.pse
N Got the codepage 4102.
N Got ticket (head) AjExMDAgAA5wb3J0YWw6QUhBTUVFRIgAE2Jhc2lj. Length = 444.
N 00000000 00 41 00 6a 00 45 00 78 00 4d 00 44 00 41 00 67 .A.j.E.x.M.D.A.g
N 00000010 00 41 00 41 00 35 00 77 00 62 00 33 00 4a 00 30 .A.A.5.w.b.3.J.0
N 00000020 00 59 00 57 00 77 00 36 00 51 00 55 00 68 00 42 .Y.W.w.6.Q.U.h.B
N 00000030 00 54 00 55 00 56 00 46 00 52 00 49 00 67 00 41 .T.U.V.F.R.I.g.A
N 00000040 00 45 00 32 00 4a 00 68 00 63 00 32 00 6c 00 6a .E.2.J.h.c.2.l.j
N 00000050 00 59 00 58 00 56 00 30 00 61 00 47 00 56 00 75 .Y.X.V.0.a.G.V.u
N 00000060 00 64 00 47 00 6c 00 6a 00 59 00 58 00 52 00 70 .d.G.l.j.Y.X.R.p
N 00000070 00 62 00 32 00 34 00 42 00 41 00 41 00 41 00 43 .b.2.4.B.A.A.A.C
N 00000080 00 41 00 41 00 4d 00 77 00 4d 00 44 00 41 00 44 .A.A.M.w.M.D.A.D
N 00000090 00 41 00 41 00 4e 00 46 00 55 00 45 00 51 00 45 .A.A.N.F.U.E.Q.E
N 000000A0 00 41 00 41 00 77 00 79 00 4d 00 44 00 41 00 31 .A.A.w.y.M.D.A.1
N 000000B0 00 4d 00 44 00 67 00 77 00 4e 00 54 00 41 00 35 .M.D.g.w.N.T.A.5
N 000000C0 00 4d 00 6a 00 49 00 46 00 41 00 41 00 51 00 41 .M.j.I.F.A.A.Q.A
N 000000D0 00 41 00 41 00 41 00 49 00 43 00 67 00 41 00 41 .A.A.A.I.C.g.A.A
N 000000E0 00 2f 00 77 00 44 00 31 00 4d 00 49 00 48 00 79 ./.w.D.1.M.I.H.y
N 000000F0 00 42 00 67 00 6b 00 71 00 68 00 6b 00 69 00 47 .B.g.k.q.h.k.i.G
N 00000100 00 39 00 77 00 30 00 42 00 42 00 77 00 4b 00 67 .9.w.0.B.B.w.K.g
N 00000110 00 67 00 65 00 51 00 77 00 67 00 65 00 45 00 43 .g.e.Q.w.g.e.E.C
N 00000120 00 41 00 51 00 45 00 78 00 43 00 7a 00 41 00 4a .A.Q.E.x.C.z.A.J
N 00000130 00 42 00 67 00 55 00 72 00 44 00 67 00 4d 00 43 .B.g.U.r.D.g.M.C
N 00000140 00 47 00 67 00 55 00 41 00 4d 00 41 00 73 00 47 .G.g.U.A.M.A.s.G
N 00000150 00 43 00 53 00 71 00 47 00 53 00 49 00 62 00 33 .C.S.q.G.S.I.b.3
N 00000160 00 44 00 51 00 45 00 48 00 41 00 54 00 47 00 42 .D.Q.E.H.A.T.G.B
N 00000170 00 77 00 54 00 43 00 42 00 76 00 67 00 49 00 42 .w.T.C.B.v.g.I.B
N 00000180 00 41 00 54 00 41 00 54 00 4d 00 41 00 34 00 78 .A.T.A.T.M.A.4.x
N 00000190 00 44 00 44 00 41 00 4b 00 42 00 67 00 4e 00 56 .D.D.A.K.B.g.N.V
N 000001A0 00 42 00 41 00 4d 00 54 00 41 00 30 00 56 00 51 .B.A.M.T.A.0.V.Q
N 000001B0 00 52 00 41 00 49 00 42 00 41 00 44 00 41 00 4a .R.A.I.B.A.D.A.J
N 000001C0 00 42 00 67 00 55 00 72 00 44 00 67 00 4d 00 43 .B.g.U.r.D.g.M.C
N 000001D0 00 47 00 67 00 55 00 41 00 6f 00 46 00 30 00 77 .G.g.U.A.o.F.0.w
N 000001E0 00 47 00 41 00 59 00 4a 00 4b 00 6f 00 5a 00 49 .G.A.Y.J.K.o.Z.I
N 000001F0 00 68 00 76 00 63 00 4e 00 41 00 51 00 6b 00 44 .h.v.c.N.A.Q.k.D
N 00000200 00 4d 00 51 00 73 00 47 00 43 00 53 00 71 00 47 .M.Q.s.G.C.S.q.G
N 00000210 00 53 00 49 00 62 00 33 00 44 00 51 00 45 00 48 .S.I.b.3.D.Q.E.H
N 00000220 00 41 00 54 00 41 00 63 00 42 00 67 00 6b 00 71 .A.T.A.c.B.g.k.q
N 00000230 00 68 00 6b 00 69 00 47 00 39 00 77 00 30 00 42 .h.k.i.G.9.w.0.B
N 00000240 00 43 00 51 00 55 00 78 00 44 00 78 00 63 00 4e .C.Q.U.x.D.x.c.N
N 00000250 00 4d 00 44 00 55 00 77 00 4f 00 44 00 41 00 31 .M.D.U.w.O.D.A.1
N 00000260 00 4d 00 44 00 6b 00 79 00 4d 00 6a 00 41 00 31 .M.D.k.y.M.j.A.1
N 00000270 00 57 00 6a 00 41 00 6a 00 42 00 67 00 6b 00 71 .W.j.A.j.B.g.k.q
N 00000280 00 68 00 6b 00 69 00 47 00 39 00 77 00 30 00 42 .h.k.i.G.9.w.0.B
N 00000290 00 43 00 51 00 51 00 78 00 46 00 67 00 51 00 55 .C.Q.Q.x.F.g.Q.U
N 000002A0 00 4e 00 78 00 47 00 53 00 38 00 70 00 65 00 6b .N.x.G.S.8.p.e.k
N 000002B0 00 68 00 62 00 5a 00 32 00 6e 00 79 00 6e 00 61 .h.b.Z.2.n.y.n.a
N 000002C0 00 46 00 4c 00 4b 00 54 00 51 00 2f 00 37 00 43 .F.L.K.T.Q./.7.C
N 000002D0 00 42 00 5a 00 6b 00 77 00 43 00 51 00 59 00 48 .B.Z.k.w.C.Q.Y.H
N 000002E0 00 4b 00 6f 00 5a 00 49 00 7a 00 6a 00 67 00 45 .K.o.Z.I.z.j.g.E
N 000002F0 00 41 00 77 00 51 00 76 00 4d 00 43 00 30 00 43 .A.w.Q.v.M.C.0.C
N 00000300 00 46 00 41 00 32 00 53 00 63 00 53 00 6f 00 71 .F.A.2.S.c.S.o.q
N 00000310 00 4d 00 53 00 51 00 41 00 2f 00 75 00 41 00 42 .M.S.Q.A./.u.A.B
N 00000320 00 70 00 43 00 69 00 61 00 6b 00 6f 00 68 00 69 .p.C.i.a.k.o.h.i
N 00000330 00 68 00 75 00 44 00 79 00 41 00 68 00 55 00 41 .h.u.D.y.A.h.U.A
N 00000340 00 36 00 4e 00 56 00 48 00 43 00 53 00 6b 00 50 .6.N.V.H.C.S.k.P
N 00000350 00 58 00 49 00 52 00 6c 00 63 00 57 00 2b 00 32 .X.I.R.l.c.W.+.2
N 00000360 00 6a 00 41 00 45 00 30 00 31 00 37 00 55 00 62 .j.A.E.0.1.7.U.b
N 00000370 00 61 00 63 00 34 00 3d .a.c.4.=
N Dump of InContext (ssoxxapi.c 155)
N 00000000 00 34 00 31 00 30 00 32 0f ff ff ff ff ff 54 e8 .4.1.0.2.ÿÿÿÿÿTè
N 00000010 00 00 00 01 83 37 73 10 0f ff ff ff ff ff 59 98 .....7s..ÿÿÿÿÿY.
N 00000020 00 00 01 bc 00 00 00 00 00 00 00 01 00 93 ee 8c ...¼..........î.
N 00000030
N Copies from InContext->Format: PKCS7 (ssoxxapi.c 162)
N Copies from InContext->pzcsProName: /usr/sap/DV1/DVEBMGS00/sec/SAPSYS.pse (ssoxxapi.c 165)
N DecodeB64Len returns 0. iDecLength=332
N Dump of Decoded ticket: (ssoxxapi.c 187)
N 00000000 02 31 31 30 30 20 00 0e 70 6f 72 74 61 6c 3a 41 .1100 ..portal:A
N 00000010 48 41 4d 45 45 44 88 00 13 62 61 73 69 63 61 75 HAMEED...basicau
N 00000020 74 68 65 6e 74 69 63 61 74 69 6f 6e 01 00 00 02 thentication....
N 00000030 00 03 30 30 30 03 00 03 45 50 44 04 00 0c 32 30 ..000...EPD...20
N 00000040 30 35 30 38 30 35 30 39 32 32 05 00 04 00 00 00 0508050922......
N 00000050 08 0a 00 00 ff 00 f5 30 81 f2 06 09 2a 86 48 86 ....ÿ.õ0.ò..*.H.
N 00000060 f7 0d 01 07 02 a0 81 e4 30 81 e1 02 01 01 31 0b ÷.... .ä0.á...1.
N 00000070 30 09 06 05 2b 0e 03 02 1a 05 00 30 0b 06 09 2a 0...+......0...*
N 00000080 86 48 86 f7 0d 01 07 01 31 81 c1 30 81 be 02 01 .H.÷....1.Á0.¾..
N 00000090 01 30 13 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 .0.0.1.0...U....
N 000000A0 45 50 44 02 01 00 30 09 06 05 2b 0e 03 02 1a 05 EPD...0...+.....
N 000000B0 00 a0 5d 30 18 06 09 2a 86 48 86 f7 0d 01 09 03 . ]0...*.H.÷....
N 000000C0 31 0b 06 09 2a 86 48 86 f7 0d 01 07 01 30 1c 06 1...*.H.÷....0..
N 000000D0 09 2a 86 48 86 f7 0d 01 09 05 31 0f 17 0d 30 35 .*.H.÷....1...05
N 000000E0 30 38 30 35 30 39 32 32 30 35 5a 30 23 06 09 2a 0805092205Z0#..*
N 000000F0 86 48 86 f7 0d 01 09 04 31 16 04 14 37 11 92 f2 .H.÷....1...7..ò
N 00000100 97 a4 85 b6 76 9f 29 da 14 b2 93 43 fe c2 05 99 .¤.¶v.)Ú.².CþÂ..
N 00000110 30 09 06 07 2a 86 48 ce 38 04 03 04 2f 30 2d 02 0...*.HÎ8.../0-.
N 00000120 14 0d 92 71 2a 2a 31 24 00 fe e0 01 a4 28 9a 92 ...q**1$.þà.¤(..
N 00000130 88 62 86 e0 f2 02 15 00 e8 d5 47 09 29 0f 5c 84 .b.àò...èÕG.)..
N 00000140 65 71 6f b6 8c 01 34 d7 b5 1b 69 ce eqo¶..4×µ.iÎ
N Read version.
N Read Codepage.
N Read InfoUnit (0x20).
N Read length (14).
N Read contents.
N Read InfoUnit (0x88).
N Read length (19).
N Read contents.
N Read InfoUnit (0x01).
N Read length (0).
N Read contents.
N Read InfoUnit (0x02).
N Read length (3).
N Read contents.
N Read InfoUnit (0x03).
N Read length (3).
N Read contents.
N Read InfoUnit (0x04).
N Read length (12).
N Read contents.
N Read InfoUnit (0x05).
N Read length (4).
N Read contents.
N Read InfoUnit (0x0A).
N Read length (0).
N Read contents.
N Read InfoUnit (0xFF).
N ParseTicket returns 0. (ssoxxapi.c 199)
N Bytes processed: 85 (ssoxxapi.c 202)
N Argument Dump for ticket verification:
N Content byte stream:
N 00000000 02 31 31 30 30 20 00 0e 70 6f 72 74 61 6c 3a 41 .1100 ..portal:A
N 00000010 48 41 4d 45 45 44 88 00 13 62 61 73 69 63 61 75 HAMEED...basicau
N 00000020 74 68 65 6e 74 69 63 61 74 69 6f 6e 01 00 00 02 thentication....
N 00000030 00 03 30 30 30 03 00 03 45 50 44 04 00 0c 32 30 ..000...EPD...20
N 00000040 30 35 30 38 30 35 30 39 32 32 05 00 04 00 00 00 0508050922......
N 00000050 08 0a 00 00 ....
N
N Signature byte stream:
N 00000000 30 81 f2 06 09 2a 86 48 86 f7 0d 01 07 02 a0 81 0.ò..*.H.÷.... .
N 00000010 e4 30 81 e1 02 01 01 31 0b 30 09 06 05 2b 0e 03 ä0.á...1.0...+..
N 00000020 02 1a 05 00 30 0b 06 09 2a 86 48 86 f7 0d 01 07 ....0...*.H.÷...
N 00000030 01 31 81 c1 30 81 be 02 01 01 30 13 30 0e 31 0c .1.Á0.¾...0.0.1.
N 00000040 30 0a 06 03 55 04 03 13 03 45 50 44 02 01 00 30 0...U....EPD...0
N 00000050 09 06 05 2b 0e 03 02 1a 05 00 a0 5d 30 18 06 09 ...+...... ]0...
N 00000060 2a 86 48 86 f7 0d 01 09 03 31 0b 06 09 2a 86 48 .H.÷....1....H
N 00000070 86 f7 0d 01 07 01 30 1c 06 09 2a 86 48 86 f7 0d .÷....0...*.H.÷.
N 00000080 01 09 05 31 0f 17 0d 30 35 30 38 30 35 30 39 32 ...1...050805092
N 00000090 32 30 35 5a 30 23 06 09 2a 86 48 86 f7 0d 01 09 205Z0#..*.H.÷...
N 000000A0 04 31 16 04 14 37 11 92 f2 97 a4 85 b6 76 9f 29 .1...7..ò.¤.¶v.)
N 000000B0 da 14 b2 93 43 fe c2 05 99 30 09 06 07 2a 86 48 Ú.².CþÂ..0...*.H
N 000000C0 ce 38 04 03 04 2f 30 2d 02 14 0d 92 71 2a 2a 31 Î8.../0-....q**1
N 000000D0 24 00 fe e0 01 a4 28 9a 92 88 62 86 e0 f2 02 15 $.þà.¤(...b.àò..
N 000000E0 00 e8 d5 47 09 29 0f 5c 84 65 71 6f b6 8c 01 34 .èÕG.)..eqo¶..4
N 000000F0 d7 b5 1b 69 ce ×µ.iÎ
N Encoded content byte stream:
N 00000000 30 63 06 09 2a 86 48 86 f7 0d 01 07 01 a0 56 04 0c..*.H.÷.... V.
N 00000010 54 02 31 31 30 30 20 00 0e 70 6f 72 74 61 6c 3a T.1100 ..portal:
N 00000020 41 48 41 4d 45 45 44 88 00 13 62 61 73 69 63 61 AHAMEED...basica
N 00000030 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 01 00 00 uthentication...
N 00000040 02 00 03 30 30 30 03 00 03 45 50 44 04 00 0c 32 ...000...EPD...2
N 00000050 30 30 35 30 38 30 35 30 39 32 32 05 00 04 00 00 00508050922.....
N 00000060 00 08 0a 00 00 .....
N Verify returns 0 (ssoxxsgn.c 189)
N Certificate is:
N 00000000 30 82 02 1d 30 82 02 08 02 01 00 30 09 06 07 2a 0...0......0...*
N 00000010 86 48 ce 38 04 03 30 0e 31 0c 30 0a 06 03 55 04 .HÎ8..0.1.0...U.
N 00000020 03 13 03 45 50 44 30 1e 17 0d 30 35 30 37 30 35 ...EPD0...050705
N 00000030 31 31 34 30 35 30 5a 17 0d 30 37 30 37 30 35 31 114050Z..0707051
N 00000040 31 34 30 35 30 5a 30 0e 31 0c 30 0a 06 03 55 04 14050Z0.1.0...U.
N 00000050 03 13 03 45 50 44 30 82 01 b6 30 82 01 2b 06 07 ...EPD0..¶0..+..
N 00000060 2a 86 48 ce 38 04 01 30 82 01 1e 02 81 81 00 82 *.HÎ8..0........
N 00000070 7d d4 9c a2 05 69 84 e9 83 71 b1 34 0d 5d 71 83 }Ô.¢.i.é.q±4.]q.
N 00000080 92 85 b2 5a ca a3 82 d7 ac 38 6e 94 40 84 3f 0a ..²ZÊ£.×¬8n.@.?.
N 00000090 46 7a a8 75 a8 c1 ca 3b 70 ba 6a 97 07 12 f6 b1 Fz¨u¨ÁÊ;pºj...ö±
N 000000A0 99 ed 3e ec 53 13 f3 94 0a 67 bb d6 9f 38 72 29 .í>ìS.ó..g»Ö.8r)
N 000000B0 61 ab 02 3d 17 a1 33 3c 52 23 5d 9f b7 d1 0e 95 a«.=.¡3<R#].·Ñ..
N 000000C0 e3 a5 5e f9 b0 4f c7 c9 20 c5 72 da 7a c3 d5 0f ã¥^ù°OÇÉ ÅrÚzÃÕ.
N 000000D0 24 0d bb 8e 54 da 9e bb 70 21 11 c5 35 82 e5 35 $.».TÚ.»p!.Å5.å5
N 000000E0 85 2e 9f 59 39 79 b3 32 50 c8 86 83 96 19 17 02 ...Y9y³2PÈ......
N 000000F0 15 00 fa 50 79 da fa 3f 3a b1 e8 0a 6d f5 bd 16 ..úPyÚú?:±è.mõ½.
N 00000100 f2 24 d8 f8 d7 1b 02 81 80 4f bd f5 2e 33 04 f0 ò$Øø×....O½õ.3.ð
N 00000110 51 c1 7c a5 5c 93 81 b5 c1 7d 4c 20 50 76 85 34 QÁ|¥..µÁ}L Pv.4
N 00000120 50 cf d9 fc 72 b2 e1 b2 b1 6f a0 10 48 b8 ff 17 PÏÙür²á²±o .H¸ÿ.
N 00000130 e7 a9 0a e1 e0 18 05 3e 34 d9 d5 61 df 71 4c c8 ç©.áà..>4ÙÕaßqLÈ
N 00000140 dc 92 b1 51 b5 df 66 59 70 6b 5e 57 c3 19 a2 d6 Ü.±QµßfYpk^WÃ.¢Ö
N 00000150 58 3b 7d 32 d2 e9 e1 f1 66 3e aa ac 46 0d cd 4e X;}2Òéáñf>ª¬F.ÍN
N 00000160 67 70 36 f7 f9 be 0b 2e 16 a0 5d 69 5d 5b 81 13 gp6÷ù¾... ]i][..
N 00000170 a9 03 cb 38 63 56 1a bd 36 4a 5d 6c 15 66 17 fa ©.Ë8cV.½6J]l.f.ú
N 00000180 10 a3 20 99 e1 d2 34 77 13 03 81 84 00 02 81 80 .£ .áÒ4w........
N 00000190 6b a6 d4 4e e8 03 f6 f1 35 83 fb 37 01 1f 3c 5c k¦ÔNè.öñ5.û7..<
N 000001A0 8e 75 ad 1f 2d b3 9b 69 4f b3 a3 36 b6 9f 38 07 .u..-³.iO³£6¶.8.
N 000001B0 fe bf f1 0b ca 24 fe 5c a7 33 a1 55 c9 65 c5 4c þ¿ñ.Ê$þ\u00A73¡UÉeÅL
N 000001C0 97 a1 e7 58 d1 47 7f 72 36 47 bf f4 cc 6d 12 14 .¡çXÑG.r6G¿ôÌm..
N 000001D0 cc 61 be 82 b5 50 be 16 7a cc 4d 47 1e 80 2f 6d Ìa¾.µP¾.zÌMG../m
N 000001E0 2e d4 19 69 80 e6 26 13 23 4f 07 0a 9c 87 13 91 .Ô.i.æ&.#O......
N 000001F0 7b 75 57 93 e1 8d 42 5f 28 47 e2 61 27 6d 0c 4c {uW.á.B_(Gâa'm.L
N 00000200 55 99 37 33 cc 92 c0 b9 06 d1 99 68 d0 17 c1 4d U.73Ì.À¹.Ñ.hÐ.ÁM
N 00000210 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 03 01 0...*.H.÷.......
N 00000220 00 .
N ValidateTicket returns 0. (ssoxxapi.c 225)
N MskiValidateTicket returns 0.
N Next node:
N 00000000 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 00 00 00 00 00 00 00 00 01 84 e7 8a 10 .............ç..
N 00000110 00 00 00 00 00 00 00 00 ........
N Next node:
N 00000000 02 00 30 00 30 00 30 00 00 00 00 00 00 00 00 00 ..0.0.0.........
N 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 06 00 03 00 00 00 00 00 01 84 e7 95 10 .............ç..
N 00000110 00 00 00 01 84 e4 37 b0 .....ä7°
N Next node:
N 00000000 03 00 45 00 50 00 44 00 00 00 00 00 00 00 00 00 ..E.P.D.........
N 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 06 00 03 00 00 00 00 00 01 85 0e cd 30 ..............Í0
N 00000110 00 00 00 01 84 e7 8a 10 .....ç..
N Next node:
N 00000000 04 00 32 00 30 00 30 00 35 00 30 00 38 00 30 00 ..2.0.0.5.0.8.0.
N 00000010 35 00 30 00 39 00 32 00 32 00 00 00 00 00 00 00 5.0.9.2.2.......
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 18 00 0c 00 00 00 00 00 01 85 0e d0 b0 ..............Ð°
N 00000110 00 00 00 01 84 e7 95 10 .....ç..
N Next node:
N 00000000 05 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 04 00 00 00 00 00 00 00 01 85 0f 76 90 ..............v.
N 00000110 00 00 00 01 85 0e cd 30 ......Í0
N Next node:
N 00000000 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 00 00 00 00 00 00 00 00 01 84 0a a6 30 ..............¦0
N 00000110 00 00 00 01 85 0e d0 b0 ......Ð°
N Next node:
N 00000000 20 70 6f 72 74 61 6c 3a 41 48 41 4d 45 45 44 00 portal:AHAMEED.
N 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 0e 00 00 00 00 00 00 00 01 84 0b 7a 10 ..............z.
N 00000110 00 00 00 01 85 0f 76 90 ......v.
N Next node:
N 00000000 88 62 61 73 69 63 61 75 74 68 65 6e 74 69 63 61 .basicauthentica
N 00000010 74 69 6f 6e 00 00 00 00 00 00 00 00 00 00 00 00 tion............
N 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000100 00 00 00 13 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000110 00 00 00 01 84 0a a6 30 ......¦0
N Got content client = 000.
N Got content sysid = EPD .
N No entry in TWPSSO2ACL for SYS EPD and CLI 000.
N CheckSubject failed (rc=19). Verifying if ticket was issued by me.
N *** ERROR => System ID and client from ticket are not the same than mine. (ssoxxkrn.c 798)
N Data from ticket: sysid=EPD , client=000
N My system data: sysid=DV1 , client=110
N *** ERROR => Neither was ticket issued by myself nor can I find issuer in TWPSSO2ACL. (ssoxxkrn.c 804)
N dy_signi_ext: issuer not trusted
M *** END USER TRACE NAME >SAPSYS < UID >915< MODE >1< STEP >1< TIME >053139< DATE >20050805< WP >0< WP_TYPE >DIA<
Thanks
Aneez

Not able to activate SSO with logon tickets...

Hi all,
I configured SSO with logon tickets on a new installation of EP 7.0 Nw 2004s SR2.
The target R3 server is in a different domain. But i added the certificate receiver portal server address in the UME service entries.
But when i try to test it, it is showing the password entry login screen.
Is there any changes i need to make to the logon stacks?
Given below are the major steps i completed.
1. Created RFC destination in portal
2. Created RFC destination for portal in R3
3. Exported verify.der certificate to R3.
4. Added necessary entries for R3 sever in the portal security providers list.
5. Restarted portal j2ee instance.
Did I miss out any required steps?
I doubt whether logon tickets are generated from the portal , since it directly shows the normal login screen when i test.
Can anyone help me on this?
Thanks in advance
Shobin

Hi,
Thanks alot for your reply.
I checked sso2. The connection fails there. But long back, we had created another destination in the R3 system to use in a different portal instance. There, SSO works fine. Even this destination also fails when checked through sso2.
I login to portal with administrator rights which has the same user id in R3 also. Please note that both these systems are in different domain. But I have added another host name in ume.service.login property which is already set up for SSO with the target R3 system.
When i test SSO, i am not getting any error messages regarding the certificate or logon ticket. It simply ask me for a user name and password.
Is there any change i have to do in logon stacks to give preference to logon tickets?
Thanks alot
Shobin

SSO with Logon Ticket to non-SAP Unix based application

Hi all,
Anyone has implemented SSO with Logon Ticket to a Unix box ?
We need to achieve Single Sign On between our EP5.0 SP5 Portal and a third-party web application with a front-end on a Unix AIX machine with Apache.
We achieved SSO with non-SAP applications with Logon Tickets, but one was to an IIS system in another domain (we therefore used the standard Web Filter for IIS and declared it in usermanagement for cross-domain support) and another one running on Windows platform (we used the C libraries provided in the "Logon Ticket Toolkit": NT or Linux only).
From what we understand and found on the web sites, we cannot reuse any standard web filter (none for Unix, am I correct ???) and want to implement custom code using SAP libraries, if possible using Java
-> Are there any Java libraries that are available to both:
. verify the logon ticket with the deployed Portal public key
. decrypt/extract the authenticated username from this ticket ??
I've seen a mention of Java libraries, and Unix, in a SAP EP 6.0 document but I'm not sure where to find them...
Is the SAP Logon Ticket issued the same way in EP 5.0 and EP 6.0 ?
I managed to find something called SAPSSOEXT, for AIX, which contains some partial library and a sample, but it is dated 2000 !! Anyone has more information about this ?
Any hint is very much appreciated.
Thanks a lot
Olivier

Check these links for reference regarding AIX and Apache using X.509 certificates:
http://publib16.boulder.ibm.com/pseries/en_US/aixbman/security/cas_pki.htm
And just using cookies -
http://forums.devshed.com/archive/t-105611 (perl based)
You can also use mod_ssl built into your Apache to facilitate both certificate based authentication as well as encryption.
The mod_ssl route is most secure (because of the encryption), the IBM link is comprehensive but requires extra infrastructure (LDAP).
Nick
Nick

Client certificate authentication with custom authorization for J2EE roles?

We have a Java application deployed on Sun Java Web Server 7.0u2 where we would like to secure it with client certificates, and a custom mapping of subject DNs onto J2EE roles (e.g., "visitor", "registered-user", "admin"). If we our web.xml includes:
<login-config>
 <auth-method>CLIENT-CERT</auth-method>
 <realm-name>certificate</realm-name>
<login-config>that will enforce that only users with valid client certs can access our app, but I don't see any hook for mapping different roles. Is there one? Can anyone point to documentation, or an example?
On the other hand, if we wanted to create a custom realm, the only documentation I have found is the sample JDBCRealm, which includes extending IASPasswordLoginModule. In our case, we wouldn't want to prompt for a password, we would want to examine the client certificate, so we would want to extend some base class higher up the hierarchy. I'm not sure whether I can provide any class that implements javax.security.auth.spi.LoginModule, or whether the WebServer requires it to implement or extend something more specific. It would be ideal if there were an IASCertificateLoginModule that handled the certificate authentication, and allowed me to access the subject DN info from the certificate (e.g., thru a javax.security.auth.Subject) and cache group info to support a specialized IASRealm::getGroupNames(string user) method for authorization. In a case like that, I'm not sure whether the web.xml should be:
<login-config>
 <auth-method>CLIENT-CERT</auth-method>
 <realm-name>MyRealm</realm-name>
<login-config>or:
<login-config>
 <auth-method>MyRealm</auth-method>
<login-config>Anybody done anything like this before?
--Thanks

We have JDBCRealm.java and JDBCLoginModule.java in <ws-install-dir>/samples/java/webapps/security/jdbcrealm/src/samples/security/jdbcrealm. I think we need to tweak it to suite our needs :
$cat JDBCRealm.java
* JDBCRealm for supporting RDBMS authentication.
* This login module provides a sample implementation of a custom realm.
* You may use this sample as a template for creating alternate custom
* authentication realm implementations to suit your applications needs.
* In order to plug in a realm into the server you need to
* implement both a login module (see JDBCLoginModule for an example)
* which performs the authentication and a realm (as shown by this
* class) which is used to manage other realm operations.
* A custom realm should implement the following methods:
* <ul>
* <li>init(props)
* <li>getAuthType()
* <li>getGroupNames(username)
* </ul>
* IASRealm and other classes and fields referenced in the sample
* code should be treated as opaque undocumented interfaces.
final public class JDBCRealm extends IASRealm
 protected void init(Properties props)
 throws BadRealmException, NoSuchRealmException
 public java.util.Enumeration getGroupNames (String username)
 throws InvalidOperationException, NoSuchUserException
 public void setGroupNames(String username, String[] groups)
}and
$cat JDBCLoginModule.java
* JDBCRealm login module.
* This login module provides a sample implementation of a custom realm.
* You may use this sample as a template for creating alternate custom
* authentication realm implementations to suit your applications needs.
* In order to plug in a realm into the server you need to implement
* both a login module (as shown by this class) which performs the
* authentication and a realm (see JDBCRealm for an example) which is used
* to manage other realm operations.
* The PasswordLoginModule class is a JAAS LoginModule and must be
* extended by this class. PasswordLoginModule provides internal
* implementations for all the LoginModule methods (such as login(),
* commit()). This class should not override these methods.
* This class is only required to implement the authenticate() method as
* shown below. The following rules need to be followed in the implementation
* of this method:
* <ul>
* <li>Your code should obtain the user and password to authenticate from
* _username and _password fields, respectively.
* <li>The authenticate method must finish with this call:
* return commitAuthentication(_username, _password, _currentRealm,
* grpList);
* <li>The grpList parameter is a String[] which can optionally be
* populated to contain the list of groups this user belongs to
* </ul>
* The PasswordLoginModule, AuthenticationStatus and other classes and
* fields referenced in the sample code should be treated as opaque
* undocumented interfaces.
* Sample setting in server.xml for JDBCLoginModule
* <pre>
* <auth-realm name="jdbc" classname="samples.security.jdbcrealm.JDBCRealm">
* <property name="dbdrivername" value="com.pointbase.jdbc.jdbcUniversalDriver"/>
* <property name="jaas-context" value="jdbcRealm"/>
* </auth-realm>
* </pre>
public class JDBCLoginModule extends PasswordLoginModule
 protected AuthenticationStatus authenticate()
 throws LoginException
 private String[] authenticate(String username,String passwd)
 private Connection getConnection() throws SQLException
}One more article [http://developers.sun.com/appserver/reference/techart/as8_authentication/]
You can try to extend "com/iplanet/ias/security/auth/realm/certificate/CertificateRealm.java"
[http://fisheye5.cenqua.com/browse/glassfish/appserv-core/src/java/com/sun/enterprise/security/auth/realm/certificate/CertificateRealm.java?r=SJSAS_9_0]
$cat CertificateRealm.java
package com.iplanet.ias.security.auth.realm.certificate;
* Realm wrapper for supporting certificate authentication.
* The certificate realm provides the security-service functionality
* needed to process a client-cert authentication. Since the SSL processing,
* and client certificate verification is done by NSS, no authentication
* is actually done by this realm. It only serves the purpose of being
* registered as the certificate handler realm and to service group
* membership requests during web container role checks.
* There is no JAAS LoginModule corresponding to the certificate
* realm. The purpose of a JAAS LoginModule is to implement the actual
* authentication processing, which for the case of this certificate
* realm is already done by the time execution gets to Java.
* The certificate realm needs the following properties in its
* configuration: None.
* The following optional attributes can also be specified:
* <ul>
* <li>assign-groups - A comma-separated list of group names which
* will be assigned to all users who present a cryptographically
* valid certificate. Since groups are otherwise not supported
* by the cert realm, this allows grouping cert users
* for convenience.
* </ul>
public class CertificateRealm extends IASRealm
 protected void init(Properties props)
 * Returns the name of all the groups that this user belongs to.
 * @param username Name of the user in this realm whose group listing
 * is needed.
 * @return Enumeration of group names (strings).
 * @exception InvalidOperationException thrown if the realm does not
 * support this operation - e.g. Certificate realm does not support
 * this operation.
 public Enumeration getGroupNames(String username)
 throws NoSuchUserException, InvalidOperationException
 * Complete authentication of certificate user.
 * As noted, the certificate realm does not do the actual
 * authentication (signature and cert chain validation) for
 * the user certificate, this is done earlier in NSS. This default
 * implementation does nothing. The call has been preserved from S1AS
 * as a placeholder for potential subclasses which may take some
 * action.
 * @param certs The array of certificates provided in the request.
 public void authenticate(X509Certificate certs[])
 throws LoginException
 // Set up SecurityContext, but that is not applicable to S1WS..
}Edited by: mv on Apr 24, 2009 7:04 AM

Integrating BI Publisher 10.1.3.2 with SSO

We have one OID/SSO server, one j2ee (10.1.2.0.2)/Portal server. We had xmlpublisher 5.6.2 deployed on the j2ee server. We installed J2ee (10.1.3.1) on a separate home and deployed BI Publisher. BIP works well standalone without any problems. We are having problems integrating BIP with SSO (10.1.4). The single sign on page comes up but after logging in, the Admin/Scheduler/Reports tabs won't show up. It will just have the Search Box displayed on the left side and nothing else. The security has been configured with LDAP and believe all the parameters have been entered correctly. If anybody has seen this error before or if there is any straightforward documentation on integrating BIP with SSO, please let me know. I greatly appreciate the help.
Thanks.
Satish...

Check you settings in the
xmlp-server-config.xml
specifically the setting related to LDAP. Also make sure you have the roles defined and users added to these roles. The steps for this are in the XML Pub users guide Chapter 5. If you need further help contact me via email at [email protected]
Of course I am assuming you mean Oracle SSO and not another flavor of SSO.

Usually this system rejects access using SSO tickets exception

Hi,
I'm facing a problem when trying to access to some tasks in the UWL.
It appears an error message saying "Usually this system rejects the access using SSO tickets" (it's not an accurate translation, the message in spanish says "Generalmente este sistema rechaza el acceso mediante ticket SSO").
The same happens when I try to access to the backend system (R/3 Release 4.6C) using an iView.
At first I thought it was a problem related with the certificate between the backend and the portal, but we have reimported the certificate in the backend and the problem still happens. And the certificate doesn't expire until 2012.
I have restarted the J2EE Engine too, but it continues the same.
What is extrange is that all the WebDynpro applications that call RFCs in the backend system work fine and get the information.
Anybody knows what can I do to solve this problem? Yesterday all worked fine and this morning I saw all this.
The release is Enterprise Portal 6.0 SP18.
Thank you very much! All help would be highly appreciated (and rewarded)!

You can check the following
- the following profile parameters are set
login/create_sso2_ticket = 2
login/accept_sso2_ticket = 1
- if the corresponding R3 user is not locked or expired
- if the portal certificate is added to the ACL list of the R/3 System (using STRUSTSSO2)
Regards,
Abhishek

SSO ticket wont work for displaying contents of internally stored files

Thx to the help I got here the application here is all in all running well with SSO as authentification method.
But the application has a part where it tries to open & display files stored in the backend (e.g. Excel-Sheets, TIFs etc).
This part was running fine with the old basic authentification, but now it opens the application and then seems to try to authenticate again (at least that's how it looks in excel as there is shown the login-dialog again).
Any way I can work around that - at the moment it makes an important part of the application useless :\.
Method used to display:
gets the data, transfers it to a xstring and then sends it to the browser via:
    lf_value = lf_mimetype.
    response->set_header_field( name = 'Content-Type'
                                value = lf_value ).
    response->delete_header_field( 'Cache-Control' ).
    response->delete_header_field( 'Expires' ).
    response->delete_header_field( 'Pragma' ).
    lf_value = lf_filename.
    CONCATENATE 'inline; filename="' lf_filename INTO lf_value.
    response->set_header_field( name = 'Content-Disposition'
                                value = lf_value ).
    response->set_data( lf_content ).
    navigation->response_complete( ).

Hello!
Well first thing is, now after fooling around a bit and changing some code it works - though first method I used too was as described in I think a weblog from you for showing documents inline.
In my case there are files of different types stored via cfolders...and my application (after login in via a copy of the system/login application) amongst other things enables a web-based search & display of these files.
For this I fetch the contents of the file from the backend and then deliver the contents to http.
As I said, worked with basic authentification but had troubles after switching to the login-application.
Just my guess that it was the ticket gettin lost as i had the effect described above with excel.
Problem is that this project after gettin display to work again was completed and so now into a new project at a different company-location & system so cant make the trace.
Thx for helpin and sorry I had let this open - just was curious if this problem could be solved some better way then mine.

J2EE roles vs Portal roles vs ABAP roles

(I also posted this on portal implementation, but i hope i receive more reactions here )
Dear all,
I have a question about the information on the following link:
http://help.sap.com/saphelp_nw2004s/helpdata/en/4c/6c0f40763f1e07e10000000a1550b0/content.htm
It says the following:
"These functions are intended to assign users and their assigned portal roles a corresponding role in the SAP System. This corresponding role (authorization role) contains the authorizations needed to execute certain functions from the portal."
1. These "...certain functions..." they talk about, can someome give an example of these functions?
2. Is it possible for example to create a role in the portal that gives a user authorisation for starting transaction SE80 in the backend system? Without making the role in the backend first and uploading it to the portal.
3. It's also possible to upload ABAP roles to the portal. Is the main reason for this that users can see their SAP menu (or part of it) in the portal? Or does this have other advantages too?
4. I'm very confused about the relation between J2EE roles, portal roles and ABAP roles. Is it possible to manage the roles for a user in one place, without having to do certain actions in the portal AND the backend system?
From what I've read on help.sap.com, you always need to do certain actions in both places.
A possible approach is the following (from what i know): Creation of roles in the R/3 system, without assigning to users. From a webdynpro application, a user can then be created and roles can be assigned: portal roles (via some API) and R/3 roles (via BAPIs).
I hope someone can give a bit information on this issue. I've done alot of reading on help.sap.com, but it's still an abstract issue for me.
Kind regards,
Joren

Hi Jorem
Re: point 3. I don't build portal roles through this mechanism as I don't believe in replicating the SAP easy access menu inside the portal. If there are some specific functions (transactions) that I want to run inside the portal, then I might use this mechanism to build the iViews once. I would rather start an iView that runs transaction SMEN and let the user see their regular easy access menu.
Please note that the speed of executing transactions in the portal isn't a function of the portal, but the fact that you are using ITS, for example, to web enable the transaction...
Re: point 4. Groups are a UME concept. They have nothign to do with ABAP groups. They can be created directly in UME through user administration functions, or they can be created in the LDAP and then they are visible in the portal. If the UME points to an ABAP system, then the ABAP roles are autoamtcially visible as UME groups. Groups created in the UME need to have the members assigned through user admin functions of the Java engine. Groups stored in LDAP are maintained using LDAP admin tools. There are upload utilities that allow you to maintain LDAP users and groups through text files. Google LDIF for more details.
Roles on the portal need to be built in the portal contetn directory. As Michael mentioned, this can be automated by the use of the role upload function built into the portal.

A failure occured while importing Java SSO ticket certificate in ABAP stack Exception : FOREIGN_ENQUEUE_LOCK

Dear All,
We have completed the fresh installation of Soman7.1.
Now , We are doing the "Configuration of the Solman" and we are in the Step "Basic configuration ".
SID: SMI
Hostname: Solmantrg
Solman version: 7.1
The SSO Setup is failing with below error.
Message :
A failure occured while connecting to ABAP stack on solmantrg.thetimes.co.in sys=01 client=001 user=null. Details : 'user' missing
Details of the Log
Found SID for SSO ACL entry : SMI
Found login.ticket_client for SSO ACL entry : 000
The Read entry permission on TicketKeystore/SAPLogonTicketKeypair-cert was given to sap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar
The TicketKeystore/SAPLogonTicketKeypair-cert was succesfully read (619 bytes)
ABAP SSO ticket certificate of SMI was imported in ABAP PSE of solmantrg.thetimes.co.in (client 001)
The ABAP SSO ticket certificate was successfully imported in ABAP System PSE, and the ACL updated accordingly (SID=SMI LoginTicketClient=001)
A failure occured while importing Java SSO ticket certificate in ABAP stack
!! Exception : FOREIGN_ENQUEUE_LOCK(Abap cause=SOLMAN_ADMINE_TABLEE)
The ABAP instance profile contains the parameter : login/accept_sso2_ticket=1
The SSO ticket Certificate <CN=SMI> has been successfully imported into Java Keystore
The com.sap.security.core.server.jaas.EvaluateTicketLoginModule already contained the entry : trustedsys=SMI, 001 trustediss=CN=SMI trusteddn=CN=SMI
The Authentication template for component sap.com/SQLTrace*OpenSQLMonitors was already set to ticket
The Authentication template for component sap.com/SQLTrace*SQLTrace was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*monitoring was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*sap_monitoring was already set to ticket
The Authentication template for component sap.com/com.sap.security.core.admin*useradmin was already set to ticket
The Authentication template for component sap.com/tc~webadministrator~solmandiag*smd was already set to ticket
The Authentication template for component sap.com/tc~smd~e2etraceupload*E2EClientTraceUploadW was already set to ticket
The com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule already contained the entry : trustedsys=SMI, 001 trustediss=CN=SMI trusteddn=CN=SMI
The Authentication template for component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1 has been set to evaluate_assertion_ticket
The Login Module BasicPasswordLoginModule was added to the security component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1
A failure occured while connecting to ABAP stack on solmantrg.thetimes.co.in sys=01 client=001 user=null
!! Exception : 'user' missing
The ABAP instance profile contains the parameter : login/create_sso2_ticket=2
Exception
com.sap.mw.jco.JCO$AbapException: (126) FOREIGN_ENQUEUE_LOCK: FOREIGN_ENQUEUE_LOCK
at com.sap.mw.jco.MiddlewareJRfc$Client.execute(MiddlewareJRfc.java:1512)
at com.sap.mw.jco.JCO$Client.execute(JCO.java:3937)
at com.sap.mw.jco.JCO$Client.execute(JCO.java:3570)
at com.sap.sup.admin.setup.AbapSysRfcAdapter.addTrustedIssuer(AbapSysRfcAdapter.java:276)
at com.sap.sup.admin.setup.AbapSysRfcAdapter.addTrustedIssuer(AbapSysRfcAdapter.java:249)
at com.sap.sup.admin.setup.ManagingServices.setupDualStackSSO(ManagingServices.java:752)
at com.sap.sup.admin.setup.SetupStep.runExec(SetupStep.java:564)
at com.sap.sup.admin.setup.SetupStep.execute(SetupStep.java:445)
at com.sap.smd.agent.plugins.remotesetup.SapInstance.setup(SapInstance.java:674)
at com.sap.sup.admin.setup.ws.SetupWrapper._diagSetup(SetupWrapper.java:279)
at com.sap.sup.admin.setup.ws.SetupWrapper.diagSetup(SetupWrapper.java:21)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:331)
at com.sap.engine.services.webservices.runtime.JavaClassImplementationContainer.invokeMethod(JavaClassImplementationContainer.java:76)
at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:174)
at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:81)
at com.sap.engine.services.webservices.runtime.servlet.ServletDispatcherImpl.doPost(ServletDispatcherImpl.java:90)
at SoapServlet.doPost(SoapServlet.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1060)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
========================
com.sap.mw.jco.JCO$Exception: (101) RFC_ERROR_PROGRAM: 'user' missing
at com.sap.mw.jco.MiddlewareJRfc.generateJCoException(MiddlewareJRfc.java:518)
at com.sap.mw.jco.MiddlewareJRfc$Client.connect(MiddlewareJRfc.java:1087)
at com.sap.mw.jco.JCO$Client.connect(JCO.java:3310)
at com.sap.sup.admin.setup.CommonServices.getJcoClient(CommonServices.java:773)
at com.sap.sup.admin.setup.CommonServices.getJcoClient(CommonServices.java:722)
at com.sap.sup.admin.setup.SolManRfcAdapter.getJ2eeSsoSettings(SolManRfcAdapter.java:649)
at com.sap.sup.admin.setup.ManagingServices.updateSSOfromURLrepository(ManagingServices.java:790)
at com.sap.sup.admin.setup.ManagingServices.setupDualStackSSO(ManagingServices.java:773)
at com.sap.sup.admin.setup.SetupStep.runExec(SetupStep.java:564)
at com.sap.sup.admin.setup.SetupStep.execute(SetupStep.java:445)
at com.sap.smd.agent.plugins.remotesetup.SapInstance.setup(SapInstance.java:674)
at com.sap.sup.admin.setup.ws.SetupWrapper._diagSetup(SetupWrapper.java:279)
at com.sap.sup.admin.setup.ws.SetupWrapper.diagSetup(SetupWrapper.java:21)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:331)
at com.sap.engine.services.webservices.runtime.JavaClassImplementationContainer.invokeMethod(JavaClassImplementationContainer.java:76)
at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:174)
at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:81)
at com.sap.engine.services.webservices.runtime.servlet.ServletDispatcherImpl.doPost(ServletDispatcherImpl.java:90)
at SoapServlet.doPost(SoapServlet.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1060)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
In strustsso2, cerficate date is valid only.
kindly help us to fix this SSO_Setup issue
Thanks and Regards,
Gayathri.K

Hi ,
Thanks for the above reply.
I have executed the Step 2.3 AND 2.4 and i started the SSO Setup again. Still i am getting below error
Message
A failure occured while importing Java SSO ticket certificate in ABAP stack
Details Of the Log
Found SID for SSO ACL entry : SMI
Found login.ticket_client for SSO ACL entry : 000
The Read entry permission on TicketKeystore/SAPLogonTicketKeypair-cert was given to sap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar
The TicketKeystore/SAPLogonTicketKeypair-cert was succesfully read (619 bytes)
ABAP SSO ticket certificate of SMI was imported in ABAP PSE of solmantrg (client 001)
The ABAP SSO ticket certificate was successfully imported in ABAP System PSE, and the ACL updated accordingly (SID=SMI LoginTicketClient=001)
A failure occured while importing Java SSO ticket certificate in ABAP stack
!! Exception : FOREIGN_ENQUEUE_LOCK(Abap cause=SOLMAN_ADMINE_TABLEE)
The ABAP instance profile contains the parameter : login/accept_sso2_ticket=1
The SSO ticket Certificate <CN=SMI> has been successfully imported into Java Keystore
The com.sap.security.core.server.jaas.EvaluateTicketLoginModule already contained the entry : trustedsys=SMI, 001 trustediss=CN=SMI trusteddn=CN=SMI
The Authentication template for component sap.com/SQLTrace*OpenSQLMonitors was already set to ticket
The Authentication template for component sap.com/SQLTrace*SQLTrace was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*monitoring was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*sap_monitoring was already set to ticket
The Authentication template for component sap.com/com.sap.security.core.admin*useradmin was already set to ticket
The Authentication template for component sap.com/tc~webadministrator~solmandiag*smd was already set to ticket
The Authentication template for component sap.com/tc~smd~e2etraceupload*E2EClientTraceUploadW was already set to ticket
The com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule already contained the entry : trustedsys=SMI, 001 trustediss=CN=SMI trusteddn=CN=SMI
The Authentication template for component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1 has been set to evaluate_assertion_ticket
The Login Module BasicPasswordLoginModule was added to the security component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1
The ABAP instance profile contains the parameter : login/create_sso2_ticket=2
Exception
com.sap.mw.jco.JCO$AbapException: (126) FOREIGN_ENQUEUE_LOCK: FOREIGN_ENQUEUE_LOCK
at com.sap.mw.jco.MiddlewareJRfc$Client.execute(MiddlewareJRfc.java:1512)
at com.sap.mw.jco.JCO$Client.execute(JCO.java:3937)
at com.sap.mw.jco.JCO$Client.execute(JCO.java:3570)
at com.sap.sup.admin.setup.AbapSysRfcAdapter.addTrustedIssuer(AbapSysRfcAdapter.java:276)
at com.sap.sup.admin.setup.AbapSysRfcAdapter.addTrustedIssuer(AbapSysRfcAdapter.java:249)
at com.sap.sup.admin.setup.ManagingServices.setupDualStackSSO(ManagingServices.java:752)
at com.sap.sup.admin.setup.SetupStep.runExec(SetupStep.java:564)
at com.sap.sup.admin.setup.SetupStep.execute(SetupStep.java:445)
at com.sap.smd.agent.plugins.remotesetup.SapInstance.setup(SapInstance.java:674)
at com.sap.sup.admin.setup.ws.SetupWrapper._diagSetup(SetupWrapper.java:279)
at com.sap.sup.admin.setup.ws.SetupWrapper.diagSetup(SetupWrapper.java:21)
at sun.reflect.GeneratedMethodAccessor2202.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:331)
at com.sap.engine.services.webservices.runtime.JavaClassImplementationContainer.invokeMethod(JavaClassImplementationContainer.java:76)
at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:174)
at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:81)
at com.sap.engine.services.webservices.runtime.servlet.ServletDispatcherImpl.doPost(ServletDispatcherImpl.java:90)
at SoapServlet.doPost(SoapServlet.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1060)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Also , i have checked the note # 1008474 Diagnostics Setup Wizard uses wrong ABAP client.
As mentioned in above note, i have checked in visual admin all settings are maintained correctly.
RFC destination WEBADMIN & SOLMANDIAG is also working fine.
please tel why i am getting Foreign Enquelock
Regards,
Gayathri.K

Initial password change requested with SSO

Hi all,
we have well working SSO with EP6 SP2 and standalone ITS. SSO is based on SAP logon ticket. Only one annoying thing appears.
If a new user is created in SAP R/3, ITS asks for changing of password.
Does it mean that the user must initially (and later again according to password policy) change the password although we do not use direct access to R/3? If no password change should be required with SSO, how to solve this issue?
EP6 SP2 P4 HF8
ITS 6.2 PL14
R/3 4.7
Thanks in advance for any good idea.
Pavol

Hello,
We are on a very similar setup as above:
EP 6.0 SP12 with ITS.
What we are seeing is that the initial password dialog comes up but there is only the input fields but no "Submit" or "Change" buttons. In summary, new users are not able to change their password through the Portal.
Any ideas why this might be happening?
Thanks,
Siva.

RFC_ERROR_LOGON_FAILURE: This system rejects all logons using SSO tickets

hello again,
i manage to restart my server and applications
but now when i try to start :
http://host:port/b2b/b2b/init.do
and i can't
the logs show these line which i don't understand :
1}#2#parameters: [client]='null' [user]='null' [language]='null' [ashost]='null' [systemnumber]='null' [mshost]='null' [gwhost]='null' [gwserv]='null' [group]='null' [systemid]='null'
Properties: {lang=en, passwd=?, sysnr=01, client=300, user=$MYSAPSSO2$, ashost=192.168.1.14, jco.client.type=A, maxcon=0, jco.client.trace=1, codepage=1100}
Client not connected#com.sap.mw.jco.JCO$Exception: (101) RFC_ERROR_PROGRAM: 'mysapsso2' missing
 at com.sap.mw.jco.MiddlewareJRfc.generateJCoException(MiddlewareJRfc.java:456)
 at com.sap.mw.jco.MiddlewareJRfc$Client.connect(MiddlewareJRfc.java:922)
 at com.sap.mw.jco.JCO$Client.connect(JCO.java:3171)
 at com.sap.isa.core.eai.sp.jco.JCoConnectionStateless.getInternalJCoClient(JCoConnectionStateless.java:118)
 at com.sap.isa.core.eai.sp.jco.JCoConnectionStateless.isValid(JCoConnectionStateless.java:479)
 at com.sap.isa.user.backend.crm.IsaUserBaseCRM.loginViaTicket(IsaUserBaseCRM.java:1677)
 at com.sap.isa.user.backend.crm.IsaUserBaseCRM.loginForBPRole(IsaUserBaseCRM.java:127)
 at com.sap.isa.user.backend.crm.UserBaseCRM.login(UserBaseCRM.java:248)
 at com.sap.isa.user.businessobject.UserBase.login(UserBase.java:308)
#1.5#000423A6E1B400640000002E0000169C00041D66DC92778B#1158227531375#tracing.isa.runtime#sap.com/crm~b2b#tracing.isa.runtime#ABAHMANE#466##crm_CRM_15121750#ABAHMANE#a4727b3043d611dbc03b000423a6e1b4#SAPEngine_Application_Thread[impl:3]_17##0#0#Debug##Plain###[actionxecution]='end' [actionclass]='com.sap.isa.user.action.LoginBaseAction' [path]='/login' [forward]='/base/error_ume.jsp' [exectime]='32'#
#1.5#000423A6E1B400480000000F0000169C00041D66DCE4AE38#1158227536750#tracing.advisor.method#sap.com/crm~b2b#tracing.advisor.method#ABAHMANE#466##crm_CRM_15121750#ABAHMANE#a4727b3043d611dbc03b000423a6e1b4#SAPEngine_Application_Thread[impl:3]_8##0#0#Debug##Plain###AdvisorBusinessObjectManager:<constructor>#
#1.5#000423A6E1B40048000000120000169C00041D66DCE4B676#1158227536765#tracing.isa.runtime#sap.com/crm~b2b#tracing.isa.runtime#ABAHMANE#466##crm_CRM_15121750#ABAHMANE#a4727b3043d611dbc03b000423a6e1b4#SAPEngine_Application_Thread[impl:3]_8##0#0#Debug##Plain###[actionxecution]='begin' [actionclass]='com.sap.isa.isacore.action.IsaCoreInitAction' [path]='/b2b/coreinit'#
#1.5#000423A6E1B40048000000130000169C00041D66DCE4C261#1158227536765#tracing.isa.runtime#sap.com/crm~b2b#tracing.isa.runtime#ABAHMANE#466##crm_CRM_15121750#ABAHMANE#a4727b3043d611dbc03b000423a6e1b4#SAPEngine_Application_Thread[impl:3]_8##0#0#Debug##Plain###[actionxecution]='end' [actionclass]='com.sap.isa.isacore.action.IsaCoreInitAction' [path]='/b2b/coreinit' [forward]='/user/performLogin.do' [exectime]='0'#
#1.5#000423A6E1B40048000000140000169C00041D66DCE4C607#1158227536765#tracing.isa.runtime#sap.com/crm~b2b#tracing.isa.runtime#ABAHMANE#466##crm_CRM_15121750#ABAHMANE#a4727b3043d611dbc03b000423a6e1b4#SAPEngine_Application_Thread[impl:3]_8##0#0#Debug##Plain###[actionxecution]='begin' [actionclass]='com.sap.isa.core.action.SetReloginCookieAction' [path]='/relogin/setcookie'#
#1.5#000423A6E1B4004800000
many thnx if you can help me

it doesn't work ..
i need to understand the meaning of SSO ticket in sap logon..
i still have the error :
parameters: [client]='null' [user]='null' [language]='null' [ashost]='null' [systemnumber]='null' [mshost]='null' [gwhost]='null' [gwserv]='null' [group]='null' [systemid]='null'
Properties: {lang=en, passwd=?, sysnr=01, client=300, user=$MYSAPSSO2$, ashost=192.168.1.14, jco.client.type=A, maxcon=0, jco.client.trace=1, codepage=1100}Client not connected#com.sap.mw.jco.JCO$Exception: (101) RFC_ERROR_PROGRAM: 'mysapsso2' missing
 at com.sap.mw.jco.MiddlewareJRfc.generateJCoException(MiddlewareJRfc.java:456)
why does it replace the user i mapped in XCM JCO setting with the user 'mysapsso2' ?
plz help me

Running MI-Webconsole in a Portal with SSO?

Hi,
we want to do mobile Administration from a SAP Portal.
How can i integrate the MI-Webconsole with SSO in a portal?
I created a URL-IView for webconsole,but i get the webconsole login screen in the Portal.
Is there are solution how to do Single-Sign-On to MI-Webconsole from a portal?

Hello Marco,
you can realize a portal SSO to webconsole with user mapping by doing following steps:
1. Create a HTTP-System in the system configuration of your portal.You need this HTTP-System for the User-Mapping of Webconsole login.
2. Create an URL iview to "webconsole/checklogin" for example: "http://yoursystem.domain:port/me/WebConsole/checklogin"
3. Select your created Http-System as system in the URL-iview!!
4. Set the following values in the url-parameter table of the Iview:
user = select mappedUser from dropdownlistbox
pwd = select mappedPasswort from dorpdownlistbox
system=your system
client=your client
language=EN
systemnumber=00
(Enter here the login-values from input fields of webconsole login screen)
5. Assign the iview to a page/workset/role(you have still done that)
6. Do the User Mapping for the created Http-System in the Personalisation.
That's it.
Then you can logon to MI-Webconsole via Portal without having a seperate webconsole login.
Regards and please don't forget to reward with some christmas-points;-)
Frank Brackmann
Message was edited by: Frank Brackmann

Security role with alias KeystoreAdministrator does not exist.

i have a error trying to start the java engine of a Solution Manager 4.0 SR2 on AIX with ibm jdk SR9
the next log is about the std_server0.out
i do not how to create the alias because i can not connect using Visual Administrator because the server not start
stdout/stderr redirect
node name : server0
pid : 995354
system name : SMS
system nr. : 00
started at : Wed Aug 13 18:26:36 2008
[Thr 1] Wed Aug 13 18:26:37 2008
[Thr 1] MtxInit: -2 0 0
<?xml version="1.0" ?>
<verbosegc version="200708_30">
SAP J2EE Engine Version 7.00 PatchLevel 108458.44 is starting...
Loading: LogManager ... 2643 ms.
Loading: PoolManager ... 2 ms.
Loading: ApplicationThreadManager ... 837 ms.
Loading: ThreadManager ... 54 ms.
Loading: IpVerificationManager ... 12 ms.
Loading: ClassLoaderManager ... 14 ms.
Loading: ClusterManager ... 226 ms.
Loading: LockingManager ... 68 ms.
Loading: ConfigurationManager ... 86617 ms.
Loading: LicensingManager ... 28 ms.
Loading: CacheManager ... 159 ms.
Loading: ServiceManager ...
Loading services.:
Service cross started. (75 ms).
Service memory started. (98 ms).
Service runtimeinfo started. (115 ms).
Service trex.service started. (87 ms).
Service file started. (156 ms).
Service timeout started. (159 ms).
Service userstore started. (19 ms).
Service jmx_notification started. (78431 ms).
Service p4 started. (188119 ms).
Service classpath_resolver started. (63 ms).
<af type="nursery" id="1" timestamp="Wed Aug 13 18:32:05 2008" intervalms="0.000">
<minimum requested_bytes="48" />
<time exclusiveaccessms="1.635" />
<nursery freebytes="0" totalbytes="209715200" percent="0" />
<tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<gc type="scavenger" id="1" totalid="1" intervalms="0.000">
 <flipped objectcount="253990" bytes="19242624" />
 <tenured objectcount="0" bytes="0" />
 <refs_cleared soft="644" weak="1" phantom="0" />
 <finalization objectsqueued="1363" />
 <scavenger tiltratio="50" />
 <nursery freebytes="190330424" totalbytes="209715200" percent="90" tenureage="10" />
 <tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
 </tenured>
 <time totalms="107.395" />
</gc>
<nursery freebytes="190328376" totalbytes="209715200" percent="90" />
<tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<time totalms="110.754" />
</af>
Service deploy started. (4055 ms).
Service bimmrdeployer started. (7 ms).
Service MigrationService started. (70 ms).
Service log_configurator started. (194277 ms).
Service locking started. (8 ms).
Service http started. (295 ms).
Service naming started. (626 ms).
Service failover started. (112 ms).
Service appclient started. (140 ms).
Service javamail started. (218 ms).
Service ts started. (220 ms).
Service jmsconnector started. (207 ms).
Service licensing started. (22 ms).
Service connector started. (212 ms).
Service configuration started. (32 ms).
Service iiop started. (316 ms).
Service webservices started. (706 ms).
Service dbpool started. (25283 ms).
<af type="nursery" id="2" timestamp="Wed Aug 13 18:33:36 2008" intervalms="91291.585">
<minimum requested_bytes="768" />
<time exclusiveaccessms="0.302" />
<nursery freebytes="0" totalbytes="209715200" percent="0" />
<tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<gc type="scavenger" id="2" totalid="2" intervalms="91293.279">
 <flipped objectcount="353647" bytes="28752016" />
 <tenured objectcount="0" bytes="0" />
 <refs_cleared soft="1056" weak="0" phantom="0" />
 <finalization objectsqueued="2858" />
 <scavenger tiltratio="50" />
 <nursery freebytes="180516672" totalbytes="209715200" percent="86" tenureage="11" />
 <tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
 </tenured>
 <time totalms="90.892" />
</gc>
<nursery freebytes="180514624" totalbytes="209715200" percent="86" />
<tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<time totalms="92.831" />
</af>
Service com.sap.security.core.ume.service started. (64165 ms).
Service tcdisdic~srv started. (815 ms).
Service security started. (911 ms).
Service classload started. (43 ms).
Service applocking started. (132 ms).
Service shell started. (216 ms).
Service tceCATTPingservice started. (21 ms).
Service telnet started. (60 ms).
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [service_ssl] and user [null] not generated; Consequences: keystore view [service_ssl] is not created for user [null]; Countermeasures:see log for details
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [TrustedCAs] and user [null] not generated; Consequences: keystore view [TrustedCAs] is not created for user [null]; Countermeasures:see log for details
Service webdynpro started. (699 ms).
Service keystore started. (952 ms).
Service ssl started. (56 ms).
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [TicketKeystore] and user [null] not generated; Consequences: keystore view [TicketKeystore] is not created for user [null]; Countermeasures:see log for details
Service ejb started. (1367 ms).
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
Service tcseccertrevoc~service started. (286 ms).
Service tcsecsecurestorage~service started. (379 ms).
Aug 13, 2008 6:33:41 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
Service servlet_jsp started. (1783 ms).
Aug 13, 2008 6:33:41 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
Timed out services:
Service com.adobe~DataManagerService > hard reference to service jmx.
Service com.adobe~TrustManagerService > hard reference to service jmx.
Service cafumrelgroupsimp > hard reference to service cafummetadataimp.
Service com.adobe~PDFManipulation > hard reference to service jmx.
Service adminadapter > hard reference to service jmx.
Service pmi > hard reference to service tcsecdestinations~service.
Service jms_provider > hard reference to service jmx.
Service sld > service sld start method invoked.
Service jmx > service jmx start method invoked.
Service rfcengine > hard reference to service jmx.
Service tcsecsaml~service > hard reference to service adminadapter.
Service com.adobe~LicenseService > hard reference to service basicadmin.
Service com.adobe~DocumentServicesConfiguration > hard reference to service basicadmin.
Service tcsmdserver~service > hard reference to service jmx.
Service com.adobe~DocumentServicesDestProtoService > hard reference to service jmx.
Service cafummetadataimp > service cafummetadataimp start method invoked.
Service tcsecvsiservice > hard reference to service tcsecdestinationsservice.
Service tcsecdestinationsservice > service tcsecdestinationsservice start method invoked.
Service dsr > hard reference to service security.
Service monitor > hard reference to service jmx.
Service cafruntimeconnectivityimpl > service cafruntimeconnectivityimpl start method invoked.
Service tclmctcconfsservice_sda > hard reference to service jmx.
Service CUL > hard reference to service jmx.
Service tc.monitoring.logviewer > hard reference to service jmx.
Service apptracing > hard reference to service jmx.
Service com.adobe~XMLFormService > hard reference to service jmx.
Service tcsecwssecservice > service tcsecwssecservice start method invoked.
Service com.adobe~FontManagerService > hard reference to service jmx.
Service com.adobe~DocumentServicesLicenseSupportService > hard reference to service jmx.
Service com.adobe~DocumentServicesBinaries2 > hard reference to service jmx.
Service basicadmin > hard reference to service jmx.
[Framework -> criticalShutdown] 3 core services have timed out [adminadapter; jmx; basicadmin].
Aug 13, 2008 6:33:53 PM com.sap.engine.core.Framework [Thread[Thread-1,5,main]] Fatal: Critical shutdown was invoked. Reason is: 3 core services have timed out [adminadapter; jmx; basicadmin].
</verbosegc>

i have a error trying to start the java engine of a Solution Manager 4.0 SR2 on AIX with ibm jdk SR9
the next log is about the std_server0.out
i do not how to create the alias because i can not connect using Visual Administrator because the server not start
stdout/stderr redirect
node name : server0
pid : 995354
system name : SMS
system nr. : 00
started at : Wed Aug 13 18:26:36 2008
[Thr 1] Wed Aug 13 18:26:37 2008
[Thr 1] MtxInit: -2 0 0
<?xml version="1.0" ?>
<verbosegc version="200708_30">
SAP J2EE Engine Version 7.00 PatchLevel 108458.44 is starting...
Loading: LogManager ... 2643 ms.
Loading: PoolManager ... 2 ms.
Loading: ApplicationThreadManager ... 837 ms.
Loading: ThreadManager ... 54 ms.
Loading: IpVerificationManager ... 12 ms.
Loading: ClassLoaderManager ... 14 ms.
Loading: ClusterManager ... 226 ms.
Loading: LockingManager ... 68 ms.
Loading: ConfigurationManager ... 86617 ms.
Loading: LicensingManager ... 28 ms.
Loading: CacheManager ... 159 ms.
Loading: ServiceManager ...
Loading services.:
Service cross started. (75 ms).
Service memory started. (98 ms).
Service runtimeinfo started. (115 ms).
Service trex.service started. (87 ms).
Service file started. (156 ms).
Service timeout started. (159 ms).
Service userstore started. (19 ms).
Service jmx_notification started. (78431 ms).
Service p4 started. (188119 ms).
Service classpath_resolver started. (63 ms).
<af type="nursery" id="1" timestamp="Wed Aug 13 18:32:05 2008" intervalms="0.000">
<minimum requested_bytes="48" />
<time exclusiveaccessms="1.635" />
<nursery freebytes="0" totalbytes="209715200" percent="0" />
<tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<gc type="scavenger" id="1" totalid="1" intervalms="0.000">
 <flipped objectcount="253990" bytes="19242624" />
 <tenured objectcount="0" bytes="0" />
 <refs_cleared soft="644" weak="1" phantom="0" />
 <finalization objectsqueued="1363" />
 <scavenger tiltratio="50" />
 <nursery freebytes="190330424" totalbytes="209715200" percent="90" tenureage="10" />
 <tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
 </tenured>
 <time totalms="107.395" />
</gc>
<nursery freebytes="190328376" totalbytes="209715200" percent="90" />
<tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<time totalms="110.754" />
</af>
Service deploy started. (4055 ms).
Service bimmrdeployer started. (7 ms).
Service MigrationService started. (70 ms).
Service log_configurator started. (194277 ms).
Service locking started. (8 ms).
Service http started. (295 ms).
Service naming started. (626 ms).
Service failover started. (112 ms).
Service appclient started. (140 ms).
Service javamail started. (218 ms).
Service ts started. (220 ms).
Service jmsconnector started. (207 ms).
Service licensing started. (22 ms).
Service connector started. (212 ms).
Service configuration started. (32 ms).
Service iiop started. (316 ms).
Service webservices started. (706 ms).
Service dbpool started. (25283 ms).
<af type="nursery" id="2" timestamp="Wed Aug 13 18:33:36 2008" intervalms="91291.585">
<minimum requested_bytes="768" />
<time exclusiveaccessms="0.302" />
<nursery freebytes="0" totalbytes="209715200" percent="0" />
<tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<gc type="scavenger" id="2" totalid="2" intervalms="91293.279">
 <flipped objectcount="353647" bytes="28752016" />
 <tenured objectcount="0" bytes="0" />
 <refs_cleared soft="1056" weak="0" phantom="0" />
 <finalization objectsqueued="2858" />
 <scavenger tiltratio="50" />
 <nursery freebytes="180516672" totalbytes="209715200" percent="86" tenureage="11" />
 <tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
 </tenured>
 <time totalms="90.892" />
</gc>
<nursery freebytes="180514624" totalbytes="209715200" percent="86" />
<tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<time totalms="92.831" />
</af>
Service com.sap.security.core.ume.service started. (64165 ms).
Service tcdisdic~srv started. (815 ms).
Service security started. (911 ms).
Service classload started. (43 ms).
Service applocking started. (132 ms).
Service shell started. (216 ms).
Service tceCATTPingservice started. (21 ms).
Service telnet started. (60 ms).
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [service_ssl] and user [null] not generated; Consequences: keystore view [service_ssl] is not created for user [null]; Countermeasures:see log for details
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [TrustedCAs] and user [null] not generated; Consequences: keystore view [TrustedCAs] is not created for user [null]; Countermeasures:see log for details
Service webdynpro started. (699 ms).
Service keystore started. (952 ms).
Service ssl started. (56 ms).
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [TicketKeystore] and user [null] not generated; Consequences: keystore view [TicketKeystore] is not created for user [null]; Countermeasures:see log for details
Service ejb started. (1367 ms).
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
Service tcseccertrevoc~service started. (286 ms).
Service tcsecsecurestorage~service started. (379 ms).
Aug 13, 2008 6:33:41 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
Service servlet_jsp started. (1783 ms).
Aug 13, 2008 6:33:41 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
Timed out services:
Service com.adobe~DataManagerService > hard reference to service jmx.
Service com.adobe~TrustManagerService > hard reference to service jmx.
Service cafumrelgroupsimp > hard reference to service cafummetadataimp.
Service com.adobe~PDFManipulation > hard reference to service jmx.
Service adminadapter > hard reference to service jmx.
Service pmi > hard reference to service tcsecdestinations~service.
Service jms_provider > hard reference to service jmx.
Service sld > service sld start method invoked.
Service jmx > service jmx start method invoked.
Service rfcengine > hard reference to service jmx.
Service tcsecsaml~service > hard reference to service adminadapter.
Service com.adobe~LicenseService > hard reference to service basicadmin.
Service com.adobe~DocumentServicesConfiguration > hard reference to service basicadmin.
Service tcsmdserver~service > hard reference to service jmx.
Service com.adobe~DocumentServicesDestProtoService > hard reference to service jmx.
Service cafummetadataimp > service cafummetadataimp start method invoked.
Service tcsecvsiservice > hard reference to service tcsecdestinationsservice.
Service tcsecdestinationsservice > service tcsecdestinationsservice start method invoked.
Service dsr > hard reference to service security.
Service monitor > hard reference to service jmx.
Service cafruntimeconnectivityimpl > service cafruntimeconnectivityimpl start method invoked.
Service tclmctcconfsservice_sda > hard reference to service jmx.
Service CUL > hard reference to service jmx.
Service tc.monitoring.logviewer > hard reference to service jmx.
Service apptracing > hard reference to service jmx.
Service com.adobe~XMLFormService > hard reference to service jmx.
Service tcsecwssecservice > service tcsecwssecservice start method invoked.
Service com.adobe~FontManagerService > hard reference to service jmx.
Service com.adobe~DocumentServicesLicenseSupportService > hard reference to service jmx.
Service com.adobe~DocumentServicesBinaries2 > hard reference to service jmx.
Service basicadmin > hard reference to service jmx.
[Framework -> criticalShutdown] 3 core services have timed out [adminadapter; jmx; basicadmin].
Aug 13, 2008 6:33:53 PM com.sap.engine.core.Framework [Thread[Thread-1,5,main]] Fatal: Critical shutdown was invoked. Reason is: 3 core services have timed out [adminadapter; jmx; basicadmin].
</verbosegc>

J2EE role with SSO tickets

Similar Messages

Maybe you are looking for