MYSAPSSO2 issue ...

Hello all,
Maybe you've a good idea ...
We're using an ITS 6.20 with PAS module for SSO; in parallel we have an ABAP webdynpro application which uses SSO via a JAVA Engine ( SPNego with Ticket );
when calling the ITS application, we get an MYSAPSSO2 cokkie and SSO is working; afterwards, calling the webdypro via SPNego authentication without ending the ITS session ==> authentication fails; non interpretable SSO cookie;
without calling the ITS application, SSO for the webdypro is working fine;
So I think it's on the MYSAPSSO2 cookie; somehow, they interfere each other;
The ITS application is recreating it's ticket evertime; so no problem with this application; what could be done on JAVA side to get rid of this roblem cause those two applications should run in parallel ?!?
Thanks in advance
Oliver

Hi Madhu,
After activaiting requried services in SICF. then you need to below to access mentioned URL
Please check the host file is update or not for your server. if not then you need to update your server IP address and host name in host file entry at (Start > RUN > drivers > etc > host file) and test whether you are able to ping your server or not (RUN >> Ping <host name>)
Please refer to BI Integrated Planning - J2EE Setup Issue
Hope it helps
Regards
Arun
Edited by: Arun Jaiswal on May 11, 2010 10:20 PM

Similar Messages

  • Issuing Multiple MYSAPSSO2 tickets for Multiple Domains

    Hi,
    I am having a problem understanding the SAP documentation on how to go about issuing SAP login tickets in multiple domains. In the documentation it states that in order to do so, you require either a IRJ or the SAP ISAPI Web Filter installed in on a server in the target Domain. I have now setup the IIS_SSO.dll ISAPI filter in the domain I require the SSO ticket to be issued in however when I make a request to that webserver I do not see the MYSAPSSO2 cookie being created in my browser, I do see in the ISAPI logs that the request has been filtered and the portal username extracted and set to the configured HTTP Header, but no new Cookie created in the DOMAIN.
    Can anyone help? Has anyone done something like this before?
    Basically I have a portal in the domain <b>myportal.subdomain.domain.com</b> and an ITS in the domain <b>myits.domain.com</b>. With this configuration the MYSAPSSO2 cookie is not sent to the ITS server as it is in a Super Domain. So what I want is to configure the portal to issue a Cookie in the super domain (domain.com) rather then subdomain.domain.com. I thought I could do this with the parameter login.ticket_recieving_hosts in the usermanagment.properties file (EP5) and the IIS ISAPI filter to SSO (IIS_SSO.dll) configured on a website in the super domain (domain.com).
    Any help would be greatly appriciated.
    Simon.

    I believe we had to set the domain relax level (ume.logon.security.relax_domain.level) but needed to make sure this was secure since it changes the domain scope of cookies that are valid for the system.
    See the following:
    http://scn.sap.com/thread/1534863
    http://help.sap.com/saphelp_nw70ehp3/helpdata/en/5e/473d4124b08739e10000000a1550b0/frameset.htm
    Hope this helps.

  • Issue while parsing the MYSAPSSO2 Cookie

    Hi All,
    We are trying to establish SSO with a non SAP web application using MYSAPSSO2 cookie.
    Plan is to write a java class which can parse out the MYSAPSSO2 cookie, extract the user Id and use it for single sign on.
    Following Libraries are used:
    logging.jar
    i18n_cp.jar
    iaik_jce.jar
    com.sap.security.api.jar
    com.sap.security.core.jar
    rscp4j.dll(this is downloaded from a SAP EP 7.0 instance running in windows 2003 server in our landscape).
    Our Source SAP EP 7.0 instance which will be issuing the cookie is running in Solaris.
    The target application in which the cookie is parsed, is running in Windos 2003 64 bit server.
    Following is the code which we are using.
    //Instantiate the rpovider
    IAIK provider = new IAIK();
    Security.addProvider(provider);
    //Instantiate the ticket
    tv  =   new com.sap.security.core.ticket.imp.Ticket();
    //set teh certificates
    tv.setCertificates(certificates);
    //set the MYSAPSSO2 cookie
    tv.setTicket(strCookie);
    if (!tv.isValid()){
         System.out.println("Ticket is not valid");
    //Verify the ticket
    tv.verify();
    isValid method is working fine - it is returning true or false exactly based on the validity.
    ISSUE:
    tv.verify();--->Raises the following exception:
    java.security.SignatureException-Certificate (Issuer="CN=SID,OU=XX,O=XYZ,L=LO,ST=ST,C=CO", S/N=1234567890) not found.
    When analyzed, it looks like the verify method is trying to compare the issuer's serial number in integer format
    but the portal is providing the serial number in hexadecimal format.
    So the keystore has the certificate with the same issuer and serial number but the serial number is in hexadecimal format.
    The certificate from SAP Enterprise Portal was imported to the local keystore using the keytool -import option.
    Could anyone help resolve this issue?
    Thanks in advance.

    Hi,
    im facing the exact same problem, and I think I found the reason for the behavior described above.
    The Problem seems to be located at
    [http://help.sap.com/javadocs/NW73/SPS01/CE/se/com.sap.se/com/sap/security/api/ticket/TicketVerifier.html#verify()]
    from com.sap.security.api.jar, just like mentioned.
    But the Problem seems to be the issuer, not the serial number.
    When decompiling  com.sap.security.api.jar with JD-GUI ([http://java.decompiler.free.fr/?q=jdgui]),
    you can see the following:
         public static java.security.cert.X509Certificate[] findCertificates(
                   java.security.cert.X509Certificate[] certificates, String issuer, BigInteger serial) {
              if ((certificates == null) || (certificates.length == 0)) {
                   return null;
              ArrayList certificateList = new ArrayList();
              for (int i = 0; i < certificates.length; i++) {
                   java.security.cert.X509Certificate certificate = certificates<i>;
                   if ((certificate.getIssuerDN().getName().equals(issuer)) && (certificate.getSerialNumber().equals(serial))) {
                        certificateList.add(certificate);
              if (certificateList.size() == 0) {
                   return null;
              java.security.cert.X509Certificate[] matchedCertificates = new java.security.cert.X509Certificate[certificateList
                        .size()];
              certificateList.toArray(matchedCertificates);
              return matchedCertificates;
    As you can see, the issuer-parameter is beeing compared with the issuer from the certificate. And here comes the weird stuff: While the  issuer-parameter contains an issuer like
    "OU=J2EE,CN=EXAMPLE"
    the issuer retrieved from the certificate is
    "OU=J2EE, CN=EXAMPLE"
    (see toString() of the java.security.cert.X509Certificate)
    You see the missing whitespace after the comma? This is the reason why the if-condition fails and you get something like
    java.security.SignatureException: Certificate (Issuer="OU=J2EE,CN=EXAMPLE", S/N=1234) not found.
    A workaround (a really UGLY one, I admit), is the following:
    1. Open  com.sap.security.api.jar with a ZIP-tool and delete
    /com/sap/security/api/ticket/TicketVerifier.class
    2. Copy the decompilied Version of TicketVerifier to Java-Class /com/sap/security/api/ticket/TicketVerifier.java
    3. Change
    for (int i = 0; i < certificates.length; i++) {
         java.security.cert.X509Certificate certificate = certificates<i>;
         if ((certificate.getIssuerDN().getName().equals(issuer)) && (certificate.getSerialNumber().equals(serial))) {
              certificateList.add(certificate);
    to
    for (int i = 0; i < certificates.length; i++) {
         X509Certificate certificate = certificates<i>;
         String dnNameFromCert = certificate.getIssuerDN().getName().replaceAll(", ", ",");
         BigInteger serialNumberFromCert = certificate.getSerialNumber();
         if ((dnNameFromCert.equals(issuer)) && (serialNumberFromCert.equals(serial))) {
              certificateList.add(certificate);
    4. Package this class into a jar and make it available in your classpath.
    5. Enjoy
    To me, this is a huge bug in the SAP-Library and has to be fixed.
    Regards
    Matthias
    Edited by: Matthias82 on Sep 29, 2011 12:47 PM

  • Issue in parsing MYSAPSSO2 Cookie -Certificate Serial no is in Hexadecimal

    Hi All,
    We are trying to establish SSO with a non SAP web application using MYSAPSSO2 cookie.
    Plan is to write a java class which can parse out the MYSAPSSO2 cookie, extract the user Id and use it for single sign on.
    Following Libraries are used:
    logging.jar
    i18n_cp.jar
    iaik_jce.jar
    com.sap.security.api.jar
    com.sap.security.core.jar
    rscp4j.dll(this is downloaded from a SAP EP 7.0 instance running in windows 2003 server in our landscape).
    Our Source SAP EP 7.0 instance which will be issuing the cookie is running in Solaris.
    The target application in which the cookie is parsed, is running in Windos 2003 64 bit server.
    Following is the code which we are using.
    //Instantiate the rpovider
    IAIK provider = new IAIK();
    Security.addProvider(provider);
    //Instantiate the ticket
    tv = new com.sap.security.core.ticket.imp.Ticket();
    //set teh certificates
    tv.setCertificates(certificates);
    //set the MYSAPSSO2 cookie
    tv.setTicket(strCookie);
    if (!tv.isValid()){
    System.out.println("Ticket is not valid");
    //Verify the ticket
    tv.verify();
    isValid method is working fine - it is returning true or false exactly based on the validity.
    ISSUE:
    tv.verify();--->Raises the following exception:
    java.security.SignatureException-Certificate (Issuer="CN=SID,OU=XX,O=XYZ,L=LO,ST=ST,C=CO", S/N=1234567890) not found.
    When analyzed, it looks like the verify method is trying to compare the issuer's serial number in integer format
    but the portal is providing the serial number in hexadecimal format.
    So the keystore has the certificate with the same issuer and serial number but the serial number is in hexadecimal format.
    If I print the certificates available in the keystore it is printing that certificate with serial number in hexadecimal format. if I convert that hexadecimal to decimal - I get the same number which is part of the error message raised by the code.
    The certificate from SAP Enterprise Portal was imported to the local keystore using the keytool -import option.
    Could anyone help resolve this issue?
    Thanks in advance.

    Any advice please?
    Do I need to post it in a different forum?

  • MYSAPSSO2 - JSPDynPage - (Re)Authentication Issue

    Good Afternoon,
    I have created a JSPDynPage and deployed on an EP7.0 2004s SP14 server.  You can access the JSPDynPage
    by using http://host:port/irj/servlet/prt/portal/prtroot/<jsp_dyn_class>
    When I browse to the location I am challenged for credentials.  I enter a valid Portal user name and password and am granted access.  However if I browse to the http://host:port/irj/portal I have to re-authenticate.   It seems there is double authentication and my question is why?  Usually you can enter the portal at irj/portal and then enter /useradmin etc in the address bar and gain access to the requested portal component.  I have put debug listeners on the JSPDynPage showing a valid MYSAPSSO2 cookie exists and I can retrieve the username, (UMFactory, IAuthenticator) etc.    Do I need to configure a SAP Login Ticket for the Portal to Access itself.  Using the DiagTool  I have traced both authentication methods (entering from /irj/portal and /irj/servlet/prt/portal/prtroot/<jsp_dyn_class>) and they appear identical.
    The reason I am using this is the 'quick links' functionality is not working; I suppose a separate issue and we want to provide a users with a link that will insert them into the requested iView.  Thanks!

    Good Morning,
    Thanks for your response.  You may be right, as a user my domain name is <Associate#>@<DomainController>.<DOMAIN>.COM and the server resides at <portal_hostname>.<DOMAIN>.com.  Could this be causing the issue? You would think not since in both cases the Portal Server is issuing the ticket - when accessing my JSPDynPage and at /irj/portal.  I exchanged keys & followed 701205 to establish SSO between an SRM 5.0 system.  When SSO'ing to the ITS - SRM Logon screen - if I first go to the portal's /irj/portal, logon and then go to the SRM Logon screen I am SSO'ed in.  However, if I go to my JSPDynPage, authenticate and then enter the SRM's logon screen I must enter username and password (essentially the MYSAPSSO2 cookies is not passed?). I then created a 'system' connection in the Portal's System Administration area for the SRM system and under the Support area I can run SAP Transactions in the SRM (ABAP) system, such as sm21 etc. Curious.

  • Issuer of sso ticket is not authorized SAP gui logon

    Hello,
    Would you please brief me how to enable SSO between two ABAP systems for NWBC.
    We are not able to browse from source system to target system in NWBC, a logon prompt of second system is displayed for each browser session.
    What I did.
    Certified the server certificates with CA.
    Imported the certificate CA into ABAP and browser as well.
    Exchanged the certificates of both systems to each other strust store.
    RFC connections between those two ABAP systems are working fine , without logon prompts.
    HTTPS is working fine in browser without prompting for any certificate.
    After examining the trace using fiddler debugger,
    MYSAPSSO2 cookie is created and the same is being passed on to next system.
    It seems /its/webgui is not able to decrypt/receive this mysapsso2 cookie.
    SSL Server standard is certified by root CA in both abap systems and the root CA is added to strust store.
    ACL list is maintained for each in both systems.
    Issue has been resolved. ACL list is client dependent. So,  entries are maintained in the desired client.
    Now, no more logon prompt .

    Hi Michael,
    Thanks for you rhelp
    But this is not the problem.
    We found something strange in two environments.
    In BW Development (this is OK), the certified in ACL is showing:
    BWD 200 CN=BWD, OU=I0020274560, OU=SAP Web AS, O=SAP Trust Community, C=DE
    In BW Quality (isn´t OK), the certified in ACL is showing:
    BWQ 300 CN=BWQ  (only this)
    Can be this the problem? If yes, how can I solve?
    Thanks
    Carlos

  • Issue with OSI PI WCF Web Service with wshttpbinding

    Hi Experts,
    System Details:
    SAP MII 14 SP4
    OSI PI Web Service: PITimeSeries
    I am having issue when trying to call OSI PI web service using http post. it is returning status 0 when i am using exception handler in BLS.
    Same web service works fine with basichttpbinding (SOAP 1.1)  but with wshttpbinding (SOAP 1.2) it is giving error.
    Following are Web config binding details for web service.
          <wsHttpBinding>
            <binding name="wsBinding_2011" sendTimeout="00:01:00" receiveTimeout="00:10:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
              <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
              <security mode="Message">
                <message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true" />
              </security>
            </binding>
          </wsHttpBinding>
    I am not sure it could be the issue with passing windows credentials.
    Did anybody consumed WCF web service with wshttpbinding with security mode as Message and clientCredentialType as Windows.
    Also i was trying to pass MYSAPSSO2 SSO token to service in http post but first i am not sure if this is correct windows token and second which header property of service should be mapped and i am not sure that I am going into correct direction or not.
    Please let me know what i am missing.
    I have tried following other options and tools:
    SOAP UI: basichttpbinding works fine for wshttpbinding receiving Internal Server error in log and Response as
                      The security context token is expired or is not valid.
    MII Web Service Action Block: basichttpbinding works fine for wshttpbinding not able to configure url through wizard because as per                                                                              my discussion with other MII experts MII does not support SOAP1.2. that is one reason for using http post.
    WCF Storm: both bindings works fine (There is option to select windows authentication and Impersonation level as delegation)
    WCF Test Client: Both bindings works fine
    Any help is appreciated.
    Thanks & Regards,
    Manoj Bilthare

    Hi Sam,
    The web service is valid following are details of testing on various tools.
    SOAP UI: basichttpbinding works fine for wshttpbinding receiving Internal Server error in log and Response as The security context token is expired or is not valid.
    MII Web Service Action Block: basichttpbinding works fine for wshttpbinding not able to configure url through wizard because as per my discussion with other MII experts MII does not support SOAP1.2. that is one reason for using http post.
    WCF Storm: both bindings works fine (There is option to select windows authentication and Impersonation level as delegation)
    WCF Test Client: Both bindings works fine
    Please let me know if additional details required.
    Thanks & Regards,
    Manoj Bilthare

  • MYSAPSSO2 Cookie not found in IE

    Hi Everyone,
    I am trying to implement SSO between a third party Java application and the SAP EP 7.0. As a test procedure, I log in to my portal and then run my code to see if I can retrieve and decrypt the MYSAPSSO2 cookie.
    My code works perfectly when I log in to the portal using Mozilla Firefox (2.0.0.1); I can see the MYSAPSSO2 cookie and decrypt it (Log file output below). However, when I use IE (6.0.3790.1830) to log in to the portal, I can not retrieve the MYSAPSSO2 cookie. It seems as if this cookie does not even exists. I am thinking the cookie is somehow hidden and therefore my code can't see it.
    Has anyone faced this issue before? I have tried to decrease the security settings on IE but that doesn't help things. Any help on this issue would be really appreciated!
    Pasted below is a snippet of my code.
    //request is a HttpServletRequest object
    Cookie[] allCookies = request.getCookies();
                        int allCookiesLength = allCookies.length;
                        for (int i = 0 ; i<allCookiesLength; i++)
                             Log.debug("Cookie Name at " + i + " = " + allCookies<i>.getName());
                             if(allCookies<i>.getName().compareToIgnoreCase("MYSAPSSO2")==0)
                                  SAP_SSO_COOKIE =  allCookies<i>;
                                                    Log.debug("Cookie Found!");
                                  cookieFound = true;
                                  break;
                                            Log.debug("Cookie NOT Found!");
                             cookieFound = false;
    <u><b>Log file Output with IE</b></u>
    2007.02.07 13:05:31 Cookie Name at 1 = saplb_*
    2007.02.07 13:05:31 Cookie Name at 2 = JSESSIONID
    2007.02.07 13:05:31 Cookie NOT Found!
    <u><b>Log file Output with Firefox</b></u>
    2007.02.07 13:54:15 Cookie Name at 0 = saplb_*
    2007.02.07 13:54:15 Cookie Name at 1 = PortalAlias
    2007.02.07 13:54:15 Cookie Name at 2 = JSESSIONID
    2007.02.07 13:54:15 Cookie Name at 3 = MYSAPSSO2
    2007.02.07 13:54:15 Cookie Found!
    Thanks
    MOY

    Michael,
    I changed the parameter "httponlycookie" to FALSE and this works. My issue was that when I set the parameter to FALSE, I restarted my J2EE engine. For some odd reason, after the restart this parameter was set back to TRUE. Whats even worse, or maybe even cool, depends how you look at it, is that this parameter is set back to TRUE even if I closed down Visual Admin and fire it up again (without restarting the server). However, in this case SSO still works because the J2EE settings are not updated with this TRUE value. Is there a security setting which sets back this parameter to TRUE every time the server is restarted or when Visual Admin is fired up?
    Thanks
    MOY

  • Portal integration with Exchange server 2003 issues.

    Hello,
    We are using NW04s EP 7.0 SP16 and Exchange server 2003. We are trying to perform OWA and Groupware integration. Both the servers are in the same domain.
    I have followed all the steps in the notes and documents available there in SDN. There are few issues:
    1) The latest KerbMap filter has been configured in Exchange backend server. SAP note 785343 says that the exchange frontend server needs to be configured for anonymous authentication to enable pass-through authentication. But doing this breaks the form based authentication in exchange server, and it also poses security risk when the backend exchange server is behind the firewall. How do we enable pass-through authentication so that the exchange frontend passes the mysapsso2 cookie to the exchange backend server?
    2) When I try to create an appointment or try to view the appointments, it gives an error message saying " No logon data found for system Exchange". The Exchange system has been configured for SAP Logon Ticket, and the user mapping fields were left empty. Why should it prompt for user mapping when the logon method is "SAP Logon Ticket"?
    There are many documents out there, but none is the latest with clear steps. Can anyone point me in the right direction please?
    Thanks,
    ~Yasin

    As far as I remember, when Exchange 2003 is installed on a Domain Controller, it uses the local DC as a GC. You need to set back the 2003 DC as GC and restart it.
    I believe, you are aware that demoting/promoting a DC with Exchange server on it is not supported by MS. The best approach is to:
    Introduce an Exchange 2010 member server
    Move all resources from Exchange 2003 to Exchange 2010
    Decommission Exchange 2003
    Demote the 2003 DC
    Step by Step Screencasts and Video Tutorials

  • MYSAPSSO2 Cookie not creating in Internet Explorer

    We are Implementing Single Sign on in EP 6.0.
    EP 6.0 issues mysapsso2 logon ticket and ITS, R/3 reads the ticket
    The probelm we are having is, When we login the Portal using Internet Explorer. Its not creating the MYSAPSSO2 ticket.
    But when we use Firefox. it is creating the Cookie.
    any suggestions how to deal with this?
    Thanks for you help.
    Gopi.

    Hi,
    it might well be that you don't see the cookie via document.cookies ... because SAP marks the cookie as "HttpOnly" when setting it. This means, it cannot be accessed via JavaScript.
    As my co-posters already suggested: Consider using an HTTP sniffer (WebScarab, HttpWatch or even Ethereal) for checking the following:
    a) Do you receive a Set-Cookie: MYSAPSSO2=.... header?
    b) Does your browser send back a header Cookie: MYSAPSSO2=... ?
    a) should not fail. If it does, your portal actually does not create SAP logon tickets
    b) fails, if your browser did not accept the cookie creation (mostly for security reasons).
    Please do this test with both IE and Firefox and check for differences.
    And btw: What IE version are you using? What is the version and SP level of your Windows?
    Regards,
    Dominik

  • MYSAPSSO2 cookie format in J2ee and ABAP - NW7

    Hello
    I installed NW7 with ABAP + Java with system id DV1. I was able to configure the java and abap to issue ticket and to be accepted by other systems (DV2).
    If I login to the DV1 abap host using webgui url(integrated ITS), I am getting the MYSAPSSO2 cookie in the browser IE.  With this I am able to login to DV2 j2ee and also to ABAP.
    If I login to DV1 j2ee engine using the portal link, I am not seeing the MYSAPSSO2 cookie in the browser, but seeing JSESSIONID and with it still I am able to login to DV2.
    My question : Is the JSESSIONID exactly equal to MYSAPSSO2 ? If not how can I make the DV1 J2ee to issue MYSAPSSO2 cookie ? Thanks.
    SAPLearner

    Hi
    I am able to test and able to login to the other j2ee or abap system. But still not able to see the MYSAPSSO2 cookie issued by EP j2ee.
    DV1 - NW7 SP12 system ABAP + J2ee(with portal on it)
    DV2 - NW7 SP12 system ABAP + J2ee(with BI java)
    I have exported DV1's java and abap certificate to DV2, made it trusted and the the connection is working.
    When I login to DV1 j2ee using the url  http://<DV1fullhostname>.com:52200/irj/portal
    and getting the below in my browser
    SignOnDefault=<windows id>; JSESSIONID=(DV1host_DV1_22)ID2068173650DB0050916542928689590End; SAPPORTALSDB0=urn%253Acom.sapportals.appdesigner%253Aframework%2526isPersonalizeMode%3Dfalse; GWS_AUTO_LOGIN=FALSE; AbxUserLocale=en_US_STAFF; PortalAlias=portal; saplb_*=(DV1host_DV1_22)613943650
    With this above cookie I am able to login to DV2 j2ee http://<DV2fullhostname>.com:52500/nwa
    or abap http://<DV2fullhostname>.com:8025/sap/bc/gui/sap/its/webgui
    without any issue. In my browser I do not see MYSAPSSO2 cookie. Why is that?
    My login stack in j2ee is defined as below.
               1. Evaluate ticket
               2. Basic login modele
               3. Create ticket
    At the same time if I login to DV1 abap http://<DV1fullhostname>.com:8022/sap/bc/gui/sap/its/webgui  I can see the cookie MYSAPSSO2 in the browser and still able to login to DV2.
    Dont understand why my DV1 j2ee is not issuing MYSAPSSO2 cookie and issueing JSESSIONID ?
    Appreciate your reply
    SAPLearner

  • Getting the MYSAPSSO2 cookie in the application running in tomcat server

    Hi All
    I am trying to integrate the java application running in tomcat in to portal ...for this i have developed a servlet and trying to get the MYSAPSSO2 cookie in this so that i can vlaidate this ticket...
    can any one plz help in solving this issue
    Thanks & Regards
    Ajay

    Hi Ajay,
    Did you solve this problem? how? I need to do this too.
    thanks,
    Daniel Arakawa

  • Configure portal to issue ticket (MYSAPPSSO2 cookie) for "higher" domain

    Hello all,
    we have an EP 7.00 (SP 22) which can be accessed using the following (faked) fully qualified URL:
    https://host.sd1.sd2.mycompany.de:[HTTPS-port]/irj/portal
    When logging on to the portal with username and password, the portal issues a logon ticket. In the browser, I can see the MYSAPSSO2 cookie and it is for the following domain:
    .sd1.sd2.mycompany.de
    From the portal, we call some BI report applications, which run on WebFocus. The WebFocus server is in the following domain:
    .sd3.sd4.mycompany.de
    Single sign-on does not work. It only works, if we modify the domain of the MYSAPSSO2 cookie (this we achieved with a firefox-addon) and "cut off" the two subdomains .sd3.sd4
    My question: is it possible, to configure the portal in such a way, that the MYSAPSSO2 cookie is issued for domain
    .mycompany.de ?
    I have read some hints on domain relaxing. But I am not sure, if setting the parameter ume.logon.security.relax_domain.level would help us. If I understood it correctly, we would need to set the value to 3.
    Best regards,
    Philipp Hinnah

    Hi Philipp,
    yes, relax_domain is the correct parameter. By the way - use the search function in SDN and you will find a lot of threads around this issue. And also you would have found the answer.
    Anja

  • MYSAPSSO2 validation and parsing

    Hi,
    i need to validate sso ticket on another machine that ticket was issued. I need to do it in java. I think that i may use com.sap.security.* but i am not sure. I have some ideas but i dont know if it is the easest way. So the starting point is that i have MYSAPSSO2 cookie, what should i do now?
    thanks

    You also need the verify.pse file of the issuing party. I think this is the public key (if not you need the verify.der file, I always confuse the two).

  • New DVR Issues (First Run, Channel Switching, etc.)

    I've spent the last 30 minutes trying to find answers through the search with no luck, so sorry if I missed something.
    I recently switched to FIOS from RCN cable in New York.  I've gone through trying to setup my DVR and am running into issues and was hoping for some answers.
    1.  I setup two programs to record at 8PM, I was watching another channel at the time and only half paying attention.  Around 8:02 I noticed a message had popped up asking if I would like to switch channels to start recording.  I was expecting it to force it to switch like my old DVR, but in this case it didn't switch and I missed the first two minutes of one of the shows.  I typically leave my DVR on all day and just turn off the TV, this dual show handling will cause issues with that if I forget to turn off the DVR.  Is there a setting I can change that will force the DVR to choose one of the recording channels?
    2.  I setup all my recordings for "First Run" because I only want to see the new episodes.  One show I setup was The Daily Show on comedy central, which is shown weeknights at 11pm and repeated 3-4 times throughout the day.  My scheduled recordings is showing all these as planned recordings even though only the 11pm show is really "new".  Most of the shows I've setup are once a week so they aren't a problem, but this seems like it will quickly fill my DVR.  Any fixes?
    Thanks for the help.
    Solved!
    Go to Solution.

    I came from RCN about a year ago.  Fios is different in several ways, not all of them desirable.  Here are several ways to get--and fix--unwanted recordings from a series recording setup.
    Some general principles. 
    Saving changes.  When you originally create a series with options, or if you go back to edit the options for an existing series, You MUST save the Series Options changes.  Pretty much everywhere else in the user interface, when you change an option, the change takes effect immediately--but not in Series Options.  Look at the Series Options window.  Look at the far right side.  There is a vertical "Save" bar, which you must navigate to and click OK on to actually save your changes.  Exiting the Series Options window without having first saved your changes loses all your attempted changes--immediately.
    Default Series Options.  This is accessed  from [Menu]--DVR--Settings--Default Series Options.  This will bring up the series options that will automatically be applied to the creation of a NEW series. The options for every previously created series will not be affected by a subsequent modification of the Default Series Options.  You should set these options to the way you would like them to be for the majority of series recordings that you are likely to create.  Be sure to SAVE your changes.  This is what you will get when you select "Create Series Recording" from the Guide.  When creating a new series recording where you think that you may want options different from the default, select "Create Series with Options" instead.  Series Options can always be changed for any individual series set up later--but not for all series at once.
    Non-series recordings.  With Fios you have no directly available options for these.  With RCN and most other DVRs, you can change the start and end times for individual episodes, including individual episodes that are also in a series.  With Fios, your workarounds are to create a series with options for a single program, then delete the series later;  change the series options if the program is already in a series, then undo the changes you made to the series options later; or schedule recordings of the preceding and/or following shows as needed.
    And now, to the unwanted repeats. 
    First, make sure your series options for the specific series in question--and not just the series default options--include "First Run Only".  If not, fix that and SAVE.  Then check you results by viewing the current options using the Series Manager app under the DVR menu.
    Second, and most annoying, the Guide can have repeat programs on your channel tagged as "New".  It happens.  Set the series option "Air Time" to "Selected Time".  To make this work correctly, you must have set up the original series recording after selecting the program in the Guide at the exact time of a first run showing (11pm, in your case), and not on a repeat entry in the Guide.  Then, even it The Daily Show is tagged as New for repeat showings, these will be ignored. 
    Third, another channel may air reruns of the program in your series recording, and the first showing of a rerun episode on the other channel may be tagged as "New".  These can be ignored in your series if you set the series option "Channel" to "Selected Channel".  Related to this, if there is both an SD and HD channel broadcasting you series program, you will record them both if the series option "Duplicates" is set to "Yes".  However, when the Channel option is set to "Selected Channel", the Duplicates Option is always effectively "No", regardless of what shows up on the options screen.  
    As for you missing two minutes,  I have sereral instances in which two programs start recording at the same time.  To the best of my recollection, whenever the warning message has appeared, ignoring it has not caused a loss of recording time.  You might have an older software version.  Newest is v.1.8.  Look at Menu--Settings--System Info.  Or, I might not have noticed the loss of minutes.  I regularly see up to a minute of previous programming at the start of a recording, or a few missing seconds at the beginning or end of a recording.  There are a lot of possibilities for that, but the DVR clock being incorrect is not one of them.  With RCN, the DVR clocks occasionally drifted off by as much as a minute and a half.

Maybe you are looking for

  • A swf loader bug?

    It looks like I may have found a bug in the swf loader.  Before I submit this problem I want to make sure there is not something I'm missing in my code. I wrote this class to load a tutorial when the user first launches a sub application in a project

  • Variables from an Outside Database

    Hey guys, I'm trying to write a SQL report that can return the tracking number of a given sales order that is being stored in another database.  I have no problem accessing the outside database if I have the correct document number in the query.  How

  • Fetching accessible record type list for any user

    How to get list of standard record types being accessible for any user role? One solution - We know the entire list of standard record types, so we can keep trying to access each record type and if we get access violation exception, then skip that re

  • My wired mouse no longer will right click.

    My wired mouse will no longer respond to a right click. Settings in System Preferences have not changed. Any Idea what might be the problem? Am running 10.6.8 Thank you

  • Has anyone got any idea as to when the iPhone 4S will come to India?

    Has anyone got any idea as to when the iPhone 4S will come to India?