Problem SSO between VPN and NAC

Hello
Description of our problem : SSO doesn't work
-on the first connexion from vpn client we insert two time the login and password :one time for the client vpn and the seconde time for CAA (clean Access agent).
-although for the other connexion that succeed, we insert only one time the login and password (for vpn only) and for CAA the connexion is done automatiquely and a some hours later we reinsert two times login and password for vpn and CAA.
The following steps are done to configure Cisco NAC Appliance to work with a VPN concentrator:
Step 1 Add Default Login Page =ok
Step 2 Configure User Roles and Clean Access Requirements for your VPN users =ok
Step 3 Enable L3 Support on the CAS = ok
Step 4 Verify Discovery Host =ok (CAS IP ADDRESS 192.168.2.11)
Step 5 Add VPN Concentrator to Clean Access Server =ok (ASA IP ADDRESS 192.168.2.1)
Step 6 Make CAS the RADIUS Accounting Server for VPN Concentrator =ok
Step 7 Add Accounting Servers to the CAS (accounting server is CAM IP ADDRESS 192.168.20.10)
Step 8 Map VPN Concentrator(s) to Accounting Server(s)=ok
Step 9 Add VPN Concentrator as a Floating Device =ok
Step 10 Configure Single Sign-On (SSO) on the CAS/CAM =ok
the database for vpn authentication is cisco secure acs(192.168.1.30).
Tanks to any anybody to give us a possible solution.
FILALI Saad
Ares Maroc

Hi
I have just gone the the same issues with SSO VPN with my CAS in real-ip mode.
First thing to consider, when your testing, every time you test a user, make sure you go into the CAS or CAM and remove them as a certified device or active user before you perform your next test. I found that while I was testing that it would sometimes cache the user and I was getting successful auth attempts but due to their device being already accepted on a previous connection because the CAS was not made aware that the user had logged out correctly.
1. Make sure you have a fully functional DNS system on the inside network, I didnt realize how important it was to have forward and reverse look ups for your CAS and CAM. Make sure that all CAS and cams are listed in dns with correct domain names.
This in very important if your running your own CA certificates on cas and cam. Make sure that the CAM and CAS can resolve each other via dns. Make sure the CAM and CAS can perform reverse lookups of each other. Also make sure that when the user VPN's into your ASA that they can also perform DNS lookups and reverse lookups. If they cant perform dns look ups, you may need to temporarily allow the untrusted network full access while you resolve the DNS lookup problem on the client computer. One of the issues I had was that the VPN clients couldnt resolve internal DNS names and so the CCA agent would never auto pop-up and start the auto login process because it was trying to resolve the CAM name and also check that the CA certificate I had on the CAS was legitimate as I had used names in my certs and not IP addresses.
2. Make sure your VPN group settings on the IPSEC policy of the ASA has DNS pointing to your internal DNS server.
3. I know you already said you have done this but check to make sure that the VPN group setup on your ASA for your remote access users, has been setup with the radius accounting being directed the INSIDE interface IP address of your CAS, (if you are running your CAS in real-ip, I found that the inside interface was the only interface listening on 1813, do a 'netstat -an' on the cas to check) if your running in VGW mode then you only have 1 ip address to direct it to anyway.
Follow from step 15 in following link
http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a008074d641.shtml
3. Troubleshoot and make sure that the ASA actually sends a radius accounting message to the CAS. I did this by ssh into the CAS and doing a 'tcpdump -i any src and not tcp 22'. I then logged into the VPN client and made sure that once I entered my vpn user and pass, that the ASA authenticates the vpn user and then passes a radius accounting message to the CAS informing the CAS it has allowed a new user. If you dont see this radius accounting message hit the CAS interface go back to my step 3 and resolve.
4. Finally check that you have not mistyped a shared secret somwhere, ie between CAM and ACS, Between ASA and ACS, Between ASA and CAS. I had all my users authenticate though radius on my ACS server, a number of times I got caught out by a simple typo in a shared secret.
Try these things first.
Also someone else here on the forums linked this guide to me that also helped me setup my CAS correctly.
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cas/s_vpncon.html
You may find it useful too.
Dale

Similar Messages

  • SSO between Portal and Nakia.....problem with SSO... library not found..

    Hi Sdn's  and Nakisa tehnical experts,
    We have a Portal environment 7.02 , a Nakisa environment 3.0  (CE) and and HR backend environment 701 (604).
    We are busy setting up SSO between Portal and Nakisa via the, URL iview for the Org chart (http://<host>:<port>OrgChart/default.jsp).
    We have done as indicated in wiki:
    http://wiki.sdn.sap.com/wiki/display/ERPHCM/SAPSSOAuthenticationwithverify.pseusingSAPSSOEXT
    We are however stil having issues with the SSO and in the cds.log the following is being displayed:
    ++01 Aug 2011 13:11:42 ERROR com.nakisa.Logger  - com.mysap.sso.SSO2Ticket : Could not load library: sapsecu.dll - java.lang.Exception: MySapInitialize failed: rc= 14null++
    ++01 Aug 2011 13:11:42 ERROR com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 9, ssf error= 0++
    ++01 Aug 2011 13:11:42 ERROR com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Internal error (9) - No SSF error (0)++
    Can someone indicate what I am doing wrong?
    Regards Dries

    Hi Luke,
    thanks a lot for your help so far.
    I have created a root/XML folder under the diretory, and the path is now as follows:
    K:\usr\sap\NKP\J14\j2ee\cluster\apps\Nakisa\OrgChart\servlet_jsp\OrgChart\root\.system\Admin_Config\__000__Sasol_DEV_LIVE\.delta\root\XML
    It seems like it finds the verify.pse, but not the library, sapsecu.dll.
    My credentials.xml file is as follows:
    <credentials>
    <assembly name="SapSso"/>
      <info>
        <item name="PseFilePath">XML\verify.pse</item>
        <item name="SsfLibFilePath">XML\sapsecu.dll</item>
        <item name="PsePassword"></item>
        <item name="WindowsPlatform">64</item>
        <item name="TicketFile"></item>
        <item name="Base64decode">true</item>
       </info>
    </credentials>
    I however stilll get the following in the cds.log
    15 Aug 2011 13:59:53 INFO  com.nakisa.Logger  - Tenant ID: 000
    15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - LoginSettingsObject Load: 1719
    15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Credential provider SapSso
    15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Using cert: K:\usr\sap\NKP\J14\j2ee\cluster\apps\Nakisa\OrgChart\servlet_jsp\OrgChart\root\XML\verify.pse
    15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Ticket is: AjExMDAgAA9wb3J0YWw6eXNzZWxhZ2OIABNiYXNpY2F1dGhlbnRpY2F0aW9uAQAIWVNTRUxBR0MCAAMwMDADAANEUDkEAAwyMDExMDgxNTExNDcFAAQAAAAICgAIWVNTRUxBR0P%2FAQQwggEABgkqhkiG9w0BBwKggfIwge8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGBzzCBzAIBATAiMB0xDDAKBgNVBAMTA0RQOTENMAsGA1UECxMESjJFRQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTEwODE1MTE0NzIwWjAjBgkqhkiG9w0BCQQxFgQUK13ubzFiQrY4H%2FLRk2ysyvPSvccwCQYHKoZIzjgEAwQuMCwCFF1W9d!tAjLvP8dnb1bs4XghaHSBAhQ9kd9N!bJubUWITtkzU!za96lxNg%3D%3D
    15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Version of SAPSSOEXT: SAPSSOEXT 4
    15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : SCUE LIB base path is:
    15 Aug 2011 13:59:55 ERROR com.nakisa.Logger  - com.mysap.sso.SSO2Ticket : Could not load library: sapsecu.dll - java.lang.Exception: MySapInitialize failed: rc= 14null
    15 Aug 2011 13:59:55 ERROR com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 9, ssf error= 0
    15 Aug 2011 13:59:55 ERROR com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Internal error (9) - No SSF error (0)
    15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : User to authenticate null
    15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Authentication provider SapSso
    15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : User authenticated null
    15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Authentication row is {SapSsoTicket=AjExMDAgAA9wb3J0YWw6eXNzZWxhZ2OIABNiYXNpY2F1dGhlbnRpY2F0aW9uAQAIWVNTRUxBR0MCAAMwMDADAANEUDkEAAwyMDExMDgxNTExNDcFAAQAAAAICgAIWVNTRUxBR0P%2FAQQwggEABgkqhkiG9w0BBwKggfIwge8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGBzzCBzAIBATAiMB0xDDAKBgNVBAMTA0RQOTENMAsGA1UECxMESjJFRQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTEwODE1MTE0NzIwWjAjBgkqhkiG9w0BCQQxFgQUK13ubzFiQrY4H%2FLRk2ysyvPSvccwCQYHKoZIzjgEAwQuMCwCFF1W9d!tAjLvP8dnb1bs4XghaHSBAhQ9kd9N!bJubUWITtkzU!za96lxNg%3D%3D}
    15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : User population provider is Database
    15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - FunctionRunner : ensurePool : Current pool size:0
    15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - FunctionRunner : ensurePool : Current pool size:0
    15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - FunctionRunner.executeFunctionDirect: /NAKISA/RFC_REPORT took: 266ms
    15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - BAPI_SAP_OTFProcessor_Report :  WhereClause : ( (Userid is null) or (Userid='') ); Table : (SAP_UserPopulation); Dataelement : (UserPopulationInfo)
    15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : User populated
    15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Role mapping provider is: SAP
    15 Aug 2011 14:00:00 ERROR com.nakisa.Logger  - SAPRoleMapping_SAP.MapRoles() : while trying to invoke the method java.lang.String.toUpperCase() of an object loaded from local variable 'value'
    15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Login process finished with errors
    Any ideas? Should I maybe hardcode the location in the credentials.xml?
    Kind regards
    Dries Yssel

  • Different ways to establish SSO between Portal and ADP

    Hi,
    We are implementing payroll with the help of ADP.
    Please let me know different ways of establishing SSO between portal  and ADP
    Thanks
    Bala Duvvuri

    You may a few issues. SSO with logon tickets is based on accessing web sites in the same domain. So, if the portal is on http://ourportal.company.com, then the web site being accessed needs to have a URL like http://adphosted.company.com. Is the ADP system accessible by a DNS alias that is within company.com? If so, you're OK. If not, then there will be problems.
    The other SSO method is user mapping, but the security implications are not good...

  • Conflict between VPN and Airport disk

    Hello Folks, I just bought a brand new airport extreme 802n.
    I thought it would be working fine with my Macbook pro, but it doesn't.
    I can't access any externe hard disk or USB Stick through the airport extreme, although the format is FAT32. I checked and checked but found nothing useful. All the settings are default.
    Worth to mention, I always use a cisco VPN client to get connected to the Internet (university student).
    There are few times when I disconnected the VPN Client, the USB Client can be found and read, but not be written.
    I though it is a conflict between VPN and Airport disk. So I tried without VPN, but the USB stick and the extern hard disk still didn't work properly. I have no idea what is happening could somebody help?
    By the way is it possible to set Airport extreme as a VPN router so I don't have to use the cisco VPN client anyway?
    Any reply is appreciated
    Thank you !

    I have an Airport Extreme connected to a cable modem
    with comcast as my isp. The Extreme is connected to
    a G4 dual processor mac via ethernet. I also have 3
    airport expresses around the house to work as range
    extenders. When I had the G4 connect to the Extreme
    via its internal airport card, I had no difficulty
    connecting to any of the Expresses around the house
    with my g4 powerbook. Now that I have the G4 Dual
    directly connected by ethernet to get the fastest
    speed, I cannot get my expresses or my laptop to
    connect through my laptop to the base station. all
    lights are green on the expresses, but running
    network diagnostics on the powerbook shows red or
    yellow for the last two buttons on the right. Do I
    have a configuration problem or an Extreme that won't
    bridge properly?
    Check that the G4 Dual has a location configured with
    only "Built-In Ethernet" activated, and that its
    Ethernet connection isn't shared on AirPort.
    Turn off all your AX and check that your
    PB G4 is able to connect to "your" AirPort network.
    Take advantage of this silence of all your AX
    to run an analysis of your wireless environnement:
    - check that you don't have any neighbor wireless
    network,
    - check that on each of your AX settlement you have a
    very good reception of "your" AirPort network.
    If everything works fine to that point, add one AX to
    your network, and check the reachability of your network
    where you wanted to extend it.
    dan    

  • SSO between ITS and EP

    We are implementing ESS MSS on 4.7 , ITS 4.7 with EP 6.0
    Can some one point me as to how to configure the SSO between these various landscapes. I Think we would require SSO between EP and ITS for ESS in MSS services.
    regards
    Sam
    Message was edited by:
            sameer chilama

    Hi Sameer,
    All the information you are looking for is in the help.sap.com
    http://help.sap.com/saphelp_nw04/helpdata/en/89/6eb8e1af2f11d5993700508b6b8b11/frameset.htm
    This help guide is really very clear and thorough.
    Regards
    Daniel

  • SSO between Portal and Java WD application

    Hi Experts,
    I am using CE 7.2 on localhost and I am very new to SAP.
    I need to know how can I get SSO between Portal and Java WD.  I have a WD application that displays the logged in user using "IUser currentUser = WDClientUser.getCurrentUser().getSAPUser()", as well I can use "IUser user = UMFactory.getAuthenticator().getLoggedInUser()".  Both work.
    Q1. What is the difference in the 2 above?
    Q2. My WD application is set to authenticate user.  The WD application is in URL iView.  I need SSO between Portal and WD application.   Is there a way to get this SSO without SAP Backend (ECC), for now I just need SSO between Portal and Java WD appl.
    Everything is in localhost.
    Please advice. Thanks.

    > need to know how can I get SSO between Portal and Java WD.
    Then I suggest you ask your question in the Web Dynpro Java forum instead of the Web Dynpro ABAP one.

  • Setting up SSO between EP and back-end SAP systems

    Can anybody give me some insight about setting up SSO between EP and back-end SAP systems. If possible some links to write up would be great.
    Thanu

    Hi,
    This link gives you a detailed information on setting up SSO : http://help.sap.com/saphelp_nw04/helpdata/en/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
    Some How-guides:
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e676ec90-0201-0010-cfa3-90b7c1291903
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/77378b3d-0b01-0010-ffa5-c6941e286c43
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/80fbc690-0201-0010-1aba-93d5c8232b4a
    Regards,
    Sunil

  • SSO between EP and ECC-- JCo RFC Provider- Error-- JCO_ERROR_SERVER_STARTUP

    Hello Everyone
    I am setting Up SSO between my EP 7.0 and my ECC 6.0 system. During the phase JCO RFC PRovider i am giving the following values:
    The following was done;
    1. start Visual Administrator -> Service : Choose JCo RFC Provider
    2. Created JCo RFC provider:
    Program ID: SAPJ2EE_Port
    Gateway host: EPDEV ( host of my EP System)
    Gateway service: sapgw00
    Server Count 5
    Application Server Host: ERP6 ( Host of my ECC System)
    System Number: 00
    Client: 000
    Language: EN
    User: SAPJSF
    Password: ..
    When i click on SET i am getting the error " ERROR When ADDING TO BUNDLE" Check LOG FOR DETAILS".
    I checked the DEFAULTTRACE.TRC and get the following MEssage :
    Date , Time , Message , Severity , Category , Location , Application , User
    03/01/2011 , 3:33:30:101 , Error changing bundle SAPJ2EE_PORT , Error , /System/Server , com.sap.engine.services.rfcengine.RFCRuntimeInterfaceImpl.addBundle(BundleConfiguration conf) ,  , Administrator
    03/01/2011 , 3:33:30:085 , com.sap.mw.jco.JCO$Exception: (129) JCO_ERROR_SERVER_STARTUP: Server startup failed at Tue Mar 01 03:33:30 PST 2011.
    This is caused by either a) erroneous server settings, b) the backend system has been shutdown, c) network problems. Will try next startup in 1 seconds.
    Could not start server: Connect to SAP gateway failed
    Connect parameters: TPNAME=SAPJ2EE_PORT GWHOST=EPDEV GWSERV=sapgw00
    ERROR       partner 'EPDEV:sapgw00' not reached
    TIME        Tue Mar 01 03:33:30 2011
    RELEASE     700
    COMPONENT   NI (network interface)
    VERSION     38
    RC          -10
    MODULE      nixxi.cpp
    LINE        2823
    DETAIL      NiPConnect2
    SYSTEM CALL connect
    ERRNO       10061
    ERRNO TEXT  WSAECONNREFUSED: Connection refused
    COUNTER     1
    I have configured my SLD as well. Any suggestions. Please Advise.

    Hi Ahmed,
    Please do check the validity of the certificate.
    Please do cross check these steps again.
    1.     Transaction u2013 STRUSTSSO2 (Trust Manager for Logon Ticket)
    2.     Double Click Owner certificate. It gets reflected under the certificate tab.
    3.                  Choose Format Binary
    4.                  Choose File Path.
    5.                  Enter the File Name
    6.                 saved in local drive.
    You can import into portal as x.509 certificate.
    check this thread -
    Certificate no longer has signature (use restriction)
    Renew certificate via SAP MarketPlace, and install from tcode slicense.  If you are working on a trial version, there is a SAP license request application form. Fill the form with the hardware key. you will get the new license via email. Install using slicense. Then try exporting the certificate.
    Thanks,
    Divya
    Edited by: Divya V on Mar 10, 2011 11:25 AM

  • SSO between EP and GRC systems

    Hi,
    We have EP 7.0 and GRC 5.3 systems in our landscape. In the login page of the portal, we have a link configured to the GRC system to use the Compliant User Provisioning application.
    On clicking the GRC link for accessing CUP, the user is prompted to enter the username and password to login to the GRC system. In our landscape both the EP and GRC systems have the ECC ABAP system as the UME and hence the user credentials are exactly the same for both EP and GRC systems for a particular user.
    I would like to avoid another logon for the user in GRC as he has already logged in with the same user credentials in EP system.This, i believe is achieved through SSO but i'm not sure about configuring SSO between two Java systems.
    Please help me in the configuration.
    Regards,
    Ragav

    Ragav_ss wrote:
    Everything is working fine when i click User Logon link in GRC system which comes up through the link from EP. The SSO is working fine there. But when i click Request Access or Request Status link, the SSO does not work.
    Any clues.
    GRC version is 5.3 SP 12
    Did you ever get that resolved? I'm having the same problem with 5.3 SP 15.
    Regards,
    Sean

  • Error in SSO between Portal and IDM

    Hi All,
    In my scenario i need to configure the IDM workflow in portal and do SSO between them. I followed the steps given in IDM-Workflow installation document and did following things.
    1. Uploaded the par file available in IDM installation kit in to portal.
    2. Imported the Portal Content package (epa file) in to portal.I got the role Identity Center in my masthead.
    3. Created System as said in the document.
    4. Completed the necessary steps for transporting certificate between them.
    But when click on the role 'Identy Center' or do preview of any iViews of IDM i am getting the following error.
    Portal runtime error.
    An exception occurred while processing your request. Send the exception ID to your portal administrator.
    Exception ID: 05:58_06/12/08_0860_1657450
    Refer to the log file for details about this exception.
    Here is my default trace log for that exception id.
    #1.5 #0019BBDC2B650079000000440000161C00045D5E6D4D111F#1228560048914#com.sap.portal.portal#sap.com/irj#com.sap.portal.portal#tventhan#24261##n/a##e764b200c37c11ddca800019bbdc2b65#SAPEngine_Application_Thread[impl:3]_16##0#0#Error#1#/System/Server#Java###Exception ID: 05:58_06/12/08_0860_1657450
    [EXCEPTION]
    #1#com.sapportals.portal.prt.component.PortalComponentException: Error in service call of Portal Component
    Component : pcd:portal_content/com.sap.idm/iviews/workflow/com.sap.idm.workflow.home_overview
    Component class : com.sapportals.portal.sapapplication.SAPApplicationIntegratorComponent
    User : xxxxx
         at com.sapportals.portal.prt.core.PortalRequestManager.handlePortalComponentException(PortalRequestManager.java:973)
         at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:343)
         at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
         at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
         at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:215)
         at com.sapportals.portal.prt.pom.PortalNode.service(PortalNode.java:645)
         at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
         at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
         at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
         at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:753)
         at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)
         at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:524)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:407)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
    Caused by: com.sapportals.portal.prt.runtime.PortalRuntimeException: Exception in SAP Application Integrator occured: Unable to parse template &\#39;&lt;System.protocol&gt;://&lt;System.hostname&gt;/&lt;System.appcontext&gt;/welcome.php?SAPIDStore=&lt;System.idstore&gt;&amp;wf_portal=1&\#39;; the problem occured at position 38. Cannot process expression &lt;System.appcontext&gt; because Invalid System Attribute:
    System:    &amp;\#39;SAP_LocalSystem&amp;\#39;,
    Attribute: &amp;\#39;appcontext&amp;\#39;.
         at com.sapportals.portal.appintegrator.AbstractIntegratorComponent.doContentPass(AbstractIntegratorComponent.java:123)
         at com.sapportals.portal.appintegrator.AbstractIntegratorComponent.doContent(AbstractIntegratorComponent.java:98)
         at com.sapportals.portal.prt.component.AbstractPortalComponent.doPreview(AbstractPortalComponent.java:240)
         at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:168)
         at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114)
         at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
         ... 29 more
    Please help me to get rid of this issue.
    Thanks & Regards,
    Tamil K

    Hi Tamil,
    Please have a look in your log
    Exception in SAP Application Integrator occured: Unable to parse template &\#39;<System.protocol>://<System.hostname>/<System.appcontext>/welcome.php?SAPIDStore=<System.idstore>&wf_portal=1&\#39;; the problem occured at position 38. Cannot process expression <System.appcontext> because Invalid System
    Please check the above values in system properties which are in bold
    regards
    Anand.M

  • SSO between BW and Sharepoint

    Hi,
    We have a situation where we want to establish SSO between SAP BW (3.5 with out java stack running on UNIX machine) and MS Sharepoint server.
    Can you kindly let me know what could be the best solution and any documentation?
    I've looked at various docs and mostly all are boiling down to have a Java Stack. I'm unable to figure out a correct solution for the above scenario.
    Thanks and regards
    Aarthi

    Hi Andre,
    We have Windows NTLM (not kerberos) enabled for IWA to logon to Sharepoint portal.
    Thanks and regards
    Aarthi

  • SSO Between EP  and R/3 6.4

    Hi,
    I am trying to implement SSO between SAP EP 6.0 and SAP R/3 6.4 using logon tickets.
    I've downloaded the .pse and .der files from Portal,uploaded the .pse in the backend system,added it to the ACL,but when i tried to test the connection in portal using system admin->system configuration->UM configuration->SAP system
    i am getting an error----
    (System ID): com.sap.mw.jco.JCO$Exception: (101) RFC_ERROR_PROGRAM: 'mshost' missing
    (System ID & System Number): com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to SAP gateway failed Connect_PM TYPE=A ASHOST=ctsgvcsap3 SYSNR=03 GWHOST=ctsgvcsap3 GWSERV=sapgw03 PCS=1 LOCATION CPIC (TCP/IP) on local host with Unicode ERROR service '?' unknown TIME Thu Feb 23 16:24:39 2006 RELEASE 640 COMPONENT NI (network interface) VERSION 37 RC -3 COUNTER 2
    Where am i going wrong?Please help.
    If anyone is having detailed documentation please forward the same.
    Thanks in advance
    SwarnaDeepika.
    Message was edited by: SwarnaDeepika

    Hi Swarna
    the procedure for importing portal certificate in r3 system i already mentioned
    u have a  authorization for strustsso2 on r3 system
    ask for that to basis person or done with their id
    after importing portal certificate into r3 system u have to restart the r3 system no need to restart the portal system
    and make sure for SSO  both portal and R3 system are in same domain.
    i.e
    sapr3.mydomain.com
    portal.mydomain.com
    if not u have to specify the DNS entry for that by creating alias.
    regards,
    kaushal

  • Problem syncing between Itunes and nike plus today, June 3rd?

    I normally have no trouble syncing runs between itunes and nikeplus. However, today for some reason, Itunes cannot connect with Nikeplus. I had installed the Itunes update (so now am running itunes 8), and am wondering if this could be the problem?
    Has anyone else experienced this today?

    Yet again, the same problem here. My Nike+ update has always worked flawlessly. However, I just updated to v8.2 and this was my first upload attempt since updating. Now it no longer works. It just produces this generic error message:
    "iTunes could not connect to nikeplus.com. An unknown error occurred (-50). Make sure your network connection is active and try again."
    This just looks like a generic error if there is no internet connection. However, the internet connection is fine, and I can login through my browser to nikeplus.com without any issues. It's only when attempting to upload my Nike+ data through iTunes that it doesn't work. And it all happened on my first upload attempt after updating to iTunes v8.2.

  • HA SSO Between LDPE and non-LDPE

    There is a customer who got two new 5500 WLCs for Russia, running 7.4.110 SV. per mistake one of the controllers was sent as non-LDPE capable, the other is LDPE. He wants to know if possible to enable HA SSO between these two controllers?
    The only topic related I have found is this https://supportforums.cisco.com/thread/2220165
    But not too much info!

    Here is the risk your customer faces and you know they will say they didn't know!
    I would just tell your customer it's not stabile and they need to RMA the unit!
    Important Note for Customers in Russia
    If you plan to install a Cisco Wireless LAN Controller in Russia, you must get a Paper PAK, and not download the license from Cisco.com. The DTLS Paper PAK license is for customers who purchase a controller with DTLS that is disabled due to import restrictions but have authorization from local regulators to add DTLS support after the initial purchase. Consult your local government regulations to ensure that DTLS encryption is permitted.
    Sent from Cisco Technical Support iPhone App

  • Difference between ISE and NAC?

    Dear All,
    Can you please help to understand difference ISE and NAC?
    Thank You,
    Abhisar.

    Well ISE is the next generation of NAC and has extended the features some of the comparison of features are mentioned in the given diagram

Maybe you are looking for

  • What is the difference between credit memo in invoice year and in next year

    Hi! I'm new here.I'm study SAP ERP.I don't know what is the difference between credit memo in invoice year and credit memo in next year (asset accounting).Can you show and give me an example, please! Thanks and best regards! Edited by: dinhtuan on Ju

  • Error #2007: Parameter listener must be non-null.

    I got this error in a for loop: for (var i=0; i<=4; i++) var titleLength:int = sensors[i].name.indexOf("S"); var title:String = sensors[i].name.slice(0,titleLength); trace(title);                                                            //test; sen

  • What is the differnce of AGP 3.0( 8X ) and AGP2.0( 4X )

    I test some Nvidia graphic cards  that support AGP 8X and test them in 3d mark 2001 (with AGP 8x and 4x) and I have not seen any difference on this 3d mark version. I know that AGP 8x is  2.1 GB/s    and AGP 4x is 1.05 GB/s  but the differece of them

  • How do you expand a file system on Solaris 10 that is running as a LDOM on Solaris 11

    I'm somewhat new to Solaris but needing to expand an existing file system /work on our solaris 10 ldom that was P2V'd into a Solaris 11.2 environment.  I also have several additional questions that I can't seem to find an answer for anywhere. When tr

  • Enquiry about Iphones From Uk

    Recently i have heard that in Uk,some people are importing iphones to India and they are saying that phone comes with 1year Indian warrenty.I asked them how it was possible.They answered me that,they will buy bulk units from manufacturers with Indian