SAP Authentication Method Missing

Similar Messages

• SAP Authentication not available

  Hello together!
  on a BOE-System (XI 3.1, SP3, FP 3.5) is the SAP Authentication for the InfoView- and the CMC-logon not available. I think the problem is that they haven't installed the SAPJCO correct or did some other mistakes during the installation and configuration process. Until now I tried the following because to install and configurate the system new is not really a opportunity:
  check if in the CMC the SAP Authentication is enable
  check in the web.xml if the authentication.visible is set to true
  copied the sapjco.jar into the Tomcat55\shared\lib and Tomcat55\common\lib
  copied the two *.dll from the SAPJCO to the windows\system32 folder
  set the classpath
  redeployed the Apps: InfoViewApp, InfoviewAppActions, CmcApp, CmcAppActions, PartnerPlatformServices, SAP, OpenDocument and dswsbobje
  run the partnercafinstall.bat
  and restart the tomcat and the Server Intelligence Agent
  Btw the Integration Kit for SAP works - it's just the problem with the missing authentication method.
  Another question depending on that problem (maybe) regards  the BW Publisher: There is a role for publishing content, this role have the essential rights and the role is added to the corresponding SAP system folder under the SAP structure in the CMC. But if you want to piblish a Crystal Reports report as a BW-User that is a member of the role but is not imported in the CMC you get the error EAS 30001(An error occurred when synchronizing folder hierarchy for role) which means that the user does not have sufficient rights to publish reports. If I put the role to the administrator group everything works fine except that the reports creates a folder structure SAP\2.0\*SYSTEM\New Object11552\New Object11553\REPORT*. Why are the folder "New Object11552" and "New Object11553" created and what's the problem with the rights?
  I appreciate any hints what else I can do - because as I mentioned above a complete new-install is not really a opportunity.
  Thanks in advance!

  Thanks Heiko and Ingo for your responses!
  @Heiko
  Hi Heiko, I couldn't find the SAP JCO 2.1.9 version to download - so I tried the 2.1.10 version; but still the same problem
  @Ingo
  Hi Ingo,
    >>so the SAP Authentication in the CMC is available and you are able to import the SAP Roles ?
  yes, the SAP Authentication in the CMC is available and I'm able to import SAP roles - that works absolutely fine; it's just that users can't select the SAP-Authentication method for the logon.
    >>EAS 30001
  ok, that was also my idea that it is important that the sap user who want's to publish content is imported in the cmc - but because of the problem that the sap authentication is not available at logon that's currently not possible. So, I think if this problem is solved - the problem with EAS 30001 is also gone.
    >>Make sure the role as descriptions in transaction PFCG in all the languages that you use for publishing
  you're absolutely correct - that was the problem! Thanks Ingo! Could you explain what are the steps I have to do to translate the description of a role in transaction SE63 after I created the role in the transaction PFCG or do you have a link with the HowTo for me? Hope we'll also find a solution for the missing SAP-Authentication method.
  Mario

• Configure SAP Authentication in CMC ..

  Hello,
  i ve installed a BO Edge Server and realized after Completion of installation, that i only have Enterprise/AD/ ..etc. SAP Authentication is missing.
  Question:
  How can i install the SAP authentication ??

  perfect .. Thanx ..

• LiveOffice/SAP Authentication

  Dear Experts, I have installed LiveOffice as per the installation documents. It seems to work fine. But when I try to save the anything to Enterprise, I do not see any SAP authentication. I do have SAP integration kit already installed. Am I missing anything? Please guide.

  It is installed on same machine. I checked my installation steps again one more time. I do not see that I missed any step mentioned n the installation guide.
  I still do not see the SAP authentication in the LiveOffice! Kindly guide me thru.
  These are the steps I performed:
  1 --> Installed all the prerequisites including (SAP GUI, Oracle Client, IIS, Prepare SQL Database, etc..) following the instructions in Business Objects XI Installation Configuration Process.
  2 -->     Installed BusinessObjects Enterprise XI R2 with SP2 following the same guide Business Objects XI Installation Configuration Process.
  3 -->      Installed Crystal Report XI Release 2 SP2 and made sure that installation went OK by checking SAP tool bar in CR client.
  4 -->     Installed Tomcat 5.0.27 by following the installation guide.
         a) Defined users for the Tomcat Web Server Administration as per the release notes
         b) Went to C:\Program Files\Business Objects\Tomcat\conf\tomcatusers.xml and add the following:
             <role rolename="manager"/> <role rolename="admin"/> <user username="admin" password="password"
         c) Ran the Tomcat Manager from the following URL: http://localhost:8080/manager/html. Test to logon to the Tomcat Manager roles="admin,manager"/>
         d) Test to logon to the Tomcat Manager Administration (http:// localhost:8080/admin/)
  5 --> Deployed the default WAR files for BOE applications by following the BusinessObjects Enterpriseu2122 XI Release 2 Installation Guide
  6 -->     Installed and configured SAP Java Connector 3.0.2 Components
       a) For installing of SAP Java Connector, I copied librfc32.dll (actually it is already there by installation of SAP GUI) and sapjcorfc.dll to C:\WINDOWS\system32 and copy sapjco.jar to the application serveru2019s shared library folder C:\Program Files\Business Objects\Tomcat\shared\lib
       b) Created the folder (META-INF) in the shared TOMCAT location  C:\Program Files\Business Objects\Tomcat\shared\classes
       c) Copied the file authPluginExts.properties from C:\Program Files\Business Objects\BusinessObjects Enterprise 11.5\java\applications\SAP to C:\Program Files\Business Objects\Tomcat\shared\classes\ META-INF
       d) Copied the un-zipped SAP Java Connector folder sapjco-ntintel-2.1.8 to: D:\Program Files
       e) Added to the PATH environment variable, the fowling path:  D:\Program Files\sapjco-ntintel-2.1.8 that contains the un-zipped SAP Java Connector.
       f) Add the CLASSPATH environment variable includes the sapjco.jaras:
          C:\Program Files\Business Objects\Tomcat\shared\lib\sapjco.jar;C:\Program Files\Business Objects\Tomcat\shared\classes\META-INF
  7 --> Create a file called desktopwar.xml and add the following content <Context docBase="C:\Program Files\Business Objects\BusinessObjects Enterprise 11.5\java\applications\SAP\sap_desktop.war" path="/businessobjects/enterprise115/SAP/desktoplaunch" crossContext="false" debug="0" reloadable="true" trusted="false"/>
  8 -->   Configured the Kerberos Windows AD Authentication in BOE System (these includes the steps to apply it on IIS and Java Application Servers (Tomcat)) by following the instructions in BusinessObjects Enterpriseu2122 XI Release 2 Deployment and Configuration Guide, Chapter 13
  9 --> Installed Live Office Client 11.5.8.826 (server and client component on the same machine)
        a) Enabled Live Office client components (by running the enable_addin.exe utility)
        b) Running side-by-side Live Office installations (enable the Live Office Add-In)
  10 --> Install Xcelsius 2008, Version 12.1.0.247     
  11 --> Install BusinessObjects XI Release 2 Integration Kit for SAP SP1  
  12 --> Install BusinessObjects XI R2 Service Pack 2 for Integration Kits
  13 --> Make sure that BOE Sample Reports is imported to the installed BOE system
  14 --> Configured and Tested IIS for SAP Authentication with SSO for SAP InfoView in BI system and SAP Enterprise System to point to the installed BOE system
  15 --> Configure Tomcat (Web.config files) to use BOE Cluster Name & SAP Authentication with SSO enabled for SAP InfoView site when it is used from the SAP Enterprise Portal
  16 -->Tested to logon to Live Office with SAP Authentication. SAP Authentication is missing in the Live Office like InfoView
  Kindly point out out me where I'm going wrong?

• SAP Authentication on Polestar/BOBJ EXPLORER XI 3.1 SP1

  Hi there,
  I've installed Business Objects Edge 3.1 + BOBJ EXPLORER XI 3.1 SP1 + SAP IK 3.1. I do see SAP Authentication type on CMC and Infoview, but not on polestar. I am wondering if I missed something during my install or is it something not supported on Polestar?
  Other applications installed on the same box are:
  Crystal Reports + Xcelsius + Live Office 3.1
  Thanks,
  Gaurav

  Hi,
  I think you have to "Enable SAP authentication" for the SAP BOBJ Explorer, if it is not already done.
  SAP authentication is not avialable by default into the SAP BOBJ Explorer.
  To do this:
  a- Backup the file "default.settings.properties".
  This file is located into the folder "$BOBJDIR/tomcat/webapps/polestar/WEB-INF/classes/".
  b- Edit "default.settings.properties".
  Replace :
  show.sapsystem.name=false
  disable.sapsystem.name=true
  default.sapclient.name=
  show.sapclient.name=false
  disable.sapclient.name=true
  default.authentication.method=secEnterprise
  authentications=secEnterprise,secWinAD,secLDAP
  by:
  show.sapsystem.name=true
  disable.sapsystem.name=false
  default.sapclient.name=
  show.sapclient.name=true
  disable.sapclient.name=false
  default.authentication.method=secEnterprise
  authentications=secEnterprise,secWinAD,secLDAP,secSAPR3
  Hope this helps,
  Gregory
  Edited by: Gregory Botticchio on Jan 6, 2010 11:14 PM

• No logical sytem found in the drop down under SAP authentication in CMC

  Hi Swapna,
  This is quite simple. Click on New and enter the following information:
  System e.g TS6
  Client e.g. 800
  Application Server e.g. yourservername
  System number e.g. 00
  Username e.g. Crystal
  Password e.g Password
  and Language e.g. EN
  Press Update and and go to the Role Import tab. Import your role and don't forget the set the checkbox Enable SAP Authentication under the Options tab when using sap authentication.

  Hello,
  We are trying to integrate existing BO environment in our company with existing BW installation.
  BO Environment - 3.1
  BW/ECC Environment - (BW - BI 7.0 SP20, ECC 6.0)
  So got the pre-requisites completed and the transports imported into both BW and ECC environments. Upon these steps we went ahead and installed the integration kit for 3.1 system.
  There were no error messages, after we completed the installation went into infoview and in the authentication drop down checked to see if I can get "SAP" in there....which it did. So, I am assuming there were no issues till this point which we might have missed out.
  Upon this, when I went into SAP authentication in CMC and double clicked on SAP and in the next screen clicked on "NEW" and added in the application server, system number, id and password and updated it...this automatically updated the logical system.
  But when I go into the role import, it gives me the following error message....
  Exception in JSP: /jsp/auth/sapsec_import_role.jsp:22:19:20: <%21:string context.........lot of other message
  The only thing is we have not assigned the CRYSTAL_ENTITLEMENT role to it as we are at this point only trying to see if we can log into webi...
  Can you please help me out on this.
  Thanks
  Dharma.

• Authentication method for JCo connection in XSS installation

  Hi All,
  I have a query which perplexes me.  I am implementing XSS (ESS/MSS) on SAP Portal EP6 SR1 with an ECC5 backend for prototype purposes.
  When I follow SAP's help steps to setup JCo connections, it states that for the metadata connection you should use a security authentication method of 'User/Password', but for the application data connection you should use a security authentication method of 'Ticket'.
  Does anyone know why the difference in methods here?  Is it possible to use 'User/Password' for both?  Any thoughts would be appreciated.

  Hi john,
  User -ID /Pwd method can be used to access the backend for both types of Data as per your scenario.
  User -ID /Pwd method and logon tickets both can be used to access data in backend.
  The difference lies in the scenario with which you are accessing the back-end.
  If all your portal users are same as backend users then you can select Logon ticket methods.
  If they are going to be different then you need User-ID /Pwd method .
  Check the following link to get a clear picture:
  <a href="http://help.sap.com/saphelp_ep50sp2/helpdata/en/4d/dd9b9ce80311d5995500508b6b8b11/frameset.htm">Scenario to use type of SSO</a>
  Hope it helps.
  Regards,
  Vivekanandan

• BO Mobile 4.0 login by SAP Authentication

  Hello gurus,
  I configured BO mobile 4.0 server and I am able to login in BOE repository using Enterprise authentication.
  But when i try to login using SAP authentication, the simulator gives an error:
  "The secSAPR3 plugin does not exist (FWM 02016)".
  I have configured SSO between BW-BO system, and it works perfectly on BI Launch Pad and CMC.
  Regards
  Sushant

  Hi,
  The error message clearly says that the secsap file is missing.
  Make sure the file 'secSAPR3.jaru2019 and 'sapjco.jar' exist in the location below
  <install dire bo>/mobile 14/common/lib
  Regards,
  Atul Bhagwat

• None of the available endpoints supports authentication methods user/pass

  Dear All
  i  create a destination in the ce7.1.but when i  test the destination in the ws navigator  ,but it cant not run ,  the error is:
  The destination [YHSendMessage02] supports the following authentication methods [User Name/Password (Basic)], but none of the available endpoints supports them. The supported authentication types are [None]. Either the destination has to be updated or a new endpoint should be used
  i test the ws in the navigator  dont used the destination ,it work well, so i think maybe some wrong in my ce  about the destination 'configuration.
  best regards

  The following message returned from SAP:
  Root of the problem is found. The problem occurs as PI WSDLs doesn't contain security settings. Lack of security settings breaks consumption of those services. I'm working on providing a fix to enable consumption of such services.
  Looking at a WSDL generated by PI (example):
  <wsp:Policy wsu:Id="OP_si_servicename"/>
  The policy contains no transportbinding or authentication methods at all.
  Looking at a WDSL generated by ECC (example):
  <wsp:Policy wsu:Id="BN_BN_si_ManageCustomizingCustomerService_binding">
        <saptrnbnd:OptimizedXMLTransfer uri="http://xml.sap.com/2006/11/esi/esp/binxml" wsp:Optional="true" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"/>
        <saptrnbnd:OptimizedXMLTransfer uri="http://www.w3.org/2004/08/soap/features/http-optimization" wsp:Optional="true" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"/>
        <wsp:ExactlyOne xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
           <wsp:All>
              <sp:TransportBinding>
                 <wsp:Policy>
                    <sp:TransportToken>
                       <wsp:Policy>
                          <sp:HttpsToken>
                             <wsp:Policy>
                                <sp:HttpBasicAuthentication/>
                             </wsp:Policy>
                          </sp:HttpsToken>
                       </wsp:Policy>
                    </sp:TransportToken>
                    <sp:AlgorithmSuite>
                       <wsp:Policy>
                          <sp:TripleDesRsa15/>
                       </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                       <wsp:Policy>
                          <sp:Strict/>
                       </wsp:Policy>
                    </sp:Layout>
                 </wsp:Policy>
              </sp:TransportBinding>
           </wsp:All>
        </wsp:ExactlyOne>
     </wsp:Policy>
  At the moment SAP is working on a fix to solve this problem.

• The User Authentication Methode required by this server can't be found.

  Ok, I have a network of iMacs that are bound to OS X Server and the users log in with network based user folders via Kerberos and Open Directory.
  This is all working just fine, and all iMac users have full access to all sheared volumes as per the ACLs...
  My problem is when any of our office laptops that are not bound to the server and run on local user accounts need to login for access to the AFP shared volumes. ALL but one of these Laptops are receiving "The User Authentication Methode required by this server can't be found." Dialog box when attempting to login. They never even have a chance to enter login names or passwords.
  What am I missing? I can't find any settings on this one laptop user account that are any different that the other laptops user accounts...

  Steve can you explain more on how I use this Kerberos.app?
  I opened it on the one laptop that is working and can see one ticket in the Ticket Cache, and below that there is the same ticket listed with two subentries. All of them are listed as Expired at the moment, but then I have not connected to the server with this system since yesterday...
  When I open the App on the systems that don;t work, there are no tickets listed. I clicked on the new button, but the info it's asking for is different than any of the info I found in the working systems Kerberos app... ??? Help.
  It's asking for Name, Realm, Password...

• Need SAP Authentication option when using the Open document URL methos

  Hi Experts,
          I had published a report into the BO Server. I can able to Login to the CMC & Info view through SAP Authentication. But, when I Try to Open the Report through the Open document or viewrpt URL, I am not getting the SAP option in the Authentication Drop down box. Kindly give me the solution to login through the SAP Authentication In the URL Method. Thanks for your support in advance.
  Thanks & Regards,
  Shiva

  Hi,
  the option has been hidden by default.
  Navigate to <BO_INSTALL_DIR>Tomcat55/webapps/openDocument/WEB-INF
  Open the web.xml file and search for "authentication.visible". Set the parameter from "false" to "true".
  Restart your Tomcat and you should be fine.
  Regards
  -Seb.

• Windows AD and SAP Authentication

  I require the functionality of the BW Publisher, i.e. Hierarchy Node Variables and Dynamic List of Values for Crystal Reports. I can only get this to work if I log on using SAP Authentication. Is there a way that we can log on using Windows AD Authentication and still get the benefits of BW Publisher with Crystal Reports?

  Hi Seb,
  Thankyou for responding. In our system I have a user set up with Windows AD Authentication and in BOE I have the secWinAD account set up as an alias in the user properties. In addition, I have the same user set up in BW with exactly the same user ID and in the user properties in BOE I select "Assign Alias" and choose the BW account so the user has two aliases, one for secWinAD and one for secSAPR3:BWD (our BW system).
  I log on to InfoView using the Win AD authentication and when I select my Crystal Report I see my BW hierarchy node variable as a flat list. When I log on to InfoView using SAP authentication I see my BW hierarchy node variable as a hierarchy. I want to be able to log on using Win AD authentication and see the BW hierarchy node variable as a hierarchy.
  What am I missing? Thankyou so much for your help.
  regards,
  John

• SecSAPR3 & secEnterprise Authentication Methods

  Dear Friends,
  I am trying out a scenario to connect to Crystal Reports from Xcelsius using a URL link:
  Below is the URL to test:
  http://<hostname>:8080/OpenDocument/opendoc/openDocument.jsp?sType=rpt&iDocID=2315
  > When we click on this link, it brings up the Login screen.
  > However, it is assuming that I am going to login using SAP credentials (which may or may not be the case).
  > When I try to login using BOBJ Enterprise credentials (administrator/<password>), I get the following error:
  *"Account information not recognized: The credentials passed to secSAPR3 [administrator] are invalid. Use the following format: sid~clnt/user "*
  *"Moreover, on this log-on screen, we are just seeing the User name & Password fields. We are not able to see the Authentication option."*
  Is there a way to provide access authentication using  secSAPR3 & secEnterprise methods (not just secSAPR3)?
  web.xml details:
  E:\Program Files\Business Objects\Tomcat55\webapps\InfoViewApp\WEB-INF
  <!-- You can specify the default Authentication types here -->
      <!-- secEnterprise, secLDAP, secWinAD, secSAPR3 -->
      <context-param>
          <param-name>authentication.default</param-name>
          <param-value>secSAPR3</param-value>
      </context-param>
  E:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\warfiles\WebApps\SAP\WEB-INF
       <context-param>
         <param-name>logontoken.enabled</param-name>
         <param-value>true</param-value>
      </context-param>
      <context-param>
         <param-name>sso.enabled</param-name>
         <param-value>true</param-value>
      </context-param>
      <context-param>
         <param-name>authentication.default</param-name>
         <param-value>secSAPR3, secEnterprise</param-value>
  Is there a way to provide access authentication using  secSAPR3 & secEnterprise methods (not just secSAPR3)?
  Thank you,
  Nikee

  Hi Nikee,
  as mentioned in the eMail it seems the question is a little bit broader and more about what needs to be done to get SSO working with SAP Portal, SAP BI and BusinessObjects.
  one important thing is that there is a specific SAP Integration Kit forum where you also will find lots of forum entries already to this topic.
  here the steps:
  SAP side:
  - on the SAP side the portal needs to generate tickets for the BI system
  - the BI system needs to trust the Portal
  - the BI system needs to accept SSO tickets
  - all the machines need to be in the same domain
  BusinessObjects
  - the SAP authentication needs to be configured for the SAP system
  - the web.xml for InfoView needs to use secSAPR3 as default setting for the authentication
  - the default system in the SAP authentication options should be configured to use your SAP BI system
  - the BusinessObjects system needs to be in the same domain
  Enterprise portal
  - you need to configure the Crystal Enterprise System parameters to point to your BusinessObjects system
  Ingo

• Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

  I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
  When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
  to use to log in   and after 3-5 second
   and return me the logon page with error message “Authentication failed” 
  I base my setup on the technet article
  http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
  I validated than all my certificate are valid and able to retrieve the crl
  I got in eventlog id 300
  The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
  Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
  Additional Data
  Exception details:
  Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
  ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
  correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  --- End of inner exception stack trace ---
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
  serializationContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
  trustNamespace, AsyncCallback callback, Object state)
  System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
  failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  thx
  Stef71

  This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
  on my case was :
  PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ad0001.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
  Certificate                 : [Subject]
                                  CN=domain.AD0001CA, DC=domain, DC=com
                                [Issuer]
                                  CN=domain.AD0001CA, DC=portal, DC=com
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  22/07/2014 11:32:05
                                [Not After]
                                  22/07/2024 11:42:00
                                [Thumbprint]
                                  blablabla
  Name                        : domain.ad0001
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : domain.ad0001
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17164
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ADFS_Signing.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
  Certificate                 : [Subject]
                                  CN=ADFS Signing - adfs.domain
                                [Issuer]
                                  CN=ADFS Signing - adfs.domain
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  23/07/2014 07:14:03
                                [Not After]
                                  23/07/2015 07:14:03
                                [Thumbprint]
                                  blablabla
  Name                        : Token Signing Cert
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : Token Signing Cert
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17184
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.PORTAL>

• Can we add new logical system in Entitlement tab in SAP Authentication.

  Hi ,
  We already Installed and configured sap integration kit and every thing works fine. My question is as of now we connected our sap BW Dev system  to BOBJ but we would like to connect to BW Prod System to same BOBJ System. What are the steps we need to follow to do this.
  Can we just add the new logical system in entitlement tab of sap authentication in BOBJ 3.1? and import the roles and login to BOBJ USING THE Newly added SYSTEM Credentials.  Thanks in Advance.
  Thanks,
  SK.

  Hi Ingo,
  Thanks for the information.
  Are there any specific steps you need to follow when you are adding one more system to sap authentication. can you please give the steps we need to follow to setup this in right way. Thanks in advance.
  Is there any thing we need to configure on sap side other than sap logon ticket parametre. If you can please provide the steps it will be great. Thankyou very much In advance.
  Thanks,
  SK.
  Edited by: Vallabhaneni SK on Jul 14, 2009 8:53 AM