SAP Portal J2EE logon groups

Please can you help.
Within ABAP you can go into SMLG and configure logon groups so you can separate user groups to particular application instances.
I would like to do the same within NW Portal and CE. We have external and internal users accessing the portal (NW 7.0) I have web dispatchers to load balance across application instances however is it possible to create logon groups and dedicate dedicated application instances to these user groups. I have read that you able to do this however the user groups would require different URL's and then the Web dispatcher can filter the URL and assign it to the relevant Java logon groups. The requirement which I have is that I am unable to change my URL so external and internal users use the same URL.Please note I only have 1 set of Portal Web dispatchers. The Web dispatchers serve both internal and external users. Also for extra information my portal mainly calls Web Dynpro code from CE. CE also has Web dispatchers as I have more than 1 CE app server. I assume if it is possible my requirement would also be to create logon groups within CE so external users use certain EP app servers and CE app servers and internal use other EP app servers and other CE app servers.
EP is version 7.0
CE is version 7.2
WD is version 7.3
Any help and advice would be appreciated.
Thanks
Ajay

Hi Arjun,
Thanks - I know how to make the logon groups in Java however I don't want to use different URL's for alias.
I have 1 URL for example jo.blogs.com/irj/portal which both my internal and external users use.
Is there any way I can make use of the logon groups without having to give my users 2 seperate different URLs.
Thanks
Ajay

Similar Messages

Com.sap.portal.runtime.logon.par information in Authschemes.xml

Hello Portal gurus,
I am trying to customize the Portal logon page by modifying the com.sap.portal.runtime.logon.par file. I modified the par file. But after this change, I wanted to change the authschemes.xml file to reflect the par file changes.
When I downloaded the .xml file, I only found occurences of <b><frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget></b>, <b><frontendtarget>com.sap.portal.runtime.logon.basicauthentication</frontendtarget></b> and <b><frontendtarget>com.sap.portal.runtime.logon.header</frontendtarget></b>
Could anybody confirm, whether I have to rename these occurrences of com.sap.portal.runtime.logon with my customized logon .par file name between <frontendtarget> and </frontendtarget>?
Points will be awarded for correct answers and useful suggestions.
Thanks,
~~LB

Hi
Here is the procedure
1. Start the Config Tool by executing <SAPJ2EEEngine_installation>\j2ee\configtool\configtool.bat.
2. Navigate to cluster_data>server>persistent>com.sap.security.core.ume.service.
3. Switch to edit mode by clicking on the pencil which is at the upper right area.
4. In the tree, select authschemes.xml and choose Download. Save the file to your local directory
5. Edit the local file: To select the new PAR file as the Logon page change the occurrence of all substrings com.sap.portal.runtime.logon to your
project/PAR file name. All com.sap.portal.runtime.logon should be substituted with something like com.company.portal.runtime.logon (or whatever you project name is). Dont remove the part behind it.
(These are the profiles in the portalapp.xml and have the names default, certlogon, basicauthentication, header, and anonymous).
6. Create a new node in the configuration tree in the Config-Tool for the edited file as follows:
a.Select the node com.sap.security.core.ume.service.
b. Choose the symbol for Creating a node below the selected node.
c. Select the type File-entry.
d. Choose Upload and select the custom file from your local directory.
e. Enter a name for the entry, for example, authschemes_myHR.xml. By default, the name of the uploaded file is used.
f. Choose Create.
g. Choose Close window.
h. The new node appears in the configuration tree.
i. Go to Global server configuration>services> com.sap.security.core.ume.service and edit the property login.authschemes.definition.file.
The value needs to be changed from authschemes.xml to authschemes_myHR.xml
j. Restart the Portal. That is often not done and the changes will not appear.
Rgds
Srikanth

Portal-based logon Groups?

Hi,
I´m working with in a Application Sharing setup and in help.sap related to configuring Application Sharing in a clustered environment it mentions something about a portal-based logon group and a zone separator when just having a stand alone server with more than one server nodes.
This is found in the following document under ClusterLogonGroupName and ClusterGroupSeparator explanation.
http://help.sap.com/saphelp_nw70/helpdata/en/6d/41e74196d8c517e10000000a155106/content.htm
I have never heard about logon groups inside SAP Portal and a zone separator, has somebody worked with them? where do you configure them or is this info in help.sap not accurate?
Kind Regards,
Gerardo J

Hi Gerado,
You define logon groups to determine how client requests to certain applications are load balanced when your system setup uses the SAP Web Dispatcher or a third-party hardware load balancer in front of your application servers. For example, you can define a logon group so that a certain application (such as one with high CPU usage) is accessible only on two instances within your cluster, which are running on machines equipped with extra CPU resources.
http://help.sap.com/saphelp_nw70/helpdata/en/f3/795a421b5ec153e10000000a1550b0/frameset.htm
Information regarding the zone seperator can be found here:
http://help.sap.com/saphelp_nw70/helpdata/en/56/dcf4c12b072c4e89884dc164b3762c/frameset.htm
I have not worked with these, but they seem interesting.
Regards,
Kai

How do i download com.sap.portal.runtime.logon.par.bak

I need to download com.sap.portal.runtime.logon.par.bak
From what i understand, If you have the System administration privilege then you can download the par file from "System Administration"==>"Support"==>"Support Desk"==>"Portal Runtime"==>"Browse deployment"==>"ROOT"==>"WEB-INF"==>"deployment"==>"pcd"
I was able to navigate this way. However, i cannot find this logon.par under this directory structure.
In help.sap.com, i was told to Navigate to <J2EE_Engine_Instance>\j2ee\cluster\server<X>\apps\sap.com\irj\servlet_jsp\irj\root\WEB-INF\deployment\pcd .There you can find com.sap.portal.runtime.logon.par.bak.
How is this different from the earlier navigation? I don't know how to do this? How exactly do i navigate this way?

Sandeep
I am sure that in the follwoing path, u can find the
com.sap.portal.runtime.logon.par.bak
<b><J2EE_Engine_Instance>\j2ee\cluster\server<X>\apps\sap.com\irj\servlet_jsp\irj\root\WEB-INF\deployment\pcd</b>
MAke a copy of the PAR and u can Pull it into the NetStudio !!!!
Thanks
Kay

Not able to get JSP file in com.sap.portal.runtime.logon.par file

Hi everyone,
I have downloaded com.sap.portal.runtime.logon.par from portal. When i imported in NWDS , i am not able to find any JSP file.
In folder PORTAL-INF, there should be this file but its not there. what could be the reason.?

Hi Manu,
Copy com.sap.portal.runtime.logon.par from filesystem:
/usr/sap/<SID>/J<Instance number>/j2ee/cluster/server0/apps/sap.com/irj/servlet_jsp/irj/root/web-inf/deployment/pcd/
if there is issue with downloading.
Please check this :-
Portal Customizations Intro - Login Part 1
http://wiki.sdn.sap.com/wiki/display/EP/ModifyingtheLogon+Page
Changing the welcome text in portal header (EP5.0)
Hope this will helps you.
Regards,
Arun

Portal Runtime error when modifying: com.sap.portal.runtime.logon.par

Hello,
We need some help because we get 'Portal Runtime error: iView: N/A Component Name:N/A' error when trying to access portal logon screen.
This is what we've done:
We've modified com.sap.portal.runtime.logon.par file and we've uploaded it but it doesn't work. Because of the error, we've overwritten this file with the original one but now it's imposible to access portal.
The situation it seems to be like before the modification of the .par file but we get the same error and can't access portal.
Please, do you know what could be the problem?
Thanks in advance

Hi Belen,
Here are the steps you would need to take
1. import the original par file into the NWDS and name the project as
    com.sap.portal.runtime.logon
2. Make sure the project name is com.sap.portal.runtime.logon
3. use winzip/winrar to extract the com.sap.portal.runtime.logon.par file in
    a local directory
4.Under the lib you would find two jar files copy them and paste them in your project
   under dist>PORTAL-INF>lib directory
5.move the files cert....till umResetPass....jsp into the PORTAL-INF directory
6. export the par to the server in question
7. restart your server
This should solve your problem..
Thanks,
Gokul

Can't See com.sap.portal.runtime.logon in list of PAR Files in Iview Wizard

Hello All,
I am trying to create an iview from PAR file com.sap.portal.runtime.logon which is the logon par file that has the logon page. But when I right click a folder in the PCD and click on New From PAR Iview I try to find on the list of available par files and I don't find the one named com.sap.portal.runtime.logon
Can anyone tell me if this has to do with the portalapp.xml file from com.sap.porta.runtime.logon.par file.? or with the Security Zones defined in portalapp.xml? Or does someone know why this PAR file doesn't appear on the list and how can I make it appear on this list of par files?
Any helpful ideas to solve this issue will give rewarding points.
Thanks
Luis

Hello,
What I want to do is to put the logon page in the light framework page so that the users can login from the anonymous portal. After I customize the logon page I want to create aniview in the detailed navigation.
If you want to see the jsp files that the com.sap.portal.runtime.logon.par file you have to go to the file system and copy the .par.bak file , rename it to .zip and all the files are there.
But my question is if this is a par file that is deployed in the portal , why I cant create an iview from this par file? From other forums I have read they say that creating an iview from this par file it will put the logon page where you want. But when I try to create an iview from PAR File the com.sap.portal.runtime.logon doesn't appear in the list of available par files.
Please help me on this and will give rewarding points.
Thanks
Luis

Need to download com.sap.portal.runtime.logon.par

hello friends
we need to chang the look and feel of the portal display pages and for that purpose we need com.sap.portal.runtime.logon.par file
can you all help us as to where we can find this par file so that we can download this file.
we have still not installed the portal platform,we'll be doing that in the following week.
Thnaking you,
Anurag.

Hi Anurag,
This post will explain the steps involved for each element.
No.      Portal Login page related questions
1.      What is the associated par file for portal login Page ?
2.      How to import the PAR file into Netweaver Developer Studio?
3.      What are the different pages and their associated files in logon.par?
4.      How to change text seen in the logon page ?
5.      What is authschemes.xml file? Do we need to change this file also ?
6.      How to remove standard links like support, Register ...?
7.      How to change or add new images ?
8.      How to change only the branding image displayed in the logon screen of the Portal ?
1. What is the associated par file for portal login Page?
Answer : The par file related to login page of Netweaver Portal is com.sap.portal.runtime.logon.par. This is the standard
logon component containing the code and resources used by the logon screens is shipped in a portal archive (PAR) file named com.sap.portal.runtime.logon.par.
2. How to import the PAR file into Netweaver Developer Studio?
Answer :   - Select File>Import .
- Choose the option PAR file. Select Next and a popup window appears.
- Select File>Import .
- Choose the option PAR file. Select Next and a popup window appears.
- In the window you have 3 text fields:
The location of the par file,
Project name (same as new par file name, preferably) and
location for project to be saved
3. What are the different pages and their associated files in logon.par?
Answer :
Logon page : umLogonPage.jsp
Problem page : umLogonProblemPage.jsp
Help (PW reset) page : umHelpPage.jsp
Reset Password : umResetPasswordPage.jsp
Change Password Page: changePasswordPage.jsp
Certificate Logon : umLogonCertPage.jsp
4. How to change text seen in the logon page ?
The text seen on the logon page is not in the JSP page, but in properties files which are called by tags like the
Welcome text : <%=logonLocale.get("xtit_WELCOME")%>
In order to change "Welcome" to "Welcome to MyTravel" you have to :
           - Unzip the file umelogonbase.jar which you can find under dist\PORTAL-INF\lib
           - Find the file "logonLabels_" which contains your language;
                                       e.g. logonLabels_de.properties for german language, *_en for English etc.,
The default is in the file logonLabels.properties .
- Find the key which is used in the tag and change the text after the equal sign.
- Save the changed file and create a updated JAR file using a zip program. The file needs to be named exactly umelogonbase.jar
- Put the JAR file back to location - dist\PORTAL-INF\lib
You are done on this now.
5. What is authschemes.xml file ? Do we need to change this file also ?
Changing the Authschemes.xml file is required only if you want to change com.sap.portal.runtime.logon.par.bak file and point it to different par file. This is more for anonymous logon with named anonymous users and using anonymous as the authentication scheme. The anonymous users are not issued a SAP logon ticket.
6. How to remove standard links like support, Register ...?
The standard links are controlled with the UM settings
       - ume.logon.logon_help
- ume.logon.selfreg
You could also just comment out the lines if you want to hide.
7. How to change or add new images ?
To exchange the two images, which are by default on the logon page, do the following steps:
                      a. Copy the image(s) you want to use in your project in the the folder dist/layout
                      b. Find the < img src=""   > you want to work on in the umBotArea.txt
Change the src attribute in the img tag to src="<%=webpath + "layout/myPic.gif" %>". The webpath is already defined in the file logon_proxy.txt and ready to use. In the Netweaver portal 6.0 SP9 and higher you have 2 images on the right side.
8. How to change only the branding image displayed in the logon screen of the Portal ?
If you want to change only the branding image displayed in the logon screen, you can configure this using the user management property ume.logon.branding_image
Hope this helps the community in the launch of this ver 1.0, future versions could contain more changes and updations covering all other aspects of Netweaver Portal

J2EE logon groups in an ABAP+JAVA system

Hi,
We are trying to restrict java calls to specific App servers in our ABAP+JAVA system. So if we have 5 App servers, we want all J2EE requests to go to 3 Apps only.
We are using SAP web dispatcher for this purpose. When checking on SAP help site, it suggested two options.
1) Configuring Logon Groups on AS Java
2) Configuring Logon Groups Using Configuration Files
Which of the above would be a better option for ABAP+JAVA system?
Has anyone implemented this before? If yes, can you share your experiences/lessons learned??
Thanks.
Fahad

1. Log on to the ABAP system.
2. Call transaction SPRO.
3. Go to SAP Solution Manager Implementation Guide -->
SAP Solution Manager --> Basic Settings --> SAP Solution Manager
System --> General Settings --> Client Copy
4. Perform the following steps:
a) Maintain Profile Parameters
b) Create Client
c) Copy Client 000
d) Convert UME

GETTING ERROR WHILE DEPLOYING A COM.SAP.PORTAL.RUNTIME.LOGON.PAR FILE

Hi Experts,
I need to change the text in logon screen i.e,
2006-2007 SAP AG ALL RIGHTS RESERVED
for this i changed the copyright and deployed the par file
but it is giving error like this
operation failed:please make sure the server is running or check the log(sap-plugin.log)
what should i do plz suggest me na.....
i searched the file sap-plugin.log in program files -> sap>IDE>eclipse-->plugin but i couldnt find the
plz specify the directory na...
waiting for u r response.....
Regards,
Shilpa

HI SHILPA....really sorry for the late response.
here is the error log which i m getting...(its not 500 error)
[13.08.08 / 16:49] #DEBUG LEVEL# com.sap.portal.developmentTools.ideSpecific.eclipse.PortalPlugin > Startup in progress
[13.08.08 / 16:49] #DEBUG LEVEL# com.sap.portal.developmentTools.ideSpecific.eclipse.PortalPlugin > Factory initialized !
[13.08.08 / 16:50] #ERROR LEVEL# com.sap.portal.developmentTools.ideSpecific.eclipse.wizards.sapmakepar.SAPMPWizard$1 > No Information
java.io.IOException: Server returned HTTP response code: 502 for URL: http://hostname:50000/irj/servlet/prt/portal/prteventname/upload/prtroot/com.sap.portal.runtime.system.console.ArchiveUploader?login_submit=on&j_user=Administrator&j_password=EPDJ2EEADM&j_authscheme=default&uidPasswordLogon=Log%20on
     at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:808)
     at com.sap.portal.developmentTools.general.wizards.upload.DeployEngine.readResponse(DeployEngine.java:363)
     at com.sap.portal.developmentTools.general.wizards.upload.DeployEngine.uploadPar(DeployEngine.java:435)
     at com.sap.portal.developmentTools.general.wizards.upload.DeployEngine.deploy(DeployEngine.java:221)
     at com.sap.portal.developmentTools.ideSpecific.eclipse.wizards.sapmakepar.SAPMPWizard$1.processUpload(SAPMPWizard.java:416)
     at com.sap.portal.developmentTools.ideSpecific.eclipse.wizards.sapmakepar.SAPMPWizard$1.run(SAPMPWizard.java:350)
     at org.eclipse.jface.operation.ModalContext.runInCurrentThread(ModalContext.java:302)
     at org.eclipse.jface.operation.ModalContext.run(ModalContext.java:252)
     at org.eclipse.jface.wizard.WizardDialog.run(WizardDialog.java:758)
     at com.sap.portal.developmentTools.ideSpecific.eclipse.wizards.sapmakepar.SAPMPWizard.performFinish(SAPMPWizard.java:531)
     at org.eclipse.jface.wizard.WizardDialog.finishPressed(WizardDialog.java:608)
     at org.eclipse.jface.wizard.WizardDialog.buttonPressed(WizardDialog.java:321)
     at org.eclipse.jface.dialogs.Dialog$1.widgetSelected(Dialog.java:423)
     at org.eclipse.swt.widgets.TypedListener.handleEvent(TypedListener.java:89)
     at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:81)
     at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:840)
     at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:2022)
     at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:1729)
     at org.eclipse.jface.window.Window.runEventLoop(Window.java:583)
     at org.eclipse.jface.window.Window.open(Window.java:563)
     at com.sap.portal.developmentTools.ideSpecific.eclipse.wizards.actions.WizardInvokeAction.invokeWizardInANewDialog(WizardInvokeAction.java:179)
     at com.sap.portal.developmentTools.ideSpecific.eclipse.wizards.actions.WizardInvokeAction.run(WizardInvokeAction.java:84)
     at org.eclipse.ui.internal.PluginAction.runWithEvent(PluginAction.java:251)
     at org.eclipse.ui.internal.WWinPluginAction.runWithEvent(WWinPluginAction.java:207)
     at org.eclipse.jface.action.ActionContributionItem.handleWidgetSelection(ActionContributionItem.java:456)
     at org.eclipse.jface.action.ActionContributionItem.handleWidgetEvent(ActionContributionItem.java:403)
     at org.eclipse.jface.action.ActionContributionItem.access$0(ActionContributionItem.java:397)
     at org.eclipse.jface.action.ActionContributionItem$ActionListener.handleEvent(ActionContributionItem.java:72)
     at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:81)
     at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:840)
     at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:2022)
     at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:1729)
     at org.eclipse.ui.internal.Workbench.runEventLoop(Workbench.java:1402)
     at org.eclipse.ui.internal.Workbench.run(Workbench.java:1385)
     at com.tssap.util.startup.WBLauncher.run(WBLauncher.java:79)
     at org.eclipse.core.internal.boot.InternalBootLoader.run(InternalBootLoader.java:858)
     at org.eclipse.core.boot.BootLoader.run(BootLoader.java:461)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at com.sap.ide.eclipse.startup.Main.basicRun(Main.java:291)
     at com.sap.ide.eclipse.startup.Main.run(Main.java:789)
     at com.sap.ide.eclipse.startup.Main.main(Main.java:607)

Java connector calls against sap system with logon groups

hi there.
i want to use java connector to connect to a sap system and run a function. my problem: the sap system has more than one instance and i do not want to connect against the central instance. i want to use a logon group. does anyone have an idea how to handle this?
thanks,
martin

hi,
check this
http://help.sap.com/saphelp_nw04/helpdata/en/f6/daea401675752ae10000000a155106/frameset.htm
http://nwadave.com/NwadExplorer/data/SAPDoc/architecture/SAP-Client_LogonAndCommunication.doc
let me know u need any further info
bvr

Add code to 'com.sap.portal.runtime.logon'

Hi,
I want to add custom code to the logon page after the user is authenticated.
Where do I need to add this code?
Is it possible to add it under unLogonPage.jsp? or do I need to call other portal component?
The code should update custom property under user maintenence
Something like:
String uID = user.getUniqueID();
IUserMaint us = UMFactory.getUserFactory().getMutableUser(uID);
String[] param = { "123456" };
us.setAttribute("MyNameSapce","customProp",param);
us.save();
us.commit();
Thanks,
Omri

Hi,
I don't have welcome/home page but this is what I did:
in umLogonPage.jsp I change the action in the form to:
<FORM name="logonForm" method="post" action="/irj/servlet/prt/portal/prtroot/com.company.SetUserData.SetUserData">
I wrote AbstractPortalComponent with the following content:
    public void doContent(IPortalComponentRequest request, IPortalComponentResponse response)
          try {
               IUser user = request.getUser();
                   String uID = user.getUniqueID();
               IUserMaint us = UMFactory.getUserFactory().getMutableUser(uID);
               String[] param = new String[1];
               param[0] = uID + "Testing 1 2 3";
               us.setAttribute("Namespace","customProp",param);
               us.save();
               us.commit();
          } catch (Exception e) {
               response.write("<script>");
               response.write("alert("Error";)");
               response.write("</script>");
          response.write("<script>");
          response.write("location.href = "/irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default"");
          response.write("</script>");
The code seems to be working but I wonder what will go wrong (-:    (what is the meaning of not using the 'inPortal' parameter in umLogonPage)
Should I perform any more tests?
Regards,
Omri

Issue with parallel operation of SAP NW SSO 2.0 and SNC Client Encryption (Logon Groups)

Hi!
One of our customers is using the SNC Client Encryption solution to ensure encryption using SNC (based on Kerberos Technology) for their SAP GUI Dialog connections. They have lots of SAP backends DEV, QAS, PRD all with the SNC Client Encryption SNC Lib installed. The profile parameter snc/identity/as contains the following value: p:CN=SAP/<ServiceAccount>@<DOMAIN>.
Example: p:CN=SAP/[email protected]
The customer is using one AD Service Account "SNCServiceUser" with one registered SPN "SAP/SNCServiceUser" for all systems (yes, this is not recommended... but the case).
Important: All users use group entries in the SAP Logon (saplogin.ini). Means, for SAP logon the SNC name can not be manually configured on the SAP Front End. With group logons, the application server's SNC name is dynamically requested by the message server each time a SAP GUI connection is started. The SNC Name is greyed out in this case as dynamically obtained from the applications servers profile parameter snc/identity/as.
Now our customer implements SAP NetWeaver Single Sign-On 2.0 within his landscape. Based on the Secure Login Server 2.0 (SP3) he likes to use X.509 based authentication to his AS ABAP backends using SAP GUI SNC while others still use SNC Client Encryption.
Replacing the SNC Library on the AS ABAP
The Secure Login Library 2.0 (SP3) has been installed on one of the ABAP systems and the SNC Client Encryption SNC Library (which is based on SSO 1.0) is no longer used, thus we changed the parameter snc/gssapi_lib to point to the new SNC library. We removed the old PSE.ZIP containing the keytab and created the new SAPSNCSKERB.PSE incl. the keytab and proper credentials. To ensure parallel operation, we kept the snc/identity/as value as is = p:CN=SAP/[email protected].
After restarting the system with initialized Secure Login Library 2.0, still the SNC client encryption works fine for existing users.
The problem
We created on the Secure Login Server an SNC certificate for the AS ABAP which has the following X.509 Distinguised Name Fomat: CN=SAP/[email protected] This is to avoid having to change the snc/identity/as to an "real" X.509 DN which would lead to non-working SNC Client Encryption for all the other users using SAP GUI and logon groups.
As soon as we install the PSE via STRUST on the system the SNC Client Encryption solution stops working with error „Server refuses kerberos key exchange“.
As part of an pilot implementation we have installed Secure Login Client 2.0 (SP3) on some test PCs. The test PC with SLC is able to perform Single Sign-On with SNC based on X.509 (incl. Encryption) to the ABAP system.
Seems the SAP System now only tries to do X.509 based authentication thus key exchange fails. The problem is, we cannot change the snc/identity/as value because of the logon groups. If we were able to do so, we would in any case set the server identity to X.509 DN and in addition create the SAPSNCSKERB.PSE incl. keytab. This should work, as confirmed by SAP see this post.
Any ideas how to solve this and have both solutions in parallel?
Appreciate any help.
Regards,
Carsten

Hi all,
we was able to fix the issue. It was an issue with the customers cluster configuration and the $SECUDIR variable. This tricky issue leads to non working or sporadic working SNC Client Encryption...
This was how the configuration looks before:
Environment variable $SECUDIR is defined:
"/ABCDEF<SID>/usr/sap/<SID>/DVEBMGSxx/sec“
sapgenpse seclogin -l -v
running seclogin with USER="<SID>adm"
Credentials for username '<SID>adm':
0 (LPS:OFF):
         (LPS:OFF): /ABCDEF<SID>/usr/sap/<SID>/DVEBMGSxx/sec/SAPSNCSKERB.pse
1 (LPS:OFF):
         (LPS:OFF): /usr/sap/<SID>/DVEBMGSxx/sec/SAPSNCS.pse
After changing the $SECUDIR to "/usr/sap/<SID>/DVEBMGSxx/sec“ and re-creating the credentials, it worked like a charm.
As a result of this we can confirm, this configuration and SNC Client Encryption works with CommonCryptoLib in parallel to the SSO configuration.
And Valerie was right with 2. SLC starting from V. 1.0 SP2 PL3 was able to convert the CN= part of the SNC Name into an SPN, was my mistake. In addition SNC Client Encryption starting from Version 1 SP1 PL1 does this also.. just to make this clear
Thread closed hope this helps someone
Carsten

Portal 60Sp2 logon error

Hi all,
after applying patch 28 it is not possible to logon .
here the exception. Any idea on this?
Portal Runtime Error
An exception occurred while processing a request for :
iView : com.sap.portal.runtime.logon.default
Component Name : com.sap.portal.runtime.logon.default
Error in executing a process for compilation.
Best regards
Wolfgang
Message was edited by: Wolfgang Roth

Hello Detlev,
tank you for fast reply.
somethinge strane in output.log
WARNING: SAP* is active on this system. For security reasons, disable after initial set up
Cannot determine hardware key: no slicjlib in java.library.path
Registering Channels handler...
PcdAccessService.init()
PcdAccessService.afterInit()
Initialization IViewsPersonalizationUpgraderService was successful
Starting service servlet_jsp ... done. (97110 ms)
Additional services loaded successfully.
SAP J2EE Engine Version 6.20 PatchLevel 87975.20 is running!
PatchLevel 87975.20 December 07, 2004 15:49 GMT
>
Login : Checking for synchronization with cluster elements ...
Synchronization of all applications completed!
and error.log
Jan 24, 2005 12:50:10 PM # Client_Thread_34 Fatal >>> JSPCompiler >>> ERROR in Compiling :JSPFileInfo :7551727
JSP File : D:\usr\sap\MPPC\j2ee\j2ee_00\cluster\server\services\servlet_jsp\work\jspTemp\irj\root\WEB-INF\portal\portalapps\com.sap.portal.runtime.logon\umLogonPage.jsp
Class Name: sapportalsjspumLogonPage
Java File : D:\usr\sap\MPPC\j2ee\j2ee_00\cluster\server\services\servlet_jsp\work\jspTemp\irj\root\WEB-INF\portal\portalapps\com.sap.portal.runtime.logon\work\_sapportalsjsp_umLogonPage.java
Package Name :
Class File : D:\usr\sap\MPPC\j2ee\j2ee_00\cluster\server\services\servlet_jsp\work\jspTemp\irj\root\WEB-INF\portal\portalapps\com.sap.portal.runtime.logon\work
_sapportalsjsp_umLogonPage.class
Is out dated : false
com.sapportals.portal.prt.servlets_jsp.server.compiler.CompilingException: Error in executing a process for compilation
Best regard
Wolfgang

Location of com.sap.portal.dsm.par in SP23 of NW2004

Hi all,
For an issue discovered in SP22(SAP Note 1235253), SAP has provided a work around. Thats to take a file com.sap.portal.dsm.par from SP23 and deploy using SDM.
But i am not sure in which SDA/SCA this particular file is present.
Please let me know the SDA/SCA file where i can find com.sap.portal.dsm.par.
Regards
Venkatesh

Hello,
What I want to do is to put the logon page in the light framework page so that the users can login from the anonymous portal. After I customize the logon page I want to create aniview in the detailed navigation.
If you want to see the jsp files that the com.sap.portal.runtime.logon.par file you have to go to the file system and copy the .par.bak file , rename it to .zip and all the files are there.
But my question is if this is a par file that is deployed in the portal , why I cant create an iview from this par file? From other forums I have read they say that creating an iview from this par file it will put the logon page where you want. But when I try to create an iview from PAR File the com.sap.portal.runtime.logon doesn't appear in the list of available par files.
Please help me on this and will give rewarding points.
Thanks
Luis

SAP Portal J2EE logon groups

Similar Messages

Maybe you are looking for