SAP.Web.Security.TicketException: MYSAP_INVALID

We recently updated our portal to the following:
J2EE Engine 6.40 PatchLevel 108290.313
Portal 6.0.20.0.0
Previously sap.web.security dll worked fine but now I get this exception
SAP.Web.Security.TicketException: MYSAP_INVALID
I have tried all the suggestions in this forum and nothing works. Does anyone have the orginal source code for this dll or a working solution ?
the following code does get the ticket if I remove the handler from the web.config.....
            Dim cookieString As String = HttpUtility.UrlDecode((Request.Cookies("MYSAPSSO2").Value).Replace("!", "%2B"))
            Dim ticket As SAP.Web.Security.MySapSso2Ticket = New SAP.Web.Security.MySapSso2Ticket("verify.pse", cookieString)
            Dim objUsr As SAP.Web.Security.MySAPSso2Identity = New SAP.Web.Security.MySAPSso2Identity(ticket, cookieString)
so why does the handler fail ? driving me crazy.

Ok so I added the code to the wiki in the attachment area. Hopefully Wiki mods don't delete it. This works perfectly for our purposes and config.
https://www.sdn.sap.com/irj/sdn/wiki?path=/display/snippets/home&
SSOTest.rar.jpg
PortalSecurity.rar.jpg
Right Click and save the files then remove the .jpg extension. Open with WinRAR or Winzip.
You will have to generate your own public key so take a look at the assemblyinfo.vb file.
Steps to create your own public key
C:DevelopmentPortalSecurityKeyFile>sn -k keyfile.snk
Microsoft (R) .NET Framework Strong Name Utility Version 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.
Key pair written to keyfile.snk
C:DevelopmentPortalSecurityKeyFile>sn -p keyfile.snk publickey.snk
Microsoft (R) .NET Framework Strong Name Utility Version 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.
Public key written to publickey.snk
C:DevelopmentPortalSecurityKeyFile>sn -t publickey.snk
Microsoft (R) .NET Framework Strong Name Utility Version 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.
Public key token is [should display your Public Key Token]
Other config...May not be necessary as you can change the code to do whatever you want.
- Note 442401 - Web server filter for SSO to third-party systems
(https://service.sap.com/sap/support/notes/442401)
Extract the zip file attached to this SAP Note. Follow the instructions in the SAP Note and the instructions in the "filterdocs" directory of the unzipped files.
For our environment, I copied the iss6_sso.dll (for IIS 6) and the verify.properties files into the "inetpubscripts" directory. (There is a "verify.properties" file attached tot the source for your reference). Note the reference to a verify.pse file in the 'verify.properties' file. It should point to wherever the verify.pse file is, which in our case is "c:secverify.pse". I also copied the WPSSO_V3.DLL file from the "C in
ti386" directory to the system32 directory.
- Note 304450 - Single-Sign-On with SAP logon tickets in non-SAP systems
(https://service.sap.com/sap/support/notes/304450)
This SAP Note points the developer to SAPSSOEXT in SAP's software download area. Use SAPCAR to unzip the downloaded file and follow the instructions in this SAP Note and the instructions in the DOCS directory (a PDF and a README.TXT file).
PDF Note: The comments portion of the MySapEvalLogonTicketEx function declaration (Section 3.2 of the PDF) indicates that an environment variable named SSF_LIB must be created/exist. It should point to the location of the SSF-compliant security library (ie: SAPSECU.DLL in the system32 directory).

Similar Messages

SAP Fiori how to disable-web-security using code

Hi Guys
I have made SAP Fiori Application.
Its working on google chrome browser after disable-web-security.
i need to disable web security on each & every browser, Ipad, Phone befor start the fiori Apps.
Project on My Laptop Kepler Eclipse. I did not upload project on server.
Please guide me How I can disable web security using code on Fiori UI ...
Tags edited by: Michael Appleby

Hi pankaj,
Hi,
write this code in your app
/supress the Same Origin Policy on IE8 & Chrome
var domainString = "document.domain";
domainstring = "*.com"
'Access-Control-Allow-Origin: *.sap.com'
'Access-Control-Allow-Headers: X-KEY'
Regards
Umar

Calling SAP Web Service from BPEL

Hi
I am trying to call a SAP Web Service friom BPEL using the SAP WSDL.It requires a basic authentication (Username/Password) which i am providing as partnerlink properties in bpel.xml.
While testing the BPEL Process from the console, it is giving me an error
"<summary>exception on JaxRpc invoke: HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Bad response: 401 Unauthorized</summary>"
But when i am testing it from SOAP UI tool it is giving me the desired response.
Does anyone has any idea why it is failing from BPEL?Is there any configuration which i am missing?
Regards
Ayush

HI Ayush / Suryaveer..
I am stuck at the same situation, trying to invoke a secured SAP webservice. The invoke fails with a security previlege exception.
Am using the basicHeaders property to propagate the credentials to the SAP system.
Can you please suggest on the same.
credential propagation in bpel.xml :
<property name="basicHeaders">propagate</property>
<property name="basicUsername">ABC</property>
<property name="basicPassword">DEF</property>

System Refresh Process of SAP Web AS 6.20 in BW env

We are in the process to refresh our BQA system from the offline backup copy of BPR(Production server). We did it number of times in 4.6 R/3 server successfully in past. We used the oracle backup/restore method for refresh process in R/3. The same oracle backup/restore method we used for BW refresh. But this method is not able to change the schema name in tablespace (in BQA system, tablespace are like PSAPBQAFACT and in BP1 , it is PSAPBP1FACT). Seems to me this is not the right method to refresh SAP Web AS 6.20 and above systems.
Could anyone pls suggest the right documents or if someone has the procedure for refresh process of SAP Web AS 6.20, pls confirm.

Hi Reiner! Thanks for your reply!
- I want to create a secure connection between the .NET client and the SAP Web AS 6.20 Web Service, and HTTPS would be great. Is there any documentation regarding this issue?
- No, I don't want to provide the result of a Web Service as a Web Service. Maybe I was quite unclear... :/ What I meant was:
I want my Web Service to return a table (the result comes in the structure of a table). How do I define the Out-parameter in transaction se37 to accomplish this? Right now the best solution I got was to construct an array of strings (like the ZZVALUES int array in the example) where each position of the array, is a string that has the various fields of the table i want to return concatenated.
I'm able to retrieve the array in Visual Studio .NET 2003 client, and separate the fields (to fill a table again with them). If I could just return the table from SAP and receive it in .NET would be much more simpler.
Thanks again.

Error: Requested resource does not exist with SAP WebAS..deployed an ear

hi,
i deployed an application using SDM gui deployement manger.   the application is built using struts,spring etc. I have also created a datasource with Oracel 9i succesfully and hav associated it with the application.
When i try to access the application using the struts based path i get an "<b>ERROR 404:- Error: Requested resource does not exist</b>". I also tried accessing the index.jsp page directly without struts paths but dont know why i get an error "<b>File [appContext/admin/index.jsp] not found in application root of alias [/] of J2EE application [sap.com/com.sap.engine.docs.examples].</b>"
The same ear is working perfectly fine with IBM WSAD but not in SAP Web AS ?? is there any configuration issues that i need to address ?? Kindly help me ASAP !!
Regards,
Vaibhav

Hi,
The Required server log contents are as follows:-
#1.5#000CF1AFC124017A000000020000067000041B1D550F525C#1155712701853#com.sap.engine.services.servlets_jsp.server.jsp.JSPParser#sap.com/doculine#com.sap.engine.services.servlets_jsp.server.jsp.JSPParser#Guest#2####661184d02cf711db80fa000cf1afc124#SAPEngine_Application_Thread[impl:3]_37##0#0#Error#1#/System/Server#Plain###Runtime error in compiling of the JSP file <C:/usr/sap/J2E/JC00/j2ee/cluster/server0/apps/sap.com/doculine/servlet_jsp/doculine/root/admin/login.jsp> !
The error is: com.sap.engine.services.servlets_jsp.server.jsp.exceptions.ParseException: TagLibValidator returns error(s) for taglib [/WEB-INF/c.tld]: [
     com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: Unsupported character: a9(:main:, row:739, col:23)(:main:, row=739, col=23) -> com.sap.engine.lib.xml.parser.ParserException: Unsupported character: a9(:main:, row:739, col:23)
Exception id: [000CF1AFC124017A000000000000067000041B1D550F4D94]#
#1.5#000CF1AFC124017A000000030000067000041B1D550F5C88#1155712701868#com.sap.engine.services.servlets_jsp.client.RequestInfoServer#sap.com/doculine#com.sap.engine.services.servlets_jsp.client.RequestInfoServer#Guest#2####661184d02cf711db80fa000cf1afc124#SAPEngine_Application_Thread[impl:3]_37##0#0#Error##Plain###Processing HTTP request to servlet [action] finished with error. The error is: com.sap.engine.services.servlets_jsp.server.exceptions.WebIOException: Internal error while parsing JSP page [C:/usr/sap/J2E/JC00/j2ee/cluster/server0/apps/sap.com/doculine/servlet_jsp/doculine/root/admin/login.jsp].
     at com.sap.engine.services.servlets_jsp.server.jsp.JSPParser.parse(JSPParser.java:117)
     at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.getClassName(JSPServlet.java:238)
     at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.compileAndGetClassName(JSPServlet.java:429)
     at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:169)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:316)
     at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:372)
     at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1063)
     at org.apache.struts.action.RequestProcessor.internalModuleRelativeForward(RequestProcessor.java:1001)
     at org.apache.struts.action.RequestProcessor.processForward(RequestProcessor.java:560)
     at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:209)
     at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
     at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:316)
     at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:372)
     at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1063)
     at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:386)
     at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:229)
     at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
     at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Caused by: com.sap.engine.services.servlets_jsp.server.jsp.exceptions.ParseException: TagLibValidator returns error(s) for taglib [/WEB-INF/c.tld]: [
     com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: Unsupported character: a9(:main:, row:739, col:23)(:main:, row=739, col=23) -> com.sap.engine.lib.xml.parser.ParserException: Unsupported character: a9(:main:, row:739, col:23)
     at com.sap.engine.services.servlets_jsp.server.jsp.JSPParser.validate(JSPParser.java:243)
     at com.sap.engine.services.servlets_jsp.server.jsp.JSPParser.initParser(JSPParser.java:348)
     at com.sap.engine.services.servlets_jsp.server.jsp.JSPParser.parse(JSPParser.java:105)
     ... 37 more
#1.5#000CF1AFC124017A000000050000067000041B1D550F5F94#1155712701868#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#sap.com/doculine#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#Guest#2####661184d02cf711db80fa000cf1afc124#SAPEngine_Application_Thread[impl:3]_37##0#0#Error#1#/System/Server/WebRequests#Plain###Processing HTTP request to servlet [action] finished with error.
The error is: com.sap.engine.services.servlets_jsp.server.exceptions.WebIOException: Internal error while parsing JSP page [C:/usr/sap/J2E/JC00/j2ee/cluster/server0/apps/sap.com/doculine/servlet_jsp/doculine/root/admin/login.jsp].
Exception id: [000CF1AFC124017A000000030000067000041B1D550F5C88]#

Query Service in SAP WEB AS 6.20

Hello everybody,
I want to use Object Services at a SAP WEB AS 6.20 system. In the SAP help documents I have read that a Query Service is part of that Object Service. Generating a Persistence Class and the Class Actor (CA-Class) at a WEB AS 6.20 System I cannot find this Query Service. There is no method called IF_OS_CA_PERSISTENCY~GET_PERSISTENT_BY_QUERY in the Class Actor (CA-Class).
Is there a possibility to add this service to version 6.20?
At SAP WEB AS 7.0 the Query Service is available.
Can anybody help me?
Thanks and Regards,
Georg

Hi Reiner! Thanks for your reply!
- I want to create a secure connection between the .NET client and the SAP Web AS 6.20 Web Service, and HTTPS would be great. Is there any documentation regarding this issue?
- No, I don't want to provide the result of a Web Service as a Web Service. Maybe I was quite unclear... :/ What I meant was:
I want my Web Service to return a table (the result comes in the structure of a table). How do I define the Out-parameter in transaction se37 to accomplish this? Right now the best solution I got was to construct an array of strings (like the ZZVALUES int array in the example) where each position of the array, is a string that has the various fields of the table i want to return concatenated.
I'm able to retrieve the array in Visual Studio .NET 2003 client, and separate the fields (to fill a table again with them). If I could just return the table from SAP and receive it in .NET would be much more simpler.
Thanks again.

SAP Web Dispatcher in a high availability environment

Hello, guys
We are working in a CRM 7.0 implementation Project. Our system landscape is the following:
   - Two hosts (host1 & host2) on MSCS cluster (Windows 2008) with SQL Server and ASCS in high availability. Additional, this MSCS cluster has a instance of SAP Web Dispatcher.
   - In these two host weu2019ve installed a CI & DI instance, outside of high availability scope
   - Two additional hosts (host3 & host4) with one dialog instance in every host
We have severe problems with communication between SAP Web Dispatcher and ICM components. Our configuration schema is the next:
   - ASCS (MSCS_virtual_hostname):
ms/server_port_0 = PROT=HTTP,PORT=8141
SAPLOCALHOSTFULL = <MSCS_virtual_hostname>.<domain>
   - IC (host1)
icm/server_port_0 = PROT=HTTP,PORT=8040,TIMEOUT=90,PROCTIMEOUT=600
icm/host_name_full = <host1>.<domain>
   - ID1 (host2)
icm/server_port_0 = PROT=HTTP,PORT=8044,TIMEOUT=90,PROCTIMEOUT=600
icm/host_name_full = <host2>.<domain>
   - ID3 (host3)
icm/server_port_0 = PROT=HTTP,PORT=8045,TIMEOUT=90,PROCTIMEOUT=600
icm/host_name_full = <host3>.<domain>
   - ID4 (host4)
icm/server_port_0 = PROT=HTTP,PORT=8046,TIMEOUT=90,PROCTIMEOUT=600
icm/host_name_full = <host4>.<domain>
   - SAP Web Dispatcheer (MSCS_virtual_hostname):
SAPGLOBALHOST = <MSCS_virtual_hostname>
SAPLOCALHOSTFULL = <MSCS_virtual_hostname>.<domain>
SAPLOCALHOST = <MSCS_virtual_hostname>
SAPLOCALHOST = <MSCS_virtual_hostname>
ms/http_port = 8141
icm/server_port_0 = PROT=HTTP, PORT=8042,TIMEOUT=30,PROCTIMEOUT=600
wdisp/add_xforwardedfor_header = TRUE
In SAP Web Dispatcher log weu2019ve found the following error messages:
Fri Jan 28 15:45:22 2011
***LOG Q0I=> NiPConnect2: connect (10061: WSAECONNREFUSED: Connection refused)
*** ERROR => NiPConnect2: SiPeekPendConn failed for hdl 6 / sock 130060
    (SI_ECONN_REFUSE/10061; I4; ST; 192.168.6.182:8044)
*** ERROR => Connection request to host: , service: 8044 failed (NIECONN_REFUSED)
SAP Web Dispather is trying to connect to connect with dialog instances through , which itu2019s incorrect (ports 8044, 8045 & 8046 are opened in dialog instances, not in virtual instance). I think it should try with real hostnames (host1, host2, host3 & host4).
¡¡Please, help!! Thanks in advance

Hello, Karthi,
Our Web Dispatcher profile looks as following:
Instance specific parameters
Maybe some of these parameters are needless
SAPSYSTEMNAME = <CRM SID>
INSTANCE_NAME = <WD SID>
SAPSYSTEM = <WD System number>
SAPGLOBALHOST = <virtual hostname of WD>
SAPLOCALHOSTFULL = <FQDN of virtual hostname of WD>
SAPLOCALHOST = <virtual hostname of WD>
Directorios
DIR_INSTANCE = R:\usr\sap\wd
DIR_INSTALL = R:\usr\sap\wd
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
DIR_EXECUTABLE = R:\usr\sap\wd
DIR_PROFILE = R:\usr\sap\wd
DIR_HOME = R:\usr\sap\wd
DIR_ICMAN_ROOT = $(DIR_INSTANCE)\icmanroot
R:\usr\sap\wd\global\security\data
Accesibilidad al Message Server
rdisp/mshost = <virtual hostname of CRM Message Server>
ms/http_port = <HTTP port of CRM Message Server>
HTTP Settings
Puerto estandar de acceso HTTP
icm/server_port_0 = PROT=HTTP, PORT=8042,TIMEOUT=30,PROCTIMEOUT=600
These parameters defines load balancing weights
#wdisp/server_00 = NAME=<hostname_SID_SYSNR>, LB=4, ACTIVE=0
#wdisp/server_01 = NAME=<hostname_SID_SYSNR>, LB=10, ACTIVE=1
#wdisp/server_02 = NAME=<hostname_SID_SYSNR>, LB=20, ACTIVE=1
#wdisp/server_03 = NAME=<hostname_SID_SYSNR>, LB=20, ACTIVE=1
Puerto de acceso interfaz web de administrador
icm/HTTP/admin_0 = PREFIX=/sap/admin, DOCROOT=$(DIR_ICMAN_ROOT)/admin, AUTHFILE=$(DIR_INSTANCE)\sec\icmauth.txt
Activaciu00F3n de la cachu00E9 de SAP Web Dispatcher
icm/HTTP/server_cache_0/http_cache_control = true
icm/HTTP/server_cache_0 = PREFIX=/, CACHEDIR=$(DIR_INSTANCE)\cache
Fichero de log de seguridad
icm/security_log = LOGFILE=$(DIR_HOME)\log\security_%y%m%d.log, SWITCHTF=day, MAXSIZEKB=1024, FILEWRAP=off
icm/HTTP/logging_0 = PREFIX=/, LOGFILE=$(DIR_HOME)\log\wd_log_%y%m%d.log, SWITCHTF=day, MAXSIZEKB=1024, FILEWRAP=off
icm/log_level = 1
Dispatcher Configuration
wdisp/add_xforwardedfor_header = FALSE
Parametrizacion de memoria
Datos de sizing de los que se parten                                #
#users = 1800 usuarios (900 concurrentes)
#req_per_dialog_step = 6 peticiones HTTP por paso
#thinktime_per_diastep_sec = 10 seg. de "thinktime"
#conn_keepalive_sec = 30 seg. mantener conexiu00F3n abierta con ICM
#icm/max_conn = users * req_per_dialog_step * conn_keepalive_sec / thinktime_per_diastep_sec
icm/max_conn = 16200
wdisp/HTTP/max_pooled_con = icm/max_conn
wdisp/HTTP/max_pooled_con = 16200
icm/max_sockets = al menos la suma de icm/max_conn y wdisp/HTTP/max_pooled_con
icm/max_sockets = 32400
mpi/buffer_size = 64K = 64 * 1024 = 65536
mpi/buffer_size = 65536
mpi/total_size_MB = icm/max_conn * mpi/buffer_size (hay que convertir mpi/buffer_size a MB)
mpi/total_size_MB = 1024
icm/req_queue_len = icm/max_conn / 2
icm/req_queue_len = 8100
icm/min_threads = icm/max_conn / ~50
icm/min_threads = 512
icm/max_threads = icm/max_conn / ~20
icm/max_threads = 1024
Parametrizacion de seguridad
Evitar el envu00EDo de mensajes tu00E9cnicos al usuario final
is/HTTP/show_detailed_errors = FALSE
#icm/HTTP/error_templ_path
And ICM parameters are:
- SAPLOCALHOSTFULL= <FQDN of every application server>
- icm/server_port_0 = PROT=HTTP,PORT=8080,TIMEOUT=90,PROCTIMEOUT=600:
- icm/host_name_full = <FQDN of every application server> ## This parameter is ignored if SAPLOCALHOSTFULL is defined
I hope it helps you.
Best regards,
Sergio Su00E1nchez

Implementaion of ADS on SAP Web AS ABAP

Dear All
We have an ECC6.0 setup on Oracle Solaris as SAP Web AS ABAP only. We now want to install & configure ADS (Adobe Document Services) on it. Is it possible to do so on ABAP only system or do we need to have ABAP + Java system. In case, we can, can someone provide me link for the same.
Thanks
Lokesh.

Thanks Markus. I am now trying to implement ADS in another server which ahs ABAP+Java installation in same box with SAP Netweaver 7.0.
I have done all the steps as per the configuration guide and am detailing teh same here. However, I am unable to run the application. Please help.
I am detailing the steps taken as per the configuration guide.
1. Checking the IIOP service - This is working fine as per the guide.
2. I have chosen to use Basic authentication
3. Executing FP_TEST_00 fails
4. Executing FP_PDF_TEST_00 did show me the version infomation initially but after changing the
ADSUSER password in SU01, it has started showing a username and password box which doesnot accept
ADSUSER and the new password.
5. I have created a user ADSUSER as system user and assigned a password to it. I have created
ADSCALLERS role and assigned it to ADSUSER.
6. I have created an ABAP connection as per the guide. However, in test connection, I am prompted for
a user and password. Specifying ADSUSER doesnot work. However specifying j2ee_admin user gives the
test result as Found.
7. On running Test for user in http://<server>:50000/AdobeDocumentServices/Config in browser, the
ADSUSER or ADS_AGENT password doesnot get accepted. j2ee_admin user and password gives the error
"User J2EE_ADMIN does not have access to method rpData."
8. Even in Visual Administrator, I have checked the ADSUSER to be under ADSCallers group. Also the
ADSUSER is mapped to ADSCaller security role. However, one point noticable is that when I try to
change the password of ADSUSER in user management under ADSCallers, it doesnot allow me to do so.
Here I am in doubt as in SU01, I have changed the password while in Visual Admin, it is still the initial
one. Is this conflicting.
9. In the link http://<AS Java Server>:50000 ->User Management, I am unable to set Security policy
field to Technical user and it is grayed out even after clicking modify. Am also not able to delete the
ADSUSER from it.
10. In visual administrator, I have setup the basic authentication too in web services security node and
have activated the service throught the deploy node
11. I have created a user ADS_AGENT as service user through SU01 and defined password for it and
assigned role SAP_BC_FP_ICF & SAP_BC_FPADS_ICF to it.
12. I have activated the fp & fpads service through SICF ->default_host ->sap ->bc ->fp. Right Click &
Activate
13. The checking of destination service through FP_CHECK_DESTINATION_SERVICE prompts for a
username and password and doesnot accept ADSUSER or ADS_AGENT and j2ee_admin user is giving
error of rpdata authorization.
14. The ICF service through web browser using link
http://<server>:8000/sap/bc/fp/form/layout/fp_test_00.xdp accepts ADS_AGENT user and displays an
XML code.
15. The test of changing of Destination Service to
http://<server>:8000/sap/bc/fp/form/layout/fp_test_00.xdp through Visual Admin results in HTTP GET
response code 200 Content type text/html
I have worked my brains out on this but unable to understand the problem. I think it is because I am not able to change the password of ADSUSER things are not working.
Please help me out.
Lokesh

Client authentication in PI when SAP Web dispatcher terminates SSL

PI Security Experts,
Here is our design for Third-party Peoplesoft system initiating SOAP Call to PI Web Service created on our PI server.
1) Third-party Peoplesoft Application server initiates a SOAP call.
2) Third-party Network Gateway has a URL server certificate from our gateway and our gateway server has a root certificate from the CA used by third-party gateway. this will be used to establish the SSL tunnel between gateway.
3) SOAP request in our network will be routed through load balancer to SAP web dispatcher.
4) SAP web dispatcher terminates SSL connection
5) We will generate client cert for authentication and pass it onto third-party which they will load onto their PeopleSoft application server. SOAP call initiating from the PeopleSoft server will pass the client cert along with the message (My understanding is that the client cert will not be a part of SOAP message body. Ina other words we are not implementing message-level security. Is that true? How will the client cert be passed? How and where will a client attach the client cert with message?My understanding is that this is a network layer security and client certificate will be authenticated on PI J2ee server at SSL protocol level..Is my understanding correct?)
6) We will also load client certificate generated for client onto J2EE server using Visual Admin and map it to PI user for authentication.
7) SAP web dispatcher terminates SSL and passes the SOAP message to PI (J2EE) along with client cert in a http header variable.
There is some conflicting SAP documents. some say that client cert can't be used for PI authentication if Web Dispatcher terminates SSL connection (http://help.sap.com/saphelp_nw04s/helpdata/en/ea/301e3e6217b40be10000000a114084/frameset.htm). There is some other documents that say that authentication using client cert is possible by having J2EE trusting Web Dispatcher and by passing client cert from Web Dispatcher to J2EE in a httpheader variable (http://help.sap.com/saphelp_erp2005/helpdata/en/ea/301e3e6217b40be10000000a114084/content.htm).
Now if client cert authentication is possible even if Web dispatcher terminates SSL, what cert do we need on J2EE, a cert from Web dispatcher or a client cert that's coming in from the client appication (the one that we created and provided to our third-party)?
If we install a cert from web dispatcher on J2EE then do we need a client cert on Web dispatcher instead of on J2EE? If so how and where do we map client cert to PI User?
I will really appreciate any advise on whether we are going down the right path and any pointers to my questions.
Thanks,
Saurabh

Hi,
May be below links will be helpful
Check the following links.. you will get the information all about the securities...
http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/content.htm
Also read thru this link for message level security - https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
Also find soeminformation in these links
http://help.sap.com/saphelp_nw2004s/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm
/people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi
Step by step guide for SSL security
step by step guide to implement SSL
Please go through below link for referance (above information is from below link)
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
General guide
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9
Message level security
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
Regarding message level you can encrypt the message using certificates.
For both of this basis team has to deploy the releavant certificates in XI ABAP Stack or Java stack.
Generally if the scenarios are intra company we dont use any transport level or message level security since the network is already secured.
Thanks
Swarup

SAP Web AS - SAP Webdispatcher - RSA

Hello,
I am new to this forum. So please let me know if my question is off topic and give me a hint where to post the question.
I like to setup RSA authentication together with SAP Web AS and SAP Webdispatcher. Idea: The User is connecting via http or https to the SAP Webdispatcher. Before dispatched to the SAP Web AS the user has to perform an authentication by RSA token. I know that there are solutions available for e.g. IIS or Apache, but I don´t know if it possible with SAP Web AS and SAP Webdispatcher.
Any help is appreciated.
Best regards,
Marcus

Hi Marcus
I've moved your question to the Netweaver Security forum.
Regards,
Désiré

Remote Connection to SAP with SAP Web Dispatcher

Dear Experts,
i have installed a SAP Router + SAP ECC 6.0 IDES + SAP Portal 7.0 + SAP Solution Manager 7.0. The remote connection works.
SAP Router is in a DMZ
SAP ECC 6.0 IDES + SAP Portal 7.0 + SAP Solution Manager 7.0 are in another network only for SAP Systems
Fo security reason, i would like to install a SAP Webdispatcher with the SAP Router's Server.
I already:
have extracted the icmadmin.sar file
have executed the sapwebdisp -bootstrap command
have started the web dispatcher with sapwebdisp pf=sapwebdisp.pfl
have activated /sap/public/icman and /sap/public/icf_info/* services inthe SAP Solution Manager
As the saprouttab file for the saprouter, i would like to establish the connection to SAP withe the SAP WebDispatcher.
My questions are:
What are the parameters i have to put in the sapwebdisp.pfl file?
Do i have to create the PERMFILE and the AUTHFILE?
Any example of profil file? (another than the SAP Library example)
Thank you very much for your help in advance.
Best regards.
Pascal Tran.
PS: Here is the sapwebdisp.pfl file
Profile generated by sapwebdisp bootstrap
unique instance number
SAPSYSTEM = 50
add default directory settings
DIR_EXECUTABLE = .
DIR_INSTANCE = .
Accessibility of Message Servers
rdisp/mshost = <Solution_Manager_hostanme>
rdisp/msserv = sapms<Solution_Manager_SID>
ms/http_port = 81<Solution_Manager_Instance_Number>
SAP Web Dispatcher Parameter
wdisp/auto_refresh = 120
wdisp/max_servers = 100
wdisp/shm_attach_mode = 6
configuration for default scenario (medium size)
icm/max_conn      = 500
icm/max_sockets   = 1024
icm/req_queue_len = 500
icm/min_threads   = 10
icm/max_threads   = 50
mpi/total_size_MB = 80
#maximum number of concurrent connections to one server
wdisp/HTTP/max_pooled_con = 500
wdisp/HTTPS/max_pooled_con = 500
SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTP,PORT=8050
SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=icmauth.txt
Hostname per default
icm/host_name_full = <SAP_Router_Hostname>

Hello,
The two important paramters are covered in your profile.
Accessibility of Message Servers
rdisp/mshost = <Solution_Manager_hostanme>
rdisp/msserv = sapms<Solution_Manager_SID>
ms/http_port = 81<Solution_Manager_Instance_Number>
And the port on which your webdispatcher listens from outside world.
icm/server_port_0 = PROT=HTTP,PORT=8050
For additional security you can use the https port also.
I dont think you need to maintain any other file manually.
I had configured web dispatcher but for 640 stack. It should be more or less the same.
An example file sapwebdisp.pfl
Profile generated by sapwebdisp bootstrap
unique instance number
SAPSYSTEM = 1
Accessibility of Message Servers
rdisp/mshost = <hostname>
ms/http_port = 8101
ms/https_port = 8005
SAP Web Dispatcher Parameter
wdisp/auto_refresh = 120
wdisp/max_servers = 100
wdisp/shm_attach_mode = 6
configuration for default scenario (medium size)
icm/max_conn      = 500
icm/max_sockets   = 1024
icm/req_queue_len = 500
icm/min_threads   = 10
icm/max_threads   = 50
mpi/total_size_MB = 80
#maximum number of concurrent connections to one server
wdisp/HTTP/max_pooled_con = 500
wdisp/HTTPS/max_pooled_con = 500
wdisp/shm_attach_mode = 6
SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTPS,PORT=1443
icm/server_port_1 = PROT=HTTP,PORT=1081
icm/HTTPS/verify_client = 0
SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin
DIR_INSTANCE = C:\Secudir
ssl/ssl_lib = C:\Secudir\sapcrypto.dll
ssl/server_pse= C:\Secudir\SAPSSLS.pse
wdisp/ssl_cred = SAPSSLS.pse

Sap Web As 6.40 SR1 post installation error

Hi, I have a problem with the installation of WEB AS ABAP.
I installed Sap Web As 6.40 SR1 following this steps:
Oracle 9.2.0 with the patch 9.2.0.4
Web As Abap.
I assigned two different names for the Oracle System ID and the Sap System ID.
All the installations finished without errors.
In the post installation if I enter in the Sap Management
Console to start the SAP instance i see the following error:
Process: strdbs.cmd
Description: Database
Status: could not be started
I try to resolve the problem following Sap note 786673 (section security: change permission
for Oracle files) but unsuccessfully.
Do you have any suggestion?

Hi all,
first of all thanks a lot for your answers.
I have reinstalled the WEB AS ABAP using the same SID for the DB and for SAP (the SID is C01).
Unfortunately, I found the same error when I go to start SAP.
I checked if the oracle services are running and the check was ok, moreover I used the Oracle Enterprise Manager to check if oracle works.
Sanjeev, I tried to find the script stdbs in C:\usr\sap\C01\SYS\exe\run but without success (I can't find the file above-mentioned).
I applied also another time the SAP NOTE 786673 (section security: change permission for Oracle files) but unsuccessfully.
This is the result of the sapstart.loog
SAP-R/3-Startup Program
Starting at 2005/10/11 13:50:30
Startup Profile: "C:\usr\sap\C01\SYS\profile\START_DVEBMGS00_leonard"
Starting Programs
(416) CreateProcess(C:\usr\sap\C01\SYS\exe\run\strdbs.cmd) failed(2). ENOENT*: No such file or directory OR: The system cannot find the file specified.
(1780) CreateProcess: C:\usr\sap\C01\SYS\exe\run\msg_server.exe pf=C:\usr\sap\C01\SYS\profile\C01_DVEBMGS00_leonard
(356) CreateProcess: C:\usr\sap\C01\SYS\exe\run\disp+work.exe pf=C:\usr\sap\C01\SYS\profile\C01_DVEBMGS00_leonard
(1852) CreateProcess: C:\usr\sap\C01\DVEBMGS00\igs\bin\igswd.exe -dir=C:\usr\sap\C01\DVEBMGS00\igs -mode=all -sysname=C01 -sysno=00
Do you have any suggestion to solve this strange problem??
Thanks a lot.
Eugenio.
Message was edited by: Eugenio Cassiano

SAP Web Dispatcher SSL Error

We are having issues with our SSL connection to the SAP Web AS. Below is the error in the log files:
[Thr 472] =================================================
[Thr 472] = SSL Initialization on PC with Windows NT
[Thr 472] =   (700_REL,Jul 14 2008,mt,ascii,SAP_UC/size_t/void* = 8/32/32)
[Thr 472]   profile param "ssl/ssl_lib" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sapcrypto.dll"
           resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sapcrypto.dll"
[Thr 472]   profile param "ssl/server_pse" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
           resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
[Thr 472]   profile param "ssl/client_pse" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\SAPSSLC.PSE"
           resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\SAPSSLC.PSE"
[Thr 472] =   found SAPCRYPTOLIB 5.5.5C pl24 (Jun 11 2008) MT-safe
[Thr 472] =   current UserID: NT AUTHORITY\SYSTEM
[Thr 472] =   found SECUDIR environment variable
[Thr 472] =   using SECUDIR=c:\program files\sap\sapwebdisp\
[Thr 472] *** ERROR =>   secudessl_Create_SSL_CTX(): PSE "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse" not found! [ssslsecu.c   1354]
[Thr 472] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 472] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 472] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
[Thr 472] << -
End of Secude-SSL Errorstack -
[Thr 472] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
        for "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<OurPSE>.pse" [ssslxxi.c    2278]
[Thr 472] Tue Mar 31 13:30:06 2009
[Thr 472] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 472] =================================================
[Thr 472] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 472] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c   319]
[Thr 3744] IcmCreateWorkerThreads: created worker thread 0
[Thr 2952] *** ERROR => IcmConnClientRqCreate: No service for protocol HTTPS started [icxxconn.c   2701]
[Thr 2952] *** ERROR => IcmConnClientRqCreate() failed (rc=-1) [icrxx.c      5234]
[Thr 2952] *** ERROR => Could not connect to SAP Message Server at onebase. URL=/msgserver/text/logon?version=1.2 [icrxx.c      2591]
[Thr 2952] *** ERROR => rc=-1, HTTP response code: 0 [icrxx.c      2592]
[Thr 2952] *** ERROR => see also OSS note 552286 [icrxx.c      2593]
[Thr 3744] IcmCreateWorkerThreads: created worker thread 1
[Thr 3744] IcmCreateWorkerThreads: created worker thread 2
[Thr 3744] IcmCreateWorkerThreads: created worker thread 3
[Thr 3744] IcmCreateWorkerThreads: created worker thread 4
[Thr 3292] IcmWatchDogThread: watchdog started
I've already used sapgenpse seclogin -p <PSE File> -x <PIN> to create a pin. I've also gone and deleted the old pin that used to be there and created a new one.
Also I noticed it says "Beware: changing a PIN of a PSE will not auto-update the SSO-credential
Beware: adding a new credential will not auto-update an existing credential"
So once you change it how do you update it? Do you need to reboot the Web Dispatcher or do you just need to restarted the service?

I am also facing same issue.
I have added credentials also and successfully done.
Here attaching trace file. Please suggest
trc file: "dev_webdisp", trc level: 1, release: "720"
sysno 00
sid WD1
systemid 390 (AMD/Intel x86_64 with Linux)
relno 7200
patchlevel 0
patchno 68
intno 20020600
make multithreaded, ASCII, 64 bit, optimized
profile /usr/sap/WD1/profile/WD1_W00_sapportal
pid 26732
[Thr 139840314074976] Thu Oct 31 13:54:15 2013
[Thr 139840314074976] *** WARNING => The maximum number of sockets supported on this host is 1020.
This is less than the number of sockets configured in parameter icm/max_sockets (8192) [icxxrout_mt. 3417]
[Thr 139840314074976] started security log to file ./dev_icm_sec
[Thr 139840314074976] SigISetDefaultAction : default handling for signal SIGCHLD
[Thr 139840314074976] SAP Web Dispatcher running on: sapportal.abrajoman.com
[Thr 139840314074976] MtxInit: 30001 0 2
[Thr 139840314074976] ***LOG IM1=> IcmInit, Startup (SAP Web Dispatcher&sapportal.abrajoman.com&26732&) [icxxrout_mt. 1914]
[Thr 139840314074976] IcmInit: listening to admin port: 65000
[Thr 139840314074976] MPI: dynamic quotas disabled.
[Thr 139840314074976] MPI init: pipes=4000 buffers=1279 reserved=383 quota=10%
[Thr 139840314074976] CCMS: SemInMgt: Semaphore Management initialized by AlAttachShm_Ext.
[Thr 139840314074976] CCMS: SemInit: Semaphore 38 initialized by AlAttachShm_Ext.
[Thr 139840314074976] CCMS: AlInitGlobals : alert/use_sema_lock = TRUE.
[Thr 139840314074976] IcrCoreInitSessionTable: Session table initialized
[Thr 139840167098112] HttpExtractArchive: files from archive /usr/sap/WD1/SYS/exe/run/wdispadmin.SAR in directory /usr/sap/WD1/W00/data/icmandir are up to date
[Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpAdminHandler(0x7f2f0c000e70), slot=0, flags=36869) for /sap/admin, active: 1, table 0x7f2f0c000a10
[Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpModHandler(0x7f2f0c0012e0), slot=1, flags=12293) for /, active: 1, table 0x7f2f0c000a10
[Thr 139840167098112] CsiInit(): Initializing the Content Scan Interface
[Thr 139840167098112] AMD/Intel x86_64 with Linux (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
[Thr 139840167098112] CsiInit(): CSA_LIB = "/usr/sap/WD1/SYS/exe/run/libsapcsa.so"
[Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpAuthHandler(0x7f2f0c001440), slot=2, flags=12293) for /, active: 1, table 0x7f2f0c000a10
[Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpWebDispHandler(0x7f2f0c008340), slot=3, flags=1060869) for /, active: 1, table 0x7f2f0c000a10
[Thr 139840167098112] Started service PORT=8100,PROT=HTTP,TIMEOUT=60,PROCTIMEOUT=60
[Thr 139840167098112] =================================================
[Thr 139840167098112] = SSL Initialization platform tag=(linuxx86_64_gcc41)
[Thr 139840167098112] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 139840167098112] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840167098112] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840167098112] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
[Thr 139840167098112] = current UserID: "wd1adm", env-var USER="wd1adm"
[Thr 139840167098112] = using SECUDIR=/usr/sap/WD1/W00/sec
[Thr 139840167098112] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
[Thr 139840167098112] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
[Thr 139840167098112] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 139840167098112] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 139840167098112] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] << ---------- End of Secude-SSL Errorstack ----------
[Thr 139840167098112] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
[Thr 139840167098112] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 139840167098112] =================================================
[Thr 139840167098112]
[Thr 139840167098112] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 139840167098112] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
[Thr 139840167098112] *** WARNING => Could not start service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 651]
[Thr 139840314074976] SigISetDefaultAction : default handling for signal SIGCHLD
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 0
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 1
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 2
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 3
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 4
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 5
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 6
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 7
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 8
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 9
[Thr 139840167098112] IcmWatchDogThread: watchdog started
[Thr 139840148838144] Thu Oct 31 13:54:36 2013
[Thr 139840148838144] =================================================
[Thr 139840148838144] = SSL Initialization platform tag=(linuxx86_64_gcc41)
[Thr 139840148838144] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 139840148838144] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840148838144] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840148838144] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
[Thr 139840148838144] = current UserID: "wd1adm", env-var USER="wd1adm"
[Thr 139840148838144] = using SECUDIR=/usr/sap/WD1/W00/sec
[Thr 139840148838144] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
[Thr 139840148838144] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
[Thr 139840148838144] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 139840148838144] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 139840148838144] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] << ---------- End of Secude-SSL Errorstack ----------
[Thr 139840148838144] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
[Thr 139840148838144] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 139840148838144] =================================================
[Thr 139840148838144]
[Thr 139840148838144] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 139840148838144] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
[Thr 139840148838144] *** WARNING => Could not reactivate service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 1550]
[Thr 139840148838144] *** ERROR => ICP_icm_mod_service: ModService(7) failed for 8300, HTTPS(rc=-14) [icrxxadmin_m 5519]
[Thr 139840151480064] Fri Nov 1 10:54:13 2013
[Thr 139840151480064] =================================================
[Thr 139840151480064] = SSL Initialization platform tag=(linuxx86_64_gcc41)
[Thr 139840151480064] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 139840151480064] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840151480064] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840151480064] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
[Thr 139840151480064] = current UserID: "wd1adm", env-var USER="wd1adm"
[Thr 139840151480064] = using SECUDIR=/usr/sap/WD1/W00/sec
[Thr 139840151480064] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
[Thr 139840151480064] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
[Thr 139840151480064] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 139840151480064] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 139840151480064] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] << ---------- End of Secude-SSL Errorstack ----------
[Thr 139840151480064] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
[Thr 139840151480064] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 139840151480064] =================================================
[Thr 139840151480064]
[Thr 139840151480064] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 139840151480064] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
[Thr 139840151480064] *** WARNING => Could not reactivate service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 1550]
[Thr 139840151480064] *** ERROR => ICP_icm_mod_service: ModService(7) failed for 8300, HTTPS(rc=-14) [icrxxadmin_m 5519]
Trace File
   (11768bytes)
Thanks,
Kundan

Need to publish SAP Web Service without Authintication

Hello Everyone,
I have created a web service for my XI congiguration scenario for my outbound interface. Now each time when client system (Non SAP System) tries to publish my SAP Web Service, it asks the authentication of credentials (SAP username & Password).
We want to publish our SAP Web Service without Authintication.
Please suggest us how can we do that?
Regards,
Pranil Shinde.

Hi,
The user authentication of the SOAP adapter is not part of the SOAP adapter but of the web container of the J2EE engine. The default authentication setting is defined in the web.xml descriptor file of the SOAP adapter web application. This setting may be modified from Visual Administrator with some restriction. Please refer to the security documentation for the J2EE engine fro the same.
Regards,
Swetha.

SAP Web Dispatcher in Front of EP6 SP2?

For increased network security, is it possible to put a Web Dispatcher in front of an EP6 SP2 J2EE engine?
The Web Dispatcher would be in the DMZ with the J2EE in the next layer of the DMZ.
If so, is is also possible to have a Web Dispatcher then XI server?
If the above are not possible, what is the best solution?
Thanks.

If you are referencing SAP Web Dispatcher, then yes, your scenarios are possible. Usually, the XI server would be located where the SAP Portal apps would be. You can read,
http://help.sap.com/saphelp_nw04/helpdata/en/42/5cfd3b0e59774ee10000000a114084/frameset.htm
If you are refering to just a web dispatcher (ISA, IIS), it typically resides infront of your Apps (i.e. Portal, XI).
Regards,
James

SAP.Web.Security.TicketException: MYSAP_INVALID

Similar Messages

Maybe you are looking for