SSO between FPN doesnt work

Hello,
I've set the steps involved in the FPN configuration, I've already can see all the objects of the producer and consume them, but when I call an object of the producer the object ask me for login. I review the step of setting trust and verify that the certificate are correctly uploaded in both system, it seems everything is right.
Where I can chek what's happening? What I'm missing?
Thanks & Regards
SU

Thanks for the reply,
The instructions says that I can test all this configuration,
http://help.sap.com/saphelp_nw70/helpdata/EN/b4/cb8846dd0e7c45833e10c807328453/content.htm
You have set up a test application for creating logon tickets.
If the J2EE Engine is the ticket-issuing server, then you can use one of the example programs provided with the server, for example, Hello. The application is deployed on the ticket-issuing J2EE Engine and its login module stack is configured to authenticate the user and then create a logon ticket.
How can execute the example "Hello" that is provided with the server?
Regards
SU

Similar Messages

SSO between R/3 and Web Server Filter is not working

Hi all,
I have to configure SSO to access from SAP R/3 to a third-party web application through Web Server Filter.
R/3  WSF  3rdParty App
I think everything is configured properly, but when I issue the http request from R/3 to WSF I get the following error in sapsso.log file in apache server:
======================================================
trc file: "/usr/local/app/apache/sapsso.log", trc level: 3, release: "620"
Thu Nov 29 13:44:40 2007
Webserver Ticket Filter Release Version 5.0.2.8
Loading of the props returned 0=OK.
Max cache size = 0
Initialization done.
Checking validity...
Ticket Validation Error: expired.
Checking validity...
Ticket Validation Error: expired.
Checking validity...
Ticket Validation Error: expired.
Checking validity...
Ticket Validation Error: expired.
Checking validity...
Ticket Validation Error: expired.
Checking validity...
Ticket Validation Error: expired.
======================================================
And in the error_log file of the apache http server theres the following:
======================================================
proxy_cache.c(969): No CacheRoot, so no caching. Declining.
proxy_http.c(586): Content-Type: (null)
Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA...
Got date from ticket.
Cur time = 200711291244.
Computing validity in hours.
Computing validity in minutes.
CurTime_t = 1196426640, CreTime_t = -496601312
validity: 216000, difference: 1693027952.000.
proxy_cache.c(969): No CacheRoot, so no caching. Declining.
proxy_http.c(586): Content-Type: (null)
Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA...
Got date from ticket.
Cur time = 200711291244.
Computing validity in hours.
Computing validity in minutes.
CurTime_t = 1196426640, CreTime_t = -496601312
validity: 216000, difference: 1693027952.000.
proxy_cache.c(969): No CacheRoot, so no caching. Declining.
proxy_http.c(586): Content-Type: (null)
Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA...
Got date from ticket.
Cur time = 200711291244.
Computing validity in hours.
Computing validity in minutes.
CurTime_t = 1196426640, CreTime_t = -496601312
validity: 216000, difference: 1693027952.000.
proxy_cache.c(969): No CacheRoot, so no caching. Declining.
proxy_http.c(586): Content-Type: (null)
======================================================
It seems like there isnt the date in the ticket issued by SAP R/3. However, I tried to configure sso between the same R/3 server and an EP and worked fine.
I also tried to decrypt the ticket issued by R/3 but I get a segmentation fault.
Does anyone can help me?
Thanks in advance.
Roger Allué i Vall

Here's a excerpt of a strace of the httpd processes when receive the http request:
13863 accept(16, <unfinished ...>
13864 accept(16, <unfinished ...>
13865 accept(16, <unfinished ...>
13866 accept(16, <unfinished ...>
13867 accept(16, <unfinished ...>
13868 accept(16, <unfinished ...>
13872 accept(16, <unfinished ...>
13863 <... accept resumed> {sa_family=AF_INET, sin_port=htons(2476), sin_addr=inet_addr("10.80.183.46")}, [16]) = 3
13863 rt_sigaction(SIGUSR1, , {0x805fd50, [], SA_INTERRUPT}, 8) = 0
13863 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
13863 getsockname(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("10.41.235.48")}, [16]) = 0
13863 setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
13863 read(3, "GET /Silicon/loginPasarela.jsp?accion=urgencias&icu=0010000694%20&nhc=0000147810 HTTP/1.1\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, /\r\nAccept-Language: ca\r\nsap-mysapsso: 200711291818281ppOT/XT2eKtb8Unh0aexQAjQxMDIBABgAUgBBAEwATABVAEUAIAAgACAAIAAgACACAAYAMQAwADADABAAUgBIAEkAIAAgACAAIAAgBAAYADIAMAAwADcAMQAxADIAOQAxADcAMQA4BQAEAAAAPAkAAgBj/wFQMIIBTAYJKoZIhvcNAQcCoIIBPTCCATkCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCARgwggEUAgEBMBMwDjEMMAoGA1UEAxMDUkhJAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzExMjkxNzE4MjhaMCMGCSqGSIb3DQEJBDEWBBRNZ7rlzxjw9r4UNi4m/MBvHYXK0TANBgkqhkiG9w0BAQEFAASBgNeYexwxhY7cUDZG7mGKmaljgqt2NBdlV!WA/4FUSFVpIewDtMQDtLjcAcVRsH2QMWxPs0!QSvlqlJHdm7VIvMe9pWMvs6ld8/U!lOTSQqtNyI!am770SgRMR60eiV3Ir8q8wfR8VXnO9acHHePnVN4O24!jwCOPxm6XAQuKMUAS\r\nsap-mysapred: http://sapwhi01.argos.gencat.intranet/Silicon/loginPasarela.jsp?accion=urgencias&icu=0010000694 &nhc=0000147810\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)\r\nC", 4096) = 1260
13863 rt_sigaction(SIGUSR1, , , 8) = 0
13863 time(NULL) = 1196356708
13863 read(3, "ookie: MYSAPSSO2=AjQxMDIBABgAUgBBAEwATABVAEUAIAAgACAAIAAgACACAAYAMQAwADADABAAUgBIAEkAIAAgACAAIAAgBAAYADIAMAAwADcAMQAxADIAOQAxADcAMQA4BQAEAAAAPAkAAgBj%2fwFQMIIBTAYJKoZIhvcNAQcCoIIBPTCCATkCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCARgwggEUAgEBMBMwDjEMMAoGA1UEAxMDUkhJAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzExMjkxNzE4MjhaMCMGCSqGSIb3DQEJBDEWBBRNZ7rlzxjw9r4UNi4m%2fMBvHYXK0TANBgkqhkiG9w0BAQEFAASBgNeYexwxhY7cUDZG7mGKmaljgqt2NBdlV%21WA%2f4FUSFVpIewDtMQDtLjcAcVRsH2QMWxPs0%21QSvlqlJHdm7VIvMe9pWMvs6ld8%2fU%21lOTSQqtNyI%21am770SgRMR60eiV3Ir8q8wfR8VXnO9acHHePnVN4O24%21jwCOPxm6XAQuKMUAS; JSESSIONID=50B5570A234B89887690DF50A993477D\r\nConnection: Keep-Alive\r\nHost: sapwhi01.argos.gencat.intranet\r\n\r\n", 4096) = 730
13863 time(NULL) = 1196356708
13863 write(2, "Thu Nov 29 18:18:28 2007\n", 25) = 25
13863 write(2, "Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA... \n", 45) = 45
13863 time(NULL) = 1196356708
13863 write(5, "\nChecking validity...\n", 22) = 22
13863 time(NULL) = 1196356708
13863 write(2, "Got date from ticket.\n", 35) = 35
13863 time(NULL) = 1196356708
13863 time(NULL) = 1196356708
13863 write(2, "Cur time = 200711291718.\n", 25) = 25
13863 time(NULL) = 1196356708
13863 write(2, "Computing validity in hours.\n", 29) = 29
13863 time(NULL) = 1196356708
13863 write(2, "Computing validity in minutes.\n", 31) = 31
13863 time(NULL) = 1196356708
13863 write(2, "CurTime_t = 1196443080, CreTime_t = -496601312 \n", 48) = 48
13863 time(NULL) = 1196356708
13863 write(2, "validity: 216000, difference: 1693044392.000.\n", 46) = 46
13863 time(NULL) = 1196356708
13863 write(5, "Ticket Validation Error: expired.\n", 34) = 34
13863 time(NULL) = 1196356708
and so on.

SSO using WEBGUI (through ITS) to backend R/3 doesnt work

Hello All,
We are using NW04 SP14 and trying to achieve SSO through login tickets to backend R/3 System (4.7).
So far I got it right through WIN GUI but through WEB GUI it doesnt work.
We did set ~mysapcomusesso2cookie = 1; ~login and ~password as empty in the global.srvc file on the ITS server.
When I use the WEB GUI, it shows me the ITS Login page asking for Login and password.
I also checked the cookie by using "javascript:document.cookie", this is what i got:
"saplb_*=(J2EE4017100)4017150; PortalAlias=portal; JSESSIONID=(J2EE4017100)ID0757548650DB10548473283783783936End; MYSAPSSO2=AjExMDAgAA5wb3J0YWw6d2RheWFuZIgAE2Jhc2ljYXV0aGVudGljYXRpb24BAAdXREFZQU5EAgADMDAwAwADRU5QBAAMMjAwNjAxMTgxNzQxBQAEAAAACAoAB1dEQVlBTkT%2FAPUwgfIGCSqGSIb3DQEHAqCB5DCB4QIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYHBMIG%2BAgEBMBMwDjEMMAoGA1UEAxMDRU5QAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNjAxMTgxNzQxMzZaMCMGCSqGSIb3DQEJBDEWBBQtYG1bqNgV1TVHdWuzdb%2FGA%2BVV4TAJBgcqhkjOOAQDBC8wLQIVANL17BTacNfsQ8TEbLaBIVBvR2EiAhQPfWyw2s8lAX2qVgEq7%2BHrVpsmSw%3D%3D"
This shows that cookie is being generated by Portal.
These are the entries in the global.srvc file:
~appserver server5 (R/3)
~clientcert 1
~cookies 1
~disconnectonclose 1
~dontshowaccessibilityonlogin 1
~ewt_statichelp 1
~exiturl
~hostsecure serverits
~hostunsecure serverits
~language EN
~languages EN
~login
~logingroup
~messageserver
~multiinstanceservices 1
~password
~portsecure 443
~portunsecure 80
~routestring
~runtimemode dm
~systemname DEV
~systemnumber 00
~theme 99
~timeout 15
~urlarchive /scripts/sapawl.dll
~urlimage /sap/its/graphics
~urlmime /sap/its/mimes
~usertimeout 1
~xgateway sapdiag
~xgateways sapxgadm,sapdiag,sapxgwfc,sapxginet,sapextauth
~mysapcomusesso2cookie 1
Can you guyz guide me to get this done ?
Thanks in advance.

I got it. I accessed the portal by using:
http://myportal.companyname.com:50000/irj and it started working. But when i use http://myportal:50000/irj it doesnt work.
So in future do I need to use http://myportal.companyname.com:50000/irj to access the portal?
Can someone tell me the reason why it does it ?

Crossfade doesnt work and glitches between songs with update 7.7

Well, apple has made it again. It seems apple has been very busy with its little iphone toy that It forgot its principal product: computers and software. I am still furious because the last ipod update makes my ipod pause radnomly and now the last Itunes update ***** too. Since this update crossfader doesnt work properly anymore. In fact there´s no crossfade just an annoying gap and glitch between songs. Even if I turn the crossfader off. Why apple? why? You ****** me off already!

We are not Apple we are users like you press power button & menu button hold both down until you see Apple Logo
then wait you will not lose any data also turn you modem off for 30 seconds then after modem has started up
try to connect iPhone .
bsydd uk

SSO to R3 not working after system copy

Hi Experts,
Recently our QA R3 client XXX was deleted and the whole system was rebuild using system copy of client ZZZ of R3 production. Now we had to reconfigure the SSO between portal and QA R3 with the new client.
But it is not working. It was found that the QA R3's own self signed certificate shows CN=ERP (same as R3 Prod) and not ERU as it should have been. We changed the CN value to ERP,in Visual Admin (Services ->key storage , Ticket ). Still the result is same.
How to re-generate the self signed certificate in R3 with CN=ERU ?
or a workaround for this problem.
Regards
Jimmy

HI Jayendra
Recreate the saplogonticketkeypair following the procedure outlined here
http://help.sap.com/saphelp_nw70/helpdata/en/75/c80b424c6cc717e10000000a155106/content.htm
Then you can export the SAPLogonticketkeypair-cert (public key certificate) of the Java AS and import it into the target ABAP system
Important: the following two steps must be done in the ABAP client that will receive the logon tickets i.e the ABAP client that the component/application on the Java AS is configured to connect to e.g the client specified in the portal iview properties or the client specified in a Web Dynpro JCo Destination
(1) Import the public-key certificate of the Java AS into the ABAP systems certificate list using transaction STRUSTSSO2
(2) Add the certificate to access control list
When adding the certificate to the ACL the SID should be set to the SID of the ticket issuing Java AS and the client should be set to the client that the Java AS is writing to the logon tickets i.e the value of login.ticket_client in the Java AS
Remember, in an Add-In installation, where the system IDs are the same, you must change the default client for the J2EE Engine (000) to a client that does not exist on the SAP Web AS ABAP system e.g change login.ticket_client to 999
See: http://help.sap.com/saphelp_nw70/helpdata/en/cb/ac3d41a5a9ef23e10000000a155106/content.htm
The reason for this change is that the system ID and client combination must be unique when tickets are to be accepted by an SAP Web AS ABAP system
By the way it is better to start a new thread with your question rather than bumping a thread that was already set to 'answered'

SSO between custom C++ application and web browser

Hello.
I have a bit of problems figuring out how to do SSO functionality between a Browser and a custom client (custom protocol over HTTP).
I want it to work as follows: If the user logs in in the HTTP client, the user is already logged in in the custom client, and vice versa.
I thought this could be implemented my reading and writing cookie values from the browser in my custom client, but it seems like the cookies set are all without expiration. IE handles these cookies private in a process, and so I can't get a hold of it.
How do I implement SSO between clients if I can't base it on cookie values?
Regards
Kyrre.

Any comment?

SSO between ITS 620 R/3 and EP

Hi,
I need to use ITS 620 for R/3 4.7 and EP 6.0 for ess/mss implementation
I have to configure SSO between R/3 and EP.
Do I also need to configure SSO between ITS and R/3 , ITS and EP also for this?
If yes can any one tell me the steps in configuring SSO between ITS and R/3, ITS and EP ?
advance thanks,
PK

UPDATE:
I have installed a portal (SAp netweaver 7.0 Java stack) and have connected it to a ECC6.0 SR3 backend and I needed only to configure the SSO between portal and backend abap instance, and all worked fine. There was no need to configure the SSO between the integrated ITS and abap instance.
About the error message mentioned in my previous forum entry:
I did not only do the steps for SSO between portal and backend as described in the blog "Configuring the Business Package for Employee Self-Service (ESS)", but I also did all the additional steps as mentioned in "10 golden rules of SSO".
After that the error message "SSO logon not possible; logon tickets not activated on the server" did not appear anymore. (Instead a screen that asks for username and password always appears with the warning "No switch to HTTPS occurred, so it is not secure to send a password". But I think that's ok.)

SSO between EP and ECC-- JCo RFC Provider- Error-- JCO_ERROR_SERVER_STARTUP

Hello Everyone
I am setting Up SSO between my EP 7.0 and my ECC 6.0 system. During the phase JCO RFC PRovider i am giving the following values:
The following was done;
1. start Visual Administrator -> Service : Choose JCo RFC Provider
2. Created JCo RFC provider:
Program ID: SAPJ2EE_Port
Gateway host: EPDEV ( host of my EP System)
Gateway service: sapgw00
Server Count 5
Application Server Host: ERP6 ( Host of my ECC System)
System Number: 00
Client: 000
Language: EN
User: SAPJSF
Password: ..
When i click on SET i am getting the error " ERROR When ADDING TO BUNDLE" Check LOG FOR DETAILS".
I checked the DEFAULTTRACE.TRC and get the following MEssage :
Date , Time , Message , Severity , Category , Location , Application , User
03/01/2011 , 3:33:30:101 , Error changing bundle SAPJ2EE_PORT , Error , /System/Server , com.sap.engine.services.rfcengine.RFCRuntimeInterfaceImpl.addBundle(BundleConfiguration conf) , , Administrator
03/01/2011 , 3:33:30:085 , com.sap.mw.jco.JCO$Exception: (129) JCO_ERROR_SERVER_STARTUP: Server startup failed at Tue Mar 01 03:33:30 PST 2011.
This is caused by either a) erroneous server settings, b) the backend system has been shutdown, c) network problems. Will try next startup in 1 seconds.
Could not start server: Connect to SAP gateway failed
Connect parameters: TPNAME=SAPJ2EE_PORT GWHOST=EPDEV GWSERV=sapgw00
ERROR       partner 'EPDEV:sapgw00' not reached
TIME        Tue Mar 01 03:33:30 2011
RELEASE     700
COMPONENT   NI (network interface)
VERSION     38
RC          -10
MODULE      nixxi.cpp
LINE        2823
DETAIL      NiPConnect2
SYSTEM CALL connect
ERRNO       10061
ERRNO TEXT WSAECONNREFUSED: Connection refused
COUNTER     1
I have configured my SLD as well. Any suggestions. Please Advise.

Hi Ahmed,
Please do check the validity of the certificate.
Please do cross check these steps again.
1.     Transaction u2013 STRUSTSSO2 (Trust Manager for Logon Ticket)
2.     Double Click Owner certificate. It gets reflected under the certificate tab.
3.                  Choose Format Binary
4.                  Choose File Path.
5.                  Enter the File Name
6.                 saved in local drive.
You can import into portal as x.509 certificate.
check this thread -
Certificate no longer has signature (use restriction)
Renew certificate via SAP MarketPlace, and install from tcode slicense. If you are working on a trial version, there is a SAP license request application form. Fill the form with the hardware key. you will get the new license via email. Install using slicense. Then try exporting the certificate.
Thanks,
Divya
Edited by: Divya V on Mar 10, 2011 11:25 AM

SSO between EP and GRC systems

Hi,
We have EP 7.0 and GRC 5.3 systems in our landscape. In the login page of the portal, we have a link configured to the GRC system to use the Compliant User Provisioning application.
On clicking the GRC link for accessing CUP, the user is prompted to enter the username and password to login to the GRC system. In our landscape both the EP and GRC systems have the ECC ABAP system as the UME and hence the user credentials are exactly the same for both EP and GRC systems for a particular user.
I would like to avoid another logon for the user in GRC as he has already logged in with the same user credentials in EP system.This, i believe is achieved through SSO but i'm not sure about configuring SSO between two Java systems.
Please help me in the configuration.
Regards,
Ragav

Ragav_ss wrote:
Everything is working fine when i click User Logon link in GRC system which comes up through the link from EP. The SSO is working fine there. But when i click Request Access or Request Status link, the SSO does not work.
Any clues.
GRC version is 5.3 SP 12
Did you ever get that resolved? I'm having the same problem with 5.3 SP 15.
Regards,
Sean

SSO between BI,CE7.1 ENH1 and BOE 3.1

Hi All,
Our requirement is to do SSO between BI,CE7.1 ENH1 and BOE 3.1. In the BO Integration Kit documentation, it has mentioned trusting the systems between BI and BO and SSO configuration between EP and BO.
I have performed all the steps given in the document even in CE Portal and SSO between CE and BO is not working. In further research, I can find in NWA, the JAVA EE Application u201Ccom.businessobjects.pct.masteriview.paru201D is in explicit stop mode and it is not starting even I try to do manually or restarting the server. Below is the log which states the following for not starting the service
[ERROR CODE DPL.DS.5035] Application [sap.com/com.businessobjects.pct.masteriview] cannot be started. Reason: it has hard reference to resource [jcoclient] with type [SAPPORTAL], which is not active on the server. Hint: 1) Is referred resource deployed? 2) Is referred resource able to start?
Not sure which resource it is looking for and need expertise on the same..Earliest response is highly appreciated.
Thanks,
PradeeP

HI,
please make sure you check the supported SAP J2EE versions for BusinessObjects here : http://service.sap.com/bosap-support and also remember that the integration is for the portal and you are using CE.
ingo

SSO between SAP Portal 7.3 and Ruby on Rails

Hello Everyone,
We are planning to integrate SAP Portal 7.3 and a RoR application and I am wondering If someone can share some experience (If you have any of course) on how to establish SSO between SAP Portal and RoR.
The SAP Portal will act as service provided and RoR as a consumer, we don't have LDAP, so the Portal UME is in ABAP and RoR uses an own UME database. We have SSO between our Portal and SAP Backend systems.
In RoR customers will have access to their own information (Invoices, etc..) that will be provided by the backend system.
URL transaction and iFrames is not an option for us.
The second option is to call Web Services, directly or through the SAP Portal (we are using a central sr).
I am a NetWeaver consultant who heard about RoR but have no experience in this field.
All help and tips are greatly appreciated!.
Regards,
Ridouan

We used Client certificates. Still working on the PoC.

SSO between Portal and Java WD application

Hi Experts,
I am using CE 7.2 on localhost and I am very new to SAP.
I need to know how can I get SSO between Portal and Java WD. I have a WD application that displays the logged in user using "IUser currentUser = WDClientUser.getCurrentUser().getSAPUser()", as well I can use "IUser user = UMFactory.getAuthenticator().getLoggedInUser()". Both work.
Q1. What is the difference in the 2 above?
Q2. My WD application is set to authenticate user. The WD application is in URL iView. I need SSO between Portal and WD application. Is there a way to get this SSO without SAP Backend (ECC), for now I just need SSO between Portal and Java WD appl.
Everything is in localhost.
Please advice. Thanks.

> need to know how can I get SSO between Portal and Java WD.
Then I suggest you ask your question in the Web Dynpro Java forum instead of the Web Dynpro ABAP one.

SSO between SAP EP and JAVA app on WebSphere Application Server 5.1

Hi. I have 2 questions.
I am implementing SAP EP6 and need to display content from a WebSphere JAVA application inside the portal. The application is currently running on WAS 5.1.
1. Does anyone have any sample code or documentation regarding how to pass the SAP logon ticket to WebSphere JAVA application to accomplish SSO when inside the portal?
2. Does anyone have any sample code or documentation regarding how to pass the SAP logon ticket to WebSphere JAVA application to accomplish SSO when outside the SAP EP, but still within the same IE browser window where the SAP logon ticket exists?
Thanks for any feedback you could provide.

Hello Kevin,
please look here: https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/nw/ibm/how to set up sso between sap enterprise portal and ibm websphere portal using tai.pdf
Regarding your second questions: as long as you did not log off from SAP EP your browser hosts the SAP Logon Ticket cookie (within its timeframe of validity which is typically a couple of hours). So if you access a non SAP application that accepts SAP logon ticket with your browser, you're authenticated.
Please note that the cookie based authentication only works withing the same DNS domain. So if your SAP EP is configured to issues the SAP logon ticket to "company.com" then your browser sends it only to servers in that domain.
Regards
Michael

Is it possible to have SSO between R/3 4.6 and Enterprise Portal 7?

I am trying to configure an R/3 transaction between R/3 4.6 and SAP EP 7.0. I have fulfilled all of the requirements for configuring SSO between Portal and R/3. I guess it is the ITS server that is running on a Windows machine. When I run the iView it gives me the logon screen of the WebGui service on ITS asking for user name and Password. Please help.

I am having also the same issue. 
Our existing portal 6.0 via ITS 6.20 to 4.6C backend SSO is working fine. 
However we just installed SAP NW Portal 7.0 and like to connect via ITS 6.20 to 4.6C using same configuration.
I configure the SSO and make sure things is there. It still does not working and keep asking for username and password. 
I configure another iView and use SAP GUI for Windows with test tcode SP02 and preview it, I could automatically connect to the system with SP02 screen. 
I wonder for this case the SSO does not work via ITS 6.20 whereas iView with SAP GUI for Windows work perfectly. 
The trace I get for SSO via ITS 6.20 is just one line 
Y Thu Oct 15 06:31:16 2009
Y *** ERROR => multiple DiagSetGuiConnectData call [diagext.c 584] 
The trace I get for iVIew with SAP GUI for Windows is as follow: 
Y Thu Oct 15 08:15:09 2009 
Y *** ERROR => multiple DiagSetGuiConnectData call [diagext.c 584] 
N conv_lang_iso2sap : no conversion necessary 
N dy_set_sso_ticket: SSO logon data stored 
D *** ERROR => invalid APPL header [diagext.c 1024] 
D *** ERROR => 16 [diagext.c 1025] 
D *** ERROR => id 4 [diagext.c 1026] 
D *** ERROR => sid 23 [diagext.c 1027] 
D *** ERROR => invalid APPL header [diagext.c 1024] 
D *** ERROR => 16 [diagext.c 1025] 
D *** ERROR => id 4 [diagext.c 1026] 
D *** ERROR => sid 22 [diagext.c 1027] 
N syssigni: SSO logon data retrieved 
N dy_signi_ext: SSO TICKET logon (client 300) 
N mySAPUnwrapCookie was called. 
N RunningCompatibly said: I'm >= 46C. 
N mySAP: Got the following SSF Params: 
N DN =CN=PRD 
N EncrAlg=DES-CBC 
N Format =PKCS7 
N Toolkit = 
N HashAlg =SHA1 
N Profile =/usr/sap/TRN/DVEBMGS30/sec/SAPSYS.pse 
N PAB =/usr/sap/TRN/DVEBMGS30/sec/SAPSYS.pse 
N Got the codepage 6300. 
N Got ticket (head) AjExMDAgAAtwb3J0YWw6c2Zvb4gAE2Jhc2ljYXV0. Length = 524. 
N Got content client = 000. 
N Got content sysid = PEP . 
N Got date 200910151442 from ticket. 
N Cur time = 200910151515. 
N Computing validity in hours. 
N Computing validity in minutes. 
N CurTime_t = 1255706100, CreTime_t = 1255704120 
N validity: 28800, difference: 1980.000. 
N MskiValidateTicket returns 0. 
N DyISigni: client=300, user=SFOO , lang=E, access=A, auth=T 
N usrexist: effective authentification method: mySAP.com logon ticket 
N password logon is generally enabled (default) 
N password change not required (expiration period=0 / days gone=46) 
N usrexist: update logon timestamp (M) 
N save user time zone = >PST < into spa 
N syssigni: SSO logon data released (roll area) 
N syssigni: detected workplace context 
N DyISignR: return code=0 (see note 320991) 
Anyone have any ideas or comment ? 
Edited by: Steven Foo on Oct 15, 2009 5:19 PM

How to Set Up SSO Between IBM WebSphere and SAP EP Using JAAS

Hi
I have read the article on SDN called "How to Set Up SSO Between IBM WebSphere and SAP EP Using JAAS", which is also the name of my posting.
The reason why I post this is that I've tried to follow the links in the PDF to get the file WebsphereEpSsoLib.zip but I get an error 403, which tells me that the file is not there.
Does anybody know where this file went or can somebody tell me an alternative place to get this file?
Jacob

Please open the associated whitepaper, and you can find the download link to the .ZIP file on page 4.
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/ibm/how to set up single sign-on between an ibm websphere portal and the sap enterprise portal using jaas.pdf
Hope that works!
Elise

SSO between FPN doesnt work

Similar Messages

Maybe you are looking for