SSO between ITS and EP

Similar Messages

• SSO between ITS 620 R/3 and EP

  Hi,
  I need to use ITS 620 for R/3 4.7 and EP 6.0 for ess/mss implementation
  I have to configure SSO between R/3 and EP.
  Do I also need to configure SSO between ITS and R/3 , ITS and EP also for this?
  If yes can any one tell me the steps in configuring SSO between ITS and R/3, ITS and EP ?
  advance thanks,
  PK

  UPDATE:
  I have installed a portal (SAp netweaver 7.0 Java stack) and have connected it to a ECC6.0 SR3 backend and I needed only to configure the SSO between portal and backend abap instance, and all worked fine. There was no need to configure the SSO between the integrated ITS and abap instance.
  About the error  message mentioned in my previous forum entry:
  I did not only do the steps for SSO between portal and backend as described in the blog "Configuring the Business Package for Employee Self-Service (ESS)", but I also did all the additional steps as mentioned in "10 golden rules of SSO".
  After that the error message "SSO logon not possible; logon tickets not activated on the server" did not appear anymore. (Instead a screen that asks for username and password always appears with the warning "No switch to HTTPS occurred, so it is not secure to send a password". But I think that's ok.)

• SSO between Portal and Nakia.....problem with SSO... library not found..

  Hi Sdn's  and Nakisa tehnical experts,
  We have a Portal environment 7.02 , a Nakisa environment 3.0  (CE) and and HR backend environment 701 (604).
  We are busy setting up SSO between Portal and Nakisa via the, URL iview for the Org chart (http://<host>:<port>OrgChart/default.jsp).
  We have done as indicated in wiki:
  http://wiki.sdn.sap.com/wiki/display/ERPHCM/SAPSSOAuthenticationwithverify.pseusingSAPSSOEXT
  We are however stil having issues with the SSO and in the cds.log the following is being displayed:
  ++01 Aug 2011 13:11:42 ERROR com.nakisa.Logger  - com.mysap.sso.SSO2Ticket : Could not load library: sapsecu.dll - java.lang.Exception: MySapInitialize failed: rc= 14null++
  ++01 Aug 2011 13:11:42 ERROR com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 9, ssf error= 0++
  ++01 Aug 2011 13:11:42 ERROR com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Internal error (9) - No SSF error (0)++
  Can someone indicate what I am doing wrong?
  Regards Dries

  Hi Luke,
  thanks a lot for your help so far.
  I have created a root/XML folder under the diretory, and the path is now as follows:
  K:\usr\sap\NKP\J14\j2ee\cluster\apps\Nakisa\OrgChart\servlet_jsp\OrgChart\root\.system\Admin_Config\__000__Sasol_DEV_LIVE\.delta\root\XML
  It seems like it finds the verify.pse, but not the library, sapsecu.dll.
  My credentials.xml file is as follows:
  <credentials>
  <assembly name="SapSso"/>
    <info>
      <item name="PseFilePath">XML\verify.pse</item>
      <item name="SsfLibFilePath">XML\sapsecu.dll</item>
      <item name="PsePassword"></item>
      <item name="WindowsPlatform">64</item>
      <item name="TicketFile"></item>
      <item name="Base64decode">true</item>
     </info>
  </credentials>
  I however stilll get the following in the cds.log
  15 Aug 2011 13:59:53 INFO  com.nakisa.Logger  - Tenant ID: 000
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - LoginSettingsObject Load: 1719
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Credential provider SapSso
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Using cert: K:\usr\sap\NKP\J14\j2ee\cluster\apps\Nakisa\OrgChart\servlet_jsp\OrgChart\root\XML\verify.pse
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Ticket is: AjExMDAgAA9wb3J0YWw6eXNzZWxhZ2OIABNiYXNpY2F1dGhlbnRpY2F0aW9uAQAIWVNTRUxBR0MCAAMwMDADAANEUDkEAAwyMDExMDgxNTExNDcFAAQAAAAICgAIWVNTRUxBR0P%2FAQQwggEABgkqhkiG9w0BBwKggfIwge8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGBzzCBzAIBATAiMB0xDDAKBgNVBAMTA0RQOTENMAsGA1UECxMESjJFRQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTEwODE1MTE0NzIwWjAjBgkqhkiG9w0BCQQxFgQUK13ubzFiQrY4H%2FLRk2ysyvPSvccwCQYHKoZIzjgEAwQuMCwCFF1W9d!tAjLvP8dnb1bs4XghaHSBAhQ9kd9N!bJubUWITtkzU!za96lxNg%3D%3D
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Version of SAPSSOEXT: SAPSSOEXT 4
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : SCUE LIB base path is:
  15 Aug 2011 13:59:55 ERROR com.nakisa.Logger  - com.mysap.sso.SSO2Ticket : Could not load library: sapsecu.dll - java.lang.Exception: MySapInitialize failed: rc= 14null
  15 Aug 2011 13:59:55 ERROR com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 9, ssf error= 0
  15 Aug 2011 13:59:55 ERROR com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Internal error (9) - No SSF error (0)
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : User to authenticate null
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Authentication provider SapSso
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : User authenticated null
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Authentication row is {SapSsoTicket=AjExMDAgAA9wb3J0YWw6eXNzZWxhZ2OIABNiYXNpY2F1dGhlbnRpY2F0aW9uAQAIWVNTRUxBR0MCAAMwMDADAANEUDkEAAwyMDExMDgxNTExNDcFAAQAAAAICgAIWVNTRUxBR0P%2FAQQwggEABgkqhkiG9w0BBwKggfIwge8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGBzzCBzAIBATAiMB0xDDAKBgNVBAMTA0RQOTENMAsGA1UECxMESjJFRQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTEwODE1MTE0NzIwWjAjBgkqhkiG9w0BCQQxFgQUK13ubzFiQrY4H%2FLRk2ysyvPSvccwCQYHKoZIzjgEAwQuMCwCFF1W9d!tAjLvP8dnb1bs4XghaHSBAhQ9kd9N!bJubUWITtkzU!za96lxNg%3D%3D}
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : User population provider is Database
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - FunctionRunner : ensurePool : Current pool size:0
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - FunctionRunner : ensurePool : Current pool size:0
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - FunctionRunner.executeFunctionDirect: /NAKISA/RFC_REPORT took: 266ms
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - BAPI_SAP_OTFProcessor_Report :  WhereClause : ( (Userid is null) or (Userid='') ); Table : (SAP_UserPopulation); Dataelement : (UserPopulationInfo)
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : User populated
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Role mapping provider is: SAP
  15 Aug 2011 14:00:00 ERROR com.nakisa.Logger  - SAPRoleMapping_SAP.MapRoles() : while trying to invoke the method java.lang.String.toUpperCase() of an object loaded from local variable 'value'
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Login process finished with errors
  Any ideas? Should I maybe hardcode the location in the credentials.xml?
  Kind regards
  Dries Yssel

• SSO between Portal and Java WD application

  Hi Experts,
  I am using CE 7.2 on localhost and I am very new to SAP.
  I need to know how can I get SSO between Portal and Java WD.  I have a WD application that displays the logged in user using "IUser currentUser = WDClientUser.getCurrentUser().getSAPUser()", as well I can use "IUser user = UMFactory.getAuthenticator().getLoggedInUser()".  Both work.
  Q1. What is the difference in the 2 above?
  Q2. My WD application is set to authenticate user.  The WD application is in URL iView.  I need SSO between Portal and WD application.   Is there a way to get this SSO without SAP Backend (ECC), for now I just need SSO between Portal and Java WD appl.
  Everything is in localhost.
  Please advice. Thanks.

  > need to know how can I get SSO between Portal and Java WD.
  Then I suggest you ask your question in the Web Dynpro Java forum instead of the Web Dynpro ABAP one.

• Setting up SSO between EP and back-end SAP systems

  Can anybody give me some insight about setting up SSO between EP and back-end SAP systems. If possible some links to write up would be great.
  Thanu

  Hi,
  This link gives you a detailed information on setting up SSO : http://help.sap.com/saphelp_nw04/helpdata/en/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
  Some How-guides:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e676ec90-0201-0010-cfa3-90b7c1291903
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/77378b3d-0b01-0010-ffa5-c6941e286c43
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/80fbc690-0201-0010-1aba-93d5c8232b4a
  Regards,
  Sunil

• Different ways to establish SSO between Portal and ADP

  Hi,
  We are implementing payroll with the help of ADP.
  Please let me know different ways of establishing SSO between portal  and ADP
  Thanks
  Bala Duvvuri

  You may a few issues. SSO with logon tickets is based on accessing web sites in the same domain. So, if the portal is on http://ourportal.company.com, then the web site being accessed needs to have a URL like http://adphosted.company.com. Is the ADP system accessible by a DNS alias that is within company.com? If so, you're OK. If not, then there will be problems.
  The other SSO method is user mapping, but the security implications are not good...

• Difference between ITS and WAS server

  difference between ITS and WAS server

  Hello Pradeep,
  The ITS is the Internet Transaction Server.  WAS is Web Application Server.  I'm not sure how to compare the two because the WAS from Basis 6.40 and higher includes the ITS.  I think the question you wanted to ask is the difference between the Standalone ITS and the Integrated ITS???
  The Standalone ITS is installed on a web server (IIS or Apache usually).  It could also include another server that we call the AGate. 
  The Integrated ITS comes with the WAS Basis 6.40 and higher.  Therefore not needing a separate web server.
  There is also a note that lists some differences of the two.
  Edgar

• Difference between ITS and Web Application Server

  Hi All,
     What is ITS server. Can anyone explain me the difference between ITS and WAS(Web Application Server)
  Thanks
  Harpreet

  Hi Harpreet:
  ITS is basically the tool that allow you to use SAP via http. Theres lots of info about <a href="http://help.sap.com/saphelp_nw04/helpdata/en/0d/654d356560054ce10000009b38f889/frameset.htm">ITS</a> or <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/5f/0ef441ad7bc417e10000000a155106/frameset.htm">WebAS with Integrated ITS</a>
  The ITS is a standalone application connected to R3 via RFC connection, In the SAP WebAS the ITS is integrated to the system.
  Hope this help!
  Juan
  PS: Please reward with points if helpful

• SSO between EP and ECC-- JCo RFC Provider- Error-- JCO_ERROR_SERVER_STARTUP

  Hello Everyone
  I am setting Up SSO between my EP 7.0 and my ECC 6.0 system. During the phase JCO RFC PRovider i am giving the following values:
  The following was done;
  1. start Visual Administrator -> Service : Choose JCo RFC Provider
  2. Created JCo RFC provider:
  Program ID: SAPJ2EE_Port
  Gateway host: EPDEV ( host of my EP System)
  Gateway service: sapgw00
  Server Count 5
  Application Server Host: ERP6 ( Host of my ECC System)
  System Number: 00
  Client: 000
  Language: EN
  User: SAPJSF
  Password: ..
  When i click on SET i am getting the error " ERROR When ADDING TO BUNDLE" Check LOG FOR DETAILS".
  I checked the DEFAULTTRACE.TRC and get the following MEssage :
  Date , Time , Message , Severity , Category , Location , Application , User
  03/01/2011 , 3:33:30:101 , Error changing bundle SAPJ2EE_PORT , Error , /System/Server , com.sap.engine.services.rfcengine.RFCRuntimeInterfaceImpl.addBundle(BundleConfiguration conf) ,  , Administrator
  03/01/2011 , 3:33:30:085 , com.sap.mw.jco.JCO$Exception: (129) JCO_ERROR_SERVER_STARTUP: Server startup failed at Tue Mar 01 03:33:30 PST 2011.
  This is caused by either a) erroneous server settings, b) the backend system has been shutdown, c) network problems. Will try next startup in 1 seconds.
  Could not start server: Connect to SAP gateway failed
  Connect parameters: TPNAME=SAPJ2EE_PORT GWHOST=EPDEV GWSERV=sapgw00
  ERROR       partner 'EPDEV:sapgw00' not reached
  TIME        Tue Mar 01 03:33:30 2011
  RELEASE     700
  COMPONENT   NI (network interface)
  VERSION     38
  RC          -10
  MODULE      nixxi.cpp
  LINE        2823
  DETAIL      NiPConnect2
  SYSTEM CALL connect
  ERRNO       10061
  ERRNO TEXT  WSAECONNREFUSED: Connection refused
  COUNTER     1
  I have configured my SLD as well. Any suggestions. Please Advise.

  Hi Ahmed,
  Please do check the validity of the certificate.
  Please do cross check these steps again.
  1.     Transaction u2013 STRUSTSSO2 (Trust Manager for Logon Ticket)
  2.     Double Click Owner certificate. It gets reflected under the certificate tab.
  3.                  Choose Format Binary
  4.                  Choose File Path.
  5.                  Enter the File Name
  6.                 saved in local drive.
  You can import into portal as x.509 certificate.
  check this thread -
  Certificate no longer has signature (use restriction)
  Renew certificate via SAP MarketPlace, and install from tcode slicense.  If you are working on a trial version, there is a SAP license request application form. Fill the form with the hardware key. you will get the new license via email. Install using slicense. Then try exporting the certificate.
  Thanks,
  Divya
  Edited by: Divya V on Mar 10, 2011 11:25 AM

• SSO between BW and Sharepoint

  Hi,
  We have a situation where we want to establish SSO between SAP BW (3.5 with out java stack running on UNIX machine) and MS Sharepoint server.
  Can you kindly let me know what could be the best solution and any documentation?
  I've looked at various docs and mostly all are boiling down to have a Java Stack. I'm unable to figure out a correct solution for the above scenario.
  Thanks and regards
  Aarthi

  Hi Andre,
  We have Windows NTLM (not kerberos) enabled for IWA to logon to Sharepoint portal.
  Thanks and regards
  Aarthi

• SSO between EP and GRC systems

  Hi,
  We have EP 7.0 and GRC 5.3 systems in our landscape. In the login page of the portal, we have a link configured to the GRC system to use the Compliant User Provisioning application.
  On clicking the GRC link for accessing CUP, the user is prompted to enter the username and password to login to the GRC system. In our landscape both the EP and GRC systems have the ECC ABAP system as the UME and hence the user credentials are exactly the same for both EP and GRC systems for a particular user.
  I would like to avoid another logon for the user in GRC as he has already logged in with the same user credentials in EP system.This, i believe is achieved through SSO but i'm not sure about configuring SSO between two Java systems.
  Please help me in the configuration.
  Regards,
  Ragav

  Ragav_ss wrote:
  Everything is working fine when i click User Logon link in GRC system which comes up through the link from EP. The SSO is working fine there. But when i click Request Access or Request Status link, the SSO does not work.
  Any clues.
  GRC version is 5.3 SP 12
  Did you ever get that resolved? I'm having the same problem with 5.3 SP 15.
  Regards,
  Sean

• SSO Between EP  and R/3 6.4

  Hi,
  I am trying to implement SSO between SAP EP 6.0 and SAP R/3 6.4 using logon tickets.
  I've downloaded the .pse and .der files from Portal,uploaded the .pse in the backend system,added it to the ACL,but when i tried to test the connection in portal using system admin->system configuration->UM configuration->SAP system
  i am getting an error----
  (System ID): com.sap.mw.jco.JCO$Exception: (101) RFC_ERROR_PROGRAM: 'mshost' missing
  (System ID & System Number): com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to SAP gateway failed Connect_PM TYPE=A ASHOST=ctsgvcsap3 SYSNR=03 GWHOST=ctsgvcsap3 GWSERV=sapgw03 PCS=1 LOCATION CPIC (TCP/IP) on local host with Unicode ERROR service '?' unknown TIME Thu Feb 23 16:24:39 2006 RELEASE 640 COMPONENT NI (network interface) VERSION 37 RC -3 COUNTER 2
  Where am i going wrong?Please help.
  If anyone is having detailed documentation please forward the same.
  Thanks in advance
  SwarnaDeepika.
  Message was edited by: SwarnaDeepika

  Hi Swarna
  the procedure for importing portal certificate in r3 system i already mentioned
  u have a  authorization for strustsso2 on r3 system
  ask for that to basis person or done with their id
  after importing portal certificate into r3 system u have to restart the r3 system no need to restart the portal system
  and make sure for SSO  both portal and R3 system are in same domain.
  i.e
  sapr3.mydomain.com
  portal.mydomain.com
  if not u have to specify the DNS entry for that by creating alias.
  regards,
  kaushal

• Error in SSO between Portal and IDM

  Hi All,
  In my scenario i need to configure the IDM workflow in portal and do SSO between them. I followed the steps given in IDM-Workflow installation document and did following things.
  1. Uploaded the par file available in IDM installation kit in to portal.
  2. Imported the Portal Content package (epa file) in to portal.I got the role Identity Center in my masthead.
  3. Created System as said in the document.
  4. Completed the necessary steps for transporting certificate between them.
  But when click on the role 'Identy Center' or do preview of any iViews of IDM i am getting the following error.
  Portal runtime error.
  An exception occurred while processing your request. Send the exception ID to your portal administrator.
  Exception ID: 05:58_06/12/08_0860_1657450
  Refer to the log file for details about this exception.
  Here is my default trace log for that exception id.
  #1.5 #0019BBDC2B650079000000440000161C00045D5E6D4D111F#1228560048914#com.sap.portal.portal#sap.com/irj#com.sap.portal.portal#tventhan#24261##n/a##e764b200c37c11ddca800019bbdc2b65#SAPEngine_Application_Thread[impl:3]_16##0#0#Error#1#/System/Server#Java###Exception ID: 05:58_06/12/08_0860_1657450
  [EXCEPTION]
  #1#com.sapportals.portal.prt.component.PortalComponentException: Error in service call of Portal Component
  Component : pcd:portal_content/com.sap.idm/iviews/workflow/com.sap.idm.workflow.home_overview
  Component class : com.sapportals.portal.sapapplication.SAPApplicationIntegratorComponent
  User : xxxxx
       at com.sapportals.portal.prt.core.PortalRequestManager.handlePortalComponentException(PortalRequestManager.java:973)
       at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:343)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
       at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:215)
       at com.sapportals.portal.prt.pom.PortalNode.service(PortalNode.java:645)
       at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
       at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:753)
       at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)
       at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:524)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:407)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  Caused by: com.sapportals.portal.prt.runtime.PortalRuntimeException: Exception in SAP Application Integrator occured: Unable to parse template &\#39;&lt;System.protocol&gt;://&lt;System.hostname&gt;/&lt;System.appcontext&gt;/welcome.php?SAPIDStore=&lt;System.idstore&gt;&amp;wf_portal=1&\#39;; the problem occured at position 38. Cannot process expression &lt;System.appcontext&gt; because Invalid System Attribute:
  System:    &amp;\#39;SAP_LocalSystem&amp;\#39;,
  Attribute: &amp;\#39;appcontext&amp;\#39;.
       at com.sapportals.portal.appintegrator.AbstractIntegratorComponent.doContentPass(AbstractIntegratorComponent.java:123)
       at com.sapportals.portal.appintegrator.AbstractIntegratorComponent.doContent(AbstractIntegratorComponent.java:98)
       at com.sapportals.portal.prt.component.AbstractPortalComponent.doPreview(AbstractPortalComponent.java:240)
       at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:168)
       at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114)
       at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
       ... 29 more
  Please help me to get rid of this issue.
  Thanks & Regards,
  Tamil K

  Hi Tamil,
  Please have a look in your log
  Exception in SAP Application Integrator occured: Unable to parse template &\#39;<System.protocol>://<System.hostname>/<System.appcontext>/welcome.php?SAPIDStore=<System.idstore>&wf_portal=1&\#39;; the problem occured at position 38. Cannot process expression <System.appcontext> because Invalid System
  Please check the above values in system properties which are in bold
  regards
  Anand.M

• Difference between ITS and web dynpro abap

  Hi Experts.
  Can any explain me what is the main difference between  EWT/ ITS and web dynpro abap. Basically i am going to developed some existing EWT in webdynpro ABAP , so i want to know what are the advantage of WD ABAP over ITS .
  Thanks in Advance.
  Satya

  Closing thread, thanks for your help.
  Thanks,
  Satya

• Problem SSO between VPN and NAC

  Hello
  Description of our problem : SSO doesn't work
  -on the first connexion from vpn client we insert two time the login and password :one time for the client vpn and the seconde time for CAA (clean Access agent).
  -although for the other connexion that succeed, we insert only one time the login and password (for vpn only) and for CAA the connexion is done automatiquely and a some hours later we reinsert two times login and password for vpn and CAA.
  The following steps are done to configure Cisco NAC Appliance to work with a VPN concentrator:
  Step 1 Add Default Login Page =ok
  Step 2 Configure User Roles and Clean Access Requirements for your VPN users =ok
  Step 3 Enable L3 Support on the CAS = ok
  Step 4 Verify Discovery Host =ok (CAS IP ADDRESS 192.168.2.11)
  Step 5 Add VPN Concentrator to Clean Access Server =ok (ASA IP ADDRESS 192.168.2.1)
  Step 6 Make CAS the RADIUS Accounting Server for VPN Concentrator =ok
  Step 7 Add Accounting Servers to the CAS (accounting server is CAM IP ADDRESS 192.168.20.10)
  Step 8 Map VPN Concentrator(s) to Accounting Server(s)=ok
  Step 9 Add VPN Concentrator as a Floating Device =ok
  Step 10 Configure Single Sign-On (SSO) on the CAS/CAM =ok
  the database for vpn authentication is cisco secure acs(192.168.1.30).
  Tanks to any anybody to give us a possible solution.
  FILALI Saad
  Ares Maroc

  Hi
  I have just gone the the same issues with SSO VPN with my CAS in real-ip mode.
  First thing to consider, when your testing, every time you test a user, make sure you go into the CAS or CAM and remove them as a certified device or active user before you perform your next test. I found that while I was testing that it would sometimes cache the user and I was getting successful auth attempts but due to their device being already accepted on a previous connection because the CAS was not made aware that the user had logged out correctly.
  1. Make sure you have a fully functional DNS system on the inside network, I didnt realize how important it was to have forward and reverse look ups for your CAS and CAM. Make sure that all CAS and cams are listed in dns with correct domain names.
  This in very important if your running your own CA certificates on cas and cam. Make sure that the CAM and CAS can resolve each other via dns. Make sure the CAM and CAS can perform reverse lookups of each other. Also make sure that when the user VPN's into your ASA that they can also perform DNS lookups and reverse lookups. If they cant perform dns look ups, you may need to temporarily allow the untrusted network full access while you resolve the DNS lookup problem on the client computer. One of the issues I had was that the VPN clients couldnt resolve internal DNS names and so the CCA agent would never auto pop-up and start the auto login process because it was trying to resolve the CAM name and also check that the CA certificate I had on the CAS was legitimate as I had used names in my certs and not IP addresses.
  2. Make sure your VPN group settings on the IPSEC policy of the ASA has DNS pointing to your internal DNS server.
  3. I know you already said you have done this but check to make sure that the VPN group setup on your ASA for your remote access users, has been setup with the radius accounting being directed the INSIDE interface IP address of your CAS, (if you are running your CAS in real-ip, I found that the inside interface was the only interface listening on 1813, do a 'netstat -an' on the cas to check) if your running in VGW mode then you only have 1 ip address to direct it to anyway.
  Follow from step 15 in following link
  http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a008074d641.shtml
  3. Troubleshoot and make sure that the ASA actually sends a radius accounting message to the CAS. I did this by ssh into the CAS and doing a 'tcpdump -i any src and not tcp 22'. I then logged into the VPN client and made sure that once I entered my vpn user and pass, that the ASA authenticates the vpn user and then passes a radius accounting message to the CAS informing the CAS it has allowed a new user. If you dont see this radius accounting message hit the CAS interface go back to my step 3 and resolve.
  4. Finally check that you have not mistyped a shared secret somwhere, ie between CAM and ACS, Between ASA and ACS, Between ASA and CAS. I had all my users authenticate though radius on my ACS server, a number of times I got caught out by a simple typo in a shared secret.
  Try these things first.
  Also someone else here on the forums linked this guide to me that also helped me setup my CAS correctly.
  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cas/s_vpncon.html
  You may find it useful too.
  Dale