SSO Portal worng access
Dear gurus:
I have problems with the SSO configuration for Portal. I have executed the Diagtool from Note 957666 - Diagtool for Troubleshooting Security Configuration and this is the result:
<!LOGHEADER[START]/>
<!HELP[Manual modification of the header may cause parsing problem!]/>
<!LOGGINGVERSION[1.5.3.7185 - 630]/>
<!NAME[output\diagtool_080520_211200.log]/>
<!PATTERN[diagtool_080520_211200.log]/>
<!FORMATTER[com.sap.tc.logging.TraceFormatter([%s] %26d %m)]/>
<!ENCODING[UTF8]/>
<!LOGHEADER[END]/>
[Info] May 20, 2008 9:12:07 PM TXT*********************************************************************
[Info] May 20, 2008 9:12:07 PM diagtool version: 1.7.5
[Info] May 20, 2008 9:12:07 PM configiration file: J:\diagtool\conf\sso2.conf
[Info] May 20, 2008 9:12:07 PM configtool path: J:\usr\sap\EPI\JC01\j2ee\configtool\
[Info] May 20, 2008 9:12:07 PM
[Info] May 20, 2008 9:12:07 PM system name: EPI
[Info] May 20, 2008 9:12:07 PM system version: 7.00
[Info] May 20, 2008 9:12:07 PM SP number: 12
[Info] May 20, 2008 9:12:07 PM
[Info] May 20, 2008 9:12:07 PM Canonical Host Name: SAPIA64BW.gonvarri.com
[Info] May 20, 2008 9:12:07 PM Host: SAPIA64BW
[Info] May 20, 2008 9:12:07 PM IP: 10.20.1.91
[Info] May 20, 2008 9:12:07 PM
[Info] May 20, 2008 9:12:07 PM jdk vendor: Sun Microsystems Inc.
[Info] May 20, 2008 9:12:07 PM jdk version: 1.4.2_15
[Info] May 20, 2008 9:12:07 PM TXT*********************************************************************
[Error] May 20, 2008 9:12:09 PM JmxConnectionFactory.getMBeanServerConnection(...) failed for: com.sap.engine.services.jmx.exception.JmxConnectorException: Unable to connect to connector server. properties:{java.naming.provider.url=SAPIA64BW:50304, java.naming.factory.initial=com.sap.engine.services.jndi.InitialContextFactoryImpl, java.naming.security.principal=Administrator, java.naming.security.credentials=gonvarri1}
[Error] May 20, 2008 9:12:09 PM Log Viewer Client was not initialized.
[Error] May 20, 2008 9:12:10 PM JmxConnectionFactory.getMBeanServerConnection failed(...) for: com.sap.engine.services.jmx.exception.JmxConnectorException: Unable to connect to connector server. properties:{java.naming.provider.url=SAPIA64BW:50304, java.naming.factory.initial=com.sap.engine.services.jndi.InitialContextFactoryImpl, java.naming.security.principal=Administrator, java.naming.security.credentials=gonvarri1}
[Error] May 20, 2008 9:12:10 PM LC client was not initialized
[Info] May 20, 2008 9:12:10 PM TXT
com.sap.engine.config.diagtool.tests.util.PropertiesDump
[Info] May 20, 2008 9:12:10 PM (EvaluateAssertionTicketLoginModule) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
[Info] May 20, 2008 9:12:10 PM (EvaluateTicketLoginModule) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
[Info] May 20, 2008 9:12:10 PM TicketKeystore (3 entries)
entry #1 (SAPLogonTicketKeypair-cert)
===========
CERTIFICATE entry:
Creation date : Tue May 20 20:44:00 CEST 2008 (20 May 2008 18:44:00 GMT)
Version : ver.3 X.509
Algorithm : DSA
Key Size : 1024 bits
Subject name : CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Issuer name : CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Serial number : 60679227
Signature Algorithm : dsaWithSHA (1.2.840.10040.4.3)
Validity:
not before : Tue May 20 20:42:00 CEST 2008 (20 May 2008 18:42:00 GMT)
not after : Wed May 20 20:42:00 CEST 2009 (20 May 2009 18:42:00 GMT)
Public key fingerprint : 97:56:3E:4F:D2:7E:71:97:5A:4B:BE:CD:47:90:00:18
Certificate fingerprint(MD5): 88:FE:7F:24:F7:64:2A:CC:D7:BE:16:70:74:73:96:27
Certificate extensions :
[critical]
[non critical]
SubjectKeyIdentifier: A3:2F:12:D4:B9:4C:33:00:A7:CB:22:F2:56:0A:3C:53:EE:57:13:F3
entry #2 (SAPLogonTicketKeypair)
===========
PRIVATE KEY entry
Creation date : Tue May 20 20:44:00 CEST 2008 (20 May 2008 18:44:00 GMT)
Version: : PKCS#8 DSA
Key Size : 1024 bits
CertificationChain has 1 certificate(s)
certificate #0 -
Version : ver.3 X.509
Algorithm : DSA
Key Size : 1024 bits
Subject name : CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Issuer name : CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Serial number : 60679227
Signature Algorithm : dsaWithSHA (1.2.840.10040.4.3)
Validity:
not before : Tue May 20 20:42:00 CEST 2008 (20 May 2008 18:42:00 GMT)
not after : Wed May 20 20:42:00 CEST 2009 (20 May 2009 18:42:00 GMT)
Public key fingerprint : 97:56:3E:4F:D2:7E:71:97:5A:4B:BE:CD:47:90:00:18
Certificate fingerprint(MD5): 88:FE:7F:24:F7:64:2A:CC:D7:BE:16:70:74:73:96:27
Certificate extensions :
[critical]
[non critical]
SubjectKeyIdentifier: A3:2F:12:D4:B9:4C:33:00:A7:CB:22:F2:56:0A:3C:53:EE:57:13:F3
entry #3 (BW_BWI_certificate)
===========
CERTIFICATE entry:
Creation date : Tue May 20 20:44:04 CEST 2008 (20 May 2008 18:44:04 GMT)
Version : ver.1 X.509
Algorithm : DSA
Key Size : 1024 bits
Subject name : CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
Issuer name : CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
Serial number : 0
Signature Algorithm : dsaWithSHA (1.2.840.10040.4.3)
Validity:
not before : Mon May 19 20:39:21 CEST 2008 (19 May 2008 18:39:21 GMT)
not after : Fri Jan 01 01:00:01 CET 2038 (1 Jan 2038 00:00:01 GMT)
Public key fingerprint : 96:9B:1F:02:D1:18:BC:25:61:16:BB:8D:AA:13:EA:68
Certificate fingerprint(MD5): 47:5D:87:50:89:F5:DD:72:A4:A3:B2:BA:FA:6A:B4:09
Certificate extensions :
NONE
[Info] May 20, 2008 9:12:10 PM <?xml version="1.0" encoding="UTF-8"?>
<!-- Configuration File for Authentication Schemes -->
<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/authschemes.xml#4 $ from $DateTime: 2004/01/20 17:27:21 $ ($Change: 14181 $) -->
<document>
<authschemes>
<!-- authschemes, the name of the node is used -->
<authscheme name="uidpwdlogon">
<!-- multiple login modules can be defined -->
<authentication-template>
ticket
</authentication-template>
<priority>20</priority>
<!-- the frontendtype TARGET_FORWARD = 0, TARGET_REDIRECT = 1, TARGET_JAVAIVIEW = 2 -->
<frontendtype>2</frontendtype>
<!-- target object -->
<frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
</authscheme>
<authscheme name="certlogon">
<authentication-template>
client_cert
</authentication-template>
<priority>21</priority>
<frontendtype>2</frontendtype>
<frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
</authscheme>
<authscheme name="basicauthentication">
<authentication-template>
ticket
</authentication-template>
<priority>20</priority>
<frontendtype>2</frontendtype>
<frontendtarget>com.sap.portal.runtime.logon.basicauthentication</frontendtarget>
</authscheme>
<authscheme name="header">
<authentication-template>
header
</authentication-template>
<priority>5</priority>
<frontendtype>2</frontendtype>
<frontendtarget>com.sap.portal.runtime.logon.header</frontendtarget>
</authscheme>
<!-- Reserved 'anonymous' authscheme added for being in the list of authschemes -->
<authscheme name="anonymous">
<priority>-1</priority>
</authscheme>
</authschemes>
<!-- References for Authentication Schemes, this section must be after authschemes -->
<authscheme-refs>
<authscheme-ref name="default">
<authscheme>uidpwdlogon</authscheme>
</authscheme-ref>
<authscheme-ref name="UserAdminScheme">
<authscheme>uidpwdlogon</authscheme>
</authscheme-ref>
</authscheme-refs>
</document>
[Info] May 20, 2008 9:12:10 PM <?xml version="1.0" encoding="UTF-8"?>
<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_database_only.xml#2 $ from $DateTime: 2004/07/01 09:31:21 $ ($Change: 16627 $) -->
<!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd">
<dataSources>
<dataSource id="PRIVATE_DATASOURCE"
className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</responsibleFor>
<privateSection/>
</dataSource>
</dataSources>
[Info] May 20, 2008 9:12:10 PM com.sap.security.core.umap.key = ******
login.authschemes.definition.file = authschemes.xml
login.serviceuser.lifetime = 100
login.ticket_client = 000
login.ticket_keyalias = SAPLogonTicketKeypair
login.ticket_keystore = TicketKeystore
login.ticket_lifetime = 8
login.ticket_portalid = auto
ume.acl.validate_cached_acls = false
ume.admin.account_privacy = true
ume.admin.addattrs =
ume.admin.allow_selfmanagement = false
ume.admin.auto_password = true
ume.admin.create.redirect =
ume.admin.debug_internal = false
ume.admin.display.redirect =
ume.admin.modify.redirect =
ume.admin.nocache = false
ume.admin.orgunit.adapterid =
ume.admin.password.migration = false
ume.admin.phone_check = true
ume.admin.public.addattrs =
ume.admin.search_maxhits = 1000
ume.admin.search_maxhits_warninglevel = 200
ume.admin.self.addattrs =
ume.admin.self.addressactive = false
ume.admin.self.generate_password = false
ume.admin.self.privacystatement.link =
ume.admin.self.privacystatement.version = 1
ume.admin.selfreg_company = false
ume.admin.selfreg_guest = true
ume.admin.selfreg_sus = false
ume.admin.selfreg_sus.adapterid = SUS
ume.admin.selfreg_sus.adminrole =
ume.admin.selfreg_sus.deletecall = true
ume.admin.wd.components.umeadminapp = {sap.com/tcsecumewdkit;com.sap.security.core.wd.maintainuser.MaintainUserComp},{sap.com/tcsecumewdkit;com.sap.security.core.wd.maintainrole.MaintainRoleComp},{sap.com/tcsecumewdkit;com.sap.security.core.wd.maintaingroup.MaintainGroupComp}
ume.admin.wd.locales =
ume.admin.wd.table.size.large = 20
ume.admin.wd.table.size.medium = 10
ume.admin.wd.table.size.small = 5
ume.admin.wd.tenant.identifier.all = - All -
ume.admin.wd.tenant.identifier.none = - None -
ume.admin.wd.url.help = http://help.sap.com/saphelp_nw04s/helpdata/en/5b/5d2706ebc04e4d98036f2e1dcfd47d/frameset.htm
ume.admin.wdactive = true
ume.allow_nested_groups = true
ume.cache.acl.default_caching_time = 1800
ume.cache.acl.initial_cache_size = 10000
ume.cache.acl.permissions.default_caching_time = 3600
ume.cache.acl.permissions.initial_cache_size = 100
ume.cache.default_cache = distributableCache
ume.cache.group.default_caching_time = 3600
ume.cache.group.initial_cache_size = 500
ume.cache.notification_time = 0
ume.cache.principal.default_caching_time = 3600
ume.cache.principal.initial_cache_size = 500
ume.cache.role.default_caching_time = 3600
ume.cache.role.initial_cache_size = 500
ume.cache.user.default_caching_time = 3600
ume.cache.user.initial_cache_size = 500
ume.cache.user_account.default_caching_time = 3600
ume.cache.user_account.initial_cache_size = 500
ume.company_groups.description_template = Company
ume.company_groups.displayname_template = ()
ume.company_groups.enabled = false
ume.company_groups.guestusercompany_enabled = true
ume.company_groups.guestusercompany_name = Guest Users
ume.db.connection_pool.j2ee.is_unicode = false
ume.db.connection_pool_type = SAP/BC_UME
ume.db.or_search.max_arguments = 50
ume.db.parent_search.max_arguments = 300
ume.db.use_default_transaction_isolation = false
ume.ldap.access.action_retrial = 2
ume.ldap.access.additional_password.1 = ******
ume.ldap.access.additional_password.2 = ******
ume.ldap.access.additional_password.3 = ******
ume.ldap.access.additional_password.4 = ******
ume.ldap.access.additional_password.5 = ******
ume.ldap.access.auxiliary_naming_attribute.grup =
ume.ldap.access.auxiliary_naming_attribute.uacc =
ume.ldap.access.auxiliary_naming_attribute.user =
ume.ldap.access.auxiliary_objectclass.grup =
ume.ldap.access.auxiliary_objectclass.uacc =
ume.ldap.access.auxiliary_objectclass.user =
ume.ldap.access.base_path.grup =
ume.ldap.access.base_path.uacc =
ume.ldap.access.base_path.user =
ume.ldap.access.context_factory = com.sun.jndi.ldap.LdapCtxFactory
ume.ldap.access.creation_path.grup =
ume.ldap.access.creation_path.uacc =
ume.ldap.access.creation_path.user =
ume.ldap.access.dynamic_group_attribute =
ume.ldap.access.dynamic_groups = false
ume.ldap.access.flat_group_hierachy = true
ume.ldap.access.kerberos_data_url =
ume.ldap.access.msads.control_attribute = userAccountControl
ume.ldap.access.msads.control_value = 512
ume.ldap.access.msads.grouptype.attribute = grouptype
ume.ldap.access.msads.grouptype.value = 4
ume.ldap.access.multidomain.enabled = false
ume.ldap.access.naming_attribute.grup =
ume.ldap.access.naming_attribute.uacc =
ume.ldap.access.naming_attribute.user =
ume.ldap.access.objectclass.grup =
ume.ldap.access.objectclass.uacc =
ume.ldap.access.objectclass.user =
ume.ldap.access.password = ******
ume.ldap.access.server_name =
ume.ldap.access.server_port =
ume.ldap.access.server_type =
ume.ldap.access.size_limit = 0
ume.ldap.access.ssl = false
ume.ldap.access.ssl_socket_factory = com.sap.security.core.server.https.SecureConnectionFactory
ume.ldap.access.time_limit = 0
ume.ldap.access.user =
ume.ldap.access.user_as_account = true
ume.ldap.blocked_accounts = Administrator,Guest
ume.ldap.blocked_groups = Administrators,Guests
ume.ldap.blocked_users = Administrator,Guest
ume.ldap.cache_lifetime = 300
ume.ldap.cache_size = 100
ume.ldap.connection_pool.connect_timeout = 25000
ume.ldap.connection_pool.max_connection_usage_time_check_interval = 120000
ume.ldap.connection_pool.max_idle_connections = 5
ume.ldap.connection_pool.max_idle_time = 300000
ume.ldap.connection_pool.max_size = 10
ume.ldap.connection_pool.max_wait_time = 60000
ume.ldap.connection_pool.min_size = 1
ume.ldap.connection_pool.monitor_level = 0
ume.ldap.connection_pool.retrial = 2
ume.ldap.connection_pool.retrial_interval = 10000
ume.ldap.default_group_member = cn=DUMMY_MEMBER_FOR_UME
ume.ldap.default_group_member.enabled = false
ume.ldap.record_access = FALSE
ume.ldap.unique_grup_attribute =
ume.ldap.unique_uacc_attribute =
ume.ldap.unique_user_attribute =
ume.locking.enabled = true
ume.locking.max_wait_time = 30
ume.login.basicauthentication = 1
ume.login.context = ticket
ume.login.context.default = ticket
ume.login.guest_user.uniqueids = Guest
ume.login.mdc.hosts =
ume.logoff.redirect.silent = false
ume.logoff.redirect.url =
ume.logon.allow_cert = false
ume.logon.branding_image = layout/branding-image.jpg
ume.logon.branding_style = css/ur/ur_.css
ume.logon.branding_text = layout/branding-text.gif
ume.logon.force_password_change_on_sso = true
ume.logon.httponlycookie = true
ume.logon.locale = false
ume.logon.logon_help = false
ume.logon.logon_help.name_required = false
ume.logon.logon_help.securityquestion = false
ume.logon.r3master.adapterid = master
ume.logon.security.enforce_secure_cookie = false
ume.logon.security.local_redirect_only = true
ume.logon.security.relax_domain.level = 1
ume.logon.security_policy.auto_unlock_time = 60
ume.logon.security_policy.cert_logon_required = false
ume.logon.security_policy.enforce_policy_at_logon = false
ume.logon.security_policy.lock_after_invalid_attempts = 6
ume.logon.security_policy.log_client_hostaddress = true
ume.logon.security_policy.log_client_hostname = false
ume.logon.security_policy.oldpass_in_newpass_allowed = false
ume.logon.security_policy.password_alpha_numeric_required = 1
ume.logon.security_policy.password_change_allowed = true
ume.logon.security_policy.password_change_required = TRUE
ume.logon.security_policy.password_expire_days = 90
ume.logon.security_policy.password_history = 0
ume.logon.security_policy.password_impermissible =
ume.logon.security_policy.password_last_change_date_default = 12/31/9999
ume.logon.security_policy.password_max_idle_time = 0
ume.logon.security_policy.password_max_length = 14
ume.logon.security_policy.password_min_length = 5
ume.logon.security_policy.password_mix_case_required = 0
ume.logon.security_policy.password_special_char_required = 0
ume.logon.security_policy.password_successful_check_date_default = 12/31/9999
ume.logon.security_policy.userid_digits = 0
ume.logon.security_policy.userid_in_password_allowed = false
ume.logon.security_policy.userid_lowercase = 0
ume.logon.security_policy.userid_special_char_required = 0
ume.logon.security_policy.useridmaxlength = 20
ume.logon.security_policy.useridminlength = 1
ume.logon.selfreg = false
ume.logonAuthenticationFactory = com.sap.security.core.logon.imp.SAPJ2EEAuthenticator
ume.multi_tenancy.automatic_logonid_prefixing = true
ume.multi_tenancy_support_enabled = false
ume.notification.admin_email =
ume.notification.create_approval = true
ume.notification.create_by_batch_performed = true
ume.notification.create_denied = true
ume.notification.create_performed = true
ume.notification.create_request = true
ume.notification.delete_performed = true
ume.notification.email_asynch = true
ume.notification.lock_performed = true
ume.notification.mail_host =
ume.notification.pswd_reset_performed = true
ume.notification.pswd_reset_request = true
ume.notification.selfreg_performed = true
ume.notification.system_email =
ume.notification.unlock_performed = true
ume.notification.update_by_batch_performed = true
ume.notification.workflow_email =
ume.persistence.batch.page_size = 25
ume.persistence.data_source_configuration = dataSourceConfiguration_database_only.xml
ume.persistence.pcd_roles_data_source_configuration = dataSourceConfiguration_PCDRoles.xml
ume.persistence.ume_roles_data_source_configuration = dataSourceConfiguration_UMERoles.xml
ume.principal.simple_search.attributes.account = j_user
ume.principal.simple_search.attributes.action = uniquename
ume.principal.simple_search.attributes.group = uniquename
ume.principal.simple_search.attributes.role = uniquename
ume.principal.simple_search.attributes.user = uniquename,firstname,lastname
ume.r3.connection.001.TimeZoneMapping =
ume.r3.connection.001.ashost =
ume.r3.connection.001.client =
ume.r3.connection.001.group =
ume.r3.connection.001.gwhost =
ume.r3.connection.001.gwserv =
ume.r3.connection.001.lang =
ume.r3.connection.001.msghost =
ume.r3.connection.001.passwd = ******
ume.r3.connection.001.poolmaxsize = 10
ume.r3.connection.001.poolmaxwait =
ume.r3.connection.001.r3name =
ume.r3.connection.001.receiverid = 001
ume.r3.connection.001.receiverid_guest = 001
ume.r3.connection.001.snc_lib =
ume.r3.connection.001.snc_mode =
ume.r3.connection.001.snc_myname =
ume.r3.connection.001.snc_partnername =
ume.r3.connection.001.snc_qop =
ume.r3.connection.001.sysnr =
ume.r3.connection.001.user =
ume.r3.connection.001.userole = false
ume.r3.connection.002.TimeZoneMapping =
ume.r3.connection.002.ashost =
ume.r3.connection.002.client =
ume.r3.connection.002.group =
ume.r3.connection.002.gwhost =
ume.r3.connection.002.gwserv =
ume.r3.connection.002.lang =
ume.r3.connection.002.msghost =
ume.r3.connection.002.passwd = ******
ume.r3.connection.002.poolmaxsize = 10
ume.r3.connection.002.poolmaxwait =
ume.r3.connection.002.r3name =
ume.r3.connection.002.receiverid = 002
ume.r3.connection.002.receiverid_guest = 002
ume.r3.connection.002.snc_lib =
ume.r3.connection.002.snc_mode =
ume.r3.connection.002.snc_myname =
ume.r3.connection.002.snc_partnername =
ume.r3.connection.002.snc_qop =
ume.r3.connection.002.sysnr =
ume.r3.connection.002.user =
ume.r3.connection.002.userole = false
ume.r3.connection.003.TimeZoneMapping =
ume.r3.connection.003.ashost =
ume.r3.connection.003.client =
ume.r3.connection.003.group =
ume.r3.connection.003.gwhost =
ume.r3.connection.003.gwserv =
ume.r3.connection.003.lang =
ume.r3.connection.003.msghost =
ume.r3.connection.003.passwd = ******
ume.r3.connection.003.poolmaxsize = 10
ume.r3.connection.003.poolmaxwait =
ume.r3.connection.003.r3name =
ume.r3.connection.003.receiverid = 003
ume.r3.connection.003.receiverid_guest = 003
ume.r3.connection.003.snc_lib =
ume.r3.connection.003.snc_mode =
ume.r3.connection.003.snc_myname =
ume.r3.connection.003.snc_partnername =
ume.r3.connection.003.snc_qop =
ume.r3.connection.003.sysnr =
ume.r3.connection.003.user =
ume.r3.connection.003.userole = false
ume.r3.connection.master.TimeZoneMapping =
ume.r3.connection.master.abap_debug =
ume.r3.connection.master.ashost =
ume.r3.connection.master.client =
ume.r3.connection.master.group =
ume.r3.connection.master.gwhost =
ume.r3.connection.master.gwserv =
ume.r3.connection.master.lang = EN
ume.r3.connection.master.msghost =
ume.r3.connection.master.msserv =
ume.r3.connection.master.passwd = ******
ume.r3.connection.master.poolmaxsize = 10
ume.r3.connection.master.poolmaxwait =
ume.r3.connection.master.r3name =
ume.r3.connection.master.receiverid = master
ume.r3.connection.master.receiverid_guest = master
ume.r3.connection.master.snc_lib =
ume.r3.connection.master.snc_mode =
ume.r3.connection.master.snc_myname =
ume.r3.connection.master.snc_partnername =
ume.r3.connection.master.snc_qop =
ume.r3.connection.master.sysnr =
ume.r3.connection.master.trace =
ume.r3.connection.master.user =
ume.r3.connection.tpd.adapterid = value of ume.r3.connection.tpd.systemid
ume.r3.connection.tpd.systemid = SUS
ume.r3.mastersystem = BWICLNT300
ume.r3.mastersystem.uid.mode = 1
ume.r3.orgunit.adapterid =
ume.r3.sync.sender = SAPMUM
ume.r3.use.role = false
ume.replication.adapters.001.companies =
ume.replication.adapters.001.scope =
ume.replication.adapters.002.companies =
ume.replication.adapters.002.scope =
ume.replication.adapters.003.companies =
ume.replication.adapters.003.scope =
ume.replication.adapters.index_1 =
ume.replication.adapters.index_2 =
ume.replication.adapters.index_3 =
ume.replication.adapters.master.companies =
ume.replication.adapters.master.scope =
ume.replication.crm_sup_register_check = BBP_SUS_BUPA_REGID_CHECK
ume.replication.messaging.active = false
ume.replication.sync.display_all_doc = false
ume.roles.pcd_roles_with_actions =
ume.roles.xml_files = *role.xml
ume.secaudit.get_object_name = false
ume.secaudit.log_actor = true
ume.spml.schema_name = schema.xml
ume.superadmin.activated = false
ume.superadmin.password = ******
ume.supergroups.anonymous_group.description = Built-in Group Anonymous Users
ume.supergroups.anonymous_group.displayname = Anonymous Users
ume.supergroups.anonymous_group.uniquename = Anonymous Users
ume.supergroups.authenticated_group.description = Built-in Group Authenticated Users
ume.supergroups.authenticated_group.displayname = Authenticated Users
ume.supergroups.authenticated_group.uniquename = Authenticated Users
ume.supergroups.everyone.description = Built-in Group Everyone
ume.supergroups.everyone.displayname = Everyone
ume.supergroups.everyone.uniquename = Everyone
ume.testum = false
ume.tpd.classloader =
ume.tpd.companies = 0
ume.tpd.imp.class = com.sap.security.core.tpd.SimpleTPD
ume.tpd.prefix = STPD_
ume.trace.external_trace_class = com.sap.security.core.util.imp.UMTrace_630
ume.usermapping.admin.pwdprotection = true
ume.usermapping.key.protection = TRUE
ume.usermapping.refsys.mapping.type = internal
ume.usermapping.unsecure = false
ume.users.displayname_template = ,
ume.users.email_pattern = ?@?.?*
ume.virtual_groups.description_template = Virtual group
ume.virtual_groups.displayname_template =
ume.virtual_groups.group_names_separator = ;
ume.virtual_groups.name_prefix =
ume.virtual_groups.names =
ume.virtual_groups.trim_group_names = true
ume.virtual_groups.user_attribute =
ume.virtual_groups.user_attribute.multivalue = true
ume.virtual_groups.user_attribute.namespace =
[Info] May 20, 2008 9:12:10 PM TXT
com.sap.engine.config.diagtool.tests.authentication.sso2.SSOTicketIssuerConfigTest
This test verifies the Single Sign-On (SSO) configuration on J2EE Engine.
It checks the prerequisites for issuing SSO logon tickets:
validity of the ticket client
the client is a three-digit string, e.g. 071
validity of the ticket signing private key/certificate
the ticket signing PK location, defined in UME properties,
must be a keypair and the acceptable algorithm is DSA.
[Info] May 20, 2008 9:12:10 PM client string OK
[Info] May 20, 2008 9:12:10 PM keystore view name found in UME: [TicketKeystore]
[Info] May 20, 2008 9:12:10 PM keystore alias name found in UME: [SAPLogonTicketKeypair]
[Info] May 20, 2008 9:12:10 PM
~ getName ~
SAPLogonTicketKeypair
~ isCertificate ~
false
~ isKeypair ~
true
~ getCertificate ~
Version: 3
Serial number: 60679227
Signature algorithm: dsaWithSHA (1.2.840.10040.4.3)
Issuer: CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Valid not before: Tue May 20 20:42:00 CEST 2008
not after: Wed May 20 20:42:00 CEST 2009
Subject: CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
DSA public key (1024 bits):
y: 3c01d64c6c4f5459e7a436429d4e3905b5200333847262a730b65c35be02adc436a3962808a0ea1b544507364397075794dd8f11bc8528bd548141aec0a33d4f3c0818217d07484d43823fccc487038dd2aaa42f0d2c0498c853ed3c172902434674a9b3e7ff12dd6f4a2834978d35ca9cf69bdc1becec2c16267ae334f2fdc
p: 827dd49ca2056984e98371b1340d5d71839285b25acaa382d7ac386e9440843f0a467aa875a8c1ca3b70ba6a970712f6b199ed3eec5313f3940a67bbd69f38722961ab023d17a1333c52235d9fb7d10e95e3a55ef9b04fc7c920c572da7ac3d50f240dbb8e54da9ebb702111c53582e535852e9f593979b33250c88683961917
q: fa5079dafa3f3ab1e80a6df5bd16f224d8f8d71b
g: 4fbdf52e3304f051c17ca55c9381b5c17d4c205076853450cfd9fc72b2e1b2b16fa01048b8ff17e7a90ae1e018053e34d9d561df714cc8dc92b151b5df6659706b5e57c319a2d6583b7d32d2e9e1f1663eaaac460dcd4e677036f7f9be0b2e16a05d695d5b8113a903cb3863561abd364a5d6c156617fa10a32099e1d2347713
Certificate Fingerprint (MD5) : 88:FE:7F:24:F7:64:2A:CC:D7:BE:16:70:74:73:96:27
Certificate Fingerprint (SHA-1): DD:56:49:B1:D3:0B:BD:79:A3:03:CF:66:33:86:4C:A0:16:FD:04:8F
Extensions: 1
~ getChain ~
chain [1]
Subject:CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Algorithm:dsaWithSHA(1.2.840.10040.4.3)
~ getClass ~
class com.sap.engine.config.diagtool.lib.keystore.OfflineKeystoreEntry
[Info] May 20, 2008 9:12:10 PM The keystore entry test successful.
[Info] May 20, 2008 9:12:10 PM The keystore entry is a keypair.
[Info] May 20, 2008 9:12:10 PM The SSO private key signing algorithm is [DSA]
[Info] May 20, 2008 9:12:10 PM The private key format is [PKCS#8]
[Info] May 20, 2008 9:12:10 PM The system can issue SSO logon tickets.
[Info] May 20, 2008 9:12:10 PM The tickets will be issued with client [000], system [EPI]
[Info] May 20, 2008 9:12:10 PM TXT
com.sap.engine.config.diagtool.tests.authentication.sso2.SSOTicketVerifierConfigTest
This test verifies the Single Sign-On (SSO) configuration on J2EE Engine.
It checks all SSO certificates imported in the SSO trusted key store view
defined in UME properties table. The certificates are verified for validity,
algorithm identifier, and public/private key content. The test checks also
the Access Control Lists configured in evaluate authentication modules.
The ACLs must contain Subjects and Issuers that are available
in the SSO trusted key store view
[Info] May 20, 2008 9:12:10 PM keystore view name found in UME: [TicketKeystore]
[Info] May 20, 2008 9:12:10 PM keystore alias name found in UME: [SAPLogonTicketKeypair]
[Info] May 20, 2008 9:12:10 PM *** checking SSO anchors ***
[Info] May 20, 2008 9:12:10 PM found 2 entries
[Info] May 20, 2008 9:12:10 PM ************ entry #1 [SAPLogonTicketKeypair-cert] **************
[Info] May 20, 2008 9:12:10 PM
~ getName ~
SAPLogonTicketKeypair-cert
~ isCertificate ~
true
~ isKeypair ~
false
~ getCertificate ~
Version: 3
Serial number: 60679227
Signature algorithm: dsaWithSHA (1.2.840.10040.4.3)
Issuer: CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Valid not before: Tue May 20 20:42:00 CEST 2008
not after: Wed May 20 20:42:00 CEST 2009
Subject: CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
DSA public key (1024 bits):
y: 3c01d64c6c4f5459e7a436429d4e3905b5200333847262a730b65c35be02adc436a3962808a0ea1b544507364397075794dd8f11bc8528bd548141aec0a33d4f3c0818217d07484d43823fccc487038dd2aaa42f0d2c0498c853ed3c172902434674a9b3e7ff12dd6f4a2834978d35ca9cf69bdc1becec2c16267ae334f2fdc
p: 827dd49ca2056984e98371b1340d5d71839285b25acaa382d7ac386e9440843f0a467aa875a8c1ca3b70ba6a970712f6b199ed3eec5313f3940a67bbd69f38722961ab023d17a1333c52235d9fb7d10e95e3a55ef9b04fc7c920c572da7ac3d50f240dbb8e54da9ebb702111c53582e535852e9f593979b33250c88683961917
q: fa5079dafa3f3ab1e80a6df5bd16f224d8f8d71b
g: 4fbdf52e3304f051c17ca55c9381b5c17d4c205076853450cfd9fc72b2e1b2b16fa01048b8ff17e7a90ae1e018053e34d9d561df714cc8dc92b151b5df6659706b5e57c319a2d6583b7d32d2e9e1f1663eaaac460dcd4e677036f7f9be0b2e16a05d695d5b8113a903cb3863561abd364a5d6c156617fa10a32099e1d2347713
Certificate Fingerprint (MD5) : 88:FE:7F:24:F7:64:2A:CC:D7:BE:16:70:74:73:96:27
Certificate Fingerprint (SHA-1): DD:56:49:B1:D3:0B:BD:79:A3:03:CF:66:33:86:4C:A0:16:FD:04:8F
Extensions: 1
~ getChain ~
chain [1]
Subject:CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Algorithm:dsaWithSHA(1.2.840.10040.4.3)
~ getClass ~
class com.sap.engine.config.diagtool.lib.keystore.OfflineKeystoreEntry
[Info] May 20, 2008 9:12:10 PM The certificate CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE algorithm OK.
[Info] May 20, 2008 9:12:10 PM ************ entry #2 [BW_BWI_certificate] **************
[Info] May 20, 2008 9:12:10 PM
~ getName ~
BW_BWI_certificate
~ isCertificate ~
true
~ isKeypair ~
false
~ getCertificate ~
Version: 1
Serial number: 0
Signature algorithm: dsaWithSHA (1.2.840.10040.4.3)
Issuer: CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
Valid not before: Mon May 19 20:39:21 CEST 2008
not after: Fri Jan 01 01:00:01 CET 2038
Subject: CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
DSA public key (1024 bits):
y: 8c6ac727a5a7048353e1bde69321c38bd99272f2bd771a678532dc0c8f8bb1f9c5d7c6443986345d0a2a2b4dd1c75b929667ebb6cf1412c4f99381b9ac571f8d2c334892db815547c4e418b001b2276e6a49c106c0248f1a8686650a656f33e648cf8d3e54becf5e0bcdcf5034afd94bf1d7f574258f6e75651b983187dd0093
p: ffe26acc911b083ba364f621c222f00778501509d9748e364824daf19f80448ebd439d2077cff772120bebf27319a108959ec959eb80047729c7d794eb73eff5eaa90def10b5b4aaee638e6b16a9e0608da6f489e259eeb0a3be1a7cac431361ab3bccc13967e571596889e6a605ab6721b0d18712acb8d349ced2f8c1e5cc21
q: 90648a4ec3287c602b63a4d44182fb284d790bfd
g: eb309896ee2cae22e23186d98244bd8910dc697c922930d561529d51a9bc72e9e30012e2205f60752c83a9665b3d8a4d9dbdc7a30a7cb118e97cf114f6571589ed037f39f926523fe08fef40e7339066368c7957c8b744441970497f3d09231cc9af95f178d1632a0c42ff603cb294668021e4a6bcb86fc69d15041fd0f554bb
Certificate Fingerprint (MD5) : 47:5D:87:50:89:F5:DD:72:A4:A3:B2:BA:FA:6A:B4:09
Certificate Fingerprint (SHA-1): 3B:CC:58:02:86:47:D2:02:E2:E2:DB:73:84:C1:F1:81:DB:D1:72:F3
~ getChain ~
chain [1]
Subject:CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
Algorithm:dsaWithSHA(1.2.840.10040.4.3)
~ getClass ~
class com.sap.engine.config.diagtool.lib.keystore.OfflineKeystoreEntry
[Info] May 20, 2008 9:12:10 PM The certificate CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE algorithm OK.
[Info] May 20, 2008 9:12:10 PM *** com.sap.security.core.server.jaas.EvaluateTicketLoginModule ***
[Info] May 20, 2008 9:12:10 PM 28 configurations found.
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/com.sap.aii.security.ws*KeystoreHelp_client]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/com.sap.aii.security.ws*KeystoreHelp_client]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.ClientCertLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.ClientCertLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/KeystoreHelp/client
auth_method=client-cert
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/com.sap.aii.af.ispeak.app*pip]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/com.sap.aii.af.ispeak.app*pip]}(size: 3)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
#1 ume.configuration.active = true
2. ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule ) ( REQUISITE ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
3. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( OPTIONAL ) com.sap.security.core.server.jaas.CreateTicketLoginModule
#1 ume.configuration.active = true
authentication properties:
realm_name=ISPEAK
policy_domain=/RWB
auth_method=basic
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/tcslmslmapp*slmSolManServices_Config1]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/tcslmslmapp*slmSolManServices_Config1]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.ClientCertLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.ClientCertLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/slmSolManServices/Config1
auth_method=client-cert
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/cafruntimeear*CAFDataService_Config]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/cafruntimeear*CAFDataService_Config]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/CAFDataService/Config
auth_method=basic
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/com.sap.aii.af.service.trex.ws*TrexProcessor_basic]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/com.sap.aii.af.service.trex.ws*TrexProcessor_basic]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/TrexProcessor/basic
auth_method=basic
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/tcsecwssec~app*wssproc_plain]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/tcsecwssec~app*wssproc_plain]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/wssproc/plain
auth_method=basic
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/tckmcbc.rf.wsrfwsear*RepositoryFrameworkWS_Config1]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/tckmcbc.rf.wsrfwsear*RepositoryFrameworkWS_Config1]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/RepositoryFrameworkWS/Config1
auth_method=basic
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/com.sap.xi.mdt*AdapterMessageMonitoring_basic]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/com.sap.xi.mdt*AdapterMessageMonitoring_basic]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/AdapterMessageMonitoring/basic
auth_method=basic
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/com.sap.aii.af.ms.app*MessagingSystem]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/com.sap.aii.af.ms.app*MessagingSystem]}(size: 2)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
#1 ume.configuration.active = true
2. ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule ) ( REQUISITE ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
authentication properties:
realm_name=Message Display Tool
policy_domain=/RWB
auth_method=basic
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/tcslmslmapp*slmServices_config]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/tcslmslmapp*slmServices_config]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.ClientCertLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.ClientCertLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/slmServices/config
auth_method=client-cert
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/com.sap.lcr*sld]
[Info] May 20, 2008 9:12:10 PM |
When I execute RSPOR_SETUP report from SE38 to check the configuration between BW and Protal, the system shows the following message:
http://img58.imageshack.us/img58/1910/j2eegw5.png
http://img53.imageshack.us/img53/4158/step7vf1.png
This is my configuration:
http://img58.imageshack.us/img58/5937/strustry9.png
http://img142.imageshack.us/img142/9721/keystorageyt6.png
http://img53.imageshack.us/img53/6971/ticketbl2.png
http://img53.imageshack.us/img53/2689/evaluatemr0.png
http://img177.imageshack.us/img177/1271/umeyz5.png
http://img53.imageshack.us/img53/9763/slddf1.png
Entry in dev_jrfc.trc
Message : java.lang.RuntimeException: call FM RSWR_RFC_SERVICE_TEST to ProgId SAPIA64BW_PORTAL_EPI on host SAPIA64BW with SSO not authorized: Missing Password
Datasource : 11197950:J:\usr\sap\EPI\JC01\j2ee\cluster\server0\dev_jrfc.trc
Could you please help me??
Thanks in advance
Edited by: Juan de la Cruz Arellano Royo on May 21, 2008 11:17 AM
Similar Messages
-
Hello Experts,
I am trying to use SSO portal to ITS service . I create a service DSU01 using transaction code and active it, it works normally in browser. the ITS is integrated in WAS640. when I create a IAC iview, I dont know IAC parameter, I'm pretty new to portal, could someone help me ?
BR.
msonghi Debasish,
Thanks very much for your response. I have read the guide, but there's some error:
An exception occurred while processing a request for :
iView : pcd:portal_content/every_user/general/eu_role/com.sap.km.home_ws/sm36
Component Name : com.sap.portal.appintegrator.sap.IAC
Exception in SAP Application Integrator occured: Application URL ':///sap(ZT00NzdYT3NXTkUwUmdSZ2FTTWpPcDZ3JTNEJTNEOEhnZGNJZ2lqN015ZFdHd05ERkZ4dyUzRCUzRA==)/bc/gui/sap/its/sm36' is not valid! Please check the protocol and host entries for system 'msongtest0424'..
Exception id: 04:55_28/04/20_0009_14211850
See the details for the exception ID in the log file
I set the following parameters:
Web As Host Name: msongtest2.secude.local:1443
Web As path:/sap/bc/gui/sap/its/
Web As Protocol: https
SMICM>goto service>there is a line says "https, 1443 ...."
when I access https://msongtest2.secude.local:1443/sap/bc/gui/sap/its/sm36, "define backgroud job" can display normally.
BR.
msong -
Portal not accessable via browser as inside sapmmc - http provider is red
Hi Experts,
I am very new to NW admin side and currently my client is facing an issue while accessing portal via browser.
Problem: Some times suddently when users try to access production portal it takes a lot of time to open up and in most cases it doesn' t get opened up at all. To check what' s wrong with the portal i access sapmmc and inside their i find under current status -> ... -> services -> http provider -> total requests in red status with a description as avg request - response time last reported value above threshold limit. It will be the same case under open alerts too.
My server configuration is:
SAP-JEE = 7.0SP14
OS = Windows 2003 (X86) 5.2
Server Version = 1.4.2_17-bo6
Kernel Version = 7.00 patch level 109886.44
Server = 32 bit
RAM = 16.00GB
Processor = Intel(R) Xeon(R) CPU E5450 @3.00GHZ (8CPUs)
Heap Size: 1024 MB
Approximate number of users = 500 - 600
Currently to solve the issue, we give a reboot to server. But with the progress in time the frequency is getting increased drastically (approx once in 2- 3 days).
Any pointers on how to solve this issue will be greatly appreciated.
Thanks In Advance,
Vipin.Hi all,
Thanks for your valuable inputs!
Now the issue seems to end up by raising an OSS notes with SAP and i have been given responsibility to prepare a doc that needs to be submited to SAP.
I have already got the screenshots from SAPMMC on it' s status and all, but also requires log information specific to the reason behind this behaviour. Can i know where the log information specific to such issues gets logged and all the necessary information that i need to document to raise an OSS.
Inputs with be of great help and will be highly appreciated.
Thanks In Advance,
Vipin. -
Error during execution of SSO with Oracle Access Manager 11gR2
Hello friends,
I have a problem with SSO using Oracle Access Manager 11g R2, then describes the steps taken in this test:
1. Is accessed by the OAM protected application through IE browser, Chrome and Firefox for testing purposes.
2. The OAM protected application, here is redirected to the OAM page to enter the credentials for the application.
3. Shows the application, and again reorders authentication credentials.
Here the details of the cookie:
a. cookie1: ADMINCONSOLESESSION
b. cokkie2: OAMAuthnCookie_webgate11g.domain.com: 7777
We also found an error when starting the node oam_server in WebLogic Server 11g (10.3.6)
Log:
[2012-11-29T18:16:02.411-05:00] [oam_server1] [ERROR] [JPS-03156] [oracle.jps.authorization.framework] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000JhEStpUFW7WFLzRL8A1GhylJ000002,0] [APP: oam_server#11.1.2.0.0] The exception has been thrown by ARME. The authorization result is set to deny.[[
com.bea.security.providers.authorization.asi.InvocationException: ArmeRUNTIME Exception: null
at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.isAccessAllowed(AuthorizationProviderImpl.java:396)
at com.bea.security.ssal.micro.MicroAuthorizationManagerWrapper.isAccessAllowed(MicroAuthorizationManagerWrapper.java:73)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed_internal(AuthorizationServiceImpl.java:914)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:745)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:668)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:622)
at com.bea.security.AuthorizationService.isAccessAllowed(AuthorizationService.java:365)
at oracle.security.am.common.policy.runtime.provider.oes.proxy.OESRuntimeProxy.wait4OESRuntimeDBPolicyRefreshCompletion(OESRuntimeProxy.java:263)
at oracle.security.am.common.policy.runtime.provider.oes.proxy.OESRuntimeProxy.init(OESRuntimeProxy.java:193)
at oracle.security.am.common.policy.runtime.provider.oes.OESPolicyRuntimeProvider.init(OESPolicyRuntimeProvider.java:167)
at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.getNewInstance(PolicyRuntimeFactory.java:162)
at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.init(PolicyRuntimeFactory.java:93)
at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.getPolicyRuntime(PolicyRuntimeFactory.java:84)
at oracle.security.am.common.policy.util.PolicyComponentLifecycle.initialize(PolicyComponentLifecycle.java:100)
at oracle.security.am.lifecycle.ApplicationLifecycle.initComponentBootstrap(ApplicationLifecycle.java:156)
at oracle.security.am.lifecycle.ApplicationLifecycle.contextInitialized(ApplicationLifecycle.java:86)
at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:481)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:181)
at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1868)
at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3154)
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1518)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:484)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: com.wles.InternalException: ArmeRUNTIME Exception: null
at com.wles.arme.Credentials_ca.exceptionTransport(Credentials_ca.java:606)
at com.wles.arme.Credentials_ca._accessAllowed(Credentials_ca.java:343)
at com.wles.arme.CredentialsImpl._accessAllowed(CredentialsImpl.java:400)
at com.wles.arme.CredentialsImpl._accessAllowed(CredentialsImpl.java:422)
at com.wles.arme.CachingCredentialsImpl._accessAllowed(CachingCredentialsImpl.java:225)
at com.wles.arme.CredentialsImpl.accessAllowed(CredentialsImpl.java:452)
at com.wles.arme.CachingCredentialsImpl.accessAllowed(CachingCredentialsImpl.java:68)
at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.ARMEisAccessAllowed(AuthorizationProviderImpl.java:977)
at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.isAccessAllowed(AuthorizationProviderImpl.java:347)
... 52 more
causal exception is:
com.wles.InternalException: ArmeRUNTIME Exception: null
at com.wles.arme.Credentials_ca.exceptionTransport(Credentials_ca.java:606)
at com.wles.arme.Credentials_ca._accessAllowed(Credentials_ca.java:343)
at com.wles.arme.CredentialsImpl._accessAllowed(CredentialsImpl.java:400)
at com.wles.arme.CredentialsImpl._accessAllowed(CredentialsImpl.java:422)
at com.wles.arme.CachingCredentialsImpl._accessAllowed(CachingCredentialsImpl.java:225)
at com.wles.arme.CredentialsImpl.accessAllowed(CredentialsImpl.java:452)
at com.wles.arme.CachingCredentialsImpl.accessAllowed(CachingCredentialsImpl.java:68)
at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.ARMEisAccessAllowed(AuthorizationProviderImpl.java:977)
at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.isAccessAllowed(AuthorizationProviderImpl.java:347)
at com.bea.security.ssal.micro.MicroAuthorizationManagerWrapper.isAccessAllowed(MicroAuthorizationManagerWrapper.java:73)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed_internal(AuthorizationServiceImpl.java:914)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:745)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:668)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:622)
at com.bea.security.AuthorizationService.isAccessAllowed(AuthorizationService.java:365)
at oracle.security.am.common.policy.runtime.provider.oes.proxy.OESRuntimeProxy.wait4OESRuntimeDBPolicyRefreshCompletion(OESRuntimeProxy.java:263)
at oracle.security.am.common.policy.runtime.provider.oes.proxy.OESRuntimeProxy.init(OESRuntimeProxy.java:193)
at oracle.security.am.common.policy.runtime.provider.oes.OESPolicyRuntimeProvider.init(OESPolicyRuntimeProvider.java:167)
at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.getNewInstance(PolicyRuntimeFactory.java:162)
at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.init(PolicyRuntimeFactory.java:93)
at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.getPolicyRuntime(PolicyRuntimeFactory.java:84)
at oracle.security.am.common.policy.util.PolicyComponentLifecycle.initialize(PolicyComponentLifecycle.java:100)
at oracle.security.am.lifecycle.ApplicationLifecycle.initComponentBootstrap(ApplicationLifecycle.java:156)
at oracle.security.am.lifecycle.ApplicationLifecycle.contextInitialized(ApplicationLifecycle.java:86)
at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:481)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:181)
at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1868)
at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3154)
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1518)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:484)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
We appreciate your support in solving the case. Thanks...
JLK
Edited by: JLK on Nov 30, 2012 9:43 AMHi Viju,
Did you executed the python script to register OPSS. If not then you will get the mentioned error:
I have mentioned couple of workarounds. Can you try those and let me know the results. Take the backup of your entire environment before you follow the steps:::
1. For the ARME issue patch can be applied for 11.1.2
OAM Bundle Patch Release History (Doc ID 736372.1)
Yes. This is a benign message. ( the ARME issue)
OAM 11R2 After Upgrade The Managed Server Start With Error ArmeRUNTIME Exception: Null (Doc ID 1509559.1)
The other issue is under investgation and is benign.
<oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer> WARNING when accessing oamconsole (Doc ID 1511967.1)
The final message is spoken to here:
WLS 10.3.3: "Auto-Ref-By: WebApp" deployed as shared library is affecting other web applications. (Doc ID 1210393.1)
Action Plan:
=========
1. For the ARME issue patch can be applied for 11.1.2
OAM Bundle Patch Release History (Doc ID 736372.1)
Hope this helps. -
Add tab in Portal to access SAP BW system
Hello All,
Currently, we have SAP ECC tab available in the Portal to access the ECC system directly with a single sign on.
Similarly, we want to add a tab to access SAP BW system wherein user can login to BW system to execute a process chain..
Please advice me with the development required for the same.
Thanks & Regards
SnehaHi Sneha,
Please follow the below steps.
1) Create a system object to BW system and get the single sign on done and test the connections are fine(BASIS TEAM)
2) Create a Portal Role called BW Extractor
3) Create a standard transaction iview to rspc to BW system, and make the entry point on iview to true
4) Add the iview to the Portal Role
5) Add the Portal Role to user or user group.
Please let me know how it goes !
Regards,
Vivek Nidhi -
Getting error in portal while accessing dms repostitory
Hi Experts,
Iam getting the below error in portal while accessing the dms repository. the repository was fine status is in green color
but still getting the error while iam viewing it from content administration > kmcontent> my repository name
what should i do please help me in this
com.sap.netweaver.bc.rf.common.exception.IOOperationFailedException: Connection Failed: Connection setup failedConnection Failed: Nested Exception. Failed to get connection. Please contact your admin.
at com.sap.pct.plm.dmsrmconnectorforkm.DMSRMR3FunctionCalls.openConnection(DMSRMR3FunctionCalls.java:5934)
at com.sap.pct.plm.dmsrmconnectorforkm.DMSRMR3FunctionCalls.getTopLevelFolders(DMSRMR3FunctionCalls.java:426)
at com.sap.pct.plm.dmsrmconnectorforkm.DMSRMStructure.refreshChildren(DMSRMStructure.java:531)
at com.sap.pct.plm.dmsrmconnectorforkm.DMSRMStructure.getChildren(DMSRMStructure.java:574)
at com.sap.pct.plm.dmsrmconnectorforkm.DMSRMMutableNamespaceManager.findResources(DMSRMMutableNamespaceManager.java:930)
at com.sapportals.wcm.repository.CollectionImpl2.internalGetChildrenManager(CollectionImpl2.java:310)
at com.sapportals.wcm.repository.CollectionImpl.internalGetChildren(CollectionImpl.java:1616)
at com.sapportals.wcm.repository.CollectionImpl.doGetChildren(CollectionImpl.java:145)
at com.sapportals.wcm.repository.CollectionImpl.getChildren(CollectionImpl.java:125)
at com.sapportals.wcm.repository.CollectionImpl.getChildren(CollectionImpl.java:358)
at com.sapportals.wcm.service.resourcelistfilter.cm.ResourceListFilter.getChildren(ResourceListFilter.java:420)
at com.sapportals.wcm.rendering.collection.AbstractRendererStatus.initialfilter(AbstractRendererStatus.java:331)
at com.s...
Please help me in this .............
waiting for your responses.....
Thanks & Regards,
Shilpa.Hi,
Thanks for your imediate response. we deplyed the DMS connectors in portal we got standard role document explorer
and i changed the parameters in the dmsrm repository but still facing the same error.
please help me in this
waiting for your response
Regards,
Shilpa. -
Hi everybody,
I'm trying to set up the SSO with Logon Tickets between the Portal and an ECC 5.0 System. I've done all the configuration steps on the portal and system side as read in literature and here on the forum. But when I try to test the conection to the system I'm getting: connection failed.
Steps I've done:
<b>Portal</b>
- I created the system in the portal system landscape: even two systems. One SAP_R3_Dedicated and one SAP_R3_ConnectionString. This is because for remote access to the system I use a SAProuter and the system is running on a single server host. So I'm not sure which one should be taken. None of them works for now.
- I created User Mapping for the System Aliases in User Administration
<b>System</b>
- I imported the verify.der through STRUSTSOO2 and made all the settings including adding to the ACL
- I've set the profile parameters login/accept_sso2_ticket = 1 and login/create_sso2_ticket = 1 through RZ10 and restarted the server
- In RZ11 and SSO2 i checked the parameters and the sso setting. The parameters were successifuly changed and sso is enabled for the issuer from the verify.der file.
So where is the problem? Maybe some tipps one where tipical problems in situations like this are lying.
My presumptions are:
- the System and Client in the ACL List in RZ10. I'm not sure that I've made correct setting for this values when I added the certificate to the ACL. What values should be entered here?
- the connection string for the "connection string system in the portal". How should the connection string look like? I've tried the one I'm using when connecting through the GUI to the system.
- application host in the dedicated system in portal or some other settings of the connector
Every tipp or further information on this will be very appreciated!
Regards,
MladenHi Mladen
There is a checklist for SSO in the portal wiki. I suggest you follow that as a first point. It covers things like using SM50 to look at errors in the backend.
You shouldn't need to set up user mapping - the whole idea of SSO is to remove the need for user mapping.
The entry in the ACL in STRUSTSSO2 is based on the values that you set in your UME. The SID is your portal SID and the client is the value from UME.
The connection string should look like /H/host/S/server etc - same as for SAProuter.
Cheers -
Running Discoverer reports into portal using SSO portal login - help
Hi,
I am trying to run disco reports into oracle portal using discoverer portlet providers -list of worksheet. What I want to achieve is as follows
1) login to portal using SSO userid /pwd - Done
2) Enable discoverer for SSO - Done
*3) Use discoverer list of worksheets to show reports into portal but want to filter the list of worksheet to currently logged in portal user. This so that users looged in only sees the reports to which they have access in discoverer - Need Help*
*4) Once user runs this report then I want to filter the discoverer data based on users login or portal group - Help*
Can someone please help with issue no 3/4 urgently.
Mant thanks
GaneshHi Michael,
Assuming I have created the private connections using CAPI I still have my doubts as follows
Do I have to then login as each portal user and add the list of worksheet portlet for each user and selecting
"check the box called Display a different list of worksheets by allowing users to customize database connection and then check Show a default list of worksheets using connection, changing the connection to user's connection."
Considering we have 500+ users this will be huge cumbersom task for me.
Also when I tried to do this before loggin as each portal user when I logged in as second portal user I could see the list of worksheet portalet added by the first user which means I have to edit it but even that was not possible because it would not let me edit as only the page own whi created the portlet was allowed to edit (that is the first user)
OR
Do you have to give portal user permission to edit the page so that they can log on themselve to add the list of worksheet portlet on the page by selecting their private connection and selecting
"check the box called Display a different list of worksheets by allowing users to customize database connection and then check Show a default list of worksheets using connection, changing the connection to user's connection."
Finally I know someone has made it work using URL links and it works as follows
1) Map the portal and disco user into a table
2) Create disco private connections
3) when portal user loggs in and click on "Show my discoverer report" it then runs a PL/SQL package which in turn identifies the private connection details and creates a URL out of it as follows
[http://portal.ccm.ac.uk/discoverer/app/partialConnect?password=IRTIMUDV123_=qplus=VDUMITRI=browser_selected=connect=RELATIONAL=QPRIS=viewer]
clicking on this link open discoverer with private list of workbook/worksheet.
Please advise which way should I follow.
Thanks
Ganesh -
External Facing Portal with access to ITS via Transaction Iview
Hi Experts,
We have a requirement to make the portal available externally for third party vendors to access ECC transactions. We have configured a URL with a reverse proxy to the portal server. Portal loads fine from outside the network, but when launching a transaction I-view, a page cannot be displayed error comes up in IE-8 and Chrome says it cannot access the ECC server.
I've searched the forums and come up with a couple of tips, but that brings on a couple more questions.
It seems you can direct traffic from external URL to portal server:port, but when launching an transaction I-view, it needs to be redirected again to the ECC server:port/sap/bc/gui* (or something like that for SICF GUI service). Question here is, once this redirect happens, technically the ECC box is now available externally vs. only the portal? Is this recommended?
Other option I've found is to try and use IAC I-views instead. Is this really much different than a transaction i-view in how portal handles the opening Iframe? Does it allow backend connectios without rerouting internet traffic to the backend server?
Are they any other options to make this type of setup work for external facing portals using transaction iviews to access ITS?
Thanks for the help!Hi
Did you able to resolve the issue. We have installed Web Dispatcher through we are able to call the EP but when calling the transaction iViews page not found error pops up, since from EP server request to ECC goes via the URL http://<ecchost.domain>.:8000/sap/bc/gui/sap/its/webgui?sap-client=100.
Thanks
Murthy -
How to find out which version of OID, SSO, Portal, and Disco. to install?
Hi,
I just upgraded from 11.5.9 (DB 9.2.0.4) to 12.1.1 (DB 10.2.0.5) using Rapid Install Wizard.
The 11i system did have Portal and Single Sign-On, and Discoverer 4i. How can I find out which version of these I can install and integrate with the new system? Do I need to install a separate Application Server?
Thanks,
SinanPlease see these docs.
Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On [ID 376811.1]
Oracle Application Server with Oracle E-Business Suite Release 12 FAQ [ID 415007.1]
Using Discoverer 10.1.2 with Oracle E-Business Suite Release 12 [ID 373634.1]
Using Discoverer 11.1.1 with Oracle E-Business Suite Release 12 [ID 1074326.1]
How To Enable Single Sign On (SSO) For Discoverer 11g (11.1.1.x) [ID 879604.1]
Thanks,
Hussein -
Reg : Error in Portal while accessing BI Report.
Hi,
When I am trying to access BI report in the portal I got the following error in Portal
User #### has no RFC authorization for function group SYST.
Please assist to resolve the issue.
Thanks,
Prakash.Hi
This is an authorization issue.
Either include SYST in authorization object S_RFC.
Or assign SAP_ALL role to the user and then try. -
HTML Files in portal that access relative images
We put html files on some of our pages. These open up and display their contents, which include images. These images we store on the same portal page (but hide them) so the html page has access to them in the same directory. So, we basically, use a portal page as a web server directory to put the html, css, images, etc.
Is this going to break in a future version of portal?
According to:
http://download-west.oracle.com/docs/cd/B14099_19/portal.1014/b13809/apdxurls.htm
"Following this release, path-based URLs that follow the following syntax will be obsolete"
That sounds to me like my above scenario will break. Yes?
Thanks.Why do you use html files exactly ? Because, we have legacy HTML documents that are from our pre-portal intranet days. We were able to just stick them into a portal page and they worked. And, the nice thing is that they can link to each other with relative links within the same directory/path. So, it's not just images. We really don't care that much about images, that was just an example that would be easy for people to understand. Using the /images folder does not solve most of problem. And, like I mentioned before, we also have PDFs with PDF-to-PDF web links where they all link to each other with relative links within the same directory. We also have some Flash (swf) files that take advantage of page-path URLs.
It's not like our whole portal is made up of HTML documents. But, we used many of them instead of Word or PDF documents, because that's what we had from before. So, in most cases we can convert them to PDFs. But, there are some cases where we have mini websites made up of HTML files all stuck into a Portal page. These, and the PDF-to-PDF linked documents are a bigger problem.
This is a major headache that we are not looking forward to. -
Hi all,
I am trying to write a SQL script that I can use in conjunction with Oracle Reports (Portal). I want this script to show all new documents uploaded by anyone in a page group. When I run the script from my Desktop app, I see everyones document. When I run the script in the portal, I only see the documents that I uploaded no one elses. It looks like I am running into some kind of permissions issue.
Is there any other way around this issue using Oracle Reports? I know I can probably use the Omni Portlet or maybe a PL/SQL item.
Here is the script:
select
'<a href="/portal/page?_pageid='
|| replace(security_object_name, '/', ',')
|| '&_dad=portal&_schema=PORTAL target="_blank">'
|| real_filename || '</a> ' as real_filename /* Creates link to the parent page */
, replace(creator, '.', ' ') as creator
, last_updated
, NVL(SUBSTR(to_char(doc_size/1000), 0, INSTR(to_char(doc_size/1000), '.')-1),0) || ' KB'
as doc_size
, SUBSTR(security_object_name, 0, INSTR(security_object_name, '/')-1) as security_object_name
from portal.wwdoc_document
where trunc(last_updated) >= (trunc(sysdate)-7)
and SUBSTR(security_object_name, 0, INSTR(security_object_name, '/')-1) = '73' /* Page Group */
order by last_updated desc
One thing to note that I noticed in another post is that this table is not governed by portal ACLs.
Re: APIs for downloading contentSo it looks like it is the view - but there is something off in this view and actual access the individual has. It seems to just join on username and miss group associations.
select "SUBSCRIBER_ID","NAME","PATHID","FILENAME","REAL_FILENAME"
,"MIME_TYPE","DOC_SIZE","DAD_CHARSET","LAST_UPDATED","CONTENT_TYPE"
,"BLOB_CONTENT","CREATOR","SESSION_ID","LANGUAGE","REFCOUNT"
,"SECURITY_OBJECT_TYPE","SECURITY_OBJECT_NAME","DAV_ID"
,"DAV_LOCK_TOKEN","DAV_OWNER","EXPIRE_SECONDS"
from wwdoc_document$ a
where (EXISTS (
select 1 from wwsec_sys_priv$ b
where b.object_type_name = 'DOCUMENT'
AND b.name = a.name
AND b.owner = upper('portal')
AND b.grantee_type = 'USER'
AND b.grantee_group_id = 0
AND b.grantee_user_id in ( wwctx_api.get_user_id(), 2) --user PUBLIC
OR (EXISTS (
select 1 from wwsec_sys_priv$ b, wwsec_flat$ c
where b.object_type_name = 'DOCUMENT'
AND b.name = a.name
AND b.owner = upper('portal')
AND b.grantee_type = 'GROUP'
AND b.grantee_group_id = c.group_id
AND c.person_id = wwctx_api.get_user_id()
AND b.grantee_user_id = 0 ) ) -
ESS / MSS -- Error in Portal while Accessing Who's Who (Urgent)
Hi Gurus,
I get the following error while accessing who's who, please clarify
Read of object with ID portal_content/com.sap.pct/srvconfig/com.sap.pct.erp.srvconfig.ess.employee_self_service/com.sap.pct.erp.srvconfig.whoiswho/com.sap.pct.erp.srvconfig.fpmapplications/com.sap.pct.erp.srvconfig.whoiswhoapplication failed
some where inside the error log it gives that
Caused by: com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): portal_content/com.sap.pct/srvconfig/com.sap.pct.erp.srvconfig.ess.employee_self_service/com.sap.pct.erp.srvconfig.whoiswho/com.sap.pct.erp.srvconfig.fpmapplications/com.sap.pct.erp.srvconfig.whoiswhoapplication)
Is this becasue of the unavailability of change authorization?
We have'nt actually started the config.
SeraHi,
This is because you have to give end user permissions for the portal user ot access the objects.This is an issue with permission.
refer the note 939412 for solution.
Regards,
Sharadha -
IP Address determination based Portal Roles Access
Dear Experts,
Current Scenario - SAP Portal is accessible directly and via Citrix (VPN).
Based on the URL alias - we have implemented Desktop Filtering.
eg if the URL ends with / internet - You get restricted roles
eg if the URL ends with / intranet - You get wider roles
In Production, we also have Netscaler Reverse Proxy and HTTPs settings in place for External (outside firewall) access.
New Requirement (Example) - Based on the IP address of the client, determine which subnet it falls under and based on that -
If used within Citrix - Provide certain roles
If not used within Citrix - Restricted access / Redirect to a different URL on the redirect server.
Questions - With the current desktop filtering in place based on URL determination and no specific restriction for inside/outside Citrix access -
I believe tweaking SAP Portal Logon logic can get very painful and overtly complicated for such scenarios.
Please suggest which would be a good way to crack this? eg using admin settings at these levels - eg Citrix, Network OS Exit, Reverse Proxy etc based on Best Practise ?
Thanks for your inputs ~ DhanzHi Dhanz,
You are right, it's a complicated scenario.
Unfortunately I am not expert on Citrix, Network OS Exit, Reverse Proxy, etc. But I have discussed this issue with web dispatcher expert colleagues and I believe you can use the IP address as distinguishing criterion / mapping table. Please see the documentation below:
http://help.sap.com/saphelp_nw04/helpdata/en/de/89023c59698908e10000000a11402f/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/24/62c6bacba12442a869a599149227ab/frameset.htm
I hope it helps,
Kind regards,
Lisandro Magnus
Maybe you are looking for
-
Hello, I am on EP7.0 NW04s ECC6.0 and want to create a custom DC using the Floor Plan Manager just like any other ESS Personal Information service like Address,Banks etc. to update a custom infotype. How should I go about this..? Any help would be hi
-
BOL - creation of MarketingProject root object failed
Dear All, I'm trying to create MarketingProject root object in ABAP. I think the problem is with some parameters, but I've tried to provide the same parameters as an existing Marketing Project has, but still got 'creation failed'. Part of code: DATA:
-
FLV video plays in Firefox but not IE... help?
I embedded a FLV file on my company's website. It plays fine in Firefox, but doesn't appear on the website in IE. What am I doing wrong?
-
Hi, How can I delete an existing stock transport order? I did not find any option to delete it in ME22N (Change Purchase Order). Thank you.
-
I am now on my 2nd Iphone 5 and still unable to send sms to selective people. Dont know the reason and this problem even confused the apple supporty staff on my first Iphone 5, so they replaced it. Now the same thing is happening. Does anyone have an