Sso to bw system

Similar Messages

• SSO for application systems with local users?

  Hi all,  I'm new to Oracle Identity Management.  My company is going to implement SSO for inhouse applications.  However, some applications have their own local users (e.g. admin, guest, etc.) who have to login to the application system through the same interface.  We put all organization users in an Oracle enterprise Directory server, which is the authentication backend of the Access Manager.   After implementing webgate, such local users can't get authenticated.  I'd like to know if it's possible to configure particular users/applications to bypass SSO and use local authentication?     Thanks.
  Rgds
  /ST wong

  Possible solution is to create a new entry point for local users. Create two proxies one for actual user entry and another for local user. You can restrict n/w access to proxy with local login so that only few hosts based on your requirement who needs to access system with local accounts. This way you will have two web sites for single application.

• SSO in IDES System

  Hi,
      Is it possible to configure SSO (single signon) between IDES system to SAP EP system.
  Thanku

  I can't find a reason why not. did you tried it?
  Regards
  Juan

• SSO problems after system copy

  Hi,
  We have done a system copy of our PRD system to a new QAS server with new server host name. We also have a new ITS server with a new host name as well. So we now have 2 QAS R/3 systems and 1 portal QAS. I have reconfigured the portal system landscape to point to the new QAS R/3 system but since then SSO has not worked. Here is what I have done :
  1) Through RZ10 added the following parameters to the instance profile :
  login/accept_sso2_ticket=1
  login/create_sso2_ticket
  Checked in SSO2 and login tickets accepted.
  2) Added FQDN to instance profile parameter icm/host_name_full in RZ10
  3) in STRUSTSSO2 deleted old System PSE and created new.
  4) Exported tickets from Portal and added to STRUSTSSO2. Added to certifcate and ACL. Ticket has not expired
  5) Recreated sso tickets and imported back into R/3 with STRUSTSSO2 but still no luck.
  Can anyone help ? Do I need to make any changes in Visual Administrator ? Like adding new r/3 hostname ??
  Thanks
  Craig

  check these links     
  https://forums.sdn.sap.com/click.jspa?searchID=13478788&messageID=5478166     
  https://forums.sdn.sap.com/click.jspa?searchID=13478788&messageID=5429973     
  https://forums.sdn.sap.com/click.jspa?searchID=13478788&messageID=5321462     
  https://forums.sdn.sap.com/click.jspa?searchID=13478788&messageID=5141524

• Trouble using LogonTicket for SSO to ECC System

  Hi,
  I am trying to connect to an ECC System from my portal. I created a system object and filled all relevant fields. When I run the Connection Tests the Connection Test for Connectors fails with
  "Connection failed. Make sure that Single Sign-On is configured correctly"
  I have imported the portal certificate into my backend system. But I still think that there is something wrong with the PSE on my ABAP side...
  When I run the transaction SSO2 it says that the "The Digital Signature for This Certificate Cannot Be Verified" and that there are no entries in the certificate list.
  When I open STRUSTSSO2 the certificate appears in the Certificate List and in the ACL as it should be...
  Any help solving this issue would be appreciated...
  Thanks ahead,
  Bernd

  Hi Bernd,
  Check the parameters in RZ10.
  login/create-sso2_ticket = 2
  login/accept_sso2_ticket = 1
  Good Luck
  Grilo

• SSO and ITS

  Hello,
  We are trying to setup SSO for SAP System. Our architecture looks like this:
  3rd party logon mechanism(via web) --> ITS --> Web Dispatcher --> WAS (BSP's)
  We did extensive research and found that ITS might enable us to do that. But we are not clear if SNC is a must (Which we don't want to do). The documenation is not clear. The current URL without SSO points to Web Dispatcher which get us the bsp pages from the WAS.
  Following is what we want to achieve:
  1. Users will logon to the 3rd party logon mechanism via web(software is installed with APACHE 2.0)
  2. once users are authenticated we need to pass the ID via HTTP header or any other method available to logon to SAP BSP Pages.
  Currently users can logon to 3rd party software which redirects to the BSP application and requests user id and password.
  We are wondering if anyone has done this sort of setup.
  Thanks,

  Hi
  For SSO concept visit (You can also find usage in EP)
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/90277dbd-0401-0010-33a1-ac2c7e3a5659
  <b>Usage across portal:</b>
  Normally Portal provides you a page which has content from different backend applications. Portal actually provides single point of entry to these applications which reside outside Portal. Now with Single SingOn feature user does not have to logon to backend application again. That means when he clicks a link on Portal which points to Backend application, he does not have to enter user and password again for that application.
  for more info
  sso
  Some fundas related to SSO with portal
  What is meant by "SSO across multiple domains"
  some usefull blog
  Step-By-Step Guide to implement Application Integrator
  Hope that helps

• SSO is not working - User is missing credentials for connecting to alias

  Dear Experts,
  I am facing a strange problem in SSO with reference system user mapping.  I have configured reference system user mapping for accessing R/3 for ESS/MSS and transactional iviews along with UWL.  The SSO was configured 2 months ago and was working fine till yesterday.
  Since this Monday, (2 days), the system connection tests are failing on connector.  But, ESS/MSS & Transaction iviews with SAP Logon tickets are working fine. But, while trying to access UWL tasks, SSO is failing. Following is the error message -
  "Exception occured Exception type:com.sap.netweaver.bc.uwl.connect.ConnectorException Message:Tue Aug 11 09:46:58 CEST 2009
  (Connector) :com.sap.portal.connectivity.destinations.PortalDestinationsServiceException:User is missing credentials for connecting to alias <Aliassystem>. Contact your system administrator. "
  I have created a destination for the respective backend in Visual Admin > node >  services > Destinations as some tasks are not visible in UWL as per Note-  1133821, 2 weeks ago.It was working fine till yestreday. While testing from destinations, for Connected User(SAP Logon ticket Assertion ticket) , getting the error message  -
  Error During ping operation:Ticket contain no/an  emplty ABAP user id(refer note 1159962). The destination is successfully connected with configured user.
  But from the Tracecollector logs, I can see that the mapped user is set in the SAP Logon ticket and the User <ABCD> is existing in the target ECC system. More over, the SSO with refence system user mapping is working fine for ESS/MSS and Transaction based iviews. It is failing only for UWL tasks and also in system connection tests for connector. ITS was failing since the beginning.WAS is successful even now.
  Trace file info -
  Mapped user [ABCD] set in SAP Logon Ticket. The authenticated user is [<portaluserid>]. Authentication stack: [ticket]..
  The created ticket is:
  [Ticket [initialized]
    Ticket Version  = 0
    Ticket Codepage =  (Encoding=1100)
    User = <ABCD>
    Issuing System ID    = EPD
    Issuing System Client = 000
    Creation Time = 200908110746
    Valid Time    = 8 h 0 min
    Signature (length=261 bytes)
  I checked tcode SSO2 in ECC system and it is ready for accepting the logon tickets.  The strange thing is single sign on is working for ESS/Transactional iviews and not for UWL. Second thing is UWL was working fine till yesterday morning and stopped working now with SSO problems.
  Can you pls advise where to look for fixing the SSO - missing user details for UWL destination?
  regards,
  Isvarya

  <title>reporting the text as formatted text - Dear Experts,</title>
  <!--[if gte mso 9]><xml>
  <o:DocumentProperties>
    <o:Author>Isvarya Bolisetti</o:Author>
    <o:LastAuthor>Isvarya Bolisetti</o:LastAuthor>
    <o:Revision>2</o:Revision>
    <o:TotalTime>1</o:TotalTime>
    <o:Created>2009-08-11T11:21:00Z</o:Created>
    <o:LastSaved>2009-08-11T11:21:00Z</o:LastSaved>
    <o:Pages>1</o:Pages>
    <o:Words>385</o:Words>
    <o:Characters>2195</o:Characters>
    <o:Company>Bekaert N.V</o:Company>
    <o:Lines>18</o:Lines>
    <o:Paragraphs>5</o:Paragraphs>
    <o:CharactersWithSpaces>2575</o:CharactersWithSpaces>
    <o:Version>11.9999</o:Version>
  </o:DocumentProperties>
  </xml><![endif]><![if gte mso 9]><![endif]><![if gte mso 9]>
  <!--
  /* Style Definitions */
  p.MsoNormal, li.MsoNormal, div.MsoNormal
       {mso-style-parent:"";
       margin:0cm;
       margin-bottom:.0001pt;
       mso-pagination:widow-orphan;
       font-size:12.0pt;
       font-family:"Times New Roman";
       mso-fareast-font-family:"Times New Roman";}
  @page Section1
  div.Section1
  -->
  </style>
  <!--[if gte mso 10]>
  <style>
  /* Style Definitions */
  table.MsoNormalTable
       {mso-style-name:"Table Normal";
       mso-tstyle-rowband-size:0;
       mso-tstyle-colband-size:0;
       mso-style-noshow:yes;
       mso-style-parent:"";
       mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
       mso-para-margin:0cm;
       mso-para-margin-bottom:.0001pt;
       mso-pagination:widow-orphan;
       font-size:10.0pt;
       font-family:"Times New Roman";
       mso-ansi-language:#0400;
       mso-fareast-language:#0400;
       mso-bidi-language:#0400;}
  </style>
  <![endif]><![if gte mso 9]><![endif]><![if gte mso 9]>Mapped user set in SAP Logon Ticket. The
  authenticated user is . Authentication stack: ..
  The created ticket is:
  [Ticket

• SSO issue with BI 4.0 BW and ECC

  We currently have SAP BW 7.3 BOBJ 4.0 ECC and SAP portals.
  We have configured SAP BW, BOBJ and SAP Portal with SSO and that works perfectly fine.
  The issue is that i have Crystal Reports running on ECC that have also to be published to the Portal.
  All BW crystal reports run fine and ECC fails because of SSO -
  What am i missing here -
  Do i need to do something different for ECC
  In CMC  Authentication i have added SAP ECC and imported a role - So now i have 2 ids - one from BW and the other from ECC.
  I know this is not the way to do it but it still does not work.
  What do i need to do to have ECC and BW reports to work with SSO from SAP portal.
  Thanks

  Thank you for your reply Ingo
  I assume that your BusinessObjects Server has the SAP Authentication for BW and ECC configured ?
  *Yes *
  Are the reports for BW and ECC been called from the portal ?
  Yes
  if so then you have one BOE Server, 2 SAP environments and 2 SAP authentications configured and to achieve SSO for all systems you will have to combine the 2 SAP Systems via SNC (for XI 3.1) or via the SSO Token Service in BI4
  We are on BI4 and we have set up SSO Token for BW -
  Are you saying that we have to set up SSO token for BW as well as ECC -
  In CMC - Authentication - SAP  - Options -SAP  SSO Service - it does not give me an option to have 2 systems
  How do i add ECC system there too.
  Regards
  Ryan

• System object create problem in EP 7.3 Version.

  Hi Exports,
  i was created system object in sap ep 7.3 but  i got some error please give me solutions...........
  Connection Test for Connectors:
  : Test Details:
  The test consists of the following steps:
  1. Retrieve the default alias of the system
  2. Check the connection to the back-end application using the connector defined in this system object
  Results
  Default alias retrieved successfully
  Connection failed. Make sure user mapping is set correctly and all connection properties are correct.
  Thanks
  Reddy

  Hi,
  System Object is a set of connection properties to represent an external or SAP systems (SAP R3, /CRM/BW) used to retrieve data into portal iViews. We can create a System Object in any one of the three ways
  The system object can be created from either of the following:
  u2022Based on System Template (Template)
  u2022Based on Portal Content      (PAR)
  u2022Coping Existing Systems     (System)
  The Required Steps to Create a System Object in the portal are as :
  1.          System Alias settings
  2.        Connector settings
  3.        ITS settings
  4.        WAS settings
  5.    User Management Settings
  This may help
  http://wiki.sdn.sap.com/wiki/display/EP/HowtoCreateSystemObjectinthePortalforConnectingtoSAPbackend+System
  https://wiki.sdn.sap.com/wiki/display/EP/User+Management
  Forum links:
  SSO problem for system
  Regards,
  Jyothi.
  Edited by: Venkata Naga Jyothi on Dec 14, 2011 9:58 AM
  Edited by: Venkata Naga Jyothi on Dec 14, 2011 10:04 AM

• System with BI - XLMA Connector

  Hi All,
  I would like to use the BI Integration wizard in VC and as a pre-requisite I followed the below steps ..
  Creating a System with the BI-XLMA connector.
  1.Created a System from par .
  2.Selected “com.sap.portal.systems.BIUDI”
  3.Chose “ SAP_BI_XMLA” as Portal Component
  4.Enter the System ID and Name – Finish – Open Object Editor
  5.Under Property category - 
  Connection Properties
  -Data source name: empty 
  -Server URL: http://server:port/sap/bw/xml/soap/xmla
  -Statefulness : none
  6.User Management –
  Logon Method: SAPLOGONTICKET
  User Mapping Type : user,admin
  7.Create a System Alias and add it
  8.Test Connection :
  ( <i>Result :
  Retrieval of default alias successful
  Connection failed. Make sure user mapping is set correctly and all connection properties </i> )
  Let me if I have wrong somewhere and what could be the possible reason the Connection Test to fail.
  <b>P.S :</b> User is mapped properly with SSO in BI system with Portal
  Thnks,
  NR

  Hi,
  Was able to get the Connection Tests successfull.
  How to ....Resolve VC Issues- PDF  was indeed very helpful.
  Now able to work with the BI Integration Wizard in VC.
  Regards,
  NR

• No User Mapping Defined for the system

  Hi,
  I am trying to create the transcation iView ,here in this i want to run the BW transcation..
  For this i have created the transaction iView with the transaction code in that iview properties i have given the system alias which i have created for the BW system..
  The system which i have created for this is SAP R/3 dedicated...
  when i try to see the preview for this transaction iview it is giving the Error"No user Mapping defined in the system...
  i have done the user mapping also...
  Plz can any one help me in this..
  useful solution will be rewarded...
  Thanks
  Shashank
  Message was edited by: shashank moharana

  Hi Shashank
  the follwoing is total soln for connect EP AND BW and for ITS as well as SSO
  <b>Creating BW system in Portal</b>
  From the portal top-level navigation, choose System Administration -> System Configuration -> System Landscape
  Navigate to Portal Content -> Your SAP Ssytem  Folder  i.e SAP BW
  Right-click on the SAP BW folder, then choose New -> System
  Select SAP system using dedicated application server
  from System Template
  Make the following entries for the BW system you want to connect to the Enterprise Portal
  System Name -
    SAP_BW
  System ID   -
    Any ting u want like SAP_BW or SID of BW
  System ID Prefix -
    com.mycompany
  Master Language  -
    English
  Description   -
  NEXT -> Summary, review the options you selected for the new page.To make changes, choose Back to return to the appropriate screen. Then choose Next till you reach the Summary page, review, and choose Finish
  Choose Open the object for editing and choose OK
  The Property Editor iView will open
  Select Connector in the Property Category dropdown
  Enter the fields below according to your SAP system
  Application Host -
    IP Address of BW system or Host name ( FQDN required for SSO )
  SAP Client  ---  BW system client
  SAP System ID -
  SID of BW
  Server Port -
  3200 default for system number 00
  SAP System Number -
    00 or ur instance number
  <b>System Type  -
    SAP_BW</b>
  NOW,
  Select User Management from the Property Category dropdown list
  Enter the fields below
  Logon Method -
       UIDPW
  User Mapping Type  ---     Admin,user
  Note -: IF u want to use SSO for BW system first selct above and test it with BW system if it's ok than change to following
  Logon Method -
       SAPLOGONTICKET
  User Mapping Type  ---     Admin,user
  choose SAVE.
  Select System Aliases in the Edit dropdown list. This opens the System Alias Editor
  In Alias, enter SAP_BW. Choose the Add button
  Choose Save to save your changes and close the page
  <b>Connect With ITS</b>
  For BW
  In Property Catalog, use the dropdown to select ITS.
  Set your SAP system properties according to Following
  ITS Description -
    Description
  ITS Host Name  -
    Host name : Port for BW system
  <b>If u want to use SSO use FQDN instead of host name</b>
  ITS Path -
  /scripts/wgate
  ITS Protocol -
    http
  Save your settings.
  <i>u can check its for BW by following
  Find a port for BW using IIS manager
  Administrator tools -> Internet Service Manager - >
  extend the HOST
  Find the site created for BW system same like SID of BW system -> right click -> Properties
  TCP Port -- this is used for ur BW system</i>
  in IE  http://host_for_its:Port_for_bw/scripts/wgate/webgui/!
  <b>WAS for BW System</b>
  Select Web Application Server (WAS) in the Property Category dropdown list
  WAS Description  -
  BW WAS
  WAS Host Name -
    Host name : Port for BW system
  <b>use FQDN for SSO</b>
  WAS Path -
  /SAP/BW/Bex
  WAS Protocol -
  http
  Save ur entry.
  <b>User Management  For BW and EP</b>
  Befor u start if u don't use SAP Secu lib during installation
  change the following
  system Administration -> System configuration -> Um configuration -> Direct editing
  find out follwoing
  ume.usermapping.unsecure=False
  change to
  ume.usermapping.unsecure=TRUE
  Save and restart portal server
  ther are so many option available for DATA source u have required doc for using that
  if u have any query for that msg me back
  <b>Mapping Users in the Portal</b>
  if u want to use UIDPW than user must be map to BW system
  go by following
  User Administration -> User Mapping
  select the user u want to map by serch or entering a name
  Choose the Alias for your backend system, for example SAP_BW
  Enter the user id and password for BW user
  save ur changes.
  <b>SSO configuration</b>
  make sure ur Portal ITS and BW WAS system belong to Same
  domain.
  i.e 
  portal.mycompany.com
  its.mycompany.com
  bw.mycompany.com
  if not, u can do by creating a alias into host file for corresponding system
  for SSO follwoing parameter must be set in profile parameter using RZ10 in BW system
  login/accept_sso2_ticket  -
    1
  login/create_sso2_ticket  -
    1
  login/ticket_expiration_time  --- desired value default 60
  now download the portal certificate form follwoing
  System administration -> System configuration -> Keystore
  Administration
  donload verify.der file save it it's like verify.der.zip
  extract it than u can get verify.der
  now in BW system using trans.  STRUSTSSO2
  in the certificate section choose import certificate
  choose the file tab enter the path of the portal's verify.der file
  set the file format to DER coded
  in the trust manager choose ADD to PSE and Choose
  ADD to ACL
  in the dialog box enter the portal system's id (SID) and client
  by default portla system ID is the common name (CN) and client is 000
  save ur entry and restart the BW server
  this are the basci configuration if u have any query related to it msg me back
  regards,
  kaushal

• System Configuration - SAP Web AS Connection - connection tests error

  hi
  I have a SAP ECC 6.04 and sap portal 7.01
  When I entered in option System Administration / System Configuration / System Landscape / Portal Content Tree / Systems / SAP_ECC (System created by me)
  I founded the following error (in  SAP Web AS Connection / Tests the connection to an SAP Web Application Server  )
  SAP Web AS Connection
    Test Details:
  The test consists of the following steps:
  1. Checks the validity of system ID in the system object.
  2. Checks if the system can be retrieved from the PCD.
  3. Check whether a SAP system is defined in the system object
  4. Validate the following parameters: WAS protocol; WAS host name
  5. Checks if the host name of the server can be resolved.
  6. Pings the WAS ping service; works only if the service is activated on the ABAP WAS.
  7. Checks HTTP/S connectivity to the defined back-end application
    Results
  1. The system ID is valid
  2. The system was retrieved.
  3. The system object represents an SAP system
  4. The following parameters are valid: Web AS Protocol (http) Web AS Host Name (htc-svr-erp.humantech.es:4200)
  5. The host name htc-svr-erp.humantech.es was resolved successfully.
  6. The Web AS ping service http://htc-svr-erp.humantech.es:4200/sap/bc/ping was not pinged successfully. If the ping service is not activated on the Web AS, you can try to call the ping service manually.
  7. An HTTP/S connection to http://htc-svr-erp.humantech.es:4200 was not obtained successfully; this might be due to a closed port on the Firewall.
  ...also see a red "X" near a title SAP Web AS Connection
  I have other system (old system). It dont have the last error, I show the properties of  the "old system"(without error) and the "new system" (with error)  for your analisys
  In "old sap system",  stack java + abap
  http://img830.imageshack.us/img830/9755/oldsysstack.jpg
  In "new sap system", stack java separated abap
  http://img97.imageshack.us/img97/8627/newsysstack.png
  <u>In Portal</u>
  In "old system", I created "SAP_HCM" System
  In "new system", I created "SAP_ECC" System
  The "Connector" view  (<b><i>Object</i></b> Option)
  http://img706.imageshack.us/img706/3776/oldsysconnector.jpg (Old System)
  http://img269.imageshack.us/img269/914/newsysconnector.jpg (New System)
  *The "Internet Transaction Server (ITS)" view  (<b><i>Object</i></b> Option)
  http://img824.imageshack.us/img824/5043/oldsysits.jpg  (Old System)               
  http://img822.imageshack.us/img822/1314/newsysits.jpg (New System)
  The "User Management" View  (<b><i>Object</i></b> Option)
  http://img20.imageshack.us/img20/8646/oldsysuserman.jpg  (Old System)     
  http://img97.imageshack.us/img97/5339/newsysuserman.jpg  (New System)
  The "Web Application Server" View  (<b><i>Object</i></b> Option)
  http://img101.imageshack.us/img101/6155/oldsyswas.jpg (Old System)     
  http://img69.imageshack.us/img69/434/newsyswas.jpg (New System)
  My question of this view is: Is correct the Server port "4200" in New System? or Is correct the Server port "80+instance" in Old System?
  I run tcode RZ10 in backend after "Extended Maintenance"
  http://img15.imageshack.us/img15/8711/oldsysrz10.jpg (Old System)  (Here do not exist parameter icm/server_port_1 )
  http://img512.imageshack.us/img512/9268/newsysrz10.jpg (New System)  (Here do not exist parameter icm/HTTP/j2ee_0 ,  is it correct?)
  <i>Which of these two syntax is correct? 80 + instance or 4200 (any number of port)</i>
  also in SAP Systems, I run tcode SICF and enter in "Port Information"
  http://img265.imageshack.us/img265/5281/oldsysport.jpg  (Old System) (two ports)
  http://img441.imageshack.us/img441/7905/newsysport.jpg (New System) (three ports)
  The "Information" view (<b><i>Object</i></b> Option)
  http://img13.imageshack.us/img13/2012/oldsysinfo.jpg  (Old System)
  http://img714.imageshack.us/img714/6941/newsysinfo.jpg  (New System)
  My question is, Why in "Old System" the parameter "Created By" is "pcd_service"? is automatic?
  because the paremeter "Created by" is the user j2ee admin , I created the system manually or Should the user create pcd_service ?
  The "No Category" group  (<b><i>Object</i></b> Option)
  http://img827.imageshack.us/img827/8215/oldsysnoncat.jpg (Old System)
  http://img193.imageshack.us/img193/3800/newsysnoncat.jpg (New System) (in this System does not exist the parameter sysnr , is it correct?)
  The <i>"Permisions"</i> Option
  http://img825.imageshack.us/img825/886/oldsyspermin.jpg (Old System)
  http://img243.imageshack.us/img243/2057/newsyspermin.jpg (New System)     
  The <i>"Delta Link Tracer"</i> Option
  http://img716.imageshack.us/img716/798/oldsysdelta.jpg (Old System) (two levels)
  http://img828.imageshack.us/img828/8057/newsysdelta.jpg  (New System) (three levels, is it correct?)
  the other view the same (Old Sytem and New System)
  The <i>"Connection Test"</i> Option
  http://img412.imageshack.us/img412/5789/oldsystest.jpg
  http://img243.imageshack.us/img243/5237/newsystest.jpg
  Edited by: Ivan Quiroz on Sep 21, 2010 12:42 PM

  <br> <b><font color=blue> Excuse me, because the message Editor has problems, I edited with html tags for best view </font></b>
  <br>
  <br>hi
  <br>
  <br>I have a SAP ECC 6.04 and sap portal 7.01
  <br>
  <br>When I entered in option <b>System Administration /System Configuration /System Landscape / Portal Content Tree / Systems /SAP_ECC</b> (System created by me)
  <br>
  <br>I founded the following error (in  SAP Web AS Connection / Tests the connection to an SAP Web Application Server  )
  <br>
  <br> <b>SAP Web AS Connection</b>
  <br>  <b>Test Details:
  <br>The test consists of the following steps:
  <br>1. Checks the validity of system ID in the system object.
  <br>2. Checks if the system can be retrieved from the PCD.
  <br>3. Check whether a SAP system is defined in the system object
  <br>4. Validate the following parameters: WAS protocol; WAS host name
  <br>5. Checks if the host name of the server can be resolved.
  <br>6. Pings the WAS ping service; works only if the service is activated on the ABAP WAS.
  <br>7. Checks HTTP/S connectivity to the defined back-end application
  <br>
  <br>Results
  <br>1. The system ID is valid
  <br>2. The system was retrieved.
  <br>3. The system object represents an SAP system
  <br>4. The following parameters are valid: Web AS Protocol (http) Web AS Host Name (htc-svr-erp.humantech.es:4200)
  <br>5. The host name htc-svr-erp.humantech.es was resolved successfully.
  <br>6. The Web AS ping service http://htc-svr-erp.humantech.es:4200/sap/bc/ping was not pinged successfully. If the ping service is not activated on the Web AS, you can try to call the ping service manually.*
  <br>7. An HTTP/S connection to http://htc-svr-erp.humantech.es:4200 was not obtained successfully; this might be due to a closed port on the Firewall.
  </b>
  <br>
  <br>...also see a red "X" near a title SAP Web AS Connection
  <br>
  <br>I have other system (old system). It dont have the last error, I show the properties of  the "old system"(without error) and the "new system" (with error)  for your analisys
  <br>
  <br>In "old sap system",  stack java + abap
  <br>
  <br><a href=http://img830.imageshack.us/img830/9755/oldsysstack.jpg>Stack Java + Abap<a>
  <br>
  <br>In "new sap system", stack java separated abap
  <br>
  <br><a href=http://img97.imageshack.us/img97/8627/newsysstack.png>Stack Java and Stack Abap</a>
  <br>
  <br><u><b>In Portal</b></u>
  <br>
  <br>In "old system", I created "SAP_HCM" System
  <br>In "new system", I created "SAP_ECC" System
  <br>
  <br>The <b>"Connector"</b> view  (<b><i>Object</i></b> Option)
  <br>
  <br><a href=http://img706.imageshack.us/img706/3776/oldsysconnector.jpg> (Old System)</a>
  <br><a href=http://img269.imageshack.us/img269/914/newsysconnector.jpg> (New System)</a>
  <br>
  <br>The <b>"Internet Transaction Server (ITS)"</b> view  (<b><i>Object</i></b> Option)
  <br>
  <br><a href=http://img824.imageshack.us/img824/5043/oldsysits.jpg>  (Old System) </a>               
  <br><a href=http://img822.imageshack.us/img822/1314/newsysits.jpg> (New System) </a>
  <br>
  <br>The <b>"User Management"</b> View  (<b><i>Object</i></b> Option)
  <br>
  <br><a href=http://img20.imageshack.us/img20/8646/oldsysuserman.jpg>  (Old System)     </a>
  <br><a href=http://img97.imageshack.us/img97/5339/newsysuserman.jpg>  (New System) </a>
  <br>
  <br>The <b>"Web Application Server"</b> View  (<b><i>Object</i></b> Option)
  <br>
  <br><a href=http://img101.imageshack.us/img101/6155/oldsyswas.jpg> (Old System) </a>     
  <br><a href=http://img69.imageshack.us/img69/434/newsyswas.jpg> (New System) </a>
  <br>
  <br>My question of this view is: Is correct the Server port "4200" in New System? or Is correct the Server port "80+instance" in Old System?
  <br>
  <br>I run tcode RZ10 in backend after "Extended Maintenance"
  <br>
  <br><a href=http://img15.imageshack.us/img15/8711/oldsysrz10.jpg> (Old System)  (Here do not exist parameter <i>icm/server_port_1</i> )</a>
  <br><a href=http://img512.imageshack.us/img512/9268/newsysrz10.jpg> (New System)  (Here do not exist parameter <i>icm/HTTP/j2ee_0</i> ,  is it correct?)</a>
  <br>
  <br><i>Which of these two syntax is correct? 80 + instance or 4200 (any number of port)</i>
  <br>
  <br>also in SAP Systems, I run tcode SICF and enter in "Port Information"
  <br>
  <br><a href=http://img265.imageshack.us/img265/5281/oldsysport.jpg>  (Old System) (two ports) </a>
  <br><a href=http://img441.imageshack.us/img441/7905/newsysport.jpg> (New System) (three ports) </a>
  <br>
  <br>The <b>"Information"</b> view (<b><i>Object</i></b> Option)
  <br>
  <br><a href=http://img13.imageshack.us/img13/2012/oldsysinfo.jpg>  (Old System) </a>
  <br><a href=http://img714.imageshack.us/img714/6941/newsysinfo.jpg>  (New System) </a>
  <br>
  <br>My question is, Why in "Old System" the parameter "Created By" is "pcd_service"? is automatic?
  because the paremeter "Created by" is the user <i>j2ee admin</i> , I created the system manually or Should the user create <i>pcd_service</i>?
  <br>
  <br>The <b>"No Category"</b> group  (<b><i>Object</i></b> Option)
  <br>
  <br><a href=http://img827.imageshack.us/img827/8215/oldsysnoncat.jpg> (Old System)</a>
  <br><a href=http://img193.imageshack.us/img193/3800/newsysnoncat.jpg> (New System) (in this System does not exist the parameter <i>sysnr</i> , is it correct?) </a>
  <br>
  <br>The <i><b>"Permisions"</b></i> Option
  <br>
  <br><a href=http://img825.imageshack.us/img825/886/oldsyspermin.jpg> (Old System) </a>
  <br><a href=http://img243.imageshack.us/img243/2057/newsyspermin.jpg> (New System) </a>
  <br>          
  <br>The <i><b>"Delta Link Tracer"</b></i> Option
  <br>
  <br> <a href=http://img716.imageshack.us/img716/798/oldsysdelta.jpg>(Old System) (two levels) </a>
  <br> <a href=http://img828.imageshack.us/img828/8057/newsysdelta.jpg>  (New System) (three levels, is it correct?) </a>
  <br>
  <br>the <i><b>"System Aliases"</b></i> Option
  <br>
  <br> <a href=http://img265.imageshack.us/img265/7574/oldsysalias.jpg> (Old System) </a>               
  <br> <a href=http://img256.imageshack.us/img256/9817/newsysalias.jpg>  (New System)  </a>          
  <br>
  <br>The <i><b>"Connection Test"</b></i> Option
  <br>
  <br>I based in  <a href= http://img64.imageshack.us/img64/6638/essalias.jpg> ESS SAP Documentation </a>
  <br>
  <br> In the seven point is diference (blue box) in the <a href=http://img412.imageshack.us/img412/5789/oldsystest.jpg> (Old System) (SAP_HCM System) (An HTTP/S connection to http://htc-svr-sap.humantech.es:8004 was obtained successfully.) </a> and <a href=http://img243.imageshack.us/img243/5237/newsystest.jpg> (New System) (SAP_ECC System) (An HTTP/S connection to http://htc-svr-sap.humantech.es:8004 was obtained successfully.)</a>
  <br>
  <br> I desactivated Firewall in my SAP Server and reviewed in <a href=https://forums.sdn.sap.com/thread.jspa?threadID=946905>SAP Forums </a> my problem but nothing
  <br>
  <br><b>Could This error also could be the problem that I get an error in the JCO Destination?</b>
  <br>
  <br> <a href=http://img819.imageshack.us/img819/826/oldsysjcosso.jpg>(Old System) (Succesfully)</a>                
  <br> <a href= http://img822.imageshack.us/img822/4226/newsysjcosso.jpg>(New System) (com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: Issuer of SSO ticket is not authorized)</a>
  <br>
  <br> because I configure SSO correctly (I configured last year SSO in "Old System"),I run tcode SSO2
  <br>
  <br> <a href=http://img709.imageshack.us/img709/7194/oldsyssso2.jpg>(Old System)SSO2 Tcode</a>                
  <br> <a href=http://img830.imageshack.us/img830/9704/newsyssso2.jpg>(New System)SSO Tcode</a>                
  <br>
  <br> <a href=http://img185.imageshack.us/img185/9279/newsyssso22.jpg>(Old System) SSO2 Tcode Details</a>
  <br> <a href=http://img227.imageshack.us/img227/416/oldsyssso22.jpg>(New System) SSO2 Tcode Details</a>                
  <br>
  <br> <a href=http://img530.imageshack.us/img530/8710/newsyslog.jpg>(New System) In the SAP Logs: *** J2EE_ADM_DA1 | USERMAPPING.USE | USER.R3_DATASOURCE.J2EE_ADM_DA1 | | systemtype=[(none)], system=["UMESystemLandscapeDummy"], uses strong encryption=[false], remote user ID=[(none)] ***
  </a>

• Error when Enabling SSO in ESS/MSS  for My SAPERP2004

  Hi Friends,
  Form past 3 days i am trying to enable SSO for my Enterprise portal to MySAPERP2004.
  We have installed EP rapidinstaller sp14 in our system, since it is preconfigured, we are now trying to enable SSO to myERP system after maintaining JCO destination.
  We have followed the procedure which is given in webclog called COnfiguring ESS, here the configuration part contains only assigning user to Employee on MySAPERP2004 side.
  But if we did the correct steps also, when we are testing it in maintaining JCO destinations in webdynpro part, it is showing the following error:
  com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: The system is unable to interpret the SSO ticket received
  and i searched for the solution in several forums but i couldnot get solution.
  Please put your suggestions to solve this problem.
  Thanks in advance,
  Sireesha.B

  Did you follow step-by-step guide on
  Configuring The Business Package For Employee Self Service (ESS)-mySAP ERP 2004
  James

• SSO within XI

  Hello all,
  I implemented SSO on one System and it's working fine withing the "java world". The spring form java-world into abap world is working also. But the spring from abap-world into java-world is not working. Each time when I invoke one transaction, which opens a browser (java application or i.e. workbench runtime), I have to log on again. After first log-on into java-world I do not have to login again.
  Is it a a bug or a feature?
  An is it possible to implement sso so that I need to log on just once in Abap-word and then spring in to java-world without new log-on.
  The SSO was implemented according this docu:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/69d95112-0d01-0010-8297-fa31feea26e0
  br
  Muris
  Edited by: Muris Muzaferija on Mar 10, 2008 4:37 PM

  Hi Muris,
  On java stack even if SSO is enable always for the first time you should give your userid and pwd. From the next time you dont need to give. To ignore for the first time also once when you enter your userid and pwd for the first time click the Remember my password option so that next they will autofill and you only need to click on OK.
  Regards,
  ---Satish

• Connectivity ISSue  SSO

  HI Team
           trying to create the SSO connectivity gone through all the steps
  its throwing an error whem trying to access the transaction
  Error : Partner not reached
             cannot assign requested address
  Please help with hthis
  Thanks & Regards
  Madhu

  Dear madhu,
  Please find the below blogs written by me which will guide you through SSO Configuration and system creationin EP.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/80955d0f-ae67-2b10-35a3-c2efec2ba42c
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/90b90eac-df95-2b10-76a9-b12aaee8ec70
  As you said you have followed all the steps ,please find the below checklist may be it helps you resolve your issue:
  CHECKLIST FOR SSO
  you are using fully qualified domain names in the system landscape definition and when accessing the portal;
  your certificate hasn't expired;
  your backend RZ10 settings are correct (login/accept_sso2_ticket);
  you have uploaded the certificate to the backend system (STRUSTSSO2);
  there is an entry in the ACL table (TWPSSO2ACL) in the back end client you are connecting can be reached by SM30;
  you have the same username in the portal and back end OR you have set up user mapping.
  If you use transaction SSO2 (that's the letter o) and enter NONE for the RFC destination, that will check the value of the login/accept_sso2_ticket and a few other things.
  Hope the above inforamtion is helpful to you.
  Regards
  Pooja Gehani