SSO to ITS via EP6

Ok all knowing people, I have this working in EP5 but, can't get it working in EP6.
Our Portal:
EP6 SP2 Pack3 Hotfix7.  Working like a champ.  However, SSO to our ITS box will not work.
I have downloaded and am using the SAP application integrator.  After creating the ITS System I make an Iview with com.sap.portal.appintergrator.sap with the generic component selection. 
Url template is HTTPS://its.server.net/scripts/wgate/webgui/! ?<authentication>
Template fraction for user mapping:
    login=<mappeduser>&password=<mappedpassword>
After I run the Iview I get a runtime error.
"Unable to process template https://its.server.net/scripts/wgate/webgui/! ?<authentication> because authentication is an invalid terminal property of the context."
Am I going in the wrong direction?  Do you know of anyone that is running a webgui within an Iview with SSO?

Hi,
you have to create a "SAP Transaction iView" instead of using the app integrator.
==> right click on the desired folder in the PCD ==> choose "New" and "iView" ==> choose "SAP Transaction iView" ==> enter the ID info ==> choose the GUI type ("SAP Gui for HTML in your case) ==> select your SAP system and enter the desired transaction code ==> save
Regards,
Michael

Similar Messages

  • SSO to ITS error

    Good day,
    I have a problem when trying to connect to ITS via SSO. This has all been set up and it works fine. Problem arises when I deactivate my user's password (delete the password) on the R/3 end and whenever I try to log to the ITS via SSO, an error message "USER_HAS_NO_PASSWORD" appears.
    Could this be a configuration setting that needs to be set up?
    ITS: release 6200 patchlevel 1022 patchno 63326 build 16160160
    Resolved: Partially resolved by following Note 1068459.
    Message was edited by:
            E. Blueprint Basis
    Message was edited by:
            E. Blueprint Basis

    Found the cause of the problem in OSS Note 1068459.

  • SSO between ITS 620 R/3 and EP

    Hi,
    I need to use ITS 620 for R/3 4.7 and EP 6.0 for ess/mss implementation
    I have to configure SSO between R/3 and EP.
    Do I also need to configure SSO between ITS and R/3 , ITS and EP also for this?
    If yes can any one tell me the steps in configuring SSO between ITS and R/3, ITS and EP ?
    advance thanks,
    PK

    UPDATE:
    I have installed a portal (SAp netweaver 7.0 Java stack) and have connected it to a ECC6.0 SR3 backend and I needed only to configure the SSO between portal and backend abap instance, and all worked fine. There was no need to configure the SSO between the integrated ITS and abap instance.
    About the error  message mentioned in my previous forum entry:
    I did not only do the steps for SSO between portal and backend as described in the blog "Configuring the Business Package for Employee Self-Service (ESS)", but I also did all the additional steps as mentioned in "10 golden rules of SSO".
    After that the error message "SSO logon not possible; logon tickets not activated on the server" did not appear anymore. (Instead a screen that asks for username and password always appears with the warning "No switch to HTTPS occurred, so it is not secure to send a password". But I think that's ok.)

  • User assgined to a group, SSO to ITS is not working

    We had our security group add a ESS-User group.  We imported 500 users and assigned them to that group.  When logging into EP, we are getting access to the correct tabs, but ITS is requiring us to login. 
    But when logging in as a user that is not assigned to this group, the SSo to ITS is working. 
    What setup step are we missing?  Are we supposed to configure something in Visual Administrator.

    Hi Dena,
    A logon trace might provide the cause of the problem. See SAP note 495911 for starting.
    Thanks and regards,
    Dieter

  • SSO to SAP via SAP Logon Group

    Hi,
    I've tried to configure SSO to SAP via SAP logon group. When trying this I'll get the following error:
    Connect to message server failed Connect_PM MSHOST=<server>, R3NAME=IB1, GROUP=IB1_Web LOCATION CPIC (TCP/IP) on local host ERROR The message received isn't from a message server. Are you really connected to the message server? Please check your connection parameters. (<server> / sapmsIB1) TIME Tue Dec 16 16:48:49 2008 RELEASE 640 COMPONENT MS (message handling interface, multithreaded) VERSION 4 RC -2
    I've also configured the file services under winnt\system32\drivers\etc on the BO server with the following line:
    +sapmsIB1      443/tcp     +
    Is there anything I'll have to configure too? Or what does this error mean? The server which I have tried to reach is a message server.
    Thanks in advice.
    Claudia

    HI Ingo,
    yes I can connect with SAP GUI via message server and application server. I can also connect with BO via sso to the application server. Only the message server failed.
    I have now found out that I had the wrong port. But also the right port doesn't work. I have tested the port with telnet. The port is reachable.
    Thanks
    Claudia

  • Configure SSO for ITS to R/3 using SNC/Kerberos

    Our R/3 systems had been configured for SSO using SNC and Kerberos for awhile now.  We now have a requirement to configure SSO between ITS and R/3.  Since our R/3 env. has been using kerberos library, we won't be able to use SAP Cryptographic library.  I had modified the registry, environment and services in itsadmin to point to the kerberos library and principal names for agate and r/3 servers as described in SNC User Guide; also, I updated table SNCSYSACL with the Agate SNC name.  That seems to work fine.  From the trace file, it recognized GSS-API library for Kerberos and the SNC name for Agate.  However, when I tried to logon to R/3 from ITS, I still am being prompted with the logon screen to enter my SAP account/password.
    I found several whitepapers and documentations stating that ITS does support Kerberos for SSO but I couldn't find any procedure on how to implement it.  Following is the error I'm getting from the sapbasis.trc file but I can't find any document on this error:
    =====================================================
    [Thr 5284] SncInit(): Initializing Secure Network Communication (SNC)
    [Thr 5284]       PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/32/32)
    [Thr 5284] SncInit(): Trying environment variable SNC_LIB as a
          gssapi library name: "C:\WINNT\system32\gsskrb5.dll".
    [Thr 5284]   File "C:\WINNT\system32\gsskrb5.dll" dynamically loaded as GSS-API v2 library.
    [Thr 5284]   The internal Adapter for the loaded GSS-API mechanism identifies as:
      Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
    [Thr 2888] Sun Jan 15 22:44:59 2006
    [Thr 2888] <<- ERROR: SncSetParam()==SNCERR_PARAM_DENIED
    [Thr 2888] *** WARNING => NO Domain! domain==NULL means: No domain at all within the cookie. [sapss1_loctr 333]
    [Thr 2888] Sun Jan 15 22:45:29 2006
    [Thr 2888] *** WARNING => NO Domain! domain==NULL means: No domain at all within the cookie. [sapss1_loctr 333]
    =====================================================
    Does anyone know what am I missing?  Any help is greatly appreciated.
    Thank you!
    Diem

    Hi Markus,
    I also just installed/configured PAS for LDAP authentication using the "PAS for External Authentication Mechanisms" documentation.  I think the domain problem probably due to not having the external authentication mechanism install (in this case - PAS).  Does that sound right to you?
    I tried both options for ~extid_type parameter = "LD" and "UN".  I added the DN information to table USREXTID when ~extid_type="LD" but both options gave me error of "LDAP authentication failed".  I increased the trace level for sapextaut.trc but I don't see enough detail information.  Following are the errors/data from the trace file.  Can you please let me know how I can tell what string is being passed for authentication? 
    I'm quite sure the LDAP host and port data is correct since we've been using the same information for the SAP LDAP connector and we've been using our LDAP connector between MS AD and R/3 for a long time without any problem. 
    To logon to R/3 through ITS, I entered the AD account (CN attribute in AD) when I got the errors.
    Thank you very much for all your help.
    Diem Tran
    Trace:
    =====================================================
    2006-01-18T01:39:30.734 p001688 t4992 s0158B4E8 [sapextauth,  437]: W sapextauth: PAS session begins...
    2006-01-18T01:39:30.734 p001688 t4992 s0158B4E8 [sapextauth,  456]:     sapextauth: SncNameR3 is:    "p:na1adm/[email protected]"
    2006-01-18T01:39:30.734 p001688 t4992 s0158B4E8 [sapextauth,  462]:     sapextauth: SncNameAGate is: "p:[email protected]"
    2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth,  468]:     sapextauth: SNC_LIB is:      "C:\WINNT\system32\gsskrb5.dll"
    2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth,  568]:     sapextauth: XGatConnectSession leaving....
    2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth,  616]:     sapextauth: XGatHandleLogin called....
    2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth,  976]:     sapextauth: Entering XGatHandleLogin with LDAP...
    2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth,  993]: W Either ~login or ~password missing, returning XGDKRCloginrequired.
    2006-01-18T01:39:50.281 p001688 t4992 s00000000 [sapextauth,  398]:     sapextauth: XGatEventOpenSession called...
    2006-01-18T01:39:50.281 p001688 t4992 s0158B4E8 [sapextauth,  616]:     sapextauth: XGatHandleLogin called....
    2006-01-18T01:39:50.281 p001688 t4992 s0158B4E8 [sapextauth,  976]:     sapextauth: Entering XGatHandleLogin with LDAP...
    2006-01-18T01:39:50.296 p001688 t4992 s0158B4E8 [sapextauth, 1059]:     sapextauth: LDAP port ist 389
    2006-01-18T01:39:50.296 p001688 t4992 s0158B4E8 [sapextauth, 1261]: E sapextauth: LDAP authentication failed.
    2006-01-18T01:39:50.296 p001688 t4992 s0158B4E8 [sapextauth, 1277]: E sapextauth: Wrong try for user Tran_Diem
    2006-01-18T01:39:59.140 p001688 t4992 s00000000 [sapextauth,  398]:     sapextauth: XGatEventOpenSession called...
    2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth,  616]:     sapextauth: XGatHandleLogin called....
    2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth,  976]:     sapextauth: Entering XGatHandleLogin with LDAP...
    2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 1059]:     sapextauth: LDAP port ist 389
    2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 1261]: E sapextauth: LDAP authentication failed.
    2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 1277]: E sapextauth: Wrong try for user Tran_Diem
    =======================================================

  • Problem accessing R/3 with SSO ticket from the EP6.0

    Hi all,
    I have seen this thread: Problem accessing R/3 with SSO ticket from the EP6.0
    I know that it is possible to read SSO ticket from the Cookie in WebDynpro application.
    Now we are at the first step, we don't know how to read SSO ticket from the Cookie in WebDynpro application with java code.
    So anyone can help us?

    Hi,
    This has been discussed in a previous forum.Check this link.A code snippet is also there to read a cookie in webdynpro with this question
    How to implement SSO between Portal, Webdypro and ABAP system?
    I am not able to send the link exactly.
    Regards,
    Sowjanya.
    Message was edited by: Sowjanya Chintala

  • Cannot get ITS SSO to work with EP6 Sp15

    I am having problems with SSO from EP6 to ITS (my EP5 to the same ITS works great).
    This is what I have done.....
    It is a R3 4.6C system so I wondered if any patches were needed....however I have got SSO working with the SAP Win GUI - so this tells me that the R3 system and the imported verify.der certificate is OK.
    The connection test for ITS works - so this tells me the parameters in the System are correct.
    The parameter mysapcomusesso2cookie is set to 1 - and this is the same ITS system that is used for SSO between the EP5 portal and R3....and it works in this case.
    I have set only the following parameters in the System:
    ITS Description = Test1
    ITS Host Name = myportal.com:91
    ITS Path= /scripts/wgate
    ITS Protoco = http
    Logon Method = LOGONTICKETS
    Anything else I may be missing?
    Thanks
    Patrick

    Hi
    What mean "FQDN"?
    I must 'dots' in my address..?
    Bogdan

  • SSO - integrated ITS - SRM 5(EBP)

    Hi all,
    I am just wondering if we need Java stack in order to set up Single sign on for SRM/EBP shopping cart (bbpstart).
    We are on SRM Server 5.5 with integrated ITS. We don't have Portal. We currently have SSO implemented on all Gui interfaces for all SAP systems via Active directory.
    What is the correct documentation for my case?
    Thanks a lot and looking forward to hearing from any good instruction,
    Kev

    Hi,
        If your password field is already pre filled with some value due to which you are unable to enter the password then you need to maintain the foll parameers in RZ10:
    The foll tasks need to carried out preferably by a BASIS person after which you need to restart the SRM server for changes to be effective:-
    1.Select the instance profile in RZ10 and  goto Extended maintainence.
    2.login/create_sso2_ticket  = 2
       login/accept_sso2_ticket   = 1
    Also check if the values for the SRM server are properly maintained in the table TWPURLSVR.
    HTH.
    BR,
    Disha.
    Pls reward points for useful answers.

  • SSO and ITS

    Hello,
    We are trying to setup SSO for SAP System. Our architecture looks like this:
    3rd party logon mechanism(via web) --> ITS --> Web Dispatcher --> WAS (BSP's)
    We did extensive research and found that ITS might enable us to do that. But we are not clear if SNC is a must (Which we don't want to do). The documenation is not clear. The current URL without SSO points to Web Dispatcher which get us the bsp pages from the WAS.
    Following is what we want to achieve:
    1. Users will logon to the 3rd party logon mechanism via web(software is installed with APACHE 2.0)
    2. once users are authenticated we need to pass the ID via HTTP header or any other method available to logon to SAP BSP Pages.
    Currently users can logon to 3rd party software which redirects to the BSP application and requests user id and password.
    We are wondering if anyone has done this sort of setup.
    Thanks,

    Hi
    For SSO concept visit (You can also find usage in EP)
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/90277dbd-0401-0010-33a1-ac2c7e3a5659
    <b>Usage across portal:</b>
    Normally Portal provides you a page which has content from different backend applications. Portal actually provides single point of entry to these applications which reside outside Portal. Now with Single SingOn feature user does not have to logon to backend application again. That means when he clicks a link on Portal which points to Backend application, he does not have to enter user and password again for that application.
    for more info
    sso
    Some fundas related to SSO with portal
    What is meant by "SSO across multiple domains"
    some usefull blog
    Step-By-Step Guide to implement Application Integrator
    Hope that helps

  • SSO to ITS through WebSEAL gives secure/non-secure messages

    Hi
    We running the following setup:
    EP6 SP14
    Stand-alone ITS 6.20 patch 18
    4.7 R/3 Enterprise
    TAM/WebSEAL 5.1
    We are running SSO through WebSEAL to the portal and everything seems to be working just fine.
    But when we try to access a transactional iView or an IAC iView running on the ITS server I get a pop-up message saying "This page contains both secure and nonsecure items."
    We are accessing WebSEAL through HTTPS, we are running HTTPS between WebSEAL and the portal and HTTP between WebSEAL and ITS.
    I have tried to access the ITS through WebSEAL without using the portal, and I still get the message. So it must be something between the WebSEAL and the ITS server.
    Does anybody have any ideas what is causing this?
    Cheers,
    Jacob Vennervald

    The "secure and non-secure" message, displayed when accessing ITS through WebSEAL when using IE and HTTPS, is caused by an empty source reference (<IFRAME ... SRC="" ...>) within the ITS menu page (...d_menu.html).
    The integration guide, available on the <a href="http://www-1.ibm.com/support/docview.wss?uid=swg24003605">IBM website</a> and the <a href="http://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/developerareas/ibm">SAP SDN</a>, contains the information on how to stop the message from appearing.
    The message should not be displayed when accessing ITS through WebSEAL using HTTP.
    Regards,
    Peter Tuton.

  • SSO To ITS not working

    Hi Experts,
    Here is the issue:
    I have 2 Internal Portals SP and EP.
    1.If I open SP Portal from Internet Explorer, SSO Tickets are getting generated and I am able to Login using SSO to SP - ITS machines.
    2.If I open EP Portal from Internet Explorer and In the same Browser If I open SP Portal,now I am unable to Login using SSO to SP - ITS Machines.It is showing logon screen.
    The Issue might be SSO Tickets generated by EP Portal do not subsequently allow SSO to SP ITS Machines.
    Could you please let me know where exactly goes wrong,and where should I make changes to rectify this issue.
    Any help would be highly appreciated.Thankx in advance.
    Regards,
    Karthick

    Hi Karthick,
    This blog might be interesting for troubleshooting.
    /people/dennis.kleymeonov/blog/2005/09/15/connecting-sap-systems-to-enterprise-portal-with-sso
    You might also get more information with the hints given in SAP note 495911.
    Thanks and regards,
    Dieter

  • SSO between ITS and EP

    We are implementing ESS MSS on 4.7 , ITS 4.7 with EP 6.0
    Can some one point me as to how to configure the SSO between these various landscapes. I Think we would require SSO between EP and ITS for ESS in MSS services.
    regards
    Sam
    Message was edited by:
            sameer chilama

    Hi Sameer,
    All the information you are looking for is in the help.sap.com
    http://help.sap.com/saphelp_nw04/helpdata/en/89/6eb8e1af2f11d5993700508b6b8b11/frameset.htm
    This help guide is really very clear and thorough.
    Regards
    Daniel

  • Is it possible to send data to ITS via POST?

    Hi guys!
    I need to call SAP transaction via thin client and I need to make a call via POST, cos' I need to send there some data to process. Is it possible?
    Thanx, Peter

    Hi Peter,
    First some information about parameter transfer with ITS in general.
    http://server:port/scripts/wgate/<service name>/!?transaction=<transaction_name>&<inputfieldname1>=<value1>&<inputfieldname2>=<value2>&okcode=<okcode>
    The parameters can als be transferred as POST parameters. For this you need a form e.g.
    <form name="<form name>" method="post" action="`wgateURL() ...
    You might get some ideas by studying the login.html in the templast folder system of your ITS instance.
    Thanks and regards,
    Dieter

  • External Facing Portal with access to ITS via Transaction Iview

    Hi Experts,
    We have a requirement to make the portal available externally for third party vendors to access ECC transactions.  We have configured a URL with a reverse proxy to the portal server.  Portal loads fine from outside the network, but when launching a transaction I-view, a page cannot be displayed error comes up in IE-8 and Chrome says it cannot access the ECC server. 
    I've searched the forums and come up with a couple of tips, but that brings on a couple more questions. 
    It seems you can direct traffic from external URL to portal server:port, but when launching an transaction I-view, it needs to be redirected again to the ECC server:port/sap/bc/gui* (or something like that for SICF GUI service).  Question here is, once this redirect happens, technically the ECC box is now available externally vs. only the portal?  Is this recommended?
    Other option I've found is to try and use IAC I-views instead.  Is this really much different than a transaction i-view in how portal handles the opening Iframe?  Does it allow backend connectios without rerouting internet traffic to the backend server?
    Are they any other options to make this type of setup work for external facing portals using transaction iviews to access ITS?
    Thanks for the help!

    Hi
    Did you able to resolve the issue. We have installed Web Dispatcher through we are able to call the EP but when calling the transaction iViews page not found error pops up, since from EP server request to ECC goes via the URL http://<ecchost.domain>.:8000/sap/bc/gui/sap/its/webgui?sap-client=100.
    Thanks
    Murthy

Maybe you are looking for

  • "No local string for datasource.wrongclient"

    Hi All! Getting this message, followed by SQLException, while in the client app I'm trying to obtain a connection via DataSource. SQLException has no code, status or msg ( 0, null and "" respectively). Environment: J2EE RI v 1.3 with Cloudscape ( sta

  • Conditional display of report row

    Hi All, I've a report form and have a LOV for a column. Based on the data selected in the LOV I need to populate some more rows to that report. It is basically like a survey page where depending on the answer provided by the user, sub suvery question

  • Upgrade issues list

    Hi All, I was wondering if anyone had a list of Upgrade issues (most likely, from ticketting system) to the 5.0 system. Thanks

  • JPA and indexed collections

    Just out of interest, why doesn't JPA support indexed collections? Using ordered lists, if I wanted to insert an object at a particular point, I'd have to do something like this: myObject.getOrderedList().add(2, childObject); int i = 0; for (ChildObj

  • PM implementation for Building

    Hi All, I am new to SAP PM module, basically from MM/WM module. Need help on any case studies/white papers on SAP PM implementation for maintenance of buildings/campus. Basically need info of important things to be considered at the time of implement