User from Logon Ticket

Similar Messages

• Evaluate Authentication Scheme from Logon Ticket in WAS ABAP

  Hello,
  we've got the following problem: we have a corporate intranet portal. The portal is connected to several backend-systems. Between the portal and the backend-systems is a trust relationsship to enable single sign on. On Web-AS-Java-based systems we can configure the logon stacks that the authentication scheme in the logon ticket is evaluated (authschemes.xml).
  We want to use this function of the sso2-Logon-Ticket in the business warehouse system as well. It is very important that only users authenticated with a specific authentication scheme on the portal (strong) are given access to the business warehouse.
  Does anybody know if its possible to evaluate the authentication scheme in Web AS ABAP?
  Thx,
  Norbert

  Hi Nobert
  The easy solution is to only create the userid in the BW system that needs access to it , and only assign your BW portal Role to the users who need access to the BW system
  Theo

• Vbscript to remove user from "Logon as service right"

  Hi Everybody,
  I need a VBscript that will remove service account from “Log on as a service” from the local computer.
  Thanks.
  Emese,

  Hi Emese,
  In the script repository there are plenty of scripts for local user account management, maybe check those out, whether one of those will meet your needs. If not ... well, good luck learning scripting. There's a whole section dedicated to this in the script
  center (check the tabs at the head of the website).
  Contrary to some rumors, this forum is for professionals exchanging advice on specific scripting issues, not a script-on-demand service. If however you learn to script, try to do it yourself and stumble across a specific problem with your attempt, feel free
  to come back, post your current status and thought, and we'll be glad to help.
  Cheers,
  Fred
  Ps.: Are you limited to VBS or is it just the tool you heard of? Maybe Powershell would work out better for you.
  There's no place like 127.0.0.1

• Deleting Logon Ticket

  Hi all,
  I am using EP6 here and ECC5. I am using SSO with logon tickets.
  My logon ticket has expired. So i have to make a new one in visual administrator.
  But it is not letting me delete that or not even rename that.
  It gives an error message. I cant copy the error mesage that comes. And I cant find the same error in any file. may be i missed some file. Tell me where can i find that error so that i can paste the error message here.
  Please tell me how too delete the logon ticket
  Thanks
  Tajinder

  hi tajiinder,
  Configuring the J2EE Engine to Accept Logon Tickets
  Use
  The J2EE Engine uses EvaluateTicketLoginModule to accept logon tickets for SSO. After receiving the logon ticket from the user’s Web browser, the J2EE Engine verifies the ticket signature based on the established trust relationship with the issuing system. Based on the ticket validity, the J2EE Engine authenticates the user.
  For the case when you use authentication assertion tickets for SSO between the AS ABAP and the J2EE Engine, the corresponding module is EvaluateAssertionTicketLoginModule.
  Prerequisites
  To check the validity of a user’s logon ticket, the J2EE Engine must be able to verify the issuing server’s digital signature.
  ●      If the J2EE Engine is both the ticket-issuing server as well as the accepting server, then it can automatically verify its own digital signature.
  ●      If the ticket-issuing server is a different one, then this server’s public-key certificate must be available in the keystore view that the J2EE Engine uses for verifying logon tickets.
  Procedure
  The Trusted Systems ® SSO Wizard configuration functions of the SAP NetWeaver Administrator enable you to use wizard-based management of trust relationships for SSO with logon and assertion tickets. The configuration changes made with the wizard have a global effect for ticket-based SSO to the J2EE Engine.
         1.      Open the SSO Wizard.
  Note the following:
  ○       If the ticket-accepting system is SAP NetWeaver 7.0 SP14 or higher, you can access the SSO Wizard by following the path System Management ® Configuration ® Trusted Systems.
  ○       If the ticket-accepting system is SAP NetWeaver 7.0 SP 13 or lower, first you must deploy the SSO Wizard. More information: SAP note 1083421.
  The system which you configure is displayed in the Selected Accepting System section.
  There are two ways to add a trusted system:
  ○       By connecting to the system and requesting its certificate.
  If the ticket-issuing system is SAP NetWeaver 2004 SP20 or lower, or SAP NetWeaver 7.0 SP13 or lower, you must configure it so it can send a response to the certificate request. More information: SAP note 1083421.
  ○       By manually uploading the certificate of the system.
  Adding a Trusted System by Connecting to It
                              a.      In the Trusted Systems section, choose Add Trusted System ® By Querying Trusted System.
                              b.      The System Landscape Directory (SLD) opens automatically and lets you select the system you want to add. Select the system and choose OK. The connection details for the selected system are displayed automatically.
  If you cannot find the system you want to add, choose Cancel and provide the connection details:
                                                    i.       Select the type of the system from the System Type dropdown list.
                                                  ii.       Enter the necessary connection details.
  If you want to add an AS ABAP system, the field System Number appears. You can get the system number of an ABAP system by its license key which you received from SAP.
                              c.      Enter your user name and password in the provided fields and choose Next.
                              d.      The details about the selected system’s certificate appear. To add the system, choose Finish. If you want to make changes, choose Back.
  Adding a Trusted System by Manually Uploading its Certificate
  Before you start the following procedure, you must export the trusted system’s certificate. More information: Exporting the Ticket-Issuing Server's Public-key Certificate.
                              a.      In the Trusted Systems section choose Add Trusted System ® By Uploading Certificate Manually.
                              b.      Enter the System ID and Client in the provided fields.
                              c.      Browse to the location of the system’s certificate. Select the certificate and choose Open.
                              d.      Choose Next. The information about the system and the certificate is displayed. To add the system as trusted, choose Finish. If you want to make changes, choose Back.
         2.      Add the login module EvaluateTicketLoginModule (or EvaluateAssertionTicketLoginModule) to the login module stacks for the J2EE Engine policy configurations of the application components that accept login tickets for SSO. To do this, use the Security Provider Service of the Visual Administrator.
                              a.      In the Security Provider Service choose Runtime ® Policy Configurations ® Authentication tab.
                              b.      Select the policy configuration for the application component to accept logon tickets from the Components list.
                              c.      Choose the Switch to edit mode button.
                              d.      Choose Add New. The list of available login modules for the component appears.
                              e.      Choose the EvaluateTicketLoginModule (or EvaluateAssertionTicketLoginModule) from the list and choose OK.
  If you change the options of a login module in the user store, the changes will be inherited by all policy configurations that use this login module.
  If you change the options of a login module in a single policy configuration, the change applies only to that policy configuration. In this case the login module will no longer inherit its options from the user store. To restore the inheritance change the options in the policy configuration or in the user store so that they are identical.
  Result
  After you complete the wizard, the ticket-issuing system is shown in the Trusted Systems list. The J2EE Engine accepts logon tickets that have been issued by the corresponding server.
  if you have douts pls go thru the following urls
  help.sap.com/saphelp_nw04/helpdata/en/71/c3d53a60ad204ce10000000a114084/content.htm - 30k
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/69d95112-0d01-0010-8297-fa31feea26e0
  thanks karthikeya
  dont forget to reawrd me if it helps you

• Problem about SSO using logon ticket  with user mapping

  Hi everyone ,
  I had done SSO with Portal , BW and R/3 system.
  I use logon ticket with user mapping .
  When user name is same in Portal as in R/3 system, or user name is same in Portal as in BW , user can access R/3 transactions and BW report without logon.
  There are some Portal users name which are different with R/3 user and  BW user. And I done the user mapping for these  user.
  But some user mapping works fine,but most of them can't work,means that most of them need to enter mapped user ID and password.
  What's the reason?
  When SSO using logon ticket with user mapping, the Portal user which is different with R/3 user and BW user,  can they access R/3 transaction iview and BW report iview without logon?

  Hi Chen,
  What you have done is correct. But the problem lies here.
  Since you are using the same system object for accessing the iview, where the ticket method is set to SAPLOGONTICKET in the user Management property of the system object.
  To avoid this create another system object like the previous one but set the logon method to UIDPW and select admin, user from the drop down box. Also create a system alias for this system.
  Now create another iview like the previous one but link this iview to the new system. Now do the user mapping for the users which are different in portal compared with R/3. Now you should be able to login without any problems.
  Another important point is login to portal with Fully qualified domain name. In the ITS property of the system object also give the FQDN.
  Hope this helps
  Regards
  Arun

• How to use logon ticket in case of different user id with SAP R3

  Hi.
  I try to login from EP to SAP R/3 using Logon Ticket but
  My problem is that EP, R/3 user id is different.
  Is there any method to login SAP R/3 using Logon
  Ticket in case of different user ID ?
  Regards, Arnold.

  Hi Arnold,
  SAP Logon Tickets issued by the Portal contain two user ids, basically one for Java Systems and one for ABAP systems. See also note 843061 for details.
  You do not need passwords for the reference system, if the user mapping is maintained by the user administrator, and the UM property ume.usermapping
  .admin.pwdprotection is set to false, see http://help.sap.com/saphelp_nw04/helpdata/en/fe/d22a41b108f523e10000000a155106/frameset.htm. If you set the mapped user id programmatically, or if you retrieve it from an LDAP server, you also do not need to verify the ABAP password of the user (see https://media.sdn.sap.com/javadocs/NW04/SP12/ume/index.html and http://help.sap.com/saphelp_nw04/helpdata/en/0b/d82c4142aef623e10000000a155106/frameset.htm).
  Best regards,
  Joerg

• Ignore MYSAPSSO2 Logon Ticket from Portal in BSP

  Hi all,
  We have a WAS which is configured to access MYSAPSSO2 logon tickets from our EP 6.0 Portal. However, we have BSP's connected to the portal, and others to be used independently from the portal. The problem is that if we launch the portal as a new window of the BSP application, a MYSAPSSO2 logon ticket is created, so the BSP application, we refreshed, now changes the logged on user to the one on the logon ticket!
  So the bottom line is: Is it possible to prevent accepting logon tickets for a specific BSP?
  Thanks for your time and help.
  Regards,
  Nuno Vitorino

  Hello Jain,
  Thanks for your answer. Actually, it solved the problem the other way around. In the local hosts file, we set a different domain for the WAS (In productive, we'll add the new address in the DNS). Then launching the BSP with this new domain, we were able to launch the portal and the MYSAPSSO2 logon ticket generated is not accepted by the BSP. We couldn't change the portal server address, because that way, the SSO within the portal wouldn't work.
  Anyway, you've set me in the right direction so I'm giving you 10 points.
  Thanks and kind regards,
  Nuno Vitorino

• Umw attribute responsible for user ID in SAP Logon Ticket

  In a typical portal login using the login module stack "ticket", I understand that j_user and j_password are used to login at the BasicPasswordLoginModule.
  With our UME running against an LDAP server, what attribute is responsible for the user ID of the generated SAP Logon Ticket at the CreateTicketLoginModule? It could be j_user or userid of the principal type account or the uniquename or loginid of the principal type user.
  Thanks,
  Florian

  i think it is by default but if you are using qoutes then you have to give it in upper case.
  select matnr into mara-matnr from mara where matnr = 'abc'.
  will not fetch any value here you have to give 'ABC'.
  regards
  shiba dutta

• Question about Logon ticket with user mapping at BI-JAVA environment

  We're implementing BI 7.0 including BI Java and SAP EP for end user
  access.
  I have two question about SSO method when we're using BI Java.
  I know we can simply configure SSO logon ticket with BI-Java(EP
  included) and BI-ABAP through BI template installer and we already
  succeeded in that case.
  But the problem is we want to change it to user mapping SSO method for
  some our internal reason.
  After we configure user mapping SSO, we've got SSO failed error when we
  call BI-Java stuff like BEx Web Application iView.
  After many testing implemented, we found SSO Logon ticket with user
  mapping (using SAP reference system). It seems working now.
  But our question is "Is it no problem when we use SSO logon ticket with
  user mapping?" Is there any restriction or issue?
  One more question is we can ONLY use user base mapping when reference
  system used. How can we assign BI-ABAP users to EP Group?

  Using an SAP Reference system is allright. But if the reason u r going for this is because of different usernames in EP and BI, why dont you go for user mapping.
  Anyways, on restriction of reference syetms is that you can have ONLY ONE reference system defined in portal. In you case you can only have the BI system defined.
  Hope this helps!!

• SSO-Logon from mobile device - create logon ticket from WebDynpro for Java

  Hi Experts,
  I'm developing WebDynpro-JAVA application for some warehouse stuff  (runs on a portal system, clients are mobile barcode-scanners with Windows mobile 5.0). JCOs from the portal system to the R/3-backend are confirgured for SSO with Logon-tickets and portal uses LDAP for authentication against a Windows-ADS.
  This works so far ... but my problem is the standard Logon-screen, which is nearly unusable on the mobile device (screen size, layout, etc.). Is there any solution to create logon-tickets directly from the WebDynpro application (using something from com.sap.engine.interfaces.security.auth or similar ?) or any chance to have a special logon screen for mobile devices (parameter sap-wd-client=Pie03Client is ignored for the logon screen).
  Thanks in advance.
  regards,
  Hendrik

  Hi Henrik,
  Did you find the solution to your problem ?
  I'm facing the same issue, so I'd be pleased to know the solution!
  Regards
  Stekam

• Retrieve  Logon user  from Windows Directory

  Hi,
      We need to retrieve  logon user from windows directory in BSP. Please suggest the relevant   code for the same.
  Regards,
  Divyanshu

  Hi,
  I have a scenario where in we have a  enhancement  to open a PDF file in portal  with standard SAP  HCM_LEARNING application. If file does not exist then I need to give the custom messages.To give the custom message we need to  check that whether the URL of  PDF file is valid or not. Currently I am using HTTP2_GET function module to validate the same.This FM returns the status code by which we can know whether this URL is accessible or not.  This function module requires a RFC destination as a input parameter . I am  using SAPHTTPA for the same.
  This RFC Destination (TCP/IP) does not have credentials with it , so the return status code is always 401 (unauthorised ). I also tried to use other RFC destinations(of type G) that have credentials with it  but this is not compatible with this FM.
  Can you help me in regard to below queries:
  Is there any other  method that we can use to validate the URL ?
  How we can use the session variables (as the user has already logged in  so that it should not ask for credentials.) Is there any way to specify  the Credentials in the RFC destination of type T?
  Kindly share your inputs with me  to fix the same.

• SSO Help - Portal to ABAP via logon tickets

  Hi All,
  I've done this configuration in the past but it seems that the process has changed a bit and I'm in need of some advice.
  I have a portal system which I've setup SSO. The SSO is done through Kerberos and the users are pulled from LDAP. Users login to their windows account, they hit the portal without having to login again, perfect. I used the new SPNego setup wizard to do this.
  Now the issue I'm having. Portal user ID's are not the same as ABAP ID's. I have used a blank attribute in Active Directory (specifically "extensionAttribute7") to fill in the ABAP user ID's. I have modified the data source XML file in the portal to look like this:
  <nameSpace name="$usermapping$">
  <attributes>
  <attribute name="REFERENCE_SYSTEM_USER">
  <physicalAttribute name="extensionAttribute7" />
  </attribute>
  </attributes>
  </nameSpace>
  I have changed the UME property to look like this:
  ume.usermapping.refsys.mapping.type = attribute
  When I try to access an SAP report through the portal I get the error:
  The initial exception that caused the request to fail was:
  Ticket contains no / an empty ABAP user ID (see note 1159962)
  My ABAP system is setup to create and accept logon tickets. Certificates have been exchanged on both systems (checked through NWA). It looks like the saplogonticket isn't picking up the ABAP user ID that I've stored in AD and mapped to in the XML file.
  In the Java system, my logon ticket stack looks like this:
  EvaluateTicketLoginModule SUFFICENT
  SPNegoLoginModule OPTIONAL
  CreateTicketLoginModule SUFFICENT
  BasicPasswordLoginModule REQUIRED
  CreateTicketLoginModule REQUIRED
  Can anyone see an obvious step that I'm missing? Any tips would be appreciated.
  Portal system is running 7.01 sp8
  ABAP is running 7.01 sp8
  Cheers,
  Richard

  Hi Arjun,
  No I'm not using user mapping. I want to pass my ABAP user ID from an attribute I'm using in Active Directory. For some reason the sap logon ticket isn't picking up my username from the attribute when I try to go from portal to ABAP.
  Hi Samarth,
  Not sure I understand the request. The user is coming from the portal and is attempting to run a ABAP report from the portal. The user names are not the same. I am attempting to map the ABAP user ID to an Active Directory attribute that I can pass to the sap logon ticket.
  Hi Siva Kumar,
  Yes I checked the VA as well, the entries are there.
  Thanks all for the suggestions. Keep them coming if you have more, they are greatly appreciated.
  I basically followed this from SAP to set it up
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/0b/d82c4142aef623e10000000a155106/frameset.htm
  You are using an LDAP directory as a data source for the User Management Engine (UME). The user IDs for ABAP systems are already available in the LDAP directory. You no longer need to define a user mapping for each user, as the data is already available in the LDAP directory.
  Cheers,
  Richard

• SSO to SAP R3 thru ITS 6.20 with Logon tickets

  Hi All,
  I am trying to configure SSO to R3 thru ITS with the Logon Tickets.
  I have configured R3 to accept the tickets using STRUSTSSO2.
  Downloaded the verify.der file from Portal and imported to R3
  And tried to test the System connection.
  If I use <b>SAP GUI for Windows</b>,the logon ticket is passed and SSO happens
  with out any problem.
  But If I use <b>SAP GUI for html</b>,then ITS Logon screen appears and once I
  enter the user id and password it logs in.
  In ITS global.srvc file I have added the following parameter
  <b>~mysapcomusesso2cookie 1</b>
  I also have the following parameters in the global.srvc file
  <b>~login <space>
  ~password  <space></b>
  Do I need to configure any thing more in ITS.
  Where am I going wrong.
  I have read regarding <b>Pluggable Authentication Service(PAS)</b>.Is this mandatory for SSO thru ITS
  Please let me know
  I am working on EP6 SP14
  Any help is really appreciated
  Thanks in advance
  Regards,
  Santhosh

  Hi,
  IWithin System definition of R/3 System, you've to give the FQDN of ITS just same as Portal system. For example if your Portal system's FQDN is below:
  http://portal.hedehode.com:50000/irj
  then the ITS Server definition (parameter ITS Hostname) must be:
  itsserver.hedehode.com:port
  for portal to resolve itsserver.hedehode.com host, you may need to enter its IP address into hosts (c:\windows\system32\drivers\etc\hosts) file of portal system.
  <ip>   itsserver.hedehode.com

• How can I process an SSO Logon Ticket in ColdFusion 9?

  Hi,
  We want to integrate some CouldFusion templates on the SAP portal and I try to process the SSO Logon Ticket using the following code:
  <cfif IsDefined("Cookie.MYSAPSSO2") AND Cookie.MYSAPSSO2 neq "">
  <cfscript>
      ticket = Cookie.MYSAPSSO2;
      sso = createObject("java", "SSO2Ticket");
      version = sso.getVersion();
      Application.CertPath = "/opt/coldfusion9/lib/verify.pse";
  </cfscript>
  <h2>Ticket cookie:</h2>
  <cfdump var="#ticket#">
  <h2>Version:</h2>
  <cfdump var="#version#">
  <h2>Certification path:</h2>
  <cfdump var="#Application.CertPath#">
  <cfscript>
      result = sso.evalLogonTicket (ticket, Application.CertPath,"");
      sapUser   = result[1]; //First element is the SAP system user
      sysID  = result[2]; //Second element is the id of the issuing system
      client = result[3]; //Third element is the client of the issuing system
      portalUser = result[5]; //Portal user
      validityInSeconds = result[7]; //Validity in seconds
  </cfscript>
  <h2>Ticket content:</h2>
  <cfdump var="#result#">
  <cfelse>
      SAP Logon Ticket not found - Extranet content can only be accessed through SAP Portal.   
  </cfif>
  The certificate verify.pse and the current version of the libraries libsapcrypto.so, libsapssoext.so and libslcryptokernel.so are stored at the same location.
  After logging in into a SAP portal I get following error when executing the script:
  Ticket cookie:
    AjExMDAgAAxwb3J0YWw6VG90aEyIABNiYXNpY2F1dGhlbnRpY2F0aW9uAQAFVE9USEwCAAMwMDADAANEUDIEAAwyMDE0MDYyNTEzNTMFAAQAAAAICgAFVE9USEz/AQUwggEBBgkqhkiG9w0BBwKggfMwgfACAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGB0DCBzQIBATAiMB0xDDAKBgNVBAMTA0RQMjENMAsGA1UECxMESjJFRQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTQwNjI1MTM1MzQ3WjAjBgkqhkiG9w0BCQQxFgQU2lImEL6oxLc/4ZdXYTDJudUNhOIwCQYHKoZIzjgEAwQvMC0CFQC4ftTFs8COV0ThRZH5lJxY9ITqfQIUMSugOMEkhmQHqBZD!ZHQ1Tb9e90= 
  Version:
  SAPSSOEXT 4 
  Certification path:
  /opt/coldfusion9/lib/verify.pse 
  The web site you are accessing has experienced an unexpected error.
  Please contact the website administrator. 
  The following information is meant for the website developer for debugging purposes.
  Error Occurred While Processing Request
  MySapEvalLogonTicketEx failed: standard error= 9, ssf error= 0
    The error occurred in /opt/coldfusion9/wwwroot/ExtranetMod/authTest.cfm: line 20
  18 : 19 : <cfscript> 20 : result = sso.evalLogonTicket (ticket, Application.CertPath,""); 21 :     sapUser   = result[1]; //First element is the SAP system user 22 :     sysID  = result[2]; //Second element is the id of the issuing system
  Resources:
  Check the ColdFusion documentation to verify that you are using the correct syntax.
  Search the Knowledge Base to find a solution to your problem.
  Browser 
  Mozilla/5.0 (Windows NT 5.1; rv:30.0) Gecko/20100101 Firefox/30.0
  Remote Address 
  172.20.231.111
  Referrer 
  Date/Time 
  25-Jun-14 04:23 PM
  Stack Trace
  at cfauthTest2ecfm1658987646.runPage(/opt/coldfusion9/wwwroot/ExtranetMod/authTest.cfm:20)
  java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 9, ssf error= 0 at SSO2Ticket.evalLogonTicket(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at coldfusion.runtime.java.JavaProxy.invoke(JavaProxy.java:97) at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:2360) at cfauthTest2ecfm1658987646.runPage(/opt/coldfusion9/wwwroot/ExtranetMod/authTest.cfm:20) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:231) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:416) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:360) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:94) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:200) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at jrun.servlet.FilterChain.service(FilterChain.java:101) at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at jrun.servlet.http.WebService.invokeRunnable(WebService.java:172) at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320) at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428) at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266) at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
  I would be most thankful for any hints that could bring me further...
  Many thanks
  Lajos

  Thank you for your assistance in this matter.
  This has been frustrating the crap out of me for the last week (not that the photo is important, it is just that I like to conquer and solve this types of issues)
  I was shooting with an aperture of 7.1. 
  I changed the exposure on the photos as you had done previously but this only blew out the watch and I couldn't recover it afterwards and the alignment was no better any way.  So then I started experimenting as you suggested, and I don't know if what I am about to write is acceptable in an Adobe forum, but here goes.
  I tried Helicon Focus and it was terrible, but I must admit I didn't know how to really use it, it doesn't seem to have any alignment function and is very difficult to try to use and understand.
  then I tried Hugin and I am not even sure if this is image stacking software or just an alignment software, anyway that didn't work either and kept saying the output was a very bad match.
  THEN I downloaded and tried zerestacker (free 30 day trial)  (after reading about it in a google search) and WOW, it worked amazing, see below photo, it was so easy to use and the interface is easy as well and it does the alignment and stacking in the same process and you can see the image output show up on the left of the screen.  Sorry PS but I will be using ZS for photostacking from now on. Adobe need to buy this company and incorporate it in to PS CC6.
  This is just so much better than anything I got out of PS, there is no ghosting or blurring and the alignment is perfect and it is so simple to use.

• Problem with logon ticket on a cluster J2EE environment.

  Hi Experts,
  We have a Portal system with one J2EE node running which issues logon ticket to do SSO into our R/3 4.6 system.
  After we added another node into the J2EE cluster on another machine, we have problem SSO into our R/3 system if you login to that new node, but everything works fine if user login into the original node directly.
  I checked the keystore in EP on both nodes and they look exactly the same.
  do we need to do anything for this to work? any help much appreciated!
  Thanks
  Jerry.

  Interesting, can you see the system landscape def from both nodes?  If so, are the connection test results the same from both nodes?
  Regards,
  Patrick