on 09-09-2008 8:39 AM
hai friends iam configured SSO for ep server with SAP system (ECC). but it is giving error in test connection .
the user iam trying is exist in two systems with same name.
but it is not working can any body help me pls .its ozt.
iam fallowed sap stndard prosidure for SSO.
i was checked in sap sso2 it is ok
and also cheked parameetes in sap system.
and restarted the system also.
and iam created rfc connection between sa and ep systems it is also working proparly
but iam not under standing where is error in my configuration pls helpme
with regards
srikanth vipparla.
Edited by: srikanth vipparla on Sep 9, 2008 9:39 AM
hi Srikanth,
I hope while uploading certificates from Portal to ECC you have given client as 000.
Regards
Parth
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Srikant,
Pls Check
1) That Ur Verify .der certificate is properly absorbed in Backend or not(Most important i think that its not properly updated in BACKEND).
2) Plesae check some property like SID ,Server Port ans other Backend related Property (Hope all correct in ur case).
3)and last very rare but can happen that the certificate that u r useing is Expired to check it open Certificate and check date of Expiry.
Hope this helps.
If so points are welcome
Regards.
Soni Vinit
Hi Srikant,
I believe this is an issue with the backend ABAP system which is unable to recognize your portal system.So you need to re-import the portal & ABAP certificates again & restart the portal server and check.
Remember to add the certificates both in the Systems certificcates list & as well as in ACL.Remember while adding the Portal certificate in the ACL, client should be 000.
Regards
Gourav Sharma.
Hi,
Did you create an alias for your ECC system on the Portal side? In the system you created on the portal side, did you set the logon method to SAPLOGONTICKET? Make sure the authentication ticket type is set to SAP Logon Ticket. Also, set the user mapping type to admin, user.
Then, as someone earlier stated, make sure to download the verify.der file and unzip it. Finally, upload it via transaction strustsso2 and use client 000 when you add it to the ACL list.
Hope this helps.
Regards,
Rick
Hello dear Gourav Sharma. "Remember while adding the Portal certificate in the ACL, client should be 000" Are you think so? Where you read about it, and why i'm think the ACL is client dependent ? Try to check your solution yourself .....
Dear srikanth vipparla, can you say your steps, step by step.
Are your ECC have JAVA server (ABAP+JAVA) or it only ABAP? If your ECC has JAVA you need to chenge in portal the "JAVA client (Different to ECC JAVA)" -->
login.ticket_client
http://help.sap.com/saphelp_nw70/helpdata/EN/0b/50ad3e1d1edc61e10000000a114084/frameset.htm
You must add in ACL the verify.der in required client( for example you want work in 100 client, login in this client, after strustsso2 and add in ACL your verify.der sertificate.
http://help.sap.com/saphelp_nw70/helpdata/EN/4d/dd9b9ce80311d5995500508b6b8b11/frameset.htm
Regards.
Hi Sergo Beradze
"When the J2EE Engine is the ticket-issuing system, its system ID is used as specified in the installation. Although the J2EE Engine does not have a client, it still needs to provide a client value to use for logon tickets so that the tickets can be accepted by other systems, for example, from an SAP Web AS ABAP. The default client for the J2EE Engine is 000, however, you can explicitly set a different value to use. "
Regards
Parth
Hi Srikant,
You have to connfigure the login module stack for this.
Login to Visual Administrator.
1.Choose Server ## --> Services --> Security Provider
2.Choose ticket in the Components menu.
3.Choose com.sap.security.core.server.jaas.EvaluateTicketLoginModule in the Login Modules table.
4.Choose Modify button. An Edit Login Module dialog box displays.
5. There enter in the left trusteddn1 & in the right enter CN=<3 letter SID of the ABAP system>.
Restart the WAS & try again.
Hope it helps.Reward points if found helpful.
Regards,
Gourav.
Hi,
I think you didnt added your system in Security Provide List:
1.Choose Server Services Security Provider of J2ee VA.
2. Choose ticket, Edit,
3.Choose com.sap.security.core.server.jaas.EvaluateTicketLoginModule in the Login Modules table
4.Modify and edit login Module.
5.trustedsys1 = <SID>, <client> (for example, D2B, 100)>
6.trustediss1 = CN=<SID> (for example CN=D2B)
7.trusteddn1 =CN=<SID> (for example CN=D2B)
CN=<SID> (for example CN=D2B) click OK.
8.Do same steps for com.sap.security.core.server.jaas.CreateTicketLoginModule.
Regards
Parth
Hey Srikanth,
If you wanna check your SSO configuration for your systems involved you can download and run SSO diagtool as it is described in note 957707.
Please set the trace level for the security component in the ABAP system to trace level 3 as outlined in section 'Logging and tracing' of note 701205 (remember Trace level '3' NOT '2')
Please then recreate the error
/usr/sap/<SID>/<InstID>/j2ee/cluster/server<n>/log/defaulttracesX.trc
SM50 trace
After running the DIAGTool you can check the file named diagtool_<timestamp>.html to see whih of your configuration is giving errors.
Hope it helps.Do award point if found helpful.
Regards,
Gourav.
Hello Dear Gourav Sharma, you doesn't understand what i write above .... The ACL are client dependent in ABAP stack, if you want to use SSO in 100 client in ABAP , you must add in ACL in 100 client. About JAVA client, i say you need to check and set in portal if it required the "login.ticket_client" --> this parameter are "JAVA client", yes by default is the 000, but if you want to use on ore more JAVA you need to change this setting in one of JAVA , restart it , and reimport certificate in ABAP. Are you know it from your best practices ?
To Mr. srikanth vipparla, try to read my posts ....
Where you find this errors, it's not so hard to creat SSO from Portal to ABAP....
1) check time and date in both servers, it must be same (Synchronization to one time server).
2) Check the JAVA client in your portal server, the login.ticket_client from configtool for example. (change if need to other (after restart the JAVA).
3) Set the profile parameter login/accept_sso2_ticket to the value 1 in every instance profile of the ABAP server. Restart ABAP server.
4)Download verify.der sertificate form your portal.
5)Login in 000 client in your ABAP server, go to transaction
"strustsso2", and add this certificate in certificates list. SAVE settings.
6)Relogin in your required client in ABAP (for example in 333)
go to same "strustsso2", and add this certificate in ACL of this client. Where you see question about portal, Enter the portalu2019s system ID and client (the login.ticket_client). SAVE settings. You can check the SSO now. Regards.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.