on 03-13-2006 4:12 PM
Hi all,
I'm tring to configure SAML for SSO using the documentation on http://help.sap.com/saphelp_erp2005/helpdata/en/2d/d1f1285432da4d8ff121b47363e54d/content.htm.
When I configure the demo application (after Configuration Adapter): http://milds2004:50100/samlssodemo_source/setup I see this exception:
<i>SAML SSO Demo Application Setup
An unexpected situation has occurred
java.lang.Exception: [UMERROR] An exception during a user management operation occurred. Possibly the user management is not writable or, when using an ABAP backend system, the permissions of the backend service user are not sufficient. Origial exception stack trace:
com.sap.security.core.server.userstore.UserstoreException: Could not create user SAML_SOURCE
at com.sap.security.core.server.userstore.UserContextUME.engineCreateUser(UserContextUME.java:301)
at com.sap.engine.services.security.userstore.context.UserContext.createUser(UserContext.java:121)
at com.sap.security.core.server.saml.service.SAMLServiceImpl.createUser(SAMLServiceImpl.java:3201)
at com.sap.security.core.server.saml.service.SAMLServiceImpl.createSAMLSSOConfiguration(SAMLServiceImpl.java:1908)
at com.sap.security.core.server.saml.app.ssotest.source.SetupServlet.doGet(SetupServlet.java:722)
at com.sap.security.core.server.saml.app.ssotest.source.SetupServlet.doPost(SetupServlet.java:809)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:95)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:159)
Caused by: com.sap.security.core.persistence.datasource.PersistenceException: The UME/ABAP user management connector is set to read-only mode and therefore rejects the creation request for user SAML_SOURCE
at com.sap.security.core.persistence.datasource.imp.R3Persistence.getPrivateIDPart(R3Persistence.java:2442)
at com.sap.security.core.persistence.datasource.imp.DataSourceBaseImplementation.bindNewPrincipalDatabag(DataSourceBaseImplementation.java:323)
at com.sap.security.core.persistence.datasource.imp.R3Persistence$R3PersistenceTransaction.bindNewPrincipalDatabag(R3Persistence.java:8342)
at com.sap.security.core.persistence.imp.DistributedTransaction.doBindings(DistributedTransaction.java:883)
at com.sap.security.core.persistence.imp.DistributedTransaction.commit(DistributedTransaction.java:2339)
at com.sap.security.core.imp.UserFactory.commitUser(UserFactory.java:1452)
at com.sap.security.core.server.userstore.UserContextUME.engineCreateUser(UserContextUME.java:296)
... 21 more
at com.sap.security.core.server.saml.service.SAMLServiceImpl.createSAMLSSOConfiguration(SAMLServiceImpl.java:1944)
at com.sap.security.core.server.saml.app.ssotest.source.SetupServlet.doGet(SetupServlet.java:722)
at com.sap.security.core.server.saml.app.ssotest.source.SetupServlet.doPost(SetupServlet.java:809)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:95)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:159)
(c) SAP AG, 2003</i>
Could you please help me?
Thanks,
Vito Palasciano
Hi,
We would also like to use SAML for SSO from IBM WebSphere Application server to EP 6.0.
We have thought of all possibility and then found this would be most cost effective solution.
I would be glad if you will provide me the documentation other than SAP HELP portal offer.
I would appreciate if you let me know if you could done this successfully. However I would be doing this configuration shortly and let you know if I could do this successfully.
Thanks in advance.
Santosh Lad
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Santosh,
SAP documetation is the more detailed for SAP system:
http://help.sap.com/saphelp_nw04/helpdata/en/94/695b3ebd564644e10000000a114084/content.htm
Other general documentation is on:
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
I haven't read this yet, may be could help:
http://www.oasis-open.org/committees/security/docs/draft-sstc-saml-reqs-01.pdf
I'm configuring SAML right now, then I want to test the Sap demo application, I let you know.
Vito Palasciano
User | Count |
---|---|
81 | |
10 | |
10 | |
8 | |
7 | |
7 | |
7 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.