on 03-29-2010 2:38 PM
Hello,
we have the following configuration:
Client Internet Browser > Https (443)> Web Dispatcher
(fully qualified hostname) --> HTTP (80) --> Web Dispatcher -->
--> HTTP (port) --> SAP SRM System (fully qualified hostname of SRM server)
The URL used is https://name.domain:443/BBPStart
The domain of first web dispatcher is different from domain of SRM server.
It asks for a PSE installed on the first Web Dispatcher, then we log
into the system with username and password.
If use the link above, then access via internet, we can use LAC without
any problem, because the URL used by the link of Live Auction is:
"javascript:startApplet('HTTPS://name.domain:443/srm/appletInvoker?"
But, if I access directly (intranet) to SRM system with:
http://fully qualified hostname of SRM server:port/sap/bc/gui/sap/its/bbpstart
then log into the system with username and password, go to Process
Auction, looks for and select the Live Auction,
click on the link of Live Auction, passing throught the first Web
Dispatcher (name.domain), it asks again for username and password.
How is it possible, considering that I've already logged into SRM
system?
How can I avoid the request of username and password in that case?
Could I solve it using multipule SSO tickets for every domain?
How can I create multiple SSO tickets?
With Best Regards
Hi there,
I think the J2EE Authentification is not configured properly.
Follow the description of the following notes:
721815 New configuration needed for systems using SAP Logo
957707 Using Diagtool for Troubleshooting Single Sign-On
957666 Diagtool for Troubleshooting Security Configuration
Check UME users are configurred properly (J2ee_guest,
lac UME user etc.)
Did you updated SRM server and ITS server with
the corresponding parameters and followed the guide to export the SRM
certificate and then import certificate to SAP J2EE?
You should also export the EP 7.0 certificate and then imported the
certificate into SRM Server and J2EE Server (same way as SRM
certificate).
===
Which policy configuration you are using for the LA application? Does
it have EvaluateAssertionTicketLoginModule? Please, run the diagtool
with parameter: conf/authentication.conf so that you can check your
policy configurations. (also see note 1045019)
If none of the systems defined in the ACL of EvaluateTicketLoginModule in
[ticket] authentication stack equals to SAP Logon Ticket issuing system.
This means that the system requesting your application is not trusted
for your j2ee engine. you should use the following note to solve the SSO
misconfigurations:
1083421 "SSO2 Wizard"
Hope there's not too much information in here
Hope it helps.
Regards,
Matthew
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.