cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Adobe Print Form Error - Invalid Response Code: (401) Unauthorized

Go to solution
john_studdert
Participant

on ‎07-13-2010 5:15 AM

0 Kudos

Hi, I've just configured ADS on Netweaver 2004s. I've run through the config guide and everything works ok including the form generation test report FP_TEST_00 which outputs PDF without issue. I have two problems:

-When I run a "test connection" on the RFC destination 'ADS' using the ADSUSER for the login details, I get a 403 not authorized error. Changing this user to J2EE_ADMIN resolves the issue and I get a 302 redirect. I've tried adding other permissions to the ADSUSER without any luck.

-Running a report on the Portal under e.g. Executive Reporting and attempting to just right-click and hit "Print Version" results in a 401 error for request "http://hostXX:portXX/AdobeDocumentServices/Config?style=document" exactly as per this thread: . However, I've double-checked all user details in Visual Administrator (ADS_AGENT) and on the ABAP stack side in su01 and sm59. I also tried changing the users to dialog with no effect. If I go directly to that URL and log in with ADSUSER I get a 403 not authorised error (using J2EE_ADMIN is again successful). I've noticed that in the http access log the HTTP protocol used is 1.1 when using the web browser and 1.0 when using the sm59 connection test. I've heard of problems with using HTTP/1.1, but when I change the options on IE8 to use HTTP/1.0, it changes for all other requests except the request for "http://hostXX:portXX/AdobeDocumentServices/Config?style=document", which is still submitted as HTTP/1.1. Conversely, in sm59 if I specify that it should use HTTP/1.1 under Special Options, I can see from the access log that it is in fact still using HTTP/1.0. Could this be related to the 401 error code that I'm seeing?

Any help would be appreciated. Thanks,

John

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

john_studdert
Participant
‎07-15-2010 2:29 AM
0 Kudos

Hi, I've resolved this issue now with the help of SAP who eventually got back to my customer message. The piece of config that needed to be updated isn't mentioned in the standard config guide for some reason but is listed here:

http://help.sap.com/saphelp_nw04/helpdata/en/4f/a00d41921bf023e10000000a155106/frameset.htm

On the Web Services tab page in the right frame, select Security Configuration / Web Service Clients / sap.com / tcwdpdfobject / com.sap.tc.webdynpro.adsproxy.AdsProxy*ConfigPort_Document.

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎07-13-2010 7:55 AM
0 Kudos

Hi,

Could you perform the following activity and verify:-

-

a. Open the Visual Administrator.

b. On the Cluster tab of the Visual Administrator, choose Security Provider.

c. On the Runtime tab, choose Policy Configurations tab, and then choose

sap.com/com.sap.engine.services.webservices.tool*wsnavigator.

d. On the Security Roles tab, choose WSNavigatorRole.

e. To switch to edit mode, choose 'change icon' and modify

f. On the Security Roles area, choose all, and then choose Save.

-

cheers !

PRADi

Show replies
Show replies
john_studdert
Participant
‎07-13-2010 10:43 AM
0 Kudos

Hi Pradi,

I've done that now, and it helped to fix the first of the two issues with getting the 403 Not Authorized error code in 'sm59' when doing a connection test. However, it did not fix the 401 Not Authorized error message that I'm still seeing when actually trying to "Print Version" from a report on the portal as below:

Log ID: 005056AF1EB30063000000D7000009B400048B4178F0C04E

Initial cause

Message: Service call exception; nested exception is:

com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://HOST:PORT/AdobeDocumentServices/Config?style=document"

Stack trace: java.rmi.RemoteException: Service call exception; nested exception is:

com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://HOST:PORT/AdobeDocumentServices/Config?style=document"

at com.sap.tc.webdynpro.adsproxy.ConfigBindingStub.rpData(ConfigBindingStub.java:84)

at com.sap.tc.webdynpro.adsproxy.ConfigBindingStub.rpData(ConfigBindingStub.java:94)

at com.sap.tc.webdynpro.pdfobject.core.PDFObject.doSoapCall(PDFObject.java:385)

at com.sap.tc.webdynpro.pdfobject.core.PDFObject.createPDF(PDFObject.java:337)

at com.sap.ip.bi.export.xfa.impl.Document.writeWidthsAsXmlToStream(Document.java:333)

....

Do you think the HTTP protocol version (as I mentioned in my first post) could be part of the problem here? Alternatively, there is one further issue with my config. I do not have the ADSCALLERS role created on the ABAP stack and added to the ADSUSER via 'pfcg'. This is because when I tried this it added the group ADSCALLERS in Security Provider of the Visual Administrator, duplicating the already existing ADSCallers group (it does not appear to be case-sensitive). When this happened the ADSUser no longer appeared under either group in the tree view, and in the logs it complained about the ADSCallers group name not being unique. Am I missing something here or is the config guide out of date in this respect?

Thanks,

John

john_studdert
Participant
‎07-14-2010 1:46 AM
0 Kudos

I think I've ruled out the HTTP protocol version as being an issue here. However I may have found more useful information on the actual issue.

In the security log under usr\sap\<SID>\DVEBMGS00\j2ee\cluster\server0\log\system I see a different message for the unsuccessful report PDF generation attempt to that of a direct query to the same URL with the same web browser, as below. The unsuccessful attempt appears to forget the ADSUSER credentials and resort to the default J2EE_GUEST which has no authorisations and therefore fails. The direct query doesn't lose the ADSUSER credentials and I think this is because it prompts for the user/password when needed. Does anyone know why this happens for a direct query to this URL but not for the PDF generation attempt?

Resulting logs from unsuccessful PDF generation attempt:


#1.5 #005056AF1EB300750000002D0000142000048B4D2208F055#1279063306899#/System/Security/WS/SecurityProtocol#sap.com/irj#com.sap.security.core.client.ws.AuthenticationContext.setDestination#AICL0001#622##<host>_<sid>_3576650#AICL0001#4c1a62608ed511dfbe2a005056af1eb3#SAPEngine_Application_Thread[impl:3]_5##0#0#Info#1#com.sap.security.core.client.ws.AuthenticationContext#Java###An destination was set with the following properties:

{0}.#1#{PROXY_ENABLED=false, CLIENT_AUTHENTICATION_KEYSTORE_VIEW=, SAP_SID=, SLD_URL=, USERNAME=ADSUSER, SLD_WS_NAME=, URL=http://<host>:50000/AdobeDocumentServices/Config?style=document, PROXY_URL=, SSL_SERVER_AUTHENTICATION=IGNORE, SLD_WS_SYSTEM_NAME=, PASSWORD=XXX, SLD_WS_PORT=, SAP_CLIENT=, DEFAULT_URL=http://localhost:50000/AdobeDocumentServices/Config?style=document, Authentication=BASIC, CLIENT_AUTHENTICATION_KEYSTORE_CERTIFICATE=, URL_CHOICE=Custom, SAP_LANGUAGE=}#

#1.5 #005056AF1EB30072000000250000142000048B4D220A12ED#1279063306977#/System/Security/Authentication##com.sap.engine.services.security.authentication.logincontext#J2EE_GUEST#0##<host>_<sid>_3576650#Guest#4c1a62608ed511dfbe2a005056af1eb3#SAPEngine_Application_Thread[impl:3]_24##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: com.adobe/AdobeDocumentServices*AdobeDocumentServices_Config

Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
1. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   SUFFICIENT  ok          exception             true       Authentication did not succeed.#

Successful direct access of URL http://<host>:50000/AdobeDocumentServices/Config?style=document (click on rpData test and manually log in as ADSUSER):


#1.5 #005056AF1EB30070000000250000142000048B4D3E260016#1279063778670#/System/Security/Authentication##com.sap.engine.services.security.authentication.logincontext#ADSUSER#675##<host>_<sid>_3576650#Guest#812f72008ed611dfa62d005056af1eb3#SAPEngine_Application_Thread[impl:3]_14##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.OK
User: ADSUSER
Authentication Stack: com.adobe/AdobeDocumentServices*AdobeDocumentServices_Config

Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
1. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   SUFFICIENT  ok          true       true                  
Central Checks                                                                                true                  #
#1.5 #005056AF1EB30070000000260000142000048B4D3E2666A6#1279063778702#/System/Security/Audit/J2EE##com.sap.engine.services.security.roles.audit#ADSUSER#675##<host>_<sid>_3576650#ADSUSER#812f72008ed611dfa62d005056af1eb3#SAPEngine_Application_Thread[impl:3]_14##0#0#Info#1#com.sap.engine.services.security.roles.audit#Java###{0}: Authorization check for caller assignment to J2EE security role [{1} : {2}].#3#ACCESS.OK#SAP-J2EE-Engine#all#

Ask a Question