on 11-26-2010 6:53 AM
Hi Experts,
Our ADS configuration was done on XCE a long time back and even reader credentials were installed and everything is working fine.
Couple of days back, we enabled SSL configuration on the system. Even got the certificates signed by CA and HTTPS is also working without any problems.
Then, problems are happening when we configured WebService SSL connection for ADS following the steps from
http://help.sap.com/saphelp_nwce72/helpdata/en/90/71d273fa724cc9bb644ab00405e6f8/content.htm and also the SAP How to guide from: http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d02262d8-7814-2c10-5c97-d855d38e9....
Among other steps, I have created a View in Key Storage called "ADSCerts" and created an entry "ADSUser" as per the document, generated CSR request, imported CSR response and also the CA's root certificate.
I exported the ADSUser-cert certificate from here and imported into Identity Management for the User ADSUser under its Certificates tab.
Also updated SecureConfigPort_Document (in Destination Template Management under SOA Administration) security settings to X.509 Client Certificate and in Details, I have chosen the View ADSCerts and entry ADSUser.
Even after all the steps as per the document and the help.sap.com link provided above, when I try to test this through a test URL
(https://host:https-port/webdynpro/resources/company.com/test~wd/TestAdobeApp) that our developers have given me for this, I get a (401)
Unauthorized error:
500 Internal Server Error is returned for HTTP request
[https://host:https-port/webdynpro/resources/company.com/test~wd/TestAdobeApp]
com.sap.tc.adobe.pdfobject.base.core.PDFObjectRuntimeException:
Exception while calling ADS; Inappropriate WSIL; configure the
destination path
correctly./ncom.sap.esi.esp.service.server.query.discovery.ExtendedServiceException:
com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested
URL was:"Connect to https://host:https-port/inspection.wsil/";
I have checked the security log file and it shows:
LOGIN.FAILED
User: N/A
IP Address: 192.165.90.102
Authentication Stack: sap.com/tcesiesp~wsil*inspection.wsil
Also, ran Security Troubleshooting Wizard from NWA and reproduced the problem while collecting these traces. There were some entries like:
Login failed!
[EXCEPTION]
java.security.PrivilegedActionException:
com.sap.engine.services.security.exceptions.BaseLoginException: Cannot
authenticate the user.
.
.
Caused by: com.sap.security.core.server.jaas.DetailedLoginException:
Received no SAP Authentication Assertion Ticket.
Received no SAPLogonTicket. Authentication stack:
[sap.com/tcesiesp~wsil*inspection.wsil].
Any idea how I can solve this? Anybody got this error?
Thanks,
Shitij
Opened an OSS message with SAP and they told me that the certificates being generated from NWA are in a different format from what is accepted in user store.
So, generated new certificates from OS level using sapgenpse and now it worked.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.