Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to log into portal

Former Member

‎04-18-2011 2:40 PM

0 Kudos

Hi everyone,

I was trying to achieve SSO between SAP EP (ep.domain1.com) to a backend ABAP (abap.domain2.com).

I follow that guide before implementing particular issues on Cross Domain:

/people/dennis.kleymeonov/blog/2005/09/15/connecting-sap-systems-to-enterprise-portal-with-sso

To achive cross domain config I was trying to log into the portal to configure an appintegrator iview on the second domain but now I can't log in to the portal.

I get following error:

Source: com.sap.engine.services.security.exceptions.BaseSecurityException: AddPermission[com.sap.engine.lib.security.EnginePermission] fails.; Description: Code permissions for domain[sap.com/com.sap.portal.fpn.shared] and keystore operation [{VIEW_ALIASES TicketKeystore }] are not granted; Consequences: domain [sap.com/com.sap.portal.fpn.shared] has not code permission to execute keystore operation [{VIEW_ALIASES TicketKeystore }]; Countermeasures:check log for details[]

And followinfg warning:

LOGIN.FAILED

User: N/A

Authentication Stack: ticket

Login Module Flag Initialize Login Commit Abort Details

1. com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule OPTIONAL ok exception true Received no SAP Authentication Assertion Ticket.

Has anyone know how to undo SSO configuration on portal so I can log normally and do first Cross Domain config?

Versions are:

SAP EP 7.0 EHP2

WAS ABAP 7.02

Thanks!

2 REPLIES 2

anderson_parreiras
Explorer

‎04-30-2011 12:53 AM

0 Kudos

Hi,

Have you added this EvaluateAssertionTicketLoginModule? If you set the login module stack to the one below you should be able to authenticate normally:

EvaluateTicketLoginModule SUFFICIENT

BasicPasswordLoginModule REQUISITE

CreateTicketLoginModule OPTIONAL

You can change it in the Visual Administrator -> server -> services -> security provider. In the Components list select ticket and change it there. Save and it should work.

Thanks,

Anderson

Former Member

‎05-05-2011 10:48 AM

0 Kudos

Hi everyone,

Issue resolved. I described the stpes:

1.- Changes in RZ10 of WAS ABAP weren't saved correctly. We have re-added the parameters login/accept_sso2_ticket=1 and login/create_sso2_ticket=2.

2.- To resolve Cross-Domain issue in the easiest way, we have defined a DNS alias for backend to be in the same domain that portal and change EP Conf so the system (representing the backend) points to the new URL.

That's all.