cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CUP Upgrade Time! - GRC-SAC-SAE 5.3_16.2 - Authentication Trouble

Former Member

on ‎08-09-2011 7:34 PM

0 Kudos

Hello Experts,

I am experiencing login authentication issues that I was not experiencing previously.

Old Version:

GRC-SAC-SAE 5.3_12.1

New Version

GRC-SAC-SAE 5.3_16.2

I am having wierd login issues. When I login to the UME and switch to CUP and choose user login I am not prompted to login (saved session I assume). If I hit logoff and choose "SAP Request" link and try and login I get " Invalid user credentials".

My authentication settings are saved as SAP UME. We are populating the UME with LDAP records. When I login to the UME (which I am able to login to) with my LDAP user id and password I have no problems. Not sure why I am now having troubles with CUP.

Here is a log:

2011-08-09 14:10:26,276 [SAPEngine_Application_Thread[impl:3]_22] ERROR Failed to log in <userid>

com.virsa.ae.service.umi.AuthenticationFailureException: No LoginModules configured for header

at com.virsa.ae.service.umi.ume.UMEAuthenticator.authenticate(UMEAuthenticator.java:122)

at com.virsa.ae.actions.LoginAction.requestorLoginHandler(LoginAction.java:1200)

at com.virsa.ae.actions.LoginAction.execute(LoginAction.java:93)

at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)

at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)

at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)

at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)

at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)

at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)

at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)

at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)

Caused by: javax.security.auth.login.LoginException: No LoginModules configured for header

at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:1028)

at com.virsa.ae.service.umi.ume.UMEAuthenticator.authenticate(UMEAuthenticator.java:104)

... 19 more

Thank you in advance for any help you may be able to provide. This is in my development system. I am trying to validate changes. So far it's been rough.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (6)

Answers (6)

Former Member
‎02-09-2012 2:20 PM
0 Kudos

SAP has released a patch for SAP JVM

Show replies
Show replies
Former Member
‎02-09-2012 2:18 PM
0 Kudos

I was informed by my Basis team that SAP has issued a release of SAP JVM that fixes this issue.

Show replies
Show replies
former_member269508
Discoverer
‎01-09-2012 2:05 PM
0 Kudos

Hello

The Problem with the "invalid user credentials" is resolved with the SAP JVM 4.1.017 patch, you can find the patch in the SAP Service Marketplace.

Note 1677139

Disabled the flag "UseNewHashFunction" per default. Some SAP and 3rd party coding relies on the iteration order of hash maps. Therefore, it is not possible to use a different hash function than other JVMs (Oracle, IBM, HP) causing a change in the iteration order for already delivered software. This change list reverts the hash function of the hash map class to the old default.

Regards

Bruno

Edited by: Bruno Krauer on Feb 3, 2012 3:26 PM

Show replies
Show replies
Former Member
‎01-09-2012 1:32 PM
0 Kudos

Hi ,

We too have similar problem. I have updated SAP JVM4 on my Netweaver 2004 system which contain GRC 5.3 component.

The system versions are

OS version : AIX 5.3 patch level 5300-12-05-1140

oracle version : ORACLE Release 11.2.0.2.0

Existing VM : IBM J9 VM version 2.3

Now Switched to SAP JVM4 . Because of this user were not able to access the portal . It is prompting for the username and password .

the following errorlog can you find in the systemprotocoll of the AccessEnforcer:

2012-01-09 12:57:39,682 [SAPEngine_Application_Thread[impl:3]_2] ERROR Failed to log in 208845

com.virsa.ae.service.umi.AuthenticationFailureException: No LoginModules configured for header

at com.virsa.ae.service.umi.ume.UMEAuthenticator.authenticate(UMEAuthenticator.java:113)

at com.virsa.ae.actions.LoginAction.approverLoginHandler(LoginAction.java:663)

at com.virsa.ae.actions.LoginAction.execute(LoginAction.java:73)

at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:280)

at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:449)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)

at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)

at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)

at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)

at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:160)

at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)

at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)

we were able to login to virsa enforcer link . but when we try to acces login we are getting UME authentication error. And this error is coming only after upgrading to SAP JVM4 ..

can anybody help us in this issue please.

Thanks

krishna desam

IBM Basis .

Show replies
Show replies
former_member234299
Explorer
‎10-19-2011 9:54 PM
0 Kudos

Hi,

After we upgraded our GRC 5.3 to SP16.2 with SAP JVM 4.1 We had the same problem .We created a customer message for SAP to fix this issue. However when I configured our GRC system back to IBM J9 VM 1.4.2 (previous version), the problem disappeared. You shall try this. Refer SAP Note 1522198 - How to manually configure an AS Java to use SAP JVM 4.1 and undo suitably and goto the previous version of Java 1.4.2 it will work. However we need to put back SAP JVM 4.1 after we get a suitably reply for our customer message.

Thanks

Subra

Show replies
Show replies
Former Member
‎10-20-2011 12:39 PM
0 Kudos

Thanks Subra,

we opened a SAP Call last week. We don't really want to switch back the JAVA VM. Hopefully they'll find a solution soon. For now, we still have a running prod.system with the "old" Java VM.

If you switch your authentication to one of the connected sap-systems you'll be able to login! Switching back to UME authentication will result in the same error as before.

Best Regards,

Christian1

former_member269508
Discoverer
‎11-21-2011 3:42 PM
0 Kudos

Hello

We have the same problem, any news from SAP?

VIRACLP 530.700 SP16 (1000.530.700.16.1.20110912202715)

VIRAE 530.700 SP16 (1000.530.700.16.6.20111004165451)

VIRCC 530.700 SP16 (1000.530.700.16.4.20111103171057)

VIREPRTA 530.700 SP16 (1000.530.700.16.0.20110513221931)

VIRFF 530.700 SP16 (1000.530.700.16.0.20110513221933)

VIRRE 530.700 SP16 (1000.530.700.16.0.20110607222043)

Regards,

Bruno

Former Member
‎11-22-2011 9:04 AM
0 Kudos

No, nothing. We will go back to the IBM Java. Waiting for 6 weeks is enough.

Former Member
‎11-22-2011 4:27 PM
0 Kudos

Hi,

I was about to switch to SAP JVM 4.1 on a SAP GRC running on Windows Server 2008 but I´ve found this thread so decided to wait.

Do you think this is a problem only for IBM systems or a SAP JVM problem itself?. I guess I´ll have the same problem on Windows.

Regards,

Diego.

Former Member
‎11-29-2011 9:27 PM
0 Kudos

At this time we still have not received a solution from SAP. They have been investigating this issue via a customer message.

We proceeded with our upgrade but let GRC at it's current level (12.2) until we have a fix. Currently our GRC and ABAP are out of sync but GRC is still running as expected.

Former Member
‎11-29-2011 9:34 PM
0 Kudos

We are waiting since 17.10.2011 - 6 weeks and no solution at all. I'm not to happy, as you can imagine! I guess it's because of the SAP Java VM.

Regards,

Christian

former_member269508
Discoverer
‎12-01-2011 1:13 PM
0 Kudos

Yes it's a problem with the SAP JVM, i was going back to the IBM JVM and the problem with the invalid user credentials in CUP is solved.

I also opened a customer message, I reproduce the problem on our sandbox, but no solution from SAP at the moment.

Regards

Bruno

Former Member
‎08-09-2011 9:23 PM
0 Kudos

Hi,

Did you check the CC Debugger. Are you able to view the users perfectly in CC Debugger?

If yes, go to CUP and ensure that the UME settings are correctly configured. You may try removing and adding them back.

I suspect that the issue is with the communication user that you are using with the JCo connector.

Best Regards,

Raghu

Show replies
Show replies
Former Member
‎08-10-2011 1:15 PM
0 Kudos

Hi Rag,

By CC Debugger I assume you mean RAR? Where can I locate this within RAR?

Former Member
‎08-10-2011 1:47 PM
0 Kudos

Hi,

Yes. It is a part of RAR. You can access it using the below URL:

http://<server>:<port>/webdynpro/dispatcher/sap.com/grc~ccappcomp/CCDebugger

Replace the Server and port information in the above URL with yours.

Even though it is not related to CUP, it allows you to quickly check if your GRC system is able to communicate with the backend system or not.

Once you are Debugger, select Users from the drop down, and hit Search query button.

Regards,

Raghu

Former Member
‎10-11-2011 6:50 PM
0 Kudos

This issue appears to be caused by a switch from IBM-Java to SAP-Java. After rolling back to IBM-Java this issue has cleared up. Our company has opened a customer message with SAP to provide a fix for SAP Java. It appears that the java login module is missing.

Former Member
‎10-12-2011 5:13 PM
0 Kudos

Same problem here - we switched from Sp10 to SP17 and changed the java-vm as well.

Any news?

best regards,

Christian

Ask a Question