cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Single Sign On Issue in SRM Server

Go to solution
Former Member

on ‎12-19-2011 3:05 PM

0 Kudos

Hi All,

We are trying for System Connection Tests in SRM-EP. (EP Version is 7.0)

We are in System Administration>System Configuration>Browse>Systems>T90CLNT300>System Connection Tests>Connection Test for Connectors

The error are as follows:

Test Details:

The test consists of the following steps:

1. Retrive the default alias of the system.

2. Check the connection to the backend application using the connector defined in this syatem object.

Results:

Retrival of default alias successful.

Connection Failed. Make sure that Single Sign-On is configured correctly.

The parameters for Single Sign-On are set correctly. Users has correct authorizations. In STRUST we maintained .PSE file(Certificate is imported.).

The SRM Local SLD is running and connected with necessary users. The RFCs for SRM Local SLD are working fine.

I am not getting where should be the issue with Single Sign-On?

Please help me to solve this issue.

Thanks,

Pramod

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-19-2011 3:22 PM
0 Kudos

Hi,

2. Check the connection to the backend application using the connector defined in this syatem object.

Results:

Retrival of default alias successful.

Connection Failed. Make sure that Single Sign-On is configured correctly.

Looks like your connection from Portal to SRM have issues.

1). Can you check the Logon Method or what Authentication type you are using in between Portal to SRM?

2). Can you try to delete the certificates from SRM , portal and try to re-import again?

3). Please check the TICKET Login Modules have right value.

4). Check the services file entry also

I am sure, you went thru research before posting thread, however check this link too

http://wiki.sdn.sap.com/wiki/display/EP/SSO,ConfigurationSteps

Thanks,

Sravanthi

Show replies
Show replies
Former Member
‎12-20-2011 5:47 AM
0 Kudos

Hi,

Thanks for reply.

The settings maintained in Visual Admin. are as follows:

UME Provider:

login.ticket_client= 000

login.ticket_include_cert=false

login.ticket_keyalias=SAPLogonTicketKeypair

and in Key Storage under TicketKeyStore I have 3 entries: SAPLogonTicketKeyPair, SAPLogonTicketKeyPair-Cert, SID_300

and in RZ10 the parameters maintained are

login/accept_sso2_ticket=1

login/create_sso2_ticket=2

In strust settings:System Pse: HOSTNAME_SID_INSTANCENO

In strustsso2: under Logon Ticket: ACL: System=SID(AS JAVA), Client=000, Certificate Owner=(OU=J2EE),(CN=SRJ)

Still any changes need to be maintained and need more details please tell me.

I am doing it according to the guides.

Thanks,

Pramod

Answers (1)

Answers (1)

Former Member
‎12-20-2011 1:23 AM
0 Kudos

Hello Pramod,

Have you performed connection test with the user which exists in backend ABAP system?

Please make sure you have maintained portal system details in backend client 000 and production client ACL and ABAP system details in Portal ACL.

Please go through the help link for more details.

http://help.sap.com/saphelp_ep50sp2/helpdata/en/4d/dd9b9ce80311d5995500508b6b8b11/content.htm

Thanks,

Siva Kumar

Show replies
Show replies
Former Member
‎12-20-2011 5:58 AM
0 Kudos

Hi Siva Kumar,

Thanks for replying.

Have you performed connection test with the user which exists in backend ABAP system?

--- How to do that? Whether from EP or from Visual Admin.

As posted earlier in strustsso2 I can see under Logon Ticket: ACL: System=SID(AS JAVA), Client=000, Certificate Owner=(OU=J2EE),(CN=SID (AS JAVA))

Thanks,

Pramod

Former Member
‎12-20-2011 9:13 AM
0 Kudos

Hi Pramod,

How to do that? Whether from EP or from Visual Admin.

- Login to EP with the user that exist in both EP and backend ABAP system and do connection test as you did earlier.

As posted earlier in strustsso2 I can see under Logon Ticket: ACL: System=SID(AS JAVA), Client=000, Certificate Owner=(OU=J2EE),(CN=SID (AS JAVA))

- You should be able to see the same entry when login to production client, not only from client 000.

Thanks,

Siva Kumar

Former Member
‎12-22-2011 8:38 AM
0 Kudos

Hi Pramod,

I faced the SSO issue, and had checked that every SSO configuration was fine.

But it was something else.

So can you please check that system time of both servers are same between which you are doing SSO.

Thanks & Regards,

Amit Barnawal

Ask a Question