Solved: SSO error: "Es wurde ein nicht interpretierbares S...

former_member184588 · ‎01-11-2012

Hello,

I am just configuring SSO between NW Portal 7.3 and an system with ABAP stack. With the new Portal it seems that you just call the "trusted systems" configuration in the NWA an connect there with the other system. This works and the ticket is visible in the other system. The instance profile of the other ABAP stack was already changed for another SSO scenario.

When I call ESS the following error message occurs: "Es wurde ein nicht interpretierbares SSO-Ticket empfangen"

Did someone has the same problem with the NW Portal 7.3?

Is it necessary to restart the ABAP system afterwards?

Greetings, Vanessa

Former Member · ‎01-11-2012


> Is it necessary to restart the ABAP system afterwards?

Hello,

You have, at least, to restart the ABAP stack ICM with transaction SMICM.

Regards,

Olivier

Former Member · ‎01-11-2012


> Is it necessary to restart the ABAP system afterwards?

Hello,

You have, at least, to restart the ABAP stack ICM with transaction SMICM.

Regards,

Olivier

former_member184588 · ‎01-12-2012

Hello Olivier,

thanks for your reply. I restarted the ICM stack but the problem stays the same. We thought that the problem occurs because we the servers are in two different domains and so we moved the portal to the same domain. But also here... the problem is still the same.

Greetings, Vanessa

Former Member · ‎01-12-2012

Hi Vanessa,

Please check your SSO tickets. The receiver is not able to interpret the sent ticket. Make sure the encryption is same for both sending and receiving systems.

you can switch the trace on and check the trace for additional information on the error. T-Code SMICM->-goto->trace level->set.

after the work is done, reset the trace level and display the trace from :T-Code SMICM->-goto->trace file->display.

Regards,

Srihari

Edited by: Srihari Rao on Jan 12, 2012 5:30 PM

Former Member · ‎01-12-2012

Hi Vanessa,

Domain is not a problem for ESS because it uses JCO RFC to connect to the ECC system. Therefore the MYSAPSSO2 is not sent as an HTTP cookie and does not depend from the DNS domain.

It would be a problem with SSO for BSP or AWD applications...

Srihari Rao is right : you should check the encryption used on both systems.

Regards,

Olivier

former_member184588 · ‎01-13-2012

Thanks a lot for your really valuable informations.

I can see in the portal 7.3 that "Trusted System SSO Certificate Information" is

[Subject DN]: CN=ABC

[Issuer DN]: CN=ABC

[Not valid before]: 1. Oktober 1997 00:00:00 GMT

[Not valid after:]: 1. Januar 2038 00:00:00 GMT

[Sign Algorithm]: SHA-1/DSA

[Public-Key Algorithm]: DSA

[Public-Key Format]: X.509

[Serial Number]: 0

[Version]: 1

[Fingerprint]: 61:E4:93:05:57:EA:F1:14:55:34:A9:70:20:15:C4:EE

and in SSO Certificate Information the Sign Algorithm is SHA/DSA,

Sign Algorithm SHA/DSA(1.2.840.10040.4.3)

Public-Key Algorithm DSA

Public-Key Format X.509

Serial Number 0

Version 1

Should this be correct (I don't know if there is a difference betrwwen SHA-1 and SHA) or how can I change one of the values?

Thanks a lot,

Vanessa

Former Member · ‎01-13-2012

Hi Vanessa,

SHA-1is next version of SHA, but corrects an error in the original SHA hash specification. Please get SHA-1 cerificate for your server. The receiving system (trusted system) is looking for SHA-1 while the sender(your server) is sending SHA.

Regards,

Srihari

former_member184588 · ‎01-13-2012

It works now. Thanks a lot for all your valuable answers.

Former Member · ‎01-11-2012

This message was moderated.

Former Member · ‎09-11-2015

Hello Vanessa,

i have the same problem with the SSO Error. Can you tell me how have you solved this problem and how you set the SSH-1 certificate at the sender (NetWeaver)?

Best regards,

Dejan

SSO error: "Es wurde ein nicht interpretierbares SSO-Ticket empfangen"