Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SSO Administration not possible

Former Member
0 Kudos

Hi

In SSO2 transaction, We have executed rfc destination. In next screen it showing the following error.

SSFP_SET_TEMPPSE return code 4 RFC destination. SSO administration is not possible and i am not able see the ACL activation button on top of application tool bar.

Below is the log, I have collected from dev_w0 trace file

Sun Nov 12 00:07:31 2006

M *** ERROR => PfHIndGetTime: no oldest or youngest found in index [pfhypind.c 1261]

M PfHIndDumpIndex: dumping Hyperindex at <03780CA0>

M Eye-Catcher: anf:<*PFHIND> end:<PFHIND*>

M Slots: 48; Records: 0

M sorted: 1, youngest<4294967295>, oldest<4294967295>

M Adresse Offset binary index header

M -


M 23090150 000000 2a2a5046 48494e44 2a2a0000 00000000 |*PFHIND*......|

M 23090160 000016 30000000 01000000 ffffffff ffffffff |0...............|

M 23090170 000032 2a2a5046 48494e44 2a2a0000 |*PFHIND*.. |

M -


M The records:

M 0: empty

M ...

M 47:empty

M Sorted list of the records

M *** ERROR => PfReadStatRec: PfHIndGetTime failed (rc=7) [pfxxstat.c 10898]

N

N Sun Nov 12 03:03:25 2006

N Ssf_GetOwnCertificate: SsfOpenProfile failed with rc=23Ssf_GetOwnCertificate: SsfOpenProfile failed with rc=23N

N Sun Nov 12 20:44:34 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 1443)SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)SsfParseCertificate(SUMMARY): Buffer too short (512 - 979)N

N Sun Nov 12 20:44:39 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)N

N Sun Nov 12 20:45:00 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 1443)SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)SsfParseCertificate(SUMMARY): Buffer too short (512 - 979)N

N Sun Nov 12 20:45:24 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)N

N Sun Nov 12 20:57:09 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 1443)SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)SsfParseCertificate(SUMMARY): Buffer too short (512 - 979)N

N Sun Nov 12 20:57:16 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)N

N Sun Nov 12 20:57:24 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)N

N Sun Nov 12 21:16:25 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 1443)SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)SsfParseCertificate(SUMMARY): Buffer too short (512 - 979)N

N Sun Nov 12 21:16:29 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)N

N Sun Nov 12 21:17:07 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 1443)SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)SsfParseCertificate(SUMMARY): Buffer too short (512 - 979)N

N Sun Nov 12 21:17:08 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)N

N Sun Nov 12 21:26:16 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 1443)SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)SsfParseCertificate(SUMMARY): Buffer too short (512 - 979)N

N Sun Nov 12 21:26:42 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)N

N Sun Nov 12 21:27:19 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 1443)SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)SsfParseCertificate(SUMMARY): Buffer too short (512 - 979)N

N Sun Nov 12 21:28:07 2006

SsfParseCertificate(SUMMARY): Buffer too short (512 - 1443)SsfParseCertificate(SUMMARY): Buffer too short (512 - 877)SsfParseCertificate(SUMMARY): Buffer too short (512 - 1335)SsfParseCertificate(SUMMARY): Buffer too short (512 - 979)M

M Sun Nov 12 21:44:31 2006

M ***LOG R2G=> ThPlgTimeout, Timeout () [thxxplg.c 5087]

Please some one can help me to solve this problem.

Thanks and regards

Seshu

8 REPLIES 8

Former Member
0 Kudos

Did you every get a solution to this problem?

0 Kudos

Sorry, I havent find the reason till now why it prompting this error. anyhow we are not facing SSO problem.

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
0 Kudos

If transaction SSO2 shows that error message ("SSFP_SET_TEMPPSE return code 4") it indicates that you lack an authorization for file access (S_DATASET).

If you call transaction STRUSTSSO2 (and double-click on the SYSTEM PSE) you'll face the same problem (but maybe receive a better error message).

Cheers, Wolfgang

former_member912992
Participant
0 Kudos

Hi Seshu,

Please try transaction code STRUSTSSO2. Expand the 'System PSE', it should be green. Otherwise, right click on it and 'Replace'.

Another thing is, have you imported the certificate into the system, 'Add to Certificate List' and 'Add to ACL'? Then the certificates should be listed on both 'System PSE' and 'Single Sign-On Access Control List' in the right side of this transaction.

Regards,

Agoes

0 Kudos

<b>Please be careful with such an advice.</b>

Replacing the PSE (Personal Security Environment) will not only replace the certificate (including the corresponding private key) but also <b>delete the entire certificate list</b> (i.e. all certificates that have been imported, previously).

Furthermore: it is not always the "System PSE" which is in charge of SAP logon tickets.

Please notice: Seshu was stating that they are "not facing [any] SSO problem". So, I'd strongly disencourage to replace the PSE since that (replacing the PSE) will cause problems (due to loss of imported certificates).

Regards, Wolfgang

PS: good news - the new "NetWeaver Administrator" (/NWA) will contain a "SSO configuration wizzard". NetWeaver ABAP systems can be enabled for NWA administration, see <a href="https://service.sap.com/sap/support/notes/1014077">SAP Note 1014077</a>.

0 Kudos

Hi Wolfgang,

Thanks for your response. I think all the certificates can be exported and re-imported again afterwards.

I was thinking if system PSE is red, then it can be replaced with the right one. But, I might be wrong...

Regards,

Agoes

0 Kudos

I have not read any information (provided by Seshu) regarding problems with PSEs ("red lights"). And unless that is the case, I'd recommend not to replace the PSE. Replacing a PSE should be in the last line.

Regards, Wolfgang

PS: I'm pretty sure that those problems reported by transaction SSO2 are just indicating some "missing authorization" problems.

0 Kudos

I ran into this issue recently when configuring the Risk Management 3.0 solution with SSO. Turns out SSO won't work if you are doing the configuration in the Java Engine with the user j2ee_admin and that user doesn't exist on the ABAP side. It would be a good idea to make sure that the user you are using to test the SSO connection actually has a user ID in the ABAP client where the connector is configured to logon.