02-22-2007 3:34 PM
Hi All,
I am trying to configure Logon Tickets on my WAS 6.2 System (Basis Patch Level 32 and ABAP Patch Level 57).
I have read quite a bit in the HELP and OSS but am unable to get this working.
Here is what have done so far:
In the DEFAULT.PFL file I have created the following entries
login/accept_sso2_ticket=1
login/create_sso2_ticket=2
login/ticket_expiration_time=6000
sec/libsapsecu=.\sapsecu.dll
ssf/ssfapi_lib=.\sapsecu.dll
ssf/name=SAPSECULIB
In the BSP_D00.pfl file I have the following
DIR_EXECUTABLE=.
Here is the problem. When I run transaction STRUST, I am immiediately prompted for a password for the system PSE. I have no idea what password this is. Does anyone know what I need to put in there? I have tried several things (User Pwd, etc) but I get an error. At the bottom of the screen there is also the error message
Error during test signature
Anyone have any ideas?
02-22-2007 4:52 PM
Hello Alon
Did you assign a PIN when you created the PSE? If so, that is the password transaction STRUST is asking for. If the password is lost, then the only alternative is to recreate the PSE. But keep in mind that the keys stored in the PSE (private key,
own certificate, CA certificate (if available) and certificates in the certificate list) will disappear if you recreate the PSE.
If you have not used a PIN when creating the PSE, then it is possible that the PSE has become corrupted (this is the reason why the STRUST asks for the password) and then you will have to recreate the PSE again.
Some further information on SSO can be found in http://service.sap.com/security --> security in detail --> secure user access.
Best regards,
Désiré
02-22-2007 4:52 PM
Hello Alon
Did you assign a PIN when you created the PSE? If so, that is the password transaction STRUST is asking for. If the password is lost, then the only alternative is to recreate the PSE. But keep in mind that the keys stored in the PSE (private key,
own certificate, CA certificate (if available) and certificates in the certificate list) will disappear if you recreate the PSE.
If you have not used a PIN when creating the PSE, then it is possible that the PSE has become corrupted (this is the reason why the STRUST asks for the password) and then you will have to recreate the PSE again.
Some further information on SSO can be found in http://service.sap.com/security --> security in detail --> secure user access.
Best regards,
Désiré
02-22-2007 5:19 PM
Hi Desiree,
Thank you very much for your response.
I did not assign a PIN to the PSE because I never created the PSE. From what I have read, the SYSTEM.PSE is automatically created when you launch the WAS server. I did (at one point) delete the SYSTEM.PSE and I noticed that the WAS created a brand new one. However, when I launched STRUST again it prompted me for a password/pin.
Should I create my own PSE or can I use the SYSTEM.PSE. I plan on using my own certificate as this is just a proof of concept system.
Regards,
Alon
10-01-2007 11:37 AM
Hi Alon,
Give the password of J2ee_admin or Administrator which you use for entering into visual admin.
Regards,
Madhusudhan