on 04-30-2013 9:29 AM
Hello,
I got an error in SAP Solution Manager 7.1 Basic Configuration - at SSO-Setup
Found SID for SSO ACL entry : SMD
Found login.ticket_client for SSO ACL entry : 000
The Read entry permission on TicketKeystore/SAPLogonTicketKeypair-cert was given to sap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar
The TicketKeystore/SAPLogonTicketKeypair-cert was succesfully read (618 bytes)
ABAP SSO ticket certificate of SMD was imported in ABAP PSE of localhost (client 001)
The ABAP SSO ticket certificate was successfully imported in ABAP System PSE, and the ACL updated accordingly (SID=SMD LoginTicketClient=001)
A failure occured while importing Java SSO ticket certificate in ABAP stack
!! Exception : FOREIGN_ENQUEUE_LOCK(Abap cause=SOLMAN_ADMINE_TABLEE)
The ABAP instance profile contains the parameter : login/accept_sso2_ticket=1
The SSO ticket Certificate <CN=SMD> has been successfully imported into Java Keystore
The com.sap.security.core.server.jaas.EvaluateTicketLoginModule already contained the entry : trustedsys=SMD, 001 trustediss=CN=SMD trusteddn=CN=SMD
The Authentication template for component sap.com/SQLTrace*OpenSQLMonitors was already set to ticket
The Authentication template for component sap.com/SQLTrace*SQLTrace was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*monitoring was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*sap_monitoring was already set to ticket
The Authentication template for component sap.com/com.sap.security.core.admin*useradmin was already set to ticket
The Authentication template for component sap.com/tc~webadministrator~solmandiag*smd was already set to ticket
The Authentication template for component sap.com/tc~smd~e2etraceupload*E2EClientTraceUploadW was already set to ticket
The com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule already contained the entry : trustedsys=SMD, 001 trustediss=CN=SMD trusteddn=CN=SMD
The Authentication template for component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1 has been set to evaluate_assertion_ticket
The Login Module BasicPasswordLoginModule was added to the security component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1
The ABAP instance profile contains the parameter : login/create_sso2_ticket=2
Hi Roland
It looks like you or someone else is locking a needed object
~!! Exception : FOREIGN_ENQUEUE_LOCK(Abap cause=SOLMAN_ADMINE_TABLEE)
Ensure that you and anyone else is not in transaction STRUSTSSO2 for example before running the step in the wizard.
Best regards
Tom
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Tom,
but I saw in TA STRUSTSSO2 on left side everythin was red crossed, so by right mouse and created the certifcates, except one (SSF Collaboration Integration) I could not create, because of a wrong text string in the popped up window "Create PSE" I have no idea what name to put in here, cloud not create it
This text was in the field:
SMD SSF Collaboration Integration Library: oAuth Appl
The error chnaged now to
A failure occured while importing Java SSO ticket certificate in ABAP stack
!! Exception : INTERNAL_ERROR
Roland
Hi Tom,
i was out of th eoffice for a while an dcoul dnot take care of my problem.
Unfortuneatly i still struggle with that SSO issue, but i receive a different error messages and really do not know how the solve it?
Found SID for SSO ACL entry : SMD
Found login.ticket_client for SSO ACL entry : 000
The Read entry permission on TicketKeystore/SAPLogonTicketKeypair-cert was given to sap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar
The TicketKeystore/SAPLogonTicketKeypair-cert was succesfully read (618 bytes)
ABAP SSO ticket certificate of SMD was imported in ABAP PSE of localhost (client 001)
The ABAP SSO ticket certificate was successfully imported in ABAP System PSE, and the ACL updated accordingly (SID=SMD LoginTicketClient=001)
A failure occured while importing Java SSO ticket certificate in ABAP stack
!! Exception : INTERNAL_ERROR
The ABAP instance profile contains the parameter : login/accept_sso2_ticket=1
The SSO ticket Certificate <CN=SMD> has been successfully imported into Java Keystore
The com.sap.security.core.server.jaas.EvaluateTicketLoginModule already contained the entry : trustedsys=SMD, 001 trustediss=CN=SMD trusteddn=CN=SMD
The Authentication template for component sap.com/SQLTrace*OpenSQLMonitors was already set to ticket
The Authentication template for component sap.com/SQLTrace*SQLTrace was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*monitoring was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*sap_monitoring was already set to ticket
The Authentication template for component sap.com/com.sap.security.core.admin*useradmin was already set to ticket
The Authentication template for component sap.com/tc~webadministrator~solmandiag*smd was already set to ticket
The Authentication template for component sap.com/tc~smd~e2etraceupload*E2EClientTraceUploadW was already set to ticket
The com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule already contained the entry : trustedsys=SMD, 001 trustediss=CN=SMD trusteddn=CN=SMD
The Authentication template for component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1 has been set to evaluate_assertion_ticket
The Login Module BasicPasswordLoginModule was added to the security component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1
The ABAP instance profile contains the parameter : login/create_sso2_ticket=2
Roland
Hi Roland
Is that a brand new install or a solman upgrade? I realized that when upgrading an existing system to 7.1, the SSO Setup of the Configure Automatically step messes up the existing config...
Check the trusted relationship in NWA [Configuration > Trusted Systems], tt may complain about abap duplicate keys... If so, just get rid of the unwanted key in the keystore via visual admin.
On the ABAP side, you look ok as you told it to trust your java 000. I however always add the own ABAP certif in the Certificate List.
If your config looks ok in NWA, just mark the SSO Setup step as Manually Done...
Cheers
Francois
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.