cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

A failure occured while importing Java SSO ticket certificate in ABAP stack

Former Member

on ‎04-30-2013 9:29 AM

0 Kudos

Hello,

I got an error in SAP Solution Manager 7.1  Basic Configuration -  at SSO-Setup

Found SID for SSO ACL entry : SMD
Found login.ticket_client for SSO ACL entry : 000
The Read entry permission on TicketKeystore/SAPLogonTicketKeypair-cert was given to sap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar
The TicketKeystore/SAPLogonTicketKeypair-cert was succesfully read (618 bytes)
ABAP SSO ticket certificate of SMD was imported in ABAP PSE of localhost (client 001)
The ABAP SSO ticket certificate was successfully imported in ABAP System PSE, and the ACL updated accordingly (SID=SMD LoginTicketClient=001)
A failure occured while importing Java SSO ticket certificate in ABAP stack
!! Exception : FOREIGN_ENQUEUE_LOCK(Abap cause=SOLMAN_ADMINE_TABLEE)
The ABAP instance profile contains the parameter : login/accept_sso2_ticket=1
The SSO ticket Certificate <CN=SMD> has been successfully imported into Java Keystore
The com.sap.security.core.server.jaas.EvaluateTicketLoginModule already contained the entry : trustedsys=SMD, 001 trustediss=CN=SMD trusteddn=CN=SMD
The Authentication template for component sap.com/SQLTrace*OpenSQLMonitors was already set to ticket
The Authentication template for component sap.com/SQLTrace*SQLTrace was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*monitoring was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*sap_monitoring was already set to ticket
The Authentication template for component sap.com/com.sap.security.core.admin*useradmin was already set to ticket
The Authentication template for component sap.com/tc~webadministrator~solmandiag*smd was already set to ticket
The Authentication template for component sap.com/tc~smd~e2etraceupload*E2EClientTraceUploadW was already set to ticket
The com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule already contained the entry : trustedsys=SMD, 001 trustediss=CN=SMD trusteddn=CN=SMD
The Authentication template for component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1 has been set to evaluate_assertion_ticket
The Login Module BasicPasswordLoginModule was added to the security component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1
The ABAP instance profile contains the parameter : login/create_sso2_ticket=2

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

TomCenens
Active Contributor
‎04-30-2013 11:33 AM
0 Kudos

Hi Roland

It looks like you or someone else is locking a needed object

~!! Exception : FOREIGN_ENQUEUE_LOCK(Abap cause=SOLMAN_ADMINE_TABLEE)

Ensure that you and anyone else is not in transaction STRUSTSSO2 for example before running the step in the wizard.

Best regards

Tom

Show replies
Show replies
Former Member
‎04-30-2013 11:50 AM
0 Kudos

Hi Tom,

thx for your response, but I do not see anybody using the TA STRUSTSSO2 , Iam alone on this engine.

Roland

Former Member
‎04-30-2013 12:00 PM
0 Kudos

Tom,

but I saw in TA STRUSTSSO2 on left side everythin was red crossed, so by right mouse and created the certifcates, except one (SSF Collaboration Integration)  I could not create, because of a wrong text string in the popped up window "Create PSE" I have no idea what name to put in here, cloud not create it

This text was in the field:
SMD SSF Collaboration Integration Library: oAuth Appl


The error chnaged now to

A failure occured while importing Java SSO ticket certificate in ABAP stack

!! Exception : INTERNAL_ERROR

Roland

TomCenens
Active Contributor
‎04-30-2013 12:20 PM
0 Kudos

Hi Roland

You should not go and create each node in STRUSTSSO2 when nothing exists.

The entry of relevance should be the "System PSE". When you expand the System PSE folder, you should see one entry (with a green light).

Best regards

Tom

TomCenens
Active Contributor
‎04-30-2013 12:20 PM
0 Kudos

Hi Roland

Have you checked SM12 lock entries?

Best regards

Tom

Former Member
‎04-30-2013 12:31 PM
0 Kudos

Tom,

nothing in SM12

to late I created each node in STRUSTSSO2 !

and anytime I click firts on the System PSE I need to give my password ?

See How it looks don wbelow

Roland

TomCenens
Active Contributor
‎05-02-2013 5:58 AM
0 Kudos

Hi Roland

System PSE looks ok but it's just doesn't make sense to create each node in the left pane if  you are not going to use SNC or SSL for example.

I assume your basic SSO setup is now working between ABAP & JAVA?

Best regards


Tom

Former Member
‎05-08-2013 9:22 AM
0 Kudos

Hi Tom,

i was out of th eoffice for a while an dcoul dnot take care of my problem.

Unfortuneatly i still struggle with that SSO issue, but i receive a different error messages and really do not know how the solve it?

Found SID for SSO ACL entry : SMD
Found login.ticket_client for SSO ACL entry : 000
The Read entry permission on TicketKeystore/SAPLogonTicketKeypair-cert was given to sap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar
The TicketKeystore/SAPLogonTicketKeypair-cert was succesfully read (618 bytes)
ABAP SSO ticket certificate of SMD was imported in ABAP PSE of localhost (client 001)
The ABAP SSO ticket certificate was successfully imported in ABAP System PSE, and the ACL updated accordingly (SID=SMD LoginTicketClient=001)
A failure occured while importing Java SSO ticket certificate in ABAP stack
!! Exception : INTERNAL_ERROR
The ABAP instance profile contains the parameter : login/accept_sso2_ticket=1
The SSO ticket Certificate <CN=SMD> has been successfully imported into Java Keystore
The com.sap.security.core.server.jaas.EvaluateTicketLoginModule already contained the entry : trustedsys=SMD, 001 trustediss=CN=SMD trusteddn=CN=SMD
The Authentication template for component sap.com/SQLTrace*OpenSQLMonitors was already set to ticket
The Authentication template for component sap.com/SQLTrace*SQLTrace was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*monitoring was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*sap_monitoring was already set to ticket
The Authentication template for component sap.com/com.sap.security.core.admin*useradmin was already set to ticket
The Authentication template for component sap.com/tc~webadministrator~solmandiag*smd was already set to ticket
The Authentication template for component sap.com/tc~smd~e2etraceupload*E2EClientTraceUploadW was already set to ticket
The com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule already contained the entry : trustedsys=SMD, 001 trustediss=CN=SMD trusteddn=CN=SMD
The Authentication template for component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1 has been set to evaluate_assertion_ticket
The Login Module BasicPasswordLoginModule was added to the security component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1
The ABAP instance profile contains the parameter : login/create_sso2_ticket=2

Roland

francois_keen
Participant
‎05-08-2013 2:35 PM
0 Kudos

Hi Roland

Is that a brand new install or a solman upgrade? I realized that when upgrading an existing system to 7.1, the SSO Setup of the Configure Automatically step messes up the existing config...

Check the trusted relationship in NWA [Configuration > Trusted Systems], tt may complain about abap duplicate keys... If so, just get rid of the unwanted key in the keystore via visual admin.

On the ABAP side, you look ok as you told it to trust your java 000. I however always add the own ABAP certif in the Certificate List.

If your config looks ok in NWA, just mark the SSO Setup step as Manually Done...

Cheers

Francois

Ask a Question