03-05-2007 8:22 PM
Hello,
Can some one help me to resolve this issue
We recently upgraded JRE on our development environment for the <b>DST resolution</b> from <b>1.4.2.06 to 1.4.2.13</b>, and found that
it broke our user mapping functionality and we may be on weak encryption <b>(also How do we find what type of encryption is installed on the portal?)</b> so followed <b>SAP note 796540</b>, but that didn't helped the issue, here are the following errors
#1.5#001143EF10D8008700000061000011FC00042AAA8CBB182E#1172811900726#com.sap.security.core.umap.imp.UserMappingDataImp
#sap.com/irj#com.sap.security.core.umap.imp.UserMappingDataImp.handleEncryptedFields(int, String)#anon_adp#0####
31055970c87311dbbfa4001143ef10d8#Thread [ThreadPool.Worker3,5, SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/
System/Security/Usermanagement#Plain###Cannot decrypt user mapping data for principal "Administrator" (unique ID: "USER.PRIVATE_DATASOURCE.un:Administrator") and backend system "UME_R3"
because the "<b>JCE Policy Files for unlimited strength encryption</b>" have not been (correctly) installed in the Java Environment that is
used by this server. Please check the documentation on how to get and install those files. See also SAP note 796540.#
#1.5#001143EF10D80087000000C2000011FC00042AAB634D314F#1172815500631#com.sap.security.core.umap.imp.UserMappingDataImp#
sap.com/irj#com.sap.security.core.umap.imp.UserMappingDataImp#anon_adp#0####31055970c87311dbbfa4001143ef10d8#Thread[ThreadPool.Worker3,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error##Java###handleEncryptedFields(int, String)
[EXCEPTION]
<b> #1#java.lang.SecurityException: Unsupported keysize or algorithm parameters</b> at javax.crypto.Cipher.init(DashoA12275)
at com.sap.security.core.vault.StringEncryptor.decryptRaw(StringEncryptor.java:190)
at com.sap.security.core.umap.imp.EncryptedFieldBlob.decrypt(EncryptedFieldBlob.java:182)
at com.sap.security.core.umap.imp.UserMappingDataImp.handleEncryptedFields(UserMappingDataImp.java:1005)
at com.sap.security.core.umap.imp.UserMappingDataImp.getLogonDataForSystem(UserMappingDataImp.java:1281)
at com.sap.security.core.umap.imp.UserMappingDataImp.internalInit(UserMappingDataImp.java:180)
at com.sap.security.core.umap.imp.UserMappingDataImp.<init>(UserMappingDataImp.java:104)
at com.sap.security.core.umap.imp.UserMapping.getUserMappingData(UserMapping.java:308)
I appreciate for any suggestions
Thanks,
kk
03-06-2007 10:06 AM
Hi kk,
if you see that error message "Unsupported keysize or algorithm parameters", you can be sure you have at least one strongly encrypted user mapping (namely the one being read when the error occurred). Please follow the note you already looked at and make sure you have installed the JCE policy files for unlimited strength encryption correctly. That means, you need to remove the existing JCE policy files and install the new ones. If you have several servers in the cluster, make sure you do that on every single server because each of them has its own JRE installation.
Best regards
Heiko
03-06-2007 9:02 AM
Hello,
once you install strong encryption it can't be reverted back. You can check from the Config Tool (check box <i>Encrypted Secure Store</i> under nav tree node <i>Secure Store</i> is enabled) whether strong encryption is enabled or not.
Therefore, SAP note 796540 doesn't apply to your case (it applies only if you never used strong encryption), and you should revert the change to the UME property, made per the note.
Try this to see if it works for you. Also, make sure that the OS system paths to the location of the JDK in your file system are updated.
Regards,
Yonko
03-06-2007 10:06 AM
Hi kk,
if you see that error message "Unsupported keysize or algorithm parameters", you can be sure you have at least one strongly encrypted user mapping (namely the one being read when the error occurred). Please follow the note you already looked at and make sure you have installed the JCE policy files for unlimited strength encryption correctly. That means, you need to remove the existing JCE policy files and install the new ones. If you have several servers in the cluster, make sure you do that on every single server because each of them has its own JRE installation.
Best regards
Heiko
03-08-2007 3:50 PM
Thanks Heiko, The issue is resolved after installing the "strong/unlimited strength" JCE files
Appreciate every one's help on this
Thanks
03-07-2007 2:11 PM
Also have a kind look on <a href="https://service.sap.com/sap/support/notes/739043">SAP Note 739043</a>