on 07-16-2013 8:25 AM
Hello Community,
my problem is, that I can't use SSO for transactions like "sm_workcenter" or "lmdb".
I'm getting a dialog for my credentials with no error message.
Then after logging in with my credentials I got an error:
"SSO logon not possible; no logon ticket due to incorrect configuration"
I ran the transaction "sso2", and everything is green.
Certificate of the Issuing System for the Logon Ticket
Owner CN=***, OU=I0020725689, OU=SAP Web AS, O=SAP Trust Community, C=DE
Issuer CN=***, OU=I0020725689, OU=SAP Web AS, O=SAP Trust Community, C=DE
Serial Number 20121121075403
Validity 20121121 075403 20380101 000001
Check Sum 25:51:B7:30:1E:01:64:D8:6B:4******************
Profile Parameters login/create_sso2_ticket = 2
System *** Is Creating Logon Tickets That Do not Include Its Certificate
The Current System *** Is Also the Issuing System for the Logon Ticket
An Entry in Certificate List of *** Is not Necessary
The Certificate for System *** Is not Included In the Certificate List for System ***
System *** Accepts Verified Logon Tickets for System ***
Own System Data
SAP System *** Client 001
Profile Parameters login/accept_sso2_ticket = 1
Logon Tickets Are Accepted
Certificate List
The Certificate List Is Used To Verify the Digital Signature for the Logon Ticket
E:\usr\sap\***\DVEBMGS01\sec\SAPSYS.pse
Owner CN=***_JAVA
Issuer CN=***_JAVA
Serial Number 6C8F6C58
Systems for Which *** Accepts Verified Logon Tickets
The Access Control List Defines Which Systems the Verified Logon Tickets Are Accepted From
Table TWPSSO2ACL
SAP System *** Client 001
Owner CN=***, OU=I0020725689, OU=SAP Web AS, O=SAP Trust Community, C=DE
Issuer CN=***, OU=I0020725689, OU=SAP Web AS, O=SAP Trust Community, C=DE
Serial Number 20121121075403
This Is the Certificate of the Issuing System for Logon Tickets
SAP System *** Client 002
Owner CN=***_JAVA
Issuer CN=***_JAVA
Serial Number 6C8F****
Application server PSE:
ID: CN=***, OU=I0020725689, OU=SAP Web AS, O=SAP Trust Community, C=DE
Namespace:
Profiles: E:\usr\sap\***\DVEBMGS01\sec\SAPSYS.pse
OK: file available, length: 2.500
OK: local PSE identical to original in database
OK: security toolkit available
Version
SSFLIB Version 1.555.34 ; SAPCRYPTOLIB Version 5.5.5pl34 (+MT,AES-NI) ##Copyright (c) SAP AG, 2011-2012##compiled for Windows 64-bi
OK: signature tested successfully
As I mentioned before, everything is green.
Which trace files are needed to analyse the problem?
Best regards
Bastian
Hi Bastian,
Check if you are trying to logon with a service user. If so, try with a dialog user.
Hope it helps.
Regards,
Hugo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.