cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Verify MYSAPSSO2 cookie after SAP portal migration 7.0 to 7.3

Go to solution
Former Member

on ‎08-02-2013 10:57 AM

0 Kudos

Hi,

we run a java application (non-SAP), which gets a MYSAPSSO2 cookie from the SAP portal (version 7.0).

After verification of the cookie we start the SSO logon process in our java application.

This works fine with cookies from SAP portal (version 7.0).

Now the SAP portal needs to be upgraded to version 7.3. With MYSAPSSO2 cookies from SAP portal 7.3 this verification process in java fails. We get the following exception: 

  1. java.security.SignatureException: Certificate not found.

The x509 certificate from the new 7.3 portal was succesfully imported into our keystore.

For our so far successful java verification process of cookies from SAP portal 7.0 we used the following SAP java libraries:

import com.sap.security.api.ticket.InfoUnit;
import com.sap.security.core.ticket.imp.Ticket;

Here is a snipplet from the source code:

public void verifyTicket(Cookie cookie) throws Exception 
{
      try {
          String base64Value = getCookieValueAsBase64(cookie);
  
          Ticket ticket = new Ticket();
          ticket.setCertificates(this.certificates);
          ticket.setTicket(base64Value);
          String vali = ticket.toString();
          ticket.verify();

The exception shows up after line 12.

Now I am not sure, if we still can use the mentioned libraries in our java verification process after the portal upgrade to 7.3.

For example, is the class com.sap.security.core.ticket.imp.Ticket no more available with 7.3? When I look at the SAP JavaDocs for 7.3 this class is missing (see here: http://help.sap.com/javadocs/NW73/SPS07/CE/se/com.sap.se/index.html). Do we have to use the class com.sap.security.api.ticket.TicketVerifier instead?

Could anyone help resolve this issue?

Thanks in advance.

Dan

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-05-2013 3:22 PM
0 Kudos

Dear Dan,

               Which algorithm you have used for the downloaded X509 certificates? Is it DSA or RSA ?

I think this might happen because of the algorithm type, since you are using old class library. Please recreate your X509 certificate with DSA and then import the same and re-try.

Regards,

Asad

Show replies
Show replies
Former Member
‎08-07-2013 8:27 AM
0 Kudos

Dear Asad,

I received the X509 certificate from our portal administrator. The signature algorithm indeed is SHA1withRSA. I will ask him to provide me a certificate with DSA.

I will tell you about the result.

Thanks for your help.

Best regards

Dan

Former Member
‎08-14-2013 3:15 PM
0 Kudos

Dan,

           If you have found any other solution, then please share it as well with the community.

Regards,

Asad

Former Member
‎08-14-2013 8:53 PM
0 Kudos

Of course, I will do so.

I think, on Friday I will get the X509 certificate with DSA. With this certificate I will retry verifing the MYSAPSSO2 cookie from 7.3 portal.

Hopefully this will solve the problem.

I will let you know.

Best regards

Dan

Former Member
‎08-16-2013 11:57 AM
0 Kudos

I retried the verification processes with a new certificate in DSA algorithm. It seems to work now.

Thank you, Asad.

Answers (1)

Answers (1)

Former Member
‎08-05-2013 8:21 AM
0 Kudos

No ideas or experiences?

Perhaps someone can tell me which java classes/packages/jar-files are now necessary to verify a cookie issued by the new 7.3 portal in a non-SAP java application. Or does a SAP guideline exist for this case?

Any help would be great.

Show replies
Show replies
Former Member
‎08-07-2013 6:38 AM
0 Kudos

How is your java application integrated with portal ?

Regards,

Asad

Former Member
‎08-07-2013 8:24 AM
0 Kudos

Our portal just holds the link to the java application. When a user clicks on the application link, the MYSAPSSO2 cookie is handed over from the portal to the java application and then the cookie verification process is started inside the java application (as mentioned above). After successful cookie verification the user is logged on at the stand-alone java application.

Former Member
‎08-07-2013 3:00 PM
0 Kudos

Dan,

       Also ask your administrator to check the domain relax level . Suppose your domain relax level is 1, your portal FQDN is myportal.mydomain.com , the domain on which your java application is running is myapp.myappdomain.com , in this case MYSAPSSO2 cookie will not be forwarded to your app. Please check the same as well.

Regards,

Asad

Former Member
‎08-08-2013 10:04 AM
0 Kudos

I guess the cookie forwarding works with 7.3, too. When I debug in eclipse to this code line 

public void verifyTicket(Cookie cookie) throws Exception

to check the content of the Cookie object, I get the correct information:

Best regards

Dan

Ask a Question