cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

TicketKeyStore lenght field NW 7.01

Go to solution
nicola_blasi
Active Participant

on ‎08-07-2013 11:16 AM

0 Kudos

Hy

i have a problem in SSO configuration from sap portal and sap SRM 7.01 .

All worked ok until SapLogonTicketKeyPair expired 3 days ago.

I've regenerated it using lenght field 2048 with DSA algorithm.

I've exported it in x.509 format (crt) and imported in client 000 strustsso2 in sap system (ACl , etc) .. .

I've restarted smicm but "sso logon not allowed" continued to exist.

Some collegues told me about a problem of lenght field and try with a 1024 instead of a 2048.

I tried to generate in this manner but portal doesn't recognize it in NWA:

SSO Certificate : not found

From default trace i had a Java.security.NoSuchAlgorithmException:

#1.5^H#24B6FD785C7B00680000000A000063E20004E34A91EED7BB#1375809322276#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#J2EE_ADM_PQW#106##n/a##55181753febb11e2b7b70000090f317a#SAPEngine_Application_Thread[impl:3]_34##0#0#Error##Java###Authentication stack: [{0}].

[EXCEPTION]

{1}#2#ticket#java.security.NoSuchAlgorithmException: ID21109: Remote call errored

        at com.sap.engine.services.keystore.spi.EBSDKSKeyStoreSpiImpl.engineGetKey(EBSDKSKeyStoreSpiImpl.java:162)

        at java.security.KeyStore.getKey(KeyStore.java:320)

        at com.sap.security.core.server.jaas.CreateTicketLoginModule.commit(CreateTicketLoginModule.java:390)

        at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.commit(LoginModuleLoggingWrapperImpl.java:211)

So nobody user could connect to the system. So i tried to regenerate a new keystore 2048 to permit access by the users.

How can i try to generate a 1024 key now? Or Have i missing something to regenerate a SapLogonTicketKeyPair exipred?.

Thanks

Nick

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-07-2013 11:52 AM
0 Kudos

Hi Nicola

im not an expert with x.509 format but have you tried to import the productive client of SRM?

Let me know

cheers

a

Show replies
Show replies
nicola_blasi
Active Participant
‎08-07-2013 12:35 PM
0 Kudos

Hy Andrea

right now i've tried to import also in productive client of abap system.

I'm waiting if user has the problem yet.

It seems was the same that i have in 000 anyway i tried.

Rishi: i've done what you said ...but problem with 1024 lenght...portal work only with 2048...with 1024 i have the problem descripted in first message.

Thanks

Nick

nicola_blasi
Active Participant
‎08-07-2013 12:43 PM
0 Kudos

Ok thanks

It works now.

IMporting also in production system helps. Then i've also reboot the java system.

Thanks

Nick

Former Member
‎08-07-2013 12:46 PM
0 Kudos

pleasure

Have a nice day

a

Former Member
‎08-07-2013 2:12 PM
0 Kudos

Hi,

If you chech the screen shot it says the length to 1024 and if you take the drop down you will get the option of 1024 and 2048.

Hope you understand what I meant earlier

Thanks

Rishi

Answers (1)

Answers (1)

Former Member
‎08-07-2013 11:51 AM
0 Kudos

Hi,

As this in Nw 7.01 system you can go in visual admin and create cert of length of 1024 and DSA.

Login in visula admin -> cluster confg -> services -> key store -> Ticket Key store.

Please note when you create new cert the name should be same as "SAPLogonTicketKeypair".

Thanks

Rishi Abrol

Show replies
Show replies
Ask a Question