Managed System Setup Warning - Configure Automatic...

Former Member · ‎04-01-2014

We are running a virtualised environment, and getting a warning in the configure automatically single sign on step. The following error occurs:

SSO setup failed : a problem occured while attempting to add login modules for ticket authentication

Details

Found SID for SSO ACL entry : SOL

Found login.ticket_client for SSO ACL entry : 000

The Read entry permission on TicketKeystore/SAPLogonTicketKeypair-cert was given to sap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar

The TicketKeystore/SAPLogonTicketKeypair-cert was succesfully read (619 bytes)

The SSO ticket Certificate <OU=J2EE,CN=SOL> has been successfully imported into ticket Keystore

WARNING : domain of ourphsicalhostname.companyid.com does not match the domain of monitoring host (and is not a subdomain of) ourvirtualhostame.sap.companyid.com. SSO will not work across such domains

SSO setup failed : a problem occured while attempting to add login modules for ticket authentication

SSO setup failed : error while updating login modules : java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!; nested exception is:

java.lang.SecurityException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!

The SSO ticket Certificate <CN=SOL> has been successfully imported into ticket Keystore

WARNING : domain of phsicalhostname.companyid.com does not match the domain of monitoring host (and is not a subdomain of) cisol.sap.ebrd.com. SSO will not work across such domains

SSO setup failed : a problem occured while attempting to add login modules for ticket authentication

SSO setup failed : error while updating login modules : java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!; nested exception is:

java.lang.SecurityException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!

Exception

java.rmi.RemoteException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!; nested exception is:

java.lang.SecurityException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!

at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:81)

at com.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:71)

at com.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:266)

at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:466)

at com.sap.engine.services.rmi_p4.server.ServerDispatchImpl.run(ServerDispatchImpl.java:69)

at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:72)

at com.sap.engine.services.rmi_p4.P4Message.execute(P4Message.java:43)

at com.sap.engine.services.cross.fca.FCAConnectorImpl.executeRequest(FCAConnectorImpl.java:999)

at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:59)

at com.sap.engine.services.cross.fca.MessageReader.run(MessageReader.java:55)

at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)

at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)

at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)

Caused by: java.lang.SecurityException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!

at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:109)

at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:86)

at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:79)

... 12 more

Caused by: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!

at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:105)

... 14 more

In Check Configuration Step the warning is further detail as follows:

Warning

Activity 'Single Sign On Setup' has been executed with warnings

Action

Please check the warning details and take action if necessary

Details

Message.SSOsetupfailed:aproblemoccuredwhileattemptingtoaddloginmodulesforticketauthentication(Message.java:1)

Details

Details.FoundSIDforSSOACLentry:SOL

Foundlogin.ticket_clientforSSOACLentry:000

TheReadentrypermissiononTicketKeystore/SAPLogonTicketKeypair-certwasgiventosap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar

TheTicketKeystore/SAPLogonTicketKeypair-certwassuccesfullyread(619bytes)

TheSSOticketCertificate<OU=J2EE,CN=SOL>hasbeensuccessfullyimportedintoticketKeystore

WARNING:domainof ourphsicalhostname.companyname.comdoesnotmatchthedomainofmonitoringhost(andisnotasubdomainof) virtualhostname.sap.companyname.com.SSOwillnotworkacrosssuchdomains

SSOsetupfailed:aproblemoccuredwhileattemptingtoaddloginmodulesforticketauthentication

SSOsetupfailed:errorwhileupdatingloginmodules:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!;nestedexceptionis:

java.lang.SecurityException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!

TheSSOticketCertificate<CN=SOL>hasbeensuccessfullyimportedintoticketKeystore

WARNING:domainofphysicalhostname.companyname.comdoesnotmatchthedomainofmonitoringhost(andisnotasubdomainof)cisol.sap.ebrd.com.SSOwillnotworkacrosssuchdomains

SSOsetupfailed:aproblemoccuredwhileattemptingtoaddloginmodulesforticketauthentication

SSOsetupfailed:errorwhileupdatingloginmodules:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!;nestedexceptionis:

java.lang.SecurityException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!

(Details.java:2)

Details

Exception.java.rmi.RemoteException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!;nestedexceptionis:

java.lang.SecurityException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!

atcom.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:81)

atcom.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:71)

atcom.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:266)

atcom.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:466)

atcom.sap.engine.services.rmi_p4.server.ServerDispatchImpl.run(ServerDispatchImpl.java:69)

atcom.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:72)

atcom.sap.engine.services.rmi_p4.P4Message.execute(P4Message.java:43)

atcom.sap.engine.services.cross.fca.FCAConnectorImpl.executeRequest(FCAConnectorImpl.java:999)

atcom.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:59)

atcom.sap.engine.services.cross.fca.MessageReader.run(MessageReader.java:55)

atcom.sap.engine.core.thread.execution.Executable.run(Executable.java:122)

atcom.sap.engine.core.thread.execution.Executable.run(Executable.java:101)

atcom.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)

Causedby:java.lang.SecurityException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!

atcom.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:109)

atcom.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:86)

atcom.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:79)

...12more

Causedby:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!

atcom.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:105)

...14more

(Exception.java:3)

Screen shot below.

All other steps have completed successfully, (The dataextract error is know about)

The BJT system is a BI Java system linked to BWD (ABAP Stack BW System)

Any assistance or pointers will be appreciated.

Thanks
Tariq

Former Member · ‎03-11-2015

Dear Tariq,

maybe a little late for you but maybe other admins run into the same problem.

We ran into this issue during Solman-Setup of a Java-system. The solution was to add the SPML-user to the Administrators-group.

If this helps anyone feel free to Like it.

Best regards, Henning

Former Member · ‎04-01-2014

Hi Tariq

remove certificate and add It again they try. also check user might have been locked

-giri

former_member206167 · ‎04-01-2014

HI,

Check profile parameters login/create_sso2_ticket = 2 and login/accept_sso2_ticket =1 in Instance Profile on Solman and also in Sattelite System.

regards

Former Member · ‎04-01-2014

Hello Tariq,

Verify that user SM_ADMIN SOL has proper assignment roles (UME site).

Also check tcode STRUSTSSO2:

Use



In this automatic activity, you configure Single Sign-On (SSO) between the SAP Solution Manager system and the managed system. This enables, for example, root cause analysis to access a managed system, or Web services to call a managed system without additional user logon.

Requirements




The ABAP PSE of SAP Solution Manager is operational. To check this, use transaction STRUSTSSO2.

If the managed system is an ABAP system, the ABAP PSE is operational.

BR,

K.

Message was edited by: Kamil Kubrak

Managed System Setup Warning - Configure Automatically - Single Sign On Setup issue

Accepted Solutions (0)

Answers (4)

Answers (4)

Use

Requirements

Re: Abap code to get data from table EKKO

Re: CF Deployment Error: Error getting tenant t0

Lumira document dependency

Where did XVBPA get populated in program MV45AFZZ

Re: Getting error while configuring SAP system in ...