on 04-01-2014 11:42 AM
We are running a virtualised environment, and getting a warning in the configure automatically single sign on step. The following error occurs:
SSO setup failed : a problem occured while attempting to add login modules for ticket authentication
Details
Found SID for SSO ACL entry : SOL
Found login.ticket_client for SSO ACL entry : 000
The Read entry permission on TicketKeystore/SAPLogonTicketKeypair-cert was given to sap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar
The TicketKeystore/SAPLogonTicketKeypair-cert was succesfully read (619 bytes)
The SSO ticket Certificate <OU=J2EE,CN=SOL> has been successfully imported into ticket Keystore
WARNING : domain of ourphsicalhostname.companyid.com does not match the domain of monitoring host (and is not a subdomain of) ourvirtualhostame.sap.companyid.com. SSO will not work across such domains
SSO setup failed : a problem occured while attempting to add login modules for ticket authentication
SSO setup failed : error while updating login modules : java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!; nested exception is:
java.lang.SecurityException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!
The SSO ticket Certificate <CN=SOL> has been successfully imported into ticket Keystore
WARNING : domain of phsicalhostname.companyid.com does not match the domain of monitoring host (and is not a subdomain of) cisol.sap.ebrd.com. SSO will not work across such domains
SSO setup failed : a problem occured while attempting to add login modules for ticket authentication
SSO setup failed : error while updating login modules : java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!; nested exception is:
java.lang.SecurityException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!
Exception
java.rmi.RemoteException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!; nested exception is:
java.lang.SecurityException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:81)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:71)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:266)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:466)
at com.sap.engine.services.rmi_p4.server.ServerDispatchImpl.run(ServerDispatchImpl.java:69)
at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:72)
at com.sap.engine.services.rmi_p4.P4Message.execute(P4Message.java:43)
at com.sap.engine.services.cross.fca.FCAConnectorImpl.executeRequest(FCAConnectorImpl.java:999)
at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:59)
at com.sap.engine.services.cross.fca.MessageReader.run(MessageReader.java:55)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by: java.lang.SecurityException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:109)
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:86)
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:79)
... 12 more
Caused by: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:105)
... 14 more
In Check Configuration Step the warning is further detail as follows:
Warning
Activity 'Single Sign On Setup' has been executed with warnings
Action
Please check the warning details and take action if necessary
Details
Message.SSOsetupfailed:aproblemoccuredwhileattemptingtoaddloginmodulesforticketauthentication(Message.java:1)
Details
Details.FoundSIDforSSOACLentry:SOL
Foundlogin.ticket_clientforSSOACLentry:000
TheReadentrypermissiononTicketKeystore/SAPLogonTicketKeypair-certwasgiventosap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar
TheTicketKeystore/SAPLogonTicketKeypair-certwassuccesfullyread(619bytes)
TheSSOticketCertificate<OU=J2EE,CN=SOL>hasbeensuccessfullyimportedintoticketKeystore
WARNING:domainof ourphsicalhostname.companyname.comdoesnotmatchthedomainofmonitoringhost(andisnotasubdomainof) virtualhostname.sap.companyname.com.SSOwillnotworkacrosssuchdomains
SSOsetupfailed:aproblemoccuredwhileattemptingtoaddloginmodulesforticketauthentication
SSOsetupfailed:errorwhileupdatingloginmodules:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!;nestedexceptionis:
java.lang.SecurityException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!
TheSSOticketCertificate<CN=SOL>hasbeensuccessfullyimportedintoticketKeystore
WARNING:domainofphysicalhostname.companyname.comdoesnotmatchthedomainofmonitoringhost(andisnotasubdomainof)cisol.sap.ebrd.com.SSOwillnotworkacrosssuchdomains
SSOsetupfailed:aproblemoccuredwhileattemptingtoaddloginmodulesforticketauthentication
SSOsetupfailed:errorwhileupdatingloginmodules:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!;nestedexceptionis:
java.lang.SecurityException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!
(Details.java:2)
Details
Exception.java.rmi.RemoteException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!;nestedexceptionis:
java.lang.SecurityException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!
atcom.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:81)
atcom.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:71)
atcom.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:266)
atcom.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:466)
atcom.sap.engine.services.rmi_p4.server.ServerDispatchImpl.run(ServerDispatchImpl.java:69)
atcom.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:72)
atcom.sap.engine.services.rmi_p4.P4Message.execute(P4Message.java:43)
atcom.sap.engine.services.cross.fca.FCAConnectorImpl.executeRequest(FCAConnectorImpl.java:999)
atcom.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:59)
atcom.sap.engine.services.cross.fca.MessageReader.run(MessageReader.java:55)
atcom.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
atcom.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
atcom.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Causedby:java.lang.SecurityException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!
atcom.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:109)
atcom.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:86)
atcom.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:79)
...12more
Causedby:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!
atcom.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:105)
...14more
(Exception.java:3)
Screen shot below.
All other steps have completed successfully, (The dataextract error is know about)
The BJT system is a BI Java system linked to BWD (ABAP Stack BW System)
Any assistance or pointers will be appreciated.
Thanks
Tariq
Dear Tariq,
maybe a little late for you but maybe other admins run into the same problem.
We ran into this issue during Solman-Setup of a Java-system. The solution was to add the SPML-user to the Administrators-group.
If this helps anyone feel free to Like it.
Best regards, Henning
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tariq
remove certificate and add It again they try. also check user might have been locked
-giri
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI,
Check profile parameters login/create_sso2_ticket = 2 and login/accept_sso2_ticket =1 in Instance Profile on Solman and also in Sattelite System.
regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Tariq,
Verify that user SM_ADMIN SOL has proper assignment roles (UME site).
Also check tcode STRUSTSSO2:
In this automatic activity, you configure Single Sign-On (SSO) between the SAP Solution Manager system and the managed system. This enables, for example, root cause analysis to access a managed system, or Web services to call a managed system without additional user logon.
- The ABAP PSE of SAP Solution Manager is operational. To check this, use transaction STRUSTSSO2.
- If the managed system is an ABAP system, the ABAP PSE is operational.
BR,
K.
Message was edited by: Kamil Kubrak
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.