cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NW SSO x.509 based configuration

S0007586158
Participant

on ‎06-29-2014 12:05 PM

0 Kudos

Hi,

I have done the below configuration

1. Installed the secure login server

2.Created the technical user including SPN in ADS

3.Configured SPNEGO

4.Downloaded the policy profile from the secure login server

5.Exported the root certificate from the secure login server

6 Installed the secure login client

7 Applied the policy & root certificate on client.

But i am unable to find the x.509 user certificate on the secure login client.

Any steps missing here?

Regards,

Sam

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎06-30-2014 6:33 AM
0 Kudos

Hello Sam,

All steps seems to be ok.

Could you attach a screenshoot of the Secure Login Client main window?

Do you get a error message, if you try to enroll the SPENGO based profile?

thanks,

best regards

Alexander Gimbel

Show replies
Show replies
S0007586158
Participant
‎06-30-2014 6:47 AM
0 Kudos

Dear Alexander,

Thanks for the reply, Please find below the screen shot. I am not getting any errors.

Regards,

Sam

Former Member
‎06-30-2014 7:29 AM
0 Kudos

Hello Sam,

there is only the kerberos profile shown, any Secure Login Server based profile is missing.

Are you sure that you have installed the Secure Login Server support ?
Please rerun the setup and check if the feature is enabled.

best regards

Alexander Gimbel

S0007586158
Participant
‎06-30-2014 8:08 AM
0 Kudos


Dear Alexander,

yes, the Secure Login Server support was installed.

Regards,

Sam

Former Member
‎06-30-2014 8:45 AM
0 Kudos

Dear Sam,

I asume that you have restarted the client after the policy was installed.
So as there is no Secure Login Server profile available in Secure Login Client there must be something wrong with the policy.

1.How do you publish your profiles, with the secure login service (policy download agent) or manually?
2. If you use the polcy agent, please check the Event log on the client for errors, a common error is that the Root CA for SSL trust is not installed in the local computer certificate store (not the current user certificate store).
3. please check the registry in the tree HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SAP\SecureLogin\profiles if there are any entries.

best regards

Alexander Gimbel

S0007586158
Participant
‎06-30-2014 9:08 AM
0 Kudos


Dear Alexander,

Thanks for your extended support.

I downloaded the profile group and manually added.

Please check the registry entries.

Regards,

Sam

S0007586158
Participant
‎06-30-2014 9:29 AM
0 Kudos

Dear Alexander,

Just an update, i tried to access the poliy url [login server] from the client and i was getting an error saying "its not in the list of trusetd sites", so i added this in the list of trusted sites and did a restart of the client. Now i am able to see the entry in the secure login client as below.

but when i try to login, iam getting the below error.

please advice.

Regards,

Sam

Former Member
‎06-30-2014 11:16 AM
0 Kudos

Hello Sam,

    

The error message means that you do not trust your SSL server certificate or the Root CA of them.

Please install the Root CA of the SSL server certificate into your local user certificate store as "Trusted Root Certification authorities". This
should solve the problem.

Also check if you have enabled "SSL Host Alternative Name Check", if so please assure that the SSL Server certificate has the correct subject alternative name which matches the hostname.

    

best regards

   

Alexander Gimbel

S0007586158
Participant
‎06-30-2014 11:31 AM
0 Kudos

Dear Alexander,

I can see the root CA in user certificate store.

Can you please elaborate more on "check if you have enabled "SSL Host Alternative Name Check", if so please assure that the SSL Server certificate has the correct subject alternative name which matches the hostname"?

Regards,

Sam

S0007586158
Participant
‎06-30-2014 11:36 AM
0 Kudos

Dear Alexander,

I checked the  "SSL Host Alternative Name Check", it already in place. Can you please explain how to check/fix " the SSL Server certificate has the correct subject alternative name which matches the hostname"?". Hope that will resolve the issue.

Regards,

Sam

S0007586158
Participant
‎07-01-2014 6:25 AM
0 Kudos

Dear Alexander,

Please find the details..

Regards,

Sam

S0007586158
Participant
‎07-01-2014 6:41 AM
0 Kudos

Dear Alexander,

i created a new ssl certificate and mananged to fix the above error,any clue on how to fix the error which we get in the secure login client?

Regards,

Sam

S0007586158
Participant
‎07-01-2014 7:11 AM
0 Kudos

Hi,

Please find below the error i get in the trace files..

SL peer certificate default verification called.

[2014.07.01 10:09:13.249000][ERROR][sbus.exe            ][URL         ][  1944] ERROR(0xA250020B) in URL module. Function url_check_SSL_AltName failed: URL: Server name does not fit to subject alternative name extension in SSL/TLS certificate

[2014.07.01 10:09:13.249000][ERROR][sbus.exe            ][URL         ][  1944] ERROR(0xA250020B) in URL module. Function sec_URL_API_check_ssl_server_certificate failed: URL: Server name does not fit to subject alternative name extension in SSL/TLS certificate

[2014.07.01 10:09:13.249000][ERROR][sbus.exe            ][URL         ][  1944] ERROR(0xA250020B) in URL module. Function sec_url_conn_check_ssl_server_certificate failed: URL: Server name does not fit to subject alternative name extension in SSL/TLS certificate

[2014.07.01 10:09:13.249000][ERROR][sbus.exe            ][URL         ][  1944] ERROR(0xA250020B) in URL module. Function sec_url_ssl_conn_check_server_certificate failed: URL: Server name does not fit to subject alternative name extension in SSL/TLS certificate

[2014.07.01 10:09:13.249000][ERROR][sbus.exe            ][URL         ][  1944] ERROR(0xA250020B) in URL module. Function url_httpquery failed: URL: Server name does not fit to subject alternative name extension in SSL/TLS certificate

[2014.07.01 10:09:13.249000][INFO ][sbus.exe            ][SSL         ][  1944] Sending alert of level WARNING: close notify

[2014.07.01 10:09:13.249000][TRACE][sbus.exe            ][SSL         ][  1944] Function ssl3_write_pending returning 2. OK.

[2014.07.01 10:09:13.249000][TRACE][sbus.exe            ][SSL         ][  1944] Function ssl3_dispatch_alert returning 2. OK.

[2014.07.01 10:09:13.249000][TRACE][sbus.exe            ][SSL         ][  1944] Function ssl3_shutdown returning 0. OK.

[2014.07.01 10:09:13.249000][ERROR][sbus.exe            ][URL         ][  1944] ERROR(0xA250020B) in URL module. Function url_query failed: URL: Server name does not fit to subject alternative name extension in SSL/TLS certificate

[2014.07.01 10:09:13.249000][TRACE][sbus.exe            ][sbusslogin.d][  1944] } 84e40003

[2014.07.01 10:09:13.249000][TRACE][sbus.exe            ][sbusslogin.d][  1944] } 84e40003

[2014.07.01 10:09:14.515000][TRACE][sbus.exe            ][sbus.dll    ][  1944] Error connecting to SSL server.

[2014.07.01 10:09:14.515000][TRACE][sbus.exe            ][sbus.dll    ][  1944] The SSL server certificate does not contain the server's domain name.Enrollment failed

[2014.07.01 10:09:16.718000][TRACE][sbus.exe            ][sbuspolicy.d][  2512] { SBUS_Policy_File::Bind

Former Member
‎07-01-2014 7:33 AM
0 Kudos

Hi Sam,

you have had the standard SSL server certificate installed (locahost). This is a dummy self-signed SSL server certificate so the Netweaver can be accessed securely with SSL

But it is recommended to generate a new SSL Server certificate. You can do this easy with the Secure Login Server Administrator Console:

  1. 1. Goto the Certificate Management tab
  2. 2. open the tree for your Root CA, select the SSL CA (if not there generate one)
  3. 3. press button Issue Entry and issue a "SSL SERVER"CA type certificate (use full qualified server hostname as Common Name).
  4. 4. export SSL server certificate as PKCS#12
  5. in Netweaver admin SSL, import the PKCS#12 into server identity
  6. 6. activate for the SSL port you use for enrollment.

You have already imported the Root CA certificate of the Secure Login Server into the clients certificate store (Trusted Root Certification authorities), so the SSL server certificate should then be trusted and the error message should be gone.

hope this helps

best regards

Alexander Gimbel

Former Member
‎07-01-2014 7:39 AM
0 Kudos

Hi,

now you run into the "Server name does not fit to subject alternative name extension in SSL/TLS certificate" error. This means that you do not have generated the SSL server certificate with a acurate subject alternative name (DNS Name), but the client is configured to check that.

you can disable the check on client side or generate a new SSL server certificate which fits the requirements.

to disable the check in Secure Login Client:

1. in Secure Login Server Admin console, goto the used authentication profile, goto edit mode, goto tab "Secure Login Client Settings" and disable the chekc box "SSL host Alternative Name Check"
2. manually on the client, open registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SAP\SecureLogin\profiles\<your profile name> , edit the value "sslHostAlternativeNameCheck" from 1 to 0.

after that the error should be gone.

best regards

Alexander Gimbel

S0007586158
Participant
‎07-01-2014 8:07 AM
0 Kudos


Thanks Alexander, the registry entry changes fixed the issue of geting that error on the secure login client.

now i see the below errors in the trace file while trying to login.

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084] Getting kerberos ticket for 'HTTP/srvpid01' with algorithm 18 returned error

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084]     0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084] Getting kerberos ticket for 'HTTP/srvpid01' with algorithm 17 returned error

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084]     0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084] Getting kerberos ticket for 'HTTP/srvpid01' with algorithm 23 returned error

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084]     0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084] Getting kerberos ticket for 'HTTP/srvpid01' with algorithm  3 returned error

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084]     0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084] Getting kerberos ticket for 'HTTP/srvpid01' failed (user name is csam@LDAP-TEST.dom)

[2014.07.01 11:04:02.626000][ERROR][sbus.exe            ][Kerberos    ][  4084] ERROR(0xA2600202) in KERBEROS module. Function sec_kerberos_spnego_CreateToken failed: No Kerberos ticket for the requested service

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084] Getting kerberos ticket for 'HTTP/srvpid01@LDAP-TEST.dom' with algorithm 18 returned error

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084]     0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084] Getting kerberos ticket for 'HTTP/srvpid01@LDAP-TEST.dom' with algorithm 17 returned error

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084]     0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084] Getting kerberos ticket for 'HTTP/srvpid01@LDAP-TEST.dom' with algorithm 23 returned error

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084]     0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084] Getting kerberos ticket for 'HTTP/srvpid01@LDAP-TEST.dom' with algorithm  3 returned error

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084]     0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.

[2014.07.01 11:04:02.626000][WARN ][sbus.exe            ][Kerberos    ][  4084] Getting kerberos ticket for 'HTTP/srvpid01@LDAP-TEST.dom' failed (user name is csam@LDAP-TEST.dom)

[2014.07.01 11:04:02.626000][ERROR][sbus.exe            ][Kerberos    ][  4084] ERROR(0xA2600202) in KERBEROS module. Function sec_kerberos_spnego_CreateToken failed: No Kerberos ticket for the requested service

[2014.07.01 11:04:03.754000][TRACE][sbus.exe            ][sbus.dll    ][  4084] Supplied credentials not accepted by the server.Enrollment failed

[2014.07.01 11:04:03.754000][TRACE][sbus.exe            ][sbusslogin.d][  4084] { CSecureLogin_Protocol_2_0::Send_DeleteSession

[2014.07.01 11:04:03.754000][TRACE][sbus.exe            ][sbusslogin.d][  4084] }        0

[2014.07.01 11:04:03.754000][TRACE][sbus.exe            ][SSL         ][  4084] Function ssl3_shutdown returning 0. OK.

[2014.07.01 11:04:03.754000][INFO ][sbus.exe            ][SSL         ][  4084] SSL session released.

Regards,

Sam

Former Member
‎07-01-2014 9:02 AM
0 Kudos

Hi,

please asure that your enroll URLs have the fully qualified hostname.
What Service Principal do you have configured (HTTP/<spn url>)?
This spn url must be the same as the hostname used in the enroll URL.

best regards

Alexander Gimbel

S0007586158
Participant
‎07-01-2014 9:42 AM
0 Kudos

Hi Alexander,

I verified and its same.

Former Member
‎07-01-2014 11:05 AM
0 Kudos

Hello,

you have changed the enrollURL to the fully qualified hostname vairant in the Secure Login Server administrator console, but there was maybe no update of the policy on the client.

Try to change the "enrollURL0" entry manually on the client in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SAP\SecureLogin\profiles\<your profile name> and change here to "https://<server name>.LDAP-TEST.dom:50201/SecureLoginServer....
and try again.

best regards

Alexander Gimbel

S0007586158
Participant
‎07-01-2014 11:22 AM
0 Kudos

Dear Alexander,

I manually edited the entry as suggested by you, but still the sam error.

Former Member
‎07-01-2014 12:35 PM
0 Kudos

Dear Sam,

Could you please provide the Secure Login Client traces after you change the enrollurl0.

The output of the command "klist" on your client workstation could help too.

KR

Valerie

Former Member
‎07-01-2014 2:29 PM
0 Kudos

Hello,

then we have an problem with the SPN/Kerberos configuration.
Could you check on the Active Directory Server with the command "setspn -Q HTTP/srvpid01.LDAP-TEST.dom" and check fi there are double entries?

Also on the client you can check, if the client gets correct kerberos tickets from the Domain Controller with the command "klist". Here it will list all available tickets with its SPN and properties. Take a look for other LDAP-TEST.dom tickets and the expired date.

best regards

Alexander Gimbel

S0007586158
Participant
‎07-01-2014 6:56 PM
0 Kudos

Dear Valerie,

Please find below the trace..

----------------------------------------------------------------------------

[YYYY.MM.DD HH:MM:SS.MIKROS][LEVEL][PROCESS             ][MODULE      ][THR_ID]

[2014.07.01 21:48:52.973000][INFO ][sbus.exe            ][URL         ][  2900] Successfully connected to

[2014.07.01 21:48:52.973000][INFO ][sbus.exe            ][URL         ][  2900] Address 10.240.55.30 (srvpid01)

[2014.07.01 21:48:53.004000][TRACE][sbus.exe            ][URL         ][  2900] Family: AF_INET (IPv4)

[2014.07.01 21:48:53.004000][TRACE][sbus.exe            ][URL         ][  2900] Inner family: AF_INET (IPv4)

[2014.07.01 21:48:53.004000][TRACE][sbus.exe            ][URL         ][  2900] Protocol: 6

[2014.07.01 21:48:53.004000][TRACE][sbus.exe            ][URL         ][  2900] SockType: 1

[2014.07.01 21:48:53.019000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_setup_buffers returning 0. OK.

[2014.07.01 21:48:53.019000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_init_finished_mac returning 0. OK.

[2014.07.01 21:48:53.019000][INFO ][sbus.exe            ][SSL         ][  2900] Session to be resumed did not fit preferences. Performing full handshake

[2014.07.01 21:48:53.019000][TRACE][sbus.exe            ][BASE/RANDOM ][  2900] Get 28 bytes random data

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.random OctetString  (size="28" ):357E7C882F91060C255422B035CB424734474B0755CB1D855A55DD63

[2014.07.01 21:48:53.050000][INFO ][sbus.exe            ][SSL         ][  2900] ClientHello.session_id: no session ID submitted.

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<0> : SSL_RSA_WITH_RC4_128_SHA

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<1> : SSL_RSA_WITH_RC4_128_MD5

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<2> : TLS_RSA_WITH_AES128_CBC_SHA

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<3> : TLS_RSA_WITH_AES256_CBC_SHA

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<4> : SSL_RSA_WITH_3DES_EDE_CBC_SHA

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<5> : SSL_RSA_WITH_DES_CBC_SHA

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<6> : SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<7> : SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<8> : SSL_RSA_EXPORT_WITH_RC4_40_MD5

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.compression_methods.size: 1

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.compression_methods<0> = 0, NULL compression.

[2014.07.01 21:48:53.050000][INFO ][sbus.exe            ][SSL         ][  2900] Sending SSLv3 ClientHello

[2014.07.01 21:48:53.050000][INFO ][sbus.exe            ][SSL         ][  2900] ClientHello.client_version: 3.1

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_pending returning 3f. OK.

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_bytes returning 3f. OK.

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_do_write returning 1. OK.

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_client_hello successfully returns 1.

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_record returning 0. OK.

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_message returning 0. OK.

[2014.07.01 21:48:53.050000][INFO ][sbus.exe            ][SSL         ][  2900] ServerHello.server_version: 3.1 .

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ServerHello.random : OctetString (size="32"):

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900]          0 53B2F485 60D7DE7C E0A2C1D5 EB5EC410

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900]         10 BB65A8D7 700F451E 46615222 E4615B75

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ServerHello.session_id : OctetString (size="32"):

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900]          0 7A0D9DE2 4E968D80 7F512947 2438C159

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900]         10 50AE61A8 75D8B4B8 2A47AD80 615D0899

[2014.07.01 21:48:53.050000][INFO ][sbus.exe            ][SSL         ][  2900] On receiving ServerHello: Creating new session.

[2014.07.01 21:48:53.050000][INFO ][sbus.exe            ][SSL         ][  2900] ServerHello.cipher_suite: TLS_RSA_WITH_AES128_CBC_SHA

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] ServerHello.compression_method: 0.

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_server_hello returning 0. OK.

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_record returning 0. OK.

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:53.050000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_message returning 0. OK.

[2014.07.01 21:48:53.065000][INFO ][sbus.exe            ][SSL         ][  2900] Received server certificate:

[2014.07.01 21:48:53.065000][INFO ][sbus.exe            ][SSL         ][  2900]  subject: Name        :CN=srvpid01.LDAP-TEST.dom, C=AE

[2014.07.01 21:48:53.065000][INFO ][sbus.exe            ][SSL         ][  2900]

[2014.07.01 21:48:53.065000][INFO ][sbus.exe            ][SSL         ][  2900]  issued by: Name        :CN=Secure Login Root CA

[2014.07.01 21:48:53.065000][INFO ][sbus.exe            ][SSL         ][  2900]  .

[2014.07.01 21:48:53.065000][TRACE][sbus.exe            ][SSL         ][  2900] Server Certificate details: Certificate:

[2014.07.01 21:48:53.065000][TRACE][sbus.exe            ][SSL         ][  2900]     Subject     :CN=srvpid01.LDAP-TEST.dom, C=AE

[2014.07.01 21:48:53.065000][TRACE][sbus.exe            ][SSL         ][  2900]     Issuer      :CN=Secure Login Root CA

[2014.07.01 21:48:53.065000][TRACE][sbus.exe            ][SSL         ][  2900]     Serial number:0x08c58a38

[2014.07.01 21:48:53.127000][TRACE][sbus.exe            ][IO          ][  2900] BEGIN: io_file_type (C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\ocsp.xml)

[2014.07.01 21:48:53.127000][TRACE][sbus.exe            ][IO          ][  2900] END  : io_file_type

[2014.07.01 21:48:53.127000][TRACE][sbus.exe            ][LOADER      ][  2900] Loading config file 'ocsp.xml' failed because file not existing in path 'C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\ocsp.xml'

[2014.07.01 21:48:53.127000][TRACE][sbus.exe            ][IO          ][  2900] BEGIN: io_file_type (C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\pkix.xml)

[2014.07.01 21:48:53.127000][TRACE][sbus.exe            ][IO          ][  2900] END  : io_file_type

[2014.07.01 21:48:53.127000][TRACE][sbus.exe            ][LOADER      ][  2900] Loading config file 'pkix.xml' failed because file not existing in path 'C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\pkix.xml'

[2014.07.01 21:48:53.127000][TRACE][sbus.exe            ][IO          ][  2900] BEGIN: io_file_type (C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\base.xml)

[2014.07.01 21:48:53.127000][TRACE][sbus.exe            ][IO          ][  2900] END  : io_file_type

[2014.07.01 21:48:53.127000][TRACE][sbus.exe            ][LOADER      ][  2900] Loading config file 'base.xml' failed because file not existing in path 'C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\base.xml'

[2014.07.01 21:48:53.127000][TRACE][sbus.exe            ][IO          ][  2900] BEGIN: io_file_type (C:\Users\csam\AppData\Local\sec)

[2014.07.01 21:48:53.127000][TRACE][sbus.exe            ][IO          ][  2900] END  : io_file_type

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][IO          ][  2900] BEGIN: sec_io_statFile (C:\Users\csam\AppData\Local\sec\pse_verify_cache.upd)

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][IO          ][  2900] END  : sec_io_statFile

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][PKIX        ][  2900] Resetting verification cache (memory)

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { SBUSPSE::isInTrustedCerts

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { SBUSPSE::needRealPSE

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] } 80004001

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::isInTrustedCerts

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::Refresh

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::InitProviders

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        0

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        0

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { SBUSPSE::searchCertificate

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { SBUSPSE::needRealPSE

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] } 80004001

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::getAllTrustedCerts

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::getTrustedCertList

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::Refresh

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::InitProviders

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        0

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        0

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTokenMgr::GetPCI

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] m_apTokens[0]->GetPCI()

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        0

[2014.07.01 21:48:53.142000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        0

[2014.07.01 21:48:53.173000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { SBUSPSE::isInTrustedCerts

[2014.07.01 21:48:53.173000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { SBUSPSE::needRealPSE

[2014.07.01 21:48:53.173000][TRACE][sbus.exe            ][sbus.dll    ][  2900] } 80004001

[2014.07.01 21:48:53.173000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::isInTrustedCerts

[2014.07.01 21:48:53.173000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::Refresh

[2014.07.01 21:48:53.173000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::InitProviders

[2014.07.01 21:48:53.173000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:53.173000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:53.173000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:53.173000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900] Certificate verification result:

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]   Certificate:

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]       Subject     :CN=srvpid01.LDAP-TEST.dom, C=AE

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]       Issuer      :CN=Secure Login Root CA

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]       Serial number:0x08c58a38

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]       Validity:

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]         Not before  :Tue Jul  1 14:44:13 2014

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]         Not after   :Sat Jul  1 14:44:13 2034

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]       Key:

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]         Key type    :rsaEncryption (1.2.840.113549.1.1.1)

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]         Key size    :2048

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]       PK_Fingerprint_MD5:AEBA A9AA E34C 45CA 2AC8 A208 6DE3 96B3

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]     Fingerprint_MD5:CD:92:E8:72:E2:2F:B6:98:B1:50:E2:13:3C:82:F8:BB

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]     Fingerprint_SHA1:B60E 003B 64B1 3E65 66DB 5652 AE7E C08C 3287 BC47

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]   Verification result:

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]     Status      :Successful

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]     Profile     :1.3.6.1.4.1.694.2.2.2.2

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]     SignerStatus:Successful

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]     SignerVerificationResult:

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]       element#no="1":

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]         Status      :Successful

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]         Validity    :Successful

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]         BasicConstraints:Successful

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]         KeyUsage    :Successful

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]         ObjectStatus:Successful

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]         SignerCert:

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]           Certificate:

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]               Subject     :CN=Secure Login Root CA

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]               Issuer      :CN=Secure Login Root CA

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]               Serial number:0x70b19f37f6529aec

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]               Validity:

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]                 Not before  :Wed Jun 25 23:22:08 2014

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]                 Not after   :Tue Jun 25 23:22:08 2024

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]               Key:

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]                 Key type    :rsaEncryption (1.2.840.113549.1.1.1)

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]                 Key size    :4096

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]               PK_Fingerprint_MD5:E758 152B D4EC 48F6 B5DE E8F9 3A9A 3D40

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]               Source      :Local store

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]             Fingerprint_MD5:8F:F4:00:F4:DD:2F:73:CC:4F:C0:05:1D:2C:92:A5:28

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]             Fingerprint_SHA1:EEDE F1D8 58E2 A0C8 8790 BF9F 59C4 35FE F6EB CC9D

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]           Verification result:

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]             Status      :Successful

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]             Profile     :1.3.6.1.4.1.694.2.2.2.2

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]             BasicConstraintsPathLen:3

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][VERIFY      ][  2900]             DirectlyTrusted:Successful

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][SSL         ][  2900] Connect:ssl_verify_peer_certificates Certificate verification returned  Certificate trusted

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_server_certificate returning 0. OK.

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_record returning 0. OK.

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_message returning 0. OK.

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_key_exchange returning 0. OK.

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_message returning 0. OK.

[2014.07.01 21:48:53.188000][INFO ][sbus.exe            ][SSL         ][  2900] Checking for CertificateRequest message

[2014.07.01 21:48:53.188000][INFO ][sbus.exe            ][SSL         ][  2900] Message type == ServerHelloDone; no client authentication requested

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_certificate_request returning 0. OK.

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_message returning 0. OK.

[2014.07.01 21:48:53.188000][INFO ][sbus.exe            ][SSL         ][  2900] Received ServerHelloDone message

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_server_done returning 0. OK.

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][SSL         ][  2900] Initiate:ssl3_send_client_key_exchange uses servers encryption key

[2014.07.01 21:48:53.188000][TRACE][sbus.exe            ][BASE/RANDOM ][  2900] Get 48 bytes random data

[2014.07.01 21:48:53.203000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_create_cipher_state_and_key_exchange_def returning 0. OK.

[2014.07.01 21:48:53.203000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_pending returning 106. OK.

[2014.07.01 21:48:53.203000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:53.203000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_bytes returning 106. OK.

[2014.07.01 21:48:53.203000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_do_write returning 1. OK.

[2014.07.01 21:48:53.203000][INFO ][sbus.exe            ][SSL         ][  2900] Sending ChangeCipherSpec message.

[2014.07.01 21:48:53.203000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_pending returning 1. OK.

[2014.07.01 21:48:53.203000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_bytes returning 1. OK.

[2014.07.01 21:48:53.203000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_do_write returning 1. OK.

[2014.07.01 21:48:53.203000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_change_cipher_state returning 0. OK.

[2014.07.01 21:48:53.203000][INFO ][sbus.exe            ][SSL         ][  2900] Sending "Finished" message.

[2014.07.01 21:48:53.203000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_pending returning 10. OK.

[2014.07.01 21:48:53.203000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:53.203000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_bytes returning 10. OK.

[2014.07.01 21:48:53.203000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_do_write returning 1. OK.

[2014.07.01 21:48:53.265000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_record returning 0. OK.

[2014.07.01 21:48:53.265000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_change_cipher_state returning 0. OK.

[2014.07.01 21:48:53.265000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_record returning 0. OK.

[2014.07.01 21:48:53.265000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:53.265000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:53.265000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_message returning 0. OK.

[2014.07.01 21:48:53.265000][INFO ][sbus.exe            ][SSL         ][  2900] Received message of type "Finished".Peer has completed sending of handshake messages.

[2014.07.01 21:48:53.280000][INFO ][sbus.exe            ][SSL         ][  2900] SSL3 client: handshake successful with this server: CN=srvpid01.LDAP-TEST.dom, C=AE

[2014.07.01 21:48:53.280000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_pending returning 19f. OK.

[2014.07.01 21:48:53.280000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_bytes returning 19f. OK.

[2014.07.01 21:48:53.280000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_ex returning 19f. OK.

[2014.07.01 21:48:53.495000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_record returning 0. OK.

[2014.07.01 21:48:53.510000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_read successfully returns 512.

[2014.07.01 21:48:53.510000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_read successfully returns 300.

[2014.07.01 21:48:53.510000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_record returning 0. OK.

[2014.07.01 21:48:53.510000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_read_bytes(): Handle 9bd530 received close notify.

[2014.07.01 21:48:53.510000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_read successfully returns 0.

[2014.07.01 21:48:53.510000][INFO ][sbus.exe            ][SSL         ][  2900] Sending alert of level WARNING: close notify

[2014.07.01 21:48:53.510000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_pending returning 2. OK.

[2014.07.01 21:48:53.510000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_dispatch_alert returning 2. OK.

[2014.07.01 21:48:53.510000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_shutdown returning 0. OK.

[2014.07.01 21:48:53.510000][TRACE][sbus.exe            ][sbusslogin.d][  2900] }        0

[2014.07.01 21:48:53.510000][TRACE][sbus.exe            ][sbusslogin.d][  2900] }        0

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][Kerberos    ][  2900] Got kerberos ticket for 'HTTP/srvpid01.LDAP-TEST.dom' with server key type 23 and session key type 23

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][BASE/RANDOM ][  2900] Get 8 bytes random data

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbusslogin.d][  2900] { CSecureLogin_Protocol_2_0::Send_Auth_SPNEGO

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbusslogin.d][  2900] { CSecureLogin_Protocol_2_0::Send_Auth_Combined

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbusslogin.d][  2900] { CSecureLogin::Send_Any

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][URL         ][  2900] Successfully connected to

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][URL         ][  2900] Address 10.240.55.30 (srvpid01)

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][URL         ][  2900] Family: AF_INET (IPv4)

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][URL         ][  2900] Inner family: AF_INET (IPv4)

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][URL         ][  2900] Protocol: 6

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][URL         ][  2900] SockType: 1

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_setup_buffers returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_init_finished_mac returning 0. OK.

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900] Session to be resumed did not fit preferences. Performing full handshake

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][BASE/RANDOM ][  2900] Get 28 bytes random data

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.random OctetString  (size="28" ):A91A1FA41CFBF6485DA96792BC957F67C82BD7B56118B7412B970F6C

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900] ClientHello.session_id: no session ID submitted.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<0> : SSL_RSA_WITH_RC4_128_SHA

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<1> : SSL_RSA_WITH_RC4_128_MD5

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<2> : TLS_RSA_WITH_AES128_CBC_SHA

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<3> : TLS_RSA_WITH_AES256_CBC_SHA

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<4> : SSL_RSA_WITH_3DES_EDE_CBC_SHA

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<5> : SSL_RSA_WITH_DES_CBC_SHA

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<6> : SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<7> : SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.cipher_suites<8> : SSL_RSA_EXPORT_WITH_RC4_40_MD5

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.compression_methods.size: 1

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ClientHello.compression_methods<0> = 0, NULL compression.

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900] Sending SSLv3 ClientHello

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900] ClientHello.client_version: 3.1

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_pending returning 3f. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_bytes returning 3f. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_do_write returning 1. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_client_hello successfully returns 1.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_record returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_message returning 0. OK.

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900] ServerHello.server_version: 3.1 .

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ServerHello.random : OctetString (size="32"):

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900]          0 53B2F489 43478B63 DE97DD84 58249D6E

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900]         10 8DE63AFA 9FCB909A F8D46D23 568E9E5B

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ServerHello.session_id : OctetString (size="32"):

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900]          0 731F898F 659FEA98 58AE9F6D 984B7839

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900]         10 74BCB35F 31ED0FD9 9D7D8908 4C0C9223

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900] On receiving ServerHello: Creating new session.

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900] ServerHello.cipher_suite: TLS_RSA_WITH_AES128_CBC_SHA

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] ServerHello.compression_method: 0.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_server_hello returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_record returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_message returning 0. OK.

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900] Received server certificate:

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900]  subject: Name        :CN=srvpid01.LDAP-TEST.dom, C=AE

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900]

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900]  issued by: Name        :CN=Secure Login Root CA

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900]  .

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Server Certificate details: Certificate:

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900]     Subject     :CN=srvpid01.LDAP-TEST.dom, C=AE

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900]     Issuer      :CN=Secure Login Root CA

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900]     Serial number:0x08c58a38

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][IO          ][  2900] BEGIN: sec_io_statFile (C:\Users\csam\AppData\Local\sec\pse_verify_cache.upd)

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][IO          ][  2900] END  : sec_io_statFile

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { SBUSPSE::isInTrustedCerts

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { SBUSPSE::needRealPSE

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] } 80004001

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::isInTrustedCerts

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::Refresh

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::InitProviders

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        0

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        0

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { SBUSPSE::searchCertificate

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { SBUSPSE::needRealPSE

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] } 80004001

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::getAllTrustedCerts

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::getTrustedCertList

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::Refresh

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::InitProviders

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        0

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        0

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTokenMgr::GetPCI

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] m_apTokens[0]->GetPCI()

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        0

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        0

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { SBUSPSE::isInTrustedCerts

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { SBUSPSE::needRealPSE

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] } 80004001

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::isInTrustedCerts

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::Refresh

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] { CTrust::InitProviders

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][sbus.dll    ][  2900] }        1

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900] Certificate verification result:

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]   Certificate:

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]       Subject     :CN=srvpid01.LDAP-TEST.dom, C=AE

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]       Issuer      :CN=Secure Login Root CA

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]       Serial number:0x08c58a38

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]       Validity:

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]         Not before  :Tue Jul  1 14:44:13 2014

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]         Not after   :Sat Jul  1 14:44:13 2034

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]       Key:

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]         Key type    :rsaEncryption (1.2.840.113549.1.1.1)

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]         Key size    :2048

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]       PK_Fingerprint_MD5:AEBA A9AA E34C 45CA 2AC8 A208 6DE3 96B3

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]     Fingerprint_MD5:CD:92:E8:72:E2:2F:B6:98:B1:50:E2:13:3C:82:F8:BB

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]     Fingerprint_SHA1:B60E 003B 64B1 3E65 66DB 5652 AE7E C08C 3287 BC47

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]   Verification result:

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]     Status      :Successful

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]     Profile     :1.3.6.1.4.1.694.2.2.2.2

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]     SignerStatus:Successful

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]     SignerVerificationResult:

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]       element#no="1":

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]         Status      :Successful

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]         Validity    :Successful

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]         BasicConstraints:Successful

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]         KeyUsage    :Successful

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]         ObjectStatus:Successful

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]         SignerCert:

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]           Certificate:

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]               Subject     :CN=Secure Login Root CA

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]               Issuer      :CN=Secure Login Root CA

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]               Serial number:0x70b19f37f6529aec

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]               Validity:

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]                 Not before  :Wed Jun 25 23:22:08 2014

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]                 Not after   :Tue Jun 25 23:22:08 2024

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]               Key:

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]                 Key type    :rsaEncryption (1.2.840.113549.1.1.1)

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]                 Key size    :4096

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]               PK_Fingerprint_MD5:E758 152B D4EC 48F6 B5DE E8F9 3A9A 3D40

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]               Source      :Local store

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]             Fingerprint_MD5:8F:F4:00:F4:DD:2F:73:CC:4F:C0:05:1D:2C:92:A5:28

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]             Fingerprint_SHA1:EEDE F1D8 58E2 A0C8 8790 BF9F 59C4 35FE F6EB CC9D

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]           Verification result:

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]             Status      :Successful

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]             Profile     :1.3.6.1.4.1.694.2.2.2.2

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]             BasicConstraintsPathLen:3

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][VERIFY      ][  2900]             DirectlyTrusted:Successful

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Connect:ssl_verify_peer_certificates Certificate verification returned  Certificate trusted

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_server_certificate returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_record returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_message returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_key_exchange returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_message returning 0. OK.

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900] Checking for CertificateRequest message

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900] Message type == ServerHelloDone; no client authentication requested

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_certificate_request returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_message returning 0. OK.

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900] Received ServerHelloDone message

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_server_done returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Initiate:ssl3_send_client_key_exchange uses servers encryption key

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][BASE/RANDOM ][  2900] Get 48 bytes random data

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_create_cipher_state_and_key_exchange_def returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_pending returning 106. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_bytes returning 106. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_do_write returning 1. OK.

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900] Sending ChangeCipherSpec message.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_pending returning 1. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_bytes returning 1. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_do_write returning 1. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_change_cipher_state returning 0. OK.

[2014.07.01 21:48:57.159000][INFO ][sbus.exe            ][SSL         ][  2900] Sending "Finished" message.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_pending returning 10. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_bytes returning 10. OK.

[2014.07.01 21:48:57.159000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_do_write returning 1. OK.

[2014.07.01 21:48:57.220000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_record returning 0. OK.

[2014.07.01 21:48:57.220000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_change_cipher_state returning 0. OK.

[2014.07.01 21:48:57.220000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_record returning 0. OK.

[2014.07.01 21:48:57.220000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:57.220000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_finish_mac returning 0. OK.

[2014.07.01 21:48:57.220000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_message returning 0. OK.

[2014.07.01 21:48:57.220000][INFO ][sbus.exe            ][SSL         ][  2900] Received message of type "Finished".Peer has completed sending of handshake messages.

[2014.07.01 21:48:57.220000][INFO ][sbus.exe            ][SSL         ][  2900] SSL3 client: handshake successful with this server: CN=srvpid01.LDAP-TEST.dom, C=AE

[2014.07.01 21:48:57.220000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_pending returning a2d. OK.

[2014.07.01 21:48:57.220000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_bytes returning a2d. OK.

[2014.07.01 21:48:57.220000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_ex returning a2d. OK.

[2014.07.01 21:48:57.267000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_record returning 0. OK.

[2014.07.01 21:48:57.267000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_read successfully returns 278.

[2014.07.01 21:48:57.267000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_get_record returning 0. OK.

[2014.07.01 21:48:57.267000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_read_bytes(): Handle 9bd530 received close notify.

[2014.07.01 21:48:57.267000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_read successfully returns 0.

[2014.07.01 21:48:57.267000][INFO ][sbus.exe            ][SSL         ][  2900] Sending alert of level WARNING: close notify

[2014.07.01 21:48:57.267000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_write_pending returning 2. OK.

[2014.07.01 21:48:57.267000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_dispatch_alert returning 2. OK.

[2014.07.01 21:48:57.267000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_shutdown returning 0. OK.

[2014.07.01 21:48:57.267000][TRACE][sbus.exe            ][sbusslogin.d][  2900] }        0

[2014.07.01 21:48:57.267000][TRACE][sbus.exe            ][sbusslogin.d][  2900] { CSecureLogin_Protocol_2_0::Handle_Auth_Response

[2014.07.01 21:48:57.267000][TRACE][sbus.exe            ][sbusslogin.d][  2900] }        0

[2014.07.01 21:48:57.267000][TRACE][sbus.exe            ][sbusslogin.d][  2900] } 80070005

[2014.07.01 21:48:57.267000][TRACE][sbus.exe            ][sbusslogin.d][  2900] } 80070005

[2014.07.01 21:48:59.260000][TRACE][sbus.exe            ][sbus.dll    ][  2900] Supplied credentials not accepted by the server.Enrollment failed

[2014.07.01 21:48:59.260000][TRACE][sbus.exe            ][sbusslogin.d][  2900] { CSecureLogin_Protocol_2_0::Send_DeleteSession

[2014.07.01 21:48:59.260000][TRACE][sbus.exe            ][sbusslogin.d][  2900] }        0

[2014.07.01 21:48:59.260000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_shutdown returning 0. OK.

[2014.07.01 21:48:59.260000][INFO ][sbus.exe            ][SSL         ][  2900] SSL session released.

[2014.07.01 21:48:59.260000][TRACE][sbus.exe            ][SSL         ][  2900] Function ssl3_free successfully returns (void type).

[2014.07.01 21:48:59.260000][TRACE][sbus.exe            ][URL/H_URL_CT][  2900] No more external refs to url_ssl_factory.

[2014.07.01 21:48:59.260000][TRACE][sbus.exe            ][PKIX        ][  2900] Cache: requests:4, returned:0, used:0

[2014.07.01 21:48:59.260000][TRACE][sbus.exe            ][URL/H_URL_CT][  2900] url_ssl_factory: destroy

[2014.07.01 21:49:05.462000][TRACE][sbus.exe            ][sbuspolicy.d][  2596] { SBUS_Policy_File::Bind

[2014.07.01 21:49:05.462000][TRACE][sbus.exe            ][sbuspolicy.d][  2596] }        0

[2014.07.01 21:49:05.462000][TRACE][sbus.exe            ][sbuspolicy.d][  2596] { SBUS_Policy_File::Read_File

[2014.07.01 21:49:05.462000][TRACE][sbus.exe            ][sbuspolicy.d][  2596] }        0

also find the output of klist

Current LogonId is 0:0x2478b

Cached Tickets: (1)

#0>     Client: csam @ LDAP-TEST.DOM
        Server: krbtgt/LDAP-TEST.DOM @ LDAP-TEST.DOM
        KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
        Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authent
        Start Time: 7/1/2014 14:12:39 (local)
        End Time:   7/2/2014 0:12:39 (local)
        Renew Time: 7/8/2014 14:12:39 (local)
        Session Key Type: AES-256-CTS-HMAC-SHA1-96

S0007586158
Participant
‎07-01-2014 6:58 PM
0 Kudos


Dear Alexander,

Please find below the output

setspn -Q HTTP/srvpid01.LDAP-TEST.dom
Checking domain DC=LDAP-TEST,DC=dom
CN=SAP SSO BID,CN=Users,DC=LDAP-TEST,DC=dom
        HTTPS/srvpid01.LDAP-TEST.dom
        ABAP/SAP-SSO-BID
        HTTP/srvpid01.LDAP-TEST.dom

Existing SPN found!

Also find below the output of

klist

Current LogonId is 0:0x2478b

Cached Tickets: (1)

#0>     Client: csam @ LDAP-TEST.DOM
        Server: krbtgt/LDAP-TEST.DOM @ LDAP-TEST.DOM
        KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
        Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authent
        Start Time: 7/1/2014 14:12:39 (local)
        End Time:   7/2/2014 0:12:39 (local)
        Renew Time: 7/8/2014 14:12:39 (local)
        Session Key Type: AES-256-CTS-HMAC-SHA1-96

Regards,

Sam

Former Member
‎07-02-2014 5:56 AM
0 Kudos

Dear Sam,

The connection between Secure Login Client and the AD is correct now. Now you have an issue on you Secure Login Server configuration. Could you please create live trace on the server?

Theh ow to can be found in the SSO implementation guide: 7.3.12 Logging and Tracing Secure Login Server with the Log Viewer of SAP NetWeaver Administrator

A screenshot of your SPNEGO configuration in NWA could help us too.

Btw, no need to configure HTTPS/srvpid01.LDAP-TEST.dom

KR

Valerie

S0007586158
Participant
‎07-02-2014 6:15 AM
0 Kudos

Dear Valerie,

Please find below the extract from the authentication trace

Could not validate SPNEGO token.

[EXCEPTION]

com.sap.engine.services.security.authentication.umapping.UserMappingNoSuchUserException: No user with account attributes [[namespace=com.sap.security.core.authentication, name=principal, value=csam, isCaseSensitive=false], [namespace=com.sap.security.core.authentication, name=realm, value=LDAP-TEST.DOM, isCaseSensitive=false]] found

at com.sap.engine.services.security.authentication.umapping.UserMappingServiceImpl.getUserByAccountAttributes(UserMappingServiceImpl.java:210)

at com.sap.security.core.server.jaas.spnego.util.SPNEGOUserMappingUtil.searchUser(SPNEGOUserMappingUtil.java:82)

at com.sap.security.core.server.jaas.SPNegoLoginModule.processAuthorizationHeader(SPNegoLoginModule.java:531)

at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:157)

at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:66)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:280)

at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

at javax.security.auth.login.LoginContext.login(LoginContext.java:579)

at com.sap.securelogin.auth.AuthenticationManager.authenticate(AuthenticationManager.java:77)

at com.sap.securelogin.connection.http.AuthenticationAction.handleAuthentication(AuthenticationAction.java:96)

at com.sap.securelogin.connection.http.AuthenticationAction.performAction(AuthenticationAction.java:63)

at com.sap.securelogin.connection.http.SecureLoginServlet.doPost(SecureLoginServlet.java:71)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)

at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)

at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:38)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:457)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)

at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:278)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)

at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)

at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)

at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)

at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)

at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)

at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)

at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)

SPNEGO config details below

Regards,

Sam

Former Member
‎07-02-2014 6:23 AM
0 Kudos

Dear SAm,

Could you please change your SPNEGO configuration under the tab "UserMapping" as follow:

Mapping Mode: Principal@REALM

Source:virtual user

The user csam was not found in the UME data base for verification.

KR

Valerie

S0007586158
Participant
‎07-02-2014 6:57 AM
0 Kudos

Dear Valeria,

Excellent, that worked. i will check the sso[strust config on abap] part now and will get back to you with the results.

Regards,

Sam

S0007586158
Participant
‎07-02-2014 8:47 AM
0 Kudos

Dear Valerie,

I imported the pse file on my abap system using strust and when i try to save PNC as SNC SAPcrypto as per the config document i get the error "PSE has incorrect Distinguished Name"

Regards,

Sam

S0007586158
Participant
‎07-02-2014 10:39 AM
0 Kudos

Dear Valerie,

Can you please provide the steps to be done on the ABAP system to enable sso with x.509 certificate?

Regards,

Sam

Former Member
‎07-02-2014 10:42 AM
0 Kudos

Dear Sam,

Could you check which server SNC Name you have configure in your instance profile "snc/identity/as"? Is it the same name of the server PSE DName you try to import?

KR

Valerie

S0007586158
Participant
‎07-02-2014 10:57 AM
0 Kudos

Dear Valerie,

i have teh value p:CN=SAP-SSO-SRD@LDAP-TEST.dom  for the parameter snc/identity/as [ this was done when i did the spnego configuration]

Please see below the the content of pse

Please advice.

Regards,

Sam

Former Member
‎07-02-2014 11:11 AM
0 Kudos

Dear Saam,

This look like your SSL server certifcate. Did you create a SAP server certificate using the Secure Login Administration Console with the DName CN=SAP-SSO-SRD@LDAP-TEST.dom ? And you try to import it using "strust" transaction?


KR


Valerie

S0007586158
Participant
‎07-02-2014 11:29 AM
0 Kudos


Dear Valerie,

I created a new certificate and managed to import it using strust. Now when i try to connect i get

Regards,

Sam

S0007586158
Participant
‎07-02-2014 11:31 AM
0 Kudos


Dear Valerie,

I managed to fix the above error.

Now when i login , i get the logon screen and below the error "NO user exists with the SNC name "p:CN=CSAM"

Regards,

Sam

Former Member
‎07-02-2014 12:25 PM
0 Kudos

Dear Sam,

Did you configure the SNC Name of users using trnsaction su01 or snc1?

The error you get means, that your configuration of Secure Login Library, Secure Login Client and Secure Login Server is OK but the  SNC user mapping is missing.

KR

Valerie

S0007586158
Participant
‎07-02-2014 1:14 PM
0 Kudos

Dear Valerie,

Yes, correctly pointed out.Did the required changes in SU01 and it worked.

Really appreciate the kind of support you and Mr.Alexander provided in fixing the issues which we have faced. Happy to say that the kind of technical knowledege and professionalism both of you have shown is far beyond the expectations.I am sure that your quick responses and solutions are far better that what we get via OSS support.

One again thanks for all the help.

One more question before closing whether SPNEGO & X.509 certificate based SSO configurations can work parallelly? ie whether i can have SSO using SPNEGO & X.509 certificate at the same time for the same system?

Regards,

Sam

Former Member
‎07-02-2014 1:58 PM
0 Kudos

Dear Sam,

Happy to read, that your configuration is OK now. The OSS support would have help you too.

I suppose that you are asking if it is possible to use SPNego and SNC for ABAP togehter right?

Both can be used in parallel. SPNego for ABAP is designed for SSO using browser application to the ABAP server (NWBC or Web GUI). SNC is designed for SAP GUI and all other RFC connections.

Your use case and your security requirement should define if you want to have one or both. Ther are enough use case documentation in the under popular content.

KR

Valerie

Ask a Question