on 06-29-2014 12:05 PM
Hi,
I have done the below configuration
1. Installed the secure login server
2.Created the technical user including SPN in ADS
3.Configured SPNEGO
4.Downloaded the policy profile from the secure login server
5.Exported the root certificate from the secure login server
6 Installed the secure login client
7 Applied the policy & root certificate on client.
But i am unable to find the x.509 user certificate on the secure login client.
Any steps missing here?
Regards,
Sam
Hello Sam,
All steps seems to be ok.
Could you attach a screenshoot of the Secure Login Client main window?
Do you get a error message, if you try to enroll the SPENGO based profile?
thanks,
best regards
Alexander Gimbel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Sam,
I asume that you have restarted the client after the policy was installed.
So as there is no Secure Login Server profile available in Secure Login Client there must be something wrong with the policy.
1.How do you publish your profiles, with the secure login service (policy download agent) or manually?
2. If you use the polcy agent, please check the Event log on the client for errors, a common error is that the Root CA for SSL trust is not installed in the local computer certificate store (not the current user certificate store).
3. please check the registry in the tree HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SAP\SecureLogin\profiles if there are any entries.
best regards
Alexander Gimbel
Dear Alexander,
Just an update, i tried to access the poliy url [login server] from the client and i was getting an error saying "its not in the list of trusetd sites", so i added this in the list of trusted sites and did a restart of the client. Now i am able to see the entry in the secure login client as below.
but when i try to login, iam getting the below error.
please advice.
Regards,
Sam
Hello Sam,
The error message means that you do not trust your SSL server certificate or the Root CA of them.
Please install the Root CA of the SSL server certificate into your local user certificate store as "Trusted Root Certification authorities". This
should solve the problem.
Also check if you have enabled "SSL Host Alternative Name Check", if so please assure that the SSL Server certificate has the correct subject alternative name which matches the hostname.
best regards
Alexander Gimbel
Hi,
Please find below the error i get in the trace files..
SL peer certificate default verification called.
[2014.07.01 10:09:13.249000][ERROR][sbus.exe ][URL ][ 1944] ERROR(0xA250020B) in URL module. Function url_check_SSL_AltName failed: URL: Server name does not fit to subject alternative name extension in SSL/TLS certificate
[2014.07.01 10:09:13.249000][ERROR][sbus.exe ][URL ][ 1944] ERROR(0xA250020B) in URL module. Function sec_URL_API_check_ssl_server_certificate failed: URL: Server name does not fit to subject alternative name extension in SSL/TLS certificate
[2014.07.01 10:09:13.249000][ERROR][sbus.exe ][URL ][ 1944] ERROR(0xA250020B) in URL module. Function sec_url_conn_check_ssl_server_certificate failed: URL: Server name does not fit to subject alternative name extension in SSL/TLS certificate
[2014.07.01 10:09:13.249000][ERROR][sbus.exe ][URL ][ 1944] ERROR(0xA250020B) in URL module. Function sec_url_ssl_conn_check_server_certificate failed: URL: Server name does not fit to subject alternative name extension in SSL/TLS certificate
[2014.07.01 10:09:13.249000][ERROR][sbus.exe ][URL ][ 1944] ERROR(0xA250020B) in URL module. Function url_httpquery failed: URL: Server name does not fit to subject alternative name extension in SSL/TLS certificate
[2014.07.01 10:09:13.249000][INFO ][sbus.exe ][SSL ][ 1944] Sending alert of level WARNING: close notify
[2014.07.01 10:09:13.249000][TRACE][sbus.exe ][SSL ][ 1944] Function ssl3_write_pending returning 2. OK.
[2014.07.01 10:09:13.249000][TRACE][sbus.exe ][SSL ][ 1944] Function ssl3_dispatch_alert returning 2. OK.
[2014.07.01 10:09:13.249000][TRACE][sbus.exe ][SSL ][ 1944] Function ssl3_shutdown returning 0. OK.
[2014.07.01 10:09:13.249000][ERROR][sbus.exe ][URL ][ 1944] ERROR(0xA250020B) in URL module. Function url_query failed: URL: Server name does not fit to subject alternative name extension in SSL/TLS certificate
[2014.07.01 10:09:13.249000][TRACE][sbus.exe ][sbusslogin.d][ 1944] } 84e40003
[2014.07.01 10:09:13.249000][TRACE][sbus.exe ][sbusslogin.d][ 1944] } 84e40003
[2014.07.01 10:09:14.515000][TRACE][sbus.exe ][sbus.dll ][ 1944] Error connecting to SSL server.
[2014.07.01 10:09:14.515000][TRACE][sbus.exe ][sbus.dll ][ 1944] The SSL server certificate does not contain the server's domain name.Enrollment failed
[2014.07.01 10:09:16.718000][TRACE][sbus.exe ][sbuspolicy.d][ 2512] { SBUS_Policy_File::Bind
Hi Sam,
you have had the standard SSL server certificate installed (locahost). This is a dummy self-signed SSL server certificate so the Netweaver can be accessed securely with SSL
But it is recommended to generate a new SSL Server certificate. You can do this easy with the Secure Login Server Administrator Console:
You have already imported the Root CA certificate of the Secure Login Server into the clients certificate store (Trusted Root Certification authorities), so the SSL server certificate should then be trusted and the error message should be gone.
hope this helps
best regards
Alexander Gimbel
Hi,
now you run into the "Server name does not fit to subject alternative name extension in SSL/TLS certificate" error. This means that you do not have generated the SSL server certificate with a acurate subject alternative name (DNS Name), but the client is configured to check that.
you can disable the check on client side or generate a new SSL server certificate which fits the requirements.
to disable the check in Secure Login Client:
1. in Secure Login Server Admin console, goto the used authentication profile, goto edit mode, goto tab "Secure Login Client Settings" and disable the chekc box "SSL host Alternative Name Check"
2. manually on the client, open registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SAP\SecureLogin\profiles\<your profile name> , edit the value "sslHostAlternativeNameCheck" from 1 to 0.
after that the error should be gone.
best regards
Alexander Gimbel
Thanks Alexander, the registry entry changes fixed the issue of geting that error on the secure login client.
now i see the below errors in the trace file while trying to login.
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] Getting kerberos ticket for 'HTTP/srvpid01' with algorithm 18 returned error
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] 0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] Getting kerberos ticket for 'HTTP/srvpid01' with algorithm 17 returned error
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] 0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] Getting kerberos ticket for 'HTTP/srvpid01' with algorithm 23 returned error
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] 0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] Getting kerberos ticket for 'HTTP/srvpid01' with algorithm 3 returned error
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] 0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] Getting kerberos ticket for 'HTTP/srvpid01' failed (user name is csam@LDAP-TEST.dom)
[2014.07.01 11:04:02.626000][ERROR][sbus.exe ][Kerberos ][ 4084] ERROR(0xA2600202) in KERBEROS module. Function sec_kerberos_spnego_CreateToken failed: No Kerberos ticket for the requested service
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] Getting kerberos ticket for 'HTTP/srvpid01@LDAP-TEST.dom' with algorithm 18 returned error
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] 0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] Getting kerberos ticket for 'HTTP/srvpid01@LDAP-TEST.dom' with algorithm 17 returned error
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] 0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] Getting kerberos ticket for 'HTTP/srvpid01@LDAP-TEST.dom' with algorithm 23 returned error
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] 0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] Getting kerberos ticket for 'HTTP/srvpid01@LDAP-TEST.dom' with algorithm 3 returned error
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] 0/C000018B The security database on the server does not have a computer account for this workstation trust relationship.
[2014.07.01 11:04:02.626000][WARN ][sbus.exe ][Kerberos ][ 4084] Getting kerberos ticket for 'HTTP/srvpid01@LDAP-TEST.dom' failed (user name is csam@LDAP-TEST.dom)
[2014.07.01 11:04:02.626000][ERROR][sbus.exe ][Kerberos ][ 4084] ERROR(0xA2600202) in KERBEROS module. Function sec_kerberos_spnego_CreateToken failed: No Kerberos ticket for the requested service
[2014.07.01 11:04:03.754000][TRACE][sbus.exe ][sbus.dll ][ 4084] Supplied credentials not accepted by the server.Enrollment failed
[2014.07.01 11:04:03.754000][TRACE][sbus.exe ][sbusslogin.d][ 4084] { CSecureLogin_Protocol_2_0::Send_DeleteSession
[2014.07.01 11:04:03.754000][TRACE][sbus.exe ][sbusslogin.d][ 4084] } 0
[2014.07.01 11:04:03.754000][TRACE][sbus.exe ][SSL ][ 4084] Function ssl3_shutdown returning 0. OK.
[2014.07.01 11:04:03.754000][INFO ][sbus.exe ][SSL ][ 4084] SSL session released.
Regards,
Sam
Hello,
you have changed the enrollURL to the fully qualified hostname vairant in the Secure Login Server administrator console, but there was maybe no update of the policy on the client.
Try to change the "enrollURL0" entry manually on the client in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SAP\SecureLogin\profiles\<your profile name> and change here to "https://<server name>.LDAP-TEST.dom:50201/SecureLoginServer....
and try again.
best regards
Alexander Gimbel
Hello,
then we have an problem with the SPN/Kerberos configuration.
Could you check on the Active Directory Server with the command "setspn -Q HTTP/srvpid01.LDAP-TEST.dom" and check fi there are double entries?
Also on the client you can check, if the client gets correct kerberos tickets from the Domain Controller with the command "klist". Here it will list all available tickets with its SPN and properties. Take a look for other LDAP-TEST.dom tickets and the expired date.
best regards
Alexander Gimbel
Dear Valerie,
Please find below the trace..
----------------------------------------------------------------------------
[YYYY.MM.DD HH:MM:SS.MIKROS][LEVEL][PROCESS ][MODULE ][THR_ID]
[2014.07.01 21:48:52.973000][INFO ][sbus.exe ][URL ][ 2900] Successfully connected to
[2014.07.01 21:48:52.973000][INFO ][sbus.exe ][URL ][ 2900] Address 10.240.55.30 (srvpid01)
[2014.07.01 21:48:53.004000][TRACE][sbus.exe ][URL ][ 2900] Family: AF_INET (IPv4)
[2014.07.01 21:48:53.004000][TRACE][sbus.exe ][URL ][ 2900] Inner family: AF_INET (IPv4)
[2014.07.01 21:48:53.004000][TRACE][sbus.exe ][URL ][ 2900] Protocol: 6
[2014.07.01 21:48:53.004000][TRACE][sbus.exe ][URL ][ 2900] SockType: 1
[2014.07.01 21:48:53.019000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_setup_buffers returning 0. OK.
[2014.07.01 21:48:53.019000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_init_finished_mac returning 0. OK.
[2014.07.01 21:48:53.019000][INFO ][sbus.exe ][SSL ][ 2900] Session to be resumed did not fit preferences. Performing full handshake
[2014.07.01 21:48:53.019000][TRACE][sbus.exe ][BASE/RANDOM ][ 2900] Get 28 bytes random data
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.random OctetString (size="28" ):357E7C882F91060C255422B035CB424734474B0755CB1D855A55DD63
[2014.07.01 21:48:53.050000][INFO ][sbus.exe ][SSL ][ 2900] ClientHello.session_id: no session ID submitted.
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<0> : SSL_RSA_WITH_RC4_128_SHA
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<1> : SSL_RSA_WITH_RC4_128_MD5
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<2> : TLS_RSA_WITH_AES128_CBC_SHA
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<3> : TLS_RSA_WITH_AES256_CBC_SHA
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<4> : SSL_RSA_WITH_3DES_EDE_CBC_SHA
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<5> : SSL_RSA_WITH_DES_CBC_SHA
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<6> : SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<7> : SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<8> : SSL_RSA_EXPORT_WITH_RC4_40_MD5
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.compression_methods.size: 1
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.compression_methods<0> = 0, NULL compression.
[2014.07.01 21:48:53.050000][INFO ][sbus.exe ][SSL ][ 2900] Sending SSLv3 ClientHello
[2014.07.01 21:48:53.050000][INFO ][sbus.exe ][SSL ][ 2900] ClientHello.client_version: 3.1
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_pending returning 3f. OK.
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_bytes returning 3f. OK.
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_do_write returning 1. OK.
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_client_hello successfully returns 1.
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_record returning 0. OK.
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_message returning 0. OK.
[2014.07.01 21:48:53.050000][INFO ][sbus.exe ][SSL ][ 2900] ServerHello.server_version: 3.1 .
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ServerHello.random : OctetString (size="32"):
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] 0 53B2F485 60D7DE7C E0A2C1D5 EB5EC410
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] 10 BB65A8D7 700F451E 46615222 E4615B75
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ServerHello.session_id : OctetString (size="32"):
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] 0 7A0D9DE2 4E968D80 7F512947 2438C159
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] 10 50AE61A8 75D8B4B8 2A47AD80 615D0899
[2014.07.01 21:48:53.050000][INFO ][sbus.exe ][SSL ][ 2900] On receiving ServerHello: Creating new session.
[2014.07.01 21:48:53.050000][INFO ][sbus.exe ][SSL ][ 2900] ServerHello.cipher_suite: TLS_RSA_WITH_AES128_CBC_SHA
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] ServerHello.compression_method: 0.
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_server_hello returning 0. OK.
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_record returning 0. OK.
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:53.050000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_message returning 0. OK.
[2014.07.01 21:48:53.065000][INFO ][sbus.exe ][SSL ][ 2900] Received server certificate:
[2014.07.01 21:48:53.065000][INFO ][sbus.exe ][SSL ][ 2900] subject: Name :CN=srvpid01.LDAP-TEST.dom, C=AE
[2014.07.01 21:48:53.065000][INFO ][sbus.exe ][SSL ][ 2900]
[2014.07.01 21:48:53.065000][INFO ][sbus.exe ][SSL ][ 2900] issued by: Name :CN=Secure Login Root CA
[2014.07.01 21:48:53.065000][INFO ][sbus.exe ][SSL ][ 2900] .
[2014.07.01 21:48:53.065000][TRACE][sbus.exe ][SSL ][ 2900] Server Certificate details: Certificate:
[2014.07.01 21:48:53.065000][TRACE][sbus.exe ][SSL ][ 2900] Subject :CN=srvpid01.LDAP-TEST.dom, C=AE
[2014.07.01 21:48:53.065000][TRACE][sbus.exe ][SSL ][ 2900] Issuer :CN=Secure Login Root CA
[2014.07.01 21:48:53.065000][TRACE][sbus.exe ][SSL ][ 2900] Serial number:0x08c58a38
[2014.07.01 21:48:53.127000][TRACE][sbus.exe ][IO ][ 2900] BEGIN: io_file_type (C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\ocsp.xml)
[2014.07.01 21:48:53.127000][TRACE][sbus.exe ][IO ][ 2900] END : io_file_type
[2014.07.01 21:48:53.127000][TRACE][sbus.exe ][LOADER ][ 2900] Loading config file 'ocsp.xml' failed because file not existing in path 'C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\ocsp.xml'
[2014.07.01 21:48:53.127000][TRACE][sbus.exe ][IO ][ 2900] BEGIN: io_file_type (C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\pkix.xml)
[2014.07.01 21:48:53.127000][TRACE][sbus.exe ][IO ][ 2900] END : io_file_type
[2014.07.01 21:48:53.127000][TRACE][sbus.exe ][LOADER ][ 2900] Loading config file 'pkix.xml' failed because file not existing in path 'C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\pkix.xml'
[2014.07.01 21:48:53.127000][TRACE][sbus.exe ][IO ][ 2900] BEGIN: io_file_type (C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\base.xml)
[2014.07.01 21:48:53.127000][TRACE][sbus.exe ][IO ][ 2900] END : io_file_type
[2014.07.01 21:48:53.127000][TRACE][sbus.exe ][LOADER ][ 2900] Loading config file 'base.xml' failed because file not existing in path 'C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\base.xml'
[2014.07.01 21:48:53.127000][TRACE][sbus.exe ][IO ][ 2900] BEGIN: io_file_type (C:\Users\csam\AppData\Local\sec)
[2014.07.01 21:48:53.127000][TRACE][sbus.exe ][IO ][ 2900] END : io_file_type
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][IO ][ 2900] BEGIN: sec_io_statFile (C:\Users\csam\AppData\Local\sec\pse_verify_cache.upd)
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][IO ][ 2900] END : sec_io_statFile
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][PKIX ][ 2900] Resetting verification cache (memory)
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] { SBUSPSE::isInTrustedCerts
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] { SBUSPSE::needRealPSE
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 80004001
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::isInTrustedCerts
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::Refresh
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::InitProviders
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 0
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 0
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] { SBUSPSE::searchCertificate
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] { SBUSPSE::needRealPSE
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 80004001
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::getAllTrustedCerts
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::getTrustedCertList
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::Refresh
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::InitProviders
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 0
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 0
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTokenMgr::GetPCI
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] m_apTokens[0]->GetPCI()
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 0
[2014.07.01 21:48:53.142000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 0
[2014.07.01 21:48:53.173000][TRACE][sbus.exe ][sbus.dll ][ 2900] { SBUSPSE::isInTrustedCerts
[2014.07.01 21:48:53.173000][TRACE][sbus.exe ][sbus.dll ][ 2900] { SBUSPSE::needRealPSE
[2014.07.01 21:48:53.173000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 80004001
[2014.07.01 21:48:53.173000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::isInTrustedCerts
[2014.07.01 21:48:53.173000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::Refresh
[2014.07.01 21:48:53.173000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::InitProviders
[2014.07.01 21:48:53.173000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:53.173000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:53.173000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:53.173000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Certificate verification result:
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Certificate:
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Subject :CN=srvpid01.LDAP-TEST.dom, C=AE
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Issuer :CN=Secure Login Root CA
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Serial number:0x08c58a38
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Validity:
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Not before :Tue Jul 1 14:44:13 2014
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Not after :Sat Jul 1 14:44:13 2034
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Key:
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Key type :rsaEncryption (1.2.840.113549.1.1.1)
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Key size :2048
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] PK_Fingerprint_MD5:AEBA A9AA E34C 45CA 2AC8 A208 6DE3 96B3
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Fingerprint_MD5:CD:92:E8:72:E2:2F:B6:98:B1:50:E2:13:3C:82:F8:BB
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Fingerprint_SHA1:B60E 003B 64B1 3E65 66DB 5652 AE7E C08C 3287 BC47
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Verification result:
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Status :Successful
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Profile :1.3.6.1.4.1.694.2.2.2.2
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] SignerStatus:Successful
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] SignerVerificationResult:
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] element#no="1":
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Status :Successful
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Validity :Successful
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] BasicConstraints:Successful
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] KeyUsage :Successful
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] ObjectStatus:Successful
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] SignerCert:
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Certificate:
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Subject :CN=Secure Login Root CA
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Issuer :CN=Secure Login Root CA
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Serial number:0x70b19f37f6529aec
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Validity:
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Not before :Wed Jun 25 23:22:08 2014
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Not after :Tue Jun 25 23:22:08 2024
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Key:
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Key type :rsaEncryption (1.2.840.113549.1.1.1)
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Key size :4096
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] PK_Fingerprint_MD5:E758 152B D4EC 48F6 B5DE E8F9 3A9A 3D40
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Source :Local store
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Fingerprint_MD5:8F:F4:00:F4:DD:2F:73:CC:4F:C0:05:1D:2C:92:A5:28
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Fingerprint_SHA1:EEDE F1D8 58E2 A0C8 8790 BF9F 59C4 35FE F6EB CC9D
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Verification result:
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Status :Successful
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] Profile :1.3.6.1.4.1.694.2.2.2.2
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] BasicConstraintsPathLen:3
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][VERIFY ][ 2900] DirectlyTrusted:Successful
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][SSL ][ 2900] Connect:ssl_verify_peer_certificates Certificate verification returned Certificate trusted
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_server_certificate returning 0. OK.
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_record returning 0. OK.
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_message returning 0. OK.
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_key_exchange returning 0. OK.
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_message returning 0. OK.
[2014.07.01 21:48:53.188000][INFO ][sbus.exe ][SSL ][ 2900] Checking for CertificateRequest message
[2014.07.01 21:48:53.188000][INFO ][sbus.exe ][SSL ][ 2900] Message type == ServerHelloDone; no client authentication requested
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_certificate_request returning 0. OK.
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_message returning 0. OK.
[2014.07.01 21:48:53.188000][INFO ][sbus.exe ][SSL ][ 2900] Received ServerHelloDone message
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_server_done returning 0. OK.
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][SSL ][ 2900] Initiate:ssl3_send_client_key_exchange uses servers encryption key
[2014.07.01 21:48:53.188000][TRACE][sbus.exe ][BASE/RANDOM ][ 2900] Get 48 bytes random data
[2014.07.01 21:48:53.203000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_create_cipher_state_and_key_exchange_def returning 0. OK.
[2014.07.01 21:48:53.203000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_pending returning 106. OK.
[2014.07.01 21:48:53.203000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:53.203000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_bytes returning 106. OK.
[2014.07.01 21:48:53.203000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_do_write returning 1. OK.
[2014.07.01 21:48:53.203000][INFO ][sbus.exe ][SSL ][ 2900] Sending ChangeCipherSpec message.
[2014.07.01 21:48:53.203000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_pending returning 1. OK.
[2014.07.01 21:48:53.203000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_bytes returning 1. OK.
[2014.07.01 21:48:53.203000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_do_write returning 1. OK.
[2014.07.01 21:48:53.203000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_change_cipher_state returning 0. OK.
[2014.07.01 21:48:53.203000][INFO ][sbus.exe ][SSL ][ 2900] Sending "Finished" message.
[2014.07.01 21:48:53.203000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_pending returning 10. OK.
[2014.07.01 21:48:53.203000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:53.203000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_bytes returning 10. OK.
[2014.07.01 21:48:53.203000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_do_write returning 1. OK.
[2014.07.01 21:48:53.265000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_record returning 0. OK.
[2014.07.01 21:48:53.265000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_change_cipher_state returning 0. OK.
[2014.07.01 21:48:53.265000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_record returning 0. OK.
[2014.07.01 21:48:53.265000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:53.265000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:53.265000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_message returning 0. OK.
[2014.07.01 21:48:53.265000][INFO ][sbus.exe ][SSL ][ 2900] Received message of type "Finished".Peer has completed sending of handshake messages.
[2014.07.01 21:48:53.280000][INFO ][sbus.exe ][SSL ][ 2900] SSL3 client: handshake successful with this server: CN=srvpid01.LDAP-TEST.dom, C=AE
[2014.07.01 21:48:53.280000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_pending returning 19f. OK.
[2014.07.01 21:48:53.280000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_bytes returning 19f. OK.
[2014.07.01 21:48:53.280000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_ex returning 19f. OK.
[2014.07.01 21:48:53.495000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_record returning 0. OK.
[2014.07.01 21:48:53.510000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_read successfully returns 512.
[2014.07.01 21:48:53.510000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_read successfully returns 300.
[2014.07.01 21:48:53.510000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_record returning 0. OK.
[2014.07.01 21:48:53.510000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_read_bytes(): Handle 9bd530 received close notify.
[2014.07.01 21:48:53.510000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_read successfully returns 0.
[2014.07.01 21:48:53.510000][INFO ][sbus.exe ][SSL ][ 2900] Sending alert of level WARNING: close notify
[2014.07.01 21:48:53.510000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_pending returning 2. OK.
[2014.07.01 21:48:53.510000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_dispatch_alert returning 2. OK.
[2014.07.01 21:48:53.510000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_shutdown returning 0. OK.
[2014.07.01 21:48:53.510000][TRACE][sbus.exe ][sbusslogin.d][ 2900] } 0
[2014.07.01 21:48:53.510000][TRACE][sbus.exe ][sbusslogin.d][ 2900] } 0
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][Kerberos ][ 2900] Got kerberos ticket for 'HTTP/srvpid01.LDAP-TEST.dom' with server key type 23 and session key type 23
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][BASE/RANDOM ][ 2900] Get 8 bytes random data
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbusslogin.d][ 2900] { CSecureLogin_Protocol_2_0::Send_Auth_SPNEGO
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbusslogin.d][ 2900] { CSecureLogin_Protocol_2_0::Send_Auth_Combined
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbusslogin.d][ 2900] { CSecureLogin::Send_Any
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][URL ][ 2900] Successfully connected to
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][URL ][ 2900] Address 10.240.55.30 (srvpid01)
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][URL ][ 2900] Family: AF_INET (IPv4)
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][URL ][ 2900] Inner family: AF_INET (IPv4)
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][URL ][ 2900] Protocol: 6
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][URL ][ 2900] SockType: 1
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_setup_buffers returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_init_finished_mac returning 0. OK.
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] Session to be resumed did not fit preferences. Performing full handshake
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][BASE/RANDOM ][ 2900] Get 28 bytes random data
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.random OctetString (size="28" ):A91A1FA41CFBF6485DA96792BC957F67C82BD7B56118B7412B970F6C
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] ClientHello.session_id: no session ID submitted.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<0> : SSL_RSA_WITH_RC4_128_SHA
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<1> : SSL_RSA_WITH_RC4_128_MD5
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<2> : TLS_RSA_WITH_AES128_CBC_SHA
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<3> : TLS_RSA_WITH_AES256_CBC_SHA
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<4> : SSL_RSA_WITH_3DES_EDE_CBC_SHA
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<5> : SSL_RSA_WITH_DES_CBC_SHA
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<6> : SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<7> : SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.cipher_suites<8> : SSL_RSA_EXPORT_WITH_RC4_40_MD5
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.compression_methods.size: 1
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ClientHello.compression_methods<0> = 0, NULL compression.
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] Sending SSLv3 ClientHello
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] ClientHello.client_version: 3.1
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_pending returning 3f. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_bytes returning 3f. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_do_write returning 1. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_client_hello successfully returns 1.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_record returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_message returning 0. OK.
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] ServerHello.server_version: 3.1 .
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ServerHello.random : OctetString (size="32"):
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] 0 53B2F489 43478B63 DE97DD84 58249D6E
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] 10 8DE63AFA 9FCB909A F8D46D23 568E9E5B
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ServerHello.session_id : OctetString (size="32"):
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] 0 731F898F 659FEA98 58AE9F6D 984B7839
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] 10 74BCB35F 31ED0FD9 9D7D8908 4C0C9223
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] On receiving ServerHello: Creating new session.
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] ServerHello.cipher_suite: TLS_RSA_WITH_AES128_CBC_SHA
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] ServerHello.compression_method: 0.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_server_hello returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_record returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_message returning 0. OK.
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] Received server certificate:
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] subject: Name :CN=srvpid01.LDAP-TEST.dom, C=AE
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900]
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] issued by: Name :CN=Secure Login Root CA
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] .
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Server Certificate details: Certificate:
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Subject :CN=srvpid01.LDAP-TEST.dom, C=AE
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Issuer :CN=Secure Login Root CA
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Serial number:0x08c58a38
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][IO ][ 2900] BEGIN: sec_io_statFile (C:\Users\csam\AppData\Local\sec\pse_verify_cache.upd)
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][IO ][ 2900] END : sec_io_statFile
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { SBUSPSE::isInTrustedCerts
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { SBUSPSE::needRealPSE
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 80004001
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::isInTrustedCerts
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::Refresh
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::InitProviders
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 0
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 0
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { SBUSPSE::searchCertificate
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { SBUSPSE::needRealPSE
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 80004001
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::getAllTrustedCerts
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::getTrustedCertList
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::Refresh
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::InitProviders
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 0
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 0
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTokenMgr::GetPCI
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] m_apTokens[0]->GetPCI()
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 0
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 0
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { SBUSPSE::isInTrustedCerts
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { SBUSPSE::needRealPSE
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 80004001
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::isInTrustedCerts
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::Refresh
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] { CTrust::InitProviders
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][sbus.dll ][ 2900] } 1
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Certificate verification result:
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Certificate:
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Subject :CN=srvpid01.LDAP-TEST.dom, C=AE
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Issuer :CN=Secure Login Root CA
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Serial number:0x08c58a38
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Validity:
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Not before :Tue Jul 1 14:44:13 2014
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Not after :Sat Jul 1 14:44:13 2034
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Key:
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Key type :rsaEncryption (1.2.840.113549.1.1.1)
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Key size :2048
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] PK_Fingerprint_MD5:AEBA A9AA E34C 45CA 2AC8 A208 6DE3 96B3
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Fingerprint_MD5:CD:92:E8:72:E2:2F:B6:98:B1:50:E2:13:3C:82:F8:BB
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Fingerprint_SHA1:B60E 003B 64B1 3E65 66DB 5652 AE7E C08C 3287 BC47
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Verification result:
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Status :Successful
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Profile :1.3.6.1.4.1.694.2.2.2.2
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] SignerStatus:Successful
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] SignerVerificationResult:
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] element#no="1":
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Status :Successful
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Validity :Successful
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] BasicConstraints:Successful
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] KeyUsage :Successful
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] ObjectStatus:Successful
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] SignerCert:
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Certificate:
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Subject :CN=Secure Login Root CA
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Issuer :CN=Secure Login Root CA
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Serial number:0x70b19f37f6529aec
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Validity:
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Not before :Wed Jun 25 23:22:08 2014
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Not after :Tue Jun 25 23:22:08 2024
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Key:
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Key type :rsaEncryption (1.2.840.113549.1.1.1)
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Key size :4096
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] PK_Fingerprint_MD5:E758 152B D4EC 48F6 B5DE E8F9 3A9A 3D40
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Source :Local store
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Fingerprint_MD5:8F:F4:00:F4:DD:2F:73:CC:4F:C0:05:1D:2C:92:A5:28
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Fingerprint_SHA1:EEDE F1D8 58E2 A0C8 8790 BF9F 59C4 35FE F6EB CC9D
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Verification result:
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Status :Successful
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] Profile :1.3.6.1.4.1.694.2.2.2.2
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] BasicConstraintsPathLen:3
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][VERIFY ][ 2900] DirectlyTrusted:Successful
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Connect:ssl_verify_peer_certificates Certificate verification returned Certificate trusted
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_server_certificate returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_record returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_message returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_key_exchange returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_message returning 0. OK.
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] Checking for CertificateRequest message
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] Message type == ServerHelloDone; no client authentication requested
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_certificate_request returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_message returning 0. OK.
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] Received ServerHelloDone message
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_server_done returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Initiate:ssl3_send_client_key_exchange uses servers encryption key
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][BASE/RANDOM ][ 2900] Get 48 bytes random data
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_create_cipher_state_and_key_exchange_def returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_pending returning 106. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_bytes returning 106. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_do_write returning 1. OK.
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] Sending ChangeCipherSpec message.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_pending returning 1. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_bytes returning 1. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_do_write returning 1. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_change_cipher_state returning 0. OK.
[2014.07.01 21:48:57.159000][INFO ][sbus.exe ][SSL ][ 2900] Sending "Finished" message.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_pending returning 10. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_bytes returning 10. OK.
[2014.07.01 21:48:57.159000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_do_write returning 1. OK.
[2014.07.01 21:48:57.220000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_record returning 0. OK.
[2014.07.01 21:48:57.220000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_change_cipher_state returning 0. OK.
[2014.07.01 21:48:57.220000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_record returning 0. OK.
[2014.07.01 21:48:57.220000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:57.220000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_finish_mac returning 0. OK.
[2014.07.01 21:48:57.220000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_message returning 0. OK.
[2014.07.01 21:48:57.220000][INFO ][sbus.exe ][SSL ][ 2900] Received message of type "Finished".Peer has completed sending of handshake messages.
[2014.07.01 21:48:57.220000][INFO ][sbus.exe ][SSL ][ 2900] SSL3 client: handshake successful with this server: CN=srvpid01.LDAP-TEST.dom, C=AE
[2014.07.01 21:48:57.220000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_pending returning a2d. OK.
[2014.07.01 21:48:57.220000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_bytes returning a2d. OK.
[2014.07.01 21:48:57.220000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_ex returning a2d. OK.
[2014.07.01 21:48:57.267000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_record returning 0. OK.
[2014.07.01 21:48:57.267000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_read successfully returns 278.
[2014.07.01 21:48:57.267000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_get_record returning 0. OK.
[2014.07.01 21:48:57.267000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_read_bytes(): Handle 9bd530 received close notify.
[2014.07.01 21:48:57.267000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_read successfully returns 0.
[2014.07.01 21:48:57.267000][INFO ][sbus.exe ][SSL ][ 2900] Sending alert of level WARNING: close notify
[2014.07.01 21:48:57.267000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_write_pending returning 2. OK.
[2014.07.01 21:48:57.267000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_dispatch_alert returning 2. OK.
[2014.07.01 21:48:57.267000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_shutdown returning 0. OK.
[2014.07.01 21:48:57.267000][TRACE][sbus.exe ][sbusslogin.d][ 2900] } 0
[2014.07.01 21:48:57.267000][TRACE][sbus.exe ][sbusslogin.d][ 2900] { CSecureLogin_Protocol_2_0::Handle_Auth_Response
[2014.07.01 21:48:57.267000][TRACE][sbus.exe ][sbusslogin.d][ 2900] } 0
[2014.07.01 21:48:57.267000][TRACE][sbus.exe ][sbusslogin.d][ 2900] } 80070005
[2014.07.01 21:48:57.267000][TRACE][sbus.exe ][sbusslogin.d][ 2900] } 80070005
[2014.07.01 21:48:59.260000][TRACE][sbus.exe ][sbus.dll ][ 2900] Supplied credentials not accepted by the server.Enrollment failed
[2014.07.01 21:48:59.260000][TRACE][sbus.exe ][sbusslogin.d][ 2900] { CSecureLogin_Protocol_2_0::Send_DeleteSession
[2014.07.01 21:48:59.260000][TRACE][sbus.exe ][sbusslogin.d][ 2900] } 0
[2014.07.01 21:48:59.260000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_shutdown returning 0. OK.
[2014.07.01 21:48:59.260000][INFO ][sbus.exe ][SSL ][ 2900] SSL session released.
[2014.07.01 21:48:59.260000][TRACE][sbus.exe ][SSL ][ 2900] Function ssl3_free successfully returns (void type).
[2014.07.01 21:48:59.260000][TRACE][sbus.exe ][URL/H_URL_CT][ 2900] No more external refs to url_ssl_factory.
[2014.07.01 21:48:59.260000][TRACE][sbus.exe ][PKIX ][ 2900] Cache: requests:4, returned:0, used:0
[2014.07.01 21:48:59.260000][TRACE][sbus.exe ][URL/H_URL_CT][ 2900] url_ssl_factory: destroy
[2014.07.01 21:49:05.462000][TRACE][sbus.exe ][sbuspolicy.d][ 2596] { SBUS_Policy_File::Bind
[2014.07.01 21:49:05.462000][TRACE][sbus.exe ][sbuspolicy.d][ 2596] } 0
[2014.07.01 21:49:05.462000][TRACE][sbus.exe ][sbuspolicy.d][ 2596] { SBUS_Policy_File::Read_File
[2014.07.01 21:49:05.462000][TRACE][sbus.exe ][sbuspolicy.d][ 2596] } 0
also find the output of klist
Current LogonId is 0:0x2478b
Cached Tickets: (1)
#0> Client: csam @ LDAP-TEST.DOM
Server: krbtgt/LDAP-TEST.DOM @ LDAP-TEST.DOM
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authent
Start Time: 7/1/2014 14:12:39 (local)
End Time: 7/2/2014 0:12:39 (local)
Renew Time: 7/8/2014 14:12:39 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
Dear Alexander,
Please find below the output
setspn -Q HTTP/srvpid01.LDAP-TEST.dom
Checking domain DC=LDAP-TEST,DC=dom
CN=SAP SSO BID,CN=Users,DC=LDAP-TEST,DC=dom
HTTPS/srvpid01.LDAP-TEST.dom
ABAP/SAP-SSO-BID
HTTP/srvpid01.LDAP-TEST.dom
Existing SPN found!
Also find below the output of
klist
Current LogonId is 0:0x2478b
Cached Tickets: (1)
#0> Client: csam @ LDAP-TEST.DOM
Server: krbtgt/LDAP-TEST.DOM @ LDAP-TEST.DOM
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authent
Start Time: 7/1/2014 14:12:39 (local)
End Time: 7/2/2014 0:12:39 (local)
Renew Time: 7/8/2014 14:12:39 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
Regards,
Sam
Dear Sam,
The connection between Secure Login Client and the AD is correct now. Now you have an issue on you Secure Login Server configuration. Could you please create live trace on the server?
Theh ow to can be found in the SSO implementation guide: 7.3.12 Logging and Tracing Secure Login Server with the Log Viewer of SAP NetWeaver Administrator
A screenshot of your SPNEGO configuration in NWA could help us too.
Btw, no need to configure HTTPS/srvpid01.LDAP-TEST.dom
KR
Valerie
Dear Valerie,
Please find below the extract from the authentication trace
Could not validate SPNEGO token.
[EXCEPTION]
com.sap.engine.services.security.authentication.umapping.UserMappingNoSuchUserException: No user with account attributes [[namespace=com.sap.security.core.authentication, name=principal, value=csam, isCaseSensitive=false], [namespace=com.sap.security.core.authentication, name=realm, value=LDAP-TEST.DOM, isCaseSensitive=false]] found
at com.sap.engine.services.security.authentication.umapping.UserMappingServiceImpl.getUserByAccountAttributes(UserMappingServiceImpl.java:210)
at com.sap.security.core.server.jaas.spnego.util.SPNEGOUserMappingUtil.searchUser(SPNEGOUserMappingUtil.java:82)
at com.sap.security.core.server.jaas.SPNegoLoginModule.processAuthorizationHeader(SPNegoLoginModule.java:531)
at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:157)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:66)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:280)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.sap.securelogin.auth.AuthenticationManager.authenticate(AuthenticationManager.java:77)
at com.sap.securelogin.connection.http.AuthenticationAction.handleAuthentication(AuthenticationAction.java:96)
at com.sap.securelogin.connection.http.AuthenticationAction.performAction(AuthenticationAction.java:63)
at com.sap.securelogin.connection.http.SecureLoginServlet.doPost(SecureLoginServlet.java:71)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:38)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:457)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:278)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
SPNEGO config details below
Regards,
Sam
Dear Valerie,
Yes, correctly pointed out.Did the required changes in SU01 and it worked.
Really appreciate the kind of support you and Mr.Alexander provided in fixing the issues which we have faced. Happy to say that the kind of technical knowledege and professionalism both of you have shown is far beyond the expectations.I am sure that your quick responses and solutions are far better that what we get via OSS support.
One again thanks for all the help.
One more question before closing whether SPNEGO & X.509 certificate based SSO configurations can work parallelly? ie whether i can have SSO using SPNEGO & X.509 certificate at the same time for the same system?
Regards,
Sam
Dear Sam,
Happy to read, that your configuration is OK now. The OSS support would have help you too.
I suppose that you are asking if it is possible to use SPNego and SNC for ABAP togehter right?
Both can be used in parallel. SPNego for ABAP is designed for SSO using browser application to the ABAP server (NWBC or Web GUI). SNC is designed for SAP GUI and all other RFC connections.
Your use case and your security requirement should define if you want to have one or both. Ther are enough use case documentation in the under popular content.
KR
Valerie
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.