cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Secure Login Web Client throws exception: java.lang.ClassNotFoundException: com.sap.securelogin.client.applet.SecureLoginClient.class

Go to solution
dyaryura
Active Participant

on ‎09-14-2014 9:00 PM

0 Kudos

Hello Experts!

We're currently configuring SAP NW SSO 2.0 and we're getting an error when log-in to the SL Web Client having an expired certificate.

The scenario is a Secure Login Server component installed on the same SAP Application Server where a SAP SRM runs. The Secure Login Server is supposed to generate X.509 certificates in order to perform SSO against different SAP Systems in the Landscape, including the SRM server itself.

Due to customer requirements the Certificate should expire in a short time, i.e. 10 minutes.

At his point, we were able to successfully generate and X.509 certificate and use it to perform SSO against ABAP and Java Systems.

As configured, after 10 minutes, the certificate expires. If we try to log-on again to the Secure Login Web Client in order to get a new certificate an error occurs:


In the java console, the first exception we get is:

network: Connecting https://<hidden server name>:50001/SecureLoginServer/webclient/sap.com~securelogin.webclient.jar?version=1410707274078 with proxy=DIRECT

network: Connecting http://<hidden server name>:50001/ with proxy=DIRECT

security: Loading certificates from Deployment session certificate store

security: Loaded certificates from Deployment session certificate store

security: SHA-256Certificate finger print: <here fingerprint 1>

security: Checking if certificate is in Internet Explorer DISALLOWED certificate store

security: SHA-256Certificate finger print: <here fingerprint 2>

security: Checking if certificate is in Internet Explorer DISALLOWED certificate store

javax.net.ssl.SSLException: Received fatal alert: illegal_parameter

    at sun.security.ssl.Alerts.getSSLException(Unknown Source)

Workarounds:

We found the following workarounds that aren't suitable for us. We require the SL Web Client to automatically handle such situation without changes in the client machines.

1) Delete the expired certificate in IE manually and restart IE.

2) Disable in the Java Control panel "Use certificates and keys in browser keystore" and install the Secure Login Root CA certificate in the Java VM.

Any thoughts? have you faced the same issue?

Thank You!!

Diego.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-15-2014 8:33 AM
0 Kudos

Hello,

my assumption is that you have switched on SSL client authentication on the port you use for the Secure Login Web Client (the optional request flag).

Please try to configure to use another port without SSL client authentication requesting for the Secure Login Web Client or switch off the "request" for the Client Authentication Mode in SSL configuration in NW SSL Admin on the existing port (if you do not need it).

best regards

Alexander Gimbel

Show replies
Show replies

Answers (0)

Ask a Question