on 01-05-2015 6:45 PM
Dear Gurus:
I am trying to configure SSO for agentry (SAPWM61). I am supposed to do authtication using the SAP Portal(uses ldap) and then I get redirected to ECC backend and we have trusted relation between portal and backend ECC.
In SAPWM6.1 document I see a few changes have to be done in the javaBE.ini files.
Am just wondering if any has done something like this?
Below is what is mentioned in the install document:
[USER_AUTH_SSO] ;referenced when LOGON_METHOD=USER_AUTH_SSO ; SSO related
information for user in LoginModuleSSO to facilite Login to ; an SAP system
using tickets from a message server. ;
;PORTAL_URL=https://ldciszd.wdf.sap.corp:4431/sap/bc/webdynpro
;PORTAL_URL=http://ldjcis49.wdf.sap.corp:5100/irj/portal
;PORTAL_URL=https://localhost/irj/portal/
PORTAL_URL=https://localhost/irj/portal.client/verifier/
; verification file from the portal. Not required, but if portal names are
different from the authenticated user name, it will be needed to decode the
name. VERIFICATION_USE=true VERIFICATION_FILENAME=szb.verify.pse
;VERIFICATION_PASSWORD=rzdrj1<9~gyqdv0?6r}f
;VERIFICATION_PASSWORD_ENCODED=true
; keystore for client authentication to the server, if required.
KEY_STORE_USE=true ;KEY_STORE_TYPE=WINDOWS-MY KEY_STORE_TYPE=jks
KEY_STORE_FILENAME=local.client.certificate.keystore
;KEY_STORE_FILENAME=client.p12 KEY_STORE_PASSWORD=simplepass
;KEY_STORE_PASSWORD_ENCODED=false
; trust store for server authentication to the client (accepting only trusted
servers to prevent MIM attacks) TRUST_STORE_USE=true
;TRUST_STORE_TYPE=WINDOWS-ROOT TRUST_STORE_TYPE=jks
TRUST_STORE_FILENAME=local.certificate.truststore
TRUST_STORE_PASSWORD=simplepass ;TRUST_STORE_PASSWORD_ENCODED=false
COOKIE=MYSAPSO2 HTTPTYPE=https SSL_VERSION=SSLv3 JAVA_SECURITY_DEBUG=true
JAVA_NET_DEBUG=true
Ravi
Ravi,
Yes you need to follow configuration steps as specified in the documentation. One of the step is to modify JavaBE.ini as indicated by you. Do you have any specific question or issue that your having ?
Please also refer some of the OSS notes relevant for SSO set-up.
Thanks
Manju.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Manju: I tried the steps mentioned in the document but I am thinking that I am doing something not right. Am getting errors like "Thread###User::rethrowException::COM.SYCLO.AGENTRY.BUSINESSLOGICEXCEPTION:
COULD NOT LOGIN USER GN9 - IO EXCEPTION SSO SERVER RESPONSE CODE OF ERROR: 404 ".
If anyone has list of parameters I need to set please let me know.
Ravi
Ravi,
You may have to do little bit of troubleshooting to find out whether it is something to do with set-up or missing /incorrect parameters. By quick glancing at JavaBE.ini parameters it looks okay to be expect PORTAL_URL.
Can you verify your portal URL..Usually it is set as IR/portal.
PORTAL_URL=https://localhost/irj/portal/
You need find out whether :-
a) Whether request is coming to EP and EP is issuing SAP logon ticket. With help of Basis team you can find out that or with help of trace.
b) with SAP logon ticket issued by EP whether user can logon to ECC system.
Thanks,
Manju.
Manju:
The portal URL i have given is as follows:
http://mycompanyportalurl:port/irj/portal. I have set up javaBE parameters and I am BASIS as well. From the portal logs I see that there is no login. Is there a way we can set trace in SMP itself?
Ravi
Manju:
SMP 3.0 SP4 is what I have. Following is the error I see:
11:04:48 01/06/2015 : 20 (Agentry3), JavaBackEndError (JAVA EXCEPTION CAUGHT: com.syclo.agentry.AgentryException: Could not login u ser GN9 - java.lang.UnsatisfiedLinkError: com.mysap.sso.SSO2Ticket.evalLogonTicket(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Stri ng;)[Ljava/lang/Object;), at com.mysap.sso.SSO2Ticket.evalLogonTicket(Native Method)
Manju:
I changed the protocal from HTTP to https and I see the following error..
2015 01 06 12:08:33#0-600#ERROR#com.sap.mobile.platform.server.agentry.console##anonymous#Agentry Prod Def Load Loop Thread###Exception: 12:08:33 01/06/2015 : 20 (Agentry3), JavaBackEndError (JAVA EXCEPTION CAUGHT: com.syclo.agentry.AgentryException: Could not login user GN9 - IO Exception Unrecognized SSL message, plaintext connection?), |
Ravi
Ravi,
Did you just change PORTAL_URL ? what about HTTPTYPE parameter ?
PORTAL_URL=https://localhost/irj/portal.client/verifier/
COOKIE=MYSAPSO2 HTTPTYPE=https SSL_VERSION=SSLv3 JAVA_SECURITY_DEBUG=true
JAVA_NET_DEBUG=true
is GN9 user id your using is service user id or user id that your trying to logon from Agentry client ?
Thanks
Manju
Manju:
Yes I changed the URL to http://myportal:port/irj/portal and GN9 is the userID set in portal(ldap).
Ravi
No my question is when are you getting the error when you start-up SMP Server or during user logon from Agentry client ?
I don't think you change just PORTAL_URL without changing other parameter ? use http or https based on how your EP is configured.
Please look at some of the OSS messages as it may be relevant for your scenario.
Thanks
Manju.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.