cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

sso for agentry.(sapwm61)

Former Member

on ‎01-05-2015 6:45 PM

0 Kudos

Dear Gurus:

                   I am trying to configure SSO for agentry (SAPWM61). I am supposed to do authtication using the SAP Portal(uses ldap) and then I get redirected to ECC backend and we have trusted relation between portal and backend ECC.

In SAPWM6.1 document I see a few changes have to be done in the javaBE.ini files.

Am just wondering if any has done something like this?

Below is what is mentioned in the install document:

[USER_AUTH_SSO] ;referenced when LOGON_METHOD=USER_AUTH_SSO ; SSO related

information for user in LoginModuleSSO to facilite Login to ; an SAP system

using tickets from a message server. ;

;PORTAL_URL=https://ldciszd.wdf.sap.corp:4431/sap/bc/webdynpro

;PORTAL_URL=http://ldjcis49.wdf.sap.corp:5100/irj/portal

;PORTAL_URL=https://localhost/irj/portal/

PORTAL_URL=https://localhost/irj/portal.client/verifier/

; verification file from the portal. Not required, but if portal names are

different from the authenticated user name, it will be needed to decode the

name. VERIFICATION_USE=true VERIFICATION_FILENAME=szb.verify.pse

;VERIFICATION_PASSWORD=rzdrj1<9~gyqdv0?6r}f

;VERIFICATION_PASSWORD_ENCODED=true

; keystore for client authentication to the server, if required.

KEY_STORE_USE=true ;KEY_STORE_TYPE=WINDOWS-MY KEY_STORE_TYPE=jks

KEY_STORE_FILENAME=local.client.certificate.keystore

;KEY_STORE_FILENAME=client.p12 KEY_STORE_PASSWORD=simplepass

;KEY_STORE_PASSWORD_ENCODED=false

; trust store for server authentication to the client (accepting only trusted

servers to prevent MIM attacks) TRUST_STORE_USE=true

;TRUST_STORE_TYPE=WINDOWS-ROOT TRUST_STORE_TYPE=jks

TRUST_STORE_FILENAME=local.certificate.truststore

TRUST_STORE_PASSWORD=simplepass ;TRUST_STORE_PASSWORD_ENCODED=false

COOKIE=MYSAPSO2 HTTPTYPE=https SSL_VERSION=SSLv3 JAVA_SECURITY_DEBUG=true

JAVA_NET_DEBUG=true

Ravi

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

i834235
Product and Topic Expert
Product and Topic Expert
‎01-06-2015 4:44 PM
0 Kudos

Ravi,

Yes you need to follow configuration steps  as specified in the documentation.  One of the step is to modify JavaBE.ini  as indicated by you.  Do you have any specific question or issue that your  having ?

Please also refer some of the OSS notes relevant for SSO set-up.

Thanks

Manju.

Show replies
Show replies
Former Member
‎01-06-2015 4:51 PM
0 Kudos

Manju: I tried the steps mentioned in the document but I am thinking that I am doing something not right. Am getting errors like "Thread###User::rethrowException::COM.SYCLO.AGENTRY.BUSINESSLOGICEXCEPTION:
COULD NOT LOGIN USER GN9 - IO EXCEPTION SSO SERVER RESPONSE CODE OF ERROR: 404 ".

If anyone has list of parameters I need to set please let me know.

Ravi

i834235
Product and Topic Expert
Product and Topic Expert
‎01-06-2015 5:02 PM
0 Kudos

Ravi,

You  may have to do little bit of troubleshooting to find out whether it is something to do with set-up or missing /incorrect parameters.  By quick  glancing at JavaBE.ini parameters it looks  okay to be expect PORTAL_URL.

Can you verify your  portal URL..Usually it is  set as  IR/portal.

PORTAL_URL=https://localhost/irj/portal/

You  need find out whether  :-

a)   Whether request is coming to EP and EP is issuing SAP logon ticket.  With help of  Basis  team you can find out that or with help of trace.

b)  with  SAP  logon  ticket issued by EP whether user can logon to  ECC system.

Thanks,

Manju.

Former Member
‎01-06-2015 5:11 PM
0 Kudos

Manju:

          The portal URL i have given is as follows:

           http://mycompanyportalurl:port/irj/portal. I have set up javaBE parameters and I am BASIS as well. From the portal logs I see that there is no login. Is there a way we can set trace in SMP itself?

Ravi

i834235
Product and Topic Expert
Product and Topic Expert
‎01-06-2015 5:21 PM
0 Kudos

Ravi,

Can you  check SMP / Agentry  logs for any error messages ?  what is your  SMP server SP level ?

To me error code 404 means that SMP server is not able to find or connect to EP.

Thanks

Manju

Former Member
‎01-06-2015 5:35 PM
0 Kudos

Manju:

         SMP 3.0 SP4 is what I have. Following is the error I see:

11:04:48 01/06/2015 : 20 (Agentry3), JavaBackEndError (JAVA EXCEPTION CAUGHT: com.syclo.agentry.AgentryException: Could not login u                      ser GN9 - java.lang.UnsatisfiedLinkError: com.mysap.sso.SSO2Ticket.evalLogonTicket(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Stri                      ng;)[Ljava/lang/Object;),       at com.mysap.sso.SSO2Ticket.evalLogonTicket(Native Method)

Former Member
‎01-06-2015 6:36 PM
0 Kudos

Manju:

          I changed the protocal from HTTP to https and I see the following error..

2015 01 06 12:08:33#0-600#ERROR#com.sap.mobile.platform.server.agentry.console##anonymous#Agentry Prod Def Load Loop Thread###Exception: 12:08:33 01/06/2015 : 20 (Agentry3), JavaBackEndError (JAVA EXCEPTION CAUGHT: com.syclo.agentry.AgentryException: Could not login user GN9 - IO Exception Unrecognized SSL message, plaintext connection?),  |

Ravi

i834235
Product and Topic Expert
Product and Topic Expert
‎01-06-2015 6:52 PM
0 Kudos

Ravi,

Did you just change PORTAL_URL ?  what about HTTPTYPE parameter ?

PORTAL_URL=https://localhost/irj/portal.client/verifier/

COOKIE=MYSAPSO2 HTTPTYPE=https SSL_VERSION=SSLv3 JAVA_SECURITY_DEBUG=true

JAVA_NET_DEBUG=true

is GN9  user id your  using is service user id or user id that  your trying to  logon from Agentry client ?

Thanks

Manju

Former Member
‎01-06-2015 7:01 PM
0 Kudos

Manju:
        Yes I changed the URL to http://myportal:port/irj/portal and GN9 is the userID set in portal(ldap).

Ravi

i834235
Product and Topic Expert
Product and Topic Expert
‎01-06-2015 7:51 PM
0 Kudos

No my question is when are you getting the error when you start-up SMP Server or during user logon from Agentry client ?

I don't think you change just PORTAL_URL without changing other parameter ? use http or https based on how your  EP is configured.

Please look  at some of the OSS messages as it may be relevant for your scenario.

Thanks

Manju.

Former Member
‎01-06-2015 8:11 PM
0 Kudos

error I am getting is at the startup. Agreed that I need to change other parameters also but am ot sure which ones.

Ask a Question