cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SPNego Doubt

Go to solution
Former Member

on ‎04-16-2015 8:49 AM

0 Kudos

Hi !

I've been setting up SSO using the SPNego wizard via http://server:port/spnego for a 740 Portal system.

Using the wizard, I was able to successfully setup SSO for Sandbox & Dev.

For Production, I see the below error when I use the Manual option under Add:

Error during generation of encryption key with type AES256-CTS-HMAC-SHA1-96: Illegal key size. Check the crypto policy file in use and also SAP Note 1240081


If I use the Keytab option under Add, I'm able to proceed successfully & SSO also works fine on Production.


In Dev & Sandbox I see 4 keys; whereas, Production does not show me the AES256 key.


Is there something amiss with my Production box, that the first option does not work ?

SP's levels are the same...SP 7...even SAP JVM...


Kindly help advise.......


Thanks a lot !

saba.



Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

hemanth2
Product and Topic Expert
Product and Topic Expert
‎04-16-2015 11:06 AM
0 Kudos

Dear Saba,

Hope you are doing good.

Nice to hear from you again.

Normally following note 1240081 should have fixed this issue. Both local_policy.jar and US_export_policy.jar files contain the unlimited versions. Please ensure that when you store new JCE files in the path sapjvm_N/jre/lib/security/, the old jar file are not presnt there, not even with new xtensions. Please move them to a different directory.

Also, the JVM location should be /usr/sap/<SID>/J<nr>/exe/sapjvm_6/jre/lib/security

even though the files will be present at:

/usr/sap/<SID/SYS/exe/jvm/

Once this is done, re-run the SPNEGO wizard again. If the issue still persists, kindly run the web diag tool as outlined in SAP Note No. 1332726.

   

Hope this helps.

_ _ _ _ _ _ _ _ _

Kind Regards,

Hemanth
SAP AGS
_ _ _ _ _ _ _ _ _
 

Show replies
Show replies
Former Member
‎04-16-2015 2:34 PM
0 Kudos

Thanks a lot, Stephan & Hemanth !

Issue resolved

(A restart too was needed post replacing the files).

Thank you !

saba.

Answers (1)

Answers (1)

former_member200373
Participant
‎04-16-2015 9:28 AM
0 Kudos

Dear Saba,

it is as the error message proposes: The JRE security policy of your system disallows strong crypto algorithms. So check if you installed the respective files properly.

-- Stephan

Show replies
Show replies
Ask a Question