on 04-16-2015 8:49 AM
Hi !
I've been setting up SSO using the SPNego wizard via http://server:port/spnego for a 740 Portal system.
Using the wizard, I was able to successfully setup SSO for Sandbox & Dev.
For Production, I see the below error when I use the Manual option under Add:
Error during generation of encryption key with type AES256-CTS-HMAC-SHA1-96: Illegal key size. Check the crypto policy file in use and also SAP Note 1240081
If I use the Keytab option under Add, I'm able to proceed successfully & SSO also works fine on Production.
In Dev & Sandbox I see 4 keys; whereas, Production does not show me the AES256 key.
Is there something amiss with my Production box, that the first option does not work ?
SP's levels are the same...SP 7...even SAP JVM...
Kindly help advise.......
Thanks a lot !
saba.
Dear Saba,
Hope you are doing good.
Nice to hear from you again.
Normally following note 1240081 should have fixed this issue. Both local_policy.jar and US_export_policy.jar files contain the unlimited versions. Please ensure that when you store new JCE files in the path sapjvm_N/jre/lib/security/, the old jar file are not presnt there, not even with new xtensions. Please move them to a different directory.
Also, the JVM location should be /usr/sap/<SID>/J<nr>/exe/sapjvm_6/jre/lib/security
even though the files will be present at:
/usr/sap/<SID/SYS/exe/jvm/
Once this is done, re-run the SPNEGO wizard again. If the issue still persists, kindly run the web diag tool as outlined in SAP Note No. 1332726.
Hope this helps.
_ _ _ _ _ _ _ _ _
Kind Regards,
Hemanth
SAP AGS
_ _ _ _ _ _ _ _ _
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Saba,
it is as the error message proposes: The JRE security policy of your system disallows strong crypto algorithms. So check if you installed the respective files properly.
-- Stephan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.