on 11-12-2015 2:30 PM
Hello,
I have SSO configured from NW 7.3 Java (Portal) with NW 7.4 ABAP (GRC). It was working few weeks back.. but somehow it stopped working after that.
Below is the LOGIN FAILED error is am seeing in the NWA: Log Viewer. Please suggest what can i check more or chages that i can try.
Thanks
LOGIN.FAILED
User: N/A
IP Address: 10.110.37.38
Authentication Stack: sap.com/tc~lm~itsam~ui~mainframe~wd*webdynpro_resources_sap.com_tc~lm~itsam~ui~mainframe~wd
Authentication Stack Properties:
policy_domain = /webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd
realm_name = Upload Protected Area
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
#1 trusteddn1 = CN=BWQ
#2 trusteddn2 = CN=SMD
#3 trusteddn3 = OU=J2EE,CN=SMD
#4 trusteddn4 = CN=Q47
#5 trusteddn5 = CN=GRS
#6 trustediss1 = CN=BWQ
#7 trustediss2 = CN=SMD
#8 trustediss3 = OU=J2EE,CN=SMD
#9 trustediss4 = CN=Q47
#10 trustediss5 = CN=GRS
#11 trustedsys1 = BWQ,105
#12 trustedsys2 = SMD,100
#13 trustedsys3 = SMD,000
#14 trustedsys4 = Q47,100
#15 trustedsys5 = GRS,000
#16 ume.configuration.active = true
2. com.sap.security.core.server.jaas.SPNegoLoginModule OPTIONAL ok exception true Trigger SPNEGO authentication.
3. com.sap.security.core.server.jaas.CreateTicketLoginModule SUFFICIENT ok false true
4. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUIRED ok false false
5. com.sap.security.core.server.jaas.CreateTicketLoginModule REQUIRED ok false true
6. com.sap.security.core.server.jaas.CreateTicketLoginModule SUFFICIENT ok false true
#1 trusteddn1 = CN=Q47
#2 trusteddn2 = CN=BWQ
#3 trustediss1 = CN=Q47
#4 trustediss2 = CN=BWQ
#5 trustedsys1 = Q47,100
#6 trustedsys2 = BWQ,105
#7 ume.configuration.active = true
No logon policy was applied
Hi Mousam, my hint is not from detailed analysis but from experience: Did you check the service user account in AD? A typical error is not to set the "password never expires" flag. Spnego then looks broken by some magic suddenly but only the password expired. Setting the flag would fix this instantly.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Mousam,
This is a normal exception during SPNego authentication. This is the point when the SPNego authentication is triggered and then the browser should send back the SPNego logon ticket to the AS Java.
So the actual root cause will be visible a little later in the trace. Please attach it as well.
Best Regards,
Peter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.