cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO issue: NW 7.3 Java (Portal) with NW 7.4 ABAP (GRC)

Former Member

on ‎11-12-2015 2:30 PM

0 Kudos

Hello,

I have SSO configured from NW 7.3 Java (Portal) with NW 7.4 ABAP (GRC). It was working few weeks back.. but somehow it stopped working after that.

Below is the LOGIN FAILED error is am seeing in the NWA: Log Viewer. Please suggest what can i check more or chages that i can try.

Thanks

LOGIN.FAILED
User: N/A
IP Address: 10.110.37.38
Authentication Stack: sap.com/tc~lm~itsam~ui~mainframe~wd*webdynpro_resources_sap.com_tc~lm~itsam~ui~mainframe~wd
Authentication Stack Properties:
        policy_domain = /webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd
        realm_name = Upload Protected Area

Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          false                 true      
        #1 trusteddn1 = CN=BWQ
        #2 trusteddn2 = CN=SMD
        #3 trusteddn3 = OU=J2EE,CN=SMD
        #4 trusteddn4 = CN=Q47
        #5 trusteddn5 = CN=GRS
        #6 trustediss1 = CN=BWQ
        #7 trustediss2 = CN=SMD
        #8 trustediss3 = OU=J2EE,CN=SMD
        #9 trustediss4 = CN=Q47
        #10 trustediss5 = CN=GRS
        #11 trustedsys1 = BWQ,105
        #12 trustedsys2 = SMD,100
        #13 trustedsys3 = SMD,000
        #14 trustedsys4 = Q47,100
        #15 trustedsys5 = GRS,000
        #16 ume.configuration.active = true
2. com.sap.security.core.server.jaas.SPNegoLoginModule                     OPTIONAL    ok          exception             true       Trigger SPNEGO authentication.
3. com.sap.security.core.server.jaas.CreateTicketLoginModule               SUFFICIENT  ok          false                 true      
4. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   REQUIRED    ok          false                 false     
5. com.sap.security.core.server.jaas.CreateTicketLoginModule               REQUIRED    ok          false                 true      
6. com.sap.security.core.server.jaas.CreateTicketLoginModule               SUFFICIENT  ok          false                 true      
        #1 trusteddn1 = CN=Q47
        #2 trusteddn2 = CN=BWQ
        #3 trustediss1 = CN=Q47
        #4 trustediss2 = CN=BWQ
        #5 trustedsys1 = Q47,100
        #6 trustedsys2 = BWQ,105
        #7 ume.configuration.active = true
No logon policy was applied






Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

LutzR
Active Contributor
‎11-14-2015 2:09 PM
0 Kudos

Hi Mousam, my hint is not from detailed analysis but from experience: Did you check the service user account in AD? A typical error is not to set the "password never expires" flag. Spnego then looks broken by some magic suddenly but only the password expired. Setting the flag would fix this instantly.

Show replies
Show replies
former_member198633
Contributor
‎11-14-2015 11:07 AM
0 Kudos

Hello Mousam,

This is a normal exception during SPNego authentication. This is the point when the SPNego authentication is triggered and then the browser should send back the SPNego logon ticket to the AS Java.

So the actual root cause will be visible a little later in the trace. Please attach it as well.

Best Regards,

Peter

Show replies
Show replies
Ask a Question