HI

We are also trying out the same scenario and had configured all the SSO settings but we are facing the same 401 error.

tCan u plz let us know how u solved this problem.

Regards

Arpit Seth

Hi Patrick,

I tried for Car rental application as suggested in the pdf. Now webservice for car rental is working fine. But still i m getting unauthorized error in my own webservice. I checked the difference between these two webservices. I got only one difference, i.e. Statefull communication option in logical port of the web service model in webdynpro.

In car rental application, which is already available as a tutorial application, Statefull communication is set to "Stateless communication". Whereas in my application statefull communication value is set to "Use HTTP cookie-based sessions".

So, what is the difference between these two.

And even i can't change these values also.

Thanks,

Bhavik

Hi partick,

I have already done all things which described in that link.

Now i will explain both scenarios in detail.

1. webdynpro to webdynpro

I have created one application with user authentication and deployed same application on two different J2EE servers. Now, i have given one Link to URL element in one view of the application which points to the same application running on the another WAS server.

So, when first time my application runs, it asks for authentication. and then it generates one SAP logon ticket on browser. Now, i m clicking on the "link to URL" which points to the same application running on another WAS server. and also i m loading this on same brwoser only. So, it should accept ticket already created and should not ask authentication second time.

But application can't accept that ticket.

For this i have imported certificate of the first WAS server, and also specified required parameters for ACL in EvaluateTicketLoginModule.

2. Webdynpro to webservice.

For this, i have created webdynpro application with user authentication. I have imported webservice model in it, This webservice is deployed on the same WAS server. In webservice, in configuration file, i have specified HTTP authentication and Use SAP Logon Ticket.

I have also created one Destination in visual administrator. Thne in webdynpro before calling model for this webservice i specified DestinationName too.

When i run application and authenticates it creates ticket also.But, when i call webservice it gives me User unauthorized error.

--> One thing i would like to tell is both WAS servers are developer workstation. Both servers SID are same i.e. J2E.

What do you think where m i missing?

Thanks,

Bhavik

Hi,

In first scenario for webdynpro to webdynpro, i am using

Browser -> webdynpro

-> webdynpro (SSO).

And for second scenario for webdynpro to webservice,

Browser -> webdynpro -> webservice.

Hi,

troubleshooting guide for SSO

Scenario 1:

1) Check wether user exist in both systems

Yes- Users are exist at both system.

I m using administrator user only.

2) Check wether servers are in the same domain

Both servers seems in same domain. But i have one

question. At the time of installing server, i have

choosen local installation. There were three

choices there. Local installation, Installation in

domain of the current user and Installation in

different domain. From these, I have choosen Local

installation for both servers.

So, is it in same domain?

3) Check wether there are appropriate entries in keystore for server which accepts ticket

Yes entries are there and correct also.

Scenario 2:

1) Check wether logical port in proxy has appropriate settings (Security tab->Authentification->"HTTP Authentification" "Use SAP Logon Ticket")

Yes i have checked for "Use SAP Logon Ticket".

Thanks for yr reply.

But is it not possible for simple HTTP. means without secure connection.

I have two scenarios.

1. I want to call webdynpro application running on one

WAS to webdynpro application running on another WAS.

But, in this case, when i try to call webdynpro

application running on another server, from first

webdynpro application it asks me for login twice.

It should not ask me for login for second time, as i

have already login for first application. and it

creates login ticket.So now application running on

another WAS should accept this logon ticket and

should not ask for login.

But it is askin for login second time also.

So, what m i missing in this???

2. I want to call webservice from the webdynpro using

logon tickets. Both are lying on same server. But

when i m going to call my web service it gives me

following exception.

Service call exception; nested exception is: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized.

So, i m guessing that, web service is not accepting ticket properly.

I have checked that ticket is created properly.

Thanks in advance,

Bhavik

Hi,

After installing the J2ee configuring SSO is difficult (Even i am not sure :-(( ) beacause you need to map the users manually !!!

While installation you have the option where you can select "strong" cryptography.Then you you need to deploy crypto graphy library.

Please go thorough the following link.

https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/security/how to configure sso in a complex system landscape.pdf

Regards, VIP

Hi Anilkumar,

Could u please elaborate this to understand it properly?

What r the excat steps for it.

I have J2EE server already installed. so can i do the same after installation?

Thanks,

Bhavik

Hi,

I've followed the steps below steps to accept certificates in webdynpro.

1.While installing J2EE , i have configured UME with ABAP backend system

2.After installation you need to import the certificate from the backend in the securestorage.

Makesure that SSL is running

Regards, VIP

Hey SAP experts,

No reply for my query..

If anybody has idea about this error and how to resolve it then please help me.

Thanks In advance,

Bhavik

Hi Maksim,

I have set severity to all.

Hi Pran,

I checked cookies with javascript:document.cookie

and now i can see cookie for MYSAPSSO2.

Means, Ticket is creating properly, right?

But from webdynpro, i m trying to call webservice which is created on the same WAS server using accept SAP logon ticket. But it gives following exception.

Service call exception; nested exception is: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized.

So, what is the reason for that?

Thanks,

Bhavik

I am checking for cookie MYSAPSS02. This cookie is not created. and also checked at security.log under Cluster ->Server0 -> log -> system. Here also i can't get any messege about creating ticket.

Thanks,

Bhavik

Hi maksim,

Its already there.

So, for that reason, when running application it shows login page. But after succesful login SAP Logon ticket is not created.

Thanks,

Bhavik

Yes i know about that authentication tamplate "Ticket" in security provider. But we need to assign this tamplate to our application. and i don't know where we can assign this ticket tamplate to our webdynpro application.

And u r saying about "sap.authentication", which is same as checking checkbox at the time of creating application?

If no then where we have to sat this property and what we need to set for this?

thanks,

Bhavik

Hello Maksim,

Yes I already gone through all these documents. But for webdynpro application how can we adjust our login module stack? Even i have applied ticket tamplate for one j2ee application. But at the time of running this application it doesn't prompt for login page.

I understood whole process of accepting ticket. But i m not clear how to create this ticket.

Thanks,

Bhavik