- SAP Community
- Products and Technology
- Technology
- Technology Q&A
- Secure Login Client error ACM_ACCESS_DENIED while ...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Secure Login Client error ACM_ACCESS_DENIED while RFID auth
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 01-15-2016 9:26 AM
Hi!
We set up the authorization with contactless cards (RFID) for use Fiori apps on KIOSK.
We install SAP SSO SLS 2.0 SP6 PL1 and SAP Secure Login Client 2.0 SP6. Architecture requires kiosk registration in the domain under the technical accounts (AD) and SPNEGO kiosk authorization in SLS. Card numbers and user names pairs are stored in the LDS. SLS was configured by the note 1970286 - SAP SSO 2 with Contactless ID Tokens. On the client we download adn install root certificate (as I understand, this is need for the client to trust the SLS).
But authentication didn’t work.
The NWA logs have NOTHING, their customization failed (we cann’t find such logging settings as: Applications / Common / Security / SecureLoginServer / Authentication, Applications / Common / Security / NetweaverSSO / KeyStore, Applications / NetweaverSSO / Server).
Secure Login Client log file have error:
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][sbusslogin.d][ 2988] JSON Response: {"text":"Аутентификация пользователя не выполнена","status":"ACM_ACCESS_DENIED","config":{"keysize":2048},"view":"Auth","type":"2"}
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][sbusslogin.d][ 2988] } 80070005
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][sbus.dll ][ 2988] Переданные регистрационные данные не приняты сервером.Enrollment failed
[2016.01.15 11:18:47.828000][TRACE][sbus.exe ][sbus.dll ][ 2988] silent authentication failed -> abort
In translation:
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][sbusslogin.d][ 2988] JSON Response: {"text":" User authentication failed ( is not performed)","status":"ACM_ACCESS_DENIED","config":{"keysize":2048},"view":"Auth","type":"2"}
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][sbusslogin.d][ 2988] } 80070005
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][sbus.dll ][ 2988] The transmitted data is not accepted by the server. Enrollment failed
To simplify the situation we change authorization to x509 SSL, but error persists.
What can be the cause of this error? Google cann't help us(
Full log:
[2016.01.15 11:18:43.147000][TRACE][sbus.exe ][sbus.dll ][ 5324] CPCSCMonitor::ReaderEvent(00000200, "HID OMNIKEY 5127 CK CL 0")
[2016.01.15 11:18:43.147000][TRACE][sbus.exe ][sbus.dll ][ 5324] Trying to get CardId from reader ''
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] CToken:: Secure Login token [toksw:mem://securelogin/SLSAuth] :: login
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][IO ][ 2988] BEGIN: io_file_type (C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\base.xml)
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][IO ][ 2988] END : io_file_type
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][LOADER ][ 2988] Loading config file 'base.xml' failed because file not existing in path 'C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\base.xml'
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] { SBUSPSE::get_info
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 0
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] { SBUSPSE::create_PSE
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] { SBUSPSE::SetASC
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 0
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 0
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] CAPIFilter:: Provider filter not set, just ignore own CSPs ...
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] CAPIFilter:: CAPIFilterValidOnly() check
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] CAPIFilter:: Certificate: [CN=KIOSK, O=*****, C=RU] accepted
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] CAPIFilter:: Provider filter not set, just ignore own CSPs ...
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] CAPIFilter:: Certificate: [CN=KIOSK, O=*****, C=RU] accepted
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] Ctoken_SL: NewPinType: password
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] Ctoken_SL: gracePeriod: 0
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] Ctoken_SL: inactivityTimeout: 0
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] Ctoken_SL: ReAuthentication: 0
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbusresloade][ 2988] { GetLocale
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbusresloade][ 2988] } 0
[2016.01.15 11:18:43.179000][INFO ][sbus.exe ][sbusslogin.d][ 2988] Try to enroll SLS URL: https://sapsls. *****.local:50001/SecureLoginServer/slc2/doLogin?profile=28704b4a-579d-42fd-9e13-25b4e189f27f
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] Creating SSL_CTX 0x38bc20 with default cipher suites !aNULL:!eNULL:HIGH:MEDIUM
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] Parsing cipher suite configuration string: !aNULL:!eNULL:HIGH:MEDIUM
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] Creating SSL_CTX 0x38bc20 with default preferred elliptic curves list EC_HIGH:EC_MEDIUM
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] Parsing elliptic curves configuration string: EC_HIGH:EC_MEDIUM
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] Adding curves matching EC_HIGH
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] EC_P256 added
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] EC_P384 added
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] EC_P521 added
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] Adding curves matching EC_MEDIUM
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] EC_P224 added
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] Configured preferred elliptic curves list in SSL_CTX:
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] curve: EC_P256 (secp256r1) [optimized: FALSE]
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] curve: EC_P384 (secp384r1) [optimized: FALSE]
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] curve: EC_P521 (secp521r1) [optimized: FALSE]
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][SSL ][ 2988] curve: EC_P224 (secp224r1) [optimized: FALSE]
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] { SBUSPSE::loginBySystemParameters
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] { SBUSPSE::needRealPSE
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 80004001
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] } a1e00015
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] { SBUSPSE::getAllTrustedCerts
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] { SBUSPSE::needRealPSE
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 80004001
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] { CTrust::getAllTrustedCerts
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] { CTrust::getTrustedCertList
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] { CTrust::Refresh
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] { CTrust::InitProviders
[2016.01.15 11:18:43.179000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 1
[2016.01.15 11:18:43.194000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 0
[2016.01.15 11:18:43.194000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 0
[2016.01.15 11:18:43.194000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 0
[2016.01.15 11:18:43.194000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 0
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][sbus.dll ][ 2988] { SBUSPSE::getOwnCertificate
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][sbus.dll ][ 2988] { SBUSPSE::needRealPSE
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 80004001
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][sbus.dll ][ 2988] { CTokenMgr::GetPCI
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][sbus.dll ][ 2988] m_apTokens[0]->GetPCI()
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][sbus.dll ][ 2988] m_apTokens[1]->GetPCI()
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 0
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][sbus.dll ][ 2988] { sec_store_test_own_Certificate
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 1
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][sbus.dll ][ 2988] Using token URI: [tokcapi:{4892BD14-BDD2-4DB1-88FE-219549A78DD9}(Microsoft Enhanced Cryptographic Provider v1.0)]
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 0
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][SSL ][ 2988] Key tokcapi:{4892BD14-BDD2-4DB1-88FE-219549A78DD9}(Microsoft Enhanced Cryptographic Provider v1.0)/00
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][SSL ][ 2988] Configure cipher suites and elliptic curves lists in SSL_CTX:
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][SSL ][ 2988] context : 0x38bc20:
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][SSL ][ 2988] cipher suites: HIGH:MEDIUM
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][SSL ][ 2988] Configure cipher suites in SSL_CTX:
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][SSL ][ 2988] context : 0x38bc20:
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][SSL ][ 2988] cipher suites: HIGH:MEDIUM
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][SSL ][ 2988] Parsing cipher suite configuration string: HIGH:MEDIUM
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][SSL ][ 2988] Configured preferred elliptic curves list in SSL_CTX:
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][SSL ][ 2988] curve: EC_P256 (secp256r1) [optimized: FALSE]
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][SSL ][ 2988] curve: EC_P384 (secp384r1) [optimized: FALSE]
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][SSL ][ 2988] curve: EC_P521 (secp521r1) [optimized: FALSE]
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][SSL ][ 2988] curve: EC_P224 (secp224r1) [optimized: FALSE]
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][sbusslogin.d][ 2988] { CSecureLogin_Protocol_2_0::Send_Init
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][sbusslogin.d][ 2988] { CSecureLogin::Send_Any
[2016.01.15 11:18:43.210000][TRACE][sbus.exe ][URL/H_URL_CT][ 2988] url_ssl_factory: get ext ref
[2016.01.15 11:18:43.210000][INFO ][sbus.exe ][sbusslogin.d][ 5828] Generate RSA Key with keysize 2048
[2016.01.15 11:18:43.225000][INFO ][sbus.exe ][URL ][ 2988] Successfully connected to
[2016.01.15 11:18:43.225000][INFO ][sbus.exe ][URL ][ 2988] Address **.**.**.15 (sapsls. *****.local)
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][URL ][ 2988] Family: AF_INET (IPv4)
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][URL ][ 2988] Inner family: AF_INET (IPv4)
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][URL ][ 2988] Protocol: 6
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][URL ][ 2988] SockType: 1
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_setup_buffers returning 0. OK
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_init_finished_mac returning 0. OK
[2016.01.15 11:18:43.225000][INFO ][sbus.exe ][SSL ][ 2988] Session to be resumed did not fit preferences. Performing full handshake
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][BASE/RANDOM ][ 2988] Get 28 bytes random data
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] ClientHello.random OctetString (size="28" ):7D9FE4EA680D5FD0BA55CCB8FDEC64804CDFD97BE3DFA924CC373EA3
[2016.01.15 11:18:43.225000][INFO ][sbus.exe ][SSL ][ 2988] ClientHello.client_version: 3.3 (TLSv1.2)
[2016.01.15 11:18:43.225000][INFO ][sbus.exe ][SSL ][ 2988] ClientHello.session_id: no session ID submitted.
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] ClientHello.cipher_suites<0> : TLS_RSA_WITH_AES128_GCM_SHA256
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] ClientHello.cipher_suites<1> : TLS_RSA_WITH_AES256_GCM_SHA384
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] ClientHello.cipher_suites<2> : TLS_RSA_WITH_AES128_CBC_SHA
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] ClientHello.cipher_suites<3> : TLS_RSA_WITH_AES256_CBC_SHA
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] ClientHello.cipher_suites<4> : TLS_RSA_WITH_3DES_EDE_CBC_SHA
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] ClientHello.cipher_suites<5> : TLS_RSA_WITH_RC4_128_SHA
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] ClientHello.cipher_suites<6> : TLS_RSA_WITH_RC4_128_MD5
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] ClientHello.compression_methods.size: 1
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] ClientHello.compression_methods<0> = 0, NULL compression.
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] Writing ClientHello extensions at offset 0x3b
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] No ClientHello extensions were written
[2016.01.15 11:18:43.225000][INFO ][sbus.exe ][SSL ][ 2988] Sending SSLv3 ClientHello
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_write_pending returning 59. OK
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_finish_mac returning 0. OK
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_write_bytes returning 59. OK
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_do_write returning 1. OK
[2016.01.15 11:18:43.225000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_client_hello successfully returns 1.
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_record returning 0. OK
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_finish_mac returning 0. OK
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_finish_mac returning 0. OK
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_message returning 0. OK
[2016.01.15 11:18:43.241000][INFO ][sbus.exe ][SSL ][ 2988] ServerHello.server_version: 3.3 (TLSv1.2).
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] ServerHello.random : OctetString (size="32"):
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] 0 5698AB63 01FEF964 C6F9F92B 5ECFFF64
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] 10 88182698 F3ABD50C 458D7667 1484F4D7
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] ServerHello.session_id : OctetString (size="32"):
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] 0 D90C9723 573DAC35 577CE163 30C6E19A
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] 10 694EBC28 80E5385F 40DA7355 1EB53EDE
[2016.01.15 11:18:43.241000][INFO ][sbus.exe ][SSL ][ 2988] On receiving ServerHello: Creating new session.
[2016.01.15 11:18:43.241000][INFO ][sbus.exe ][SSL ][ 2988] Used protocol version: TLSv1.2
[2016.01.15 11:18:43.241000][INFO ][sbus.exe ][SSL ][ 2988] ServerHello.cipher_suite: TLS_RSA_WITH_AES128_CBC_SHA
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] ServerHello.compression_method: 0.
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_server_hello returning 0. OK
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_record returning 0. OK
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_finish_mac returning 0. OK
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_finish_mac returning 0. OK
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_message returning 0. OK
[2016.01.15 11:18:43.241000][INFO ][sbus.exe ][SSL ][ 2988] Received server certificate chain.
[2016.01.15 11:18:43.241000][INFO ][sbus.exe ][SSL ][ 2988] Server certificate details:
[2016.01.15 11:18:43.241000][INFO ][sbus.exe ][SSL ][ 2988] Subject :CN=Kiosk, O=*****, C=RU
[2016.01.15 11:18:43.241000][INFO ][sbus.exe ][SSL ][ 2988] Issuer :CN=*****Intermediate CA, DC=*****, DC=local
[2016.01.15 11:18:43.241000][INFO ][sbus.exe ][SSL ][ 2988] Serial number:0x3bd1d4f700000001522e
[2016.01.15 11:18:43.241000][INFO ][sbus.exe ][SSL ][ 2988] Server CA certificate details:
[2016.01.15 11:18:43.241000][INFO ][sbus.exe ][SSL ][ 2988] Subject :CN=***** Intermediate CA, DC=*****, DC=local
[2016.01.15 11:18:43.241000][INFO ][sbus.exe ][SSL ][ 2988] Issuer :CN=*****Root CA, O=*****, C=RU
[2016.01.15 11:18:43.241000][INFO ][sbus.exe ][SSL ][ 2988] Serial number:0x61599eee000000000002
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][IO ][ 2988] BEGIN: io_file_type (C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\ocsp.xml)
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][IO ][ 2988] END : io_file_type
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][LOADER ][ 2988] Loading config file 'ocsp.xml' failed because file not existing in path 'C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\ocsp.xml'
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][IO ][ 2988] BEGIN: io_file_type (C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\pkix.xml)
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][IO ][ 2988] END : io_file_type
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][LOADER ][ 2988] Loading config file 'pkix.xml' failed because file not existing in path 'C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\pkix.xml'
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][IO ][ 2988] BEGIN: io_file_type (C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\base.xml)
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][IO ][ 2988] END : io_file_type
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][LOADER ][ 2988] Loading config file 'base.xml' failed because file not existing in path 'C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\etc\base.xml'
[2016.01.15 11:18:43.241000][TRACE][sbus.exe ][IO ][ 2988] BEGIN: io_file_type (C:\Users\*****-kiosk01\AppData\Local\sec)
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][IO ][ 2988] END : io_file_type
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][IO ][ 2988] BEGIN: sec_io_statFile (C:\Users\*****-kiosk01\AppData\Local\sec\pse_verify_cache.upd)
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][IO ][ 2988] END : sec_io_statFile
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][PKIX ][ 2988] Resetting verification cache (memory)
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][sbus.dll ][ 2988] { SBUSPSE::isInTrustedCerts
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][sbus.dll ][ 2988] { SBUSPSE::needRealPSE
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 80004001
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][sbus.dll ][ 2988] { CTrust::isInTrustedCerts
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][sbus.dll ][ 2988] { CTrust::Refresh
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][sbus.dll ][ 2988] { CTrust::InitProviders
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 1
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 1
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 1
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][sbus.dll ][ 2988] } 1
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Certificate verification result:
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Certificate:
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Subject :CN=Kiosk, O=*****, C=RU
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Issuer :CN=****** Intermediate CA, DC=*****, DC=local
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Serial number:0x3bd1d4f700000001522e
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Validity:
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Not before :Thu Jan 14 13:39:19 2016
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Not after :Sat Jan 13 13:39:19 2018
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Key:
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Key type :rsaEncryption (1.2.840.113549.1.1.1)
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Key size :2048
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] PK_Fingerprint_MD5:5B7C C594 4D5B 2886 845E FD9C 0B50 781F
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Fingerprint_MD5:2A:9A:0F:FE:89:AF:AF:6E:67:4C:E6:9F:D2:8B:64:FE
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Fingerprint_SHA1:031F E0F9 41A5 0A15 7E07 BC02 0E4C 56D1 A743 640D
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Verification result:
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Status :Successful
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] Profile :1.3.6.1.4.1.694.2.2.2.2
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][VERIFY ][ 2988] DirectlyTrusted:Successful
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Connect:ssl_verify_peer_certificates Certificate verification returned Certificate trusted
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_server_certificate returning 0. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_record returning 0. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_finish_mac returning 0. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_finish_mac returning 0. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_message returning 0. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_key_exchange returning 0. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_message returning 0. OK
[2016.01.15 11:18:43.257000][INFO ][sbus.exe ][SSL ][ 2988] Checking for CertificateRequest message
[2016.01.15 11:18:43.257000][INFO ][sbus.exe ][SSL ][ 2988] Message type == ServerHelloDone; no client authentication requested
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_certificate_request returning 0. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_message returning 0. OK
[2016.01.15 11:18:43.257000][INFO ][sbus.exe ][SSL ][ 2988] Received ServerHelloDone message
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_server_done returning 0. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Initiate:ssl3_send_client_key_exchange uses servers encryption key
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][BASE/RANDOM ][ 2988] Get 48 bytes random data
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_create_cipher_state_and_key_exchange_def returning 0. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_write_pending returning 262. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_finish_mac returning 0. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_write_bytes returning 262. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_do_write returning 1. OK
[2016.01.15 11:18:43.257000][INFO ][sbus.exe ][SSL ][ 2988] Sending ChangeCipherSpec message.
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_write_pending returning 1. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_write_bytes returning 1. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_do_write returning 1. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_change_cipher_state returning 0. OK
[2016.01.15 11:18:43.257000][INFO ][sbus.exe ][SSL ][ 2988] Sending "Finished" message.
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_write_pending returning 16. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_finish_mac returning 0. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_write_bytes returning 16. OK
[2016.01.15 11:18:43.257000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_do_write returning 1. OK
[2016.01.15 11:18:43.303000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_record returning 0. OK
[2016.01.15 11:18:43.303000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_change_cipher_state returning 0. OK
[2016.01.15 11:18:43.303000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_record returning 0. OK
[2016.01.15 11:18:43.303000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_finish_mac returning 0. OK
[2016.01.15 11:18:43.303000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_finish_mac returning 0. OK
[2016.01.15 11:18:43.303000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_message returning 0. OK
[2016.01.15 11:18:43.303000][INFO ][sbus.exe ][SSL ][ 2988] Received message of type "Finished". Peer has completed sending of handshake messages.
[2016.01.15 11:18:43.303000][INFO ][sbus.exe ][SSL ][ 2988] SSL3 client: handshake successful with this server: CN=Kiosk, O=********, C=RU
[2016.01.15 11:18:43.303000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_write_pending returning 448. OK
[2016.01.15 11:18:43.303000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_write_bytes returning 448. OK
[2016.01.15 11:18:43.303000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_write_ex returning 448. OK
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_record returning 0. OK
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_read successfully returns 512.
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_read successfully returns 31.
[2016.01.15 11:18:43.445000][INFO ][sbus.exe ][SSL ][ 2988] Sending alert of level WARNING: close notify
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_write_pending returning 2. OK
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_dispatch_alert returning 2. OK
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_shutdown returning 0. OK
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][sbusslogin.d][ 2988] } 0
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][sbusslogin.d][ 2988] JSON Response: {"text":"Аутентификация пользователя не выполнена","status":"ACM_ACCESS_DENIED","config":{"keysize":2048},"view":"Auth","type":"2"}
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][sbusslogin.d][ 2988] } 80070005
[2016.01.15 11:18:43.445000][TRACE][sbus.exe ][sbus.dll ][ 2988] Переданные регистрационные данные не приняты сервером.Enrollment failed
[2016.01.15 11:18:47.828000][TRACE][sbus.exe ][sbus.dll ][ 2988] silent authentication failed -> abort
[2016.01.15 11:18:47.828000][TRACE][sbus.exe ][sbusslogin.d][ 2988] { CSecureLogin_Protocol_2_0::Send_DeleteSession
[2016.01.15 11:18:47.828000][TRACE][sbus.exe ][sbusslogin.d][ 2988] } 0
[2016.01.15 11:18:47.828000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_read_n returning error code 0xffffffff
[2016.01.15 11:18:47.828000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_get_record returning error code 0xffffffff
[2016.01.15 11:18:47.828000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_shutdown returning 0. OK
[2016.01.15 11:18:47.828000][INFO ][sbus.exe ][SSL ][ 2988] SSL session released.
[2016.01.15 11:18:47.828000][TRACE][sbus.exe ][SSL ][ 2988] Function ssl3_free successfully returns (void type).
[2016.01.15 11:18:47.828000][TRACE][sbus.exe ][URL/H_URL_CT][ 2988] No more external refs to url_ssl_factory.
[2016.01.15 11:18:47.828000][TRACE][sbus.exe ][PKIX ][ 2988] Cache: requests:1, returned:0, used:0
[2016.01.15 11:18:47.828000][TRACE][sbus.exe ][URL/H_URL_CT][ 2988] url_ssl_factory: destroy
[2016.01.15 11:22:45.360000][TRACE][sbus.exe ][sbus.dll ][ 5324] CPCSCMonitor::ReaderEvent(00000100, "HID OMNIKEY 5127 CK CL 0")
[2016.01.15 11:22:45.360000][TRACE][sbus.exe ][sbus.dll ][ 5788] CToken:: Secure Login token [toksw:mem://securelogin/SLSAuth] :: logout
- SAP Managed Tags:
- SAP Single Sign-On
Accepted Solutions (0)
Answers (4)
Answers (4)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
I open also an oss message @sap.
hope i will receive an answer soon.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Problem solved
Create User "Guest" in the sap system (UME)
in the UME expert configuration (Identity Management => Konfiguration => Expert Modus) enter the new User "Guest" in the ume.login.guest_user.uniqueids in the first position (don't delete any user here).
Restart the system
After this configuration the sso Server 2.0 with sp6 patch 1 could create a new certificat for the sso client
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
hi all
after deploy the new sso 2.0 sp6 patch 1 i got the same error on the secure Login Client.
did you solved your Problem?
if yes how did you solved this Problem or did you open an message to sap?
regards
matthias
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
I get some logs for that error from NWA-Troubleshooting-Logs and Traces-Security Troubleshooting Wizard: SSL Diagnostics (and part of Authentication Diagnostic, i merge them together):
4:10:45:804 Debug j2ee_gst_sls HTTP Worker [@253558976],5,D... ...ttpserver.HttpTraceRequest.traceRaw CLIENT: 89 [10.40.18.146 : 59408], REQUEST:
POST /SecureLoginServer/slc2/doLogin?profile=28704b4a-579d-42fd-9e13-25b4e189f27f HTTP/1.0
host: sapsls.****.local:50001
connection: close
user-agent: SAP CommonCryptoLib/8.4.42 (Windows)
content-length: 42
accept: text/xml, application/json
accept-language: ru-RU
accept-language: en-US
accept-charset: utf-8,iso-8859-1,*
content-type: application/x-www-form-urlencoded; charset=UTF-8
Client=Secure%20Login%20Client%202.0.0.0.0
14:10:45:890 Debug j2ee_gst_sls HTTP Worker [@764677861],5,D... ...rver.HttpTraceResponse.traceHeaders CLIENT: 88 [10.40.18.146 : 59407], REPLY:
HTTP/1.1 200 OK
14:15:01:095 Path j2ee_gst_sls HTTP Worker [@706089735],5,D... ...e.services.httpserver.SslAttributes client [107] RequestImpl.initSslAttributes(): Initially sslAttributes = null
14:15:01:095 Path j2ee_gst_sls HTTP Worker [@706089735],5,D... ...e.services.httpserver.SslAttributes client [107] RequestImpl.checkForSSLHeaders()(): Check for SSL headers: SSL headers NOT found; Checked headers: suiteHeaderName = [name=[SSL_CIPHER_SUITE], value=[null]], keySizeHeaderName = [name=[SSL_CIPHER_USEKEYSIZE], value=[null]], certHeaderName = [name=[SSL_CLIENT_CERT], value=[null]]
14:15:01:095 Path j2ee_gst_sls HTTP Worker [@706089735],5,D... ...e.services.httpserver.SslAttributes client [107] RequestImpl.initSslAttributes(): Cannot find SSL headers in the request.
14:15:01:096 Path j2ee_gst_sls HTTP Worker [@706089735],5,D... ...e.services.httpserver.SslAttributes client [107] SslAttributesImpl.loadSSLAttributesFromFCA(FCAConnection, int, int): Client certificate error. connection.isSecure() = true; sslAttributes = com.sap.engine.services.httpserver.server.SslAttributesImpl@11ada4fd; connection.getKeySize() = 128; connection.getCipherSuiteId() = [B@7590817e; connection.getPeerCertificateChain() = exception: Peer identity not verified sslAttributes = com.sap.engine.services.httpserver.server.SslAttributesImpl@11ada4fd, this.keySize = 128, this.cipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA, this.certificates = nullThe exception is: javax.net.ssl.SSLPeerUnverifiedException: Peer identity not verified
at com.sap.bc.proj.jstartup.fca.FCAConnection.getPeerCertificateChain(FCAConnection.java:693)
at com.sap.engine.services.httpserver.server.SslAttributesImpl.loadSSLAttributesFromFCA(SslAttributesImpl.java:345)
at com.sap.engine.services.httpserver.server.RequestImpl.initSslAttributes(RequestImpl.java:198)
at com.sap.engine.services.httpserver.server.RequestAnalizer.initialize(RequestAnalizer.java:341)
at com.sap.engine.services.httpserver.server.Client.initialize(Client.java:91)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:473)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
14:15:01:096 Path j2ee_gst_sls HTTP Worker [@706089735],5,D... ...e.services.httpserver.SslAttributes client [107] RequestImpl.initSslAttributes(): SSL Attributes loaded from FCA.
14:10:45:890 Debug j2ee_gst_sls HTTP Worker [@764677861],5,D... ...rver.HttpTraceResponse.traceHeaders CLIENT: 88 [10.40.18.146 : 59407], REPLY:
Connection: close
Server: SAP NetWeaver Application Server 7.42 / AS Java 7.40
Date: Fri, 15 Jan 2016 11:10:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 169
Set-Cookie: saplb_*=(J2EE4348020)4348050; Version=1; Path=/
Set-Cookie: JSESSIONID=sly_qfS-94DxskWW0SRDG94E_vpEUgGSWEIA_SAP2JZ1buM0BtMmp77LND9CVouY; Version=1; Path=/
Can you please help with this?
Thanks in advance!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi,
please open a message in BC-IAM-SL. There are several configuration items that need to be checked, this should not be done in SCN.
Thanks.
-- Stephan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Top Picks: Innovations Highlights from SAP Business Technology Platform (Q1/2024) in Technology Blogs by SAP
- SAP Secure Login Service for SAP GUI Now Supports Custom Certificate Authorities on AWS in Technology Blogs by SAP
- Connection restrictions and their relation to user groups in SAP HANA Cloud, SAP HANA Database in Technology Blogs by SAP
- SAP Plant Connectivity Security Policy Error in Technology Q&A
- Client export Ended with errors : error code 0006 ( Scrap Data ) in Technology Q&A
| User | Count |
|---|---|
| 84 | |
| 10 | |
| 10 | |
| 10 | |
| 7 | |
| 6 | |
| 6 | |
| 5 | |
| 4 | |
| 4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.