cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Browser logon ticket not accepted from WAS 700.

Former Member

on ‎04-27-2007 7:52 AM

0 Kudos

<b><u>Problem:</u></b>

SSO logon not possible.

Browser logon ticket not accepted from WAS 700.

<u><b>Scenario:</b></u>

Situation similar to NOTE 356691 :

Here, it is webBrowser <==> webServer <==> ITS <==> SAP Server

In my case it is:

webBrowser <==> WAS 700(ABAP) <==> SAP ECC Server

The WAS 700(ABap) is configured to create SSO

tickets and the SAPServer is configured to accept.

This webdynpro/Abap calls a webservice at ECC5 SAPServer,

through client proxy.

The client proxy standalone test is successful,

it calls webservice and returns data.

The webdynpro/abap (se80 Test) launches the browser and in the

process asks for user name and password for authentication.

(Screen 1)

Once, the user and password are given,

it says SSO is not possible(Screen 2) and asks us to keyin

username and password to be sent in plain text

After keying in the user name and password,

no data shows up. There were no backend errors.

The browser complains:

1. No switch to HTTPS occurred,

so it is not secure to send a password

2. SSO logon not possible; browser logon ticket cannot be

accepted: Logon number: ICF_SYSTEM_088

for error 1, Https is not needed,

I think as it is intranet and also webdynpro test.

Eventually, the webdynpro/Abap will be hosted inside

the Enterprise Portal, so, the

logon ticket will take care of the authentication

between portal and webdynpro/abap.

Setups:

Login/create_sso2_ticket=1 is set at WAS/Abap700.

Login/accept_sso2_ticket=1 is set at SAPServer(ECC5).

The SSO2 transaction test is successful from ECC5

to WAS/abap700.

HOW TO MAKE THIS WORK? Please give some tip(s).

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member265210
Active Participant
‎01-03-2008 7:29 AM
0 Kudos

1. ensure the ABAP/client has the portal certificate .

2. portal ume property should have this entry.

login.ticket_issuer = portal SID

login.ticket_client = 000

When you use logon tickets for Single Sign-On (SSO) to ABAP-based systems, users must have the same user IDs in all ABAP-based systems that are configured to use logon tickets.

3. If the ABAP user IDs are different from the portal user IDs, you must define a Reference System. Users then map their portal user ID to the user ID in the Reference System.

http://help.sap.com/saphelp_nw70/helpdata/en/ed/845896b89711d5993900508b6b8b11/frameset.htm

Regards

Shridhar Gowda

Show replies
Show replies
Former Member
‎04-27-2007 10:20 AM
0 Kudos

Hi Mike,

For web dynpro ABAP you require ECC 6.0 version onwards and WAS 7.0

I guess your system is ECC 5.0.

Check the following link:

http://help.sap.com/saphelp_nw2004s/helpdata/en/7b/fb57412df8091de10000000a155106/content.htm

In previous preliminary versions there were several other values in addition to delta (default value of server-side delta rendering) and doubleBuffer, e.g. raw (for test purposes) and embedded (for portal integration). Before server-side rendering was introduced as standard there was a client-side framework which was, however, dropped in favor of server-side rendering.

Hope this will help you to solve your problem.

Cheers,

Darshna.

Show replies
Show replies
Former Member
‎04-27-2007 8:02 PM
0 Kudos

Hi Darshna,

Yes, the client webdynpro/ABAP system is WAS 7.0( ECC 6 ).

The SAP R3 is ECC5 (WAS 640).

HOWEVER, the client proxy for webservice to ECC5 works fine.

I wrote a simple wrapper Abap code to wrap the proxy call inside it and expose the import /export structures/tables.

When I test this wrapper as standalone, I have NO problem.

I can get the data from the ECC 5 system from an ECC 6. NO PROBLEM>

When I use this thin wrapper Func.Module from webdynpro/ABAP's wizard, I do not get any data from backend.

The call to backend goes through fine. I have a break point at the ECC5 R3 system.

Still, there is authenication failure 401.

I think the ticket from WAS700(webdynproAbap) is not properly going to ECC5 DEV.

I am using the system generated ticket( it does it while installing).

Should I have to request for a ticket from SAP and upload that with STRUST. ?

It is little confusing. The webdynpro manual says, turn on https for SSO login and upload the ticket that SAP sends using STRUST into the WAS700-webdynproAbap server.

However, the help.sap.com says, you can go with system generated ticket.

Don’t know which one to follow.

However, at present, I have NO https turned on at SMICM, following variables are set.

login/accept_sso2_ticket = 1

login/create_sso2_ticket = 2

The browser does not prompt for user name password window.

Looks like it sends the ticket and WAS is accepting it.

The webservice call happens( breakpoint at ECC5 DEV shows that the call is happening). BUT NO data is coming back to client side.

The rfc log shows an authentication error 401.

The security traces do not say much.

Ask a Question