cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The system is unable to interpret the SSO ticket received

Go to solution
Former Member

on ‎07-11-2007 10:49 AM

0 Kudos

Hi,

Iam getting this error in portal "com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: The system is unable to interpret the SSO ticket received" when iam testing JCO.

Let me explain you the complete scenario, I am trying to configure Portal and ABAP Backend both on a single server which in used for ESS/MSS.

In SSO2 following is the out put iam getting if i gave the server name

Issuing System for the Logon Ticket

SAP System HR6 Client 001

Certificate of the Issuing System for the Logon Ticket

Owner CN=HR6

Issuer CN=HR6

Serial Number 00

Validity 20061207 144316 20380101 000001

Check Sum 85:C8:7A:07:AD:96:09:7E:42:0B:38:43:F7:B6:A1:BC

Profile Parameters login/create_sso2_ticket = 2

System HR6 Is Creating Logon Tickets That Do not Include Its Certificate

The Current System HR6 Is Also the Issuing System for the Logon Ticket

An Entry in Certificate List of HR6 Is not Necessary

The Certificate for System HR6 Is Included In the Certificate List for System HR6

System HR6 Accepts Verified Logon Tickets for System HR6

-

Own System Data

SAP System HR6 Client 001

Profile Parameters login/accept_sso2_ticket = 1

Logon Tickets Are Accepted

Certificate List

The Certificate List Is Used To Verify the Digital Signature for the Logon Ticket

D:\usr\sap\HR6\DVEBMGS03\sec\SAPSYS.pse

Owner CN=HR6

Issuer CN=HR6

Serial Number 00

This Is the Certificate of the Issuing System for Logon Tickets

Systems for Which HR6 Accepts Verified Logon Tickets

The Access Control List Defines Which Systems the Verified Logon Tickets Are Accepted From

Table TWPSSO2ACL

SAP System HR6 Client 001

Owner CN=HR6

Issuer CN=HR6

Serial Number 00

This Is the Certificate of the Issuing System for Logon Tickets

SAP System HR6 Client 111

Owner CN=HR6

Issuer CN=HR6

Serial Number 00

<b>This Is the Certificate of the Issuing System for the Logon Ticket, But not the Corresponding System</b>

-

Application server PSE:

ID: CN=HR6

Namespace:

Profiles: D:\usr\sap\HR6\DVEBMGS03\sec\SAPSYS.pse

OK: file available, length: 2.179

OK: local PSE identical to original in database

OK: security toolkit available

Version

SSFLIB Version 1.555.21 ; SECUDE(tm) SAPCRYPTOLIB - SNC for SAP Server components and SSL - Version 5.5.5C (c) SECUDE GmbH 1990-2004

OK: signature tested successfully

Your suggestions/solutions will be rewarded.

Thanks & Regards,

Hari.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-11-2007 12:43 PM
0 Kudos

Hi Hariprasad,

Have you downloaded portal certificate and uploaded in HR6 using strustsso2 ??

If u have not, then follow <a href="http://help.sap.com/saphelp_nw04/helpdata/en/c9/ef9f40eb72371be10000000a1550b0/frameset.htm">this link.</a>

If u have already done all the processes, then please have a look at SM50 trace.

Goto SM50 -> select all processes -> goto process->trace-> active components

Set the trace level to 2 and check only security

Recreate the error. Now goto SM50 again .. check log using DB like Icon.

If u check the latest log, it will give u exact error in ur SSO configuration.

For more troubleshooting, refer Note 701205 - Single Sign-On using SAP Logon Tickets

Cheers!!

Ashutosh

Show replies
Show replies
Former Member
‎07-16-2007 1:00 PM
0 Kudos

Hi,

I have imported portal certificate from portal and Visual admin as well but error is still same. I have gone through the note , i have upgraded the kernel patch from 52 to 95 and imported SAPSECULIB and upgraded it as well.

Still iam getting the following error in SM50 Trace.

Mon Jul 16 16:16:23 2007

N *** ERROR => Verify failed with rc = 5. [ssoxxsgn.c 142]

N uResult=27.

N Signature invalid.

N *** ERROR => MskiDefaultVerify failed with rc = 1769477. [ssoxxsgn.c 216]

N *** ERROR => ValidateTicket returns 1769477. [ssoxxapi.c 220] [ssoxxapi.c 220]

N *** ERROR => Ticket validation failed with rc = 1769477. [ssoxxkrn.c 763]

Regards,

Hari.

Former Member
‎07-16-2007 2:49 PM
0 Kudos

Hi Hari,

Your first error message is known ... but now this one is new for me.

Have you maintained login/accept_sso2_ticket = 1, login/create_sso2_ticket = 2

U can check this in transaction sso2.

I think, you shud clear certificate list and ACL from strustsso2.

Download fresh certificate from system admin -> system config -> Keystore admin

Unzip the file and upload to R/3. Maintain ACL.

cheers!!

Ashutosh

Former Member
‎07-30-2007 10:07 AM
0 Kudos

Ok We changed the scenario

Former Member
‎08-17-2007 7:23 AM
0 Kudos

Hi,

i'm also facing same problem even though i set all parameters and certificate as per above discussion but still i'm facing same problem , can u help me in this mater

Former Member
‎08-17-2007 7:31 AM
0 Kudos

Hi Rama Rao,

We have closed the issue by choosing two different systems, one for EP and another one with ABAP stack, this solved the problem. we could not solve it when we try both on a same system.

Regards,

Hari.

Former Member
‎08-17-2007 8:27 AM
0 Kudos

Hi Hariprasad,

we r also maintaing 2 systems.

when i execute SSO2 transaction and given RFC Destination SAP_EP and executed, then it showing "No connection to SAP_EP".

Did u face this type of proble while installation.

Let me know.....

Former Member
‎08-21-2007 2:38 PM
0 Kudos

What do you mean by

choosing two different systems, one for EP and another one with ABAP stack, this solved the problem

Where did you choose the two different systems? In JCo destinations or ???

Thanks

Connie Begovich

Former Member
‎08-22-2007 8:25 AM
0 Kudos

No i did't get any error.

Former Member
‎08-22-2007 8:26 AM
0 Kudos

Hi,

Two different physical systems not in Jco

Answers (0)

Ask a Question