on 07-11-2007 10:49 AM
Hi,
Iam getting this error in portal "com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: The system is unable to interpret the SSO ticket received" when iam testing JCO.
Let me explain you the complete scenario, I am trying to configure Portal and ABAP Backend both on a single server which in used for ESS/MSS.
In SSO2 following is the out put iam getting if i gave the server name
Issuing System for the Logon Ticket
SAP System HR6 Client 001
Certificate of the Issuing System for the Logon Ticket
Owner CN=HR6
Issuer CN=HR6
Serial Number 00
Validity 20061207 144316 20380101 000001
Check Sum 85:C8:7A:07:AD:96:09:7E:42:0B:38:43:F7:B6:A1:BC
Profile Parameters login/create_sso2_ticket = 2
System HR6 Is Creating Logon Tickets That Do not Include Its Certificate
The Current System HR6 Is Also the Issuing System for the Logon Ticket
An Entry in Certificate List of HR6 Is not Necessary
The Certificate for System HR6 Is Included In the Certificate List for System HR6
System HR6 Accepts Verified Logon Tickets for System HR6
-
Own System Data
SAP System HR6 Client 001
Profile Parameters login/accept_sso2_ticket = 1
Logon Tickets Are Accepted
Certificate List
The Certificate List Is Used To Verify the Digital Signature for the Logon Ticket
D:\usr\sap\HR6\DVEBMGS03\sec\SAPSYS.pse
Owner CN=HR6
Issuer CN=HR6
Serial Number 00
This Is the Certificate of the Issuing System for Logon Tickets
Systems for Which HR6 Accepts Verified Logon Tickets
The Access Control List Defines Which Systems the Verified Logon Tickets Are Accepted From
Table TWPSSO2ACL
SAP System HR6 Client 001
Owner CN=HR6
Issuer CN=HR6
Serial Number 00
This Is the Certificate of the Issuing System for Logon Tickets
SAP System HR6 Client 111
Owner CN=HR6
Issuer CN=HR6
Serial Number 00
<b>This Is the Certificate of the Issuing System for the Logon Ticket, But not the Corresponding System</b>
-
Application server PSE:
ID: CN=HR6
Namespace:
Profiles: D:\usr\sap\HR6\DVEBMGS03\sec\SAPSYS.pse
OK: file available, length: 2.179
OK: local PSE identical to original in database
OK: security toolkit available
Version
SSFLIB Version 1.555.21 ; SECUDE(tm) SAPCRYPTOLIB - SNC for SAP Server components and SSL - Version 5.5.5C (c) SECUDE GmbH 1990-2004
OK: signature tested successfully
Your suggestions/solutions will be rewarded.
Thanks & Regards,
Hari.
Hi Hariprasad,
Have you downloaded portal certificate and uploaded in HR6 using strustsso2 ??
If u have not, then follow <a href="http://help.sap.com/saphelp_nw04/helpdata/en/c9/ef9f40eb72371be10000000a1550b0/frameset.htm">this link.</a>
If u have already done all the processes, then please have a look at SM50 trace.
Goto SM50 -> select all processes -> goto process->trace-> active components
Set the trace level to 2 and check only security
Recreate the error. Now goto SM50 again .. check log using DB like Icon.
If u check the latest log, it will give u exact error in ur SSO configuration.
For more troubleshooting, refer Note 701205 - Single Sign-On using SAP Logon Tickets
Cheers!!
Ashutosh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I have imported portal certificate from portal and Visual admin as well but error is still same. I have gone through the note , i have upgraded the kernel patch from 52 to 95 and imported SAPSECULIB and upgraded it as well.
Still iam getting the following error in SM50 Trace.
Mon Jul 16 16:16:23 2007
N *** ERROR => Verify failed with rc = 5. [ssoxxsgn.c 142]
N uResult=27.
N Signature invalid.
N *** ERROR => MskiDefaultVerify failed with rc = 1769477. [ssoxxsgn.c 216]
N *** ERROR => ValidateTicket returns 1769477. [ssoxxapi.c 220] [ssoxxapi.c 220]
N *** ERROR => Ticket validation failed with rc = 1769477. [ssoxxkrn.c 763]
Regards,
Hari.
Hi Hari,
Your first error message is known ... but now this one is new for me.
Have you maintained login/accept_sso2_ticket = 1, login/create_sso2_ticket = 2
U can check this in transaction sso2.
I think, you shud clear certificate list and ACL from strustsso2.
Download fresh certificate from system admin -> system config -> Keystore admin
Unzip the file and upload to R/3. Maintain ACL.
cheers!!
Ashutosh
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.