Expired SSO ticket
Hello Experts, I hope you can help me with this issue. Our portal has been up for a couple of months now, and it uses SSO along with BW. I created some portal content, uploaded it, and it worked fine, until today. Whenever I try to navigate to a page containing a Bex Query or BI content, I get the following error:
500 Internal Server Error
The initial exception that caused the request to fail was:
The system has received an expired SSO ticket
com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: The system has received an expired SSO ticket
I searched on the forums but the closest to this problem was someone who had this same error using the Bex Analyzer. On SAP documentation, I checked for JCO and RFC errors, and all I got is that the error I am getting is possibly caused by an incorrect login, password, certificates, etc. But it does not make sense. I am able to log in to the portal, navigate everywhere else, and our SSO certificates are a long way from expiring, besides the fact that even yesterday navigation through these pages was possible. I changed the lifetime of SSO tickets, but still got the same error.
S J replied
If the authentication in SSO fails due to an old ticket then it could
be due to the below.I am afraid that it could be an issue where you
either forgot to logoff the previous session or that you didnt close the browser window from theprevious session.
Let me explain below.
1. The JCO client and the SSO ticket is cached based on the user,type ofauthentication(SSO in your case),
language and the JCO Destination. Thisis kept in the cache and discarded when you close the Session through a
log off or a browser close window. This cuts the session and the new
session is created.This issues a new ticket.
2. There were some issues earlier with session termination in NW04sSP6
etc but since you are on SP9 I think this should be bug free.
3. Can you please try and ensure that the logoff's and browser closes
happen.I feel you get the problem since your ticket expires just after
an hour. An hour of inactivity on part of the user would invalidate the
ticket and when he/she starts running the application again the session is
still there but the ticket has expired. Can you please try to extend theticket lifetime.
4. Also what are your session and ticket timeout times.As below
" Please set the timeout value for the security sessions (default 27h)
and the timeout value for the SSO ticket (default 8h) to the same value.
It should be a value that is higher than the maximum working time of anemployee, e.g. 16 hours. "
1. Login.Ticket_Lifetime = 8h
2. Session Expiration Period (SSO ticket time out)= 280000 msec = 8h
Can you please review Note 842635 .
Maintain your sessions according to this note.