on 12-13-2007 9:34 AM
Hello experts,
Ive recently updated my SAP XI 7.0 to SP13. I updated these components:
sap.com CORE-TOOLS 7.00 SP13 (1000.7.00.13.0.20070812014121) SAP AG SAP AG 20071204163750
sap.com SAP-XICONS 7.00 SP13 (1000.7.00.13.1.20071120070300) SAP AG SAP AG 20071205110117
sap.com SAP_XITOOL 7.00 SP13 (1000.7.00.13.2.20071128132526) SAP AG SAP AG 20071205145248
sap.com BASETABLES 7.00 SP13 (1000.7.00.13.0.20070812013638) SAP AG SAP AG 20071204164310
sap.com KM-KW_JIKS 7.00 SP13 (1000.7.00.13.0.20070812014519) SAP AG SAP AG 20071204165350
sap.com LM-TOOLS 7.00 SP13 (1000.7.00.13.0.20070906104634) SAP AG MAIN_APL70VAL_C 20071204175925
sap.com JLOGVIEW 7.00 SP13 (1000.7.00.13.0.20070812001600) SAP AG SAP AG 20071204160832
sap.com SAP_XIPCK 7.00 SP13 (1000.7.00.13.0.20070812020145) SAP AG SAP AG 20071204181620
sap.com JSPM 7.00 SP13 (1000.7.00.13.0.20070812001700) SAP AG SAP AG 20071204165510
sap.com ADSSAP 7.00 SP13 (1000.7.00.13.0.20070812011854) SAP AG SAP AG 20071205164146
sap.com CAF-UM 7.00 SP13 (1000.7.00.13.0.20070809092324) SAP AG MAIN_APL70VAL_C 20071204174320
sap.com BI_UDI 7.00 SP13 (1000.7.00.13.0.20070811190400) SAP AG SAP AG 20071204184248
sap.com BI_MMR 7.00 SP13 (1000.7.00.13.0.20070812013749) SAP AG SAP AG 20071204183633
sap.com SAP_BUILDT 7.00 SP13 (1000.7.00.13.0.20070811184000) SAP AG SAP AG 20071205112443
sap.com SAPNWsCM 7.0 SP13 (1000.7.0.13.0.00000000000000) SAP AG SAP AG 20071205194337
sap.com SAP-XIAFC 7.00 SP13 (1000.7.00.13.3.20071205145228) SAP AG SAP AG 20071212194539
sap.com SAP_XIAF 7.00 SP13 (1000.7.00.13.3.20071205145115) SAP AG SAP AG 20071212200157
sap.com SAP-JEE 7.00 SP13 (1000.7.00.13.2.20071026143730) SAP AG SAP AG 20071210125635
sap.com SAP-JEECOR 7.00 SP13 (1000.7.00.13.5.20071114142146) SAP AG SAP AG 20071210125759
sap.com SAP_JTECHF 7.00 SP13 (1000.7.00.13.3.20071205171732) SAP AG SAP AG 20071210131437
sap.com CAF 7.00 SP13 (1000.7.00.13.1.20071023125927) SAP AG MAIN_APL70P13_C 20071210133606
sap.com SAP_JTECHS 7.00 SP13 (1000.7.00.13.3.20071205171917) SAP AG SAP AG 20071210135427
sap.com DI_CMS 7.00 SP13 (1000.7.00.13.0.20070809050414) SAP AG MAIN_APL70VAL_C 20071205195900
sap.com UMEADMIN 7.00 SP13 (1000.7.00.13.2.20071018101448) SAP AG MAIN_APL70P13_C 20071210122332
Before the upgrade the system worked fine: SSO, we could access SLD, etc. After the upgrade SSO doesnt work and we cannot access the SLD. We get the following messages in the defaultTrace.trc trace file every time we try to login the SLD:
============================= defaultTrace.4.trc ================================
#1.5^H#76A0F1395E850074000000C10010F0CC000441145072A83C#1197455411685#com.sap.security.core.umap.imp.UserMappingUtils##com.sa
p.security.core.umap.imp.UserMappingUtils.getMasterSystem()#J2EE_GUEST#0##lpar4.argos.gencat_XHI_19947550#Guest#37f7a2a0a89d1
1dcad3d76a0f1395e85#SAPEngine_Application_Thread[impl:3]_3##0#0#Error##Plain###Cannot provide the current ABAP master system
because the responsible system landscape is currently not available.#
#1.5^H#76A0F1395E850072000000E40010F0CC000441145072AF5B#1197455411687#com.sap.security.core.umap.imp.UserMappingUtils##com.sa
p.security.core.umap.imp.UserMappingUtils.getMasterSystem()#J2EE_GUEST#0##lpar4.argos.gencat_XHI_19947550#Guest#37f00180a89d1
1dcb82676a0f1395e85#SAPEngine_Application_Thread[impl:3]_32##0#0#Error##Plain###Cannot provide the current ABAP master system
because the responsible system landscape is currently not available.#
#1.5^H#76A0F1395E85006E000000EF0010F0CC000441145072E413#1197455411700#com.sap.engine.services.security.roles.SecurityRoleImpl
##com.sap.engine.services.security.roles.SecurityRoleImpl#PIAPPLUSER#566##lpar4.argos.gencat_XHI_19947550#PIAPPLUSER#37fbc150
a89d11dcc2ad76a0f1395e85#SAPEngine_Application_Thread[impl:3]_38##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authori zation check for caller assignment to J2EE security role .#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#LcrUser# #1.5^H#76A0F1395E850074000000C40010F0CC000441145072FAE9#1197455411706#com.sap.engine.services.security.roles.SecurityRoleImpl ##com.sap.engine.services.security.roles.SecurityRoleImpl#PIAPPLUSER#567##lpar4.argos.gencat_XHI_19947550#PIAPPLUSER#3789c5a0 a89d11dccb6476a0f1395e85#SAPEngine_Application_Thread[impl:3]_3##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authoriz
ation check for caller assignment to J2EE security role .#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#LcrUser#
#1.5^H#76A0F1395E85006E000000F10010F0CC000441145072FD1B#1197455411707#com.sap.engine.services.security.roles.SecurityRoleImpl
##com.sap.engine.services.security.roles.SecurityRoleImpl#PIAPPLUSER#566##lpar4.argos.gencat_XHI_19947550#PIAPPLUSER#37fbc150
a89d11dcc2ad76a0f1395e85#SAPEngine_Application_Thread[impl:3]_38##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authori zation check for caller assignment to J2EE security role .#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#LcrSupport# #1.5^H#76A0F1395E850074000000C60010F0CC000441145072FDFB#1197455411707#com.sap.engine.services.security.roles.SecurityRoleImpl ##com.sap.engine.services.security.roles.SecurityRoleImpl#PIAPPLUSER#567##lpar4.argos.gencat_XHI_19947550#PIAPPLUSER#3789c5a0 a89d11dccb6476a0f1395e85#SAPEngine_Application_Thread[impl:3]_3##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authoriz
ation check for caller assignment to J2EE security role .#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#LcrSupport#
#1.5^H#76A0F1395E85006E000000F30010F0CC000441145072FF3C#1197455411707#com.sap.engine.services.security.roles.SecurityRoleImpl
##com.sap.engine.services.security.roles.SecurityRoleImpl#PIAPPLUSER#566##lpar4.argos.gencat_XHI_19947550#PIAPPLUSER#37fbc150
a89d11dcc2ad76a0f1395e85#SAPEngine_Application_Thread[impl:3]_38##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authori zation check for caller assignment to J2EE security role .#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#LcrInstanceWrite rCR# #1.5^H#76A0F1395E850074000000C80010F0CC000441145072FFDD#1197455411707#com.sap.engine.services.security.roles.SecurityRoleImpl ##com.sap.engine.services.security.roles.SecurityRoleImpl#PIAPPLUSER#567##lpar4.argos.gencat_XHI_19947550#PIAPPLUSER#3789c5a0 a89d11dccb6476a0f1395e85#SAPEngine_Application_Thread[impl:3]_3##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authoriz
ation check for caller assignment to J2EE security role .#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#LcrInstanceWriter
CR#
#1.5^H#76A0F1395E850072000000E70010F0CC0004411450730474#1197455411709#com.sap.engine.services.security.roles.SecurityRoleImpl
##com.sap.engine.services.security.roles.SecurityRoleImpl#PIAPPLUSER#568##lpar4.argos.gencat_XHI_19947550#PIAPPLUSER#3789c5a0
a89d11dccb6476a0f1395e85#SAPEngine_Application_Thread[impl:3]_32##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authori zation check for caller assignment to J2EE security role .#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#LcrUser# ======================================================================= Seem that UME is not working fine. It is strange because before the upgrade it worked fine. In the security log we have these messages: User: PIAFUSER Authentication Stack: sap.com/com.sap.lcr*sld Login Module Flag Initialize Login Commit Abor t Details 1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false false 2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUIRED ok true true 3. com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok true false Central Checks true # #1.5^H#76A0F1395E85006D000000AB000EE0F00004412768B895CB#1197537423300#/System/Security/Audit/J2EE##com.sap.engine.services.se curity.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca76a0f1395e85#SAPEngi ne_Application_Thread[impl:3]_39##0#0#Info#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java###: Authorizatio
n check for caller assignment to J2EE security role .#3#ACCESS.OK#sap.com/com.sap.lcr*sld#LcrUser#
#1.5^H#76A0F1395E85006D000000AC000EE0F00004412768B8BE2F#1197537423310#/System/Security/Audit/J2EE#sap.com/com.sap.lcr#com.sap
.engine.services.security.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca7
6a0f1395e85#SAPEngine_Application_Thread[impl:3]_39##0#0#Error#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java
###: Authorization check for caller assignment to J2EE security role [0.1. : ].#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#L crSupport# #1.5^H#76A0F1395E85006D000000AE000EE0F00004412768B8C130#1197537423311#/System/Security/Audit/J2EE#sap.com/com.sap.lcr#com.sap .engine.services.security.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca7 6a0f1395e85#SAPEngine_Application_Thread[impl:3]_39##0#0#Info#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java# : Authorization check for caller assignment to J2EE security role .#3#ACCESS.OK#sap.com/com.sap.lcr*sld#LcrAd
ministrator#
#1.5^H#76A0F1395E85006D000000AF000EE0F00004412768B8C486#1197537423312#/System/Security/Audit/J2EE#sap.com/com.sap.lcr#com.sap
.engine.services.security.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca7
6a0f1395e85#SAPEngine_Application_Thread[impl:3]_39##0#0#Error#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java
###: Authorization check for caller assignment to J2EE security role
.#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#L
crClassWriter#
#1.5^H#76A0F1395E85006D000000B1000EE0F00004412768B8D752#1197537423316#/System/Security/Audit/J2EE#sap.com/com.sap.lcr#com.sap
.engine.services.security.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca7
6a0f1395e85#SAPEngine_Application_Thread[impl:3]_39##0#0#Info#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java#
: Authorization check for caller assignment to J2EE security role .#3#ACCESS.OK#sap.com/com.sap.lcr*sld#LcrIn
stanceWriterAll#
#1.5^H#76A0F1395E85006D000000B2000EE0F00004412768B8DAD7#1197537423317#/System/Security/Audit/J2EE#sap.com/com.sap.lcr#com.sap
.engine.services.security.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca7
6a0f1395e85#SAPEngine_Application_Thread[impl:3]_39##0#0#Error#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java
###: Authorization check for caller assignment to J2EE security role [0.1. : ].#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#L crInstanceWriterCR# #1.5^H#76A0F1395E85006D000000B4000EE0F00004412768B8DDEE#1197537423318#/System/Security/Audit/J2EE#sap.com/com.sap.lcr#com.sap .engine.services.security.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca7 6a0f1395e85#SAPEngine_Application_Thread[impl:3]_39##0#0#Info#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java# : Authorization check for caller assignment to J2EE security role .#3#ACCESS.OK#sap.com/com.sap.lcr*sld#LcrIn
stanceWriterLD#
#1.5^H#76A0F1395E85006D000000B5000EE0F00004412768B8DFFB#1197537423319#/System/Security/Audit/J2EE#sap.com/com.sap.lcr#com.sap
.engine.services.security.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca7
6a0f1395e85#SAPEngine_Application_Thread[impl:3]_39##0#0#Info#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java#
##: Authorization check for caller assignment to J2EE security role .#3#ACCESS.OK#sap.com/com.sap.lcr*sld#LcrIn
stanceWriterNR#
@
Does anybody have any idea?
Thank you in advance.
Roger Allué i Vall
Xavier, Please can you share the solution with us ?
Many Thanks, James.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I solved by myself.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Xavier,
I am in the same situation. We have a SAP XI 7.0 SP13 and it seems all is working fine:
- you can register SAP components in the SLD
- the SLD Data Supplier service and in visual administrator works fine
but in the log viewer or in the Log&Trace from the nwa you can see that somebody have login problems. Specifically:
-ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterCR.
- ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrSupport.
- ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrUser.
- ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterCR.
The user for ABAP stack is SLDAPIUSER and for J2EE SLDDUSER and both have ALL securiry rols from J2EE stack.
SLDAPICUST and SLD Data Supplier service are well configured.
Have someone any idea?, could it be SP problem, SP13 works fine?
Thanks in advance,
Albert
More information:
When I execute SLCHECK all seems correct:
Properties of RFC destination SAPSLDAPI
RFC host:
%%RFCSERVER%%
program id: SAPSLDAPI_XHI
gateway host:
lpar4.argos.gencat.intranet
gateway service: sapgw01
Testing the RFC connection to the SLD java client...
RFC ping was successful
SLD server access settings:
host name: lpar4.argos.gencat.intranet
port number: 50100
user : PIAPPLUSER
Use transaction SLDAPICUST if you wish to maintain the SLD server access data
Launching the SLD GUI in a separate browser window...
=> Verify in the browser GUI that the SLD is in a healthy running state!
Calling function LCR_LIST_BUSINESS_SYSTEMS
Retrieving data from the SLD server...
Function call terminated sucessfully
List of business systems maintained in the SLD:
XHI_001
XHI
XID
RHTCLNT700
RHTCLNT200
RHTCLNT400
RHTCLNT500
(...more...)
Calling function LCR_GET_OWN_BUSINESS_SYSTEM
Retrieving data from the SLD server...
Function call terminated sucessfully
Function call terminated sucessfully
Properties of own business system associated to system XHI client 100
id = XHI
role = HUB
Calling function LCR_GET_BS_DETAILS
Retrieving data from the SLD server...
Function call terminated sucessfully
Details of own business system XHI
caption = XHI
product = I_SAP_ISH_PRIMARIA
IS-URL = http://lpar4.argos.gencat.intranet:8001/sap/xi/engine?type=entry
Summary: Connection to SLD works correctly
Now checking access to the XI Profile
Properties of RFC destination LCRSAPRFC
RFC host:
%%RFCSERVER%%
program id: LCRSAPRFC_XHI
gateway host:
lpar4.argos.gencat.intranet
gateway service: sapgw01
Testing the RFC connection to the SLD java client...
RFC ping was successful
Thank in advance!
Roger Allué i Vall.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
89 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.