cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UME and SSO not working after XI 7.0 SP13

Former Member

on ‎12-13-2007 9:34 AM

0 Kudos

Hello experts,

I’ve recently updated my SAP XI 7.0 to SP13. I updated these components:

sap.com CORE-TOOLS 7.00 SP13 (1000.7.00.13.0.20070812014121) SAP AG SAP AG 20071204163750

sap.com SAP-XICONS 7.00 SP13 (1000.7.00.13.1.20071120070300) SAP AG SAP AG 20071205110117

sap.com SAP_XITOOL 7.00 SP13 (1000.7.00.13.2.20071128132526) SAP AG SAP AG 20071205145248

sap.com BASETABLES 7.00 SP13 (1000.7.00.13.0.20070812013638) SAP AG SAP AG 20071204164310

sap.com KM-KW_JIKS 7.00 SP13 (1000.7.00.13.0.20070812014519) SAP AG SAP AG 20071204165350

sap.com LM-TOOLS 7.00 SP13 (1000.7.00.13.0.20070906104634) SAP AG MAIN_APL70VAL_C 20071204175925

sap.com JLOGVIEW 7.00 SP13 (1000.7.00.13.0.20070812001600) SAP AG SAP AG 20071204160832

sap.com SAP_XIPCK 7.00 SP13 (1000.7.00.13.0.20070812020145) SAP AG SAP AG 20071204181620

sap.com JSPM 7.00 SP13 (1000.7.00.13.0.20070812001700) SAP AG SAP AG 20071204165510

sap.com ADSSAP 7.00 SP13 (1000.7.00.13.0.20070812011854) SAP AG SAP AG 20071205164146

sap.com CAF-UM 7.00 SP13 (1000.7.00.13.0.20070809092324) SAP AG MAIN_APL70VAL_C 20071204174320

sap.com BI_UDI 7.00 SP13 (1000.7.00.13.0.20070811190400) SAP AG SAP AG 20071204184248

sap.com BI_MMR 7.00 SP13 (1000.7.00.13.0.20070812013749) SAP AG SAP AG 20071204183633

sap.com SAP_BUILDT 7.00 SP13 (1000.7.00.13.0.20070811184000) SAP AG SAP AG 20071205112443

sap.com SAPNWsCM 7.0 SP13 (1000.7.0.13.0.00000000000000) SAP AG SAP AG 20071205194337

sap.com SAP-XIAFC 7.00 SP13 (1000.7.00.13.3.20071205145228) SAP AG SAP AG 20071212194539

sap.com SAP_XIAF 7.00 SP13 (1000.7.00.13.3.20071205145115) SAP AG SAP AG 20071212200157

sap.com SAP-JEE 7.00 SP13 (1000.7.00.13.2.20071026143730) SAP AG SAP AG 20071210125635

sap.com SAP-JEECOR 7.00 SP13 (1000.7.00.13.5.20071114142146) SAP AG SAP AG 20071210125759

sap.com SAP_JTECHF 7.00 SP13 (1000.7.00.13.3.20071205171732) SAP AG SAP AG 20071210131437

sap.com CAF 7.00 SP13 (1000.7.00.13.1.20071023125927) SAP AG MAIN_APL70P13_C 20071210133606

sap.com SAP_JTECHS 7.00 SP13 (1000.7.00.13.3.20071205171917) SAP AG SAP AG 20071210135427

sap.com DI_CMS 7.00 SP13 (1000.7.00.13.0.20070809050414) SAP AG MAIN_APL70VAL_C 20071205195900

sap.com UMEADMIN 7.00 SP13 (1000.7.00.13.2.20071018101448) SAP AG MAIN_APL70P13_C 20071210122332

Before the upgrade the system worked fine: SSO, we could access SLD, etc. After the upgrade SSO doesn’t work and we cannot access the SLD. We get the following messages in the defaultTrace.trc trace file every time we try to login the SLD:

============================= defaultTrace.4.trc ================================

#1.5^H#76A0F1395E850074000000C10010F0CC000441145072A83C#1197455411685#com.sap.security.core.umap.imp.UserMappingUtils##com.sa

p.security.core.umap.imp.UserMappingUtils.getMasterSystem()#J2EE_GUEST#0##lpar4.argos.gencat_XHI_19947550#Guest#37f7a2a0a89d1

1dcad3d76a0f1395e85#SAPEngine_Application_Thread[impl:3]_3##0#0#Error##Plain###Cannot provide the current ABAP master system

because the responsible system landscape is currently not available.#

#1.5^H#76A0F1395E850072000000E40010F0CC000441145072AF5B#1197455411687#com.sap.security.core.umap.imp.UserMappingUtils##com.sa

p.security.core.umap.imp.UserMappingUtils.getMasterSystem()#J2EE_GUEST#0##lpar4.argos.gencat_XHI_19947550#Guest#37f00180a89d1

1dcb82676a0f1395e85#SAPEngine_Application_Thread[impl:3]_32##0#0#Error##Plain###Cannot provide the current ABAP master system

because the responsible system landscape is currently not available.#

#1.5^H#76A0F1395E85006E000000EF0010F0CC000441145072E413#1197455411700#com.sap.engine.services.security.roles.SecurityRoleImpl

##com.sap.engine.services.security.roles.SecurityRoleImpl#PIAPPLUSER#566##lpar4.argos.gencat_XHI_19947550#PIAPPLUSER#37fbc150

a89d11dcc2ad76a0f1395e85#SAPEngine_Application_Thread[impl:3]_38##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authori zation check for caller assignment to J2EE security role .#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#LcrUser# #1.5^H#76A0F1395E850074000000C40010F0CC000441145072FAE9#1197455411706#com.sap.engine.services.security.roles.SecurityRoleImpl ##com.sap.engine.services.security.roles.SecurityRoleImpl#PIAPPLUSER#567##lpar4.argos.gencat_XHI_19947550#PIAPPLUSER#3789c5a0 a89d11dccb6476a0f1395e85#SAPEngine_Application_Thread[impl:3]_3##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authoriz

ation check for caller assignment to J2EE security role .#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#LcrUser#

#1.5^H#76A0F1395E85006E000000F10010F0CC000441145072FD1B#1197455411707#com.sap.engine.services.security.roles.SecurityRoleImpl

##com.sap.engine.services.security.roles.SecurityRoleImpl#PIAPPLUSER#566##lpar4.argos.gencat_XHI_19947550#PIAPPLUSER#37fbc150

a89d11dcc2ad76a0f1395e85#SAPEngine_Application_Thread[impl:3]_38##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authori zation check for caller assignment to J2EE security role .#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#LcrSupport# #1.5^H#76A0F1395E850074000000C60010F0CC000441145072FDFB#1197455411707#com.sap.engine.services.security.roles.SecurityRoleImpl ##com.sap.engine.services.security.roles.SecurityRoleImpl#PIAPPLUSER#567##lpar4.argos.gencat_XHI_19947550#PIAPPLUSER#3789c5a0 a89d11dccb6476a0f1395e85#SAPEngine_Application_Thread[impl:3]_3##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authoriz

ation check for caller assignment to J2EE security role .#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#LcrSupport#

#1.5^H#76A0F1395E85006E000000F30010F0CC000441145072FF3C#1197455411707#com.sap.engine.services.security.roles.SecurityRoleImpl

##com.sap.engine.services.security.roles.SecurityRoleImpl#PIAPPLUSER#566##lpar4.argos.gencat_XHI_19947550#PIAPPLUSER#37fbc150

a89d11dcc2ad76a0f1395e85#SAPEngine_Application_Thread[impl:3]_38##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authori zation check for caller assignment to J2EE security role .#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#LcrInstanceWrite rCR# #1.5^H#76A0F1395E850074000000C80010F0CC000441145072FFDD#1197455411707#com.sap.engine.services.security.roles.SecurityRoleImpl ##com.sap.engine.services.security.roles.SecurityRoleImpl#PIAPPLUSER#567##lpar4.argos.gencat_XHI_19947550#PIAPPLUSER#3789c5a0 a89d11dccb6476a0f1395e85#SAPEngine_Application_Thread[impl:3]_3##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authoriz

ation check for caller assignment to J2EE security role .#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#LcrInstanceWriter

CR#

#1.5^H#76A0F1395E850072000000E70010F0CC0004411450730474#1197455411709#com.sap.engine.services.security.roles.SecurityRoleImpl

##com.sap.engine.services.security.roles.SecurityRoleImpl#PIAPPLUSER#568##lpar4.argos.gencat_XHI_19947550#PIAPPLUSER#3789c5a0

a89d11dccb6476a0f1395e85#SAPEngine_Application_Thread[impl:3]_32##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authori zation check for caller assignment to J2EE security role .#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#LcrUser# ======================================================================= Seem that UME is not working fine. It is strange because before the upgrade it worked fine. In the security log we have these messages: User: PIAFUSER Authentication Stack: sap.com/com.sap.lcr*sld Login Module Flag Initialize Login Commit Abor t Details 1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false false 2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUIRED ok true true 3. com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok true false Central Checks true # #1.5^H#76A0F1395E85006D000000AB000EE0F00004412768B895CB#1197537423300#/System/Security/Audit/J2EE##com.sap.engine.services.se curity.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca76a0f1395e85#SAPEngi ne_Application_Thread[impl:3]_39##0#0#Info#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java###: Authorizatio

n check for caller assignment to J2EE security role .#3#ACCESS.OK#sap.com/com.sap.lcr*sld#LcrUser#

#1.5^H#76A0F1395E85006D000000AC000EE0F00004412768B8BE2F#1197537423310#/System/Security/Audit/J2EE#sap.com/com.sap.lcr#com.sap

.engine.services.security.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca7

6a0f1395e85#SAPEngine_Application_Thread[impl:3]_39##0#0#Error#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java

###: Authorization check for caller assignment to J2EE security role [0.1. : ].#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#L crSupport# #1.5^H#76A0F1395E85006D000000AE000EE0F00004412768B8C130#1197537423311#/System/Security/Audit/J2EE#sap.com/com.sap.lcr#com.sap .engine.services.security.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca7 6a0f1395e85#SAPEngine_Application_Thread[impl:3]_39##0#0#Info#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java# : Authorization check for caller assignment to J2EE security role .#3#ACCESS.OK#sap.com/com.sap.lcr*sld#LcrAd

ministrator#

#1.5^H#76A0F1395E85006D000000AF000EE0F00004412768B8C486#1197537423312#/System/Security/Audit/J2EE#sap.com/com.sap.lcr#com.sap

.engine.services.security.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca7

6a0f1395e85#SAPEngine_Application_Thread[impl:3]_39##0#0#Error#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java

###: Authorization check for caller assignment to J2EE security role

.#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#L crClassWriter# #1.5^H#76A0F1395E85006D000000B1000EE0F00004412768B8D752#1197537423316#/System/Security/Audit/J2EE#sap.com/com.sap.lcr#com.sap .engine.services.security.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca7 6a0f1395e85#SAPEngine_Application_Thread[impl:3]_39##0#0#Info#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java# : Authorization check for caller assignment to J2EE security role .#3#ACCESS.OK#sap.com/com.sap.lcr*sld#LcrIn

stanceWriterAll#

#1.5^H#76A0F1395E85006D000000B2000EE0F00004412768B8DAD7#1197537423317#/System/Security/Audit/J2EE#sap.com/com.sap.lcr#com.sap

.engine.services.security.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca7

6a0f1395e85#SAPEngine_Application_Thread[impl:3]_39##0#0#Error#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java

###: Authorization check for caller assignment to J2EE security role [0.1. : ].#3#ACCESS.ERROR#sap.com/com.sap.lcr*sld#L crInstanceWriterCR# #1.5^H#76A0F1395E85006D000000B4000EE0F00004412768B8DDEE#1197537423318#/System/Security/Audit/J2EE#sap.com/com.sap.lcr#com.sap .engine.services.security.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca7 6a0f1395e85#SAPEngine_Application_Thread[impl:3]_39##0#0#Info#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java# : Authorization check for caller assignment to J2EE security role .#3#ACCESS.OK#sap.com/com.sap.lcr*sld#LcrIn

stanceWriterLD#

#1.5^H#76A0F1395E85006D000000B5000EE0F00004412768B8DFFB#1197537423319#/System/Security/Audit/J2EE#sap.com/com.sap.lcr#com.sap

.engine.services.security.roles.SecurityRoleImpl#PIAFUSER#504##lpar4.argos.gencat_XHI_19947550#PIAFUSER#2ab1e820a95c11dc86ca7

6a0f1395e85#SAPEngine_Application_Thread[impl:3]_39##0#0#Info#1#com.sap.engine.services.security.roles.SecurityRoleImpl#Java#

##: Authorization check for caller assignment to J2EE security role .#3#ACCESS.OK#sap.com/com.sap.lcr*sld#LcrIn

stanceWriterNR#

@

Does anybody have any idea?

Thank you in advance.

Roger Allué i Vall

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎03-28-2008 1:04 AM
0 Kudos

Xavier, Please can you share the solution with us ?

Many Thanks, James.

Show replies
Show replies
Former Member
‎01-10-2008 6:02 PM
0 Kudos

I solved by myself.

Show replies
Show replies
Former Member
‎03-17-2008 10:29 PM
0 Kudos

Hi Xavier,

I am in the same situation. We have a SAP XI 7.0 SP13 and it seems all is working fine:

- you can register SAP components in the SLD

- the SLD Data Supplier service and in visual administrator works fine

but in the log viewer or in the Log&Trace from the nwa you can see that somebody have login problems. Specifically:

-ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterCR.

- ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrSupport.

- ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrUser.

- ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterCR.

The user for ABAP stack is SLDAPIUSER and for J2EE SLDDUSER and both have ALL securiry rols from J2EE stack.

SLDAPICUST and SLD Data Supplier service are well configured.

Have someone any idea?, could it be SP problem, SP13 works fine?

Thanks in advance,

Albert

former_member302557
Explorer
‎11-10-2010 9:05 AM
0 Kudos

It will be helpful, if you could have posted the solution (even it was solved by yourself).

Srinivasan K

Former Member
‎12-13-2007 9:54 AM
0 Kudos

More information:

When I execute SLCHECK all seems correct:

Properties of RFC destination SAPSLDAPI

RFC host:

%%RFCSERVER%%

program id: SAPSLDAPI_XHI

gateway host:

lpar4.argos.gencat.intranet

gateway service: sapgw01

Testing the RFC connection to the SLD java client...

RFC ping was successful

SLD server access settings:

host name: lpar4.argos.gencat.intranet

port number: 50100

user : PIAPPLUSER

Use transaction SLDAPICUST if you wish to maintain the SLD server access data

Launching the SLD GUI in a separate browser window...

=> Verify in the browser GUI that the SLD is in a healthy running state!

Calling function LCR_LIST_BUSINESS_SYSTEMS

Retrieving data from the SLD server...

Function call terminated sucessfully

List of business systems maintained in the SLD:

XHI_001

XHI

XID

RHTCLNT700

RHTCLNT200

RHTCLNT400

RHTCLNT500

(...more...)

Calling function LCR_GET_OWN_BUSINESS_SYSTEM

Retrieving data from the SLD server...

Function call terminated sucessfully

Function call terminated sucessfully

Properties of own business system associated to system XHI client 100

id = XHI

role = HUB

Calling function LCR_GET_BS_DETAILS

Retrieving data from the SLD server...

Function call terminated sucessfully

Details of own business system XHI

caption = XHI

product = I_SAP_ISH_PRIMARIA

IS-URL = http://lpar4.argos.gencat.intranet:8001/sap/xi/engine?type=entry

Summary: Connection to SLD works correctly

Now checking access to the XI Profile

Properties of RFC destination LCRSAPRFC

RFC host:

%%RFCSERVER%%

program id: LCRSAPRFC_XHI

gateway host:

lpar4.argos.gencat.intranet

gateway service: sapgw01

Testing the RFC connection to the SLD java client...

RFC ping was successful

Thank in advance!

Roger Allué i Vall.

Show replies
Show replies
Ask a Question