07-04-2008 9:34 PM
Hi,
I am running the often refered to sample java program to parse and inspect mysso2 ticket (Class SSO2Ticket) .
I am getting the following error :
D:\Temp>java SSO2Ticket -i d:
temp
mysso.txt
SAPSSOEXT loaded.
static part ends.
Start SSO2TICKET main
-
test version -
Version of SAPSSOEXT: SAPSSOEXT 2
evalLogonTicket
java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 5, ssf error
= 26
Does anyone know what it is ?
It is happening in evalLogonTicket .
Thank you.
07-07-2008 12:30 PM
Hi Thierry,
Error-Text: SSF_API_NOCERTIFICATE
this "explanation" can be found in sapssoext.h of the C-implementation of ssoext.
It should mean (I am always careful here ) that the ticket has been signed by a system, who's public key is not (yet) imported into the keystore (.pse file) used by ssoext.
Solution: Try to follow these steps:
1) On the machine that creates the logon ticket export the public key / certificate to a file (cert.txt) by
sapgenpse export_own_cert -p SAPSYS.pse -o cert.txt 2) Then copy cert.txt to the machine that should verify the logon ticket 3) Import cert.txt into the .pse file ("ssoext-PSE") on the machine verifying your ticket by sapgenpse maintain_pk -a cert.txt -p ...pse
I assume that this solves your problem.
Please be aware that this direct exchange of public keys is not necessarily what you want: Maybe you prefer to have the key of the system that creates the logon ticket signed by an certification agency (CA). In this case it can be sufficient to import the public key / certificate of the CA into your "ssoext-PSE" file.
Please let me know whether you could follow those steps.
Best regards,
Ralf
07-07-2008 12:30 PM
Hi Thierry,
Error-Text: SSF_API_NOCERTIFICATE
this "explanation" can be found in sapssoext.h of the C-implementation of ssoext.
It should mean (I am always careful here ) that the ticket has been signed by a system, who's public key is not (yet) imported into the keystore (.pse file) used by ssoext.
Solution: Try to follow these steps:
1) On the machine that creates the logon ticket export the public key / certificate to a file (cert.txt) by
sapgenpse export_own_cert -p SAPSYS.pse -o cert.txt 2) Then copy cert.txt to the machine that should verify the logon ticket 3) Import cert.txt into the .pse file ("ssoext-PSE") on the machine verifying your ticket by sapgenpse maintain_pk -a cert.txt -p ...pse
I assume that this solves your problem.
Please be aware that this direct exchange of public keys is not necessarily what you want: Maybe you prefer to have the key of the system that creates the logon ticket signed by an certification agency (CA). In this case it can be sufficient to import the public key / certificate of the CA into your "ssoext-PSE" file.
Please let me know whether you could follow those steps.
Best regards,
Ralf
07-08-2008 4:41 PM
Hi,
I do not have a pse file. Also , the reason I'm using this program is to find out where the ticket was generated.
In the java code , there is the folowing line , so I assumed that a default pse would be used if I didn't provide one.
evalLogonTicket(ticket, pab!=null?pab:"SAPdefault" , null);
Also, where did you get the .h files ? I just have the dll's.
Thanks.
07-08-2008 6:32 PM
Hi Thierry,
<removed_by_moderator> I got a little excel-sheet that is able to decode SSO2 logon tickets.
The .h files where part of the ssoext download from SAP - but I can't get the details right now. You will also find the error codes in ABAP in include SSFCONST (display with SE38).
Hope this works beter for you ...
Best regards,
Ralf
Edited by: Julius Bussche on Jul 8, 2008 5:51 PM
07-08-2008 6:45 PM
<removed_by_moderator>
Thank you.
Edited by: Julius Bussche on Jul 8, 2008 5:52 PM
07-08-2008 6:54 PM
Sorry guys, but those are "the rules" and we don't want to be spammed (again)
Cheers,
Julius
07-10-2008 6:15 PM
07-10-2008 8:56 PM
I am Julius, not Ralf
There are 2 options (here at SDN) for this:
- Write a blog on how to do it.
- Email the Excel file to me, and I have a way of attaching it to the thread.
Cheers,
Julius
02-15-2013 2:32 PM
Hello All
Please Help me out.
As if I m doing SSO with SAP.
By using SSO2Ticket with main method i can get the Result of the ticket. but i need to implement that in my Application. But i cant do that because i m getting the below error
I am ruuning my Application in Jboss 4.3. in that application needed to implement the code for SSO
Please help me out as soon as possible
Thanks & Regards
Manjunath Patil