Skip to Content
0
Dec 13, 2013 at 01:26 PM

Portal/NWA URL opens directly with an anonymous user without prompting for credentials

239 Views

Hello Friends,

We are facing an issue with Portal/NWA authentication as below.

As soon as we open the URLs of Portal/NWA, it gets open directly with a user ID (a dialog user, say X which exists in system) without prompting for credentials. Even if i click on logoff, the session is not getting logged off.

System/Version: SAP Netweaver 730 SP04 - Dual stack BI system. Authentication is backend ABAP system.

I checked/analyzed below but couldn't find the cause yet.

1. Checked the logon data maintained for UMEbackendConnection under NWA -> Configuration -> Security -> Destination. User maintained is SAPJSF which is active/unlocked and "Ping Destination" works fine

2. Checked the JCo RFC "_PORTAL_" under NWA -> Configuration -> Infrastructure -> JCo RFC Provider. It is in "Running" status and correct server details in maintained. User ID J2EE_PORTAL is used in logon data and it is active/unlocked. RFC from backend ABAP system is working fine with Program IS "_PORTAL_"

3. Certificate exchange between ABAP and Java is done already and verified

4. All checks by BI Diagnostics tool is showing "GREEN" status

5. Locked the ID "X". even then the Portal and NWA are opening under same ID "X"

6. Not able to validate the properties of connection SAP_BW in portal as it is throwing runtime error. But it was maintained correctly earlier.

Then i did a trace in "Security Troubleshooting Wizard" and i noticed a weird behavior as below.

******************************************************************************************************************************************************************

Authentication stack: [ticket].

[EXCEPTION]

com.sap.security.core.server.jaas.DetailedLoginException: java.security.SignatureException: Certificate (Issuer="OU=J2EE,CN=GXX", S/N=0) not found.

at com.sap.security.core.server.jaas.SAPLogonTicketHelper.evaluateTicket(SAPLogonTicketHelper.java:125)

*******************************************************************************************************************************************************************

Above log shows as the issuer certificate as GXX which is not the system which im trying to login and also this GXX is no where connected to the system that i'm trying to login. In shot, from nowhere it is taking GXX.

I'm not sure whether this is anywhere related to the actual problem that i'm facing. (i.e. NWA/portal logged on with an anonymous user)

Please help me in fixing the issue.

Thanks,

Karthik