on 01-09-2014 2:13 PM
I have a stand-alone portal system with an ABAP system as its UME. Both are ERP 6.0 EHP7 SPS01 on Windows 2008 R3 and MSSQL 2008 R2. The ABAP system is connected to our Active Directory with read-only authorization.
I have now configured the Java system to authenticate against Active Directory instead of the ABAP system according to the online documentation. If a user exists in both AD and SAP, the AD password is now used to successfully log into the portal. If the user doesn't exist in SAP, the portal authentication fails whether the user exists in AD or not. So far so good.
My problem is the case where the user exists in SAP, but not in AD. According to the documentation, the authentication should now be carried out against SAP only. But the session hangs up and eventually times out, regardless of whether the password is correct or not. I can't see anything in the ABAP or Java logs. Does anybody have seen this before or have an idea what to do to figure it out?
After more than 3 months of back and forth, I finally got a fix from SAP. It will be released with note 2008475.
Thank you again to everybody that helped.
Susan Haenicke
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Can you reproduce the problem while the Security Troubleshooting Wizard is running?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks, the trace looks bit weird to me. I don't see any reference to authentication APIs. Did you really use the Security Troubleshooting Wizard? Use Incident type Authentication, Start Diagnostics, reproduce error, Stop Diagnostics and then press Download Zip Archive. Inside the Zip archive you should find a directory and inside it a file called diagtool_XXX_XXX.html sized at least 50-100 kilobytes. Attach that file either as HTML or convert to TXT before attaching.
No problem.
About the traces, I can see UME trying to query LDAP for the user
12:14:59:212 Debug J2EE_GST_EP6 HTTP Worker [@1733154494],5,...
...ication.vuser.VirtualUserDataSource
searchPrincipalDatabags ***************************************************************************
* com.sap.security.core.persistence.imp.SearchCriteria
* looking for: "UACC" on all repositories.
* Using AND mode without size limit.
*
* com.sap.security.core.usermanagement|->PRINCIPAL_TYPE_ATTRIBUTE EQUALS UACC (case sensitive)
* com.sap.security.core.usermanagement|->j_user EQUALS testsusan (not case sensitive)
***************************************************************************
found nothing.
12:14:59:288 Debug J2EE_GST_EP6 HTTP Worker [@1733154494],5,...
...ication.vuser.VirtualUserDataSource
Populate principal databag failed as principal was not found.
After that nothing. I suspect there is a bug in the BC-JAS-SEC-UME component or even the logon component not reacting to the result. Have you involved SAP support? If not, please do and attach the traces you sent earlier.
User | Count |
---|---|
89 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.