Skip to Content

UME_com.sap.security.core.server.jaas.EvaluateTicketLoginModule

Dear all,

although the UME connection from the EP-Portal (DataSource: dataSourceConfiguration_database_only.xml; Database Only)

to the Abap System is up and running, we are encountering several issues.

Issue 1: Creating any User with the Profile sap_all,sap_new,j2ee_admin on ABAP-UME does cause the User being visible in the

User Management of J2EE- system but with no roles assigned. Furthermore logon with that user on J2EE- system is not possible.

(Authentifizierung fehlgeschlagen. Kennwort gesperrt.)

Issue 2: Creating any User with the Roles *admin* will cause that user to be visible in SU01 on ABAP- UME but with no Roles

or Profiles assigned to that user.

Issue 3: It seems that any User in Abap is getting locked after a surtain amount of time.

This problem is a bit fussy bit it includes the Administrator User. The Change Document (SU01) for affected users shows

a Password change executed from user SAPJSF_<SID> (which is UMEBackendConnection User).

It looks as if the UME is configured using SSO

Login Module Flag Initialize Login Commit Abort Details

1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok exception true java.security.SignatureException: Certificate (Issuer="OU=J2EE,CN=DPI", S/N=0) not found.

Thank you very much for all your help and support

Lutz

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

4 Answers

  • Best Answer
    Posted on May 12, 2015 at 07:00 AM

    Alias- name in ABAP must be the same as the portal- Username.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on May 04, 2015 at 03:21 PM

    1. You do create how? Describe the process exactly

    2. You will not see any EP roles in your ABAP backend, if you want to assign some quite common is it to create groups (role on your backend) and assign EP roles you need to these

    3. No idea about that, could be a custom job or something running? Dont sounds like a SAP standard mechanism for me. I would do further analysis on that

    cheer

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on May 04, 2015 at 04:05 PM

    Hi Lutz,

    Issue 1: Creating any User with the Profile sap_all,sap_new,j2ee_admin on ABAP-UME does cause the User being visible in the

    User Management of J2EE- system but with no roles assigned. Furthermore logon with that user on J2EE- system is not possible.

    (Authentifizierung fehlgeschlagen. Kennwort gesperrt.)

    Ans : You will not able to see the roles , profiles of ABAP ume , in java engine. In Java engine , role are comprise of action , which are part of PCD.

    You can transfer the pcd type of roles of java engine to Abap side and for this there is a procedure provided by SAP.


    Issue 2: Creating any User with the Roles *admin* will cause that user to be visible in SU01 on ABAP- UME but with no Roles

    or Profiles assigned to that user


    Ans : Vice - Versa is also true


    Login Module Flag Initialize Login Commit Abort Details

    1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok exception true java.security.SignatureException: Certificate (Issuer="OU=J2EE,CN=DPI", S/N=0) not found.



    Ans : Follow the below sapnotes


    991505 - Single Sign-On with assertion tickets fails on J2EE Engine


    With Regards

    Ashutosh Chaturvedi


    Add a comment
    10|10000 characters needed characters exceeded

    • Hello,

      Seems this issue is related to SSO. How can i check if SSO mechanism to portal is configured correctly?

      LOGIN.FAILED

      User: basis2

      IP Address: 164.28.47.180

      Authentication Stack: sap.com/tc~lm~itsam~ui~mainframe~wd*webdynpro_resources_sap.com_tc~lm~itsam~ui~mainframe~wd

      Authentication Stack Properties:

      policy_domain = /webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd

      realm_name = Upload Protected Area

      Login Module Flag Initialize Login Commit Abort Details

      1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true

      #1 trusteddn1 = CN=DSR

      #2 trusteddn2 = CN=DE1

      #3 trusteddn3 = CN=DSR

      #4 trusteddn4 = CN=PS1

      #5 trustediss1 = CN=DSR

      #6 trustediss2 = CN=DE1

      #7 trustediss3 = CN=DSR

      #8 trustediss4 = CN=PS1

      #9 trustedsys1 = DSR,200

      #10 trustedsys2 = DE1,100

      #11 trustedsys3 = DSR,100

      #12 trustedsys4 = PS1,100

      #13 ume.configuration.active = true

      2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok exception true Authentication did not succeed.

      #1 LogonWithAlias = true

      3. com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok true

      No logon policy was applied

      Ganze Nachricht ausblenden

      Many thanks for your support!

  • Posted on May 04, 2015 at 05:24 PM

    your ume data source is using database or abap?

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.