on 05-04-2015 1:06 PM
Dear all,
although the UME connection from the EP-Portal (DataSource: dataSourceConfiguration_database_only.xml; Database Only)
to the Abap System is up and running, we are encountering several issues.
Issue 1: Creating any User with the Profile sap_all,sap_new,j2ee_admin on ABAP-UME does cause the User being visible in the
User Management of J2EE- system but with no roles assigned. Furthermore logon with that user on J2EE- system is not possible.
(Authentifizierung fehlgeschlagen. Kennwort gesperrt.)
Issue 2: Creating any User with the Roles *admin* will cause that user to be visible in SU01 on ABAP- UME but with no Roles
or Profiles assigned to that user.
Issue 3: It seems that any User in Abap is getting locked after a surtain amount of time.
This problem is a bit fussy bit it includes the Administrator User. The Change Document (SU01) for affected users shows
a Password change executed from user SAPJSF_<SID> (which is UMEBackendConnection User).
It looks as if the UME is configured using SSO
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok exception true java.security.SignatureException: Certificate (Issuer="OU=J2EE,CN=DPI", S/N=0) not found.
Thank you very much for all your help and support
Lutz
Alias- name in ABAP must be the same as the portal- Username.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
your ume data source is using database or abap?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Lutz,
Issue 1: Creating any User with the Profile sap_all,sap_new,j2ee_admin on ABAP-UME does cause the User being visible in the
User Management of J2EE- system but with no roles assigned. Furthermore logon with that user on J2EE- system is not possible.
(Authentifizierung fehlgeschlagen. Kennwort gesperrt.)
Ans : You will not able to see the roles , profiles of ABAP ume , in java engine. In Java engine , role are comprise of action , which are part of PCD.
You can transfer the pcd type of roles of java engine to Abap side and for this there is a procedure provided by SAP.
Issue 2: Creating any User with the Roles *admin* will cause that user to be visible in SU01 on ABAP- UME but with no Roles
or Profiles assigned to that user
Ans : Vice - Versa is also true
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok exception true java.security.SignatureException: Certificate (Issuer="OU=J2EE,CN=DPI", S/N=0) not found.
Ans : Follow the below sapnotes
991505 - Single Sign-On with assertion tickets fails on J2EE Engine
With Regards
Ashutosh Chaturvedi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
Seems this issue is related to SSO. How can i check if SSO mechanism to portal is configured correctly?
LOGIN.FAILED
User: basis2
IP Address: 164.28.47.180
Authentication Stack: sap.com/tc~lm~itsam~ui~mainframe~wd*webdynpro_resources_sap.com_tc~lm~itsam~ui~mainframe~wd
Authentication Stack Properties:
policy_domain = /webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd
realm_name = Upload Protected Area
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
#1 trusteddn1 = CN=DSR
#2 trusteddn2 = CN=DE1
#3 trusteddn3 = CN=DSR
#4 trusteddn4 = CN=PS1
#5 trustediss1 = CN=DSR
#6 trustediss2 = CN=DE1
#7 trustediss3 = CN=DSR
#8 trustediss4 = CN=PS1
#9 trustedsys1 = DSR,200
#10 trustedsys2 = DE1,100
#11 trustedsys3 = DSR,100
#12 trustedsys4 = PS1,100
#13 ume.configuration.active = true
2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok exception true Authentication did not succeed.
#1 LogonWithAlias = true
3. com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok true
No logon policy was applied
Ganze Nachricht ausblenden
Many thanks for your support!
1. You do create how? Describe the process exactly
2. You will not see any EP roles in your ABAP backend, if you want to assign some quite common is it to create groups (role on your backend) and assign EP roles you need to these
3. No idea about that, could be a custom job or something running? Dont sounds like a SAP standard mechanism for me. I would do further analysis on that
cheer
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.