cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UME_com.sap.security.core.server.jaas.EvaluateTicketLoginModule

Go to solution
hannover_sap-basis
Participant

on ‎05-04-2015 1:06 PM

0 Kudos

Dear all,

although the UME connection from the EP-Portal (DataSource: dataSourceConfiguration_database_only.xml; Database Only)

to the Abap System is up and running, we are encountering several issues.

Issue 1: Creating any User with the Profile sap_all,sap_new,j2ee_admin on ABAP-UME does cause the User being visible in the

User Management of J2EE- system but with no roles assigned. Furthermore logon with that user on J2EE- system  is not possible.

(Authentifizierung fehlgeschlagen. Kennwort gesperrt.)

Issue 2: Creating any User with the Roles *admin* will cause that user to be visible in SU01 on ABAP- UME but with no Roles

or Profiles assigned to that user.

Issue 3: It seems that any User in Abap is getting locked after a surtain amount of time.

This problem is a bit fussy bit it includes the Administrator User. The Change Document (SU01) for affected users shows

a Password change executed from user SAPJSF_<SID> (which is UMEBackendConnection User).

It looks as if the UME is configured using SSO

Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details

1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          exception             true       java.security.SignatureException: Certificate (Issuer="OU=J2EE,CN=DPI", S/N=0) not found.

Thank you very much for all your help and support

Lutz

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

hannover_sap-basis
Participant
‎05-12-2015 8:00 AM
0 Kudos

Alias- name in ABAP must be the same as the portal- Username.

Show replies
Show replies

Answers (3)

Answers (3)

junwu
Active Contributor
‎05-04-2015 6:24 PM
0 Kudos

your ume data source is using database or abap?

Show replies
Show replies
former_member185239
Active Contributor
‎05-04-2015 5:05 PM
0 Kudos

Hi Lutz,

Issue 1: Creating any User with the Profile sap_all,sap_new,j2ee_admin on ABAP-UME does cause the User being visible in the

User Management of J2EE- system but with no roles assigned. Furthermore logon with that user on J2EE- system  is not possible.

(Authentifizierung fehlgeschlagen. Kennwort gesperrt.)

Ans : You will not able to see the roles , profiles of ABAP ume , in java engine. In Java engine ,  role are comprise of action , which are part of PCD.

You can transfer the pcd type of roles of java engine to Abap side and for this there is a procedure provided by SAP.


Issue 2: Creating any User with the Roles *admin* will cause that user to be visible in SU01 on ABAP- UME but with no Roles

or Profiles assigned to that user


Ans : Vice - Versa is also true


Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details

1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          exception             true       java.security.SignatureException: Certificate (Issuer="OU=J2EE,CN=DPI", S/N=0) not found.



Ans :  Follow the below sapnotes


      991505 - Single Sign-On with assertion tickets fails on J2EE Engine


With  Regards

Ashutosh Chaturvedi


Show replies
Show replies
hannover_sap-basis
Participant
‎05-05-2015 9:14 AM
0 Kudos

Hello,

Seems this issue is related to SSO. How can i check if SSO mechanism to portal is configured correctly?

LOGIN.FAILED

User: basis2

IP Address: 164.28.47.180

Authentication Stack: sap.com/tc~lm~itsam~ui~mainframe~wd*webdynpro_resources_sap.com_tc~lm~itsam~ui~mainframe~wd

Authentication Stack Properties:

        policy_domain = /webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd

        realm_name = Upload Protected Area

Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details

1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          false                 true      

        #1 trusteddn1 = CN=DSR

        #2 trusteddn2 = CN=DE1

        #3 trusteddn3 = CN=DSR

        #4 trusteddn4 = CN=PS1

        #5 trustediss1 = CN=DSR

        #6 trustediss2 = CN=DE1

        #7 trustediss3 = CN=DSR

        #8 trustediss4 = CN=PS1

        #9 trustedsys1 = DSR,200

        #10 trustedsys2 = DE1,100

        #11 trustedsys3 = DSR,100

        #12 trustedsys4 = PS1,100

        #13 ume.configuration.active = true

2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   REQUISITE   ok          exception             true       Authentication did not succeed.

        #1 LogonWithAlias = true

3. com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok                                true      

No logon policy was applied

Ganze Nachricht ausblenden

Many thanks for your support!

Former Member
‎05-04-2015 4:21 PM
0 Kudos

1. You do create how? Describe the process exactly

2. You will not see any EP roles in your ABAP backend, if you want to assign some quite common is it to create groups (role on your backend) and assign EP roles you need to these

3. No idea about that, could be a custom job or something running? Dont sounds like a SAP standard mechanism for me. I would do further analysis on that

cheer

Show replies
Show replies
Ask a Question