cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO Between EP and R/3 6.4

Go to solution
Former Member

on ‎02-28-2006 8:45 AM

0 Kudos

Hi,

I am trying to implement SSO between SAP EP 6.0 and SAP R/3 6.4 using logon tickets.

I've downloaded the .pse and .der files from Portal,uploaded the .pse in the backend system,added it to the ACL,but when i tried to test the connection in portal using system admin->system configuration->UM configuration->SAP system

i am getting an error----

(System ID): com.sap.mw.jco.JCO$Exception: (101) RFC_ERROR_PROGRAM: 'mshost' missing

(System ID & System Number): com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to SAP gateway failed Connect_PM TYPE=A ASHOST=ctsgvcsap3 SYSNR=03 GWHOST=ctsgvcsap3 GWSERV=sapgw03 PCS=1 LOCATION CPIC (TCP/IP) on local host with Unicode ERROR service '?' unknown TIME Thu Feb 23 16:24:39 2006 RELEASE 640 COMPONENT NI (network interface) VERSION 37 RC -3 COUNTER 2

Where am i going wrong?Please help.

If anyone is having detailed documentation please forward the same.

Thanks in advance

SwarnaDeepika.

Message was edited by: SwarnaDeepika

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-28-2006 4:02 PM
0 Kudos

Swarna,

When you imported the certificate in the backend system did you click on "Add to Certificate List" as well as "Add to ACL". If you did this you should be able to see the entries in the Cert. List and Single Sign-On Access Control List (ACL), under transaction STRUSTSSO2 in your backend system.

Show replies
Show replies
Former Member
‎03-02-2006 4:58 AM
0 Kudos

Hi sg,

in tcode sso2 its asking an RFC destination,what should i give here?

Hi lutz,

i checked the entry in services file,it is already present.what else could be wrong?

Hi Deepankar,

i was able to download the .pse file and add it to the ACL,but when i click on add "Add to Certificate List" i am getting the error,"Error occured during import",so i'm not able to add it to the cert.list!

Any suggestions?

regards

Swarna

Former Member
‎03-02-2006 7:35 AM
0 Kudos

Hi,

please refer the blog it gives the 10 steps that must be performed to get SSO between R/3 and EP.

Hope that helps.

Regards,

S.Divakar

Former Member
‎03-02-2006 7:52 AM
0 Kudos

Hi Swarna

using trans. strustsso2 under certificate click on import certificate

than under file path give the path for ur downloaded portal certificate (.der) than enter

now click on add to PSE and than after click on add to ACL

under system enter sid of portal system and under client enter 000

save and exit.

also chek the following parameter of profile in RZ10

login/create_sso2_ticket is set to 1 and login/accepte_sso2_ticket set to 1

restart ur R3 system for take effect.

if u have any query revert me back

regards,

kaushal

Former Member
‎03-02-2006 8:14 AM
0 Kudos

Hi Kaushal,

when i try to import the .der file i'm getting the error "cannot analyse certificate"!

what cud be wrong?

Thanks

Swarna

Former Member
‎03-02-2006 11:02 AM
0 Kudos

Hi Swarna

when u download the certificate from portal

its zip format i.e verify.der.zip unzip it using winzip than u can get verify.der certificate

try to import it and follow my procedure.

if u have any prob. revert me back

regards,

kaushal

Former Member
‎03-02-2006 11:11 AM
0 Kudos

Hi Kaushal,

Thanks for the quick reply.

It is for the unzipped .der file upload only, i am getting that error!

should i talk to the basis people?

Regards

Swarna

Former Member
‎03-02-2006 11:20 AM
0 Kudos

Hi Swarna

u can get error "cannot analyse certificate" only if there is a problem with portal certificate

so try to import correct certificate,

or try out other way to download the certificate

run visual administrator of J2EE

server->services->click on Key Storage under runtime tab

under views click on TicketKeyStore

Under Entries click on SapLogonTicketKeyPair-cert

than Under entry click on export an save the file as verify.der

hope it's helps u

regards,

kaushal

MarkusKlein
Active Contributor
‎03-09-2006 8:00 AM
0 Kudos

Hello Swarna,

in tcode sso2 use "NONE" as the RFC destination.

What certificate do you use? The one from the portal application itself, or the one from the underlaying J2EE Server?

Are you on a Add-on installation? ABAPJava in one system? OR are both on different system? IF you are in an Add-on installation, you have to change the Client value for the J2EE Server as both use the same SID(System-ID) and the combination SIDClient have to be unique!

regards,

Markus

Former Member
‎03-10-2006 8:31 AM
0 Kudos

Hi Markus,

Sorry for the delayed reply.

Yes,i selected NONE as RFC destination.

I'm using the certificate from the portal application only.

Are you asking whether my portal application and r/3 are on the same system?

No,they arent!

Thanks

Swarna

Answers (10)

Answers (10)

john_hnatin
Discoverer
‎10-26-2007 8:05 PM
0 Kudos

What problem could there be when a User, otherwise successful at SSO, is not automatically logged on to the SAP Corporate Portal, please?

Thanks.

John

Show replies
Show replies
Former Member
‎03-10-2006 4:07 PM
0 Kudos

Swarna,

You dont have to enter RFC destination just click on execute button.

You should see a green flag indicating that your R/3 system accepts sso2 tickets and if you scrol down to the botom you will see the list of systems for wich your R/3 systems accepts verified logon tickets. Make sure that you have your portal system ID in there.

-SG

Show replies
Show replies
Former Member
‎03-13-2006 5:42 AM
0 Kudos

Hi SG,

when i clicked on execute button,i cud see the green flag

which says 'logon tickets are accepted'.

But when i create the transaction iview and preview it,

i cudnt only see the logon screen with the error 'Issuer of SSO tickets is not authorised'.

what is missing?

Thanks

SwarnaDeepika.

Former Member
‎03-13-2006 9:53 AM
0 Kudos

Hi Swarna,

I have also faced same problem when I implemented SSO. I have restarted R/3 Application server and the problem solved.

With Regards,

Ravi

Former Member
‎03-13-2006 10:57 AM
0 Kudos

Hi Ravi,

i solved that problem,it was becos i entered the wrong system ID while entering in the ACL list.

but now when i click preview it is showing the login screen with the message-

'username or password incorrect please re-enter'

when i enter the uname and passsword,it is navigating to the correct transaction,which i've enterd!

i have done the user-mapping also.

what is the problem?

i think we have crossed all the hurdles only the last one is there.Please help me close the thread.

thanks

Swarna

Former Member
‎03-13-2006 1:23 PM
0 Kudos

Hi All,

I did not add the ume.configuration.active=TRUE parameter under the Direct editing tab in the portal.

then i restarted the portal server.

Bingo!

My SSO is working:)

thanks a ton for all of you who guided me.

Regards

SwarnaDeepika

Former Member
‎03-07-2006 1:48 PM
0 Kudos

Yes, you have to start the R/3 system. You can get rid of it only if certificate is added previously and now you are only Adding to ACL. But since you imported the certificate in the R/3 system for the first time, you have to start the R/3 system.

Show replies
Show replies
Former Member
‎03-06-2006 3:35 PM
0 Kudos

Now that u have imported the certificate in the backend system. You need to excute the RZ10 transaction on the backend system and set the parameters login/create_sso2_ticket=0 and login/accept_sso2_ticket=1.

Yes Kausal is right. After all this you need to start the backend system and not the Portal system.

Show replies
Show replies
Former Member
‎03-07-2006 4:26 AM
0 Kudos

Hi,

Yes i have uploaded the certificate in R/3 system,and created the profile parameters for instance profiles.

But is it necessary to restart the r/3 system,or do we have any alternative for this step,because i need to get permissions for doing that!

thanks for all your valuable inputs

Swarna

Former Member
‎03-07-2006 2:45 PM
0 Kudos

Swarna,

Restart is required anytime an instance profile is created or modified. Restart is not required if you have only imported the certificate. Also check Tcode sso2 after the restart. It will show you detailed information if the single signon was configured correctly.

-SS

Former Member
‎03-08-2006 10:44 AM
0 Kudos

Hi all,

I have restarted the system but when i preview the transaction Iview-it is throwing me the error-

"this system rejects all logons using SSO tickets"

My doubts are that-

wat else should be entered in the connector properties of the system?

i have already entered

application host- app server (*****sap3.**.com) of my backend system-should i give the full domain name?

SAP client-812

SAP system id-ec4

sap system number-03

server port-3203

thats it.

what are the WAS properties that i should enter?

SG,after restarting the system,what are the parameters that i should check in the transaction sso2?

when i go there its only prompting me to enter an RFC destination?What should i enter there?

thanks in advance

SwarnaDeepika

Message was edited by: SwarnaDeepika

deshdeepak_shukla2
Participant
‎03-05-2006 2:47 AM
0 Kudos

Swarna

For the single signon to happen, you need to import the verify.der certificate as Kaushal mentioned.

Also you need to restart the Portal system once you have modified the services file.

hope the above helps

~Deshdeepak

Show replies
Show replies
Former Member
‎03-06-2006 3:58 AM
0 Kudos

hi ,

yes,Deepankar,i did not have the rights so i asked the Basis people to give me access to that.

Deshdeepak,can you please tell where i can modify the services file?

thanks and regards

Swarna.

Former Member
‎03-06-2006 7:35 AM
0 Kudos

Hi Swarna

the procedure for importing portal certificate in r3 system i already mentioned

u have a authorization for strustsso2 on r3 system

ask for that to basis person or done with their id

after importing portal certificate into r3 system u have to restart the r3 system no need to restart the portal system

and make sure for SSO both portal and R3 system are in same domain.

i.e

sapr3.mydomain.com

portal.mydomain.com

if not u have to specify the DNS entry for that by creating alias.

regards,

kaushal

Former Member
‎03-03-2006 4:06 PM
0 Kudos

Swarna,

Its becoz you dont have enough privileges for the backend system. You can ask them to give you the privileges or can ask the basis admin person to import it.

Show replies
Show replies
Former Member
‎02-28-2006 2:46 PM
0 Kudos

Hi Swarna,

this very much looks like a missing entry in your services file on your portal machine.

e.g. C:\WINDOWS\system32\drivers\etc\services

you will need the following entry:

sapgw03 3303/tcp

Regards,

Lutz

Show replies
Show replies
Former Member
‎02-28-2006 1:57 PM
0 Kudos

Swarna,

Go to Tcode sso2 in the R/3 system and excute it and cut and paste the content.

-SS

Show replies
Show replies
Former Member
‎02-28-2006 10:52 AM
0 Kudos

Hi

Please go through the link:

In this forum also it is discussing about the same problem.So please go through it.

Hope it helps you.

Regards

Victoria

Show replies
Show replies
Former Member
‎02-28-2006 12:44 PM
0 Kudos

Hi,

I went through the thread.

In that scenario atleast the test connection is successful,but in my case i am getting that strange error

?

what is missing and where?

Can someone give me the essential steps?

regards

SwarnaDeepika

former_member188556
Active Contributor
‎02-28-2006 10:27 AM
0 Kudos

Hi Swarna

Check this Doc

http://help.sap.com/saphelp_nw04/helpdata/en/74/641640b7b6dd5fe10000000a155106/frameset.htm

Regards

Bobu

Show replies
Show replies
Former Member
‎02-28-2006 10:41 AM
0 Kudos

Hi,

Thanks for the quick reply but i have already gone through the link.

I have gone through many such documents in forums as well as help.sap.com but it didnt help

I checked all the data entered(about the r/3) during test connection in portal.i dont find anything wrong.

anyway i am giving the details below-

Cleint-812

User id and password-r/3 id and password

application server-ctsgvcsap3

system number-03

maximum wait time in milli seconds-10000

it is for these values i am getting that error.

If someone has already tried it out ,please come up with your suggestions.

regards

SwarnaDeepika

Ask a Question