cancel
Showing results for 
Search instead for 
Did you mean: 

SSO for Agentry (Inventory Manager 4.2) verify.pse does not exists?

Former Member
0 Kudos

Hello All,

I am setting up SSO for Inventory Manager and have been following the installation guide which is provided in the IM42 package.

From following the guide, I am performing configuration in the [USER_AUTH_SSO] section of JavaBE.ini in the application folder for IM42.

When I configure the VERIFICATION_USE=true and VERIFICATION_FILENAME=VERIFY.pse parameters in the JavaBE.ini file and restart the IM42 application, I get an error in the server log as follows:

2016 07 18 12:30:26#+0200#INFO#System.out##anonymous#Agentry Dev Def Load Loop Thread###User::rethrowException::Exception caught: Could not login user S_AGENTRY - com.syclo.sap.auth.sso.TicketVerifierException: File VERIFY.pse does not exists - Unknown standard error (-1) - Unknown SSF error (-1) |

Seems like the app cannot find VERIFY.pse.

I have created the VERIFY.pse file by exporting SAPLogonTicketKeypair-cert.cert in Base64 X.509 format from the Portal and then following http://service.sap.com/sap/support/notes/722072 and then placed the file in the IM42 app folder. Currently the VERIFY.pse file is not using a password.

FYI, this is the only error being thrown. Previous log entries show SAPSSOEXT and sapcrypto.dll are being loaded successfully.

Below is my current [USER_AUTH_SSO] section from the JavaBE.ini file in the IM42 application folder.

[USER_AUTH_SSO]

PORTAL_URL=https://portal.local:50001/irj/portal

VERIFICATION_USE=true

VERIFICATION_FILENAME=VERIFY.pse

;VERIFICATION_PASSWORD=xxxxxxxxxx

;VERIFICATION_PASSWORD_ENCODED=false

KEY_STORE_USE=false

;KEY_STORE_TYPE=WINDOWS-MY

;KEY_STORE_FILENAME=keystoreFileName

;KEY_STORE_PASSWORD=xxxxxxxxxx

;KEY_STORE_PASSWORD_ENCODED=false

TRUST_STORE_USE=true

TRUST_STORE_TYPE=WINDOWS-ROOT

;TRUST_STORE_FILENAME=truststoreFileName

;TRUST_STORE_PASSWORD=xxxxxxxxxx

;TRUST_STORE_PASSWORD_ENCODED=false

COOKIE=MYSAPSSO2

HTTPTYPE=https

SSL_VERSION=SSLv3

JAVA_SECURITY_DEBUG=true

JAVA_NET_DEBUG=true

SSOCLIENT_CLASS=com.syclo.sap.auth.sso.SSOClient

CALLBACK_HANDLER_CLASS=com.syclo.sap.auth.CallbackHandler

When I set VERIFICATION_USE=false and comment out the VERIFICATION_FILENAME parameter, everything works fine. I can authenticate using Portal identities.

However, the reason I think I need to use VERIFICATION is that I want to authenticate against the Portal using a different username than what will be returned in the MYSAPSSO2 ticket. (From reading the documentation it seems the VERIFICATION function is used specifically for this)

Portal is setup to use ABAP datasource with LDAP integration, and we have customized the LDAP datasource configuration file to use user mapping based on a custom LDAP attribute. (This is working fine with other applications, NWBC as an example)

Anyways, hoping that someone might have some clues to getting the VERIFICATION functionality working, as per described in the current Inventory Manager 4.2 documentation.

Regards,

Patrick

Accepted Solutions (1)

Accepted Solutions (1)

dm21
Participant
0 Kudos

Hi,

Can you place the verify.pse file in the server folder of SMP Server and check if its working ? Please do a restart of the server and validate if its working .

Thanks,

Deepak.M

Former Member
0 Kudos

Hi Deepak,

I have tried what you have suggested and VERIFICATION is now working.

Using ATE to test, I can clearly see in the server log that I am authenticating against the portal with a samaccount and the logon ticket being returned is verified to contain a different username, and then successfully authenticates against the ECC backend for IM42.

Thank you a lot for the quick response and correct information.

Best regards,

Patrick

Answers (0)