on 07-18-2016 1:05 PM
Hello All,
I am setting up SSO for Inventory Manager and have been following the installation guide which is provided in the IM42 package.
From following the guide, I am performing configuration in the [USER_AUTH_SSO] section of JavaBE.ini in the application folder for IM42.
When I configure the VERIFICATION_USE=true and VERIFICATION_FILENAME=VERIFY.pse parameters in the JavaBE.ini file and restart the IM42 application, I get an error in the server log as follows:
2016 07 18 12:30:26#+0200#INFO#System.out##anonymous#Agentry Dev Def Load Loop Thread###User::rethrowException::Exception caught: Could not login user S_AGENTRY - com.syclo.sap.auth.sso.TicketVerifierException: File VERIFY.pse does not exists - Unknown standard error (-1) - Unknown SSF error (-1) |
Seems like the app cannot find VERIFY.pse.
I have created the VERIFY.pse file by exporting SAPLogonTicketKeypair-cert.cert in Base64 X.509 format from the Portal and then following http://service.sap.com/sap/support/notes/722072 and then placed the file in the IM42 app folder. Currently the VERIFY.pse file is not using a password.
FYI, this is the only error being thrown. Previous log entries show SAPSSOEXT and sapcrypto.dll are being loaded successfully.
Below is my current [USER_AUTH_SSO] section from the JavaBE.ini file in the IM42 application folder.
[USER_AUTH_SSO]
PORTAL_URL=https://portal.local:50001/irj/portal
VERIFICATION_USE=true
VERIFICATION_FILENAME=VERIFY.pse
;VERIFICATION_PASSWORD=xxxxxxxxxx
;VERIFICATION_PASSWORD_ENCODED=false
KEY_STORE_USE=false
;KEY_STORE_TYPE=WINDOWS-MY
;KEY_STORE_FILENAME=keystoreFileName
;KEY_STORE_PASSWORD=xxxxxxxxxx
;KEY_STORE_PASSWORD_ENCODED=false
TRUST_STORE_USE=true
TRUST_STORE_TYPE=WINDOWS-ROOT
;TRUST_STORE_FILENAME=truststoreFileName
;TRUST_STORE_PASSWORD=xxxxxxxxxx
;TRUST_STORE_PASSWORD_ENCODED=false
COOKIE=MYSAPSSO2
HTTPTYPE=https
SSL_VERSION=SSLv3
JAVA_SECURITY_DEBUG=true
JAVA_NET_DEBUG=true
SSOCLIENT_CLASS=com.syclo.sap.auth.sso.SSOClient
CALLBACK_HANDLER_CLASS=com.syclo.sap.auth.CallbackHandler
When I set VERIFICATION_USE=false and comment out the VERIFICATION_FILENAME parameter, everything works fine. I can authenticate using Portal identities.
However, the reason I think I need to use VERIFICATION is that I want to authenticate against the Portal using a different username than what will be returned in the MYSAPSSO2 ticket. (From reading the documentation it seems the VERIFICATION function is used specifically for this)
Portal is setup to use ABAP datasource with LDAP integration, and we have customized the LDAP datasource configuration file to use user mapping based on a custom LDAP attribute. (This is working fine with other applications, NWBC as an example)
Anyways, hoping that someone might have some clues to getting the VERIFICATION functionality working, as per described in the current Inventory Manager 4.2 documentation.
Regards,
Patrick
Hi,
Can you place the verify.pse file in the server folder of SMP Server and check if its working ? Please do a restart of the server and validate if its working .
Thanks,
Deepak.M
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Deepak,
I have tried what you have suggested and VERIFICATION is now working.
Using ATE to test, I can clearly see in the server log that I am authenticating against the portal with a samaccount and the logon ticket being returned is verified to contain a different username, and then successfully authenticates against the ECC backend for IM42.
Thank you a lot for the quick response and correct information.
Best regards,
Patrick
User | Count |
---|---|
84 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.