Skip to Content
author's profile photo Former Member
Former Member

SSO for Agentry (Inventory Manager 4.2) verify.pse does not exists?

Hello All,

I am setting up SSO for Inventory Manager and have been following the installation guide which is provided in the IM42 package.

From following the guide, I am performing configuration in the [USER_AUTH_SSO] section of JavaBE.ini in the application folder for IM42.

When I configure the VERIFICATION_USE=true and VERIFICATION_FILENAME=VERIFY.pse parameters in the JavaBE.ini file and restart the IM42 application, I get an error in the server log as follows:

2016 07 18 12:30:26#+0200#INFO#System.out##anonymous#Agentry Dev Def Load Loop Thread###User::rethrowException::Exception caught: Could not login user S_AGENTRY - com.syclo.sap.auth.sso.TicketVerifierException: File VERIFY.pse does not exists - Unknown standard error (-1) - Unknown SSF error (-1) |

Seems like the app cannot find VERIFY.pse.

I have created the VERIFY.pse file by exporting SAPLogonTicketKeypair-cert.cert in Base64 X.509 format from the Portal and then following http://service.sap.com/sap/support/notes/722072 and then placed the file in the IM42 app folder. Currently the VERIFY.pse file is not using a password.

FYI, this is the only error being thrown. Previous log entries show SAPSSOEXT and sapcrypto.dll are being loaded successfully.

Below is my current [USER_AUTH_SSO] section from the JavaBE.ini file in the IM42 application folder.

[USER_AUTH_SSO]

PORTAL_URL=https://portal.local:50001/irj/portal

VERIFICATION_USE=true

VERIFICATION_FILENAME=VERIFY.pse

;VERIFICATION_PASSWORD=xxxxxxxxxx

;VERIFICATION_PASSWORD_ENCODED=false

KEY_STORE_USE=false

;KEY_STORE_TYPE=WINDOWS-MY

;KEY_STORE_FILENAME=keystoreFileName

;KEY_STORE_PASSWORD=xxxxxxxxxx

;KEY_STORE_PASSWORD_ENCODED=false

TRUST_STORE_USE=true

TRUST_STORE_TYPE=WINDOWS-ROOT

;TRUST_STORE_FILENAME=truststoreFileName

;TRUST_STORE_PASSWORD=xxxxxxxxxx

;TRUST_STORE_PASSWORD_ENCODED=false

COOKIE=MYSAPSSO2

HTTPTYPE=https

SSL_VERSION=SSLv3

JAVA_SECURITY_DEBUG=true

JAVA_NET_DEBUG=true

SSOCLIENT_CLASS=com.syclo.sap.auth.sso.SSOClient

CALLBACK_HANDLER_CLASS=com.syclo.sap.auth.CallbackHandler

When I set VERIFICATION_USE=false and comment out the VERIFICATION_FILENAME parameter, everything works fine. I can authenticate using Portal identities.

However, the reason I think I need to use VERIFICATION is that I want to authenticate against the Portal using a different username than what will be returned in the MYSAPSSO2 ticket. (From reading the documentation it seems the VERIFICATION function is used specifically for this)

Portal is setup to use ABAP datasource with LDAP integration, and we have customized the LDAP datasource configuration file to use user mapping based on a custom LDAP attribute. (This is working fine with other applications, NWBC as an example)

Anyways, hoping that someone might have some clues to getting the VERIFICATION functionality working, as per described in the current Inventory Manager 4.2 documentation.

Regards,

Patrick

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Best Answer
    Posted on Jul 18, 2016 at 12:57 PM

    Hi,

    Can you place the verify.pse file in the server folder of SMP Server and check if its working ? Please do a restart of the server and validate if its working .

    Thanks,

    Deepak.M

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Deepak,

      I have tried what you have suggested and VERIFICATION is now working.

      Using ATE to test, I can clearly see in the server log that I am authenticating against the portal with a samaccount and the logon ticket being returned is verified to contain a different username, and then successfully authenticates against the ECC backend for IM42.

      Thank you a lot for the quick response and correct information.

      Best regards,

      Patrick

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.