cancel
Showing results for 
Search instead for 
Did you mean: 

The system is unable to interpret the SSO ticket received

Former Member
0 Kudos

Hi all,

We run a 4.7 R/3 System with an 6.40 J2EE Add-In.

Now we have developed some WebDynpros accessing the R/3 data. These WebDynpros are protected so that we needed to set up a single sign on via SAPLOGONTICKET.

All works fine if we deploy the WebDynpro to a different J2EE than the one on top of the 4.7 R/3 system.

But when we try to run the WebDynpro on the same J2EE system via SAPLOGONTICKET we get following error message from the R/3:

com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: The system is unable to interpret the SSO ticket received

Unfortunately we cannot add an entry to the table "TWPSSO2ACL" via transaction SM30 or upload the verify.der via STRUST as here an entry for the SID is already exisiting!

Can someone tell me how to enable SSO (via SAPLOGONTICKET) for a J2EE WebDynpro that runs on the J2EE which is the Add-In to the same ABAP stack where to resolve the RFC data?

(SSO via SAPLOGONTICKET from a different J2EE - e.g. a portal - to the R/3 is working fine)

regards

René

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi

See this help

<a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/f3f93ee7-0c01-0010-2593-d7c28b5377c2">Adaptive RFC- Troubleshooting Guide</a>

Make sure your client is enables SSO in strustsso2 transaction.

Kind Regards

Mukesh

Former Member
0 Kudos

Hi Mukesh,

this guide does not help.

As I mentioned I try to connect from an Add-In J2EE to the R/3. -> as these system share the same UME by default all users which exists on the J2EE also exists in the R/3.

But why the SSO via SAPLOGONTICKET is not possible as it is ONE complete WebApplication Server?

(So we had a WebAS 6.20 ABAP where we installed a 6.40 J2EE Add-In and now we cannot connect via SAPLOGONTICKET from the 6.40 J2EE to the 6.20 ABAP!)

regards

René

Former Member
0 Kudos

Hello Rene,

Were you able to solve the SSO issue? I also have the same issue and I get the same error message, when I try to access the ESS iviews. Our environment is like this.

Portal NW04s and Business packages (ESS 60.2, MSS 60.1.2) on one physical server. ECC 5.0 with a Java addin and XSS components are installed on the Java Addin (WAS 6.40). ECC, XSS in one physical server.

Could you please let me know, what you did to solve the single sign on issue?

Thanks,

Sunitha.

Former Member
0 Kudos

Sunitha,

I have SSO headache with PI (XI) currently. Actually, one of the reasons why tickets are not accepted is that host names are not defined using FQDN (fully qualified domain names) but rather are specified as localhost or short host name. Probably could be a reason here as well.

VS

Former Member
0 Kudos

Hi Sunitha,

yes, we could solve the issue.

We have done following steps:

1. We changed the client of the J2EE engine to a client that is not known in the ABAP as described in SAP Help http://help.sap.com/saphelp_nw04/helpdata/en/cb/ac3d41a5a9ef23e10000000a155106/frameset.htm

(Includes Restart of J2EE)

2. We replaced the J2EE own certificates as described in SAP Help http://help.sap.com/saphelp_nw04/helpdata/en/75/c80b424c6cc717e10000000a155106/frameset.htm

3. We downloaded the J2EE Ticket via Visual Admin Tool

3.1 in Visual Admin Tool open tree "Server # > Services > Key Storage"

3.2 Within the "Key Storage" choose view "Ticket Keystore" and entry "SAPLogonTicketKeypair-cert"

3.3 click on "Export" and save the ticket to a propper location

4. We uploaded the new ticket to STRUST

--> Keep attention that after replacing the J2EE certificate the Serial Number has changed!! Copy this Serial Number somewhere and update the entry in table TWPSSO2ACL accordingly...

Please keep in mind that these setting only fit to the J2EE Add-In of an ABAP system.

regards

René