Skip to Content
0
Former Member
Jan 21, 2007 at 11:33 PM

Issuer of SAP Logon Ticket is not trusted. evaluate_assertion_ticket

779 Views

Hello,

I am having problems with connectivity between external applications like report designer and EP and BI7.

<b>dev_jrfc:</b>

Exception thrown by application running in JCo Server

com.sap.engine.services.rfcengine.RFCException: Incoming call is not authorized

...

Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Access Denied.

...

Caused by: com.sap.security.core.server.jaas.DetailedLoginException: Authentication failed: Issuer of SAP Logon Ticket is not trusted. Authentication stack: evaluate_assertion_ticket

I reviewed note 888687 and 721815, making changes to:

securityprovider>Ticket>com.sap.security.core.server.jaas.EvaluateTicketLoginModule

Ume.configuration.active = True

trusteddn01 = CN=BWD

trustedsys01 = BWD, 200

trustediss01 = CN=BWD

What should the flag be set to? Sufficient?

I also made securityProvider>evaluate_assertion_ticket>com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule look exactly the same as above.

I deleted all my certificates exporting and importing them both again. I do have a question about the use of strustss02.

- I have added the portal certificate to the certificate list. Should I add the Bi certificate to this list also? It allows me, so I presume so.

- Which certificates should I add to the ACL? Both? also do I add them using the default client eg 200 or as client 000 instead? I added them both certificates as BWD client 200.

If I run SE38> RSPOR_SETUP Step 12 brings back the error RSWR_RFC_SERVICE_TEST system failure. Yet when I run this function module separately I have no problems.

Sorry about all the questions, I am certain that I am missing a very small piece of config.

Any help that can be provided would be very much appreciated.

Thankyou

Chris O'Haire