Skip to Content
1

Principal Propagation to an ABAP System via RFC SNC not Working

Jul 16, 2017 at 08:12 PM

469

avatar image

Hello community,

I am trying to call a RFC SNC destination in my Java application (Tomcat 8 runtime) and getting the following error:

com.sap.conn.jco.JCoException: (103) JCO_ERROR_LOGON_FAILURE: Initialization of destination dt1_datatrain_snc failed: Anmeldedaten unvollständig.

I followed all the steps of the offical documentation to configure SNC on my AS ABAP and on the Cloud Connector:

https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/c84d4d0b12d34890b334998185f49e88.html

My destination looks like this:

My user Mapping looks like this:

And my JAVA code looks like this:

JCoDestination destination=JCoDestinationManager.getDestination("dt1_datatrain_snc");
JCoRepository repo=destination.getRepository();
JCoFunction stfcConnection=repo.getFunction("STFC_CONNECTION");
JCoParameterList imports=stfcConnection.getImportParameterList();
imports.setValue("REQUTEXT", "SAP HANA Cloud connectivity runs with JCo");
 stfcConnection.execute(destination);

I have no idea what is goung wrong here??

Thanks in advance for help,

Christoffer Fuss

mq91x.png (27.3 kB)
dsooy.png (28.4 kB)
4twh7.png (21.9 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

12 Answers

Markus Tolksdorf
Jul 20, 2017 at 07:49 AM
2

Hi Christoffer,

if jco.client.principal_name is null, this means that there is no user found in the security session context. This value is fetched by JCo from the SAP CP session. That auth_type is CURRENT_USER is caused by some technical reason and is actually correct when setting PrincipalPropagation in the destination. Is your application really protected by some authentication?

Best regards,
Markus

Share
10 |10000 characters needed characters left characters exceeded
Christoffer Fuss May 16 at 02:39 PM
1

Problem was fixed after an update of the Cloud Connector.

Share
10 |10000 characters needed characters left characters exceeded
Christoffer Fuss Jul 20, 2017 at 09:30 AM
0

Hi Markus,j

Thank you so much for your help.

My JAVA application is prtotected via the loginContext.

We are getting our Authentication from our Custom SAP Identity Managment Tenant (Principal Propagation is enabled).

The User P000001 is propagted to my JAVA application and set to jco.client.user (see scrennshot above)

Do you see any mistkae here?

                String user = request.getRemoteUser();
                //Authenticates the User
                if (user != null) {
                    responseWriter.println("User already there " + user);
                } 
                else {  
                  //authenticate the User    
                  LoginContext loginContext;
                  try {
                    loginContext = LoginContextFactory.createLoginContext("FORM");
                    loginContext.login();
                    //update the user
                    user = request.getRemoteUser();
                  } catch (LoginException e) {
                      responseWriter.println("Authentication failed");
                  } 
                } 
                // access the RFC Destination "JCoDemoSystem"
                JCoDestination destination=JCoDestinationManager.getDestination("dt1_datatrain_snc");
                JCoRepository repo=destination.getRepository();
                JCoFunction stfcConnection=repo.getFunction("STFC_CONNECTION");

                JCoParameterList imports=stfcConnection.getImportParameterList();
                imports.setValue("REQUTEXT", "SAP HANA Cloud connectivity runs with JCo");
                stfcConnection.execute(destination);
Share
10 |10000 characters needed characters left characters exceeded
Christoffer Fuss Jul 17, 2017 at 07:20 PM
0

My configuartion is working for HTTPS but not with RFC SNC. Is this maybe a problem with the JCo library??

Share
10 |10000 characters needed characters left characters exceeded
Christoffer Fuss Jul 19, 2017 at 04:03 PM
0

Her is the Erro Code from the log File in Cloud Cockpit:

2017 07 19 15:21:15#+00#WARN#com.sap.conn.jco##anonymous#https-jsse-nio-8041-exec-5#na#a71f9a2af#jcodev#web#a71f9a2af#[JCoAPI] JCoClient.connect { jco.destination.repository.snc_mode=0, jco.client.sysnr=10, jco.client.destination=dt1_datatrain_snc, jco.destination.one_roundtrip_repository=1, jco.client.type=a, Name=dt1_datatrain_snc, jco.destination.user_id=CFUSS, jco.client.lang=DE, jco.destination.userid=P000001, Type=RFC, jco.client.trace=1, jco.destination.auth_type=CURRENT_USER, propertiesProvider=destination for a current user configuration, jco.destination.pool_capacity=5, jco.client.client=100, jco.destination.repository.user=CFUSS, jco.destination.repository.passwd=*secret*, jco.client.ashost=dt1.datatrain.snc, jco.client.principal_name=null } failed with com.sap.conn.jco.JCoException: (103) JCO_ERROR_LOGON_FAILURE: Anmeldedaten unvollständig.

What I dont understand is, why is auth_type set to CURRENT_USER?? It is set to PrincipalPropagation in my destination, see screenshot above.

And why is jco.client.principal_name null??

Thanks in advance

Share
10 |10000 characters needed characters left characters exceeded
Christoffer Fuss Jul 20, 2017 at 02:34 PM
0

I tryed again with declarative authentication and get the same error:

<login-config>
  <auth-method>FORM</auth-method>
</login-config>
Show 2 Share
10 |10000 characters needed characters left characters exceeded

Did you get a authetication challenge?

Best regards,
Markus

0

Hi Markus,

what do you mean with authetication challenge? When I start my Application I am redirected to my IDP and after the Logon I get the userid "P000001" in my java application which is then set do my RFC Destination as userid. This is working fine but the problem is, that there is no mapping done to my SAP user. In transaction EXTID_DN i defined that my external user "P000001" schould use the SAP User CFUSS but this is not working. What is missing??

Thanks in advance

0
Christoffer Fuss Jul 30, 2017 at 09:53 PM
0

Hi Markus,

what do you mean with authetication challenge? When I start my Application I am redirected to my IDP and after the Logon I get the userid "P000001" in my java application which is then set do my RFC Destination as userid. This is working fine but the problem is, that there is no mapping done to my SAP user. In transaction EXTID_DN i defined that my external user "P000001" schould use the SAP User CFUSS but this is not working. What is missing??

Thanks in advance

Share
10 |10000 characters needed characters left characters exceeded
Christoffer Fuss Aug 08, 2017 at 09:46 AM
0

What I also dont understand is that the error occurs in client 000 and not in client 100 which was set in the destination.

Here is another screenshot from a RFC trace


screene.png (20.8 kB)
Share
10 |10000 characters needed characters left characters exceeded
Christoffer Fuss Aug 10, 2017 at 09:19 AM
0

I tried the same configuration with an other Backend System and getting a different error message now:

com.sap.conn.jco.JCoException: (103) JCO_ERROR_LOGON_FAILURE: Initialization of destination failed: Could not find a suitable SAP user for the SNC name of the caller

I specified the user mapping in transaction EXTID_DN. This mapping is working fine for HTTPS but not for RFC SNC.

Where is the difference?

Best Regards,

Chris

Share
10 |10000 characters needed characters left characters exceeded
Christoffer Fuss Aug 23, 2017 at 08:59 AM
0

The problem is still not solved. I am getting now a hort dump in my ABAP system:


dump.png (20.6 kB)
Share
10 |10000 characters needed characters left characters exceeded