Skip to Content

Principal Propagation to an ABAP System via RFC SNC not Working

Hello community,

I am trying to call a RFC SNC destination in my Java application (Tomcat 8 runtime) and getting the following error:

com.sap.conn.jco.JCoException: (103) JCO_ERROR_LOGON_FAILURE: Initialization of destination dt1_datatrain_snc failed: Anmeldedaten unvollständig.

I followed all the steps of the offical documentation to configure SNC on my AS ABAP and on the Cloud Connector:

https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/c84d4d0b12d34890b334998185f49e88.html

My destination looks like this:

My user Mapping looks like this:

And my JAVA code looks like this:

JCoDestination destination=JCoDestinationManager.getDestination("dt1_datatrain_snc");
JCoRepository repo=destination.getRepository();
JCoFunction stfcConnection=repo.getFunction("STFC_CONNECTION");
JCoParameterList imports=stfcConnection.getImportParameterList();
imports.setValue("REQUTEXT", "SAP HANA Cloud connectivity runs with JCo");
 stfcConnection.execute(destination);

I have no idea what is goung wrong here??

Thanks in advance for help,

Christoffer Fuss

mq91x.png (27.3 kB)
dsooy.png (28.4 kB)
4twh7.png (21.9 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

12 Answers

  • Jul 20, 2017 at 07:49 AM

    Hi Christoffer,

    if jco.client.principal_name is null, this means that there is no user found in the security session context. This value is fetched by JCo from the SAP CP session. That auth_type is CURRENT_USER is caused by some technical reason and is actually correct when setting PrincipalPropagation in the destination. Is your application really protected by some authentication?

    Best regards,
    Markus

    Add comment
    10|10000 characters needed characters exceeded

  • May 16 at 02:39 PM

    Problem was fixed after an update of the Cloud Connector.

    Add comment
    10|10000 characters needed characters exceeded

  • Jul 20, 2017 at 09:30 AM

    Hi Markus,j

    Thank you so much for your help.

    My JAVA application is prtotected via the loginContext.

    We are getting our Authentication from our Custom SAP Identity Managment Tenant (Principal Propagation is enabled).

    The User P000001 is propagted to my JAVA application and set to jco.client.user (see scrennshot above)

    Do you see any mistkae here?

                    String user = request.getRemoteUser();
                    //Authenticates the User
                    if (user != null) {
                        responseWriter.println("User already there " + user);
                    } 
                    else {  
                      //authenticate the User    
                      LoginContext loginContext;
                      try {
                        loginContext = LoginContextFactory.createLoginContext("FORM");
                        loginContext.login();
                        //update the user
                        user = request.getRemoteUser();
                      } catch (LoginException e) {
                          responseWriter.println("Authentication failed");
                      } 
                    } 
                    // access the RFC Destination "JCoDemoSystem"
                    JCoDestination destination=JCoDestinationManager.getDestination("dt1_datatrain_snc");
                    JCoRepository repo=destination.getRepository();
                    JCoFunction stfcConnection=repo.getFunction("STFC_CONNECTION");
    
                    JCoParameterList imports=stfcConnection.getImportParameterList();
                    imports.setValue("REQUTEXT", "SAP HANA Cloud connectivity runs with JCo");
                    stfcConnection.execute(destination);
    Add comment
    10|10000 characters needed characters exceeded

  • Jul 17, 2017 at 07:20 PM

    My configuartion is working for HTTPS but not with RFC SNC. Is this maybe a problem with the JCo library??

    Add comment
    10|10000 characters needed characters exceeded

  • Jul 19, 2017 at 04:03 PM

    Her is the Erro Code from the log File in Cloud Cockpit:

    2017 07 19 15:21:15#+00#WARN#com.sap.conn.jco##anonymous#https-jsse-nio-8041-exec-5#na#a71f9a2af#jcodev#web#a71f9a2af#[JCoAPI] JCoClient.connect { jco.destination.repository.snc_mode=0, jco.client.sysnr=10, jco.client.destination=dt1_datatrain_snc, jco.destination.one_roundtrip_repository=1, jco.client.type=a, Name=dt1_datatrain_snc, jco.destination.user_id=CFUSS, jco.client.lang=DE, jco.destination.userid=P000001, Type=RFC, jco.client.trace=1, jco.destination.auth_type=CURRENT_USER, propertiesProvider=destination for a current user configuration, jco.destination.pool_capacity=5, jco.client.client=100, jco.destination.repository.user=CFUSS, jco.destination.repository.passwd=*secret*, jco.client.ashost=dt1.datatrain.snc, jco.client.principal_name=null } failed with com.sap.conn.jco.JCoException: (103) JCO_ERROR_LOGON_FAILURE: Anmeldedaten unvollständig.

    What I dont understand is, why is auth_type set to CURRENT_USER?? It is set to PrincipalPropagation in my destination, see screenshot above.

    And why is jco.client.principal_name null??

    Thanks in advance

    Add comment
    10|10000 characters needed characters exceeded

  • Jul 20, 2017 at 02:34 PM

    I tryed again with declarative authentication and get the same error:

    <login-config>
      <auth-method>FORM</auth-method>
    </login-config>
    Add comment
    10|10000 characters needed characters exceeded

    • Hi Markus,

      what do you mean with authetication challenge? When I start my Application I am redirected to my IDP and after the Logon I get the userid "P000001" in my java application which is then set do my RFC Destination as userid. This is working fine but the problem is, that there is no mapping done to my SAP user. In transaction EXTID_DN i defined that my external user "P000001" schould use the SAP User CFUSS but this is not working. What is missing??

      Thanks in advance

  • Jul 30, 2017 at 09:53 PM

    Hi Markus,

    what do you mean with authetication challenge? When I start my Application I am redirected to my IDP and after the Logon I get the userid "P000001" in my java application which is then set do my RFC Destination as userid. This is working fine but the problem is, that there is no mapping done to my SAP user. In transaction EXTID_DN i defined that my external user "P000001" schould use the SAP User CFUSS but this is not working. What is missing??

    Thanks in advance

    Add comment
    10|10000 characters needed characters exceeded

  • Aug 08, 2017 at 09:46 AM

    What I also dont understand is that the error occurs in client 000 and not in client 100 which was set in the destination.

    Here is another screenshot from a RFC trace

    Add comment
    10|10000 characters needed characters exceeded

  • Aug 10, 2017 at 09:19 AM

    I tried the same configuration with an other Backend System and getting a different error message now:

    com.sap.conn.jco.JCoException: (103) JCO_ERROR_LOGON_FAILURE: Initialization of destination failed: Could not find a suitable SAP user for the SNC name of the caller

    I specified the user mapping in transaction EXTID_DN. This mapping is working fine for HTTPS but not for RFC SNC.

    Where is the difference?

    Best Regards,

    Chris

    Add comment
    10|10000 characters needed characters exceeded

  • Aug 23, 2017 at 08:59 AM

    The problem is still not solved. I am getting now a hort dump in my ABAP system:

    Add comment
    10|10000 characters needed characters exceeded