cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Principal Propagation - PIAFUSER in Assertion Ticket

Former Member

on ‎08-14-2007 7:12 AM

0 Kudos

Hi,

I configured PP in SAP XI (NW 04s) SP 11 as it is discribed in

/people/alexander.bundschuh/blog/2007/01/16/principal-propagation-in-sap-xi

My scenario is

<b>SOAP Client</b> -SOAP,synch-> <b>SAP XI</b> -RFC,synch-> <b>SAP R/3 4.6c</b>

Due to my SOAP client can't generate assertion tickets, i tried to configure SAP XI to generates it during SOAP channel activity.

I added CreateAssertionTicket Login module with flag SUFFICIENT to SOAP adapter login modules stack (in visual admin, security provider)

Then I created user in SAP XI with my R/3's user login name

and user SOAP_user in SAP XI (there isn't user SOAP_user in SAP R/3).

When i sends messages from SOAP client as R/3 user scenario works.

When i sends messages from SOAP client as soap_user scenario works too, but it couldn't!

In transaction SM20 of SAP R/3 system I see user PIAFUSER (user PIAFUSER was created in SAP R/3).

In <i>security.log</i> i see records:

LOGIN.OK
User: SOAP_USER
Authentication Stack: sap.com/com.sap.aii.af.soapadapter*XISOAPAdapter

Login Module                                                            Flag        Initialize  Login      Commit     Abort      Details
com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   OPTIONAL    ok          true       true                  
com.sap.security.core.server.jaas.CreateAssertionTicketLoginModule      SUFFICIENT  ok          true       true                         
Central Checks                                                                                true 

LOGIN.OK
User: PIAFUSER
Authentication Stack: sap.com/com.sap.aii.af.ms.app*MessagingSystem

Login Module                                                            Flag        Initialize  Login      Commit     Abort      Details
com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule    SUFFICIENT  ok          true       true                  
com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok                     false                 
com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   REQUISITE   ok                     true                  
Central Checks                                                                                true

In <i>defaultTrace.trc</i> i see records :

   Default pool:Principal is null (application: sap.com/com.sap.aii.adapter.rfc.app);

   Principal received is PIAFUSER (application: sap.com/com.sap.aii.adapter.rfc.app);

   PP Pool:Principal is PIAFUSER (application: sap.com/com.sap.aii.adapter.rfc.app).

It seems like Assertion Ticket created but User in ticket is PIAFUSER.

How can I check user in Assertion Ticket?

And how can I solve this situation?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎05-31-2012 6:36 AM
0 Kudos

Hi Aleksey,

We are having the exact same problem with a SOAP to XI scenario on PI 7.10. Did you solve the problem and how?

Thanks for your reply in advance.

Frank Classens

Show replies
Show replies
Former Member
‎07-07-2015 5:46 PM
0 Kudos

Hi,

Were you able to flow your user thru the entire process?

Thanks!

Ask a Question