on 08-14-2007 7:12 AM
Hi,
I configured PP in SAP XI (NW 04s) SP 11 as it is discribed in
/people/alexander.bundschuh/blog/2007/01/16/principal-propagation-in-sap-xi
My scenario is
<b>SOAP Client</b> -SOAP,synch-> <b>SAP XI</b> -RFC,synch-> <b>SAP R/3 4.6c</b>
Due to my SOAP client can't generate assertion tickets, i tried to configure SAP XI to generates it during SOAP channel activity.
I added CreateAssertionTicket Login module with flag SUFFICIENT to SOAP adapter login modules stack (in visual admin, security provider)
Then I created user in SAP XI with my R/3's user login name
and user SOAP_user in SAP XI (there isn't user SOAP_user in SAP R/3).
When i sends messages from SOAP client as R/3 user scenario works.
When i sends messages from SOAP client as soap_user scenario works too, but it couldn't!
In transaction SM20 of SAP R/3 system I see user PIAFUSER (user PIAFUSER was created in SAP R/3).
In <i>security.log</i> i see records:
LOGIN.OK
User: SOAP_USER
Authentication Stack: sap.com/com.sap.aii.af.soapadapter*XISOAPAdapter
Login Module Flag Initialize Login Commit Abort Details
com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule OPTIONAL ok true true
com.sap.security.core.server.jaas.CreateAssertionTicketLoginModule SUFFICIENT ok true true
Central Checks true
LOGIN.OK
User: PIAFUSER
Authentication Stack: sap.com/com.sap.aii.af.ms.app*MessagingSystem
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule SUFFICIENT ok true true
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false
com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok true
Central Checks true
In <i>defaultTrace.trc</i> i see records :
Default pool:Principal is null (application: sap.com/com.sap.aii.adapter.rfc.app);
Principal received is PIAFUSER (application: sap.com/com.sap.aii.adapter.rfc.app);
PP Pool:Principal is PIAFUSER (application: sap.com/com.sap.aii.adapter.rfc.app).
It seems like Assertion Ticket created but User in ticket is PIAFUSER.
How can I check user in Assertion Ticket?
And how can I solve this situation?
Hi Aleksey,
We are having the exact same problem with a SOAP to XI scenario on PI 7.10. Did you solve the problem and how?
Thanks for your reply in advance.
Frank Classens
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.