Skip to Content
0
Former Member
Sep 20, 2007 at 08:29 PM

OSS note 701205 SSO Using sap logon tickets dual stack environment

333 Views

Hi I recently upgraded from BW 3.x to NW2004s BI 7.0 SP12. I am trying to set up BEx Web integration. I created a system in the portal that has Authentication Ticket Type = SAP Assertion Ticket, BI Master system set to true , Logon Method = SAPLOGONTICKET and gave it a system alias of SAP_BW. Via The visual admin tool, I created the SAPLogonTicketKeypair and Keypair-cert using a Common Name = ABC. I understand that in a dual stack situation the Portal SID cannot be the same as the ABAP sid. I imported the portal cert into BI Using STRUSTSSO2, added the cert to the certificate list and added it to the ACL. Now, when I try connection tests on my SAP_BW system in the portal it fails. I turned on tracing in SM50 to level 3, security only. This is what I see in the logs of the dialog process:

dy_signi_ext: SSO TICKET logon (client 090)

mySAPUnwrapCookie: was called.

HmskiFindTicketInCache: Trying to find logon ticket in ticket cache.

HmskiFindTicketInCache: Try to find ticket with cache key: 090:90BA87457002F62A1F3317888C62CDEC .

HmskiFindTicketInCache: Couldn't find ticket in ticket cache

<snip>

Got content client = 999.

N Got content sysid = BWP .

N No entry in TWPSSO2ACL for SYS BWP and CLI 999.

N CheckSubject failed (rc=19). Verifying if ticket was issued by me.

N *** ERROR => System ID and client from ticket are not the same than mine. [ssoxxkrn.c 841]

N Data from ticket: sysid=BWP , client=999

N My system data: sysid=BWP , client=090

N *** ERROR => Neither was ticket issued by myself nor can I find issuer in TWPSSO2ACL.

So why is the portal sending sysid=BWP and not the common name ABC? Or is there another parameter where I can change the portal sid?

I asked SAP via an OSS message and they said that the ABAP stack has to be 1 level higher than the Java Stack. Unfortunately, SP13 hasn't been released yet