Skip to Content
author's profile photo Former Member
Former Member

SSO between R/3 and Web Server Filter is not working

Hi all,

I have to configure SSO to access from SAP R/3 to a third-party web application through Web Server Filter.

R/3  WSF  3rdParty App

I think everything is configured properly, but when I issue the http request from R/3 to WSF I get the following error in sapsso.log file in apache server:

======================================================

-

-


trc file: "/usr/local/app/apache/sapsso.log", trc level: 3, release: "620"

-

-


Thu Nov 29 13:44:40 2007

Webserver Ticket Filter Release Version 5.0.2.8

Loading of the props returned 0=OK.

Max cache size = 0

Initialization done.

Checking validity...

Ticket Validation Error: expired.

Checking validity...

Ticket Validation Error: expired.

Checking validity...

Ticket Validation Error: expired.

Checking validity...

Ticket Validation Error: expired.

Checking validity...

Ticket Validation Error: expired.

Checking validity...

Ticket Validation Error: expired.

======================================================

And in the error_log file of the apache http server there’s the following:

======================================================

proxy_cache.c(969): No CacheRoot, so no caching. Declining.

proxy_http.c(586): Content-Type: (null)

Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA...

Got date from ticket.

Cur time = 200711291244.

Computing validity in hours.

Computing validity in minutes.

CurTime_t = 1196426640, CreTime_t = -496601312

validity: 216000, difference: 1693027952.000.

proxy_cache.c(969): No CacheRoot, so no caching. Declining.

proxy_http.c(586): Content-Type: (null)

Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA...

Got date from ticket.

Cur time = 200711291244.

Computing validity in hours.

Computing validity in minutes.

CurTime_t = 1196426640, CreTime_t = -496601312

validity: 216000, difference: 1693027952.000.

proxy_cache.c(969): No CacheRoot, so no caching. Declining.

proxy_http.c(586): Content-Type: (null)

Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA...

Got date from ticket.

Cur time = 200711291244.

Computing validity in hours.

Computing validity in minutes.

CurTime_t = 1196426640, CreTime_t = -496601312

validity: 216000, difference: 1693027952.000.

proxy_cache.c(969): No CacheRoot, so no caching. Declining.

proxy_http.c(586): Content-Type: (null)

======================================================

It seems like there isn’t the date in the ticket issued by SAP R/3. However, I tried to configure sso between the same R/3 server and an EP and worked fine.

I also tried to decrypt the ticket issued by R/3 but I get a segmentation fault.

Does anyone can help me?

Thanks in advance.

Roger Allué i Vall

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Posted on Nov 29, 2007 at 04:13 PM

    Can you please tell us what you actually intend to achieve?

    As you have a WebAS ABAP system (6.40?) which is able to act as http(s) client one question is: why do you use the Web Server Filter to access the 3rd Party Application (indirectly) - why not accessing the application straight ?

    Which kind of authentication is expected / demanded by the 3rd Party Application? What kind of application framework is hosting that application?

    Important question: which component acts as http client - the browser or the WebAS ABAP?

    Add a comment
    10|10000 characters needed characters exceeded

    • No, that's not related at all.

      First, the ticket is parsed. Only afterwards, the digital signature is verified.

      (Notice: the ticket is <u>not</u> encrypted, but digitally signed)

      ABAP systems always use DSA certificates to perform the digital signature operations. For interoperability reasons Java systems should also only use DSA certificates (and no RSA certificates) when dealing with SAP Logon Tickets.

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.