Skip to Content
avatar image
Former Member

Issuer of SSO ticket is not authorized

Hi Experts,

we have a problem with the logon ticket.

For the BI ABAP+Java stack installtion we given the same SID for both the systems.

After the installation of BI Java we run the standard post BI implementation steps. At this time due to the BI ABAP and Java systems same SID we took the precaution in BI java side and we changed the ume service --> login.ticket_client parameter value to 100 (non existing client) instead of j2ee default 000 value.

Then we regenarated the portal certificate and import it into ABAP side and vice versa.

But when we logon to the portal and run any BW iview we are getting error message "Issuer of SSO ticket is not authorized"

Caused by:

com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: Issuer of SSO ticket is not authorized

Can anyone help me to fix this problem.

ADV Thanks

Ravi.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    avatar image
    Former Member
    Feb 23, 2011 at 10:25 AM

    please do the following:

    DELETE EXPIRED PORTAL CERTIFICATE IN ABAP:

    ABAP System:

    TA: STRUSTSSO2

    Delete all expired J2EE certificates u201CCN=<SID>, OU=J2EEu201D in u201CSystem PSEu201D and u201CSSL server Standardu201D

    GENERATE AND EXPORT PORTAL CERTIFICATE:

    Go to Visual Administrator

    Choose <SID> - Server - Services - Key Storage - from the tree Select the view TicketKeystore under Views

    If the SAPLogonTicketKeypair exist, delete it.

    If the SAPLogonTicketKeypair-cert exist, delete it.

    Generate a portal certificate using the following steps:

    Under Entry choose Create.

    Enter the folowing values in u201CKey and Certificate Generationu201D

    Organization Unit Name (OU) = J2EE

    Common Name (CN) = <SID>

    Entry Name = SAPLogonTicketKeypair

    Store Certificate: X

    Algorithm: DSA

    Click u201CGenerateu201D

    IMPORT PORTAL CERTIFICATE IN ABAP

    TA: STRUSTSSO2

    System PSE:

    u201CImport Certificateu201D - Choose your exported .crt file - File format = Binary

    Click u201CAdd to Certificate Listu201D

    Click u201CAdd to ACLu201D - System ID = <SID>, Client = 000

    save it.

    SSL server Standard:

    u201CImport Certificateu201D - Choose your exported .crt file - File format = Binary

    Only click u201CAdd to Certificatre Listu201D

    save it.

    ensure that u restart the ICM (TA: SMICM).

    Maybe you have also restart your ABAP+JAVA instance.

    ...had the same problem. The steps above solves the problems.

    Add comment
    10|10000 characters needed characters exceeded

  • May 29, 2008 at 10:21 AM

    Hi Ravi,

    When you import the certificate into you BI system, be sure to set the client number to 100 in the ACL (STRUSTSSO2, step 9 in http://help.sap.com/saphelp_nw04/helpdata/en/78/f1a8490e7011d6999500508b6b8a93/frameset.htm).

    Hope it helps

    Detlev

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 29, 2008 at 11:31 PM

    Hi Ravi,

    As you say that you have provided the client as 100 is ACL, this error shoudt occur.

    But in BI system there is chance of thins happening,if the CN is same for the ABAP and java stack.

    I too faced similar issue in my BI-Portal integration.

    I suggest delete the delete the ticket of the portal and generate a new ticket with CN name as different.

    For example: CN-<Hostname_port>

    Then export the certificate and import it to ABAP again.Here the SID should be the SID of your Portal,, which is same as ur abab in your case and client as 100.

    Also run tcode ss02 after the import and check everything is green there.

    Then check that your SSO is working fine or not. Through the following path.

    Login into portal with admin rights->system administratiom->Support->SAP application->Transaction->select the system alias and give any tcode,, select GUI for windows, press enter.

    If SSO is fine it should login you into the backend and display the tcode you specified.

    If your SSO is not fine it will clrealy display you the reason there.

    Hope helps.

    Thanks

    Santhosh

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 30, 2008 at 06:51 AM

    Ravi,

    Delete the existing certificate in BI System and recreate the new certificate and try it out.

    Have you tried with adding client 000 in your ACL?

    Your CN name of Portal and BI should be unique.

    Check out this step by step procedure for connecting BI with Portal:

    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/business-intelligence/g-i/integration%20of%20sap%20bi%2070%20-%20sap%20ep%2070.pdf

    Regards,

    Karthick Eswaran

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      You can also use the report RSPOR_SETUP for checking the configuration of the integration between BI and the Portal.

      It can be executed using transaction SA38.

      The report has two main purposes:

      1. It helps administrators in setting up BI Information Broadcasting.

      2. It provides various checks to ensure that an existing setup is correct and all necessary steps were done.