Skip to Content
0
Former Member
Jun 26, 2008 at 07:01 PM

J2EE to ABAP SSO issue

50 Views

Gurus,

I'm having an issue with my Java to ABAP SSO connection for my Dual-Stack KW system.

Here's the process I have taken:

1) Created new Ticket Key Pair for the Java Stack.

2) Changed the client of the Java Stack to something other than 000.

3) Set the following abap profiles:

login/accept_sso2_ticket = 1

login/create_sso2_ticket = 0

icm/host_name_full = <host>

4) Exported the Ticket from Java

5) Imported ticket in STRUSTSSO2, added to cert. list, added to ACL.

6) Ensured userid exists in both java and abap system.

After getting SSO error message, I ran security trace on dialog WP's. Here is the result:

Got content client = 000.

Got content sysid = EKM .

No entry in TWPSSO2ACL for SYS EKM and CLI 000.

CheckSubject failed (rc=19). Verifying if ticket was issued by me.

  • ERROR => System ID and client from ticket are not the same than mine. [ssoxxkrn.c 1061]

Data from ticket: sysid=EKM , client=000

My system data: sysid=EKM , client=013

  • ERROR => Neither was ticket issued by myself nor can I find issuer in TWPSSO2ACL (see note 1055856). [ssoxxkrn.c 1067]

dy_signi_ext: issuer not trusted

  • ERROR => dy_signi_ext: ticket contained empty 'ABAP userID' -> logon fails! [sign.c 10352]

I ensured that I have an entry in TWPSSO2ACL via SE16 in both client 000 and 013.

Any ideas on where the error is?

Thanks,

Jeff