Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

J2EE to ABAP SSO issue

Former Member
0 Kudos

Gurus,

I'm having an issue with my Java to ABAP SSO connection for my Dual-Stack KW system.

Here's the process I have taken:

1) Created new Ticket Key Pair for the Java Stack.

2) Changed the client of the Java Stack to something other than 000.

3) Set the following abap profiles:

login/accept_sso2_ticket = 1

login/create_sso2_ticket = 0

icm/host_name_full = <host>

4) Exported the Ticket from Java

5) Imported ticket in STRUSTSSO2, added to cert. list, added to ACL.

6) Ensured userid exists in both java and abap system.

After getting SSO error message, I ran security trace on dialog WP's. Here is the result:

Got content client = 000.

Got content sysid = EKM .

No entry in TWPSSO2ACL for SYS EKM and CLI 000.

CheckSubject failed (rc=19). Verifying if ticket was issued by me.

      • ERROR => System ID and client from ticket are not the same than mine. [ssoxxkrn.c 1061]

Data from ticket: sysid=EKM , client=000

My system data: sysid=EKM , client=013

      • ERROR => Neither was ticket issued by myself nor can I find issuer in TWPSSO2ACL (see note 1055856). [ssoxxkrn.c 1067]

dy_signi_ext: issuer not trusted

      • ERROR => dy_signi_ext: ticket contained empty 'ABAP userID' -> logon fails! [sign.c 10352]

I ensured that I have an entry in TWPSSO2ACL via SE16 in both client 000 and 013.

Any ideas on where the error is?

Thanks,

Jeff

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Hi

There may be the case:

As you have changed your default client from 000 to other client (013). So please check the configuration changes that you have done for the Java end to change the client. As the Java system is still generating the tickets for 000 client only.

Check these:

/people/kristoffer.engh2/blog/2007/05/18/single-sign-on-with-portal-to-sap-backend-systems

/thread/568089 [original link is broken]

Note 701205 - Single Sign-On using SAP Logon Tickets

2 REPLIES 2

Former Member
0 Kudos

Hi

There may be the case:

As you have changed your default client from 000 to other client (013). So please check the configuration changes that you have done for the Java end to change the client. As the Java system is still generating the tickets for 000 client only.

Check these:

/people/kristoffer.engh2/blog/2007/05/18/single-sign-on-with-portal-to-sap-backend-systems

/thread/568089 [original link is broken]

Note 701205 - Single Sign-On using SAP Logon Tickets

0 Kudos

Deepak,

Thanks for your guidance.

My problem turned out that I changed the j2ee parameter login.ticket_client in the instance as instructed in one of the SAP manuals. However, I had to change it globally. After that, SSO worked great!

Thanks,

Jeff Martens