Skip to Content
0

SSO Error on Fiori Launchpad

Apr 10 at 06:41 PM

78

avatar image

Hi Friends,

We have a Fiori Launchpad set up to host custom UI5 apps. This is a embedded architecture with Gateway and ECC on the same box. We are often facing an issue with Client cache and cookies in browsers where the users get the below error. " SSO Logon not possible ,logon ticket cannot be accepted. Clearly this is an issue with the browser cache since if the session is opened in an Incognito mode or if the cache is cleared manually then this error is gone. But there are more than 10,000 users accessing the fiori launchpad and its not feasible to ask them to clear the cache and Incognito is not recommended practice.

Can any one suggest any resolution for such type of issue ?

image-3.png (822.1 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Yogesh Patel
Apr 10 at 07:01 PM
0

Hello Santosh Kumar Adapa,

You better start your investigation looking from link below.

Wiki page: https://wiki.scn.sap.com/wiki/display/NWTech/SSO+logon+not+possible+-+issue+with+logon+tickets

Thank you

Yogesh

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Thanks for the references. Based on one of the links the below seems to be our issue

However in my case the client does not want to ask the users to clear their cache so i am looking for ways to do this in another way.

capture.png (8.3 kB)
0

Hello Santosh Kumar Adapa,

Please look in to your EWA what you have setup...

I am pasting content from EWA as below

------------------------------

SAP Fiori Cache Buster Activation

Recommendation: Activate the service /sap/bc/ui2/flp in transaction SICF to activate the cache buster for SAP Fiori.
Please note that to use the cache buster mechanism, you need to call the SAP Fiori launchpad with one of the
following URLs:
https://<server>:<port>/sap/bc/ui2/flp/
https://<server>:<port>/sap/bc/ui2/flp/index.html
https://<server>:<port>/sap/bc/ui2/flp/FioriLaunchpad.html

It is also possible to maintain a custom URL (via SICF external alias) as described here: Customize the Launchpad
URL

Background:

Web browsers store static resources like JavaScript files, stylesheets, and images in the browser cache. When these
resources are changed on the server in a software upgrade, you want the browser to load the new resources from the
server rather than from the cache, without having to manually clear the browser cache.
Cache buster techniques cause Web browsers to load content from the server rather than from the browser cache
when new resources are available on the server.
You can find the latest information about the cache buster for SAP Fiori components in SAP Note 2043432.

------------------------------

0
Heli Patel
Apr 13 at 02:08 PM
0
Share
10 |10000 characters needed characters left characters exceeded
Lutz Rottmann Apr 17 at 12:51 PM
0

Hi Santosh Kumar Adapa,

I think this is a typical problem when hopping from DEV to QA to PRD system in one browser session. In this case MYSAPSSO2-Cookie from DEV is sent to QA and PROD and the other way round.

Since you seem to have a single system scenario, try to set profile parameter to login/ticket_only_to_host = 1. This will prevent the MYSAPSSO cookie from being sent to all systems of your DNS-domain and will bind it to the original host only.

If there are other systems in your DNS-Domain (SolMan, Portal, ...) issuing MYSAPSSO2 tickets, try to limit the cookie domain the same way if possible. Or think about trusting each other's logins and configure trust on transaction STRUSTSSO2 level. Or make one of the system the SSO master everybody has to authenticate to (classic portal scenario style). This very much depends on your landscape.

Regards, Lutz

Share
10 |10000 characters needed characters left characters exceeded