cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO Error on Fiori Launchpad

Former Member

on ‎04-10-2018 7:41 PM

0 Kudos

Hi Friends,

We have a Fiori Launchpad set up to host custom UI5 apps. This is a embedded architecture with Gateway and ECC on the same box. We are often facing an issue with Client cache and cookies in browsers where the users get the below error. " SSO Logon not possible ,logon ticket cannot be accepted. Clearly this is an issue with the browser cache since if the session is opened in an Incognito mode or if the cache is cleared manually then this error is gone. But there are more than 10,000 users accessing the fiori launchpad and its not feasible to ask them to clear the cache and Incognito is not recommended practice.

Can any one suggest any resolution for such type of issue ?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

LutzR
Active Contributor
‎04-17-2018 1:51 PM
0 Kudos

Hi Santosh Kumar Adapa,

I think this is a typical problem when hopping from DEV to QA to PRD system in one browser session. In this case MYSAPSSO2-Cookie from DEV is sent to QA and PROD and the other way round.

Since you seem to have a single system scenario, try to set profile parameter to login/ticket_only_to_host = 1. This will prevent the MYSAPSSO cookie from being sent to all systems of your DNS-domain and will bind it to the original host only.

If there are other systems in your DNS-Domain (SolMan, Portal, ...) issuing MYSAPSSO2 tickets, try to limit the cookie domain the same way if possible. Or think about trusting each other's logins and configure trust on transaction STRUSTSSO2 level. Or make one of the system the SSO master everybody has to authenticate to (classic portal scenario style). This very much depends on your landscape.

Regards, Lutz

Show replies
Show replies
Former Member
‎04-13-2018 3:08 PM
0 Kudos

See if implmenting cache buster is an option: https://help.sap.com/saphelp_uiaddon20/helpdata/en/4c/fe7eff3001447a9d4b0abeaba95166/frameset.htm

Show replies
Show replies
patelyogesh
Active Contributor
‎04-10-2018 8:01 PM
0 Kudos

Hello Santosh Kumar Adapa,

You better start your investigation looking from link below.

Wiki page: https://wiki.scn.sap.com/wiki/display/NWTech/SSO+logon+not+possible+-+issue+with+logon+tickets

Thank you

Yogesh

Show replies
Show replies
Former Member
‎04-11-2018 10:27 PM
0 Kudos

Thanks for the references. Based on one of the links the below seems to be our issue

However in my case the client does not want to ask the users to clear their cache so i am looking for ways to do this in another way.

patelyogesh
Active Contributor
‎04-20-2018 8:32 PM
0 Kudos

Hello Santosh Kumar Adapa,

Please look in to your EWA what you have setup...

I am pasting content from EWA as below

------------------------------

SAP Fiori Cache Buster Activation

Recommendation: Activate the service /sap/bc/ui2/flp in transaction SICF to activate the cache buster for SAP Fiori.
Please note that to use the cache buster mechanism, you need to call the SAP Fiori launchpad with one of the
following URLs:
https://<server>:<port>/sap/bc/ui2/flp/
https://<server>:<port>/sap/bc/ui2/flp/index.html
https://<server>:<port>/sap/bc/ui2/flp/FioriLaunchpad.html

It is also possible to maintain a custom URL (via SICF external alias) as described here: Customize the Launchpad
URL

Background:

Web browsers store static resources like JavaScript files, stylesheets, and images in the browser cache. When these
resources are changed on the server in a software upgrade, you want the browser to load the new resources from the
server rather than from the cache, without having to manually clear the browser cache.
Cache buster techniques cause Web browsers to load content from the server rather than from the browser cache
when new resources are available on the server.
You can find the latest information about the cache buster for SAP Fiori components in SAP Note 2043432.

------------------------------

Ask a Question