Skip to Content
0

How to setup SSO SOLMAN 7.2 JAVA managed system

Nov 08, 2016 at 12:59 PM

1.1k

avatar image
Former Member

Hello,

we have a problem with configuration of JAVA managed system in Solution Manager 7.2 - it is Solman's JAVA stack. On Finalize configuration, step Set Up Single Sign-On there is following error:

java.rmi.RemoteException: java.lang.SecurityException: User 'hostname.domain.local' does not have permission for the security operation!; nested exception is:
java.lang.SecurityException: java.lang.SecurityException: User 'hostname.domain.local' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:81)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:71)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:266)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:482)
at com.sap.engine.services.rmi_p4.server.ServerDispatchImpl.run(ServerDispatchImpl.java:81)
at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:72)
at com.sap.engine.services.rmi_p4.P4Message.execute(P4Message.java:43)
at com.sap.engine.services.cross.fca.FCAConnectorImpl.executeRequest(FCAConnectorImpl.java:1055)
at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:59)
at com.sap.engine.services.cross.fca.MessageReader.run(MessageReader.java:55)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by: java.lang.SecurityException: java.lang.SecurityException: User

'hostname.domain.local' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:109)
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:86)
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:79)
... 12 more
Caused by: java.lang.SecurityException: User 'hostname.domain.local' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:105)
... 14 more

Strange thing is the USER - 'hostname.domain.local' instead of username.

Thanks.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

6 Answers

avatar image
Former Member Feb 13, 2017 at 08:17 AM
2

Hi Martene, log to the NWA, select Configuration, then Authentication and Single Sign-On. Select "SAP-J2EE-Engine" Policy configuration and in details there are Login Modules with Move Up and Down buttons. In my case moving "

com.sap.engine.services.security.server.jaas.ClientCertLoginModule" to bottom solved the issue.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Yes this was the solution from SAP

-Yogesh

0
avatar image
Former Member Feb 04, 2017 at 08:51 PM
1

Hi Yogesh and Michal, I have now the same problem as you both.
* Yogesh, I tried your solution, but it does not work in my case.
* Michal, could you please explain what I have to do exactly to move the login module com.sap.engine.services.security.server.jaas.ClientCertLoginModule down in list in NWA? I do not understand what to do exactly.
Thanks a lot, MK

Share
10 |10000 characters needed characters left characters exceeded
Yogesh Patel
Nov 14, 2016 at 03:41 PM
0

Hello Michal,

We have same issue with our one of the solution manager and we have HIGH priority message open with SAP but they are not able to find solution for this issue from last 2 months.

Good luck.. Look at attachment

I will keep you posted if I find solution from them

Cheers,

Yogesh


Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Dec 22, 2016 at 11:21 AM
0

Hello,

I solved the issue myself :

problem was solved by moving login module com.sap.engine.services.security.server.jaas.ClientCertLoginModule down in list in NWA (setting lower priority). I suppose, that this module is responsible for creating virtual user "hostname.domain.local", which have not required authorizations for the operation. After that, correct user SM_ADMIN_BSM is used and everything is working as expected.

Share
10 |10000 characters needed characters left characters exceeded
Yogesh Patel
Jan 04, 2017 at 09:22 PM
0

Hello,

This is also one of the solution...

Open the NetWeaver Administrator
Go to tab ‘Configuration’ and select ‘Identity Management’
Select ‘Groups’ as Search Criteria and enter ‘SAP_RCA_AGT_CONN’ as group name
Press ‘Go’
Select the now displayed group
Go to tab ‘Assign Roles’ and press ‘Modify’
Search for ‘Administrator’
Select the role and press ‘Add’
Press ‘Save’

Now you can execute the SSO configuration step.

One more SAP note :

2400079 - Byte Code Adapter Installation ends in error: "Failed to connect via p4 channel - com.sap.smdagent.vmmanager.VMManagerException: Failed to use JMX service

-Yogesh

Share
10 |10000 characters needed characters left characters exceeded
Bruno Pereira Aug 25, 2017 at 11:04 AM
0

Hi Michal,

You can easy overcome this issue by simply adding the role SAP_J2EE_ADMIN to the user account created for the SPML service execution.

The user account credentials are input during step 4 of the Managed System Configuration Solution Manager wizard.

Take a look at SAP notes, for a better alternative:


Share
10 |10000 characters needed characters left characters exceeded