cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to setup SSO SOLMAN 7.2 JAVA managed system

Former Member

on ‎11-08-2016 12:59 PM

0 Kudos

Hello,

we have a problem with configuration of JAVA managed system in Solution Manager 7.2 - it is Solman's JAVA stack. On Finalize configuration, step Set Up Single Sign-On there is following error:

java.rmi.RemoteException: java.lang.SecurityException: User 'hostname.domain.local' does not have permission for the security operation!; nested exception is:
java.lang.SecurityException: java.lang.SecurityException: User 'hostname.domain.local' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:81)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:71)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:266)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:482)
at com.sap.engine.services.rmi_p4.server.ServerDispatchImpl.run(ServerDispatchImpl.java:81)
at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:72)
at com.sap.engine.services.rmi_p4.P4Message.execute(P4Message.java:43)
at com.sap.engine.services.cross.fca.FCAConnectorImpl.executeRequest(FCAConnectorImpl.java:1055)
at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:59)
at com.sap.engine.services.cross.fca.MessageReader.run(MessageReader.java:55)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by: java.lang.SecurityException: java.lang.SecurityException: User

'hostname.domain.local' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:109)
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:86)
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:79)
... 12 more
Caused by: java.lang.SecurityException: User 'hostname.domain.local' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:105)
... 14 more

Strange thing is the USER - 'hostname.domain.local' instead of username.

Thanks.

Show replies
Show replies
patelyogesh
Active Contributor
‎11-14-2016 3:41 PM

Hello Michal,

We have same issue with our one of the solution manager and we have HIGH priority message open with SAP but they are not able to find solution for this issue from last 2 months.

Good luck.. Look at attachment

I will keep you posted if I find solution from them

Cheers,

Yogesh

Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member
‎02-13-2017 8:17 AM

Hi Martene, log to the NWA, select Configuration, then Authentication and Single Sign-On. Select "SAP-J2EE-Engine" Policy configuration and in details there are Login Modules with Move Up and Down buttons. In my case moving "

com.sap.engine.services.security.server.jaas.ClientCertLoginModule" to bottom solved the issue.

Show replies
Show replies
patelyogesh
Active Contributor
‎02-27-2017 4:39 PM

Yes this was the solution from SAP

-Yogesh

Former Member
‎08-25-2017 12:04 PM

Hi Michal,

You can easy overcome this issue by simply adding the role SAP_J2EE_ADMIN to the user account created for the SPML service execution.

The user account credentials are input during step 4 of the Managed System Configuration Solution Manager wizard.

Take a look at SAP notes, for a better alternative:

Show replies
Show replies
Former Member
‎02-04-2017 8:51 PM

Hi Yogesh and Michal, I have now the same problem as you both.
* Yogesh, I tried your solution, but it does not work in my case.
* Michal, could you please explain what I have to do exactly to move the login module com.sap.engine.services.security.server.jaas.ClientCertLoginModule down in list in NWA? I do not understand what to do exactly.
Thanks a lot, MK

Show replies
Show replies
patelyogesh
Active Contributor
‎01-04-2017 9:22 PM

Hello,

This is also one of the solution...

Open the NetWeaver Administrator
Go to tab ‘Configuration’ and select ‘Identity Management’
Select ‘Groups’ as Search Criteria and enter ‘SAP_RCA_AGT_CONN’ as group name
Press ‘Go’
Select the now displayed group
Go to tab ‘Assign Roles’ and press ‘Modify’
Search for ‘Administrator’
Select the role and press ‘Add’
Press ‘Save’

Now you can execute the SSO configuration step.

One more SAP note :

2400079 - Byte Code Adapter Installation ends in error: "Failed to connect via p4 channel - com.sap.smdagent.vmmanager.VMManagerException: Failed to use JMX service

-Yogesh

Show replies
Show replies
Former Member
‎12-22-2016 11:21 AM

Hello,

I solved the issue myself :

problem was solved by moving login module com.sap.engine.services.security.server.jaas.ClientCertLoginModule down in list in NWA (setting lower priority). I suppose, that this module is responsible for creating virtual user "hostname.domain.local", which have not required authorizations for the operation. After that, correct user SM_ADMIN_BSM is used and everything is working as expected.

Show replies
Show replies
Ask a Question