Skip to Content
avatar image
Former Member

How to setup SSO SOLMAN 7.2 JAVA managed system

Nov 08, 2016 at 12:59 PM | 1.4k Views

Hello,

we have a problem with configuration of JAVA managed system in Solution Manager 7.2 - it is Solman's JAVA stack. On Finalize configuration, step Set Up Single Sign-On there is following error:

java.rmi.RemoteException: java.lang.SecurityException: User 'hostname.domain.local' does not have permission for the security operation!; nested exception is:
java.lang.SecurityException: java.lang.SecurityException: User 'hostname.domain.local' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:81)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:71)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:266)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:482)
at com.sap.engine.services.rmi_p4.server.ServerDispatchImpl.run(ServerDispatchImpl.java:81)
at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:72)
at com.sap.engine.services.rmi_p4.P4Message.execute(P4Message.java:43)
at com.sap.engine.services.cross.fca.FCAConnectorImpl.executeRequest(FCAConnectorImpl.java:1055)
at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:59)
at com.sap.engine.services.cross.fca.MessageReader.run(MessageReader.java:55)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by: java.lang.SecurityException: java.lang.SecurityException: User

'hostname.domain.local' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:109)
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:86)
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:79)
... 12 more
Caused by: java.lang.SecurityException: User 'hostname.domain.local' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:105)
... 14 more

Strange thing is the USER - 'hostname.domain.local' instead of username.

Thanks.

SAP Solution Manager
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

6 Answers

  • avatar image
    Former Member
    Feb 13, 2017 at 08:17 AM

    Hi Martene, log to the NWA, select Configuration, then Authentication and Single Sign-On. Select "SAP-J2EE-Engine" Policy configuration and in details there are Login Modules with Move Up and Down buttons. In my case moving "

    com.sap.engine.services.security.server.jaas.ClientCertLoginModule" to bottom solved the issue.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 04, 2017 at 08:51 PM

    Hi Yogesh and Michal, I have now the same problem as you both.
    * Yogesh, I tried your solution, but it does not work in my case.
    * Michal, could you please explain what I have to do exactly to move the login module com.sap.engine.services.security.server.jaas.ClientCertLoginModule down in list in NWA? I do not understand what to do exactly.
    Thanks a lot, MK

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Yogesh Patel
    Nov 14, 2016 at 03:41 PM

    Hello Michal,

    We have same issue with our one of the solution manager and we have HIGH priority message open with SAP but they are not able to find solution for this issue from last 2 months.

    Good luck.. Look at attachment

    I will keep you posted if I find solution from them

    Cheers,

    Yogesh

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 22, 2016 at 11:21 AM

    Hello,

    I solved the issue myself :

    problem was solved by moving login module com.sap.engine.services.security.server.jaas.ClientCertLoginModule down in list in NWA (setting lower priority). I suppose, that this module is responsible for creating virtual user "hostname.domain.local", which have not required authorizations for the operation. After that, correct user SM_ADMIN_BSM is used and everything is working as expected.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Yogesh Patel
    Jan 04, 2017 at 09:22 PM

    Hello,

    This is also one of the solution...

    Open the NetWeaver Administrator
    Go to tab ‘Configuration’ and select ‘Identity Management’
    Select ‘Groups’ as Search Criteria and enter ‘SAP_RCA_AGT_CONN’ as group name
    Press ‘Go’
    Select the now displayed group
    Go to tab ‘Assign Roles’ and press ‘Modify’
    Search for ‘Administrator’
    Select the role and press ‘Add’
    Press ‘Save’

    Now you can execute the SSO configuration step.

    One more SAP note :

    2400079 - Byte Code Adapter Installation ends in error: "Failed to connect via p4 channel - com.sap.smdagent.vmmanager.VMManagerException: Failed to use JMX service

    -Yogesh

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Bruno Pereira
    Aug 25, 2017 at 11:04 AM

    Hi Michal,

    You can easy overcome this issue by simply adding the role SAP_J2EE_ADMIN to the user account created for the SPML service execution.

    The user account credentials are input during step 4 of the Managed System Configuration Solution Manager wizard.

    Take a look at SAP notes, for a better alternative:

    Add comment
    10|10000 characters needed characters exceeded