on 11-08-2016 12:59 PM
Hello,
we have a problem with configuration of JAVA managed system in Solution Manager 7.2 - it is Solman's JAVA stack. On Finalize configuration, step Set Up Single Sign-On there is following error:
java.rmi.RemoteException: java.lang.SecurityException: User 'hostname.domain.local' does not have permission for the security operation!; nested exception is:
java.lang.SecurityException: java.lang.SecurityException: User 'hostname.domain.local' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:81)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:71)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:266)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:482)
at com.sap.engine.services.rmi_p4.server.ServerDispatchImpl.run(ServerDispatchImpl.java:81)
at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:72)
at com.sap.engine.services.rmi_p4.P4Message.execute(P4Message.java:43)
at com.sap.engine.services.cross.fca.FCAConnectorImpl.executeRequest(FCAConnectorImpl.java:1055)
at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:59)
at com.sap.engine.services.cross.fca.MessageReader.run(MessageReader.java:55)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by: java.lang.SecurityException: java.lang.SecurityException: User
'hostname.domain.local' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:109)
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:86)
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:79)
... 12 more
Caused by: java.lang.SecurityException: User 'hostname.domain.local' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:105)
... 14 more
Strange thing is the USER - 'hostname.domain.local' instead of username.
Thanks.
Hi Martene, log to the NWA, select Configuration, then Authentication and Single Sign-On. Select "SAP-J2EE-Engine" Policy configuration and in details there are Login Modules with Move Up and Down buttons. In my case moving "
com.sap.engine.services.security.server.jaas.ClientCertLoginModule" to bottom solved the issue.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes this was the solution from SAP
-Yogesh
Hi Michal,
You can easy overcome this issue by simply adding the role SAP_J2EE_ADMIN to the user account created for the SPML service execution.
The user account credentials are input during step 4 of the Managed System Configuration Solution Manager wizard.
Take a look at SAP notes, for a better alternative:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Yogesh and Michal, I have now the same problem as you both.
* Yogesh, I tried your solution, but it does not work in my case.
* Michal, could you please explain what I have to do exactly to move the login module com.sap.engine.services.security.server.jaas.ClientCertLoginModule down in list in NWA? I do not understand what to do exactly.
Thanks a lot, MK
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
This is also one of the solution...
Open the NetWeaver Administrator
Go to tab ‘Configuration’ and select ‘Identity Management’
Select ‘Groups’ as Search Criteria and enter ‘SAP_RCA_AGT_CONN’ as group name
Press ‘Go’
Select the now displayed group
Go to tab ‘Assign Roles’ and press ‘Modify’
Search for ‘Administrator’
Select the role and press ‘Add’
Press ‘Save’
Now you can execute the SSO configuration step.
One more SAP note :
2400079 - Byte Code Adapter Installation ends in error: "Failed to connect via p4 channel - com.sap.smdagent.vmmanager.VMManagerException: Failed to use JMX service
-Yogesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I solved the issue myself :
problem was solved by moving login module com.sap.engine.services.security.server.jaas.ClientCertLoginModule down in list in NWA (setting lower priority). I suppose, that this module is responsible for creating virtual user "hostname.domain.local", which have not required authorizations for the operation. After that, correct user SM_ADMIN_BSM is used and everything is working as expected.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.