Skip to Content
0
Former Member
Dec 14, 2010 at 08:36 PM

SSO configuration from CE 7.2 to ERP 6.0 EhP4

63 Views

Hi All,

We are trying to configure SSO from our CE 7.2 system to our ERP 6.0 EhP4 system, such that we can use logon tickets for the ERP destination template. We have completed the following configuration:

1. Added the ERP system as a trusted system in CE 7.2

a. NWA --> Configuration Management --> Security --> Trusted Systems

b. Add Trusted System --> By Querying Trusted System

2. Exported the public key from CE and imported into ERP

a. NWA --> Configuration Management --> Security --> Certificates and Keys

b. Highlighted TicketKeystore, then SAPLogonTicketKeypair-cert

c. Export Entry

d. Logged into client 000 of ERP system

e. STRUSTSS02

f. Imported certificate, adding it to both the certificate list and the ACL

3. Configure the Destination Template to Use Logon Tickets

a. NWA --> SOA Management --> Destination Template Management

b. Highlighed the ERP DT

c. Clicked on the Security tab

d. Selected the Logon Ticket radio button

We are using a very simple Visual Composer applciation to test the destination template. The VC app calls a service in the ERP system and returns data from a query. When we run the VC app, we are receiving the following error message:

Error in Connection :Could not retrieve metadata

Error occurred while executing the service. Error in Connection :Could not retrieve metadata

Error occurred while executing the servcie. Error occurred while executing the service. Error in Connection :Could not retrive metadata

Log /usr/sap/<SID>/<instance>/j2ee/cluster/server0/log/system/security_00.0.log contains the following information:

2.0^H#2010 12 14 11:34:09:918#0-500#Info#/System/Security/Authentication#

#BC-JAS-SEC#security#00215E5F4572076100000000002AC0D6#15716050000000004#sap.com/tcwddispwda#com.sap.engine.s

ervices.security.authentication.logincontext.table#u799592#36##FA086DC2079F11E0A097000000EFCED2#a18a3387079f11

e0810b000000efced2#a18a3387079f11e0810b000000efced2#0#Thread[HTTP Worker [@1945118155],5,Dedicated_Application

_Thread]#Plain##

LOGIN.OK

User: u799592

IP Address: 168.136.241.36

Authentication Stack: sap.com/tcwddispwda*webdynpro_dispatcher

Login Module Flag Initialize Login

Commit Abort Details

1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false

false

\#1 trusteddn1 = CN=QAS,OU=I0820037617,OU=SAP Web AS,O=SAP Trust Community,C=DE

\#2 trustediss1 = CN=QAS,OU=I0820037617,OU=SAP Web AS,O=SAP Trust Community,C=DE

\#3 trustedsys1 = QAS,000

\#4 ume.configuration.active = true

2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok true

true

3. com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok true

True

#2.0^H#2010 12 14 11:34:15:011#0-500#Warning#/System/Security/Authentication#

com.sap.ASJ.secsrv.000129#BC-JAS-SEC#security#00215E5F4572076300000008002AC0D6#15716050000000004#sap.com/tjh_d

evcomp_impl#com.sap.engine.services.security.authentication.loginmodule.ticket#u799592#36##FA086DC2079F11E0A09

7000000EFCED2#afdb20ac079f11e09268000000efced2#afdb20ac079f11e09268000000efced2#0#Thread[HTTP Worker [@6734794

70],5,Dedicated_Application_Thread]#Plain##

Key under alias [SAPLogonTicketKeypair] cannot be retrieved from keystore view [TicketKeystore]. Authenticatio

n stack: [<null>]. The default kestore view is [TicketKeystore]. The default keypair alias is [SAPLogonTicketK

eypair]. Check the login module options and UME properties.#

Any ideas as to what configuration may be wrong/missing?

Thanks in advance for any help you can provide.