on 03-30-2011 7:48 AM
Hi,ALL
OS - HP_UX Neweaver 7.2 CE Oracle DB 10.2 I try setup SSO with http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=189597463
But I do't have LoginConfiguration.xml
I have maked it manualy
<credentials>
<assembly name="SapSso"/>
<info>
<item name="PseFilePath">String</item>
<item name="SsfLibFilePath">String</item>
<item name="PsePassword">String</item>
<item name="WindowsPlatform">[32|64]</item>
<item name="TicketFile">String</item>
</info>
</credentials>
But I try test my IVmanualyiew in Portal. And I get error :
"Login Failed. Either you are trying to access the application outside of portal. Or the Portal issued ticket is rejected or expired"
My verify.pse from Portal is not expired.
What i can add to my LoginConfiguration.xml to correct error ?
This will help me?
<item name="BackendUserNameRemoveFromStart"><![CDATA8]></item>
<item name="BackendUserNameRemoveFromEnd"><![CDATA1]></item
Can send someone me full file LoginConfiguration.xml?
IT's no Problem
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
My problem is :
Tiket from verify.pse file don't read.
Log write:
Tiket is null.
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Using cert: /usr/sap/NSD/J52/j2ee/cluster/apps/Nakisa/OrgChart/servlet_jsp/OrgChart/root/XML/verify.pse
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Ticket is: null
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Version of SAPSSOEXT: SAPSSOEXT 4
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : SCUE LIB base path is:
30 Mar 2011 16:08:26 ERROR com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : java.lang.Exception: At least one NULL parameter passed. ticket=0000000000000000,PAB=600000000b135900
30 Mar 2011 16:08:26 ERROR com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Unknown standard error (-1) - Unknown SSF error (-1)
30 Mar 2011 16:08:26 INFO
com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : User to authenticate null
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : Authentication provider SapSso
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : Login process finished with errors
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Viktor,
Yes, you will get that problem if you have not done all of the configuration correctly. Please answer these questions:
1. Have you gone through all the configuration steps in the Security section of the AdminConsole for SSO tickets?
2. Have you amended the credentials.xml file to have the settings in that you specified in an earlier post?
<credentials>
<assembly name="SapSso"/>
<info>
<item name="PseFilePath">XML/verify.pse</item>
<item name="SsfLibFilePath">XML/libsapsecu.so</item>
<item name="PsePassword"></item>
<item name="HP-UX">64</item>
</info>
</credentials>
3. Have you downloaded the sap secu library from SMP and put it into your XML folder?
Many thanks,
Luke
I answer:
1. Have you gone through all the configuration steps in the Security section of the AdminConsole for SSO tickets?
yes
2. Have you amended the credentials.xml file to have the settings in that you specified in an earlier post?
<nakisa>
<credentials>
<assembly name="SapSso"/>
<info>
<item name="RemoveFromStart">8</item>
<item name="RemoveFromEnd">1</item>
<item name="PseFilePath">verify.pse</item>
<item name="SsfLibFilePath">libsapsecu.so</item>
<item name="PsePassword"></item>
<item name="HP-UX">64</item>
</info>
</credentials>
<authentication>
<assembly name="SapSso"/>
<info>
<item name="ASHOST"><![CDATA[sapmgd.sap.hq.megafon.local]]></item>
<item name="SYSNR"><![CDATA[02]]></item>
<item name="CLIENT"><![CDATA[200]]></item>
</info>
</authentication>
</nakisa>
3. Have you downloaded the sap secu library from SMP and put it into your XML folder?
yes
Hi Viktor,
The code you ahve specified is note the credenteials.xml code, but the LoginConfiguration.xml code from a previous version. The four sections in the LoginConfiguration.xml are split into individual files in 3.0. What you put below should go in to the credentials.xml file:
<credentials>
<assembly name="SapSso"/>
<info>
<item name="RemoveFromStart">8</item>
<item name="RemoveFromEnd">1</item>
<item name="PseFilePath">verify.pse</item>
<item name="SsfLibFilePath">libsapsecu.so</item>
<item name="PsePassword"></item>
<item name="HP-UX">64</item>
</info>
</credentials>
and the authentication.xml file:
<authentication>
<assembly name="SapSso"/>
<info>
<item name="ASHOST"><![CDATA[http://sapmgd.sap.hq.megafon.local
- 02
- 200
]]>
Best regards,
Luke
Luke,
Do you think i need to correct credenteials.xml,authentication.xml ?
And Can i delete LoginConfiguration_SAP_SSO.xml ? I have make manualy this file LoginConfiguration_SAP_SSO.xml.
Is it true ?
My system nakisa and Portal read file LoginConfiguration_SAP_SSO.xml much well
But only ticket from my verify.pse file ( from Portal) does not be read.
Ok,Luke
But I can not decover files from my folder LoginConfiguration_SAP_SSO.
You write
The files are encrypted. To decrypt you need to edit the ManagerResources.xml file in 2 locations: The "root" build (e.g. SuccessionPlanning) and in your build folder. Navigate to the bottom of the file and change the ManagerEncryptSet tag to false in both files. Then load your build and save it. The files should then be decrypted.
I make in
......root/.system/Admin_Config
ManagerEncryptSet was "False"
...root/.system/Admin_Config/
ManagerEncryptApp i have changed to "False"
But I can not open they.
Maybe, I can do else something ?
Hi,Luke
I decrypt files from ...with help file ManagerResources.xml
There are .system\Admin_Config\ManagerResources.xml
.system\Admin_Config\SAP_Ora\ManagerResources.xml
\.system\Admin_Config\SAP_Live\ManagerResources.xml
And I put my contet in credentials.xml and authentication.xml .
But i logon in /OrgChart/manager.jsp in security settings adn I check box SSO with Ticket.
Save,Publish
Then my file credentials.xml is empy.
Hi,Luke
I solved my Problem. My mistake was in IVIEW in Portal.
I set up u201CFetch Modeu201D=Client-side ... And my ticket is not null
For URL iView, there is an interesting property called u201CFetch Modeu201D. It controls who, the client browser or the portal runtime, will do the fetching. Since the logon ticket issued by the portal to the already-authenticated portal user is technically stored in a session cookie called MYSAPSSO2 on the client browser, to take advantage of the logon ticket, you will have to set the fetch mode to u201CClient-sideu201D (which is the default). When the URL iView is accessed, the client browser automatically presents the ticket cookie in the HTTP request header, (Of course your backend application has to reside on the same domain as the portal server for this to happen; otherwise, please see this document on how to u201CPerform Cross-Domain Single Sign-On with SAP Logon Ticketsu201D). If your backend application has been configured to accept the logon ticket, then, bingo, you have implemented SSO!
Thanck you Luke
I want create SSO with logon ticket, then I take set files from
.system\Admin_Config\SAP_Live\Authentication\LoginConfiguration_SAP_SSO
credentials.xml
authentication.xml
employeefetcher.xml
login.xml
rolemapping.xml
userpopulation.xml
and
from .system\Admin_Config\SAP_Live\Authentication\LoginConfiguration_SAP_Portal ...
There are not LoginConfiguration.xml
Maybe, do you send me your thise file ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Viktor,
You just need the files from .system\Admin_Config\SAP_Live\Authentication\LoginConfiguration_SAP_SSO. All of the files below form the LoginConfiguration but there is no LoginConfiguration.xml file in 3.0.
You should look at each file and ensure they are configured, particularly:
authentication.xml
employeefetcher.xml
userpopulation.xml
rolemapping.xml
Without an understanding of the application you may find that it is difficult to configure the SSO.
Good luck!
Luke
The Appliction is Orgchart
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Content of my log-file is :
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - Tenant ID: 000
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - LoginSettingsObject Load: 23
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : Credential provider SapSso
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Using cert: /usr/sap/NSD/J52/j2ee/cluster/apps/Nakisa/OrgChart/servlet_jsp/OrgChart/root/XML/verify.pse
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Ticket is: null
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Version of SAPSSOEXT: SAPSSOEXT 4
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : SCUE LIB base path is:
30 Mar 2011 16:08:26 ERROR com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : java.lang.Exception: At least one NULL parameter passed. ticket=0000000000000000,PAB=600000000b135900
30 Mar 2011 16:08:26 ERROR com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Unknown standard error (-1) - Unknown SSF error (-1)
30 Mar 2011 16:08:26 INFO
com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : User to authenticate null
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : Authentication provider SapSso
30 Mar 2011 16:08:26 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : Login process finished with errors
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Viktor,
You will get lots of errors because the configuration is not correct. You need to change the ManagerResources.xml in different folders from the one you have. Can you tell us what application youy are doing this for?
The approximate locations would be similar to these:
......root/.system/Admin_Config/SAP_Live/
......root/.system/Admin_Config/__000__Your new build/
Best regards,
Luke
I am sorry. I have changed both files to "False".
......root/.system/Admin_Config
ManagerEncryptSet was "False"
...root/.system/Admin_Config/
ManagerEncryptApp i have changed to "False"
But I can not open they.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I found these files but there are in some strange format
bash-4.1$ more authentication.xml
[nakenc]PmzIR9Da3n9iiMUn681eauXQ3/OF12jco5k626bzXsSlx7FwESgnyJtQfDzBAdn1K+hqUGWaG4oYkwB5Tydj2vHCVWLBuVvGNTAnQ0IDJD
BicghhYcvfsYQrjRb8IUsM6lvWEhcTAJJS1O4U5dd6ZLfaxhv4aPvdla64LqxbI8nBYvUJizr5iKGBUXDlpBj00/8J9t6/fhKqgzsY7ID62vt9688T
tDaMrLH5uR4OWYGQqcWjKS6qv6R8ZZ8ohFQiBPZVhdN/Cxa5BCOkAjINDoWzWJcpA3CiRfFyIbVySrBKd2jojU0i5DPACd
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Viktor,
The files are encrypted. To decrypt you need to edit the ManagerResources.xml file in 2 locations: The "root" build (e.g. SuccessionPlanning) and in your build folder. Navigate to the bottom of the file and change the ManagerEncryptSet tag to false in both files. Then load your build and save it. The files should then be decrypted.
Good luck!
Luke
Contents of my LoginConfiguration.xml is now :
<credentials>
<assembly name="SapSso"/>
<info>
<item name="PseFilePath">XML/verify.pse</item>
<item name="SsfLibFilePath">XML/libsapsecu.so</item>
<item name="PsePassword"></item>
<item name="HP-UX">64</item>
</info>
</credentials>
I don't have file with name ticket.txt on OS
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Viktor,
The LoginConfiguration.xml file actually has a different name in your build folder and will be located in .delta\Authentication\LoginConfiguration_SSO\
In this folder are 4 files that require editing to enable the entire authentication process. You should look through each carefully and make sure the correct configuration is made in the AdminConsole before making manual changes to the files.
Have a look and then come back with your findings. Security is quite complex, even for experienced consultants in the Nakisa area.
Best regards,
Luke
But I try test my IView in Portal. And I get error :
Login Failed. Either you are trying to access the application outside of portal. Or the Portal issued ticket is rejected or expired
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
100 | |
12 | |
11 | |
6 | |
6 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.