Skip to Content
0
Former Member
Apr 20, 2011 at 05:34 PM

Issue in parsing MYSAPSSO2 Cookie -Certificate Serial no is in Hexadecimal

48 Views

Hi All,

We are trying to establish SSO with a non SAP web application using MYSAPSSO2 cookie.

Plan is to write a java class which can parse out the MYSAPSSO2 cookie, extract the user Id and use it for single sign on.

Following Libraries are used:

logging.jar

i18n_cp.jar

iaik_jce.jar

com.sap.security.api.jar

com.sap.security.core.jar

rscp4j.dll(this is downloaded from a SAP EP 7.0 instance running in windows 2003 server in our landscape).

Our Source SAP EP 7.0 instance which will be issuing the cookie is running in Solaris.

The target application in which the cookie is parsed, is running in Windos 2003 64 bit server.

Following is the code which we are using.

//Instantiate the rpovider

IAIK provider = new IAIK();

Security.addProvider(provider);

//Instantiate the ticket

tv = new com.sap.security.core.ticket.imp.Ticket();

//set teh certificates

tv.setCertificates(certificates);

//set the MYSAPSSO2 cookie

tv.setTicket(strCookie);

if (!tv.isValid()){

System.out.println("Ticket is not valid");

}

//Verify the ticket

tv.verify();

isValid method is working fine - it is returning true or false exactly based on the validity.

ISSUE:

tv.verify();--->Raises the following exception:

java.security.SignatureException-Certificate (Issuer="CN=SID,OU=XX,O=XYZ,L=LO,ST=ST,C=CO", S/N=1234567890) not found.

When analyzed, it looks like the verify method is trying to compare the issuer's serial number in integer format

but the portal is providing the serial number in hexadecimal format.

So the keystore has the certificate with the same issuer and serial number but the serial number is in hexadecimal format.

If I print the certificates available in the keystore it is printing that certificate with serial number in hexadecimal format. if I convert that hexadecimal to decimal - I get the same number which is part of the error message raised by the code.

The certificate from SAP Enterprise Portal was imported to the local keystore using the keytool -import option.

Could anyone help resolve this issue?

Thanks in advance.