Hello everyone,
I installed BPC 10.0 version for Netweaver and the EPM Add-in for Microsoft Office.
As part of BPC 10.0 post-installation, I configured SSO per note 817529. The
sso2test.htm BSP application to check the configuration was successful. I am not using HTTPS.
I installed the EPM Add-in for Microsoft Office. I performed the
prerequisites for creating local connection for BPC version for
Netweaver per the EPM Add-in for Microsoft Office installation guide.
Within Excel, I clicked the EPM tab and tried to create a logon
connection. However, I receive the following error:
The environment 'Environment Shell' is unavailable. You are not
authorized to connect.
Per note 495911, I did a trace analysis on the problem. The detailed
trace file output is below. I have reviewed note 320991 and verified that
the password for my logon id and for the service account are correct.
I have made various adjustments to the STRUSTSSO2 transaction; however the problem persists.
Does anyone have a suggestion as to how I can resolve the error? For this specific scenario, what are the steps required in STRUSTSSO2? I've seen the help files on SSL/SSO but the context involves SSO with portal or J2EE or another ABAP system, etc. This particular integration is with the EPM Add-in for Microsoft Office.
Kind regards,
Rex L. Farris
***DETAILED CONTENTS OF WORK PROCESS TRACE FILE ***
A Tue Oct 11 12:27:10 2011
A **GENER Trace switched off ***
*
ACTIVE TRACE LEVEL 2
ACTIVE TRACE COMPONENTS all, NJ
*
S Tue Oct 11 12:32:11 2011
S found spool memory service RSPO-ACTIONS at 0000000033C4A390
N Tue Oct 11 12:34:16 2011
N SAML-Trace: Starting SAML authentication for access to path: /sap/bpc/session
N SAML-Trace: Login methods list from ICF: AUTH_FIELD,AUTH_CERT,AUTH_SSO,AUTH_ASSERT,AUTH_BASIC,AUTH_SAP,AUTH_SAML,AUTH_SERVI
N SAML-Trace: Received configuration data:
N Tue Oct 11 12:34:17 2011
N dy_signi_ext: PASSWORD logon with ticket request
N DyISigni: client=100, user=BPCADMIN , lang=E, access=H, auth=P
N usrexist: effective authentification method: <client,username,password>
N chckpass: client=100, user=BPCADMIN , accesstype=H
N password logon is generally enabled (default)
N productive password is still valid (expiration period=0 / days gone=0)
N codvn=I => password is case-sensitive and up to 40 chars long
N chckpass: correct password
N Get_RefUser(100,BPCADMIN) =>
N password logon is generally enabled (default)
N productive password is still valid (expiration period=0 / days gone=0)
N password change not required (expiration period=0 / days gone=5)
N usrexist: update logon timestamp (M)
N save user time zone = > < into spa
N system default timezone for client >100< is: >EST <
M SecAudit(rsauinit): WP attached to existing shared memory.
M SecAudit(RsauShmInit): addr of SHM for Audit.. = 0000000002A20050
M SecAudit(RsauShmInit): addr of RSAUSHM........ = 0000000002A21050
M SecAudit(RsauShmInit): addr of RSAUSLOTINFO... = 0000000002A21660
M SecAudit(RsauShmInit): addr of RSAUSLOTS...... = 0000000002A21670
M SecAudit(check_daily_file): audit file opened E:\usr\sap\PC1\DVEBMGS00\log\20111011.AUD
N DyISignR: return code=0 (see note 320991)
N mySAPWrapTicket was called.
N Got Codepage 4103 for ticket creation.
N mySAP: Got the following SSF Params:
N DN =CN=PC1
N EncrAlg =DES-CBC
N Format =PKCS7
N Toolkit =SAPSECULIB
N HashAlg =SHA1
N Profile =E:\usr\sap\PC1\DVEBMGS00\sec\SAPSYS.pse
N PAB =E:\usr\sap\PC1\DVEBMGS00\sec\SAPSYS.pse
N login/create_sso2_ticket = 2 found. No certificates included in signature.
N Added client 100 and sysid PC1 to ticket contents.
N Added date 201110111634 to ticket contents.
N Ticket expiration time 8:00 found.
N Got user BPCADMIN for ticket creation.
N mySAPWrapTicket: Trying to insert newly created ticket into ticket cache.
N HmskiInsertTicketInCache: Trying to insert logon ticket in ticket cache.
N HmskiInsertTicketInCache: Inserted new ticket into logon ticket cache with cache key: 100:80E1958737F9600069E2206029DA90D9 .
N HmskiInsertTicketInCache: Inserted new ticket into logon ticket cache with cache info: <USER>=BPCADMIN ,<CLIENT>=100,<LANGUAGE>=E .
N mySAPWrapTicket returns 0.
N dy_signi_ext: ticket created (480 chars)
N Tue Oct 11 12:34:18 2011
N ==> krn_Base64_Decode()
N <== krn_Base64_Decode()==0 (SSF_KRN_OK)
N ==> krn_Base64_Decode()
N <== krn_Base64_Decode()==0 (SSF_KRN_OK)
N Tue Oct 11 12:34:19 2011
N InternetUserLogon called in testmode => 'authenticate-only'
N dy_signi_ext: LOGON TICKET logon (client 000)
N mySAPUnwrapTicket: was called.
N HmskiFindTicketInCache: Trying to find logon ticket in ticket cache.
N HmskiFindTicketInCache: Try to find ticket with cache key: 000:80E1958737F9600069E2206029DA90D9 .
N HmskiFindTicketInCache: Couldn't find ticket in ticket cache.
N mySAP: Got the following SSF Params:
N DN =CN=PC1
N EncrAlg =DES-CBC
N Format =PKCS7
N Toolkit =SAPSECULIB
N HashAlg =SHA1
N Profile =E:\usr\sap\PC1\DVEBMGS00\sec\SAPSYS.pse
N PAB =E:\usr\sap\PC1\DVEBMGS00\sec\SAPSYS.pse
N Got the codepage 4103.
N Got ticket (head) AjQxMDMBABhCAFAAQwBBAEQATQBJAE4AIAAgACAA. Length = 480.
N MskiValidateTicket returns 0.
N Got content client = 100.
N Got content sysid = PC1 .
N Got date 201110111634 from ticket.
N Cur time = 201110111634.
N Computing validity in hours.
N Computing validity in minutes.
N CurTime_t = 1318437240, CreTime_t = 1318437240
N validity: 28800, difference: 0.000.
N Ticket is without recipient information.
N HmskiInsertTicketInCache: Trying to insert logon ticket in ticket cache.
N HmskiInsertTicketInCache: Inserted new ticket into logon ticket cache with cache key: 000:80E1958737F9600069E2206029DA90D9 .
N HmskiInsertTicketInCache: Inserted new ticket into logon ticket cache with cache info: <USER>=BPCADMIN ,<CLIENT>=100,<LANGUAGE>=E .
N mySAPUnwrapTicket returns 0.
N dy_signi_ext: valid ticket with RFC ticket
N dy_signi_ext: ab_RfcValidateSSOInfo() rc=0
N DyISigni: client=000, user=BPCADMIN , lang=E, access=U, auth=T
N DyISigni: return code=1 (see note 320991)
N DyISigni: client=100, user=BPCADMIN , lang=E, access=H, auth=s
N usrexist: effective authentification method: HTTP Security Session
N Get_RefUser(100,BPCADMIN) =>
N password logon is generally enabled (default)
N productive password is still valid (expiration period=0 / days gone=0)
N password change not required (expiration period=0 / days gone=5)
N save user time zone = > < into spa
N system default timezone for client >100< is: >EST <
N DyISignR: return code=0 (see note 320991)
N ==> krn_Base64_Decode()
N <== krn_Base64_Decode()==0 (SSF_KRN_OK)
N ==> krn_Base64_Decode()
N <== krn_Base64_Decode()==0 (SSF_KRN_OK)
N InternetUserLogon called in testmode => 'authenticate-only'
N dy_signi_ext: LOGON TICKET logon (client 000)
N mySAPUnwrapTicket: was called.
N HmskiFindTicketInCache: Trying to find logon ticket in ticket cache.
N HmskiFindTicketInCache: Try to find ticket with cache key: 000:80E1958737F9600069E2206029DA90D9 .
N HmskiFindTicketInCache: Logon ticket found in ticket cache.
N HmskiFindTicketInCache: Ticket information in ticket cache is: <USER>=BPCADMIN ,<CLIENT>=100,<LANGUAGE>=E
N HmskiFindTicketInCache: Ticket information in ticket cache read successfully.
N DyISigni: client=000, user=BPCADMIN , lang=E, access=U, auth=T
N DyISigni: return code=1 (see note 320991)
N DyISigni: client=100, user=BPCADMIN , lang=E, access=H, auth=s
N usrexist: effective authentification method: HTTP Security Session
N Get_RefUser(100,BPCADMIN) =>
N password logon is generally enabled (default)
N productive password is still valid (expiration period=0 / days gone=0)
N password change not required (expiration period=0 / days gone=5)
N save user time zone = > < into spa
N system default timezone for client >100< is: >EST <
N DyISignR: return code=0 (see note 320991)
N ==> krn_Base64_Decode()
N <== krn_Base64_Decode()==0 (SSF_KRN_OK)
N ==> krn_Base64_Decode()
N <== krn_Base64_Decode()==0 (SSF_KRN_OK)
N Tue Oct 11 12:34:20 2011
N InternetUserLogon called in testmode => 'authenticate-only'
N dy_signi_ext: LOGON TICKET logon (client 000)
N mySAPUnwrapTicket: was called.
N HmskiFindTicketInCache: Trying to find logon ticket in ticket cache.
N HmskiFindTicketInCache: Try to find ticket with cache key: 000:80E1958737F9600069E2206029DA90D9 .
N HmskiFindTicketInCache: Logon ticket found in ticket cache.
N HmskiFindTicketInCache: Ticket information in ticket cache is: <USER>=BPCADMIN ,<CLIENT>=100,<LANGUAGE>=E
N HmskiFindTicketInCache: Ticket information in ticket cache read successfully.
N DyISigni: client=000, user=BPCADMIN , lang=E, access=U, auth=T
N DyISigni: return code=1 (see note 320991)
N DyISigni: client=100, user=BPCADMIN , lang=E, access=H, auth=s
N usrexist: effective authentification method: HTTP Security Session
N Get_RefUser(100,BPCADMIN) =>
N password logon is generally enabled (default)
N productive password is still valid (expiration period=0 / days gone=0)
N password change not required (expiration period=0 / days gone=5)
N save user time zone = > < into spa
N system default timezone for client >100< is: >EST <
N DyISignR: return code=0 (see note 320991)
N ==> krn_Base64_Decode()
N <== krn_Base64_Decode()==0 (SSF_KRN_OK)
N ==> krn_Base64_Decode()
N <== krn_Base64_Decode()==0 (SSF_KRN_OK)
Edited by: Rex Farris on Oct 11, 2011 9:38 PM