Hi,
I am configuring Single Sign On using Log On Tickets. I am getting the error :
Logon requires activated Single Sign-On on this server. This is not the case. Contact your system administrator.
I have given the parameters login/accept_sso2_ticket = 1 and login/create_sso2_ticket = 0. I have restarted the srever. I have also iported the verify.der file in the backend SAP system and added it to the ACL list.
I put a trace in transaction SM50. Below are the trace results.
A Wed Mar 30 16:09:13 2005
A Wed Mar 30 16:09:13 2005
A
A ABAP/4 Program CL_BSP_RUNTIME================CP .
A Source CL_BSP_RUNTIME================CM00E Line 34.
A Error Code UNCAUGHT_EXCEPTION.
A Module $Id: //bas/640_REL/src/krn/runt/abexcp.c#4 $ SAP.
A Function raiseExcp Line 2044.
*
ACTIVE TRACE LEVEL 2
ACTIVE TRACE COMPONENTS all, N
*
N Wed Mar 30 16:10:53 2005
N dy_signi_ext: SSO TICKET logon (client 200)
N mySAPUnwrapCookie: was called.
N HmskiFindTicketInCache: Trying to find logon ticket in ticket cache.
N HmskiFindTicketInCache: Try to find ticket with cache key: 200:85B51434642353E6F8D42E5D0FB5DFD2 .
N HmskiFindTicketInCache: Couldn't find ticket in ticket cache.
N I don't need to ask RunningCompatibly to know: I'm >= 46C.
N mySAP: Got the following SSF Params:
N DN =CN=EER
N EncrAlg=DES-CBC
N Format =PKCS7
N Toolkit =SAPSECULIB
N HashAlg =SHA1
N Profile =E:\usr\sap\EER\DVEBMGS38\sec\SAPSYS.pse
N PAB =E:\usr\sap\EER\DVEBMGS38\sec\SAPSYS.pse
N Got the codepage 1100.
N Got ticket (head) AjExMDAgAApwb3J0YWw6ZGVziAATYmFzaWNhdXRo. Length = 448.
N MskiValidateTicket returns 0.
N Got content client = 000.
N Got content sysid = DPO .
N No entry in TWPSSO2ACL for SYS DPO and CLI 000.
N CheckSubject failed (rc=19). Verifying if ticket was issued by me.
N *** ERROR => System ID and client from ticket are not the same than mine. [ssoxxkrn.c 797]
N Data from ticket: sysid=DPO , client=000
N My system data: sysid=EER , client=200
N *** ERROR => Neither was ticket issued by myself nor can I find issuer in TWPSSO2ACL. [ssoxxkrn.c 803]
N dy_signi_ext: issuer not trusted
Please let me know what do I need to change, to make SSO work.
Thanks,
Jay