Skip to Content
0
Former Member
Mar 30, 2005 at 02:24 PM

SSO using Logon Tickets

378 Views

Hi,

I am configuring Single Sign On using Log On Tickets. I am getting the error :

Logon requires activated Single Sign-On on this server. This is not the case. Contact your system administrator.

I have given the parameters login/accept_sso2_ticket = 1 and login/create_sso2_ticket = 0. I have restarted the srever. I have also iported the verify.der file in the backend SAP system and added it to the ACL list.

I put a trace in transaction SM50. Below are the trace results.

A Wed Mar 30 16:09:13 2005

A Wed Mar 30 16:09:13 2005

A

A ABAP/4 Program CL_BSP_RUNTIME================CP .

A Source CL_BSP_RUNTIME================CM00E Line 34.

A Error Code UNCAUGHT_EXCEPTION.

A Module $Id: //bas/640_REL/src/krn/runt/abexcp.c#4 $ SAP.

A Function raiseExcp Line 2044.

*

  • ACTIVE TRACE LEVEL 2

  • ACTIVE TRACE COMPONENTS all, N

*

N Wed Mar 30 16:10:53 2005

N dy_signi_ext: SSO TICKET logon (client 200)

N mySAPUnwrapCookie: was called.

N HmskiFindTicketInCache: Trying to find logon ticket in ticket cache.

N HmskiFindTicketInCache: Try to find ticket with cache key: 200:85B51434642353E6F8D42E5D0FB5DFD2 .

N HmskiFindTicketInCache: Couldn't find ticket in ticket cache.

N I don't need to ask RunningCompatibly to know: I'm >= 46C.

N mySAP: Got the following SSF Params:

N DN =CN=EER

N EncrAlg=DES-CBC

N Format =PKCS7

N Toolkit =SAPSECULIB

N HashAlg =SHA1

N Profile =E:\usr\sap\EER\DVEBMGS38\sec\SAPSYS.pse

N PAB =E:\usr\sap\EER\DVEBMGS38\sec\SAPSYS.pse

N Got the codepage 1100.

N Got ticket (head) AjExMDAgAApwb3J0YWw6ZGVziAATYmFzaWNhdXRo. Length = 448.

N MskiValidateTicket returns 0.

N Got content client = 000.

N Got content sysid = DPO .

N No entry in TWPSSO2ACL for SYS DPO and CLI 000.

N CheckSubject failed (rc=19). Verifying if ticket was issued by me.

N *** ERROR => System ID and client from ticket are not the same than mine. [ssoxxkrn.c 797]

N Data from ticket: sysid=DPO , client=000

N My system data: sysid=EER , client=200

N *** ERROR => Neither was ticket issued by myself nor can I find issuer in TWPSSO2ACL. [ssoxxkrn.c 803]

N dy_signi_ext: issuer not trusted

Please let me know what do I need to change, to make SSO work.

Thanks,

Jay