Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configuring SSO in AS JAVA (PI 7.11)

Former Member

‎12-16-2011 11:42 AM

0 Kudos

Hello, experts!

Can your HELP me?

I try to configure client SSO with certificates.

I configure next parameters and settings on PI 7.11.

Install SAPCRYPTOlLIB for my AIX version, placing the ticket, sapgenpse, and libsapcrypto.o in the correct locations.

Profile settings:

ssl/pse_provider=JAVA

sec/libsapsecu=/usr/sap/<SID>/SYS/exe/run/libsapcrypto.o

ssf/ssfapi_lib=/usr/sap/<SID>/SYS/exe/run/libsapcrypto.o

ssf/name=SAPSECULIB

ssl/ssl_lib=/usr/sap/<SID>/SYS/exe/run/libsapcrypto.o

icm/server_port_2=PORT=5$(SAPSYSTEM)01,PROT=HTTPS

In NWA->Configuration Management->Security->Certificates and Keys create Key Storage ICM_SSL_<j2eeinstanceID>. Then Generate CRS Request, load this code to the service.sap.com/TCS, generate SSL Test Certificate and load to CRS Respone.

Now i can access my system on https. But when i try to log on wiht certificate and mask check box "Create Client Certificate". I`ll redirect to https://tcs.mysap.com/invoke/tc/usercert with error text:

"Error: Incorrect certificate request (CertReq)

One of the following reasons can cause this error:

- You call this service without CertReq

- Your CertReq is not valid or the signature is incorrect

- Your RA is not registered yet

- You apply for certificate within incorrect naming space

Please contact your system administrator.

"

Whats happen? Why my users couldn`t take certificate?

Please help...

3 REPLIES 3

blanca_serrano
Advisor
Advisor

‎12-19-2011 7:43 AM

0 Kudos

Hello Konstantin,

Please follow the steps in the link:

http://help.sap.com/saphelp_nw70/helpdata/en/3b/6d04c7974743159e0eaeea2b40a537/frameset.htm

You need to use a PSE using the DSA algorithm as your Registartion Authority.

I hope this helps you.

Regards,

Blanca

Former Member
In response to blanca_serrano

‎12-22-2011 6:18 AM

0 Kudos

Thank you, i check all my setting in steps http://help.sap.com/saphelp_nw70/helpdata/en/3b/6d04c7974743159e0eaeea2b40a537/frameset.htm

all, my settings matching.

Can anybody help me????

Former Member
In response to blanca_serrano

‎12-23-2011 7:44 AM

0 Kudos

Hello Constantin,

I assume that you have done all the SSO configuration fine according to document, then you muct check that both system time are sync to each other.

Thanks & Regards,

Amit Barnawal