on 05-31-2005 3:50 PM
Hi everyone,
For doing SSO for non-sap java based applications, i followed the weblog by Robert Chu (very good weblog).
The sample code given here is working fine with my local tomcat and a local sandbox EP available with me (SP9). But when i am now trying this is our Dev server (SP11) i am getting exceptions. I have followed all the steps. Also i have checked that the domains are same. Still geting the error. The cookie is also getting passed...
<i>exception
com.sap.test.TicketVerifierException: Error in verifying ticket Certificate (Issuer="CN=RID", S/N=0) not found.
at com.sap.test.SAPTicketVerifier.verifyTicket(SAPTicketVerifier.java:147)
at com.sap.test.TicketVerifierServlet.getUserFromRequest(TicketVerifierServlet.java:97)
at com.sap.test.TicketVerifierServlet.doPost(TicketVerifierServlet.java:80)
at com.sap.test.TicketVerifierServlet.doGet(TicketVerifierServlet.java:68)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2416)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:263)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:562)
at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
at java.lang.Thread.run(Thread.java:534)
Caused by: java.security.SignatureException: Certificate (Issuer="CN=RID", S/N=0) not found.
at com.sap.security.core.ticket.imp.Ticket.verify(Ticket.java:849)
at com.sap.test.SAPTicketVerifier.verifyTicket(SAPTicketVerifier.java:132)
... 36 more</i>
I also tried in another server(also sp11) but there i am getting another exception ...
<i>com.sap.test.TicketVerifierException: Error in verifying ticket class configured for Signature(provider: IAIK)cannot be found.
iaik.security.dsa.RawDSA
at com.sap.test.SAPTicketVerifier.verifyTicket(SAPTicketVerifier.java:147)
at com.sap.test.TicketVerifierServlet.getUserFromRequest(TicketVerifierServlet.java:97)
at com.sap.test.TicketVerifierServlet.doPost(TicketVerifierServlet.java:80)
at com.sap.test.TicketVerifierServlet.doGet(TicketVerifierServlet.java:68)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2416)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:263)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:562)
at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
at java.lang.Thread.run(Thread.java:534)
Caused by: java.security.NoSuchAlgorithmException: class configured for Signature(provider: IAIK)cannot be found.
iaik.security.dsa.RawDSA
at java.security.Security.doGetImpl(Security.java:1145)
at java.security.Security.doGetImpl(Security.java:1084)
at java.security.Security.getImpl(Security.java:1045)
at java.security.Signature.getInstance(Signature.java:169)
at com.sap.security.core.ticket.imp.Ticket.verify(Ticket.java:899)
at com.sap.test.SAPTicketVerifier.verifyTicket(SAPTicketVerifier.java:132)
... 36 more</i>
Both the exceptions are diff..
Can somebody help me out with this. I am suspecting that there is something wrong with the verify.der or maybe with the impored JAR files (version problem). But can somebody point me in right direction.
Any kind of pointers will be helpfull....
Regards
Gaurav Gandhi
Try using verify.pse file...
Download it...Put it in some location on the server.
Give the path of the file as "/usr/sap/...../verify_servername.pse" in the JSP.
Hope that helps.
Thanks.
JP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi John
Thanx for this..i will try this out and let you know.. but not confident whether it will work bcos that article tells to use the verify.der file. Now when i am trying to access the link for SSO to non-SAP Java Appli, i am getting 404 Error in SDN, SDN has moved it i suppose. Can you tell me where will i find the old SDN articles..i am getting 404 Error on this link https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/enabling single sign-on from sap j2ee engine to non-sap java applications.article
I will try now with the PSE file in the servlet sample code which i got from the article..
Regards
Gaurav Gandhi
Hi John
I tried using the verify.pse instead of verify.pse but it does not work. I am not even able to import this .pse file into the Key Store.
I got the following exception at command prompt while importing the file into Key Stokeytool error:
<u>java.lang.Exception: Input not an X.509 certificatere.</u>
The .pse file is not a certificate or is it?
Please help me and tell me what to do now. Is there any other solution for these exceptions??
Regards
Gaurav Gandhi
I think the weblog has been removed for some reason.
But I can send you if you can give me your mailID.
And from experience...you need not import the .pse file into the Key Store at all...
Just put the .pse file into the server and specify the path of the .pse file in the JSP.
It worked for me...
All the best...
JP
Hi JP,
Actually the weblog which i used
SAP Logon Ticket-based Single Sign-On
is still there at this link: https://www.sdn.sap.com/sdn/weblogs.sdn?blog=/pub/wlg/960. [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken]In this there is a section
If your backend is a Java application running on a non-SAP application server, you can insert some code into your application so it can accept the SAP logon ticket, retrieve the user id from the ticket, and grant access basing on the user id. Tim Mullé and Stephan Boecker have discussed how to do so <u>here</u>.
In this the here takes you to https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/enabling Single Sign-On from SAP J2EE Engine to Non-SAP Java Applications.article and this link is missing. If you have this acticle please send me to gauravfeb10@gmail.com
Also regarding the KeyStore, i was actually following the steps given in that article and the sample code was i was using is also for verify.der and not verify.pse.
So i dont know what code is to be modified if i need to use veify.pse and not include it in portal.store.
If you have all the correct steps for implementing SSO (any doc, link etc) plz send me the code ot the link. If possible explain.
Please let me know everything in detail..(which path, which JSP you are talking abt)
Regards
Gaurav Gandhi
Hello Gurav,
I am implementing SSO between EP 6.0 and SRM 4.0.
I have imported the public keys into the SRM's ACL
I also made the following changes
login/accept_sso2_ticket = 1
login/create_sso2_ticket = 0
I have created a system in portal with the SRM's properties.
However, when I test the connection between the connection using SAPLOGONTICKET as the Logon Method, the ITS test is ok, but the other Connector tests fails.
After making all the configuratio settings how do I test that SSO is working?
Thank you
Have you installed sapjco. Check out the following weblog.
https://www.sdn.sap.com/sdn/weblogs.sdn?blog=/pub/wlg/1853 [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken]
Hello Gaurav/John,
I am unable to find the code for the SSO Demo at the location :
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/security/enabling single sign-on from sap j2ee engine to non-sap java applications.article
I would be grateful if you could indicate to me via email the exact location for downloading the supporting source code
samples [zip] and the war file ....
many thanks,
ws_dev2001@yahoo.com
Hello Gaurav/John,
I am unable to find the code for the SSO Demo at the location :
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/security/enabling single sign-on from sap j2ee engine to non-sap java applications.article
I would be grateful if you could indicate to me via return email the exact location for downloading the supporting source code
samples [zip] and the war file ....
many thanks,
ws_dev2001@yahoo.com
I cannot open the link associated with the below article can anyone help me where can i found this doc.
If your backend is a Java application running on a non-SAP application server, you can insert some code into your application so it can accept the SAP logon ticket, retrieve the user id from the ticket, and grant access basing on the user id. Tim Mullé and Stephan Boecker have discussed how to do so here.
Thanks,
Naveen
Hello John,
I really appreciate the SDN, but I am a bit disappointed about the numerous dead links that I discovered so far.
The practice of requesting the removed article and example source-code by mail seems not to match the blogging philosophy...
Nevertheless, I also have the task to integrate a non-SAP application into the SAP portal, so I would really appreciate if you send me the information to i_kellner"at"web.de.
And maybe it is possible to make these resources available to the public again, so that the blog discusses the technology and is not bloated with email requests...
Regards, Ingmar Kellner
hello i get hte following exepction when i'm trying to read to MYSAPSSO2 from a non SAP application "com.sap.test.TicketVerifierException: Error in verifying ticket class configured for Signature(provider: IAIK)cannot be found."
I Implemented a working solution on our lokal development enviroment but on the customer system it don't work .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Was reading through your posts regarding SSO of SAPEP with Java Applications couldnt trace the article and code to work. I am getting exception at
Object o[] = evalLogonTicket(Cookie, pab!=null?pab:"SAPdefault" , pwd);
saying Null Pointer exception.
Could you help me with the document you achieved/prepared this with, as I am using Spring architecture in Java and want to do with SSO for SAPEP.
I am eagerly looking forward for your kind help on the same.
As we are stuck on this activity, your sharing of the doc for the same would be of great help and highly appreciated.
thanks in advance
aditya
Hi guys,
Could someone send me article and source code?
Thanks
Artur [testinf@gazeta.pl]
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
Can you please send me the article. Greatly appreciated.
Rabih
rabihr@yahoo.com
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
81 | |
24 | |
11 | |
9 | |
7 | |
5 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.