Hi Team,
We are having issue on setting up SSO between Portal 7.0 and BW 7.0. This is our existing system. I have done the following tasks as part of Integration.
We have BW ABAP and Portal two separate instances running on the same host.
1. Setup SSO profile on ABAP side.
2. Exchanged the certificate between Portal and ABAP. Added into ACL.
3. Ran the BI Template installer. (Failed for Cert exchange, I have manually exchanged the certs).
4. When I try to check the SSO from portal system landscape its failing with following message.
"Cannot check Issuer of SSO ticket".
when I manually check the cert by double clicking that it has all information like Issuer name, validity,etc. I have turned on the trace and collected the log for work processes. Below is the work process trace. its not showing the CN(common name) information. it is coming with blank under Distinguish Name(DN).
N *** ERROR => SsfVerify failed (see note 1055856). [ssoxxsgn.c 144]
N SsfVerify returned 7 :: SSF_API_UNKNOWN_PAB :: Priv.Addr.Book (PSE file) not found.
N SsfVerify returned null for SignerList.
N *** ERROR => ValidateTicket failed with rc = 20 and ssf_rc = 7. [ssoxxapi.c 227]
N *** ERROR => Ticket validation failed with rc = 20 and ssf_rc = 7. [ssoxxkrn.c 989]
N dy_signi_ext: issuer not verified
N dy_snccheck: do checks for ><, typ=E, client=810, user=
N dy_signi_ext: SSO TICKET logon (client 810)
N mySAPUnwrapTicket: was called.
N HmskiFindTicketInCache: Trying to find logon ticket in ticket cache.
N HmskiFindTicketInCache: Try to find ticket with cache key: 810:A90B27FFA16D4AFA46F760F00BC1C83B .
N HmskiFindTicketInCache: Couldn't find ticket in ticket cache.
N Ssf_GetOwnCertificate ...
N Ssf_GetOwnCertificate: SsfOpenProfile failed with rc=23
N mySAP: Got the following SSF Params:
N DN =
N EncrAlg =DES-CBC
N Format =PKCS7
N Toolkit =SAPSECULIB
N HashAlg =SHA1
N Profile =/usr/sap/BD2/DVEBMGS00/sec/SAPSSO2000.pse
N PAB =/usr/sap/BD2/DVEBMGS00/sec/SAPSSO2000.pse
N Got the codepage 4102.
N Got ticket (head) AjExMDAgABNwb3J0YWw6SjJFRV9BRE1fRDJXiAAT. Length = 528.
N 00000000 00 41 00 6a 00 45 00 78 00 4d 00 44 00 41 00 67 .A.j.E.x.M.D.A.g
N 00000010 00 41 00 42 00 4e 00 77 00 62 00 33 00 4a 00 30 .A.B.N.w.b.3.J.0
And Error from Webdynpro JCOs (SSO) as below.
"com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: Cannot check issuer of SSO ticket"
Please let me know if anyone can help here. Thanks in advance.
Thanks and Regards
Raj