on 02-26-2024 10:58 PM
Hello Experts,
We are trying to configure principal propagation (X.509 certificate) for SAP BAS via the Cloud Connector to the backend through a proxy. However, we're encountering this error in BAS:
"An error occurred: Request failed with status code 401".
curl test:
curl trial100.dest
we receive the following message: "Unable to generate authorization token for user test@test.com on system test:.user:5202".
Ljs_trace.log
#TRACE#com.sap.core.connectivity.tunnel.core.Tunnel#tunnel-client-15-1# #Will send message of type 4 (error) over tunnel channel [id: 98098, L:/455.445.567 - R:/2233.233.233:80] with tunnelId account:///3043omf3ß24343434/test
TRACE#io.netty.handler.codec.http.websocketx.WebSocket08FrameEncoder#tunnel-client-15-1# #Encoding WebSocket Frame opCode=2 length=305
#TRACE#com.sap.core.connectivity.tunnel.core.Tunnel#tunnel-client-15-1# #Sent message of type 4 (error) over tunnel channel [id: 98098, L:/455.445.567 - R:/2233.233.233:80] with tunnelId account:/// 3043omf3ß24343434/test
#DEBUG#com.sap.core.connectivity.protocol.http.handlers.HttpRequestStateHandler#tunnel-client-15-1#2334#Last http request object, switching state to STARTING
#TRACE#com.sap.core.connectivity.protocol.http.handlers.HttpRequestStateHandler#tunnel-client-15-1#3434#Set autoread=TRUE on Backend channel: [id: 3434 isOpen: true; isActive: true; isRegistered: true; isWritable: true; bytesBeforeWritable: 0; bytesBeforeUnwritable: 78,445; autoRead: true]
#DEBUG#com.sap.core.connectivity.protocol.http.handlers.HttpRequestStateHandler#tunnel-client-15-1#e2333#Swallowing HTTP object EmptyLastHttpContent.
#ERROR#com.sap.core.connectivity.spi.processing.AbstractProtocolProcessor#tunnel-client-15-1#34444#Write operation FAILED for payload message packet with size 5,856 for client channel [id: 034034, L:/233.33.323:3334 - R:test.com/233.345.121:5010]. Cause: com.sap.core.connectivity.protocol.http.handlers.HttpProtocolException: Unable to generate authorization token for user testuser@test.com on system test:5020.
#DEBUG#io.netty.handler.ssl.SslHandler#tunnel-client-15-1# #[id: 3434, L:/554.455.344:3494 - R:test.com/233.344.434:5050] HANDSHAKEN: protocol:TLSv1.2 cipher suite:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#TRACE#io.netty.handler.codec.http.websocketx.WebSocket08FrameDecoder#tunnel-client-15-1# #Decoding WebSocket Frame opCode=2
#TRACE#io.netty.handler.codec.http.websocketx.WebSocket08FrameDecoder#tunnel-client-15-1# #Decoding WebSocket Frame length=14
#TRACE#com.sap.core.connectivity.tunnel.core.handlers.MessagePacketHandler#tunnel-client-15-1#3444324#Received message of type 2 (close connection) over tunnel channel [id: 0x9bdf277b, L:/123.344.445:405i - R:/232.233.34480]; tunnelId: account:///34343´545445/test
#DEBUG#com.sap.core.connectivity.tunnel.core.Tunnel#tunnel-client-15-1#232323#Unsubscribed connectionId 2323 from tunnelId account:///2323090909405/test
#DEBUG#com.sap.core.connectivity.tunnel.client.sso.CallerPrincipalProviderImpl#tunnel-client-15-1#8887#Unassigned principal: 'testuser@test.com'
#TRACE#com.sap.core.connectivity.spi.util.ChannelUtil#tunnel-client-15-1#0x224434346e2d#Closing channel [id: 3444d34, L:/232.445.556:9293 - R:test.com/238.343.343:5020
#DEBUG#com.sap.core.connectivity.spi.processing.AbstractProtocolProcessor#tunnel-client-15-1#0x22446e2d#Released backend connection channel [L:/232.445.556:9293 - R:test.com/238.343.343:5020]
#TRACE#com.sap.core.connectivity.protocol.http.HttpProtocolProcessor#tunnel-client-15-1#343434#Report close connection with id: 3434c
#DEBUG#com.sap.scc.security#tunnel-client-15-1# #Generating X.509 certificate for authentication to backend
#DEBUG#com.sap.scc.security#tunnel-client-15-1# #Requesting token for principal with name testuser@test.com
G#com.sap.scc.security#tunnel-client-15-1# #Condition "true" fits to principal 'testuser.qtest.com', return CN=${mail}, EMAIL=testuser@test.com OU=SB, O=WI, C=DE
#ERROR#com.sap.core.connectivity.protocol.http.handlers.HttpAuthenticationHandler#tunnel-client-15-sdsdsdsd#Unable to generate authorization token
java.lang.IllegalStateException: The variable 'mail' needed for object CN is not available in context.
at com.sap.scc.cert.DN.toRDN(DN.java:177)
at com.sap.scc.cert.CertificateGenerator.generateToken(CertificateGenerator.java:135)
at com.sap.scc.sso.SccBackendTokenGenerator.generateToken(SccBackendTokenGenerator.java:52)
at com.sap.core.connectivity.protocol.http.handlers.HttpAuthenticationHandler.generateAuthenticationToken(HttpAuthenticationHandler.java:145)
#ERROR#com.sap.core.connectivity.protocol.http.handlers.HttpRequestStateHandler#tunnel-client-15-1#333434#Unexpected HTTP error:
com.sap.core.connectivity.protocol.http.handlers.HttpProtocolException: Unable to generate authorization token for user testuser@test.com.de on system test:4040.
HttpRequestStateHandler#tunnel-client-15-1#sdsd#Starting, switching state to PROCESSING
#DEBUG#com.sap.core.connectivity.protocol.http.handlers.HttpRequestStateHandler#tunnel-client-15-1#Start sending http://test:8888/sap/opu/odata/IWFND/CATALOGSERVICE;v=2/ServiceCollection/?$top=1&saml2=disabled to backend
#TRACE#com.sap.core.connectivity.protocol.http.handlers.HttpRequestStateHandler#tunnel-client-15-1#asas#Set autoread=FALSE on Backend channel: [id: 8888888 isOpen: true; isActive: true; isRegistered: true; isWritable: true; bytesBeforeWritable: 0; bytesBeforeUnwritable: 65,88; autoRead: false]
#TRACE#com.sap.core.connectivity.protocol.http.handlers.HttpInboundStatisticsHandler#tunnel-client-15-1#000ß#Set request description to statistics instance: http://test:990/sap/opu/odata/IWFND/CATALOGSERVICE;v=2/ServiceCollection/?$top=1&saml2=disabled on [virtualHost=test, virtualPort=9870, protocol=HTTP]
#TRACE#com.sap.core.connectivity.protocol.http.handlers.HttpInboundStatisticsHandler#tunnel-client-15-1#sdsd#Report invoke started for connection sdsd to http://test:979 request /sap/opu/odata/IWFND/CATALOGSERVICE;v=2/ServiceCollection/
#DEBUG#com.sap.core.connectivity.protocol.http.handlers.HttpAuthenticationHandler#tunnel-client-15-1#dsdsd#Updating caller principal.
#DEBUG#com.sap.core.connectivity.tunnel.client.sso.SSOClientSessionService#tunnel-client-15-1# #Reusing existing session with id -33213142
DEBUG#com.sap.core.connectivity.tunnel.client.sso.CallerPrincipalProviderImpl#tunnel-client-15-1# #Assigned principal: testuser@test.com
'DEBUG#com.sap.core.connectivity.protocol.http.handlers.HttpAuthenticationHandler#tunnel-client-15-1#232323#Updated caller principal from null to testuser@test.com
#DEBUG#com.sap.scc.security#tunnel-client-15-1# #Generating X.509 certificate for authentication to backend
#DEBUG#com.sap.scc.security#tunnel-client-15-1# #Requesting token for principal with name testuser@test.com
#DEBUG#com.sap.scc.security#tunnel-client-15-1# #Condition "true" fits to principal ‚‘testuser@test.com‘, return CN=${mail}, EMAIL=testuser@test,com, OU=SB, O=WI, C=DE
#ERROR#com.sap.core.connectivity.protocol.http.handlers.HttpAuthenticationHandler#tunnel-client-15-1#88888#Unable to generate authorization token
java.lang.IllegalStateException: The variable 'mail' needed for object CN is not available in context.
Any ideas on how to resolve this issue ?
Thank you in advance!
Best Regards
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.