cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO2Generator with LDAP

Go to solution
Former Member

on ‎05-31-2016 9:37 AM

0 Kudos

Hello experts

I'm trying to configure SSO with SSO2Generator on SMP. Please find details below:

  • SMP3.0 SP08
  • Backend is an SAP Netweaver Gateway
  • The SSO technique for my application in the Cockpit is configured as SSO2
  • The application has a security profile composed by 2 authentication providers:
    • LDAP/AD
    • SSO2Generator
  • I'm testing my configuration through a REST client (postman)

I followed every single step of this guide


I'm able to authenticate and register a user, but when I try to request data I get an HTTP403 error

Here is my log

#2.0#2016-05-31 07:45:14.868#+0:00#DEBUG#RequestResponse###Serviceability#1464680714385329#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#org.eclipse.virgo.web.enterprise.services.accessor.WebAppBundleClassLoaderDelegateHook:doFindApiClass#TESTSWFM1#######643###Exception occurred while trying to find class [com.sap.mobile.platform.server.proxy.core.handler.DirectProxy]. Exception message: com.sap.mobile.platform.server.proxy.core.handler.DirectProxy#

#2.0#2016-05-31 07:45:14.853#+0:00#DEBUG#RequestResponse###Other#1464680714385322#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor126:invoke#TESTSWFM1#######643###No SsoContext found.#

#2.0#2016-05-31 07:45:14.853#+0:00#DEBUG#RequestResponse###Serviceability#1464680714385324#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#org.eclipse.virgo.web.enterprise.services.accessor.WebAppBundleClassLoaderDelegateHook:doFindApiClass#TESTSWFM1#######643###Exception occurred while trying to find class [com.sap.mobile.platform.server.proxy.core.handler.DirectProxy]. Exception message: com.sap.mobile.platform.server.proxy.core.handler.DirectProxy#

#2.0#2016-05-31 07:45:14.837#+0:00#DEBUG#RequestResponse###Other#1464680714385317#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor126:invoke#TESTSWFM1#######643###get SsoContext for configs: #

#2.0#2016-05-31 07:45:14.837#+0:00#DEBUG#RequestResponse###Other#1464680714385318#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor124:invoke#TESTSWFM1#######643###SsoConfiguration: %s#

#2.0#2016-05-31 07:45:14.837#+0:00#DEBUG#RequestResponse###Other#1464680714385320#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor124:invoke#TESTSWFM1#######643###No NamedCredential found for MYSAPSSO2#

#2.0#2016-05-31 07:45:14.837#+0:00#DEBUG#RequestResponse###Other#1464680714385321#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor126:invoke#TESTSWFM1#######643###No SSO2 token found.#

#2.0#2016-05-31 07:45:14.821#+0:00#DEBUG#RequestResponse###Other#1464680714385309#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor125:invoke#TESTSWFM1#######643###header: key=cache-control    value=no-cache#

#2.0#2016-05-31 07:45:14.821#+0:00#DEBUG#RequestResponse###Other#1464680714385310#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor125:invoke#TESTSWFM1#######643###header: key=postman-token    value=697db856-5ad6-bd1f-af63-805db9e3d668#

#2.0#2016-05-31 07:45:14.821#+0:00#DEBUG#RequestResponse###Other#1464680714385311#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor125:invoke#TESTSWFM1#######643###header: key=accept    value=*/*#

#2.0#2016-05-31 07:45:14.821#+0:00#DEBUG#RequestResponse###Other#1464680714385312#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor125:invoke#TESTSWFM1#######643###header: key=accept-encoding    value=gzip, deflate, sdch#

#2.0#2016-05-31 07:45:14.806#+0:00#INFO#RequestResponse###Other#1464680714385303#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor271:invoke#TESTSWFM1#######643###URL rewrite in SMP enabled?: true#

#2.0#2016-05-31 07:45:14.806#+0:00#DEBUG#RequestResponse###Other#1464680714385305#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor124:invoke#TESTSWFM1#######643###----Application Id sent from client is-------- swfm_ssogen#

#2.0#2016-05-31 07:45:14.79#+0:00#DEBUG#RequestResponse###Other#1464680714385297#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor125:invoke#TESTSWFM1#######643###Start handling request, using stream buffer size 65536 and inProxy Compression is false#

Forbidden No matched SSO credentials is found for not allowAnonymousAccess endpoint [swfm_ssogen]

Could you please help me?

Show replies
Show replies
Answer
View Entire Topic
Former Member
‎05-31-2016 11:40 AM
0 Kudos

Hey guys I finally got a solution

It was an issue related to the Control Flag of the LDAP/AD authentication provider. I set it up to "Sufficient" and this was generating the error. Changing the flag to "Required" (or other value) does the trick.

Is it a SMP bug?

Show replies
Show replies
nageshcaparthy
Product and Topic Expert
Product and Topic Expert
‎05-31-2016 11:52 AM
0 Kudos

Good...!!!

Looks like something missing configurations. I have the flag set to Optional and its working fine for me. Not a bug for sure.

Regards,

Nagesh

Ask a Question