on 07-23-2014 4:35 AM
Hi,
we are try sapssext java example to generate sso ticket and save to sapshortcut file to sso abap server, but server responses "Issuer of SSO ticket is not authorized" .
We has config server parameters e
login/accept_sso2_ticket = 1
login/create_sso2_ticket = 2
and import certificate and set acl ok.
On target ecc system, I switched on the sm50(level 3) trace and found the following error:
M PfSetActDBConRec: record found for dbcon <>
M PfStatBegin: open DBCON rec with opcode 10
M PfStatEnd: close DBCON rec after opcode 10
B } db_xrtab( fcode = 'RT_READ_ONLY', retcode = 64 )
N No entry in TWPSSO2ACL for SYS and CLI .
N CheckSubject failed (rc=19). Verifying if ticket was issued by me.
N *** ERROR => System ID and client from ticket are not the same than mine. [ssoxxkrn.c 1065]
N {root-id=56F2022A1D251EE484B95DA770743FB6}_{conn-id=00000000000000000000000000000000}_0
N Data from ticket: sysid= , client=
N My system data: sysid=ITS , client=001
N *** ERROR => Neither was ticket issued by myself nor can I find issuer in TWPSSO2ACL (see note 1055856). [ssoxxkrn.c 1071]
N {root-id=56F2022A1D251EE484B95DA770743FB6}_{conn-id=00000000000000000000000000000000}_0
N dy_signi_ext: ticket issuer not trusted
B { db_rtab( fcode = 'RT_READ_ONLY', tname = 'TSL1D' ) {rsauwri2.c:398}
B NTAB: db_ntab(): NT_RDTDESCR: tabname: TSL1D , fieldname: , fieldnumber: 0
B NTAB: procure_2(): art: 3, tabname: TSL1D
B NTAB: fetch_entry(): art: 3, tabname: TSL1D
B NTAB: T_search(): tabname: TSL1D , hval: 26883
B NTAB: db_ntab(): returning 0
data from ticket sysid and client are empty, so the server can not match in TWPSSO2ACL.
Thanks in advance,
I'm sure the problem is the codepage 4110 utf8 transfer to 4103 .
and test 1100 to 4103 is ok .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
from the trace file , we can see the ticket is valid.
N 00000270 77 fc 99 5f 4c 1a cf f0 15 ae ed fe bc a5 f2 e7 wü._L.Ïð.®íþ¼¥òç
N 00000280 76 eb 1a de c5 e7 77 2f dc e2 aa 54 f1 16 9a 29 vë.ÞÅçw/ÜâªTñ..)
N 00000290 ed 12 d2 96 d6 2f 65 a7 b9 3d í.Ò.Ö/e§¹=
N ValidateTicket succeeded.
N Convert ticket content from SAP_CODEPAGE >4110< to >4103<
M TrWriteEntry: recType=104
M TrWriteEntry: recType=104
M TrWriteEntry: recType=104
but get sysid and client from content is empty or space
N 00000100 00 00 13 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
N 00000110 70 30 5e 4b 00 00 00 00 p0^K....
N Got content client = .
N Got content sysid = .
B { db_xrtab( fcode = 'RT_READ_ONLY', tname = 'TWPSSO2ACL' ) {ssoxxkrn.c:1837}
so,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
and the ticket parsed in client side follow:
The ticket
AjQxMTABAAVVU0VSMQIAAzAwMQMAA1gwOQQADDIwMTQwNzIzMDMxMwcABAAAAAIIAAEBCQABRQ8AAzAwMRAAA0lUUyAADHBvcnRhbDpVU0VSMYgAE2Jhc2ljYXV0aGVudGljYXRpb27/AdcwggHTBgkqhkiG9w0BBwKgggHEMIIBwAIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYIBnzCCAZsCAQEwGTAOMQwwCgYDVQQDEwNYMDkCByAUByEINTEwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE0MDcyMzAzMTMxNlowIwYJKoZIhvcNAQkEMRYEFDAAOeUpFSNzxeJdc8PWLJJ56DBLMA0GCSqGSIb3DQEBBQUABIIBAEZcdKgmZ/KRXOKO6ZqSiUYsELp4hVd88Y!mBWBrit/WKZUqs2KNlJDJB0zqaF6N3W8SRGqM9AVLrWa767Me13QmkIZUoJ6XkGOUQOp4VFIK2kTNm0DQbidW/bKKsOAB7yBBTdItMjmf9l0hJRf!76q67UHh3NWQpoh8bxNa5p4SzLlNMe3Fu5ysGkPx9slLcNPxWf/QDOkvH7V3EjSpgBI3csy!W0FoeWa5!GANRyotAHuylhKPdTvOpWqlFTVxzvr2VoQcNyS5v0CIgn!XUBa3Jdm98ZPQ7P4781ugVgTExomr48FqvnGwm/8npqy6hm4IjK4NiTu9YFv6xnwR/nc=
was successfully validated.
Type : SAP Assertion Ticket
User : USER1
Ident of ticket issuing system:
Sysid : X09
Client : 001
External ident of user:
PortalUsr: USER1
Auth : basicauthentication
Ticket validity in seconds:
Valid (s): 120
Certificate data of issuing system:
Subject : CN=X09
Issuer : CN=X09
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.