cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authentication-Problem with Destination

Go to solution
Former Member

on ‎06-16-2015 1:51 PM

0 Kudos

Hello Experts,

we have some problems with configuring the UWL-function "Refresh completed items". I could localize the problem to the used WebFlowConnector-Destination.

If we use for authentication of the current user "LogOn Ticket", then the following Exception

Problem occured while jco connecting or trying to invoke jco methodSUWL_NOTIF_START_WORKITEMS_MONjava.lang.Exception: Problem occured while creating JCO client for destination: xxxx

is raised.

I found some Information, that JCo 3.0 could not work with SAP-LogonTickets. So my first question

     1) Where can I found the version number in the NWA?

If we use for authentication of the current user "Assertion Ticket", then the following Exception

#2.0 #2015 03 25 11:12:01:138#+0100#Error#com.sap.engine.services.security.authentication.loginmodule.ticket#

#BC-JAS-SEC#security#C0000AB00014000B00000061000012CC#3347151000007680#sap.com/com.sap.netweaver.bc.uwl#com.sap.engine.services.security.authentication.loginmodule.ticket#Guest#0##87CAF98BCD6911E496A40000003312CF#87caf98bcd6911e496a40000003312cf#87caf98bcd6911e496a40000003312cf#0#Thread[UWL Pooled Thread:3,5,ApplicationThreadGroup]#Plain##

Error while creating assertion ticket on demand. No logged in user found.#

#2.0 #2015 03 25 11:12:01:138#+0100#Error#com.sap.security.core.server.destinations.lib.AssertionTicketRetriever$GetAssertionTicketPrivAction#

#BC-JAS-SEC#security.class#C0000AB00014000B00000062000012CC#3347151000007680#sap.com/com.sap.netweaver.bc.uwl#com.sap.security.core.server.destinations.lib.AssertionTicketRetriever$GetAssertionTicketPrivAction.run()#Guest#0##87CAF98BCD6911E496A40000003312CF#87caf98bcd6911e496a40000003312cf#87caf98bcd6911e496a40000003312cf#0#Thread[UWL Pooled Thread:3,5,ApplicationThreadGroup]#Plain##

An error occurred while trying to generate an SAP authentication assertion ticket.

[EXCEPTION]

java.lang.reflect.InvocationTargetException

    at sun.reflect.GeneratedMethodAccessor611.invoke(Unknown Source)

    ...


is raised. In the called backendsystem we get a

CALL_FUNCTION_SIGNON_INCOMPL-DUMP

So the second question is:

     2) Where can I look for further investigation?

I am out of ideas.

Some informations beside.

We use SAML2 for authentification. In the Portal System Landscape we configured for the Logon Method in the User Managment Section "SAPLOGONTICKET" with "Authentication Ticket Type = SAP Logon Ticket". If we here choose SAML2 for Logon Methode, the UWL-IView throws an other error:

The attribute "logonmethod" of the backend system with alias ""xxxx" (system landscape: "EnterprisePortal")" has the invalid value "SAML 2.0".
Cannot provide authentication data for user "xxxxxxxx" (unique ID: "USER.PRIVATE_DATASOURCE.un:xxxx") and the specified backend system.
Please adjust the value of the system attribute. Supported values are "SAPLOGONTICKET", "UIDPW" and "X509CERT".

SAP Service says, that UWL could not work with SAML2 so, you we configured it with SAPPLOGONTICKET.

     3) Could this be relevant?

Thanks for replies and Greetings

Thomas

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-24-2015 12:00 PM
0 Kudos

I'm facing exactly the same issue with NW Portal 7.40 SPS 10 (+ Java Patches up to 06/2015):

Backend systems are EPR 6.06/7.31 and SRM 7.03/7.40.

If found that the UWL items are refreshed when setting destination e.g. "SAP_SRM$WebFlowConnector" to assertion ticket despite of the dump "CALL_FUNCTION_SIGNON_INCOMPL". When I set the destination to Logon Ticket again, the UWL is still working ("Problem occured while creating JCO client" is gone temporarily) until the system is restarted.

If anyone finds a solution, please share.

Cheers

Paul

Show replies
Show replies
Former Member
‎08-12-2015 12:17 PM
0 Kudos

Hello Paul,

after month of search and changing between Assertion Ticket and Login Ticket, I open a message to SAP. They told me, that UWL is not designed for Assertion Tickets. You have to configure a technical user. We use for this the standard uwl_service - User. This user need the SAP_BC_UWL_SERVICE - Role in the backend. And for the ping-test the RFCPING - Permission. Then everything should be fine.

We are by now in the testing-phase, but at this point everything looks fine. I think the help.sap.com documentation is at this point not realy clear.

Greetings,

Thomas

Answers (1)

Answers (1)

hemanth2
Product and Topic Expert
Product and Topic Expert
‎06-16-2015 2:11 PM
0 Kudos

Dear Thomas,

 

Hope you are doing good.

Nice to hear from you again.

Not sure where you got the info that JCo 3.0 does not work with logon tickets; this is incorrect. Not sure which SAP release you are using, but just check the DC :tc~com.sap.conn.jco or com.sap.mw.jco (i using 7.0 release) in the system info to get the JCo version. Please see note  2049836 ; this is related to your issue.

   

Hope this helps.

_ _ _ _ _ _ _ _ _

Kind Regards,

Hemanth
SAP Active Global Support

_ _ _ _ _ _ _ _ _
 

Show replies
Show replies
Former Member
‎06-16-2015 2:45 PM
0 Kudos

Hello Hemanth,

thanks for your reply. We use the Enterprise Portal on a NW 7.31 Installation.

The Information I found here in the SCN, but don't ask me were. I looked at the note your recommendet, but thats not our problem. The IView receives the Items from the Backend, but the function "Refresh completed Items" causes these errors for the "Assertion Tickets".

LogWatch shows

Jun 16, 2015 3:32:32 PM Guest 0 com.sap.engine.services.security.authentication.loginmodule.ticket [Thread[UWL Pooled Thread:4,5,ApplicationThreadGroup]] Info: Creating assertion ticket with parameters: recipientSID - [Q01], recipientClient - [101]
Jun 16, 2015 3:32:32 PM Guest 0 com.sap.engine.services.security.authentication.loginmodule.ticket [Thread[UWL Pooled Thread:4,5,ApplicationThreadGroup]] Error: Error while creating assertion ticket on demand. No logged in user found

It seems, that the UWL Pooled Thread dont run in "Userspace", when I can call it so.

Greetings,

Thomas

Former Member
‎06-19-2015 10:42 AM
0 Kudos

Thomas, you can analyze authenticating issues by creating a security trace in NWA. However, this is a BASIS issue, could something like

cheers

Ask a Question