We run SAP Netweaver on a Windows system with Timezone ( "GMT + 1" + "Daylight Saving" ) and on Unix systems with Timezone "CEsT".

The Users SAP timezone is "GMT + 1", there is no "Daylight Saving" option to choose.

The "Assertion Tickets" issued by these systems have a lifetime of 3720 seconds:

3720 = 120 seconds ordinary assertion ticket lifetime + 1h.

Why is an hour added? Is it because of the "GMT + 1" or because of "Daylight Saving"?

Now our problem:

If we try to assert the ticket on a "non-sap" Windows system with the "sapsecu.dll" and "sapssoext" everything's perfect.

No mather if the ticket had issued by the Unix or the Windows Netweaver Installation.

All tickets have a lifetime of 3720 seconds.

But if we try to assert the same tickets on a "non-sap" Unix System we get the error message "ticket expired".

And now the clue:

To isolate the problem we limited the lifetime of the "SAP Logon Tickets" to 120 seconds.

This results in the same behavior as described above: Lifetime = 3720 seconds.

And the tickets are no longer accepted by the Unix system that needs to assert the tickets.

Then we increased the lifetime to 1h and 2 minutes.

And now guess what happend:

Ticket lifetime: 7320 seconds.

This ticket now was valid for two minutes on the Unix System that asserts the tickets.

Conclusion:

We're now GMT+2 and everyting works.

The crucial questions are:

Where do we lose 1h hour?

Is the internal ticket lifetime based on "GMT"?

What impact results of "Daylight Saving" and "CEsT"?

Edited by: Urs Hürlimann on Jul 1, 2008 9:44 AM

Edited by: Urs Hürlimann on Jul 1, 2008 9:47 AM

Here's a successful trace out of a windows-based asserter:

extract from:

trc file: "c:\temp\ssolog.txt", trc level: 3, release: "640"

sapssoext.dll = version: 6400, 177, 13, 47565

sapsecu.dll = version: 5.4.28.pl.5

Thr 5064 Tue Jul 01 13:40:32 2008 CEsT

Thr 5064 Validation succeeded...

Thr 5064 Got date 200807011139 from ticket.

Thr 5064 Cur time = 200807011140.

Thr 5064 Computing validity in hours.

Thr 5064 Computing validity in minutes.

Thr 5064 CurTime_t = 1214998800, CreTime_t = 1214998740

Thr 5064 validity: 120, difference: 60.000.

Thr 5064 Evaluating user...

Thr 5064 Evaluating Client ...

Thr 5064 Evaluating Sysid ...

Thr 5064 Evaluating Portal User "portal:e0000400" ...

Thr 5064 Evaluating AuthSchema...

Thr 5064 Evaluating creation time...

Thr 5064 Computing validity in minutes.

Thr 5064 validity: 120, difference: -3540.000.

Thr 5064 Evaluating certificate with length 575

Thr 5064 Preparing for cleanup.

Thr 5064 End of function MySapEvalLogonTicketEx.

Ticket validity in seconds:

Valid (s): 3660

CurTime_t = Wed, 02 Jul 2008 11:40:00 UTC

CreTime_t = Wed, 02 Jul 2008 11:39:00 UTC

was successfully validated.

User : E0000400

Ident of ticket issuing system:

Sysid : E00

Client : 000

External ident of user:

PortalUsr: e0000400

Auth : default

Ticket validity in seconds:

Valid (s): 3660

Certificate data of issuing system:

Subject : OU=J2EE, CN=E00

Issuer : OU=J2EE, CN=E00

In my opinion the ticket IS an "asserter ticket", it has a validity of: 120s

A trace from the aix-based asserter will follow soon...

Dear Wolfgang

Sorry for my delay.

We did some trace analysis, please have a look at the following trace files.

Especially look at:

Win: validity: 120, difference: -3480.000.

AIX: validity: 120, difference: 3720.000.

Kind regards

Urs

trc file: "c:\temp\ssolog.txt", trc level: 3, release: "640"

-

"Thr 5312" MySapEvalLogonTicketEx was called.

"Thr 5312" Unconverted Ticket is the following: AjExMDAgAA9wb3J0YWw6RTAwMDA0MDCIAAdkZWZhdWx0EAADV0xTDwADMDAxCAABAQEACEUwMDAwNDAwAgADMDAwAwADUzUwBAAMMjAwODA3MDMwOTE4BwAEAAAAAgoACEUwMDAwNDAw%2FwEFMIIBAQYJKoZIhvcNAQcCoIHzMIHwAgEBMQswCQYFKw4DAhoFADALBgkqhkiG9w0BBwExgdAwgc0CAQEwIjAdMQwwCgYDVQQDEwNTNTAxDTALBgNVBAsTBEoyRUUCAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA4MDcwMzA5MTg1MlowIwYJKoZIhvcNAQkEMRYEFPoQw28O4qu98dOGLjvU6FAdQ81DMAkGByqGSM44BAMELzAtAhQ5z0e6BOwCc9A9nDYayvSqun5PtgIVAIf1F7g1mpGZ1mHWse0c19HAgS3s

."Thr 5312" Initialized variables...

"Thr 5312" Preparing InContext...

"Thr 5312" Ticket is the following: AjExMDAgAA9wb3J0YWw6RTAwMDA0MDCIAAdkZWZhdWx0EAADV0xTDwADMDAxCAABAQEACEUwMDAwNDAwAgADMDAwAwADUzUwBAAMMjAwODA3MDMwOTE4BwAEAAAAAgoACEUwMDAwNDAw%2FwEFMIIBAQYJKoZIhvcNAQcCoIHzMIHwAgEBMQswCQYFKw4DAhoFADALBgkqhkiG9w0BBwExgdAwgc0CAQEwIjAdMQwwCgYDVQQDEwNTNTAxDTALBgNVBAsTBEoyRUUCAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA4MDcwMzA5MTg1MlowIwYJKoZIhvcNAQkEMRYEFPoQw28O4qu98dOGLjvU6FAdQ81DMAkGByqGSM44BAMELzAtAhQ5z0e6BOwCc9A9nDYayvSqun5PtgIVAIf1F7g1mpGZ1mHWse0c19HAgS3s

."Thr 5312" Profile is the following: c:\temp\verify_h50a090.pse

."Thr 5312" Password is the following: (NULL)

"Thr 5312" Just before Validation...

"Thr 5312" Dump of InContext "ssoxxapi.c 156"

"Thr 5312" 00000000 34 31 31 30 f4 c3 07 00 40 48 2c 10 4c c6 07 00 4110....@H,.L...

"Thr 5312" 00000010 ec 01 00 00 00 00 00 00 00 00 00 00 ............

"Thr 5312" Copies from InContext->Format: PKCS7 "ssoxxapi.c 163"

"Thr 5312" Copies from InContext->pzcsProName: c:\temp\verify_h50a090.pse "ssoxxapi.c 166"

"Thr 5312" DecodeB64Len returns 0. iDecLength=369

"Thr 5312" Dump of Decoded ticket: "ssoxxapi.c 188"

"Thr 5312" 00000000 02 31 31 30 30 20 00 0f 70 6f 72 74 61 6c 3a 45 .1100 ..portal:E

"Thr 5312" 00000010 30 30 30 30 34 30 30 88 00 07 64 65 66 61 75 6c 0000400...defaul

"Thr 5312" 00000020 74 10 00 03 57 4c 53 0f 00 03 30 30 31 08 00 01 t...WLS...001...

"Thr 5312" 00000030 01 01 00 08 45 30 30 30 30 34 30 30 02 00 03 30 ....E0000400...0

"Thr 5312" 00000040 30 30 03 00 03 53 35 30 04 00 0c 32 30 30 38 30 00...S50...20080

"Thr 5312" 00000050 37 30 33 30 39 31 38 07 00 04 00 00 00 02 0a 00 7030918.........

"Thr 5312" 00000060 08 45 30 30 30 30 34 30 30 ff 01 05 30 82 01 01 .E0000400...0...

"Thr 5312" 00000070 06 09 2a 86 48 86 f7 0d 01 07 02 a0 81 f3 30 81 ..*.H.........0.

"Thr 5312" 00000080 f0 02 01 01 31 0b 30 09 06 05 2b 0e 03 02 1a 05 ....1.0...+.....

"Thr 5312" 00000090 00 30 0b 06 09 2a 86 48 86 f7 0d 01 07 01 31 81 .0...*.H......1.

"Thr 5312" 000000A0 d0 30 81 cd 02 01 01 30 22 30 1d 31 0c 30 0a 06 .0.....0"0.1.0..

"Thr 5312" 000000B0 03 55 04 03 13 03 53 35 30 31 0d 30 0b 06 03 55 .U....S501.0...U

"Thr 5312" 000000C0 04 0b 13 04 4a 32 45 45 02 01 00 30 09 06 05 2b ....J2EE...0...+

"Thr 5312" 000000D0 0e 03 02 1a 05 00 a0 5d 30 18 06 09 2a 86 48 86 ......."0...*.H.

"Thr 5312" 000000E0 f7 0d 01 09 03 31 0b 06 09 2a 86 48 86 f7 0d 01 .....1...*.H....

"Thr 5312" 000000F0 07 01 30 1c 06 09 2a 86 48 86 f7 0d 01 09 05 31 ..0...*.H......1

"Thr 5312" 00000100 0f 17 0d 30 38 30 37 30 33 30 39 31 38 35 32 5a ...080703091852Z

"Thr 5312" 00000110 30 23 06 09 2a 86 48 86 f7 0d 01 09 04 31 16 04 0#..*.H......1..

"Thr 5312" 00000120 14 fa 10 c3 6f 0e e2 ab bd f1 d3 86 2e 3b d4 e8 ....o........;..

"Thr 5312" 00000130 50 1d 43 cd 43 30 09 06 07 2a 86 48 ce 38 04 03 P.C.C0...*.H.8..

"Thr 5312" 00000140 04 2f 30 2d 02 14 39 cf 47 ba 04 ec 02 73 d0 3d ./0-..9.G....s.=

"Thr 5312" 00000150 9c 36 1a ca f4 aa ba 7e 4f b6 02 15 00 87 f5 17 .6.....~O.......

"Thr 5312" 00000160 b8 35 9a 91 99 d6 61 d6 b1 ed 1c d7 d1 c0 81 2d .5....a........-

"Thr 5312" 00000170 ec .

"Thr 5312" Read version.

"Thr 5312" Read Codepage.

"Thr 5312" Read InfoUnit (0x20).

"Thr 5312" Read length (15).

"Thr 5312" Read contents.

"Thr 5312" Read InfoUnit (0x88).

"Thr 5312" Read length (7).

"Thr 5312" Read contents.

"Thr 5312" Read InfoUnit (0x10).

"Thr 5312" Read length (3).

"Thr 5312" Read contents.

"Thr 5312" Read InfoUnit (0x0F).

"Thr 5312" Read length (3).

"Thr 5312" Read contents.

"Thr 5312" Read InfoUnit (0x08).

"Thr 5312" Read length (1).

"Thr 5312" Read contents.

"Thr 5312" Read InfoUnit (0x01).

"Thr 5312" Read length (8).

"Thr 5312" Read contents.

"Thr 5312" Read InfoUnit (0x02).

"Thr 5312" Read length (3).

"Thr 5312" Read contents.

"Thr 5312" Read InfoUnit (0x03).

"Thr 5312" Read length (3).

"Thr 5312" Read contents.

"Thr 5312" Read InfoUnit (0x04).

"Thr 5312" Read length (12).

"Thr 5312" Read contents.

"Thr 5312" Read InfoUnit (0x07).

"Thr 5312" Read length (4).

"Thr 5312" Read contents.

"Thr 5312" Read InfoUnit (0x0A).

"Thr 5312" Read length (8).

"Thr 5312" Read contents.

"Thr 5312" Read InfoUnit (0xFF).

"Thr 5312" ParseTicket returns 0. "ssoxxapi.c 200"

"Thr 5312" Bytes processed: 106 "ssoxxapi.c 203"

"Thr 5312" Argument Dump for ticket verification:

"Thr 5312" Content byte stream:

"Thr 5312" 00000000 02 31 31 30 30 20 00 0f 70 6f 72 74 61 6c 3a 45 .1100 ..portal:E

"Thr 5312" 00000010 30 30 30 30 34 30 30 88 00 07 64 65 66 61 75 6c 0000400...defaul

"Thr 5312" 00000020 74 10 00 03 57 4c 53 0f 00 03 30 30 31 08 00 01 t...WLS...001...

"Thr 5312" 00000030 01 01 00 08 45 30 30 30 30 34 30 30 02 00 03 30 ....E0000400...0

"Thr 5312" 00000040 30 30 03 00 03 53 35 30 04 00 0c 32 30 30 38 30 00...S50...20080

"Thr 5312" 00000050 37 30 33 30 39 31 38 07 00 04 00 00 00 02 0a 00 7030918.........

"Thr 5312" 00000060 08 45 30 30 30 30 34 30 30 .E0000400

"Thr 5312"

Signature byte stream:

"Thr 5312" 00000000 30 82 01 01 06 09 2a 86 48 86 f7 0d 01 07 02 a0 0.....*.H.......

"Thr 5312" 00000010 81 f3 30 81 f0 02 01 01 31 0b 30 09 06 05 2b 0e ..0.....1.0...+.

"Thr 5312" 00000020 03 02 1a 05 00 30 0b 06 09 2a 86 48 86 f7 0d 01 .....0...*.H....

"Thr 5312" 00000030 07 01 31 81 d0 30 81 cd 02 01 01 30 22 30 1d 31 ..1..0.....0"0.1

"Thr 5312" 00000040 0c 30 0a 06 03 55 04 03 13 03 53 35 30 31 0d 30 .0...U....S501.0

"Thr 5312" 00000050 0b 06 03 55 04 0b 13 04 4a 32 45 45 02 01 00 30 ...U....J2EE...0

"Thr 5312" 00000060 09 06 05 2b 0e 03 02 1a 05 00 a0 5d 30 18 06 09 ...+......."0...

"Thr 5312" 00000070 2a 86 48 86 f7 0d 01 09 03 31 0b 06 09 2a 86 48 .H......1....H

"Thr 5312" 00000080 86 f7 0d 01 07 01 30 1c 06 09 2a 86 48 86 f7 0d ......0...*.H...

"Thr 5312" 00000090 01 09 05 31 0f 17 0d 30 38 30 37 30 33 30 39 31 ...1...080703091

"Thr 5312" 000000A0 38 35 32 5a 30 23 06 09 2a 86 48 86 f7 0d 01 09 852Z0#..*.H.....

"Thr 5312" 000000B0 04 31 16 04 14 fa 10 c3 6f 0e e2 ab bd f1 d3 86 .1......o.......

"Thr 5312" 000000C0 2e 3b d4 e8 50 1d 43 cd 43 30 09 06 07 2a 86 48 .;..P.C.C0...*.H

"Thr 5312" 000000D0 ce 38 04 03 04 2f 30 2d 02 14 39 cf 47 ba 04 ec .8.../0-..9.G...

"Thr 5312" 000000E0 02 73 d0 3d 9c 36 1a ca f4 aa ba 7e 4f b6 02 15 .s.=.6.....~O...

"Thr 5312" 000000F0 00 87 f5 17 b8 35 9a 91 99 d6 61 d6 b1 ed 1c d7 .....5....a.....

"Thr 5312" 00000100 d1 c0 81 2d ec ...-.

"Thr 5312" Encoded content byte stream:

"Thr 5312" 00000000 30 78 06 09 2a 86 48 86 f7 0d 01 07 01 a0 6b 04 0x..*.H.......k.

"Thr 5312" 00000010 69 02 31 31 30 30 20 00 0f 70 6f 72 74 61 6c 3a i.1100 ..portal:

"Thr 5312" 00000020 45 30 30 30 30 34 30 30 88 00 07 64 65 66 61 75 E0000400...defau

"Thr 5312" 00000030 6c 74 10 00 03 57 4c 53 0f 00 03 30 30 31 08 00 lt...WLS...001..

"Thr 5312" 00000040 01 01 01 00 08 45 30 30 30 30 34 30 30 02 00 03 .....E0000400...

"Thr 5312" 00000050 30 30 30 03 00 03 53 35 30 04 00 0c 32 30 30 38 000...S50...2008

"Thr 5312" 00000060 30 37 30 33 30 39 31 38 07 00 04 00 00 00 02 0a 07030918........

"Thr 5312" 00000070 00 08 45 30 30 30 30 34 30 30 ..E0000400

"Thr 5312" Verify returns 0 "ssoxxsgn.c 189"

"Thr 5312" Certificate is:

"Thr 5312" 00000000 30 82 02 3b 30 82 02 26 02 01 00 30 09 06 07 2a 0..;0..&...0...*

"Thr 5312" 00000010 86 48 ce 38 04 03 30 1d 31 0c 30 0a 06 03 55 04 .H.8..0.1.0...U.

"Thr 5312" 00000020 03 13 03 53 35 30 31 0d 30 0b 06 03 55 04 0b 13 ...S501.0...U...

"Thr 5312" 00000030 04 4a 32 45 45 30 1e 17 0d 30 37 30 37 30 32 31 .J2EE0...0707021

"Thr 5312" 00000040 31 34 32 33 34 5a 17 0d 32 37 30 37 30 32 31 31 14234Z..27070211

"Thr 5312" 00000050 34 32 33 34 5a 30 1d 31 0c 30 0a 06 03 55 04 03 4234Z0.1.0...U..

"Thr 5312" 00000060 13 03 53 35 30 31 0d 30 0b 06 03 55 04 0b 13 04 ..S501.0...U....

"Thr 5312" 00000070 4a 32 45 45 30 82 01 b6 30 82 01 2b 06 07 2a 86 J2EE0...0..+..*.

"Thr 5312" 00000080 48 ce 38 04 01 30 82 01 1e 02 81 81 00 82 7d d4 H.8..0........}.

"Thr 5312" 00000090 9c a2 05 69 84 e9 83 71 b1 34 0d 5d 71 83 92 85 ...i...q.4."q...

"Thr 5312" 000000A0 b2 5a ca a3 82 d7 ac 38 6e 94 40 84 3f 0a 46 7a .Z.....8n.@.?.Fz

"Thr 5312" 000000B0 a8 75 a8 c1 ca 3b 70 ba 6a 97 07 12 f6 b1 99 ed .u...;p.j.......

"Thr 5312" 000000C0 3e ec 53 13 f3 94 0a 67 bb d6 9f 38 72 29 61 ab >.S....g...8r)a.

"Thr 5312" 000000D0 02 3d 17 a1 33 3c 52 23 5d 9f b7 d1 0e 95 e3 a5 .=..3<R#".......

"Thr 5312" 000000E0 5e f9 b0 4f c7 c9 20 c5 72 da 7a c3 d5 0f 24 0d ^..O.. .r.z...$.

"Thr 5312" 000000F0 bb 8e 54 da 9e bb 70 21 11 c5 35 82 e5 35 85 2e ..T...p!..5..5..

"Thr 5312" 00000100 9f 59 39 79 b3 32 50 c8 86 83 96 19 17 02 15 00 .Y9y.2P.........

"Thr 5312" 00000110 fa 50 79 da fa 3f 3a b1 e8 0a 6d f5 bd 16 f2 24 .Py..?:...m....$

"Thr 5312" 00000120 d8 f8 d7 1b 02 81 80 4f bd f5 2e 33 04 f0 51 c1 .......O...3..Q.

"Thr 5312" 00000130 7c a5 5c 93 81 b5 c1 7d 4c 20 50 76 85 34 50 cf |.\....}L Pv.4P.

"Thr 5312" 00000140 d9 fc 72 b2 e1 b2 b1 6f a0 10 48 b8 ff 17 e7 a9 ..r....o..H.....

"Thr 5312" 00000150 0a e1 e0 18 05 3e 34 d9 d5 61 df 71 4c c8 dc 92 .....>4..a.qL...

"Thr 5312" 00000160 b1 51 b5 df 66 59 70 6b 5e 57 c3 19 a2 d6 58 3b .Q..fYpk^W....X;

"Thr 5312" 00000170 7d 32 d2 e9 e1 f1 66 3e aa ac 46 0d cd 4e 67 70 }2....f>..F..Ngp

"Thr 5312" 00000180 36 f7 f9 be 0b 2e 16 a0 5d 69 5d 5b 81 13 a9 03 6......."i""....

"Thr 5312" 00000190 cb 38 63 56 1a bd 36 4a 5d 6c 15 66 17 fa 10 a3 .8cV..6J"l.f....

"Thr 5312" 000001A0 20 99 e1 d2 34 77 13 03 81 84 00 02 81 80 5c a5 ...4w........\.

"Thr 5312" 000001B0 41 c8 31 99 f2 ff a7 20 be 01 2d 80 4b 7e e9 45 A.1.... ..-.K~.E

"Thr 5312" 000001C0 80 72 c9 59 52 28 af 76 57 0b 08 ae ec 75 db 19 .r.YR(.vW....u..

"Thr 5312" 000001D0 dc 06 db e8 2a 2e 0b 55 11 09 76 ff a9 ad f3 5c ....*..U..v....\

"Thr 5312" 000001E0 f3 c5 bf 23 db 6e fd ea 85 81 78 ad 2a 05 2d 83 ...#.n....x.*.-.

"Thr 5312" 000001F0 12 91 ff f0 a0 bb 79 c3 0e cb 37 f8 dc 05 31 38 ......y...7...18

"Thr 5312" 00000200 c3 1b 5b 61 64 19 4e b1 60 d2 7e b7 a8 51 d6 6e .."ad.N.`.~..Q.n

"Thr 5312" 00000210 36 1e fc ce 6a 78 20 c3 e6 54 1f 0d 68 c0 db 61 6...jx ..T..h..a

"Thr 5312" 00000220 c5 84 63 15 d4 19 36 94 56 03 2f 2e 3b 89 30 0c ..c...6.V./.;.0.

"Thr 5312" 00000230 06 08 2a 86 48 86 f7 0d 02 05 05 00 03 01 00 ..*.H..........

"Thr 5312" ValidateTicket returns 0. "ssoxxapi.c 226"

"Thr 5312" Validation succeeded...

"Thr 5312" Got date 200807030918 from ticket.

"Thr 5312" Cur time = 200807030920.

"Thr 5312" Computing validity in hours.

"Thr 5312" Computing validity in minutes.

"Thr 5312" CurTime_t = 1215163200, CreTime_t = 1215163080

"Thr 5312" validity: 120, difference: 120.000.

"Thr 5312" Evaluating user...

"Thr 5312" Evaluating Client ...

"Thr 5312" Evaluating Sysid ...

"Thr 5312" Evaluating Portal User "portal:E0000400" ...

"Thr 5312" Evaluating AuthSchema...

"Thr 5312" Evaluating creation time...

"Thr 5312" Computing validity in minutes.

"Thr 5312" validity: 120, difference: -3480.000.

"Thr 5312" Evaluating certificate with length 575

"Thr 5312" Preparing for cleanup.

"Thr 5312" End of function MySapEvalLogonTicketEx.

trc file: "/var/log/suva/espresso/wlss1/sso_log.txt", trc level: 3, release: "640"

-

-

-

-

-

-

-

"Thr 14393" Thu Jul 3 11:20:46 2008

"Thr 14393" MySapEvalLogonTicketEx was called.

"Thr 14393" Unconverted Ticket is the following: AjExMDAgAA9wb3J0YWw6RTAwMDA0MDCIAAdkZWZhdWx0EAADV0xTDwADMDAxCAABAQEACEUwMDAwNDAwAgADMDAwAwADUzUwBAAMMjAwODA3MDMwOTE4BwAEAAAAAgoACEUwMDAwNDAw%2FwEFMIIBAQYJKoZIhvcNAQcCoIHzMIHwAgEBMQswCQYFKw4DAhoFADALBgkqhkiG9w0BBwExgdAwgc0CAQEwIjAdMQwwCgYDVQQDEwNTNTAxDTALBgNVBAsTBEoyRUUCAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA4MDcwMzA5MTg1MlowIwYJKoZIhvcNAQkEMRYEFPoQw28O4qu98dOGLjvU6FAdQ81DMAkGByqGSM44BAMELzAtAhQ5z0e6BOwCc9A9nDYayvSqun5PtgIVAIf1F7g1mpGZ1mHWse0c19HAgS3s

."Thr 14393" Initialized variables...

"Thr 14393" Preparing InContext...

"Thr 14393" *** ERROR => SAP Codepage is invalid! Uses UTF8 for output. "ssoxxext_mt. 331"

"Thr 14393" Ticket is the following: AjExMDAgAA9wb3J0YWw6RTAwMDA0MDCIAAdkZWZhdWx0EAADV0xTDwADMDAxCAABAQEACEUwMDAwNDAwAgADMDAwAwADUzUwBAAMMjAwODA3MDMwOTE4BwAEAAAAAgoACEUwMDAwNDAw%2FwEFMIIBAQYJKoZIhvcNAQcCoIHzMIHwAgEBMQswCQYFKw4DAhoFADALBgkqhkiG9w0BBwExgdAwgc0CAQEwIjAdMQwwCgYDVQQDEwNTNTAxDTALBgNVBAsTBEoyRUUCAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA4MDcwMzA5MTg1MlowIwYJKoZIhvcNAQkEMRYEFPoQw28O4qu98dOGLjvU6FAdQ81DMAkGByqGSM44BAMELzAtAhQ5z0e6BOwCc9A9nDYayvSqun5PtgIVAIf1F7g1mpGZ1mHWse0c19HAgS3s

."Thr 14393" Profile is the following: /usr/espresso/config/wlss1/sapcerts/h50a090.pse

."Thr 14393" Password is the following: (NULL)

"Thr 14393" Just before Validation...

"Thr 14393" Dump of InContext "ssoxxapi_mt.c 156"

"Thr 14393" 00000000 34 31 31 30 78 44 04 10 f2 1a 2c e8 78 44 06 68 4110xD..ò.,èxD.h

"Thr 14393" 00000010 00 00 01 ec 00 00 00 00 00 00 00 00 ...ì........

"Thr 14393" Copies from InContext->Format: PKCS7 "ssoxxapi_mt.c 163"

"Thr 14393" Copies from InContext->pzcsProName: /usr/espresso/config/wlss1/sapcerts/h50a090.pse "ssoxxapi_mt.c 166"

"Thr 14393" DecodeB64Len returns 0. iDecLength=369

"Thr 14393" Dump of Decoded ticket: "ssoxxapi_mt.c 188"

"Thr 14393" 00000000 02 31 31 30 30 20 00 0f 70 6f 72 74 61 6c 3a 45 .1100 ..portal:E

"Thr 14393" 00000010 30 30 30 30 34 30 30 88 00 07 64 65 66 61 75 6c 0000400...defaul

"Thr 14393" 00000020 74 10 00 03 57 4c 53 0f 00 03 30 30 31 08 00 01 t...WLS...001...

"Thr 14393" 00000030 01 01 00 08 45 30 30 30 30 34 30 30 02 00 03 30 ....E0000400...0

"Thr 14393" 00000040 30 30 03 00 03 53 35 30 04 00 0c 32 30 30 38 30 00...S50...20080

"Thr 14393" 00000050 37 30 33 30 39 31 38 07 00 04 00 00 00 02 0a 00 7030918.........

"Thr 14393" 00000060 08 45 30 30 30 30 34 30 30 ff 01 05 30 82 01 01 .E0000400ÿ..0...

"Thr 14393" 00000070 06 09 2a 86 48 86 f7 0d 01 07 02 a0 81 f3 30 81 ..*.H.÷.... .ó0.

"Thr 14393" 00000080 f0 02 01 01 31 0b 30 09 06 05 2b 0e 03 02 1a 05 ð...1.0...+.....

"Thr 14393" 00000090 00 30 0b 06 09 2a 86 48 86 f7 0d 01 07 01 31 81 .0...*.H.÷....1.

"Thr 14393" 000000A0 d0 30 81 cd 02 01 01 30 22 30 1d 31 0c 30 0a 06 Ð0.Í...0"0.1.0..

"Thr 14393" 000000B0 03 55 04 03 13 03 53 35 30 31 0d 30 0b 06 03 55 .U....S501.0...U

"Thr 14393" 000000C0 04 0b 13 04 4a 32 45 45 02 01 00 30 09 06 05 2b ....J2EE...0...+

"Thr 14393" 000000D0 0e 03 02 1a 05 00 a0 5d 30 18 06 09 2a 86 48 86 ...... "0...*.H.

"Thr 14393" 000000E0 f7 0d 01 09 03 31 0b 06 09 2a 86 48 86 f7 0d 01 ÷....1...*.H.÷..

"Thr 14393" 000000F0 07 01 30 1c 06 09 2a 86 48 86 f7 0d 01 09 05 31 ..0...*.H.÷....1

"Thr 14393" 00000100 0f 17 0d 30 38 30 37 30 33 30 39 31 38 35 32 5a ...080703091852Z

"Thr 14393" 00000110 30 23 06 09 2a 86 48 86 f7 0d 01 09 04 31 16 04 0#..*.H.÷....1..

"Thr 14393" 00000120 14 fa 10 c3 6f 0e e2 ab bd f1 d3 86 2e 3b d4 e8 .ú.Ão.⫽ñÓ..;Ôè

"Thr 14393" 00000130 50 1d 43 cd 43 30 09 06 07 2a 86 48 ce 38 04 03 P.CÍC0...*.HÎ8..

"Thr 14393" 00000140 04 2f 30 2d 02 14 39 cf 47 ba 04 ec 02 73 d0 3d ./0-..9ÏGº.ì.sÐ=

"Thr 14393" 00000150 9c 36 1a ca f4 aa ba 7e 4f b6 02 15 00 87 f5 17 .6.Êôªº~O¶....õ.

"Thr 14393" 00000160 b8 35 9a 91 99 d6 61 d6 b1 ed 1c d7 d1 c0 81 2d ¸5...ÖaÖ±í.×ÑÀ.-

"Thr 14393" 00000170 ec ì

"Thr 14393" Read version.

"Thr 14393" Read Codepage.

"Thr 14393" Read InfoUnit (0x20).

"Thr 14393" Read length (15).

"Thr 14393" Read contents.

"Thr 14393" Read InfoUnit (0x88).

"Thr 14393" Read length (7).

"Thr 14393" Read contents.

"Thr 14393" Read InfoUnit (0x10).

"Thr 14393" Read length (3).

"Thr 14393" Read contents.

"Thr 14393" Read InfoUnit (0x0F).

"Thr 14393" Read length (3).

"Thr 14393" Read contents.

"Thr 14393" Read InfoUnit (0x08).

"Thr 14393" Read length (1).

"Thr 14393" Read contents.

"Thr 14393" Read InfoUnit (0x01).

"Thr 14393" Read length (8).

"Thr 14393" Read contents.

"Thr 14393" Read InfoUnit (0x02).

"Thr 14393" Read length (3).

"Thr 14393" Read contents.

"Thr 14393" Read InfoUnit (0x03).

"Thr 14393" Read length (3).

"Thr 14393" Read contents.

"Thr 14393" Read InfoUnit (0x04).

"Thr 14393" Read length (12).

"Thr 14393" Read contents.

"Thr 14393" Read InfoUnit (0x07).

"Thr 14393" Read length (4).

"Thr 14393" Read contents.

"Thr 14393" Read InfoUnit (0x0A).

"Thr 14393" Read length (8).

"Thr 14393" Read contents.

"Thr 14393" Read InfoUnit (0xFF).

"Thr 14393" ParseTicket returns 0. "ssoxxapi_mt.c 200"

"Thr 14393" Bytes processed: 106 "ssoxxapi_mt.c 203"

"Thr 14393" Argument Dump for ticket verification:

"Thr 14393" Content byte stream:

"Thr 14393" 00000000 02 31 31 30 30 20 00 0f 70 6f 72 74 61 6c 3a 45 .1100 ..portal:E

"Thr 14393" 00000010 30 30 30 30 34 30 30 88 00 07 64 65 66 61 75 6c 0000400...defaul

"Thr 14393" 00000020 74 10 00 03 57 4c 53 0f 00 03 30 30 31 08 00 01 t...WLS...001...

"Thr 14393" 00000030 01 01 00 08 45 30 30 30 30 34 30 30 02 00 03 30 ....E0000400...0

"Thr 14393" 00000040 30 30 03 00 03 53 35 30 04 00 0c 32 30 30 38 30 00...S50...20080

"Thr 14393" 00000050 37 30 33 30 39 31 38 07 00 04 00 00 00 02 0a 00 7030918.........

"Thr 14393" 00000060 08 45 30 30 30 30 34 30 30 .E0000400

"Thr 14393"

Signature byte stream:

"Thr 14393" 00000000 30 82 01 01 06 09 2a 86 48 86 f7 0d 01 07 02 a0 0.....*.H.÷....

"Thr 14393" 00000010 81 f3 30 81 f0 02 01 01 31 0b 30 09 06 05 2b 0e .ó0.ð...1.0...+.

"Thr 14393" 00000020 03 02 1a 05 00 30 0b 06 09 2a 86 48 86 f7 0d 01 .....0...*.H.÷..

"Thr 14393" 00000030 07 01 31 81 d0 30 81 cd 02 01 01 30 22 30 1d 31 ..1.Ð0.Í...0"0.1

"Thr 14393" 00000040 0c 30 0a 06 03 55 04 03 13 03 53 35 30 31 0d 30 .0...U....S501.0

"Thr 14393" 00000050 0b 06 03 55 04 0b 13 04 4a 32 45 45 02 01 00 30 ...U....J2EE...0

"Thr 14393" 00000060 09 06 05 2b 0e 03 02 1a 05 00 a0 5d 30 18 06 09 ...+...... "0...

"Thr 14393" 00000070 2a 86 48 86 f7 0d 01 09 03 31 0b 06 09 2a 86 48 .H.÷....1....H

"Thr 14393" 00000080 86 f7 0d 01 07 01 30 1c 06 09 2a 86 48 86 f7 0d .÷....0...*.H.÷.

"Thr 14393" 00000090 01 09 05 31 0f 17 0d 30 38 30 37 30 33 30 39 31 ...1...080703091

"Thr 14393" 000000A0 38 35 32 5a 30 23 06 09 2a 86 48 86 f7 0d 01 09 852Z0#..*.H.÷...

"Thr 14393" 000000B0 04 31 16 04 14 fa 10 c3 6f 0e e2 ab bd f1 d3 86 .1...ú.Ão.⫽ñÓ.

"Thr 14393" 000000C0 2e 3b d4 e8 50 1d 43 cd 43 30 09 06 07 2a 86 48 .;ÔèP.CÍC0...*.H

"Thr 14393" 000000D0 ce 38 04 03 04 2f 30 2d 02 14 39 cf 47 ba 04 ec Î8.../0-..9ÏGº.ì

"Thr 14393" 000000E0 02 73 d0 3d 9c 36 1a ca f4 aa ba 7e 4f b6 02 15 .sÐ=.6.Êôªº~O¶..

"Thr 14393" 000000F0 00 87 f5 17 b8 35 9a 91 99 d6 61 d6 b1 ed 1c d7 ..õ.¸5...ÖaÖ±í.×

"Thr 14393" 00000100 d1 c0 81 2d ec ÑÀ.-ì

"Thr 14393" Encoded content byte stream:

"Thr 14393" 00000000 30 78 06 09 2a 86 48 86 f7 0d 01 07 01 a0 6b 04 0x..*.H.÷.... k.

"Thr 14393" 00000010 69 02 31 31 30 30 20 00 0f 70 6f 72 74 61 6c 3a i.1100 ..portal:

"Thr 14393" 00000020 45 30 30 30 30 34 30 30 88 00 07 64 65 66 61 75 E0000400...defau

"Thr 14393" 00000030 6c 74 10 00 03 57 4c 53 0f 00 03 30 30 31 08 00 lt...WLS...001..

"Thr 14393" 00000040 01 01 01 00 08 45 30 30 30 30 34 30 30 02 00 03 .....E0000400...

"Thr 14393" 00000050 30 30 30 03 00 03 53 35 30 04 00 0c 32 30 30 38 000...S50...2008

"Thr 14393" 00000060 30 37 30 33 30 39 31 38 07 00 04 00 00 00 02 0a 07030918........

"Thr 14393" 00000070 00 08 45 30 30 30 30 34 30 30 ..E0000400

"Thr 14393" Verify returns 0 "ssoxxsgn_mt.c 189"

"Thr 14393" Certificate is:

"Thr 14393" 00000000 30 82 02 3b 30 82 02 26 02 01 00 30 09 06 07 2a 0..;0..&...0...*

"Thr 14393" 00000010 86 48 ce 38 04 03 30 1d 31 0c 30 0a 06 03 55 04 .HÎ8..0.1.0...U.

"Thr 14393" 00000020 03 13 03 53 35 30 31 0d 30 0b 06 03 55 04 0b 13 ...S501.0...U...

"Thr 14393" 00000030 04 4a 32 45 45 30 1e 17 0d 30 37 30 37 30 32 31 .J2EE0...0707021

"Thr 14393" 00000040 31 34 32 33 34 5a 17 0d 32 37 30 37 30 32 31 31 14234Z..27070211

"Thr 14393" 00000050 34 32 33 34 5a 30 1d 31 0c 30 0a 06 03 55 04 03 4234Z0.1.0...U..

"Thr 14393" 00000060 13 03 53 35 30 31 0d 30 0b 06 03 55 04 0b 13 04 ..S501.0...U....

"Thr 14393" 00000070 4a 32 45 45 30 82 01 b6 30 82 01 2b 06 07 2a 86 J2EE0..¶0..+..*.

"Thr 14393" 00000080 48 ce 38 04 01 30 82 01 1e 02 81 81 00 82 7d d4 HÎ8..0........}Ô

"Thr 14393" 00000090 9c a2 05 69 84 e9 83 71 b1 34 0d 5d 71 83 92 85 .¢.i.é.q±4."q...

"Thr 14393" 000000A0 b2 5a ca a3 82 d7 ac 38 6e 94 40 84 3f 0a 46 7a ²ZÊ£.׬8n.@.?.Fz

"Thr 14393" 000000B0 a8 75 a8 c1 ca 3b 70 ba 6a 97 07 12 f6 b1 99 ed ¨u¨ÁÊ;pºj...ö±.í

"Thr 14393" 000000C0 3e ec 53 13 f3 94 0a 67 bb d6 9f 38 72 29 61 ab >ìS.ó..g»Ö.8r)a«

"Thr 14393" 000000D0 02 3d 17 a1 33 3c 52 23 5d 9f b7 d1 0e 95 e3 a5 .=.¡3<R#".·Ñ..ã¥

"Thr 14393" 000000E0 5e f9 b0 4f c7 c9 20 c5 72 da 7a c3 d5 0f 24 0d ^ù°OÇÉ ÅrÚzÃÕ.$.

"Thr 14393" 000000F0 bb 8e 54 da 9e bb 70 21 11 c5 35 82 e5 35 85 2e ».TÚ.»p!.Å5.å5..

"Thr 14393" 00000100 9f 59 39 79 b3 32 50 c8 86 83 96 19 17 02 15 00 .Y9y³2PÈ........

"Thr 14393" 00000110 fa 50 79 da fa 3f 3a b1 e8 0a 6d f5 bd 16 f2 24 úPyÚú?:±è.mõ½.ò$

"Thr 14393" 00000120 d8 f8 d7 1b 02 81 80 4f bd f5 2e 33 04 f0 51 c1 Øø×....O½õ.3.ðQÁ

"Thr 14393" 00000130 7c a5 5c 93 81 b5 c1 7d 4c 20 50 76 85 34 50 cf |¥..µÁ}L Pv.4PÏ

"Thr 14393" 00000140 d9 fc 72 b2 e1 b2 b1 6f a0 10 48 b8 ff 17 e7 a9 Ùür²á²±o .H¸ÿ.ç©

"Thr 14393" 00000150 0a e1 e0 18 05 3e 34 d9 d5 61 df 71 4c c8 dc 92 .áà..>4ÙÕaßqLÈÜ.

"Thr 14393" 00000160 b1 51 b5 df 66 59 70 6b 5e 57 c3 19 a2 d6 58 3b ±QµßfYpk^WÃ.¢ÖX;

"Thr 14393" 00000170 7d 32 d2 e9 e1 f1 66 3e aa ac 46 0d cd 4e 67 70 }2Òéáñf>ª¬F.ÍNgp

"Thr 14393" 00000180 36 f7 f9 be 0b 2e 16 a0 5d 69 5d 5b 81 13 a9 03 6÷ù¾... "i""..©.

"Thr 14393" 00000190 cb 38 63 56 1a bd 36 4a 5d 6c 15 66 17 fa 10 a3 Ë8cV.½6J"l.f.ú.£

"Thr 14393" 000001A0 20 99 e1 d2 34 77 13 03 81 84 00 02 81 80 5c a5 .áÒ4w........\u00A5

"Thr 14393" 000001B0 41 c8 31 99 f2 ff a7 20 be 01 2d 80 4b 7e e9 45 AÈ1.òÿ§ ¾.-.K~éE

"Thr 14393" 000001C0 80 72 c9 59 52 28 af 76 57 0b 08 ae ec 75 db 19 .rÉYR(¯vW..®ìuÛ.

"Thr 14393" 000001D0 dc 06 db e8 2a 2e 0b 55 11 09 76 ff a9 ad f3 5c Ü.Ûè*..U..vÿ©­ó

"Thr 14393" 000001E0 f3 c5 bf 23 db 6e fd ea 85 81 78 ad 2a 05 2d 83 óÅ¿#Ûnýê..x­*.-.

"Thr 14393" 000001F0 12 91 ff f0 a0 bb 79 c3 0e cb 37 f8 dc 05 31 38 ..ÿð »yÃ.Ë7øÜ.18

"Thr 14393" 00000200 c3 1b 5b 61 64 19 4e b1 60 d2 7e b7 a8 51 d6 6e Ã."ad.N±`Ò~·¨QÖn

"Thr 14393" 00000210 36 1e fc ce 6a 78 20 c3 e6 54 1f 0d 68 c0 db 61 6.üÎjx ÃæT..hÀÛa

"Thr 14393" 00000220 c5 84 63 15 d4 19 36 94 56 03 2f 2e 3b 89 30 0c Å.c.Ô.6.V./.;.0.

"Thr 14393" 00000230 06 08 2a 86 48 86 f7 0d 02 05 05 00 03 01 00 ..*.H.÷........

"Thr 14393" ValidateTicket returns 0. "ssoxxapi_mt.c 226"

"Thr 14393" Validation succeeded...

"Thr 14393" Got date 200807030918 from ticket.

"Thr 14393" Cur time = 200807030920.

"Thr 14393" Computing validity in hours.

"Thr 14393" Computing validity in minutes.

"Thr 14393" CurTime_t = 1215163200, CreTime_t = 1215163080

"Thr 14393" validity: 120, difference: 120.000.

"Thr 14393" Evaluating user...

"Thr 14393" Evaluating Client ...

"Thr 14393" Evaluating Sysid ...

"Thr 14393" Evaluating Portal User...

"Thr 14393" Evaluating AuthSchema...

"Thr 14393" Evaluating creation time...

"Thr 14393" Computing validity in minutes.

"Thr 14393" validity: 120, difference: 3720.000.

"Thr 14393" *** ERROR => MySapEvalLogonTicketEx returns 4. "ssoxxext_mt. 665"

"Thr 14393" End of function MySapEvalLogonTicketEx.

Dear Wolfgang

We are going to try this. But I really can't believe that this will help.

On Windows we haven't set these environment vars and it works.

So why should there be a difference on AIX?

The return code is 4: ticket expired

If we reduce the lifetime of the logon tickets to two minutes, we get the same error.

This hardly points to a lifetime-evaluation problem.

Regards

Urs

Is there a more recent version available than: 5.4.28M-5

Released 2007/04/02

Assertion Tickets and Logon Tickets should be 100% compatible, at least that's written in several specs.

So, why should it function just "_by luck_"?

And why do we have the exact same behavior if we reduce the lifetime of Logon Tickets to two minutes?

In my opinion it's not just an output error.

It is a calculation error.

Please have a look at this:

WIN

date from ticket: 200807030918

current time: 200807030920

CurTime_t: 1215163200

CreTime_t: 1215163080

validity: 120s

difference: 120s

diff 2: -3480s

AIX

date from ticket: 200807030918

current time: 200807030920

CurTime_t: 1215163200

CreTime_t: 1215163080

validity: 120s

difference: 120s

diff 2: 3720s

3720 + 3480 = 7200s

the calculations between AIX and WIN differs exactly 7200s.

this matches 2h time difference between CEsT and UTC.

IS THIS JUST A FUNNY COINCIDENCE?

Could it be datatype problem?

A problem like signed/unsigned type or a different type range ?

Dear Wolfgang

There's a datatype error in the AIX-32-bit "libsapssoext.so" library.

We got a bugfixed version from SAP.

I assume that SAP will release an official bugfix in a few days.

Kind regards

Urs Hürlimann

Problem solved with a bugfixed version of libsapssoext.so for "AIX 32 Bit".