Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Error with sapssoext

Go to solution
Former Member

‎2008 Jul 04 9:34 PM

0 Likes
1,490

Hi,

I am running the often refered to sample java program to parse and inspect mysso2 ticket (Class SSO2Ticket) .

I am getting the following error :

D:\Temp>java SSO2Ticket -i d:
temp
mysso.txt

SAPSSOEXT loaded.

static part ends.

Start SSO2TICKET main

-

test version -

Version of SAPSSOEXT: SAPSSOEXT 2

evalLogonTicket

java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 5, ssf error

= 26

Does anyone know what it is ?

It is happening in evalLogonTicket .

Thank you.

1 ACCEPTED SOLUTION
Read only

Go to solution
Former Member

‎2008 Jul 07 12:30 PM

0 Likes
1,126

Hi Thierry,

Error-Text: SSF_API_NOCERTIFICATE

this "explanation" can be found in sapssoext.h of the C-implementation of ssoext.

It should mean (I am always careful here ) that the ticket has been signed by a system, who's public key is not (yet) imported into the keystore (.pse file) used by ssoext.

Solution: Try to follow these steps:

1) On the machine that creates the logon ticket export the public key / certificate to a file (cert.txt) by

sapgenpse export_own_cert -p SAPSYS.pse -o cert.txt 2) Then copy cert.txt to the machine that should verify the logon ticket 3) Import cert.txt into the .pse file ("ssoext-PSE") on the machine verifying your ticket by sapgenpse maintain_pk -a cert.txt -p ...pse

I assume that this solves your problem.

Please be aware that this direct exchange of public keys is not necessarily what you want: Maybe you prefer to have the key of the system that creates the logon ticket signed by an certification agency (CA). In this case it can be sufficient to import the public key / certificate of the CA into your "ssoext-PSE" file.

Please let me know whether you could follow those steps.

Best regards,

Ralf

8 REPLIES 8
Read only

Go to solution
Former Member

‎2008 Jul 07 12:30 PM

0 Likes
1,127

Hi Thierry,

Error-Text: SSF_API_NOCERTIFICATE

this "explanation" can be found in sapssoext.h of the C-implementation of ssoext.

It should mean (I am always careful here ) that the ticket has been signed by a system, who's public key is not (yet) imported into the keystore (.pse file) used by ssoext.

Solution: Try to follow these steps:

1) On the machine that creates the logon ticket export the public key / certificate to a file (cert.txt) by

sapgenpse export_own_cert -p SAPSYS.pse -o cert.txt 2) Then copy cert.txt to the machine that should verify the logon ticket 3) Import cert.txt into the .pse file ("ssoext-PSE") on the machine verifying your ticket by sapgenpse maintain_pk -a cert.txt -p ...pse

I assume that this solves your problem.

Please be aware that this direct exchange of public keys is not necessarily what you want: Maybe you prefer to have the key of the system that creates the logon ticket signed by an certification agency (CA). In this case it can be sufficient to import the public key / certificate of the CA into your "ssoext-PSE" file.

Please let me know whether you could follow those steps.

Best regards,

Ralf

Read only

Go to solution
Former Member
In response to Former Member

‎2008 Jul 08 4:41 PM

0 Likes
1,126

Hi,

I do not have a pse file. Also , the reason I'm using this program is to find out where the ticket was generated.

In the java code , there is the folowing line , so I assumed that a default pse would be used if I didn't provide one.

evalLogonTicket(ticket, pab!=null?pab:"SAPdefault" , null);

Also, where did you get the .h files ? I just have the dll's.

Thanks.

Read only

Go to solution
Former Member
In response to Former Member

‎2008 Jul 08 6:32 PM

0 Likes
1,126

Hi Thierry,

<removed_by_moderator> I got a little excel-sheet that is able to decode SSO2 logon tickets.

The .h files where part of the ssoext download from SAP - but I can't get the details right now. You will also find the error codes in ABAP in include SSFCONST (display with SE38).

Hope this works beter for you ...

Best regards,

Ralf

Edited by: Julius Bussche on Jul 8, 2008 5:51 PM

Read only

Go to solution
Former Member
In response to Former Member

‎2008 Jul 08 6:45 PM

0 Likes
1,126

<removed_by_moderator>

Thank you.

Edited by: Julius Bussche on Jul 8, 2008 5:52 PM

Read only

Go to solution
Former Member
In response to Former Member

‎2008 Jul 08 6:54 PM

0 Likes
1,126

Sorry guys, but those are "the rules" and we don't want to be spammed (again)

Cheers,

Julius

Read only

Go to solution
Former Member
In response to Former Member

‎2008 Jul 10 6:15 PM

0 Likes
1,126

Ralf ,

would you mind posting your spreadsheet ?

Thanks.

Read only

Go to solution
Former Member
In response to Former Member

‎2008 Jul 10 8:56 PM

0 Likes
1,126

I am Julius, not Ralf

There are 2 options (here at SDN) for this:

- Write a blog on how to do it.

- Email the Excel file to me, and I have a way of attaching it to the thread.

Cheers,

Julius

Read only

Go to solution
Former Member

‎2013 Feb 15 2:32 PM

0 Likes
1,126
SSO implementation between SAP Portal and third party java application

Hello All

     Please Help me out.

          As if I m doing SSO with  SAP.

By using SSO2Ticket with main method i can get the Result of the ticket.  but i need to implement that in my Application. But i cant do that because i m getting the below error

sapsecu.dll: java.lang.UnsatisfiedLinkError(init)

I am ruuning my Application in Jboss 4.3. in that application needed to implement the code for SSO

Please help me out as soon as possible

Thanks & Regards

Manjunath Patil