Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

WAS 6.40 Java cannot delete SAPLogonTickeyKeypair

Go to solution
Former Member

‎2009 May 27 4:08 PM

0 Likes
434

Hello, I've made a Homogeneous System Copy of our Java AS 6.40 SP17.

I am trying to delete the TicketKeystore -> SAPLogonTickeyKeypair with no luck.

I can create new Entries with different Entry name(s) and delete those, but I can not delete the Entry SAPLogonTicketKeypair. I can create new entries using the Same name, SAPLogonTickeyKeypair, with a different CN, OU ..etc but I can not delete it.

Default trace shows :

thread: keystoremanaged_system_thread_,view:TicketKeystore, entry: SAPLogonTickeyKeypair, user: null

entry permission not removed

com.sap.engine.services.security.exceptions.StorageException: Cannot remove resource instance

A configuration entry with the name "SAPLogonTickeyKeypair cannot be found in the configuration

"keystore/$$$user-based-security-root$$$/TicketKeystore/security/resource/entry-actions/instan

ce-tree".

I am logged in as user administrator.

The Security Provider Service -> SAP-J2EE-Engine -> Security Roles has KeystoreAdministrator Security Role mapped to group Administrators.

I've done Homogeneous System copies several times, yet this is the first time I have not been able to delete the SAPLogonTickeyKeypair from the TicketKeystore View.

Is there any tool to check the consistancy/entries?

Thanks

-- Steve

1 ACCEPTED SOLUTION
Read only

Go to solution
former_member432219
Active Participant

‎2009 May 27 4:35 PM

0 Likes
400

Hi Steve

Maybe try to delete the TicketKeystore view itself. Then you can recreate the view (or restart the instance and allow it to be recreated automatically) and the new keypair in it. See SAP note 791649 for more detailed steps, it's for a different issue but the steps are valid here

2 REPLIES 2
Read only

Go to solution
former_member432219
Active Participant

‎2009 May 27 4:35 PM

0 Likes
401

Hi Steve

Maybe try to delete the TicketKeystore view itself. Then you can recreate the view (or restart the instance and allow it to be recreated automatically) and the new keypair in it. See SAP note 791649 for more detailed steps, it's for a different issue but the steps are valid here

Read only

Go to solution
detlev_beutner
Active Contributor
In response to former_member432219

‎2010 Sep 17 8:37 AM

0 Likes
400

Hi everyone,

Just one additional remark to the correct approach to delet and recreate the view:

You might want to export the existing (working) cert/key to reimport them after (manually) recreating the whole view (by that, you don't have to recreate the SAPLogonTicketKeypair, which might be unwanted as you might have distributed them for SSO).

Hope it helps someone

Detlev