Solved: ESS/MSS sso configure between java and abap instan...

Read only

2,663

SAP Managed Tags
PORTAL Administration and Development

Dear Gurus,

I want to configure sso between java and abap instance for ESS/MSS. I couldnt find any guide for it, could you please help me gurus ?

Other question is, is there any specific role for ESS/MSS users in JAVA instance. I want to create users and assign this role to them.

Best Regards

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Accepted Solutions (1)

Hi Kemal,

For SSO implemenatation just follow

There is standard Role for ESS in Java (ie portal), after creating the users you can assign the ESS role to the users or else you can create the custome role and assign the the custom role to users.

Regards,

Anil

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Dear Anıl,

Firstly thank you for helping.

When i implement the certificate(TicketKeystore.view) at this guide, i take error : SSF kernel error: invalid parameter .

Do u have any idea ?

Regards

What do you mean by implement certificate i didnt get you.....??

To Export the certificate go to-->NWA-->Configuration-->Security-->Certificates and keys-->Ticket Keystore-->Saplogonticketcertificate-->export(its better to delete already existing certificates and create the new)

Then import the same certificate in strustss02 in Abap(r/3) side.

Regards,

Anil

Related my screen shot, it gives error again. By the way i didnt create System Object in Portal (first step) may it cause the problem ?

Error screen

hi Kemal,

You are Exporting a wrong file.

Please find the screen shot and do the same.

Dear Anıl,

I am at creation as screen shot maintained below, System name should be target ABAP system ?

Abap : VIE

Java: VJD

Should be VIE right there ?

Hi kemal,

In the above screen shot, In the place of System Name you can give your system name & System id.

After clicking on finish, open the object for editing and enter the Connector,WAS and ITS properties(Take the help of basis team to get these values)

Please find the below link it will be helpful for creating the system object.

How to Create System Object in the Portal for Connecting to SAP backend System - Portal - SCN Wiki

Regards,

Anil

Dear Anıl,

I complete all steps, but screen shot maintained below ; i successfull for "Quick System Connection Test" but , "ITS Connection" and "Connection Test for Connectors" failed.

ITS setting are ;

ITS Host Name : host.company.com:PORT

ITS Path maintained in screenshot

Hi Kemal,

Hope you are doing good.

There should be a / in the ITS path before SAP.
Basically the entry that you have mentioned here should be accessible via browser as well. For eg in your case:

http://<its hist name>/sap/bc/gui/sap/its/webgui should be accessible over browser.
I also think you have put in a extra space in "w ebgui". It should be "webgui".

If the connector settings are working, then we can be sure that system connection is fine. You do not need to configure ITS settings.

Also for SSO, refer the SAP note:1083421 and configure the SS0 settings again.

Please run the SSO2 wizard and then make the automatic connection to

the abap server. This will solve any inconsistencies on the server

due to manual interventions.

Most likely reason for the error is that certificates were loaded

manually rather than using SSO wizard.

More help:

<http://wiki.sdn.sap.com/wiki/display/EP/Troubleshooting+SSO+between+AS-ABAP+and+AS-JAVA>

The SSO enabling parameters should be set on the R/3 server.

SSO Logon Ticket-> login/accept_sso2_ticket and login/create_sso2_ticket

More info:

<http://help.sap.com/saphelp_nw04/Helpdata/EN/22/41c43ac23cef2fe10000000a114084/frameset.htm>

Thank you and have a nice day :).

_____________

Kind Regards,

Hemanth

SAP AGS

Dear Hemanth,

ITS connection is not problem any more i resolved this.

I configured SSO link maintained Single Sign-on with SAP Netweaver 7.3 | SCN

But, as screen shot maintained below "Connection test for Connectors" ending error. This problem related to SSO or Connector Settings ?

On the other hand ; Running Transaction On java (Test and Configuration Tool) maintained in the screen shot, sometimes working and sometimes not working. Here is working and not working screen shots. What could be the problem ?

1- Not working and ,

2- Working here ,

Hi Kemal,

The best option would be that you run the SSO wizard first (SAP note:1083421). Once this is done, to test the SSO, navigate to the-> http://<server>:<port>-> Web DynproTools-> Content Administrator and create a new JCo destination (using SSO). Does this test fine?

Do make sure that the user is present in the backend server as well -> and has the same login ID.

Let me know the result of this.
I am also not sure about your system connection settings, but please see the below doc and check the connection:

<http://scn.sap.com/docs/DOC-7165>

Regards,
Hemanth

Hi kemal,

Did you fixed the issue???

Regards,

Anil

Hi mate,

I have new problem here now, after opening startPage it is ok but when go to Sap Netweaver Administrator it gives error maintained screem shot, also unlock SAP* procedure is not working for /irj/portal/ not able to access with sap* .

Hi kemal,

The screen shot shows that you dont have the NWA authorizations.......

Do you have useradminstration rights in portal???

if yes please assign the NWA_SUPERAdmin role to the particular user and check , it will work...

Regards,

Anil

dear anil,

i am not able to assign the role, because i can not enter the portal(irj/portal). also sap* procedure is not working. i was able to access with admin to portal and startpage, but now i cant do that. I think SSO configuration is damaged to security java login files or something.

Regards

Hi Kemal,

Did you check out:

1) The defaut trace entry when the sap* logon failed?
2) Download the UME configuration as per the below link and se of the UME properties for SAP* are indeed correct.

http://help.sap.com/saphelp_nw73ehp1/helpdata/EN/49/21616989A13896E10000000A421937/content.htm?

Let me know if you have any questions with teh above.

Regards,
hemanth

http://help.sap.com/saphelp_nw73ehp1/helpdata/EN/49/21616989A13896E10000000A421937/content.htm?

Dear Kumar,

In my case, should i go with "Downloading the UME Configuration When the AS Java is Down" case ? i want to try this one for last hope

Regards

Hi Kemal,

Yes, you need to try that option. Then attach the result of this and then reproduce the issue and check the last default trace so that we can see the error.
We can solve this; but you need to act fast

Regards,
hemanth

Dear kumar,

SID : VJD

Client : J01 (D:\usr\sap\VJD\J01)

Should i go to this location first ? (D:\usr\sap\VJD\J01)

java - jar /usr/sap/ VJD / J01 /j2ee/cluster/bin/services/com.sap.security.core.ume.service/lib/private/sap.com~tc~sec~ume~service~impl.jar /usr/sap/ VJD / J01

not working as screen shot below ;

Hi Kemal,

Can you just reprduce the issue then and fidn teh entry in the traces? Just see:

note 1596214 - How to find the latest default trace file of the NW AS Java right

after reproducing an issue

As soon as the error is reproduced , the trace will be written.

Regards,
hemanth

here is the last log D:\usr\sap\VJD\J01\j2ee\cluster\server0\log and into applications_00.0 file.

---------------------------------------. Start LoggingThread to clean the database table XI_SEC_MSG for ACHIVE column = D and PERSIST_UNTIL column < 2014-05-05 14:43:19.53.#

#2.0 #2014 05 05 14:43:19:533#+0300#Info#/Applications/ExchangeInfrastructure/Security#

#BC-XI-CON-AFW-SEC#com.sap.aii.sec.svc#C0002509CF53006900000001000014D8#13493050000002767##com.sap.aii.security.impl.logging.LoggingThread.LoggingThread.run()#Guest#0##39AED378D11D11E3BF6E005056B02B08#39aed378d11d11e3bf6e005056b02b08#39aed378d11d11e3bf6e005056b02b08#0#Application [10]#Plain##

---------------------------------------. Finished cleaning the database table XI_SEC_MSG for ACHIVE column = D and PERSIST_UNTIL column < 2014-05-05 14:43:19.53 at 2014-05-05 14:43:19.533.#

Hi Kemal,

This is not related to the error unfortunately.
Scenario: You tried to login to the j2ee server using sap* and the logon wasn't successful.
Solution: Just reproduce the issue, say 3-4 times...then check the last default trace and search for "sap*".
There should be some entry there for sure.

Also for the UME properties, first open command prompt and goto :

/usr/sap/VJD/J01/j2ee/cluster/bin/services/com.sap.security.core.ume.service/lib/private/

and then run:

java - jar sap.com~tc~sec~ume~service~impl.jar /usr/sap/VJD

The output should be created in /usr/sap/VJD

Regards,
Hemanth
SAP AGS

Dear Kumar,

1- I reproduced issue lots of time but there is no trace file (screen shot)

2- Opened command prompt and goto

/usr/sap/VJD/J01/j2ee/cluster/bin/services/com.sap.security.core.ume.service/lib/private/

and then run:

java - jar sap.com~tc~sec~ume~service~impl.jar /usr/sap/VJD

Result : Screen shot

Hi Kemal,

The reason why the traces are not updated is cause the severity of the logs is very less. So login to configtool and increase the default trace severity to "DEBUG".

Once this is done, save and restart the j2ee engine. Now reproduce the issue and the default trace will have more details.
Now attach the latest default trace and the screenshots of UME properties (cluster_config->instances->cfg->services-> Propertysheet com.sap.security.core.ume.service) to this memo.
If you have any issues with the attachment of these files, let me know.

Regards,
Hemanth

HI Kemal,

How are you getting along with this. If you have issues with the attaching the files, do let me know and I will provide a SAPBOX link for you to attach the files.

Regards,

hemanth

Answers (0)

Ask a Question

Top Q&A Solution Author

User

Count

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My SAP Profile

My SAP Profile

ESS/MSS sso configure between java and abap instance

Know the answer?

Need more details?

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)