Hi All,

We are currently facing some problems when it comes to SSO, a change of the cert has some how made SSO go out of whack and currently we have been trying to fix it up. We've got our certs signed and installed into strustsso2 and added it to the ACL list. At first it was not working from portal --> back end(4.7 in our case). We have got this fixed up now, the pop up doesn't appear when you go to some worklist.

However! when you click on a workflow link(or something in SBWP) that brings you through to a BSP, it will prompt for a password and user name, I've increased the trace level of security and managed to get the below logs (which I think : N  dy_signi_ext: PASSWORD logon with ticket request <-- Could have something to do with it), Any of you ever encountered this issue before? (note it's something like this now 4.7-->wshandler-->bsp(this is where the pop up occurs). However if you're logged into portal it'll go all the way through.

===============================================================

ACTIVE TRACE LEVEL           2

*  ACTIVE TRACE COMPONENTS      all, N

*

N Thu Dec 06 01:04:51 2012

N  dy_signi_ext: PASSWORD logon w/o ticket request

N  DyISigni: client=000, user=TMSADM      , lang=E, access=R, auth=P

N  usrexist: effective authentification method: <client,username,password>

N  chckpass: client=000, user=TMSADM      , accesstype=R, codvn=B

N  password logon is generally enabled (default)

N  password of system type user is never initial

N  chckpass: correct password

N  Get_RefUser(000,TMSADM) =>            

N  password change not allowed (system type user)

N  usrexist: update logon timestamp (M)

N  save user time zone = >      < into spa

N  DyISignR: return code=0 (see note 320991)

N Thu Dec 06 01:05:15 2012

N  dy_signi_ext: PASSWORD logon w/o ticket request

N  DyISigni: client=300, user=WF-BATCH    , lang=E, access=H, auth=P

N  usrexist: effective authentification method: <client,username,password>

N  chckpass: client=300, user=WF-BATCH    , accesstype=H, codvn=B

N  password logon is generally enabled (default)

N  password of system type user is never initial

N  chckpass: correct password

N  Get_RefUser(300,WF-BATCH) =>            

N  password change not allowed (system type user)

N  usrexist: update logon timestamp (M)

N  save user time zone = >      < into spa

N  DyISignR: return code=0 (see note 320991)

N Thu Dec 06 01:05:52 2012

1. N  dy_signi_ext: PASSWORD logon with ticket request

N  DyISigni: client=300, user=MUHDAFIQ    , lang=E, access=H, auth=P

N  usrexist: effective authentification method: <client,username,password>

N  chckpass: client=300, user=MUHDAFIQ    , accesstype=H, codvn=B

N  password logon is generally enabled (default)

N  chckpass: correct password

N  Get_RefUser(300,MUHDAFIQ) =>            

N  password logon is generally enabled (default)

N  password change not required (expiration period=0 / days gone=519)

N  usrexist: update logon timestamp (M)

N  save user time zone = >GMTUK < into spa

N  DyISignR: return code=0 (see note 320991)

N  mySAPWrapTicket was called.

N  Got Codepage 1100 for ticket creation.

N  mySAP: Got the following SSF Params:

N DN =CN=A01

N         EncrAlg =DES-CBC

N Format  =PKCS7

N         Toolkit =SAPSECULIB

N         HashAlg =SHA1

N         Profile =E:\usr\sap\A01\DVEBMGS00\sec\SAPSYS.pse

N         PAB =E:\usr\sap\A01\DVEBMGS00\sec\SAPSYS.pse

N  login/create_sso2_ticket = 2 found. No certificates included in signature.

N  Added client 300 and sysid A01      to ticket contents.

N  Added date 201212060105 to ticket contents.

N  Ticket expiration time 60 found.

N  Got user MUHDAFIQ     for ticket creation.

N Thu Dec 06 01:05:53 2012

N  mySAPWrapTicket: Trying to insert newly created ticket into ticket cache.

N  HmskiInsertTicketInCache: Trying to insert logon ticket in ticket cache.

N  HmskiInsertTicketInCache: Inserted new ticket into logon ticket cache with cache key: 300:DB2403E14826DFFB429B3CC370F51618 .

N  HmskiInsertTicketInCache: Inserted new ticket into logon ticket cache with cache info: <USER>=MUHDAFIQ    ,<CLIENT>=300,<LANGUAGE>=E .

N  mySAPWrapTicket returns 0.

N  dy_signi_ext: ticket created (420 chars)

N Thu Dec 06 01:05:54 2012

N  dy_signi_ext: SSO TICKET logon (client 300)

N  mySAPUnwrapTicket: was called.

N  HmskiFindTicketInCache: Trying to find logon ticket in ticket cache.

N  HmskiFindTicketInCache: Try to find ticket with cache key: 300:DB2403E14826DFFB429B3CC370F51618 .

N  HmskiFindTicketInCache: Logon ticket found in ticket cache.

N  HmskiFindTicketInCache: Ticket information in ticket cache is: <USER>=MUHDAFIQ ,<CLIENT>=300,<LANGUAGE>=E

N  HmskiFindTicketInCache: Ticket information in ticket cache read successfully.

N  DyISigni: client=300, user=MUHDAFIQ    , lang=E, access=H, auth=T

N  usrexist: effective authentification method: mySAP.com logon ticket

N  Get_RefUser(300,MUHDAFIQ) =>            

N  password logon is generally enabled (default)

N  password change not required (expiration period=0 / days gone=519)

N  save user time zone = >GMTUK < into spa

N  DyISignR: return code=0 (see note 320991)

Looking forward to your replies!

Regards,

Chris