on 2016 May 31 9:37 AM
Hello experts
I'm trying to configure SSO with SSO2Generator on SMP. Please find details below:
I followed every single step of this guide
I'm able to authenticate and register a user, but when I try to request data I get an HTTP403 error
Here is my log
#2.0#2016-05-31 07:45:14.868#+0:00#DEBUG#RequestResponse###Serviceability#1464680714385329#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#org.eclipse.virgo.web.enterprise.services.accessor.WebAppBundleClassLoaderDelegateHook:doFindApiClass#TESTSWFM1#######643###Exception occurred while trying to find class [com.sap.mobile.platform.server.proxy.core.handler.DirectProxy]. Exception message: com.sap.mobile.platform.server.proxy.core.handler.DirectProxy#
#2.0#2016-05-31 07:45:14.853#+0:00#DEBUG#RequestResponse###Other#1464680714385322#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor126:invoke#TESTSWFM1#######643###No SsoContext found.#
#2.0#2016-05-31 07:45:14.853#+0:00#DEBUG#RequestResponse###Serviceability#1464680714385324#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#org.eclipse.virgo.web.enterprise.services.accessor.WebAppBundleClassLoaderDelegateHook:doFindApiClass#TESTSWFM1#######643###Exception occurred while trying to find class [com.sap.mobile.platform.server.proxy.core.handler.DirectProxy]. Exception message: com.sap.mobile.platform.server.proxy.core.handler.DirectProxy#
#2.0#2016-05-31 07:45:14.837#+0:00#DEBUG#RequestResponse###Other#1464680714385317#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor126:invoke#TESTSWFM1#######643###get SsoContext for configs: #
#2.0#2016-05-31 07:45:14.837#+0:00#DEBUG#RequestResponse###Other#1464680714385318#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor124:invoke#TESTSWFM1#######643###SsoConfiguration: %s#
#2.0#2016-05-31 07:45:14.837#+0:00#DEBUG#RequestResponse###Other#1464680714385320#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor124:invoke#TESTSWFM1#######643###No NamedCredential found for MYSAPSSO2#
#2.0#2016-05-31 07:45:14.837#+0:00#DEBUG#RequestResponse###Other#1464680714385321#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor126:invoke#TESTSWFM1#######643###No SSO2 token found.#
#2.0#2016-05-31 07:45:14.821#+0:00#DEBUG#RequestResponse###Other#1464680714385309#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor125:invoke#TESTSWFM1#######643###header: key=cache-control value=no-cache#
#2.0#2016-05-31 07:45:14.821#+0:00#DEBUG#RequestResponse###Other#1464680714385310#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor125:invoke#TESTSWFM1#######643###header: key=postman-token value=697db856-5ad6-bd1f-af63-805db9e3d668#
#2.0#2016-05-31 07:45:14.821#+0:00#DEBUG#RequestResponse###Other#1464680714385311#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor125:invoke#TESTSWFM1#######643###header: key=accept value=*/*#
#2.0#2016-05-31 07:45:14.821#+0:00#DEBUG#RequestResponse###Other#1464680714385312#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor125:invoke#TESTSWFM1#######643###header: key=accept-encoding value=gzip, deflate, sdch#
#2.0#2016-05-31 07:45:14.806#+0:00#INFO#RequestResponse###Other#1464680714385303#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor271:invoke#TESTSWFM1#######643###URL rewrite in SMP enabled?: true#
#2.0#2016-05-31 07:45:14.806#+0:00#DEBUG#RequestResponse###Other#1464680714385305#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor124:invoke#TESTSWFM1#######643###----Application Id sent from client is-------- swfm_ssogen#
#2.0#2016-05-31 07:45:14.79#+0:00#DEBUG#RequestResponse###Other#1464680714385297#110490f4-135e-4060-ae9a-e04868e6dfb0#swfm_ssogen#sun.reflect.GeneratedMethodAccessor125:invoke#TESTSWFM1#######643###Start handling request, using stream buffer size 65536 and inProxy Compression is false#
Forbidden No matched SSO credentials is found for not allowAnonymousAccess endpoint [swfm_ssogen]
Could you please help me?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Also ensure see this, after importing the .p12 certificate, it is important to restart the SMP Server.
No matched SSO credentials is found for not allowAnonymousAccess endpoint
2015 08 09 01:56:22#+0200#ERROR#com.sap.mobile.platform.server.proxy.core.handler.DirectProxy##marvin#http-bio-8080-exec-6##b14f4cc4-1f50-443e-9e42-8641b5429b3f#com.sap.mit.sapsso2test#4f154ee6-a137-41b1-a585-3b9737bb0430#RequestResponse### Exception caught while trying to set credentials for anonymous access com.sap.mobile.platform.server.proxy.core.handler.exception.AnonymousAccessException: No matched SSO credentials is found for not allowAnonymousAccess endpoint [com.sap.mit.sapsso2test].
This error is telling you that SMP was not able to produce a MYSAPSSO2 credential, that means that there is no credential available that could be attached by SMP. SMP will now block the request and respond with an HTTP 403 Fordbidden error.
I had some cases where this was related to the use of a wrong certificate type. Certificate needs to be DSA encrypted. If you increase the security logging component to DEBUG you can find this log entry:
2015 08 09 01:56:22#+0200#DEBUG#com.sap.mobile.platform.server.foundation.security.providers.sso2generation.SAPSSO2GenerationLoginModule###http-bio-8080-exec-6##b14f4cc4-1f50-443e-9e42-8641b5429b3f#com.sap.mit.sapsso2test#4f154ee6-a137-41b1-a585-3b9737bb0430#RequestResponse###The algorithm of private key must be DSA. |
Regards,
Nagesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you all guys for replying
I found it was an issue with the certificate generation. I missed this step:
The common name (CN) in the certificate should match the SID of your system (in my case SMP)
I tested the scenario (System login + SSO2Generator) proposed in the guide SMP 3 Security - SAPSSO2 and it works fine! That means the certificate is OK and SMP i generating correct tickets toward the Gateway.
However I've to replace System login with LDAP/AD, but If I do that I still get errors (I attach the full log file for completeness)
09:11:59.392#+0:00#ERROR#RequestResponse#403##Other#1464685918565473#7880ebe3-1598-4912-b3f5-2b83b2a31299#swfm_ssogen#sun.reflect.NativeMethodAccessorImpl:invoke0#TESTSWFM1#######655###Exception caught while trying to set credentials for anonymous access#
#2.0#2016-05-31
Are there specific LDAP configurations to make it work with SSOGenerator?
Here a bunch of screenshots of my app config
Hi,
Can you also share the SID details added in SMP and GW please. Also ensure you have added the .p12 certificate to SMP and .cer file to GW. pls share the screen shot of certificate in SMP and GW.
It should not exceed more than 3 char. Log shows No SSO2 token found. Are you able to ping the application configured?
Regards,
Nagesh
Hi Andrea,
Did you generated SSo2 certificate through Open source, followed that it needs to import in SMP Cockpit and followed that the same cer* need to upload in NW server to became trust of both the servers.
Regards
Naresh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
66 | |
10 | |
10 | |
10 | |
10 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.