cancel
Showing results for 
Search instead for 
Did you mean: 

Login rejected for BSP iview

Former Member
0 Kudos

Hello all,

I have a BSP iview. The connection test for the system used by this iview was successful. SSO is also configured. When I run this iview, a small "Logon Data" window appears on the content area. This is not a popup, but is embedded to the portal. ( It also has the links "Change logon & password" and "Password via e-mail" on it )

Now, the problem is, I dont know to which system the logon info is asked for. <b>Because, if I give the user id and password of the backend R/3 system, it is getting rejected although I am able to successfully login dirctly to the R/3 system with the same user id and password.</b>

Could some one tell me

1) How I can avoid this login window

or

2) Even if the login window appears its ok, but can anyone give me some pointers regarding the system it is asking the password for?

Thanks in advance,

Reena

Accepted Solutions (1)

Accepted Solutions (1)

athavanraja
Active Contributor
0 Kudos

whats sort of SSO is implemented? UID/PWD or login ticket based SSO

when you run the BSP independantly (outside portal) for log on do you get pop up or a log on webpage (system logon)

Former Member
0 Kudos

Hi Durairaj,

Thanks for your reply.

It is a login ticket based SSO.

Sorry, but I am not aware of how to run the BSP independently. Could you guide please?

Thanks and Regards,

Reena

Former Member
0 Kudos

Ok, I tried copy pasting the url given in the "Start Page" property of the ivew, in a new IE instance. When I run the url, I get an error message "There is a problem with this websites security certificate" on the webpage. There is a link on the page which says "Continue to this website (not recommended)". When I click on this link, I get the same kind of login window as I got on the portal content area. And again the login fails.

Thanks and Regards,

Reena

athavanraja
Active Contributor
0 Kudos

<i>Sorry, but I am not aware of how to run the BSP independently.</i>

se80->open BSP ->right click on page and click test.

since SSO is configured, i would suggest you to check whether everything is in place.

1. check the system definition (for the back end system) where WAS host/ WAS path , WAS protocal are set. (WAS host has to use fully qualified domain name)

2. check whether you can run a transaction iview (which connects to this ABAP system where BSP) with single sign on (this is to make sure that portal certificate is loaded properly into the ABAP system)

3. are you logged on to portal using Fully qualified domain name?

4. is sso2 is configured in the backend system . (to check this run bsp page sso2test.htm from BSP application SYSTEM)

5. In SICF navigate to your BSP and check in the log on data tab whether any uid/pwd is maintained

Raja

Former Member
0 Kudos

<i>se80->open BSP ->right click on page and click test.</i>

The same thing happened as when I ran the URL from a new IE (pls see my previous post)

<i>1. check the system definition (for the back end system) where WAS host/ WAS path , WAS protocal are set. (WAS host has to use fully qualified domain name)</i>

Protocol set to "http"

WAS host is a FQDN

<i>2. check whether you can run a transaction iview (which connects to this ABAP system where BSP) with single sign on (this is to make sure that portal certificate is loaded properly into the ABAP system)</i>

I checked running "SAP GUI for Windows" and "SAP GUI for HTML". Both asked for login details. When I entered the details, the transaction worked.

<i>3. are you logged on to portal using Fully qualified domain name?</i>

Yes

<i>4. is sso2 is configured in the backend system . (to check this run bsp page sso2test.htm from BSP application SYSTEM)</i>

I was first asked for login details in a pop up window. When I entered the details a page with the following information appeared:

<b>SSO2 Test

Please see note 517860 for complete documentation!

This is a test to see if SSO2 is configured correctly. For the test, this page must be started with the user and password in the URL. This way, the incoming request will be accepted immediately by the server, without a basic authentication process been started.

If SSO2 is correctly configured, the server will set a SSO2 cookie with the response that is transmitted back to the browser. The last part of the test then tries to load an <iframe>. If SSO2 is working, it will be displayed without any additional popup windows asking for a name and password..........</b>

<i>5. In SICF navigate to your BSP and check in the log on data tab whether any uid/pwd is maintained</i>

I navigated to my BSP and double clicked on it. A window "Create/Change a Service" appeared. On this window, under the "Service Data" tab, Logon procedure is "Standard" and "Anonymous Logon data" is initial.

I hope this is what you asked for.

Thanks and Regards,

Reena

athavanraja
Active Contributor
0 Kudos

I checked running "SAP GUI for Windows" and "SAP GUI for HTML" Both asked for login details.

There is something wrong in SSO configuration.

would suggest you to check this wiki entry to see whether you have done everything.

https://wiki.sdn.sap.com/wiki/display/EP/Connectivity

Former Member
0 Kudos

Hi Reene,

Can you check your application from the Portal test environment.

<a href="http://help.sap.com/saphelp_ep50sp2/helpdata/en/89/6eb8e7af2f11d5993700508b6b8b11/frameset.htm">Single Sign-On</a>

From Portal Test SSO as follows:

System Administration->Support->SAP Application

In Tool from the DDLB pickup BSP and click on RUN.

Key in important params needed and click on GO.

This will check if SSO works for you or not from the Portal.

make sure certificates are properly imported in the R/3 and Visual Admin of the Portal (J2EE Engine).

hope this helps a bit.

Amandeep

Former Member
0 Kudos

Hi Durairaja,

Yeah the problem seems to be SSO. I checked the link but it didnt help me much.

Amandeep, I followed your instructions and ended up with the same situation.

First I get a "Certificate error". When I click on the notification under the IE tool bar and choose "Allow blocked content", I get a logon page, within the IE (no pop up or any new window).

When I enter the credentials (which are 100% correct) it gives an error, that it cannot log me in.

One important thing I forgot to mention in my earlier posts is that my portal server and R/3 server are in <b>different domains</b>. <b>I have used FQDNs everywhere</b>, but would there be anything else that needs to be configured if the systems are in different domains?

I have configured SSO between many systems which lie within the same domain, using the same procedure and they are all working perfectly well. Thats the reason I suspect that this issue could be because of different domains.

Can someone help me out?

Thanks and Regards,

Reena

Former Member
0 Kudos

Look at the following doc. This might help you.

https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sapportals.km.docs/documents/a1-8-4/sso%2...

<a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/ep/trouble%20shooting%20in%20sso.doc">Trouble shooting SSO</a>

have you maintained the Profile Parameters:

login/accept_sso2_ticket=1

login/create_sso2_ticket=0 or 1

Amandeep

Former Member
0 Kudos

Hi Amandeep,

I have already seen these documents. Thanks a lot.

Yes, I have maintained the profile parameters both equal to 1

While searching on the sap help for different domain SSO config, I found this link. Goto "Issuing SAP Logon Tickets for Multiple Domains" from the link.

http://help.sap.com/saphelp_ep50sp2/helpdata/en/89/6eb8e7af2f11d5993700508b6b8b11/frameset.htm

I think this will help me, but unfortunatley, I am unable to find the <b>usermanagement.properties</b> file that is mentioned in step 1.

Do you have any idea about this?

Thanks and Regards,

Reena

Answers (0)