cancel
Showing results for 
Search instead for 
Did you mean: 

Portal Logon page repeating/ redirecting to itself on first attempt

Former Member
0 Kudos

All,

Apologies in advance if this is not the appropriate forum. We are in the process of migrating a NW7.0SPS13/EP7.0SPS13 installation from a remote site to a local site with a database only UME and SSO to an ECC6.0 backend. The new target installation has picked up a rather odd behavior. When loggin onto the portal, the logon page repeats/refreshes/redirects to itself with valid ID and password with no error message. The only apparent action is the clearing of the password field.

My only clue so far is the absence of this script in the http trace on the initial logon attempt which shows up on the second attempt:

http://<host>:51100/irj/portalapps/com.sap.portal.httpconnectivity.httpauthentication/scripts/CAManagerScript.js

I did find this related thread and attempted the suggestions with no luck:

I felt this might be the best place to post question since this may be an authentication/connectivity issue.

Thanks in advance,

Lee

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

The SAPLogonTicketKeystore was rebuilt a few times with no resolution to the repeated logon page behavior. The decision was made to rebuild the target system again. The repeat logon behavior has ceased so I can only theorize that something was corrupted during the migration process that caused the SAPLogonTicketKeystore to be created incorrectly.

Not an ideal solution but resolved none the less.

Thanks,

Lee

Former Member
0 Kudos

Had the same error on a portal system with BI Java connectivity and the root cause was that the Guest user was not locked.

By default the guest user should be locked (ref. http://help.sap.com/saphelp_nw04s/helpdata/en/9f/d770424edcc553e10000000a1550b0/content.htm).

Regards

Dagfinn

Former Member
0 Kudos

Thanks Dagfinn.

That actually sounds like a very likely culprit. Wish your reply had come sooner. I will test it out in our sandbox when I get a chance.

Points awarded to you,

Lee

Former Member
0 Kudos

Hello Lee,

I have exactly the same issue.

I have removed the "TikckeKeystore" View from VA, including of course "SAPLogonTicketKeypair" and

"SAPLogonTicketKeypair-cert".

Then, I have stopped and restarted the portal. "TikckeKeystore" View and "SAPLogonTicketKeypair" and

"SAPLogonTicketKeypair-cert" were recreated automatically after portal restart.

But I still cannot connect with any user :

administrator, guest, ...

How did you finally fixe your issue ?

Thanks in advance for your input, I will appreciate your feedback.

Best regards

CP2009

Former Member
0 Kudos

Hi,

I had similar problem: LDAP integration to EP, portal logon page repeating

Root cause was: BasicPasswordLoginModule was only Sufficient mode, not Required.

I could fix it by the following steps:

1. Login to Visual Administrator

2. Navigate to /Server/Services/Security Provider

3. On Policy Configurations tab select ticket, press Modify icon on top

4. Select BasicPasswordLoginModule from the list

5. Change it so it will be Required (also may change its position=1).

6. Restart EP

(PS: I have also deleted and recreated the SAPLogonTicketKeypair, but it didn't solve my problem.)

I hope it helps for others as well.

Cheers,

Laszlo

Former Member
0 Kudos

There was another error and finally I could fix the repeated login error.

In Config Tool sap.com.security.core.ume.service the default SAPLogonTicketKeypair was changed to <SID>LogonTicketKeypair, so when I regenerated the SAPLogonTicketKeypair, the two couldn't match. Also the same repeated login page displayed if SAPLogonTicketKeypair is mispelled like SAPLogonTicketKeyPair with capital P.

richard_howard
Active Participant
0 Kudos

I was following the "Setting up BEx Web - Short Track" and using note 983156 to use the Template Installer for BI Configuration. The Short Track document suggested I delete the Tickets in Key Storage before running the Template Installer. This led to the same issue discussed in this Thread.

Unfortunately for me, the Template Installer failed half way through so all of the Tickets were never recreated. I went back to Visual Admin and reloaded the SAPLogonTickets but that didn't resolve my problem.

The "Authentication failed. User is already authenticated as a different user." message is misleading and not really the core issue. What happens is that you logon successfully and it loops back. Logically, you try to then logon as an Admin account and this message is just saying that you're already logged on as someone else from your first attempt.

I guess I'll start all over with creating a new PSE in ABAP and new Logon Tickets in Java and see if I can get it back to the way it was.

Answers (1)

Answers (1)

Former Member
0 Kudos

FWIW, I see the following error messages repeating in the Log Viewer:

ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [service.jms.default.authorization : administrators] referencing J2EE security role [SAP-J2EE-Engine : administrators].

ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [SAP-J2EE-Engine : administrators].

Thanks,

Lee

Former Member
0 Kudos

Apparently the default trace error is unrelated as the original installation is functioning properly but throwing the same errors.

I did discover that non-admin accounts get stuck in a logon page loop when they attempt to log in whereas admin accts get through on the second try. When I switch to another user, I get the following error:

"Authentication failed. User is already authenticated as a different user."

This leads me to believe authentication is successfull but the session or response is getting lost/hung.

Edited by: Lee McMullan on Jul 1, 2008 2:47 PM

Former Member
0 Kudos

Hi Lee,

My problem was with SPNEGO Single Sign On using LDAP to by pass the login screen. I found my problem as the path to my keytab file specified in the krb5.config file was incorrect. For your case I think it's entirely different because you are still using UME, not LDAP as datasource. When you mention migrating, are you saying your company installed a new EP 7.0 server and migrated the contents over? How did you end up getting all the user accounts back into the new server? You may want to check the Everyone Group in the Built in Authenticated datasource to see if that group has any role assigned to it and try again.

Former Member
0 Kudos

You are correct, we are not implementing SPNego but at this point I will take any suggestions that might be conceptually related...

We are attempting to migrate/clone the entire server (OS,J2EE,MSSQL05...) from a remote hosted environment to a local network environment.

I checked the Everyone, Authenticated, and Anonymous groups for the correct roles/Java permissions and all seems to be in-line with the correctly functioning remote system with correct user assignment.

With some further log filtering I was able to where find this error:

The default keystore view [TicketKeystore] does not exist. Authentication stack: [ticket]. The possible reasons for that problem are: keystore does not exist or the user has no permission to read from the keystore view. You can delete the TicketKeystore and restart the engine so that the engine automatically re-creates it.

I suspect the SAPLogonTicketKeystore was recreated incorrectly... I will have the migration team recreate it again. FWIW, I am unfamiliar with the process of assigning user access to this object as the error suggests.

Thanks for the suggestions...