cancel
Showing results for 
Search instead for 
Did you mean: 

SAP.Web.Security.TicketException: MYSAP_INVALID

darren_martin
Explorer
0 Kudos

We recently updated our portal to the following:

J2EE Engine 6.40 PatchLevel 108290.313

Portal 6.0.20.0.0

Previously sap.web.security dll worked fine but now I get this exception

SAP.Web.Security.TicketException: MYSAP_INVALID

I have tried all the suggestions in this forum and nothing works. Does anyone have the orginal source code for this dll or a working solution ?

the following code does get the ticket if I remove the handler from the web.config.....

Dim cookieString As String = HttpUtility.UrlDecode((Request.Cookies("MYSAPSSO2").Value).Replace("!", "%2B"))

Dim ticket As SAP.Web.Security.MySapSso2Ticket = New SAP.Web.Security.MySapSso2Ticket("verify.pse", cookieString)

Dim objUsr As SAP.Web.Security.MySAPSso2Identity = New SAP.Web.Security.MySAPSso2Identity(ticket, cookieString)

so why does the handler fail ? driving me crazy.

Accepted Solutions (0)

Answers (3)

Answers (3)

darren_martin
Explorer
0 Kudos

Hey if you like it or have questions/comments please post them here. This is sample code and if you choose to use it in your environment I take no responsiblity for any damages or loss of service.

Most of the code is snippets taken from other samples on the web and therefore I only take credit for putting it all together. This code and sample are not for commerical use.

darren_martin
Explorer
0 Kudos

Ok, so I had to write my own http Auth Module implementing SSOExt.

I want to post the source up here. How can I do this?

Message was edited by:

Darren Martin

Not a Handler but HTTP Module

andrefischer
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Darren,

you can post source code as a WIKI entry.

https://wiki.sdn.sap.com/wiki/display/Snippets/Home

This way it is also possible for other developers to change the coding if they add additional features.

Best regards,

André

darren_martin
Explorer
0 Kudos

Thanks, I was away for a week so I will try and get this posted this week.

darren_martin
Explorer
0 Kudos

Ok so I added the code to the wiki in the attachment area. Hopefully Wiki mods don't delete it. This works perfectly for our purposes and config.

https://www.sdn.sap.com/irj/sdn/wiki?path=/display/snippets/home&;

SSOTest.rar.jpg

PortalSecurity.rar.jpg

Right Click and save the files then remove the .jpg extension. Open with WinRAR or Winzip.

You will have to generate your own public key so take a look at the assemblyinfo.vb file.

Steps to create your own public key

C:DevelopmentPortalSecurityKeyFile>sn -k keyfile.snk

Microsoft (R) .NET Framework Strong Name Utility Version 1.1.4322.573

Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.

Key pair written to keyfile.snk

C:DevelopmentPortalSecurityKeyFile>sn -p keyfile.snk publickey.snk

Microsoft (R) .NET Framework Strong Name Utility Version 1.1.4322.573

Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.

Public key written to publickey.snk

C:DevelopmentPortalSecurityKeyFile>sn -t publickey.snk

Microsoft (R) .NET Framework Strong Name Utility Version 1.1.4322.573

Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.

Public key token is [should display your Public Key Token]

Other config...May not be necessary as you can change the code to do whatever you want.

- Note 442401 - Web server filter for SSO to third-party systems

(https://service.sap.com/sap/support/notes/442401)

Extract the zip file attached to this SAP Note. Follow the instructions in the SAP Note and the instructions in the "filterdocs" directory of the unzipped files.

For our environment, I copied the iss6_sso.dll (for IIS 6) and the verify.properties files into the "inetpubscripts" directory. (There is a "verify.properties" file attached tot the source for your reference). Note the reference to a verify.pse file in the 'verify.properties' file. It should point to wherever the verify.pse file is, which in our case is "c:secverify.pse". I also copied the WPSSO_V3.DLL file from the "Cin ti386" directory to the system32 directory.

- Note 304450 - Single-Sign-On with SAP logon tickets in non-SAP systems

(https://service.sap.com/sap/support/notes/304450)

This SAP Note points the developer to SAPSSOEXT in SAP's software download area. Use SAPCAR to unzip the downloaded file and follow the instructions in this SAP Note and the instructions in the DOCS directory (a PDF and a README.TXT file).

PDF Note: The comments portion of the MySapEvalLogonTicketEx function declaration (Section 3.2 of the PDF) indicates that an environment variable named SSF_LIB must be created/exist. It should point to the location of the SSF-compliant security library (ie: SAPSECU.DLL in the system32 directory).

darren_martin
Explorer
0 Kudos

Anyone ?