cancel
Showing results for 
Search instead for 
Did you mean: 

SSO is not working - User is missing credentials for connecting to alias

Former Member
0 Kudos
1,279

Dear Experts,

I am facing a strange problem in SSO with reference system user mapping.  I have configured reference system user mapping for accessing R/3 for ESS/MSS and transactional iviews along with UWL.  The SSO was configured 2 months ago and was working fine till yesterday.

Since this Monday, (2 days), the system connection tests are failing on connector.  But, ESS/MSS & Transaction iviews with SAP Logon tickets are working fine. But, while trying to access UWL tasks, SSO is failing. Following is the error message -

"Exception occured Exception type:com.sap.netweaver.bc.uwl.connect.ConnectorException Message:Tue Aug 11 09:46:58 CEST 2009

(Connector) :com.sap.portal.connectivity.destinations.PortalDestinationsServiceException:User is missing credentials for connecting to alias <Aliassystem>. Contact your system administrator. "

I have created a destination for the respective backend in Visual Admin > node >  services > Destinations as some tasks are not visible in UWL as per Note-  1133821, 2 weeks ago.It was working fine till yestreday. While testing from destinations, for Connected User(SAP Logon ticket Assertion ticket) , getting the error message  -

Error During ping operation:Ticket contain no/an  emplty ABAP user id(refer note 1159962). The destination is successfully connected with configured user.

But from the Tracecollector logs, I can see that the mapped user is set in the SAP Logon ticket and the User <ABCD> is existing in the target ECC system. More over, the SSO with refence system user mapping is working fine for ESS/MSS and Transaction based iviews. It is failing only for UWL tasks and also in system connection tests for connector. ITS was failing since the beginning.WAS is successful even now.

Trace file info -

.

.

Mapped user [ABCD] set in SAP Logon Ticket. The authenticated user is [<portaluserid>]. Authentication stack: [ticket]..

.

.

The created ticket is:

[Ticket [initialized]

  Ticket Version  = 0

  Ticket Codepage =  (Encoding=1100)

  User = <ABCD>

  Issuing System ID    = EPD

  Issuing System Client = 000

  Creation Time = 200908110746

  Valid Time    = 8 h 0 min

  Signature (length=261 bytes)

.

.

.

I checked tcode SSO2 in ECC system and it is ready for accepting the logon tickets.  The strange thing is single sign on is working for ESS/Transactional iviews and not for UWL. Second thing is UWL was working fine till yesterday morning and stopped working now with SSO problems.

Can you pls advise where to look for fixing the SSO - missing user details for UWL destination?

regards,

Isvarya

Accepted Solutions (1)

Accepted Solutions (1)

former_member206159
Active Contributor
0 Kudos

Check whether users are locked in R3 system and also the validity of the users.

also check the proerties of system alias and user mapping , if anything is wrongly configured

Raghu

Former Member
0 Kudos

Hi Raghu,

Thanks for the response. All the users are active. I myself can not see UWL tasks but still can login to the ECC system.

They are all valid.

rgds,

Isvarya

Answers (3)

Answers (3)

Former Member
0 Kudos

This message was moderated.

Former Member
0 Kudos

<title>reporting the text as formatted text - Dear Experts,</title> <!--[if gte mso 9]><xml> <o:DocumentProperties> <o:Author>Isvarya Bolisetti</o:Author> <o:LastAuthor>Isvarya Bolisetti</o:LastAuthor> <o:Revision>2</o:Revision> <o:TotalTime>1</o:TotalTime> <o:Created>2009-08-11T11:21:00Z</o:Created> <o:LastSaved>2009-08-11T11:21:00Z</o:LastSaved> <o:Pages>1</o:Pages> <o:Words>385</o:Words> <o:Characters>2195</o:Characters> <o:Company>Bekaert N.V</o:Company> <o:Lines>18</o:Lines> <o:Paragraphs>5</o:Paragraphs> <o:CharactersWithSpaces>2575</o:CharactersWithSpaces> <o:Version>11.9999</o:Version> </o:DocumentProperties> </xml><![endif]><![if gte mso 9]><![endif]><![if gte mso 9]>

<!--

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

{mso-style-parent:"";

margin:0cm;

margin-bottom:.0001pt;

mso-pagination:widow-orphan;

font-size:12.0pt;

font-family:"Times New Roman";

mso-fareast-font-family:"Times New Roman";}

@page Section1

div.Section1

-->

</style> <!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style>

<![endif]><![if gte mso 9]><![endif]><![if gte mso 9]>Mapped user set in SAP Logon Ticket. The

authenticated user is . Authentication stack: ..



.



.



The created ticket is:



 

[Ticket

Former Member
0 Kudos

Hi,

Go to system admin-system config-system landscape and open the ECC system you have created.

1. Check all the properties are in place.

2. Test the system and observe the results.

3. You have to ensure that this system has sufficient permissions by right clicking on it and add the everyone group there and also check the enduser checkbox, save the entries and try again.

Good Luck!

Cheers.

Sandeep Tudumu

Former Member
0 Kudos

HI Sandeep,

The connection tests for the system are failing on connector with a message that SSO is not setup properly(or similar). But, this was working fine till yesterday. The permissions are already read for group everyone. Also, it was working fine and I checked the parameters and all are fine in connector category. The transactional iviews based on the same system are working fine now also. The SAP Logon tickets are working fine but not sure what kind of authentication checking Connector tests in system alias is using.

regards,

Isvarya

Former Member
0 Kudos

Hi Isvarya,

Call me .. I know the answer.

Nikesh Shah

Former Member
0 Kudos

This message was moderated.

former_member751941
Active Contributor
0 Kudos

Hi Isvarya,

Follow the steps.

1> Go to the User Administration

2> Search your User id

3> Select the user details and click on Modify button

4> Now Click on the User Mapping for System Access Button

5> Choose your system name and Userid password

6> Make sure your System is tested successfully.

Then check the UWL.

Regards,

Mithu

Former Member
0 Kudos

Hi,

I am facing the same problem, What is the solution for this?

Thanks,

Deep

Former Member
0 Kudos

Hi,

We are facing the same issue. Can anyone share the solution for this.

FYI: SSO is working fine and the Connection tests of the system object are also OK. Only one user is facing this issue.

Pl provide your inputs on this.

Regards

Former Member
0 Kudos

Have you tried to do this with the J2EE_ADMIN user. I was getting the same problem until I used this user. I think there may be some authorisation required from the SAP_ALL role.

Also, have you tried creating the $WebFlowConnector RFC in Visual Admin?

Former Member
0 Kudos

Hi,

We are facing the same issue - what was the solution that worked for you? Please share.

Thanks

Preetha

Former Member
0 Kudos

Preetha,

The error that you are getting can be caused because of multiple reasons. If you have already checked the obvious , and I see multiple people responses in the forum. Here is my tip. Go ahead and check if the u201CGROUPu201D you specified in the system object matches to the group that is active/exists in u201CSMLGu201D in your backend system , and try once again.

Thanks,

Uday

ashish_shah
Contributor
0 Kudos

Hi,

To solve the error : PortalDestinationsServiceException:Could not get connection for alias for system; You need to make sure to log on to portal using the user which exists and has correct authorizations in the connecting back end system.

System Object should be registered by the user which exists in both the systems Portal as well as back end.

For e.g. :If you are using "J2ee_admin" user in portal  then make sure that user "j2ee_admin" exists in back end system as well.

Also check ST22 for any dumps related to authorizations.

Hope it helps to solve the error.

Regards,

Ashish Shah

Former Member
0 Kudos

In System Administration-->System Configuration-->System open object properties of the logical system.  Make sure that the Group (default is SPACE) is set to the same Logon Group that you use in the backend.  Use SMLG to check.

former_member280025
Active Participant
0 Kudos

Hi Isvarya,

Can you check the JCo connection? While creating JCo connection in ESS/MSS for application we use ticket and for metadata we use fix user. It may be possible that the fix user ID's password got expired.

Thanks & Regards,

Niraj

Former Member
0 Kudos

Hi,

The JCo's are working fine with no issues - both app data with respective user logon ticket and meta data with a service id with never expiring password. Also, ESS/MSS are working fine with no issues which are also based on the SAP Logon ticket.

rgds,

Isvarya