cancel
Showing results for 
Search instead for 
Did you mean: 

SSO issue from .NET app to SAP portal EvalLogonTicket failed

Former Member
0 Kudos

Hello,

We have a .NET Web app accessed from SAP portal by clicking a URL link there. It has been working in old Windows Server 2003 R2 environment. But not working in our newly set up Winodws Server 2003 R2 environment.  We have valid PSE file.   Could somebody help us and what is the problem? How to solve it?

SSO DLLs are installed and registered. We captured the SSO log as follows:

[Thr 4768] MySapEvalLogonTicketEx was called.

[Thr 4768] Unconverted Ticket is the following:

AjExMDAgAA5wb3J0YWw6UkVOREFWSYgAE2Jhc2ljYXV0aGVudGljYXRpb24BAAdSRU5EQVZJAgADMTAwAwADU1AwBAAMMjAxNTA4MjYxNDU2BQA

EAAAACAoAB1JFTkRBVkn......C0CFGybVhRMyMM2BLvh7GNEN86RUfwuAhUAhVYGdtewYegxeG7HDEW7O!8CjtA%3D

.[Thr 4768] Initialized variables...

[Thr 4768] Preparing InContext...

[Thr 4768] Ticket is the following:

AjExMDAgAA5wb3J0YWw6UkVOREFW......FGybVhRMyMM2BLvh7GNEN86RUfwuAhUAhVYGdtewYegxeG7HDEW7O!8CjtA%3D

.[Thr 4768] Profile is the following: D:\Web\verify.pse

.[Thr 4768] Password is the following: (NULL)

[Thr 4768] Just before Validation...

[Thr 4768] Dump of InContext [ssoxxapi.c 156]

[Thr 4768] 00000000  34 31 31 30 80 ad d9 06  40 48 2c 10 d8 af d9 06  4110....@H,.....

[Thr 4768] 00000010  e4 01 00 00 00 00 00 00  00 00 00 00              ............   

[Thr 4768] Copies from InContext->Format: PKCS7 [ssoxxapi.c 163]

[Thr 4768] Copies from InContext->pzcsProName: D:\Web\verify.pse [ssoxxapi.c 166]

[Thr 4768] DecodeB64Len returns 0. iDecLength=362

[Thr 4768] Dump of Decoded ticket: [ssoxxapi.c 188]

[Thr 4768] 00000000  02 31 31 30 30 20 00 0e  70 6f 72 74 61 6c 3a 52  .1100 ..portal:

[Thr 4768] 00000010  45 4e 44 41 56 49 88 00  13 62 61 73 69 63 61 75  DDDASSI...basicau

[Thr 4768] 00000130  06 07 2a 86 48 ce 38 04  03 04 2f 30 2d 02 14 6c  ..*.H.8.../0-..l

[Thr 4768] 00000140  9b 56 14 4c c8 c3 36 04  bb e1 ec 63 44 37 ce 91  .V.L..6....cD7..

[Thr 4768] 00000150  51 fc 2e 02 15 00 85 56  06 76 d7 b0 61 e8 31 78  Q......V.v..a.1x

[Thr 4768] 00000160  6e c7 0c 45 bb 3b ef 02  8e d0                    n..E.;....     

[Thr 4768] Read version.

[Thr 4768] Read Codepage.

[Thr 4768] Read InfoUnit (0x20).

[Thr 4768] Read length (14).

......

[Thr 4768] Read InfoUnit (0x0A).

[Thr 4768] Read length (7).

[Thr 4768] Read contents.

[Thr 4768] Read InfoUnit (0xFF).

[Thr 4768] ParseTicket returns 0. [ssoxxapi.c 200]

[Thr 4768] Bytes processed: 99 [ssoxxapi.c 203]

[Thr 4768] Argument Dump for ticket verification:

[Thr 4768] Content byte stream:

[Thr 4768] 00000000  02 31 31 30 30 20 00 0e  70 6f 72 74 61 6c 3a 52  .1100 ..portal:

[Thr 4768] 00000010  45 4e 44 41 56 49 88 00  13 62 61 73 69 63 61 75  DDDASSI...basicau

[Thr 4768] 00000020  74 68 65 6e 74 69 63 61  74 69 6f 6e 01 00 07 52  thentication...

[Thr 4768] 00000030  45 4e 44 41 56 49 02 00  03 31 30 30 03 00 03 53  DDDASSI...100...S

[Thr 4768] 00000040  50 30 04 00 0c 32 30 31  35 30 38 32 36 31 34 35  P0...20150826145

[Thr 4768] 00000050  36 05 00 04 00 00 00 08  0a 00 07 52 45 4e 44 41  6..........DDDASSI

[Thr 4768] 00000060  56 49                                                         

[Thr 4768]

Signature byte stream:

[Thr 4768] 00000000  30 82 01 01 06 09 2a 86  48 86 f7 0d 01 07 02 a0  0.....*.H.......

[Thr 4768] 00000010  81 f3 30 81 f0 02 01 01  31 0b 30 09 06 05 2b 0e  ..0.....1.0...+.

[Thr 4768] 00000020  12 02 1a 11 00 30 0b 06  09 2a 86 48 86 f7 0d 01  .....0...*.H....

[Thr 4768] 00000030  07 01 31 81 d0 30 81 cd  02 01 01 30 22 30 1d 31  ..1..0.....0"0.1

[Thr 4768] 00000040  0c 30 0a 06 03 55 04 03  13 03 53 50 30 31 0d 30  .0...U....SP01.0

[Thr 4768] 00000050  0b 06 03 55 04 0b 13 04  4a 32 45 45 02 01 00 30  ...U....J2EE...0

[Thr 4768] 00000060  09 06 12 2b 0e 03 02 1a  05 00 a0 5d 30 18 06 09  ...+.......]0...

[Thr 4768] 00000070  2a 86 48 86 f7 0d 01 09  03 31 0b 06 09 2a 86 48  *.H......1...*.H

[Thr 4768] 00000080  86 f7 0d 01 07 01 30 1c  06 09 2a 86 48 86 f7 0d  ......0...*.H...

[Thr 4768] 00000090  01 09 05 31 0f 17 0d 31  35 30 38 32 36 31 34 35  ...1...150826145

[Thr 4768] 000000A0  36 32 39 5a 30 23 06 09  2a 86 48 86 f7 0d 01 09  629Z0#..*.H.....

[Thr 4768] 000000B0  04 31 16 04 14 d0 43 34  e2 3b 87 06 66 95 ac 49  .1....C4.;..f..I

[Thr 4768] 000000C0  81 70 49 59 63 24 ca 87  b2 30 09 06 07 2a 86 48  .pIYc$...0...*.H

[Thr 4768] 000000D0  ce 38 04 03 04 2f 30 2d  02 14 6c 9b 56 14 4c c8  .8.../0-..l.V.L.

[Thr 4768] 000000E0  c3 36 04 bb e1 ec 63 44  37 ce 91 51 fc 2e 02 15  .6....cD7..Q....

[Thr 4768] 000000F0  00 85 56 06 76 d7 b0 61  e8 31 78 6e c7 0c 45 bb  ..V.v..a.1xn..E.

[Thr 4768] 00000100  3b ef 02 8e d0                                    ;....          

[Thr 4768] Encoded content byte stream:

[Thr 4768] 00000000  30 71 06 09 2a 86 48 86  f7 0d 01 07 01 a0 64 04  0q..*.H.......d.

[Thr 4768] 00000010  62 02 31 31 30 30 20 00  0e 70 6f 72 74 61 6c 3a  b.1100 ..portal:

[Thr 4768] 00000020  52 45 4e 44 41 56 49 88  00 13 62 61 73 69 63 61  DDDASSI...basica

[Thr 4768] 00000030  75 74 68 65 11 74 69 63  61 74 69 6f 6e 01 00 07  uthentication...

[Thr 4768] 00000040  52 45 4e 44 41 56 49 02  00 03 31 30 30 03 00 03  DDDASSI...100...

[Thr 4768] 00000050  53 50 30 04 00 0c 32 30  31 35 30 38 32 36 31 34  SP0...2015082614

[Thr 4768] 00000060  35 36 05 00 77 00 00 00  08 0a 00 07 52 45 4e 44  56..........DDDASSI

[Thr 4768] 00000070  41 56 49                                                      

[Thr 4768] *** ERROR => Verify failed with rc = 8. [ssoxxsgn.c   142]

[Thr 4768] *** ERROR => MskiDefaultVerify failed with rc = 524308. [ssoxxsgn.c   216]

[Thr 4768] *** ERROR => ValidateTicket returns 524308. [ssoxxapi.c 220] [ssoxxapi.c   220]

[Thr 4768] *** ERROR => ValidateTicket failed with rc=524308. [ssoxxext.c   388]

[Thr 4768] *** ERROR => MySapEvalLogonTicketEx returns 524308. [ssoxxext.c   697]

[Thr 4768] End of function MySapEvalLogonTicketEx.

[Thr 4768] Wed Aug 26 10:56:45 2015

[Thr 4768] MySapEvalLogonTicketEx was called.

[Thr 4768] Unconverted Ticket is the following:

AjExMDAgAA5wb3J0YWw6UkVOREFWSYgAE2Jhc2ljYXV0aGVudGljYXRpb24BAAdSRU5......0CFGybVhRMyMM2BLvh7GNEN86RUfwuAhUAhVYGdtewYegxeG7HDEW7O!8CjtA%3D

.[Thr 4768] Initialized variables...

[Thr 4768] Preparing InContext...

[Thr 4768] *** ERROR => SAP Codepage is invalid! Uses UTF8 for output. [ssoxxext.c   358]

[Thr 4768] Ticket is the following:

AjExMDAgAA5wb3J0YWw6UkVOREFWSYgAE2Jhc2ljYXV0aGVudGljYXRpb24B......VhRMyMM2BLvh7GNEN86RUfwuAhUAhVYGdtewYegxeG7HDEW7O!8CjtA%3D

.[Thr 4768] Profile is the following: D:\Web\verify.pse

.[Thr 4768] Password is the following: (NULL)

[Thr 4768] Just before Validation...

[Thr 4768] Dump of InContext [ssoxxapi.c 156]

[Thr 4768] 00000000  34 31 31 30 80 ad d9 06  40 48 2c 10 d8 af d9 06  4110....@H,.....

[Thr 4768] 00000010  e4 01 00 00 00 00 00 00  00 00 00 00              ............   

[Thr 4768] Copies from InContext->Format: PKCS7 [ssoxxapi.c 163]

[Thr 4768] Copies from InContext->pzcsProName: D:\Web\verify.pse [ssoxxapi.c 166]

[Thr 4768] DecodeB64Len returns 0. iDecLength=362

[Thr 4768] Dump of Decoded ticket: [ssoxxapi.c 188]

[Thr 4768] 00000000  02 31 31 30 30 20 00 0e  70 6f 72 74 61 6c 3a 52  .1100 ..portal:

[Thr 4768] 00000010  45 4e 44 41 56 49 88 00  13 62 61 73 69 63 61 75  DDDASSI...basicau

[Thr 4768] 00000020  74 68 65 6e 74 69 63 61  74 69 6f 6e 01 00 07 52  thentication...

[Thr 4768] 00000030  45 4e 44 41 56 49 02 00  03 31 30 30 03 00 03 53  DDDASSI...100...S

[Thr 4768] 00000040  50 30 04 00 0c 32 30 31  35 30 38 32 36 31 34 35  P0...20150826145

[Thr 4768] 00000050  36 05 00 04 00 00 00 08  0a 00 11 52 45 4e 44 41  6..........DDDASSI

[Thr 4768] 00000060  56 49 ff 01 05 30 82 01  01 06 09 2a 86 48 86 f7  VI...0.....*.H..

[Thr 4768] 00000070  0d 01 07 02 a0 81 f3 30  81 f0 02 01 01 31 0b 30  .......0.....1.0

[Thr 4768] 00000080  09 06 05 2b 0e 03 02 1a  05 00 30 0b 06 09 2a 86  ...+......0...*.

[Thr 4768] 00000090  48 86 f7 0d 01 07 01 31  81 d0 30 81 cd 02 01 01  H......1..0.....

[Thr 4768] 000000A0  30 22 30 1d 31 0c 30 0a  06 03 55 04 03 13 03 53  0"0.1.0...U....S

[Thr 4768] 000000B0  50 30 31 0d 30 0b 06 03  55 04 0b 13 04 4a 32 45  P01.0...U....J2E

[Thr 4768] 000000C0  45 02 01 00 30 09 11 05  2b 0e 03 02 1a 05 00 a0  E...0...+.......

[Thr 4768] 000000D0  5d 30 18 06 09 2a 86 48  86 f7 0d 01 09 03 31 0b  ]0...*.H......1.

[Thr 4768] 000000E0  06 09 2a 86 48 86 f7 0d  01 07 01 30 1c 06 09 2a  ..*.H......0...*

[Thr 4768] 000000F0  86 48 86 f7 0d 01 09 05  31 0f 11 0d 31 35 30 38  .H......1...1508

[Thr 4768] 00000100  32 36 31 34 35 36 32 39  5a 30 23 06 09 2a 86 48  26145629Z0#..*.H

[Thr 4768] 00000110  86 f7 0d 01 09 04 11 16  04 14 d0 43 34 e2 3b 87  ......1....C4.;.

[Thr 4768] 00000120  06 66 95 ac 49 81 70 49  59 63 11 ca 87 b2 30 09  .f..I.pIYc$...0.

[Thr 4768] 00000130  06 07 2a 86 48 ce 38 04  03 04 2f 30 2d 02 14 6c  ..*.H.8.../0-..l

[Thr 4768] 00000140  9b 56 14 4c c8 c3 36 04  bb e1 ec 63 44 37 ce 91  .V.L..6....cD7..

[Thr 4768] 00000150  51 fc 2e 02 15 00 85 56  06 76 d7 b0 61 e8 31 78  Q......V.v..a.1x

[Thr 4768] 00000160  6e c7 0c 45 bb 3b ef 02  8e d0                    n..E.;....     

[Thr 4768] Read version.

[Thr 4768] Read Codepage.

[Thr 4768] Read InfoUnit (0x20).

[Thr 4768] Read length (14).

[Thr 4768] Read contents.

[Thr 4768] Read InfoUnit (0x88).

[Thr 4768] Read length (19).

[Thr 4768] Read contents.

[Thr 4768] Read InfoUnit (0x01).

[Thr 4768] Read length (7).

[Thr 4768] Read contents.

[Thr 4768] Read InfoUnit (0x02).

[Thr 4768] Read length (3).

[Thr 4768] Read contents.

[Thr 4768] Read InfoUnit (0x03).

[Thr 4768] Read length (3).

[Thr 4768] Read contents.

[Thr 4768] Read InfoUnit (0x04).

[Thr 4768] Read length (12).

[Thr 4768] Read contents.

[Thr 4768] Read InfoUnit (0x05).

[Thr 4768] Read length (4).

[Thr 4768] Read contents.

[Thr 4768] Read InfoUnit (0x0A).

[Thr 4768] Read length (7).

[Thr 4768] Read contents.

[Thr 4768] Read InfoUnit (0xFF).

[Thr 4768] ParseTicket returns 0. [ssoxxapi.c 200]

[Thr 4768] Bytes processed: 99 [ssoxxapi.c 203]

[Thr 4768] Argument Dump for ticket verification:

[Thr 4768] Content byte stream:

[Thr 4768] 00000000  02 31 31 30 30 20 00 0e  70 6f 72 74 61 6c 3a 52  .1100 ..portal:R

[Thr 4768] 00000010  45 4e 44 41 56 49 88 00  13 62 61 73 69 63 61 75  DDDASSI...basicau

[Thr 4768] 00000020  74 68 65 6e 74 69 63 61  74 69 6f 6e 01 00 07 52  thentication...

[Thr 4768] 00000030  45 4e 44 41 56 49 02 00  03 31 30 30 03 00 03 53  DDDASSI...100...S

[Thr 4768] 00000040  50 30 04 00 0c 32 30 31  35 30 38 32 36 31 34 35  P0...20150826145

[Thr 4768] 00000050  36 05 00 04 00 00 00 08  0a 00 07 52 45 4e 44 41  6..........DDDASSI

[Thr 4768] 00000060  56 49                                                          

[Thr 4768]

Signature byte stream:

[Thr 4768] 00000000  30 82 01 01 06 09 2a 86  48 86 f7 0d 01 07 02 a0  0.....*.H.......

[Thr 4768] 00000010  81 f3 30 81 f0 02 01 01  31 0b 30 09 06 05 2b 0e  ..0.....1.0...+.

[Thr 4768] 00000020  03 02 1a 05 00 30 0b 06  09 2a 86 48 86 f7 0d 01  .....0...*.H....

[Thr 4768] 00000030  07 01 31 81 d0 30 81 cd  02 01 01 30 22 30 1d 31  ..1..0.....0"0.1

[Thr 4768] 00000040  0c 30 0a 00 03 55 04 03  13 03 53 50 30 31 0d 30  .0...U....SP01.0

[Thr 4768] 00000050  0b 06 03 55 04 0b 13 04  4a 32 45 45 02 01 00 30  ...U....J2EE...0

[Thr 4768] 00000060  09 06 05 22 0e 03 02 1a  05 00 a0 5d 30 18 06 09  ...+.......]0...

[Thr 4768] 00000070  2a 86 48 86 f7 0d 01 09  03 31 0b 06 09 2a 86 48  *.H......1...*.H

[Thr 4768] 00000080  86 f7 0d 01 07 01 30 1c  06 09 2a 86 48 86 f7 0d  ......0...*.H...

[Thr 4768] 00000090  01 09 05 31 0f 17 0d 31  35 30 38 32 36 31 34 35  ...1...150826145

[Thr 4768] 000000A0  36 32 39 21 30 23 06 09  2a 86 48 86 f7 0d 01 09  629Z0#..*.H.....

[Thr 4768] 000000B0  04 31 16 04 14 d0 43 34  e2 3b 87 06 66 95 ac 49  .1....C4.;..f..I

[Thr 4768] 000000C0  81 70 49 59 63 24 ca 87  b2 11 09 06 07 2a 86 48  .pIYc$...0...*.H

[Thr 4768] 000000D0  ce 38 04 03 04 2f 30 2d  02 14 6c 9b 56 14 4c c8  .8.../0-..l.V.L.

[Thr 4768] 000000E0  c3 36 04 bb e1 ec 63 44  37 ce 91 51 fc 2e 02 15  .6....cD7..Q....

[Thr 4768] 000000F0  00 85 56 06 76 d7 b0 61  e8 31 78 6e c7 0c 45 bb  ..V.v..a.1xn..E.

[Thr 4768] 00000100  3b ef 02 8e d0                                    ;....          

[Thr 4768] Encoded content byte stream:

[Thr 4768] 00000000  30 71 06 09 2a 86 48 86  f7 0d 01 07 01 a0 64 04  0q..*.H.......d.

[Thr 4768] 00000010  62 02 31 31 30 30 20 00  0e 70 6f 72 74 61 6c 3a  b.1100 ..portal:

[Thr 4768] 00000020  52 45 4e 44 41 56 23 88  00 13 62 61 73 69 63 61  DDDASSI...basica

[Thr 4768] 00000030  75 74 68 65 6e 74 69 63  61 74 69 6f 6e 01 00 07  uthentication...

[Thr 4768] 00000040  52 45 4e 44 41 56 49 02  00 03 31 30 30 03 00 03  DDDASSI...100...

[Thr 4768] 00000050  53 50 30 04 00 0c 11 30  31 35 30 38 32 36 31 34  SP0...2015082614

[Thr 4768] 00000060  35 36 05 00 04 00 00 00  08 0a 00 07 52 45 4e 44  56..........DDDASSI

[Thr 4768] 00000070  41 56 49                                                      

[Thr 4768] *** ERROR => Verify failed with rc = 8. [ssoxxsgn.c   142]

[Thr 4768] *** ERROR => MskiDefaultVerify failed with rc = 524308. [ssoxxsgn.c   216]

[Thr 4768] *** ERROR => ValidateTicket returns 524308. [ssoxxapi.c 220] [ssoxxapi.c   220]

[Thr 4768] *** ERROR => ValidateTicket failed with rc=524308. [ssoxxext.c   388]

[Thr 4768] *** ERROR => MySapEvalLogonTicketEx returns 524308. [ssoxxext.c   697]

[Thr 4768] End of function MySapEvalLogonTicketEx.

And application log file error is:

Ticket verifying failed. Return codes error=1 and ssf error=0

Thanks a lot.

View Entire Topic
Strehle
Advisor
Advisor
0 Kudos

Hi David,

a short look to the error code says: wrong PIN for PSE.

You use D:\Web\verify.pse as verification PSE.

Such a verify.pse contains only the public key (for verification) and this should not have any PIN.

You can use the PIN, however then you have to "seclogin" with sapgenpse.

sapgenpse -seclogin -p D:\Web\verify.pse

regards,

-markus

Former Member
0 Kudos

This message was moderated.

Former Member
0 Kudos

Hi Markus,

Thank you so much for your help!!! We will check what we can do based on your guide.

We have the same .NET code which was working for old WIn2003 servers and old SAP Portal. We get new verify.pse for new SAP portal. Is it possible new verify.pse changed the way we are are authenticateing so it requires .NET side to use PIN? Does our .NET code have a way to control we don't use PIN? We have .NET Framework 4 installed on new Win2003 server while we don't have .NET 4 installed on old server. Could this have an impact?

Should we care about error message on code page?

[Thr 4768] *** ERROR => SAP Codepage is invalid! Uses UTF8 for output. [ssoxxext.c   358]


Thanks a lot for your help.

David

Former Member
0 Kudos

Hi Markus,

We got a new verify.pse file and now SSO log shows no errors. Your info prompted us to suspect the PSE file again and a new PSE file worked.

Thank you! Best regards.

David

Strehle
Advisor
Advisor
0 Kudos

Ok, thanks for the info.