cancel
Showing results for 
Search instead for 
Did you mean: 

What is going wrong ? - SSO with Logon Tickets

Former Member
0 Kudos

Hi all gurus ,

I am trying to establish the SSO between my portal ( SP9 on WAS J2ee SP9 ) and my R3 ( ECC 5.0 SP 7 on WAS ABAP SP11 ).

I had done all the obvious for the SSO configuration but it fails . The SM50 transaction says no user founds as shown below ...

-


N Mon Aug 15 07:29:50 2005

N dy_signi_ext: SSO TICKET logon (client 110)

N mySAPUnwrapCookie: was called.

N HmskiFindTicketInCache: Trying to find logon ticket in ticket cache.

N HmskiFindTicketInCache: Try to find ticket with cache key: 110:4C75680AC527A17DC0B0046C8FED4B0E .

N HmskiFindTicketInCache: Logon ticket found in ticket cache.

N HmskiFindTicketInCache: Ticket information in ticket cache is: <USER>= ,<CLIENT>=110

N HmskiFindTicketInCache: no <LANGUAGE>= field found.

N HmskiFindTicketInCache: Ticket information in ticket cache read successfully.

N DyISigni: client=110, user= , lang=E, access=R, auth=T

<b>N nousrrec: no user record found - logon rejected</b>

N save user time zone = > < into spa

N DyISigni: return code=1 (see note 320991)

M ***LOG R68=> ThIRollBack, roll back () [thxxhead.c 12372]

-


The BOLD region is making the issue .

Following are the things I had done so far .

1. Created the verify.der

2. Using STRUSTSSO2 , imported and added into System PSE , added to certification list and Add the ACL list

3. In ACL , I have given system ID as 'EPD'and client as '110'( This is the client I can access my ECC system )

4.Under the Direct Editing of System Administration -> System Configuration -> UM Configuration as login.ticket_client=110 ( By default it was 000)

5.Using RZ10 ,the default profile , I have updated the parameters login/accept_sso2_ticket=1 and login/create_sso2_ticket=0 and restarted the system

Pls advice , what else is missing ?

I have following questions .

1. Inorder the designate Portal as ticket issuing system , do I need to configure any thing else ? Some document say , I dont need to change any setting to accomplish this..Is that right ?

2. I know , The login module , CreateTIcketLoginModule is responsible for create the tickets , but for which applications I need to do this ?

2. How can I make my WAS J2ee as ticket issuing server , is there any advantage over the previous one ?

Pls revert

Aneez

Accepted Solutions (0)

Answers (6)

Answers (6)

Former Member
0 Kudos

Hi all,

did you find a solution?

I have the same problem...

thanks.

Former Member
0 Kudos

Hi,

The Client mentioned in the second step here should be the portal client which is 000 by default. You cannot enter the backend system i.e. your R3 client here.

Now that you have changed the client in step 3, using UM configuration, it's ok to use 110 but did you restart the portal server after changing the UM parameters i.e. login.ticket_client=110. You need to restart the portal server, incase you haven't done that.

I have following questions .

<b>1. Inorder the designate Portal as ticket issuing system , do I need to configure any thing else ? Some document say , I dont need to change any setting to accomplish this..Is that right ?</b>

<b>2. I know , The login module , CreateTIcketLoginModule is responsible for create the tickets , but for which applications I need to do this ?</b>

<b>3. How can I make my WAS J2ee as ticket issuing server , is there any advantage over the previous one ?</b>

The J2EE Engine is issuing a logon ticket and that's verified against the portal certificate that we import on any of the backend systems like ECC or R3, BW, CRM, SRM etc. To learn more, refer to these links.

The answers can be found here:

Hope this helps.

Cheers,

Sunil

PS: Reward points for helpful answers.

Former Member
0 Kudos

HmskiFindTicketInCache: Try to find ticket with cache key: 210:CCBC7D92C3C376C2632611AD3FEC4C09 .

HmskiFindTicketInCache: Logon ticket found in ticket cache.

HmskiFindTicketInCache: Ticket information in ticket cache is: <USER>= ,<CLIENT>=000

HmskiFindTicketInCache: no <LANGUAGE>= field found.

HmskiFindTicketInCache: Ticket information in ticket cache read successfully.

DyISigni: client=210, user= , lang= , access=R, auth=T

nousrrec: no user record found - logon rejected

What would make this happen?

Former Member
0 Kudos

I am having the same issue, but I cannot find out what I am missing here.

I have been through my own config guides which work on another system.

Why would the ticket not have the users name in it.

Thanks

Former Member
0 Kudos

HI Aneez

Check out the following weblog.

Regards

Rajeev.

gregorw
Active Contributor
0 Kudos

Hello Aneez,

as I remember from my SSO configuration the ACL in the R/3 system for the Portal should be set to client 000 because the Portal does not have different clients. The ticket will be assigned to Client 000.

Regards

Gregor