SAP Basis Tech Supports

SPNego Wizard

October 22, 2009 at 8:40 pm

[authentication] [Kerberos] [Sign-On] [Single] [SPNego] [SSO]

Symptom
You are configuring Kerberos Authentication mechanism on SAP AS Java.
Other terms
Single Sign-On, SSO, Kerberos, authentication, SPNego
Reason and Prerequisites
Kerberos authentication with Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) is supported for the following system environment:
SAP NetWeaver Web Application Server Java Release:
AS Java 640 SP 15 or higherAS Java 700 SP 6 or higher
Java Development Kits [...]

Configuring of SAP Logon Tickets for non-trusted systems

July 24, 2009 at 5:26 am

[authentication] [configuring] [configuring apt] [logon] [MYSAPSSO2] [SSO] [Ticket] [trusted] [trusted connection]

Symptom
Login to a system, from the same browser session go to another system and re-authenticate to that system, go back to the previous system and
try to access some different application. The SSO will not work any longer and you will be asked to re-authenticate.
Other terms
SSO, Logon Ticket, MYSAPSSO2, Authentication
Reason and Prerequisites
You have two systems [...]

Use of network security products

July 13, 2009 at 11:40 pm

[authentication] [cards] [data] [DCE] [encryption] [network security] [pc security 2009] [privacy] [Secure] [security] [Sign-On] [Single] [smart] [spring security]

Symptom
Inquiries:
Preconditions when using network security productsSecure authentication and confidentiality
Other terms
Security, Secure Single Sign-On, encryption, data security, DCE, smart cards, secure authentication, privacy
Reason and Prerequisites
The SNC functions are officially available in SAP Systems as of Release 3.1G.
Solution
The SNC (Secure Network Communications) functions allow you to use an external security product to secure the communications between [...]

Misleading log error messages “Client certificate error.”

July 10, 2009 at 3:57 am

[authentication] [certificate] [engine] [error log] [http] [ie4 error log.txt] [J2EE] [php error log] [server] [SSL] [var log messages]

Symptom
In the default trace files the following error messages appear even when there is no real error observed:
Client certificate error.IP address
[EXCEPTION]
{0}#1#javax.net.ssl.SSLPeerUnverifiedException: Peer identity not verified
at com.sap.bc.proj.jstartup.fca.FCAConnection.getPeerCertificateChain(FCAConnection.java:452)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:423)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:250)
at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:45)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:109)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:314)
Other terms
j2ee engine, http server, SSL, certificate, authentication
Reason and Prerequisites
The above errors can be written to the default traces in the case when the [...]

Security Troubleshooting Guide For NetWeaver J2EE 640/700

June 14, 2009 at 6:06 pm

[authentication] [netweaver] [sap netweaver] [security] [troubleshooting]

Symptom
This note contains a troubleshooting guide which can be used for analysing security related problems in the SAP J2EE NetWeaver Engine. The guide is valid for the NW04 and NW04s releases, including EhP1 and EhP2 of NW04s.
Other terms
authentication, authorization, security session, single sign-on, SSO, SPNego, Kerberos, SSL, keystore, HeaderVariableLoginModule, ClientCertLoginModule, BasicPasswordLoginModule
Reason and [...]