Replace SAPLogonTicketKeypair for Single Sign On

I got a problem and just already found the solution this morning. I just want to share it
  • Problem : Error occurred when accessing portal in dual-stack system -> The system is unable to interpret the SSO ticket received.
  • Solution :Check expiration date of the ticket for Single Sign On between AS Java and ABAP. If it is expired, replace the ticket.
Procedure for replacing SAPLogonTicketKeypair for SSO :
  1. Open Visual Admin.
  2. Go to server_ServicesKey Storage.
  3. Check expiration date for ticket SAPLogonTicketKeypair.
  4. If date is expired, rename or delete this ticket.
  5. Click Create.
  6. Fill the required field. Common Name should be unique. Entry name should be the same : SAPLogonTicketKeypair. Tick Store Certificate, Use RSA algorithm. Leave other field default. Then click Generate.
  7. Export ticket SAPLogonTicketKeypair-cert as .crt format.
  8. Login to ABAP in specific client which is accessed by Portal, ex : 800
  9. Go to tcode STRUSTSSO2
  10. Delete old certificate.
  11. Import certificate .crt file mentioned above.
  12. Click Add to Certificate List.
  13. Click Add to ACL.
  14. Save.
  15. Finish.

Comments

Post a Comment

Popular posts from this blog

Hana XS Engine Troubleshooting

Overview:  HANA 2.0 is having XSA as base for many application like HANA cockpit, WEB IDE, Big Data Hub to name a few. You are lucky if you get it through for installation but sometimes you are stuck with few issues which you keep trying to solve , you don find solution. This Blog identifies and help you solve few of them. Getting a guide is very easy. But troubleshooting in real world might make your head spin. So sharing my experience. XX will represent the instance no. used in this blog. Error:  Adding role ‘xs_worker’ failed: Check /var/tmp latest update folder and it will mention the file name which contains more details. It should be with name like hdbmodify_addlocalroles.log. and Reason :  FAIL: process hdbxscontroller HDB XS Controller not running Sub Reason:   Could not startup the controller components: SAP WebDispatcher failed to bind application port (already occupied). Route to application will be unavailable. Restarting the...
Read more

Check Users Locked or deactivated in Hana or Hana Studio

Check Users; select * from users where user_deactivated= ‘TRUE’; Deactive hana user We can use the following SQL query to DEACTIVATE HANA DB user ; ALTER USER DEACTIVATE USER NOW; Example ; alter user HanaUser deactivate user now; To activate the user again we can use the below SQL query ; ALTER USER ACTIVATE USER NOW; Example ; alter user Hanauser activate user now;
Read more

Hana ini file location

The ini files are stored at the following default location on the server: /hana/shared/$SID/global/hdb/custom/config. File Details /usr/sap/ /HDB /exe/config Default values (not to be adjusted) /usr/sap/ /SYS/global/hdb/custom/config/ .ini Valid for a specific service (e.g. indexserver) or component (e.g. multidb) on all hosts /usr/sap/ /SYS/global/hdb/custom/config/global.ini Valid for all services on all hosts /usr/sap/ /HDB / / .ini Valid for a specific service (e.g. indexserver) or component (e.g. multidb) on a specific host /usr/sap/ /HDB / /global.ini Valid for all services on a specific host
Read more