We are running a virtualised environment, and getting a warning in the configure automatically single sign on step. The following error occurs:
SSO setup failed : a problem occured while attempting to add login modules for ticket authentication
Details
Found SID for SSO ACL entry : SOL
Found login.ticket_client for SSO ACL entry : 000
The Read entry permission on TicketKeystore/SAPLogonTicketKeypair-cert was given to sap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar
The TicketKeystore/SAPLogonTicketKeypair-cert was succesfully read (619 bytes)
The SSO ticket Certificate <OU=J2EE,CN=SOL> has been successfully imported into ticket Keystore
WARNING : domain of ourphsicalhostname.companyid.com does not match the domain of monitoring host (and is not a subdomain of) ourvirtualhostame.sap.companyid.com. SSO will not work across such domains
SSO setup failed : a problem occured while attempting to add login modules for ticket authentication
SSO setup failed : error while updating login modules : java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!; nested exception is:
java.lang.SecurityException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!
The SSO ticket Certificate <CN=SOL> has been successfully imported into ticket Keystore
WARNING : domain of phsicalhostname.companyid.com does not match the domain of monitoring host (and is not a subdomain of) cisol.sap.ebrd.com. SSO will not work across such domains
SSO setup failed : a problem occured while attempting to add login modules for ticket authentication
SSO setup failed : error while updating login modules : java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!; nested exception is:
java.lang.SecurityException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!
Exception
java.rmi.RemoteException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!; nested exception is:
java.lang.SecurityException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:81)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:71)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:266)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:466)
at com.sap.engine.services.rmi_p4.server.ServerDispatchImpl.run(ServerDispatchImpl.java:69)
at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:72)
at com.sap.engine.services.rmi_p4.P4Message.execute(P4Message.java:43)
at com.sap.engine.services.cross.fca.FCAConnectorImpl.executeRequest(FCAConnectorImpl.java:999)
at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:59)
at com.sap.engine.services.cross.fca.MessageReader.run(MessageReader.java:55)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by: java.lang.SecurityException: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:109)
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:86)
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:79)
... 12 more
Caused by: java.lang.SecurityException: User 'SM_ADMIN_SOL' does not have permission for the security operation!
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:105)
... 14 more
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
In Check Configuration Step the warning is further detail as follows:
Warning
Activity 'Single Sign On Setup' has been executed with warnings
Action
Please check the warning details and take action if necessary
Details
Message.SSOsetupfailed:aproblemoccuredwhileattemptingtoaddloginmodulesforticketauthentication(Message.java:1)
Details
Details.FoundSIDforSSOACLentry:SOL
Foundlogin.ticket_clientforSSOACLentry:000
TheReadentrypermissiononTicketKeystore/SAPLogonTicketKeypair-certwasgiventosap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar
TheTicketKeystore/SAPLogonTicketKeypair-certwassuccesfullyread(619bytes)
TheSSOticketCertificate<OU=J2EE,CN=SOL>hasbeensuccessfullyimportedintoticketKeystore
WARNING:domainof ourphsicalhostname.companyname.comdoesnotmatchthedomainofmonitoringhost(andisnotasubdomainof) virtualhostname.sap.companyname.com.SSOwillnotworkacrosssuchdomains
SSOsetupfailed:aproblemoccuredwhileattemptingtoaddloginmodulesforticketauthentication
SSOsetupfailed:errorwhileupdatingloginmodules:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!;nestedexceptionis:
java.lang.SecurityException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!
TheSSOticketCertificate<CN=SOL>hasbeensuccessfullyimportedintoticketKeystore
WARNING:domainofphysicalhostname.companyname.comdoesnotmatchthedomainofmonitoringhost(andisnotasubdomainof)cisol.sap.ebrd.com.SSOwillnotworkacrosssuchdomains
SSOsetupfailed:aproblemoccuredwhileattemptingtoaddloginmodulesforticketauthentication
SSOsetupfailed:errorwhileupdatingloginmodules:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!;nestedexceptionis:
java.lang.SecurityException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!
(Details.java:2)
Details
Exception.java.rmi.RemoteException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!;nestedexceptionis:
java.lang.SecurityException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!
atcom.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:81)
atcom.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:71)
atcom.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:266)
atcom.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:466)
atcom.sap.engine.services.rmi_p4.server.ServerDispatchImpl.run(ServerDispatchImpl.java:69)
atcom.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:72)
atcom.sap.engine.services.rmi_p4.P4Message.execute(P4Message.java:43)
atcom.sap.engine.services.cross.fca.FCAConnectorImpl.executeRequest(FCAConnectorImpl.java:999)
atcom.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:59)
atcom.sap.engine.services.cross.fca.MessageReader.run(MessageReader.java:55)
atcom.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
atcom.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
atcom.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Causedby:java.lang.SecurityException:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!
atcom.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:109)
atcom.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:86)
atcom.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:79)
...12more
Causedby:java.lang.SecurityException:User'SM_ADMIN_SOL'doesnothavepermissionforthesecurityoperation!
atcom.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:105)
...14more
(Exception.java:3)
Screen shot below.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
All other steps have completed successfully, (The dataextract error is know about)
The BJT system is a BI Java system linked to BWD (ABAP Stack BW System)
Any assistance or pointers will be appreciated.
Thanks
Tariq