Introduction
I am frequently getting questions around the topic of Single Sign On between the ERP system and the Duet J2EE Server, especially how to test if SSO is actually working. This blog shows you how you can test your SSO, and gives you some hints on troubleshooting as well. Performing the SSO test
In order to check SSO from the ERP system to the J2EE engine, here's a list of steps you should follow in your backend system: - Log on to the respective system via SAPGui
- Go to transaction se37
- Enter the function module name /OSP/GET_RM_INFO
- Press F8
- Press F8 again
- You should get a result screen that looks like this one:
If you do get this result and if you are not prompted for a username and password, SSO is working. Basic troubleshooting
What should not happen if you execute this function module is that you are prompted for a username and password. If this happens, it means that the SSO does not work. Most probably, this is because the user that you used for logging on to the system via SAPGui and executing the function module does not exist as a user in the User Management component of the J2EE server and therefore, the J2EE server rejects the logon ticket which is sent for this user. On the server on which the Duet J2EE is running, you can see the incoming calls to the WebService RMWrapper from the function module using a network sniffer. POST /RMWrapper/Config1?style=document HTTP/1.1
content-type: text/xml; charset=utf-8
content-length: 841
accept-language: en
sap-language: E
soapaction: ""
accept: text/xml
sap-srt_id: 20080617/112912/v1.00_final_6.40/DD3C4FD6470C39F19250005056834B06
user-agent: SAP Web Application Server (1.0;700)
host: vmw2154.wdf.sap.corp:50000
accept-encoding: gzip
mysapsso2: AjQxMDMBABhEAE8ARQBTAE4AVABFAFgASQBTAFQAIAACAAYyADIANQADABBFADAANQAgACAAIAAgACAABAAYMgAwADAAOAAwADYAMQA3ADAAOQAyADkABwAEAAAAAggAAQEJAAJFAP8A9DCB8QYJKoZIhvcNAQcCoIHjMIHgAgEBMQswCQYFKw4DAhoFADALBgkqhkiG9w0BBwExgcAwgb0CAQEwEzAOMQwwCgYDVQQDEwNFMDUCAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA4MDYxNzA5MjkxMlowIwYJKoZIhvcNAQkEMRYEFFYKosXYnJ7LrjFhX!vA8VmWgyDsMAkGByqGSM44BAMELjAsAhQ64Cxnbfo9HNo0r!peLxmz8VNbaQIUZOSAy0eZrC06uS2aCf3Y4Fa7Huc=
In case the SSO is not working, you will see a response which says "HTTP/1.1 401 Unauthorized". HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="RMWrapper/Config1"
Connection: close
Pragma: no-cache
Cache-Control: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 1790
Server: SAP J2EE Engine/6.40
Date: Tue, 17 Jun 2008 09:29:13 GMT
In case SSO is working, you will see a response which says "HTTP/1.1 200 OK". HTTP/1.1 200 OK
Set-Cookie: MYSAPSSO2=AjExMDAgABRwb3J0YWw6QWRtaW5pc3RyYXRvcogAB2RlZmF1bHQBAAACAAMwMDADAANFTUUEAAwyMDA4MDYxNzA5MzMFAAQAAAAICgAA%2FwD0MIHxBgkqhkiG9w0BBwKggeMwgeACAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGBwDCBvQIBATATMA4xDDAKBgNVBAMTA0VNRQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDgwNjE3MDkzMzI0WjAjBgkqhkiG9w0BCQQxFgQU8E529yxCR53J5!cm73%2FdRuC4zTAwCQYHKoZIzjgEAwQuMCwCFAUWENcYzaKkEnjeA3ouWq8qmEcZAhQgVqSECCbRqSkIIIWhurnup52ckA%3D%3D;path=/;domain=.wdf.sap.corp;HttpOnly
Set-Cookie: JSESSIONID=(J2EE3754400)ID2063922750DB00306167964037588297End; Version=1; Domain=.wdf.sap.corp; Path=/
Set-Cookie: saplb_*=(J2EE3754400)3754450; Version=1; Path=/
Server: SAP J2EE Engine/6.40
Content-Type: text/xml; charset=UTF-8
Content-Length: 2083
Date: Tue, 17 Jun 2008 09:33:24 GMT
Further reading
The following note provides you with the so called Web Diagtool, a nice tool to collect and analyze log information. You can use this one to get detailled information in case you need to troubelshoot your SSO: Note 1045019 - Web diagtool for collecting traces