Sunday, 2 May 2021

How to Manually Disable SAML 2.0 for SAP URL

 SAML 2.0 authentication is enabled in an AS ABAP system, but for some particular ICF services, you want to disable the SAML 2.0 authentication.


Add the saml2=disabled add the end of the URL and press Enter. The page now will prompt you the username and password.


URL :

http(s)://<HOSTNAME>:<PORT>/sap/bc/gui/sap/its/webgui/?sap-client=888&sap-language=en&saml2=disabled

URL :

http(s)://<HOSTNAME>:<PORT>/sap/bc/gui/sap/its/webgui/?saml2=disabled


Ref:

2577263 – SAML2.0: How to disable SAML 2.0 authentication for a particular ICF service in AS ABAP

2676971 – SAML2 functionality is disabled by URL parameter error in trace

Friday, 23 April 2021

Configtool Key phrase change: AS Java doesn't start

After changing the key phrase the server0 process can't start and std_server0.out contains this error:

Detailed info is: Cannot retrieve the configuration structure corresponding to service name com.sap.security.core.ume.service

.....

ConfigurationException: Internal error during the decryption process.

.....

BadPaddingException: Invalid PKCS#5 padding length: 142


The same exception can occur to other services too.

Resolution

1.Make full backup of the current filesytem and the database.

2.Navigate to /usr/sap/<SID>/SYS/global/security/data . You should be able to see two files SecStore.key and SecStore.properties.

3.If you have started the re-encrypting process you should be able to see secstore.bak and Reencrypt.key - this files are your backup of the old keyphrase.

4.Restore the database from a backup before you have tried to change the keyphrase.

1.Try to start the system with the current secure store.

2.After that you can try to rename secstore.bak to SecStore.properties and Reencrypt.key to SecStore.key.

3.If that doesn't work and you can try to recreate the secure store.


Refer SAP Note: 1683616 - Configtool Key phrase change: AS Java doesn't start

How to check key phrase of the secure store

 

Execute below command and provide the key phrase. It will check and tell you if it is correct or not.


<Drive>:\usr\sap\<SID>\SYS\global\sltools\checkKeyPhrase.bat -f <Drive>:\usr\sap\<SID>\SYS\global\security\data\SecStore.properties




Enter your key phrase


The key phrase can be changed by selecting Tools -> Edit Secure Store -> Change Key Phrase in ConfigTool.





How to Manually Disable SAML 2.0 for SAP URL

 SAML 2.0 authentication is enabled in an AS ABAP system, but for some particular ICF services, you want to disable the SAML 2.0 authenticat...