Show TOC

SEC.03 SSO logon not possible; browser logon ticket cannot be acceptedLocate this document in the navigation structure

Use

Symptom

This message is displayed during the logon process. It indicates that, during the logon, it is not possible to issue a single sign-on or logon ticket ( MYSAPSSO2 ticket). NWBC requires this SSO ticket to work, as it is the mechanism with which authority information is passed between the shell and the different content areas started.

Solution

There are a number of reasons why the logon process can fail to issue (or accept) a logon ticket. Typical reasons can be:

  • The profile parameters for logon tickets are not configured

  • There is an issue with the digital certificate of the server used to create and accept these tickets.

  • The browser instance already has a MYSAPSSO2 ticket from another server which is not accepted by this server (especially applicable for NWBC for HTML). Due to the architecture of MYSAPSSO2 tickets, only one such ticket can be active. Retest with a newly started browser session.

  • In some releases of SAP NetWeaver, incorrectly configured digital certificates could lead to this error message.

This problem is definitely in the domain of the system administrator. In all cases, the problem is either an incorrectly configured server or a system authentication problem within the landscape. The error is not related to NWBC and can also be reproduced by starting any Web Dynpro ABAP application in the browser.

We highly recommend reading 7.3 Logon Tickets.