Hi,
we run a java application (non-SAP), which gets a MYSAPSSO2 cookie from the SAP portal (version 7.0).
After verification of the cookie we start the SSO logon process in our java application.
This works fine with cookies from SAP portal (version 7.0).
Now the SAP portal needs to be upgraded to version 7.3. With MYSAPSSO2 cookies from SAP portal 7.3 this verification process in java fails. We get the following exception:
- java.security.SignatureException: Certificate not found.
The x509 certificate from the new 7.3 portal was succesfully imported into our keystore.
For our so far successful java verification process of cookies from SAP portal 7.0 we used the following SAP java libraries:
import com.sap.security.api.ticket.InfoUnit; import com.sap.security.core.ticket.imp.Ticket;
Here is a snipplet from the source code:
public void verifyTicket(Cookie cookie) throws Exception
{ try { String base64Value = getCookieValueAsBase64(cookie); Ticket ticket = new Ticket(); ticket.setCertificates(this.certificates); ticket.setTicket(base64Value); String vali = ticket.toString(); ticket.verify();
The exception shows up after line 12.
Now I am not sure, if we still can use the mentioned libraries in our java verification process after the portal upgrade to 7.3.
For example, is the class com.sap.security.core.ticket.imp.Ticket no more available with 7.3? When I look at the SAP JavaDocs for 7.3 this class is missing (see here: http://help.sap.com/javadocs/NW73/SPS07/CE/se/com.sap.se/index.html). Do we have to use the class com.sap.security.api.ticket.TicketVerifier instead?
Could anyone help resolve this issue?
Thanks in advance.
Dan