• Home

  • Documents

  • 1617090 - ICF System Logon - Logon Fails, Logon Cookie
2
SAP Note Header Data Symptom The system logon fails. The system issues one of the following error messages: "Logon with URL parameter not possible; logon cookie is missing" (message number: ICF_SYSTEM_LOGIN 402) or "Logon cookie check failed; repeat logon" (message number: ICF_SYSTEM_LOGIN 403) Other Terms Internet Communication Framework, ICF, system logon, Content Advisor Reason and Prerequisites When you implement Note 1567128, a logon cookie is issued in addition during the system logon for security reasons. The error messages ICF_SYSTEM_LOGIN 402 and ICF_SYSTEM_LOGIN 403 indicate a problem with this logon cookie. Possible reason for the error: Error message ICF_SYSTEM_LOGIN 402 "Logon with URL parameter not possible; logon cookie is missing" --------------------------------------------------------------------- 1) You specified the parameters sap-user and sap-password in the URL. The system ignored the parameters and issued the error message. Due to the XSRF protection, the parameters can be sent to the system only from the logon screen. 2) The logon cookie is not transferred for technical reasons (for example, the logon cookie is transferred only using the HTTPS protocol). In this error situation, the system often issues the following additional error message: "Logon through HTTP is not possible; logon ticket is active for HTTPS only" (message ICF_SYSTEM_LOGIN 002). Check the setting of the kernel parameter login/ticket_only_by_https. Possible reason for the error: Error message ICF_SYSTEM_LOGIN 403 "Logon cookie check failed; repeat logon" --------------------------------------------------------------------- 1) You have opened two browser windows and called the logon screen of the same system in both windows. You then enter the user and password on the first screen and submit the screen; the system issues the error message. The logon cookie of the second screen overwrites the logon cookie of the first screen in the browser. When you submit the first screen, the system now sends the logon cookie of the second screen and the check of the cookie in the back end fails. Do not open two logon windows for the same system at the same time. If you want to connect to the same system twice, call the logon screens one after the other. 2) You activated the "Content Advisor". (For example, in Internet Explorer (IE): you choose "Tools - > Internet Options" and go to the "Content" tab.) If the Content Advisor is active, due to a (probably runtime-dependent) response from IE, the system calls the logon page twice and the logon cookie is overwritten. When you submit the logon, the error message then occurs. (See also: http://support.microsoft.com/kb/924456.) If you cannot deactivate the Content Advisor, your only option is to deactivate the XSRF protection as described in the solution. This problem occurs frequently when logging on to SAP Business ByDesign systems. We are in contact with the browser manufacturers to solve this problem. Solution Set the logon cookie according to your requirements. Activate or deactivate the logon cookie ------------------------------------- You can configure whether the logon cookie is to be used and you can activate or deactivate it in the service settings. The default value depends on your release. The configuration switch is provided in transaction SICF. To access it, double-click a service to call the service settings and choose the "Error Pages" tab. On the "Logon Errors" tab page, choose the "Configuration" pushbutton 1617090 - ICF system logon: Logon fails, logon cookie Version 2 Validity: 06.10.2011 - active Language English Released On 06.10.2011 16:16:28 Release Status Released for Customer Component BC-MID-ICF-LGN ICF System Login BC-MID-ICF Internet Communication Framework Priority Recommendations / Additional Info Category Help for error analysis Other Components

1617090 - ICF System Logon - Logon Fails, Logon Cookie

Embed Size (px)

DESCRIPTION

Note 1617090

Citation preview

Page 1: 1617090 - ICF System Logon - Logon Fails, Logon Cookie

SAP Note

Header Data

Symptom

The system logon fails. The system issues one of the following error messages: "Logon with URL parameter not possible; logon cookie is missing" (message number: ICF_SYSTEM_LOGIN 402) or "Logon cookie check failed; repeat logon" (message number: ICF_SYSTEM_LOGIN 403)

Other Terms

Internet Communication Framework, ICF, system logon, Content Advisor

Reason and Prerequisites

When you implement Note 1567128, a logon cookie is issued in addition during the system logon for security reasons. The error messages ICF_SYSTEM_LOGIN 402 and ICF_SYSTEM_LOGIN 403 indicate a problem with this logon cookie. Possible reason for the error: Error message ICF_SYSTEM_LOGIN 402 "Logon with URL parameter not possible; logon cookie is missing" --------------------------------------------------------------------- 1) You specified the parameters sap-user and sap-password in the URL. The system ignored the parameters and issued the error message. Due to the XSRF protection, the parameters can be sent to the system only from the logon screen. 2) The logon cookie is not transferred for technical reasons (for example, the logon cookie is transferred only using the HTTPS protocol). In this error situation, the system often issues the following additional error message: "Logon through HTTP is not possible; logon ticket is active for HTTPS only" (message ICF_SYSTEM_LOGIN 002). Check the setting of the kernel parameter login/ticket_only_by_https. Possible reason for the error: Error message ICF_SYSTEM_LOGIN 403 "Logon cookie check failed; repeat logon" --------------------------------------------------------------------- 1) You have opened two browser windows and called the logon screen of the same system in both windows. You then enter the user and password on the first screen and submit the screen; the system issues the error message. The logon cookie of the second screen overwrites the logon cookie of the first screen in the browser. When you submit the first screen, the system now sends the logon cookie of the second screen and the check of the cookie in the back end fails. Do not open two logon windows for the same system at the same time. If you want to connect to the same system twice, call the logon screens one after the other. 2) You activated the "Content Advisor". (For example, in Internet Explorer (IE): you choose "Tools -> Internet Options" and go to the "Content" tab.) If the Content Advisor is active, due to a (probably runtime-dependent) response from IE, the system calls the logon page twice and the logon cookie is overwritten. When you submit the logon, the error message then occurs. (See also: http://support.microsoft.com/kb/924456.) If you cannot deactivate the Content Advisor, your only option is to deactivate the XSRF protection as described in the solution. This problem occurs frequently when logging on to SAP Business ByDesign systems. We are in contact with the browser manufacturers to solve this problem.

Solution

Set the logon cookie according to your requirements. Activate or deactivate the logon cookie ------------------------------------- You can configure whether the logon cookie is to be used and you can activate or deactivate it in the service settings. The default value depends on your release. The configuration switch is provided in transaction SICF. To access it, double-click a service to call the service settings and choose the "Error Pages" tab. On the "Logon Errors" tab page, choose the "Configuration" pushbutton

    1617090 - ICF system logon: Logon fails, logon cookie  

Version   2     Validity: 06.10.2011 - active   Language   English

Released On 06.10.2011 16:16:28

Release Status Released for Customer

Component BC-MID-ICF-LGN ICF System Login

BC-MID-ICF Internet Communication Framework

Priority Recommendations / Additional Info

Category Help for error analysis

Other Components

Page 2: 1617090 - ICF System Logon - Logon Fails, Logon Cookie

for the system logon. In the system logon settings, set the "Deactivate Login XSRF Protection" indicator accordingly.

Validity

References

This document refers to:

SAP Notes

Software Component From Rel. To Rel. And Subsequent

SAP_BASIS 640 640  

700 702  

710 730  

731 731  

72L 803  

1567128   Unauthorized use of application functions in System Login


Smart card logon

Smart card logon

Documents
Corporate Logon Info

Corporate Logon Info

Technology
Logon Optimization for XenDesktop and XenApp - · PDF fileWHITE PAPER | Logon Optimization i Optimization Guide: User Logon Understanding and Optimizing the Logon Process for XenApp

Logon Optimization for XenDesktop and XenApp - · PDF fileWHITE PAPER | Logon Optimization i Optimization Guide: User Logon Understanding and Optimizing the Logon Process for XenApp

Documents
Chapter 13: Logon and Account Logon Events

Chapter 13: Logon and Account Logon Events

Documents
logon|shanghai daily

logon|shanghai daily

Documents
Logon to: hcs.learnaboutwork

Logon to: hcs.learnaboutwork

Documents
ICF in EMEA - ICF България€¦ · icf chapter news in emea • 5 icf chapters have been approved as official icf chapter since elm 2015 in atlanta: icf nigeria, icf oman,

ICF in EMEA - ICF България€¦ · icf chapter news in emea • 5 icf chapters have been approved as official icf chapter since elm 2015 in atlanta: icf nigeria, icf oman,

Documents
Futronic Logon Enterprise Edition

Futronic Logon Enterprise Edition

Documents
Report Developer - LOGON

Report Developer - LOGON

Documents
Authentication Using Logon Tickets

Authentication Using Logon Tickets

Documents
Disable windows logon password

Disable windows logon password

Technology
Experiences of ICF/ICF -CY Implementation in Taiwansydney.edu.au/health-sciences/ncch/docs/icf/hfliaoOct2011.pdf · Experiences of ICF/ICF -CY Implementation in Taiwan Hua-Fang (Lily)

Experiences of ICF/ICF -CY Implementation in Taiwansydney.edu.au/health-sciences/ncch/docs/icf/hfliaoOct2011.pdf · Experiences of ICF/ICF -CY Implementation in Taiwan Hua-Fang (Lily)

Documents
Mengganti Logon Screenlogout

Mengganti Logon Screenlogout

Documents
Windows Logon Forensics 34132

Windows Logon Forensics 34132

Documents
Logon Scripting

Logon Scripting

Documents
CCW Access and Logon

CCW Access and Logon

Documents
Valve station ICF 15, ICF EVRAT, ICF 20, ICF 25, ICF SS 20 ...€¦ · For ICF EVRAT Repair kit (manual opener) for all ICF EVRAT 14 1 027L1248 Description Fig # Qty. Code no. Gaskets

Valve station ICF 15, ICF EVRAT, ICF 20, ICF 25, ICF SS 20 ...€¦ · For ICF EVRAT Repair kit (manual opener) for all ICF EVRAT 14 1 027L1248 Description Fig # Qty. Code no. Gaskets

Documents
Smartcard Logon

Smartcard Logon

Documents
Sap Logon Introduction

Sap Logon Introduction

Documents
Revision D McAfee Logon Collector 3 McAfee Logon Collector 3.0 Administration Guide 1 Introduction to McAfee Logon Collector The McAfee® Logon Collector is software that monitors

Revision D McAfee Logon Collector 3 McAfee Logon Collector 3.0 Administration Guide 1 Introduction to McAfee Logon Collector The McAfee® Logon Collector is software that monitors

Documents
AWARD WINNING ICF - IntegraSpec ICF

AWARD WINNING ICF - IntegraSpec ICF

Documents
Logon to MyDI

Logon to MyDI

Documents
Training Prospective Trainers of the ICF - Sig vzw · ICF in practice 3 5 ICF Self-learning Resources • ICF book or access to ICF Browser (internet) • ICF e-learning tool: old

Training Prospective Trainers of the ICF - Sig vzw · ICF in practice 3 5 ICF Self-learning Resources • ICF book or access to ICF Browser (internet) • ICF e-learning tool: old

Documents
ICF valve station, type ICF 15, 20 and 25...Installation guide Valve Station Types ICF 15, ICF 20, ICF 25, ICF SS 20 and ICF SS 25 027R9782 027R9782 Danfoss DCS (MWA) 2018.11 AN13978644420802-001101

ICF valve station, type ICF 15, 20 and 25...Installation guide Valve Station Types ICF 15, ICF 20, ICF 25, ICF SS 20 and ICF SS 25 027R9782 027R9782 Danfoss DCS (MWA) 2018.11 AN13978644420802-001101

Documents
Girl Scout Cookie Program Service Unit Cookie … Scout Cookie Program Service Unit Cookie Manager ... Girl Scout Cookie Finder Help friends and family locate the nearest cookie booth

Girl Scout Cookie Program Service Unit Cookie … Scout Cookie Program Service Unit Cookie Manager ... Girl Scout Cookie Finder Help friends and family locate the nearest cookie booth

Documents
Proposal to host ICF-16 India Bid.pdfPrevious ICF Venues ICF-0 ICF-15 1959 ICF-1 1965 ICF-2 1969 ICF-3 1973 ICF-4 ICF 1977 ICF-5 1981 ICF-6 1984 2001 ICF-7 1989 2005 ICF 8 1993 ICF-9

Proposal to host ICF-16 India Bid.pdfPrevious ICF Venues ICF-0 ICF-15 1959 ICF-1 1965 ICF-2 1969 ICF-3 1973 ICF-4 ICF 1977 ICF-5 1981 ICF-6 1984 2001 ICF-7 1989 2005 ICF 8 1993 ICF-9

Documents
Sap Logon Group_v2

Sap Logon Group_v2

Documents
How Interactive Logon Works

How Interactive Logon Works

Documents
LOGON Project resource allocation.xlsx

LOGON Project resource allocation.xlsx

Documents
Logon to deonizamabad

Logon to deonizamabad

Documents