Troubleshooting

This section contains the following topics:

You can use the CA SSO Test tool to verify the CA SSO policies.

Follow these steps:

Access the CA SSO Test Tool from the Start, Programs menu.
Specify the correct Agent name and the smhost.conf file location. Click Connect.
Enter the correct validation realm resource (for example, /smwebasagent/), action GET. Click IsProtected.
Enter a valid CA SSO username and password. Click IsAuthenticated, and IsAuthorized.
Check the configuration of the Policy Server and the Policy Server logs if any of the following events occur:
- A red indicator appears at any time
- The responses WASUSERNAME and NPS_SESSION_LINKER (only for SSO Mode if the SessionLinker is used) do not appear in the Attributes section, examine the Policy Server configuration and logs.
Change the resource to the Web AS application. Click IsProtected, IsAuthenticated, and IsAuthorized. Verify that no red indicators appear and that responses appear for WASUSERNAME and NPS_SESSION_LINKER.
Change the resource to the Enterprise Portal application resource and click IsProtected, IsAuthenticated, and IsAuthorized. Verify that no red indicators appear and that responses appear for both WASUSERNAME and NPS_SESSION_LINKER.
Verify that the users configured for accessing Web AS and Enterprise portal also have access to the validation realm resource, /smwebasagent/.

Review the log file for the Web Agent if any of the following conditions occur:

Note: For more information, see the CA SSO documentation.

If the product is configured for SSO Mode, try simplifying the environment by temporarily eliminating the possibility of a problem in Session Linker.

Note: For more information, see the SessionLinker documentation

Important: Do not perform this procedure in a production environment—it could expose the system to attacks.

Review the log files and trace logs of the SAP Web Application Server for any problem.