We recently experienced a problem at a customer that drove everyone up the wall. Between 15:00 and 17:00 in the afternoon the user would get a spontaneous Java login popup. Once this happened the ITS would also require the user to log in again.

These login screens aren’t unknown. You normally get them at every customer the first time you log into the WebClient. In order to enable the sending of real time notifications to the client(i.e Broadcasts, Alerts and Telephony) a Java Applet is used to continuously poll the ICF(BC->Notify->Polling Service). This applet requires a login to SAP. The ITS also requires the user to log in again.

So you fix this by sending your local basis consultant a mail telling him to please set the parameters below and restart the instance:

  • login/create_sso2_ticket = 2
  • login/accept_sso2_ticket = 1

Problem solved, no multiple logins required, that is until 3 O’Clock in the afternoon…

We searched for notes, interrogated Desktop Support, logged the problem with SAP, sniffed the network, checked java versions, moved users, reinstalled machines, etc… We can’t figure out what happens 8 hours after a user has logged in?

By the way, below is a couple of notes you may find helpful:

Eventually, SAP responds on the note after 2 months, that we should check our Single Sign On configuration and they provide the link below.

http://help.sap.com/saphelp_nw04/helpdata/en/88/4b353a03e5494ce10000000a114084/frameset.htm

And there it is!!!

login/ticket_expiration_time  => Default = 60 hours

Turns out the default is not 60 hours, but 8 hours. 8 Hours after the user logged in, the ticket expires, requiring them to reauthenticate. I still can’t believe I didn’t think of/find it/RTFM’d this earlier.