Issuer issue from SAP SSO ticket

Hello,

I got an issue with SAP Security library.

I'm trying to validate a SSO Ticket. It seems the SAP Security library cannot find the certificate for a space issue.

Indeed, the issuer of my certificate is "OU=J2EE, CN=TEST" and the issuer from SSO ticket seems to be "OU=J2EE,CN=TEST".

For the issuer from SSO ticket, I'm not really sure because SAP Security library doesn't provide method to extract issuer field.

In fact, I'm using the same ticket and library in Production environment.

And I'm trying to reproduce the ticket validation in Java.

My questions are:

- Can we force the issuer value to use on SAP Security library side ?

- Do this issue is known bug ? If yes, which SAP Security library version I should use ?

- Is there a workaround ?

===== Ticket.toString() =====

Ticket Version  = 2

Ticket Codepage = 1100 (Encoding=ISO8859_1)

User = Z99999990742

Issuing System ID     = TEST

Issuing System Client = 000

Creation Time = 201307230729

Valid Time    = 8 h 0 min

Valid from   Tue Jul 23 09:29:00 CEST 2013   until   Tue Jul 23 17:29:00 CEST 2013

Signature (length=261 bytes)

InfoUnit 32, length=19

InfoUnit 136, length=19

InfoUnit 10, length=12

===== Some Test =====

com.sap.security.core.ticket.imp.Ticket.findCertificates(certificates, "OU=J2EE, CN=TEST", BigInteger.ZERO); --> Found

com.sap.security.core.ticket.imp.Ticket.findCertificates(certificates, "OU=J2EE,CN=TEST", BigInteger.ZERO);  --> Didn't find

====== Certificate.toString() ======

[

  Version: V1

  Subject: OU=J2EE, CN=TEST

  Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3

  Key:  Sun DSA Public Key

    Parameters:DSA

    p:     X

    q:     X

    g:     X

    y:     X

  Validity: [From: Fri Mar 23 14:54:28 CET 2007,

               To: Tue Mar 23 14:54:28 CET 2027]

  Issuer: OU=J2EE, CN=TEST

  SerialNumber: [    00]

]

====== Certificate Importation ======

> keytool -import -alias certificate -file TEST_000.crt -keypass password -keystore storekey.jks -storepass password

Propriétaire : OU=J2EE, CN=TEST

Emetteur : OU=J2EE, CN=TEST Numéro de série : 0

Valide du : Mon Sep 24 11:12:42 CEST 2007 au : Fri Sep 24 11:12:42 CEST 2027

Empreintes du certificat :

MD5:            X

SHA1 :         X

SHA256 :     X

Nom de l'algorithme de signature : SHA1withDSA

Version : 1

Faire confiance à ce certificat ? [non] : oui

Certificat ajouté au fichier de clés

===== Error raised =====

Caused by: java.security.SignatureException: Certificate (Issuer="OU=J2EE,CN=TEST", S/N=0) not found.

  at com.sap.security.core.ticket.imp.Ticket.verify(Ticket.java:1016)

  at org.eurocopter.sap.security.impl.SAPTicketValidation.verifyTicket(SAPTicketValidation.java:231)

==== Java version ======

java version "1.7.0_25"

Java(TM) SE Runtime Environment (build 1.7.0_25-b17)

Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode)

==== SAP Security version ======

environment: com.sap.security.api

Implementation-Vendor-Id: sap.com

Implementation-Version: 7.0107.20120601132146.0000

environment: com.sap.security.core

Implementation-Vendor-Id: sap.com

Implementation-Version: 7.0107.20120601132146.0000