CAS server SAML 1.1 authentication got empty response - authentication

CAS server SAML 1.1 authentication got empty response
We have been suffering pain for the CAS SAML 1.1 protocol for a long time.
We are using phpCAS which is a CAS client library.
We are doing with the protocol SAML 1.1 in order to get user attributes, such as user email.
However, it failed with empty reponse error.
Here's the client log: (it's the part of interaction logs, a little bit long, but easy to understand)
3CEE .| | | | => CAS_Client::_readURL('https://portail.cigref.fr/cas/samlValidate?TARGET=https%3A%2F%2Frfly-99.cvtest.com%2Fztest%2FphpCAS%2Fdocs%2Fexamples%2Fexample_simple.php', NULL, NULL, NULL) [Client.php:2062]
3CEE .| | | | | => CAS_Client::_buildSAMLPayload() [Client.php:2806]
3CEE .| | | | | <= '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z"><samlp:AssertionArtifact>ST-5376-cjRtmnPYQBxIMFWOQY1x-cas01.example.org</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>'
3CEE .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
3CEE .| | | | | | CURL: Set CURLOPT_CAINFO ../../ssl/portail.cigref.fr.pem [CurlRequest.php:132]
3CEE .| | | | | | Response Body:
3CEE .| | | | | |
3CEE .| | | | | | [CurlRequest.php:84]
3CEE .| | | | | <= true
3CEE .| | | | <= true
3CEE .| | | | server version: S1 [Client.php:2071]
3CEE .| | | | dom->loadXML() failed [Client.php:2082]
3CEE .| | | | => CAS_AuthenticationException::__construct(CAS_Client, 'SA not validated', 'https://portail.cigref.fr/cas/samlValidate?TARGET=https%3A%2F%2Frfly-99.cvtest.com%2Fztest%2FphpCAS%2Fdocs%2Fexamples%2Fexample_simple.php', false, true, '') [Client.php:2087]
3CEE .| | | | | => CAS_Client::getURL() [AuthenticationException.php:76]
3CEE .| | | | | <= 'https://rfly-99.cvtest.com/ztest/phpCAS/docs/examples/example_simple.php'
3CEE .| | | | | CAS URL: https://portail.cigref.fr/cas/samlValidate?TARGET=https%3A%2F%2Frfly-99.cvtest.com%2Fztest%2FphpCAS%2Fdocs%2Fexamples%2Fexample_simple.php [AuthenticationException.php:79]
3CEE .| | | | | Authentication failure: SA not validated [AuthenticationException.php:80]
3CEE .| | | | | Reason: bad response from the CAS server [AuthenticationException.php:85]
3CEE .| | | | | CAS response: [AuthenticationException.php:101]
3CEE .| | | | | exit()
3CEE .| | | | | -
The ticket is valid and payload has been sent but Response Body is empty.
The logs above is for our customers' CAS server.
We did test on our local CAS server and it's ok.
We also checked the customers' CAS server log which is tomcat log and found this:
2016-03-22 03:31:25,647 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-5376-cjRtmnPYQBxIMFWOQY1x-cas01.example.org
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Tue Mar 22 03:31:25 CET 2016
CLIENT IP ADDRESS: 124.127.186.129
SERVER IP ADDRESS: 178.22.130.235
=============================================================
2016-03-22 03:31:25,647 DEBUG [org.jasig.cas.web.ServiceValidateController] - Successfully validated service ticket ST-5376-cjRtmnPYQBxIMFWOQY1x-cas01.example.org for service [https://rfly-99.cvtest.com/ztest/phpCAS/docs/examples/example_simple.php]
Ticket is validated, no errors in the log except some logout error which should be not related.
What is the reason of this issue? Anyone ever encoutered this issue? Please help us out.


Shouldnt you be passing the ticket to samlValidate as well? I only see TARGET.

Related

How to parse_url without scheme in sql within snowflake?

I am trying to pull hostname and path from urls without scheme but parse_url doesn't works. What all other options do I have?

PARSE_URL does not work without scheme -
SNOWFLAKE1#COMPUTE_WH#TEST_DB.PUBLIC>SELECT PARSE_URL('www.snowflake.com');
100139 (22000): Error parsing URL: scheme not specified
SNOWFLAKE1#COMPUTE_WH#TEST_DB.PUBLIC>SELECT PARSE_URL('http://www.snowflake.com');
+---------------------------------------+
| PARSE_URL('HTTP://WWW.SNOWFLAKE.COM') |
|---------------------------------------|
| { |
| "fragment": null, |
| "host": "www.snowflake.com", |
| "parameters": null, |
| "path": null, |
| "port": null, |
| "query": null, |
| "scheme": "http" |
| } |
+---------------------------------------+
1 Row(s) produced. Time Elapsed: 0.229s
Wondering if you are looking for something like below -
Split a column into multiple columns by delimiter and recombine from last column to first using SQL
SNOWFLAKE1#COMPUTE_WH#TEST_DB.PUBLIC>select value from table(split_to_table('com.dqm.abcv.xyz.google', '.'));
+--------+
| VALUE |
|--------|
| com |
| dqm |
| abcv |
| xyz |
| google |
+--------+
5 Row(s) produced. Time Elapsed: 0.566s

SQLITE: How to select a column value based on different columns in another table

I apologise in advance because I have no idea how to structure this question.
I have the following tables:
Sessions:
+----------+---------+
| login | host |
+----------+---------+
| breilly | node001 |
+----------+---------+
| pparker | node003 |
+----------+---------+
| jjameson | node004 |
+----------+---------+
| jjameson | node012 |
+----------+---------+
Userlist:
+----------+----------------+------------------+
| login | primary_server | secondary_server |
+----------+----------------+------------------+
| breilly | node001 | node010 |
+----------+----------------+------------------+
| pparker | node002 | node003 |
+----------+----------------+------------------+
| jjameson | node003 | node004 |
+----------+----------------+------------------+
What kind of SQL query should I perform so I can get a table like this?:
+----------+---------+------------+
| login | Host | Server |
+----------+---------+------------+
| jjameson | node004 | Secondary |
+----------+---------+------------+
| jjameson | node012 | Wrong Node |
+----------+---------+------------+
| pparker | node003 | Secondary |
+----------+---------+------------+
| breilly | node001 | Primary |
+----------+---------+------------+
Currently I'm just using Go with a bunch of structs / hashmaps to generate this.
I am planning to migrate the users / sessions to an in memory sqlite Database, but I can't seem to wrap my head around a query to get this sort of table.
The Server column is based on whether the user is logged on his primary / secondary or wrong machine.
I've put this in SQL Fiddle as well

Use case logic:
select s.*,
(case when s.host = ul.primary_server then 'primary'
when s.host = ul.secondary_server then 'secondary'
else 'wrong node'
end) as server
from sessions s left join
userlist ul
on s.login = ul.login;

SQL to retrieve cancelled services without new stamps

I have vehicles inside a services table, that first get a stamp and them an essay, stamp and essay are linked steps inside the services tables.
First came a stamp and second came an essay.
After all they get a certificate linked to the essay from the services table.
I need to retrieve only canceled certificates (status = 0 ) that do not have any new service with new stamps after the canceled essay .
My query is :
SELECT
cert.essay_id,
cert.status,
ser.essay_id,
ser.stamp_id,
ser.created,
v.ds_plate
FROM vehicles v
JOIN services ser ON ser.vei_id = v.vei_id
LEFT JOIN certificates cert ON cert.essay_id = ser.essay_id AND cert.status = 0
WHERE v.ds_plate = 'ABC1234' ORDER BY ser.created DESC;
And the results i have are :
-------------------------------------------------------------------------------
| ESSAY_ID | STATUS | ESSAY_ID | STAMP_ID | CREATED | DS_PLATE
1| | | | 4303333 | 10/07/2017 15:54:05 | ABC1234
2| 4254441 | 0 | 4254441 | | 20/12/2016 16:52:05 | ABC1234
3| | | | 4263152 | 20/12/2016 16:42:51 | ABC1234
In a minimalistic way these are the tables involved:
vehicles
vei_id
ds_plate
services
vei_id
essay_id
stamp_id
created
certificates
id
essay_id
status
created
I would like to find only these situations, when no new stamp was added after having a essay_id linked to an certificate and with status = 0 inside the services table :
| ESSAY_ID | STATUS | ESSAY_ID | STAMP_ID | CREATED | DS_PLATE
1| 4254441 | 0 | 4254441 | | 20/12/2016 16:52:05 | ABC1234
2| | | | 4263152 | 20/12/2016 16:42:51 | ABC1234

Authorization failed: The resource could not be found. (HTTP 404)

I'm trying to run the monitoring service in openstack, but I'm receiving this error:
~$ monasca metric-list
Authorization failed: The resource could not be found. (HTTP 404)
When I check the log file this is why I found:
2016-09-20 10:27:36.357 27771 WARNING keystonemiddleware.auth_token [-] Fetch revocation list failed, fallback to online validation.
2016-09-20 10:27:36.376 27771 ERROR keystonemiddleware.auth_token [-] Bad response code while validating token: 403
2016-09-20 10:27:36.377 27771 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "You are not authorized to perform the requested action, identity:validate_token.", "code": 403, "title": "Forbidden"}}
2016-09-20 10:27:36.377 27771 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Failed to fetch token data from identity server
This is the services, projects, users , role and endpoints in keystone
+----------------------------------+----------+------------+
| ID | Name | Type |
+----------------------------------+----------+------------+
| 1c38cf31124d404783561793fc1fb7f0 | monasca | monitoring |
| 1eb72109ea604b6e8f2bd264787ca370 | keystone | identity |
+----------------------------------+----------+------------+
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 733a0a1369f94f6ab31b8875ef19e0ee | service |
| 9e732f1a2aca48e098daf62bb230f85e | monasca |
| f2df2111f893434f83fda7d5bd6cac4a | admin |
+----------------------------------+---------+
+----------------------------------+---------------+
| ID | Name |
+----------------------------------+---------------+
| 3a1b8582a11f4e07b3a21e84e9fb7c23 | monasca-user |
| 559752237e824d81a6133494b63c5789 | monasca-agent |
| 5bcf19af4e8e4067a5679e6a0f2f88f1 | admin |
+----------------------------------+---------------+
+----------------------------------+---------------+
| ID | Name |
+----------------------------------+---------------+
| 1679c1c099b543db96ac4412be21b15a | admin |
| 6ca31578625c49568085284dee72e4b8 | monasca-agent |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| a3267f589e7342ceaedef57ea9e4aac2 | monasca-user |
+----------------------------------+---------------+
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
| 3fbfc68e9f894e47846b896c6c8d3f3e | RegionOne | keystone | identity | True | internal | http://controller:5000/v2.0 |
| 470043a7f6364add902548df6fb7b60e | RegionOne | monasca | monitoring | True | public | http://localhost:8082/v2.0 |
| 9e68606b37084cbeb95106ff1bede0cb | RegionOne | monasca | monitoring | True | internal | http://localhost:8082/v2.0 |
| b4273c72671e4fac99e7d2bc6334156c | RegionOne | monasca | monitoring | True | admin | http://localhost:8082/v2.0 |
| d27bb34d619443658ca745b9fee1c967 | RegionOne | keystone | identity | True | admin | http://controller:35357/v2.0 |
| f736ebca8ac24b78bdf1dff60ac86ab1 | RegionOne | keystone | identity | True | public | http://controller:5000/v2.0 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
this is the keystone section in my api.conf file:
[keystone_authtoken]
identity_uri = http://controller:35357
auth_uri = http://controller:5000/v3
admin_password = PASSWORD
admin_user = monasca-user
admin_tenant_name = monasca
cafile =
certfile =
keyfile =
insecure = false
file to get the token for the identity service
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=PASSWORD
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
and for the monitoring service
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=monasca
export OS_TENANT_NAME=monasca
export OS_USERNAME=monasca-user
export OS_PASSWORD=PASSWORD
export OS_AUTH_URL=http://controller:35357/
export OS_IDENTITY_API_VERSION=3
I can find what is wrong with the configuration

Are you able to run the following command?
openstack token issue
Why do you have localhost in endpoint?

you can use --debug option for monasca commands to get more details
I think the problem is that you register keystone endpoint with version specified while in env var the version is another one. it is recommended that not include version number in endpoint, especially the keystone one. Please check install manuals and follow its instructions

"Update Terminated" on /nva01 transaction

While running the SAP-SD benchmarking process on 3 tier SAP setup, a number of transactions are fired by automated users.
The following steps are executed,
6 /nva01 (Create Sales Order)
[ENTER]
7 Order Type or
Sales Organization 0001
Distribution Channel 01
Division 01
[ENTER]
8 Sold-to party sdd00000
PO Number perf500
Req.deliv.date 22.12.2009
Deliver.Plant 0001
Material Order quantity
sd000000 1
sd000001 1
sd000002 1
sd000003 1
sd000004 1
[F11] (Save)
9 [F3] (Back)
(This dialogstep is needed only to get 4 dialogsteps for VA01 as defined
for the SD benchmarks)
whenever [F11] is pressed after entering information, it saves successfully. However, when [F3] is pressed, it shows error “unable to update”
Then I manually tried to execute the same steps
6 /nva01 (Create Sales Order)
[ENTER]
7 Order Type or
Sales Organization 0001
Distribution Channel 01
Division 01
[ENTER]
8 Sold-to party sdd00000
PO Number perf500
Req.deliv.date 22.12.2009
Deliver.Plant 0001
Material Order quantity
sd000000 1
sd000001 1
sd000002 1
sd000003 1
sd000004 1
On pressing [F11] it successfully saves. But when [F3] is pressed to go back to previous screen, it gives “update was terminated” error.
[F11] (Save)
9 [F3] (Back)
Then to locate the root cause of error, SM13 transaction and it shows the following details for the error
There is a large number of same errors in logs, and the update key for all the error entries is the same “4A08B4400C022793E10000000FD5F53D” is this normal..?
On googling found out that the possible reason for this error could be
Key already exists in table and duplicate entry is disallowed.
Which table is affected by this transaction..? how to resolve..?
Document number ranges issue
Which document number range to modify..? how to resolve..?
Kindly advise how to resolve this
edit including system log--
Runtime Errors SAPSQL_ARRAY_INSERT_DUPREC Exception
CX_SY_OPEN_SQL_DB Date and Time 12.05.2009 06:59:27
---------------------------------------------------------------------------------------------------- |Short text
| | The ABAP/4 Open SQL array insert results in duplicate database
records. |
---------------------------------------------------------------------------------------------------- |What happened?
| | Error in the ABAP Application Program
| |
| | The current ABAP program "SAPLV05I" had to be terminated
because it has | | come across a statement
that unfortunately cannot be executed.
|
---------------------------------------------------------------------------------------------------- |What can you do?
| | Note down which actions and inputs caused the error.
| |
| |
| | To process the problem further, contact you SAP system
| | administrator.
| |
| | Using Transaction ST22 for ABAP Dump Analysis, you can look
| | at and manage termination messages, and you can also
| | keep them for a long time.
|
---------------------------------------------------------------------------------------------------- |Error analysis
| | An exception occurred that is explained in detail below.
| | The exception, which is assigned to class 'CX_SY_OPEN_SQL_DB',
was not caught | | in
| | procedure "SD_PARTNER_UPDATE" "(FUNCTION)", nor was it
propagated by a RAISING | | clause.
| | Since the caller of the procedure could not have anticipated
that the | | exception would occur, the
current program is terminated. | |
The reason for the exception is:
| | If you use an ABAP/4 Open SQL array insert to insert a record
in | | the database and that record
already exists with the same key, | |
this results in a termination.
| |
| | (With an ABAP/4 Open SQL single record insert in the same error
| | situation, processing does not terminate, but SY-SUBRC is set
to 4.) |
---------------------------------------------------------------------------------------------------- |How to correct the error
| | Use an ABAP/4 Open SQL array insert only if you are sure that
none of | | the records passed already
exists in the database. | |
| | If the error occures in a non-modified SAP program, you may be
able to | | find an interim solution in an
SAP Note. | |
If you have access to SAP Notes, carry out a search with the following
| | keywords:
| |
| | "SAPSQL_ARRAY_INSERT_DUPREC" "CX_SY_OPEN_SQL_DB"
| | "SAPLV05I" or "LV05IU15"
| | "SD_PARTNER_UPDATE"
| |
| | If you cannot solve the problem yourself and want to send an
error | | notification to SAP, include
the following information: | |
| | 1. The description of the current problem (short dump)
| |
| | To save the description, choose "System->List->Save->Local
File | | (Unconverted)".
| |
| | 2. Corresponding system log
| |
| | Display the system log by calling transaction SM21.
| | Restrict the time interval to 10 minutes before and five
minutes | | after the short dump. Then
choose "System->List->Save->Local File | |
(Unconverted)".
| |
| | 3. If the problem occurs in a problem of your own or a modified
SAP | | program: The source code of the
program | |
In the editor, choose "Utilities->More
| | Utilities->Upload/Download->Download".
| |
| | 4. Details about the conditions under which the error occurred
or which | | actions and input led to the
error. | |
| | The exception must either be prevented, caught within proedure
| | "SD_PARTNER_UPDATE" "(FUNCTION)", or its possible occurrence
must be declared | | in the
| | RAISING clause of the procedure.
| | To prevent the exception, note the following:
|
---------------------------------------------------------------------------------------------------- |System environment
| | SAP-Release 701
| |
| | Application server... "hpvm-202"
| | Network address...... "15.213.245.61"
| | Operating system..... "HP-UX"
| | Release.............. "B.11.31"
| | Hardware type........ "ia64"
| | Character length.... 16 Bits
| | Pointer length....... 64 Bits
| | Work process number.. 10
| | Shortdump setting.... "full"
| |
| | Database server... "ghoul3"
| | Database type..... "ORACLE"
| | Database name..... "E64"
| | Database user ID.. "SAPSR3"
| |
| | Terminal.......... "hpvmmsa"
| |
| | Char.set.... "C"
| |
| | SAP kernel....... 701
| | created (date)... "Feb 24 2009 21:53:01"
| | create on........ "HP-UX B.11.23 U ia64"
| | Database version. "OCI_102 (10.2.0.4.0) "
| |
| | Patch level. 32
| | Patch text.. " "
| |
| | Database............. "ORACLE 9.2.0.., ORACLE 10.1.0..,
ORACLE 10.2.0.." | | SAP database version. 701
| | Operating system..... "HP-UX B.11"
| |
| | Memory consumption
| | Roll.... 2013408
| | EM...... 0
| | Heap.... 0
| | Page.... 0
| | MM Used. 1966160
| | MM Free. 24336
|
---------------------------------------------------------------------------------------------------- |User and Transaction
| |
| | Client.............. 900
| | User................ "SAP_PERF000"
| | Language key........ "E"
| | Transaction......... "VA01 "
| | Transactions ID..... "4A08B9BC0C022793E10000000FD5F53D"
| |
| | Program............. "SAPLV05I"
| | Screen.............. "RSM13000 3000"
| | Screen line......... 2
|
---------------------------------------------------------------------------------------------------- |Information on where terminated
| | Termination occurred in the ABAP program "SAPLV05I" - in
"SD_PARTNER_UPDATE". | | The main program was
"RSM13000 ".
| |
| | In the source code you have the termination point in line 480
| | of the (Include) program "LV05IU15".
| | The program "SAPLV05I" was started in the update system.
| | The termination is caused because exception "CX_SY_OPEN_SQL_DB"
occurred in | | procedure "SD_PARTNER_UPDATE"
"(FUNCTION)", but it was neither handled locally | |
nor declared
| | in the RAISING clause of its signature.
| |
| | The procedure is in program "SAPLV05I "; its source code begins
in line | | 1 of the (Include program
"LV05IU15 ". |
---------------------------------------------------------------------------------------------------- |Source Code Extract
|
---------------------------------------------------------------------------------------------------- |Line |SourceCde
|
---------------------------------------------------------------------------------------------------- | 450| POSNR = I_XVBPA-POSNR
| | 451| PARVW =
I_XVBPA-PARVW. | | 452| IF
I_YVBPA-STCD1 <> I_XVBPA-STCD1 OR
| | 453| I_YVBPA-STCD2 <> I_XVBPA-STCD2 OR
| | 454| I_YVBPA-STCD3 <> I_XVBPA-STCD3 OR
| | 455| I_YVBPA-STCD4 <> I_XVBPA-STCD4 OR
| | 456| I_YVBPA-STCDT <> I_XVBPA-STCDT OR
| | 457| I_YVBPA-STKZN <> I_XVBPA-STKZN OR
| | 458| I_YVBPA-J_1KFREPRE <> I_XVBPA-J_1KFREPRE OR
| | 459| I_YVBPA-J_1KFTBUS <> I_XVBPA-J_1KFTBUS OR
| | 460| I_YVBPA-J_1KFTIND <> I_XVBPA-J_1KFTIND.
| | 461| MOVE-CORRESPONDING I_XVBPA TO WA_XVBPA3I.
| | 462| APPEND WA_XVBPA3I TO DA_XVBPA3I.
| | 463| ENDIF.
| | 464| ENDIF.
| | 465| ENDIF.
| | 466| WHEN UPDKZ_OLD.
| | 467| IF DA_VBPA-ADRDA CA GCF_ADDR_IND_COMB_MAN_OLD OR
| | 468| DA_VBPA-ADRDA CA GCF_ADDR_IND_COMB_MAN_ADRC.
| | 469| YADR-ADRNR = DA_VBPA-ADRNR. COLLECT YADR.
| | 470| ENDIF.
| | 471| IF DA_VBPA-ADRDA CA GCF_ADDR_IND_COMB_MAN_OLD OR
| | 472| DA_VBPA-ADRDA CA GCF_ADDR_IND_COMB_MAN_ADRC.
| | 473| XADR-ADRNR = DA_VBPA-ADRNR. COLLECT XADR.
| | 474| ENDIF.
| | 475| ENDCASE.
| | 476| ENDLOOP.
| | 477| UPDATE (OBJECT) FROM TABLE DA_XVBPAU.
| | 478| UPDATE VBPA3 FROM TABLE DA_XVBPA3U.
| | 479|
| |>>>>>| INSERT (OBJECT) FROM TABLE DA_XVBPAI.
| | 481| INSERT VBPA3 FROM TABLE DA_XVBPA3I.
| | 482|
| | 483| IF SY-SUBRC > 0.
| | 484| MESSAGE A700 WITH OBJECT SY-SUBRC DA_XVBPAI(21).
| | 485| ENDIF.
| | 486|
| | 487|* Sonderfall neue VBPA (VBPA2) für Rollen AA und AW
| | 488| LOOP AT I_XVBPA2.
| | 489| DA_VBPA2 = I_XVBPA2.
| | 490| CASE DA_VBPA2-UPDKZ.
| | 491| WHEN UPDKZ_NEW.
| | 492| IF DA_VBPA2-ADRDA CA GCF_ADDR_IND_COMB_MAN_OLD OR
| | 493| DA_VBPA2-ADRDA CA GCF_ADDR_IND_COMB_MAN_ADRC.
| | 494| XADR-ADRNR = DA_VBPA2-ADRNR. COLLECT XADR.
| | 495| ENDIF.
| | 496| I_XVBPA-MANDT = SY-MANDT.
| | 497| IF I_XVBPA2-VBELN IS INITIAL.
| | 498| I_XVBPA2-VBELN = F_VBELN.
| | 499| ENDIF.
|

It is very clear that system is trying to update with some duplicate record and hence, the update termination system is popping up. Take the help of ABAP team and check the root cause of this issue. Also if there is any customization involved in sale order creation process, then in that case also, this will happen. So you have to check with ABAP team. Alternatively, if you have login credentials for Service Marketplace, then have a look at OSS note 330904.