Content Player / Policy Configuration component login modules

Similar Messages

• Configure JAAS login module stack to support x.509 certificates without SSL

  I want to use x.509 certificates for authentication against a EP 7.0 but I don’t want to have SSL traffic on the network segment where the portal resides. Obviously the SSL must be terminated in an application gateway that sends the certificate to the portal in the header.
  I know that AcceptClientCertWithoutSSL must be set to true in the http provider and that ClientCertificateHeaderName is the name of the header variable that contains the user’s certificate, default is SSL_CLIENT_CERT.
  What I don’t know is how to configure my JAAS login module stack, my suggestion would be this:
  EvaluateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
  ClientCertLoginModule OPTIONAL {Rule1.getUserFrom=SSL_CLIENT_CERT}
  CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
  BasicPasswordLoginModule REQUISITE {}
  CertPersisterLoginModule OPTIONAL {Rule1.getUserFrom=SSL_CLIENT_CERT}
  CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
  My concern is does the ClientCertLoginModule and the CertPersisterLoginModule read from the header variable? If they don’t, is there another login module that should be used in this case?

  Hi Claus,
  you got the flags right but the options of the login modules (LM) are wrong, so the certificate authentication won't work.
  There's two problems I see: (1) Rule1.getUserFrom is not a valid option for the LM CertPersisterLoginModule, and (2) SSL_CLIENT_CERT is not a valid value for the option Rule1.getUserFrom of the ClientCertLoginModule.
  Looking at this topic:
  http://help.sap.com/saphelp_nw2004s/helpdata/en/ea/301e3e6217b40be10000000a114084/content.htm
  the header variable used to pass the certificate is maintained in the HTTP provider service properties but since you use the default you don't need to maintain that part of the config. You also don't need the CertPersisterLoginModule in the config because it is used for automatic certificate mapping, which doesn't work when you don't have SSL to the portal.
  So with the above said your LM stack config should look like this:
  EvaluateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
  ClientCertLoginModule OPTIONAL {Rule1.getUserFrom=wholeCert}
  CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
  BasicPasswordLoginModule REQUISITE {}
  CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
  If this doesn't work I'd suggest opening a support ticket.
  Regards,
  Yonko

• Configuring PAM login modules with weblogic 6.1

  I am trying to configure my own PAM login module to work on the same JVM as weblogic.
  I have my own security policy that does not rely on weblogic however when trying
  to login after creating a specific login context :
  LoginContext loginContext = new LoginContext("XXLogin",subject,
  callbackHandler);
  loginContext.login();
  The JVM tries to invoke weblogic's own internal server login module. It looks
  for the callback the login module uses and then fails.
  The same problem ocurrs at weblogic startup. Weblogic appears to overide the -Djava.security.auth.login.config=jaas.config
  with their own login configuration file:WLHOME\lib\server.policy. Is this supposed
  to be a standard PAM login configuration file or weblogic's own interpretation
  of it ? (It is called a policy file which normally relates to grants and permissions
  in JAVA). Anyway we modified this file to include our own login module under a
  different AuthenticationConfigurationName. However weblogic attempted to use our
  login module as well as their own. According to the jaas api when creating a login
  context the application configuration name is specified however weblogic appears
  to be ignoring this !! Also we have found that a PAM configuration file that we
  had did not parse with weblogic, however it worked with the standard PAM configuration
  file parser. This implies that weblogic does not use the standard parser. Any
  help welcome !!

  Hi Parthasarathy,
  Thanks for the pointer. Your suggestion was the first step to getting our Security
  Model to be compatible with the WebLogic 6.1 model. As suggested I removed the
  the default LoginModule (ServerLoginModule) from the Server.policy file and replaced
  it with our Login Module. Then we defined JVM properties for the weblogic.management.password
  property in the startweblogic command file to supply the authentication information
  required by WebLogic.
  The next problem that I encountered was that we use files in the jaas.jar for
  Authorisation when I tried to access these files (e.g. javax.security.auth.Policy)
  I got a sealing violation as the JVM had previously loaded other class files in
  this package from the weblogic.jar (as weblogic uses these files for authorisation).
  It was possible to get around this problem by putting the jaas.jar ahead of the
  weblogic.jar in the classpath.
  After this I just needed to set up permissions in the weblogic.policy file for
  authorisation and we were there.
  Regards
  Paul
  Parthasarathy Seshadri <[email protected]> wrote:
  Please note from the documentation:
  http://e-docs.bea.com/wls/docs61//security/prog.html#1039659
  that WLS uses the default Login Module (weblogic.security.internal.ServerLoginModule)
  to gather authentication informatino
  during server initialization. To replace the default Login module, edit
  the Server.policy file and replace the name of the
  default Login module with the name of a custom Login module.
  Please inform whether the above information is useful. Thank you.
  Paul Petley wrote:
  I am trying to configure my own PAM login module to work on the sameJVM as weblogic.
  I have my own security policy that does not rely on weblogic howeverwhen trying
  to login after creating a specific login context :
  LoginContext loginContext = new LoginContext("XXLogin",subject,
  callbackHandler);
  loginContext.login();
  The JVM tries to invoke weblogic's own internal server login module.It looks
  for the callback the login module uses and then fails.
  The same problem ocurrs at weblogic startup. Weblogic appears to overidethe -Djava.security.auth.login.config=jaas.config
  with their own login configuration file:WLHOME\lib\server.policy. Isthis supposed
  to be a standard PAM login configuration file or weblogic's own interpretation
  of it ? (It is called a policy file which normally relates to grantsand permissions
  in JAVA). Anyway we modified this file to include our own login moduleunder a
  different AuthenticationConfigurationName. However weblogic attemptedto use our
  login module as well as their own. According to the jaas api when creatinga login
  context the application configuration name is specified however weblogicappears
  to be ignoring this !! Also we have found that a PAM configurationfile that we
  had did not parse with weblogic, however it worked with the standardPAM configuration
  file parser. This implies that weblogic does not use the standard parser.Any
  help welcome !!--
  Developer Relations Engineer
  BEA Support

• How to call custom Login Module from JSP

  Hi,
  I am stuck with the following issue:
  1) Exactly as presented in help.sap.com (http://help.sap.com/saphelp_nw04/helpdata/en/3f/1be040e136742ae10000000a155106/content.htm) I created custom login module and deployed it as a library on J2EE server. When I configured it to be used for my applications in the Security provider but I am getting "No user name provided" exception everytime when my applications use this custom login module.
  2) I realized that I would need to call my custom module somewhere within my application (simple JSP) using LoginContext class and then use MyLoginContext.login() spec to initiate login process. But I am not able to pass CallbackHandler parameters from JSP application to my custom login module.
  So I have the following questions:
  1. Can I pass parameters using LoginContext and CallbackHandler from JSP to my custom login module (created as exact copy of HELP.SAP.COM example) or this module cannot be used this way.
  2. How to pass CallbackHandler correctly to my custom login module from JSP. When I am trying to use CallbackHandler, I am getting "Abstract Class cannot be called" error.
  I'd appreciate any little help on this matter.
  Thanks and regards,
  Mike

  You have two alternatives to do this:
  You can declare your JSP as a protected resource with the use of the deployment descriptors of the application (web.xml) and add the custom login module in the authentication stack of the application. This way, you will use container-based authentication, i.e. the Web Container will enforce the authentication and it will call the custom login module before it dispatches to the JSP. I recommend you this approach because it requires less coding and it makes the whole thing a matter of configuration. The configuration can be later on enhanced or changed runtime without the need to re-build and re-deploy the application. If you choose this approach you can go to the documentation of the server for help on how to modify the login module stack of the application.
  You can also use programmatic authentication by using JAAS API. To do this you need to create a custom security policy configuration with login module stack containing the custom login module, and then use the standard JAAS mechanism - new LoginContext(<configuration>, <callback-handler>).login(). This approach requires that you write your own callback handler and handle any LoginException.
  Let us know which approach you prefer and whether you have difficulties implementing it!

• JAAS login module configuration in Oracle application server

  I have a LDAP login module implementing javax.security.auth.spi.LoginModule. This login module works well with tomcat and weblogic, if I configure the JVM arguments -Djava.security.auth.login.config and -Djava.security.policy to pont to the login.conf and access.policy files. The login.conf file has the below content
  FREEWAY_SERV
  com.wipro.freeway.security.LdapLoginModule required debug=true portal=false;
  FREEWAY_PORT
  com.wipro.freeway.security.LdapLoginModule required debug=true portal=true;
  The application uses these login modules by passing Name of the JAAS configuration (FREEWAY_SERV or FREEWAY_PORT).
  I would like to use the same login modules and code in Oracle application sever 10.1.3 and I haven't got any success yet.
  Could anybody please help me to get this right?
  Thanks in advance.
  Message was edited by:
  vinayalva

  Hi,
  in OracleAs bet is to use Enterprise Manager to configure the login module. The LoginModule needs to be configured in the system-jazn-data.xml file, which is located in teh j2ee/home/config directory of the OC4J you use. Enterprise Manager does this all for you.
  In your application deployment the orion-application.xml file needs to specify that a custom LoginModule should be used. Again ENterprise Manager does it for you.
  To use the LoginModule e.d. for J2EE authentication, just make sure that the application name of the J2EE deployment matches the name of the LoginModule configuration
  If you want to use pure JAAS you may have to change the OC4J properties file in the j2ee/home/config directory. Best suggestion to give is to get the online documentation for OC4J security
  Frank

• How to configure login modules for certificate logon

  Hello,
  perhaps someone of you has also tried to implement SSO via Client Certificates and is able to help me...
  I have configured the login modules for rule based authentication with the option Rule1.getUserFrom = wholeCert and I have attached my certificate to my user in useradmin.
  And also added the login module to the template ticket, as suggested by the documentation at help.sap.com
  But when I logon to the portal or other application (for example useradmin) via https the authentication doesn't work (but I'm still able to logon via password).
  I also tried auto. certifcate mapping and mapping by subject name but in every case the system ignores the configured login module. There are no errors in the log files.
  Thank You,
  Frank

  Hi Frank,
  did you configure the SSO for an individual policy configuration or did you edit and save the changes the ticket policy config? I ask, b/c if you applied the changes to the individual policy config then the SSO with certificates will be used <b>only</b> when you access the applications for that policy config.
  You can also double check the login module flags - perhaps the authentication check doesn't reach the ClientCertLM at all.
  Since you followed the help portal instruction I assume you've enabled strong crypto - it is required for client cert SSO. Ano easily committed mistake is to also not use the HTTPS port in the access URL.
  Let me know if this helps...
  Yonko

• Custom Login Module with Adf 11g and and weblogic server

  I have configured adf security on my application. I have checked the authentication and authorization are working fine with the default authenticator.
  I am trying to create a custom login module. I have downloaded the custom login module implementation jaasdatabaseloginmodule.zip http://www.oracle.com/technetwork/developer-tools/jdev/index-089689.html. I have added the DBLoginModule.jar to my application. post written by Frank Nimphius and Duncan Mills
  I have configured the jps config under the application resources with these entries.
  <jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd">
  <property value="true" name="custom.provider"/>
  <property value="doasprivileged" name="oracle.security.jps.jaas.mode"/>
  <serviceInstance name="CustomFFMLoginModule"
  provider="jaas.login.provider">
  <property name="jaas.login.controlFlag" value="REQUIRED"/>
  <property name="log.level" value="FINEST"/>
  <property name="debug" value="true"/>
  <property name="addAllRoles" value="true"/>
  <property name="loginModuleClassName"
  value="oracle.sample.dbloginmodule.DBTableLM.ALSDBTableLoginModule"/>
  <property value="jdbc/ApplicationDBDS" name="data_source_name"/>
  </serviceInstance>
  <jpsContexts default="FFMSecurityDAM">
  <jpsContext name="FFMSecurityDAM">
  <serviceInstanceRef ref="CustomFFMLoginModule"/>
  <serviceInstanceRef ref="credstore"/>
  <serviceInstanceRef ref="anonymous"/>
  <serviceInstanceRef ref="policystore.xml"/>
  </jpsContext>
  When I run the application this custom login is not getting invoked.
  I even tried to add these contents to DefaultDomain\config\fmwconfig\jps-config.xml still no result.
  Can anyone who has configured custom login module direct me how to correct my application.

  Hi Frank,
  After following the documentation suggested. I am able to create custom authenticator. But when I login I getting the below exception. When I debugged login method returned true. But this error is being thrown after that. Any clue.
  java.lang.IllegalArgumentException: [Security:097531]Method com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principals) was unable to sign a principal
       at com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(PrincipalValidationServiceImpl.java:188)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
       at $Proxy10.sign(Unknown Source)
       at weblogic.security.service.internal.WLSIdentityServiceImpl.getIdentityFromSubject(WLSIdentityServiceImpl.java:63)
       at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:119)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
       at $Proxy16.login(Unknown Source)
       at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:91)
       at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
       at $Proxy34.authenticate(Unknown Source)
       at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
       at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
       at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:237)
       at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:186)
       at weblogic.servlet.security.internal.FormSecurityModule.processJSecurityCheck(FormSecurityModule.java:254)
       at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:209)
       at weblogic.servlet.security.internal.FormSecurityModule.checkAccess(FormSecurityModule.java:92)
       at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:82)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2204)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

• Login Module Stack of EP

  Hi guys,
  I am in the process to setup HeaderVariable Authentication for accessing to EP and have a some questions.
  1) What Login Module Stack needs to be adjusted to use the HeaderVariableLoginModule? SAP J2EE Root or Ticket or ....
  2) Are changes in the policy configurations (adding logon module) applied immediately or is a J2EE restart required?
  Thanks,
  Mario.

  Thank you Paul.
  I've found on my own also to question 1. I have to modify the Login Module stack of template "tiket" as following:
    1) EvaluateTicketLoginModule SUFFICIENT
    2) HeaderVariableLoginModule OPTIONAL     Header=REMOTE_USER
    3) CreateTickeLoginModule    SUFFICIENT
    4) BasicPasswordLoginModule  REQUISITE
    5) CreateTicketLoginModule   OPTIONAL
  Now I'd like to know if is it possible to test the header variable login configuration without using any external web server but connect directly to Enerprise Portal.
  When I try to connect directly to the Enerprise Portal using the URL
     http://<server>:<port>/irj/portal?REMOTE_USER=<userID>
  i'm not able to log into the system, but i'm redirected to the login page.
  If I type in userID and password, portal doesn't authenticate the user.
  Is the External Web Server mandatory for the Header Variable Login Module configuration?
  Thanks in advance,
  Mario.

• I adjusted the login module, but it does not work.

  I Adjust the Login Module Stacks according to the
  http://help.sap.com/saphelp_nw04/helpdata/en/aa/bf503e1dac5b46e10000000a114084/content.htm
  I adjusted the Hello Application provided by the SAP J2EE Server, I remove all the login modules, I hope there is no login page displaying when I access to the Hello page again. But it does not work. The login page always appears.
    Was I wrong to understand it?
  Any reply is appreciated.

  1. I finished configuration for Login module.
     2. And the document say, the last step is to make
  sure the login modules take effort when the application
  is accessed, using the Application Tracing Servie to
  restart the affected application.
     But, I have not found the Application Tracing Service
  to restart the affected application.
     I think it is why it does not work.
     Hope your your any recommendations and Points must be
  rewarded.

• JDEV deployment of web app with custom JAAS login module fails

  For the first time, I am trying to implement a custom JAAS login module.
  JDEV deployment to standalone OC4J only fails when my orion-application.xml is included. The deployment fails with a java.lang.InstantiationException.
  This what I have done:
  1) Wrote a custom LoginModule called com.whirlpoool.sjtc.jaas.gpa.LDAPLoginModule.
  2) Put it and its dependent classes in a jar named sjtcjaas.jar.
  3) Put the jar in $ORACLE_HOME\j2ee\home\lib
  4) Changed library_path in $ORACLE_HOME\j2ee\home\config\application.xml to
  <library path="../../home/lib/scheduler.jar;../../home/lib/sjtcjaas.jar" />
  5) Added an orion-application.xml to the JDEV project. (I used an Oracle How-to as a pattern, see below.)
  I think I'm close but no cigar, yet. Any help would be appreciated.
  Regards,
  Al Malin
  =============== orion-application.xml ========================================
  <?xml version="1.0"?>
  <orion-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd" deployment-version="10.1.3.0.0" default-data-source="jdbc/OracleDS" schema-major-version="10" schema-minor-version="0" >
  <security-role-mapping name="sr_manager">
  <group name="managers" />
  </security-role-mapping>
  <security-role-mapping name="sr_developer">
  <group name="developers" />
  </security-role-mapping>
  <log>
  <file path="application.log" />
  </log>
  <!-- Configuring a Login Module in an Application EAR file. -->
  <jazn-loginconfig>
  <application>
  <name>customjaas</name>
  <login-modules>
  <login-module>
  <class>com.whirlpoool.sjtc.jaas.gpa.LDAPLoginModule</class>
  <control-flag>required</control-flag>
  <options>
  <option>
  <name>debug</name>
  <value>true</value>
  </option>
  </options>
  </login-module>
  </login-modules>
  </application>
  </jazn-loginconfig>
  </orion-application>

  Starting OC4J from c:\oc4j\j2ee\home ...
  2006-09-07 13:45:28.484 NOTIFICATION JMS Router is initiating ...
  06/09/07 13:45:29 Oracle Containers for J2EE 10g (10.1.3.0.0) initialized
  2006-09-07 13:45:58.609 NOTIFICATION Application Deployer for aam STARTS.
  2006-09-07 13:45:58.640 NOTIFICATION Copy the archive to C:\oc4j\j2ee\home\applications\aam.ear
  2006-09-07 13:45:58.656 NOTIFICATION Initialize C:\oc4j\j2ee\home\applications\aam.ear begins...
  2006-09-07 13:45:58.656 NOTIFICATION Auto-unpacking C:\oc4j\j2ee\home\applications\aam.ear...
  2006-09-07 13:45:58.687 NOTIFICATION Unpacking aam.ear
  2006-09-07 13:45:58.687 NOTIFICATION Unjar C:\oc4j\j2ee\home\applications\aam.ear in C:\oc4j\j2ee\home\applications\aam
  2006-09-07 13:45:58.750 NOTIFICATION Done unpacking aam.ear
  2006-09-07 13:45:58.750 NOTIFICATION Finished auto-unpacking C:\oc4j\j2ee\home\applications\aam.ear
  2006-09-07 13:45:58.750 NOTIFICATION Auto-unpacking C:\oc4j\j2ee\home\applications\aam\aam.war...
  2006-09-07 13:45:58.750 NOTIFICATION Unpacking aam.war
  2006-09-07 13:45:58.765 NOTIFICATION Unjar C:\oc4j\j2ee\home\applications\aam\aam.war in C:\oc4j\j2ee\home\applications\aam\aam
  2006-09-07 13:45:58.765 NOTIFICATION Done unpacking aam.war
  2006-09-07 13:45:58.765 NOTIFICATION Finished auto-unpacking C:\oc4j\j2ee\home\applications\aam\aam.war
  2006-09-07 13:45:58.812 NOTIFICATION Initialize C:\oc4j\j2ee\home\applications\aam.ear ends...
  2006-09-07 13:45:58.828 NOTIFICATION Starting application : aam
  2006-09-07 13:45:58.828 NOTIFICATION Initializing ClassLoader(s)
  2006-09-07 13:45:58.828 NOTIFICATION Initializing EJB container
  2006-09-07 13:45:58.828 NOTIFICATION Loading connector(s)
  2006-09-07 13:45:58.843 NOTIFICATION application : aam is in failed state
  06/09/07 13:45:58 WARNING: Application.setConfig Application: aam is in failed state as initialization failedjava.lang.InstantiationException
  Sep 7, 2006 1:45:58 PM com.evermind.server.Application setConfig
  WARNING: Application: aam is in failed state as initialization failedjava.lang.InstantiationException
  06/09/07 13:45:58 oracle.oc4j.admin.internal.DeployerException: java.lang.InstantiationException
  06/09/07 13:45:58 at oracle.oc4j.admin.internal.ApplicationDeployer.addApplication(ApplicationDeployer.java:510)
  06/09/07 13:45:58 at oracle.oc4j.admin.internal.ApplicationDeployer.doDeploy(ApplicationDeployer.java:191)
  06/09/07 13:45:58 at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:93)
  06/09/07 13:45:58 at oracle.oc4j.admin.jmx.server.mbeans.deploy.OC4JDeployerRunnable.doRun(OC4JDeployerRunnable.java:52)
  06/09/07 13:45:58 at oracle.oc4j.admin.jmx.server.mbeans.deploy.DeployerRunnable.run(DeployerRunnable.java:81)
  06/09/07 13:45:58 at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:814)
  06/09/07 13:45:58 at java.lang.Thread.run(Thread.java:595)
  06/09/07 13:45:58 Caused by: java.lang.InstantiationException
  06/09/07 13:45:58 at com.evermind.server.ApplicationStateRunning.initDataSources(ApplicationStateRunning.java:1424)
  06/09/07 13:45:58 at com.evermind.server.ApplicationStateRunning.initializeApplication(ApplicationStateRunning.java:195)
  06/09/07 13:45:58 at com.evermind.server.Application.setConfig(Application.java:391)
  06/09/07 13:45:58 at com.evermind.server.Application.setConfig(Application.java:308)
  06/09/07 13:45:58 at com.evermind.server.ApplicationServer.addApplication(ApplicationServer.java:1771)
  06/09/07 13:45:58 at oracle.oc4j.admin.internal.ApplicationDeployer.addApplication(ApplicationDeployer.java:507)
  06/09/07 13:45:58 ... 6 more
  2006-09-07 13:45:58.890 NOTIFICATION Application Deployer for aam FAILED.
  2006-09-07 13:45:58.890 NOTIFICATION Application UnDeployer for aam STARTS.
  2006-09-07 13:45:58.906 NOTIFICATION Removing all web binding(s) for application aam from all web site(s)
  2006-09-07 13:45:59.015 NOTIFICATION Application UnDeployer for aam COMPLETES.
  06/09/07 13:45:59 WARNING: DeployerRunnable.run java.lang.InstantiationExceptionoracle.oc4j.admin.internal.DeployerException: java.lang.InstantiationException
  at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:126)
  at oracle.oc4j.admin.jmx.server.mbeans.deploy.OC4JDeployerRunnable.doRun(OC4JDeployerRunnable.java:52)
  at oracle.oc4j.admin.jmx.server.mbeans.deploy.DeployerRunnable.run(DeployerRunnable.java:81)
  at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:814)
  at java.lang.Thread.run(Thread.java:595)
  Caused by: java.lang.InstantiationException
  at com.evermind.server.ApplicationStateRunning.initDataSources(ApplicationStateRunning.java:1424)
  at com.evermind.server.ApplicationStateRunning.initializeApplication(ApplicationStateRunning.java:195)
  at com.evermind.server.Application.setConfig(Application.java:391)
  at com.evermind.server.Application.setConfig(Application.java:308)
  at com.evermind.server.ApplicationServer.addApplication(ApplicationServer.java:1771)
  at oracle.oc4j.admin.internal.ApplicationDeployer.addApplication(ApplicationDeployer.java:507)
  at oracle.oc4j.admin.internal.ApplicationDeployer.doDeploy(ApplicationDeployer.java:191)
  at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:93)
  ... 4 more
  2006-09-07 13:45:59.031 WARNING java.lang.InstantiationException

• Custom Login Module that should check only userId with out passwd

  Hi All,
  Can we write a custom login module which should  check  user name in the HTTPHeader and let the user login if the user id exists in the userstore(Active Directory Server).
  It should not validate with the passwd, as the requesting server sends only the user id in the HTtp Header.
  Is it possible to do this ?if so can anyone give me some inouts. I know how to configure cutom login module. But i am not sure with out validating th epasswd we can let the user log in through custom login module.
  can anyone send me sample code.
  Thanks a lot
  Lakshmi

  Hi Lakshmi,
  What describe the real issue you are trying to solve?
  Regards
  -Venkat Malempati

• Custom Login Module - all modules ignored

  Hello,
  we created a custom login module and deployed it as library to the server. We than configured the login module as described in the SAP manual:
  http://help.sap.com/saphelp_nw70/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/frameset.htm
  First we had a little problem with the library path. The security log has a nice overview what login stack and what modules where called, for our module it stated u201CCannot load login module class u2026.u201D
  After reading the forum, we found that our login module path was wrong, we only added the class name as described in the tutorial. Correct was to use the library name from Visual Admin.
  But now, if we call the portal, the security log is just empty. It seems no stack and no module is called at all. If we remove our custom module from the ticket stack, everything is fine and we get an entry in the security log with the ticket stack and all remaining modules.
  If we add the custom login module to the stack again and enter username and password we get an error message that all modules are ignored.
  Does anybody know this error and maybe what to do?
  Best regards,
  Kai

  Hi Kai,
  have you solved your problem?
  Currently we are facing a similar Problem.
  We have a custom login module. I deployed everything like in the tutorial. There should be no Problem with the login module itself, as it is an exact copy of a working one. Class names are the same. The only difference is in package names, project names, library names. I adjusted the classloader to the new library and also adjusted the classname in the user store where the login module is configured.The login module is part of the "ticket" authentication stack.
  When we want to log on to the portal, we get an error like "all modules ignored".
  Maybe you have found a solution which is also suitable for our problem.
  Thanks
  Regards
  Pascal

• Login Module Options - How know which I can use?

  Hello dear reader
  I'm currently trying to develop a custom login module based on the Tutorial for NW '04 (https://websmp101.sap-ag.de/~sapidb/011000358700003517632004E.PDF).
  In this tutorial on page 23 the author configures the Login-Module-Options as follows:
  Name: "user_name_prefix"
  Value: "Administrator"
  This information can also be found in the java implementation of the tutorial where it checks if the "user_name_prefix" starts with "userName".
  My question is:
  How do I know what options I can access in my UserStore?
  For example, I want to verify if the Email of the specified user ends with "@example.org" or if the user is assigned to the role "example_role".
  How do I do this? How can I look this up? Where do I have to set this up?
  Hope these are solvable questions and I hope, too, that this is not too noobie or to case-specific (like you'll say: "hmm, depends..."
  Regards
  Michael

  I found it.
  using configtool you can find it in a file called dataSourceConfiguration_xxxx.xml
  or you browse through the portal; since I use a german portal I can only guess the english translations:
  system administration - system configuration - UME configuration - first tab "datasource"
  here you can download the file whoch contains the mappings between your data source and the UME.
  regards

• Unable to specify web application Login Module

  HI all,
  i have the following problem with JDev11Tech Preview R2:
  I have jazn login module which i specify under the Tools -> Embedded OC4J preferences -> Authentication -> Login Configuration
  The login module data is filled into the system-jazn-data.xml under the:
  \jdevstudio1111_TechnPreview2\system11.1.1.0.20.46.84\o.j2ee\embedded-oc4j\config:
  <jazn-loginconfig>
  <application>
  <name>Insis</name>
  <login-modules>
  <login-module>
  <class>com.fadata.insis.security.InsisLoginModule</class>
  <control-flag>required</control-flag>
  <options>
  <option>
  <name>debug</name>
  <value>false</value>
  </option>
  </options>
  </login-module>
  </login-modules>
  </application>
  </jazn-loginconfig>
  But when i try to obtain the LoginContext i receive an exception
  "No LoginModules configured for Insis"
  I have that configuration working in JDev 10.1.3
  Thank you very much in advance!
  Krasimir

  Krasimir,
  in JDeveloper 11 the LoginModule is no longer configured in system-jazn-data.xml but in jps-config.xml (which also has a different format for creating it). So you can look at the jps-config.xml and figure it out yourself or wait for us to document how it works (which is a how-to I am planning to write but with very low priority for now).
  Frank

• Problems with custom login module/authscheme in Portal iViews

  Hi,
  In our portal users must login with their username and password ("ticket" login module stack) to access most of the content. For some of the iViews containing confidential data we would like to ask the users some personal questions before giving them access.
  I followed all the steps described in the [official documentation |http://help.sap.com/saphelp_nw04s/helpdata/en/8c/f03541c6afd92be10000000a1550b0/content.htm]:
  - created a custom login module
  - added it to a custom login module stack
  - added a custom authscheme in the authschemes.xml file
  - assigned the iView to this authscheme
  I also create a PortalComponent that reads the user entries and calls my login module (JSP not shown):
  public void doContent(IPortalComponentRequest request, IPortalComponentResponse response)     {          
      HttpServletRequest req = request.getServletRequest();
      HttpServletResponse resp = request.getServletResponse(false);
      ILogonAuthentication ila = UMFactory.getLogonAuthenticator();
      Subject subject = ila.logon(req, resp, "myauthscheme");
      // if authenticated what to do next??
  Now when I try to access the protected iView, I see my screen to answer the questions, I press submit and my login module is called. But, I never get redirected to the iView I'm supposed to go. So I still have two questions:
  1) Which login modules should be in the login module stack? Should I include the BasicPasswordLoginModule?
  For the moment I have:
  EvaluateTicketLoginModule (SUFFICIENT)
  MyCustomLoginModule (REQUISITE)
  CreateTicketLoginModule (OPTIONAL)
  2) How can I be redirected to the protected iView after the user is being authenticated? Is it the portal framework who is responsible to navigate there automatically? Or is it in my own code after the logon() call? In that case how can I retrieve the destination URL?
  Thanks,
  Martin

  I'm using the version 10.1.3.0.4 (SU5).
  The error is:
  06/09/28 18:09:05 WARNING: Application.setConfig Application: current-workspace-app is in failed state as initialization failedjava.lang.InstantiationException
  28/09/2006 18:09:05 com.evermind.server.Application setConfig
  WARNING: Application: current-workspace-app is in failed state as initialization failedjava.lang.InstantiationException
  2006-09-28 18:09:05.390 WARNING J2EE 0JR0013 Exception initializing deployed application: current-workspace-app. null
  My JAAS-oc4j-app content is:
  <log>
  <file path="JAAS-oc4j-app.log" xmlns=""/>
  </log>
  <jazn provider="XML" location="JAAS-jazn-data.xml">
  <property name="role.mapping.dynamic" value="true"/>
  <property name="custom.loginmodule.provider" value="true"/>
  <property name="jaas.username.simple" value="true"/>
  </jazn>
  <data-sources path="JAAS-data-sources.xml"/>
  Thanks for reply.