Content Player / Policy Configuration component login modules
Problem using Content Player u2013 HTTP 401 errors, not authorized
Because of security concerns, we have modified our login Policy Configuration component, u201Cticketu201D to no longer use the login module u201CBasicPasswordLoginModuleu201D. We use the login module u201CSAMLLoginModuleu201D instead and direct our users through our Shibboleth based identity provider.
We now are having a problem with the Content Player. We have configured it in http://<server>:<port>/lms/mediator/config with connection information including a username and password for both access to the ABAP system and the CMS user. We also have set SNC.
With the BasicPasswordLoginModule removed, we get HTTP 401 errors, not authorized. We see this in a pop-up window when we try to run a WBT course and we see it in the trace files.
When we put the BasicPasswordLoginModule back in place, we can access the course.
We are looking for a way to redirect the Content Player to a different Policy Configuration component that we can then allow to include the BasicPasswordLoginModule.
Is this possible?
Where is the configuration defined that directs the Content Player to use that default Policy Configuration component?
Can we change it to use a different Policy Configuration component?
Deb Nugent
It appears that we cannot (or should not) redirect the login module for the Content Player to something other than the "ticket" login method. Since we require Content Player, we re-added the BasicLoginPassword Module to the "ticket" method of logon. We knew this would allow Content Player to work. We are using other / additional security measures to ensure no one is directly accessing our systems with username/password.
Thank-you all.
Deb Nugent.
Similar Messages
-
Configure JAAS login module stack to support x.509 certificates without SSL
I want to use x.509 certificates for authentication against a EP 7.0 but I dont want to have SSL traffic on the network segment where the portal resides. Obviously the SSL must be terminated in an application gateway that sends the certificate to the portal in the header.
I know that AcceptClientCertWithoutSSL must be set to true in the http provider and that ClientCertificateHeaderName is the name of the header variable that contains the users certificate, default is SSL_CLIENT_CERT.
What I dont know is how to configure my JAAS login module stack, my suggestion would be this:
EvaluateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
ClientCertLoginModule OPTIONAL {Rule1.getUserFrom=SSL_CLIENT_CERT}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
BasicPasswordLoginModule REQUISITE {}
CertPersisterLoginModule OPTIONAL {Rule1.getUserFrom=SSL_CLIENT_CERT}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
My concern is does the ClientCertLoginModule and the CertPersisterLoginModule read from the header variable? If they dont, is there another login module that should be used in this case?Hi Claus,
you got the flags right but the options of the login modules (LM) are wrong, so the certificate authentication won't work.
There's two problems I see: (1) Rule1.getUserFrom is not a valid option for the LM CertPersisterLoginModule, and (2) SSL_CLIENT_CERT is not a valid value for the option Rule1.getUserFrom of the ClientCertLoginModule.
Looking at this topic:
http://help.sap.com/saphelp_nw2004s/helpdata/en/ea/301e3e6217b40be10000000a114084/content.htm
the header variable used to pass the certificate is maintained in the HTTP provider service properties but since you use the default you don't need to maintain that part of the config. You also don't need the CertPersisterLoginModule in the config because it is used for automatic certificate mapping, which doesn't work when you don't have SSL to the portal.
So with the above said your LM stack config should look like this:
EvaluateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
ClientCertLoginModule OPTIONAL {Rule1.getUserFrom=wholeCert}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
BasicPasswordLoginModule REQUISITE {}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
If this doesn't work I'd suggest opening a support ticket.
Regards,
Yonko -
Configuring PAM login modules with weblogic 6.1
I am trying to configure my own PAM login module to work on the same JVM as weblogic.
I have my own security policy that does not rely on weblogic however when trying
to login after creating a specific login context :
LoginContext loginContext = new LoginContext("XXLogin",subject,
callbackHandler);
loginContext.login();
The JVM tries to invoke weblogic's own internal server login module. It looks
for the callback the login module uses and then fails.
The same problem ocurrs at weblogic startup. Weblogic appears to overide the -Djava.security.auth.login.config=jaas.config
with their own login configuration file:WLHOME\lib\server.policy. Is this supposed
to be a standard PAM login configuration file or weblogic's own interpretation
of it ? (It is called a policy file which normally relates to grants and permissions
in JAVA). Anyway we modified this file to include our own login module under a
different AuthenticationConfigurationName. However weblogic attempted to use our
login module as well as their own. According to the jaas api when creating a login
context the application configuration name is specified however weblogic appears
to be ignoring this !! Also we have found that a PAM configuration file that we
had did not parse with weblogic, however it worked with the standard PAM configuration
file parser. This implies that weblogic does not use the standard parser. Any
help welcome !!Hi Parthasarathy,
Thanks for the pointer. Your suggestion was the first step to getting our Security
Model to be compatible with the WebLogic 6.1 model. As suggested I removed the
the default LoginModule (ServerLoginModule) from the Server.policy file and replaced
it with our Login Module. Then we defined JVM properties for the weblogic.management.password
property in the startweblogic command file to supply the authentication information
required by WebLogic.
The next problem that I encountered was that we use files in the jaas.jar for
Authorisation when I tried to access these files (e.g. javax.security.auth.Policy)
I got a sealing violation as the JVM had previously loaded other class files in
this package from the weblogic.jar (as weblogic uses these files for authorisation).
It was possible to get around this problem by putting the jaas.jar ahead of the
weblogic.jar in the classpath.
After this I just needed to set up permissions in the weblogic.policy file for
authorisation and we were there.
Regards
Paul
Parthasarathy Seshadri <[email protected]> wrote:
Please note from the documentation:
http://e-docs.bea.com/wls/docs61//security/prog.html#1039659
that WLS uses the default Login Module (weblogic.security.internal.ServerLoginModule)
to gather authentication informatino
during server initialization. To replace the default Login module, edit
the Server.policy file and replace the name of the
default Login module with the name of a custom Login module.
Please inform whether the above information is useful. Thank you.
Paul Petley wrote:
I am trying to configure my own PAM login module to work on the sameJVM as weblogic.
I have my own security policy that does not rely on weblogic howeverwhen trying
to login after creating a specific login context :
LoginContext loginContext = new LoginContext("XXLogin",subject,
callbackHandler);
loginContext.login();
The JVM tries to invoke weblogic's own internal server login module.It looks
for the callback the login module uses and then fails.
The same problem ocurrs at weblogic startup. Weblogic appears to overidethe -Djava.security.auth.login.config=jaas.config
with their own login configuration file:WLHOME\lib\server.policy. Isthis supposed
to be a standard PAM login configuration file or weblogic's own interpretation
of it ? (It is called a policy file which normally relates to grantsand permissions
in JAVA). Anyway we modified this file to include our own login moduleunder a
different AuthenticationConfigurationName. However weblogic attemptedto use our
login module as well as their own. According to the jaas api when creatinga login
context the application configuration name is specified however weblogicappears
to be ignoring this !! Also we have found that a PAM configurationfile that we
had did not parse with weblogic, however it worked with the standardPAM configuration
file parser. This implies that weblogic does not use the standard parser.Any
help welcome !!--
Developer Relations Engineer
BEA Support -
How to call custom Login Module from JSP
Hi,
I am stuck with the following issue:
1) Exactly as presented in help.sap.com (http://help.sap.com/saphelp_nw04/helpdata/en/3f/1be040e136742ae10000000a155106/content.htm) I created custom login module and deployed it as a library on J2EE server. When I configured it to be used for my applications in the Security provider but I am getting "No user name provided" exception everytime when my applications use this custom login module.
2) I realized that I would need to call my custom module somewhere within my application (simple JSP) using LoginContext class and then use MyLoginContext.login() spec to initiate login process. But I am not able to pass CallbackHandler parameters from JSP application to my custom login module.
So I have the following questions:
1. Can I pass parameters using LoginContext and CallbackHandler from JSP to my custom login module (created as exact copy of HELP.SAP.COM example) or this module cannot be used this way.
2. How to pass CallbackHandler correctly to my custom login module from JSP. When I am trying to use CallbackHandler, I am getting "Abstract Class cannot be called" error.
I'd appreciate any little help on this matter.
Thanks and regards,
MikeYou have two alternatives to do this:
You can declare your JSP as a protected resource with the use of the deployment descriptors of the application (web.xml) and add the custom login module in the authentication stack of the application. This way, you will use container-based authentication, i.e. the Web Container will enforce the authentication and it will call the custom login module before it dispatches to the JSP. I recommend you this approach because it requires less coding and it makes the whole thing a matter of configuration. The configuration can be later on enhanced or changed runtime without the need to re-build and re-deploy the application. If you choose this approach you can go to the documentation of the server for help on how to modify the login module stack of the application.
You can also use programmatic authentication by using JAAS API. To do this you need to create a custom security policy configuration with login module stack containing the custom login module, and then use the standard JAAS mechanism - new LoginContext(<configuration>, <callback-handler>).login(). This approach requires that you write your own callback handler and handle any LoginException.
Let us know which approach you prefer and whether you have difficulties implementing it! -
JAAS login module configuration in Oracle application server
I have a LDAP login module implementing javax.security.auth.spi.LoginModule. This login module works well with tomcat and weblogic, if I configure the JVM arguments -Djava.security.auth.login.config and -Djava.security.policy to pont to the login.conf and access.policy files. The login.conf file has the below content
FREEWAY_SERV
com.wipro.freeway.security.LdapLoginModule required debug=true portal=false;
FREEWAY_PORT
com.wipro.freeway.security.LdapLoginModule required debug=true portal=true;
The application uses these login modules by passing Name of the JAAS configuration (FREEWAY_SERV or FREEWAY_PORT).
I would like to use the same login modules and code in Oracle application sever 10.1.3 and I haven't got any success yet.
Could anybody please help me to get this right?
Thanks in advance.
Message was edited by:
vinayalvaHi,
in OracleAs bet is to use Enterprise Manager to configure the login module. The LoginModule needs to be configured in the system-jazn-data.xml file, which is located in teh j2ee/home/config directory of the OC4J you use. Enterprise Manager does this all for you.
In your application deployment the orion-application.xml file needs to specify that a custom LoginModule should be used. Again ENterprise Manager does it for you.
To use the LoginModule e.d. for J2EE authentication, just make sure that the application name of the J2EE deployment matches the name of the LoginModule configuration
If you want to use pure JAAS you may have to change the OC4J properties file in the j2ee/home/config directory. Best suggestion to give is to get the online documentation for OC4J security
Frank -
How to configure login modules for certificate logon
Hello,
perhaps someone of you has also tried to implement SSO via Client Certificates and is able to help me...
I have configured the login modules for rule based authentication with the option Rule1.getUserFrom = wholeCert and I have attached my certificate to my user in useradmin.
And also added the login module to the template ticket, as suggested by the documentation at help.sap.com
But when I logon to the portal or other application (for example useradmin) via https the authentication doesn't work (but I'm still able to logon via password).
I also tried auto. certifcate mapping and mapping by subject name but in every case the system ignores the configured login module. There are no errors in the log files.
Thank You,
FrankHi Frank,
did you configure the SSO for an individual policy configuration or did you edit and save the changes the ticket policy config? I ask, b/c if you applied the changes to the individual policy config then the SSO with certificates will be used <b>only</b> when you access the applications for that policy config.
You can also double check the login module flags - perhaps the authentication check doesn't reach the ClientCertLM at all.
Since you followed the help portal instruction I assume you've enabled strong crypto - it is required for client cert SSO. Ano easily committed mistake is to also not use the HTTPS port in the access URL.
Let me know if this helps...
Yonko -
Custom Login Module with Adf 11g and and weblogic server
I have configured adf security on my application. I have checked the authentication and authorization are working fine with the default authenticator.
I am trying to create a custom login module. I have downloaded the custom login module implementation jaasdatabaseloginmodule.zip http://www.oracle.com/technetwork/developer-tools/jdev/index-089689.html. I have added the DBLoginModule.jar to my application. post written by Frank Nimphius and Duncan Mills
I have configured the jps config under the application resources with these entries.
<jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd">
<property value="true" name="custom.provider"/>
<property value="doasprivileged" name="oracle.security.jps.jaas.mode"/>
<serviceInstance name="CustomFFMLoginModule"
provider="jaas.login.provider">
<property name="jaas.login.controlFlag" value="REQUIRED"/>
<property name="log.level" value="FINEST"/>
<property name="debug" value="true"/>
<property name="addAllRoles" value="true"/>
<property name="loginModuleClassName"
value="oracle.sample.dbloginmodule.DBTableLM.ALSDBTableLoginModule"/>
<property value="jdbc/ApplicationDBDS" name="data_source_name"/>
</serviceInstance>
<jpsContexts default="FFMSecurityDAM">
<jpsContext name="FFMSecurityDAM">
<serviceInstanceRef ref="CustomFFMLoginModule"/>
<serviceInstanceRef ref="credstore"/>
<serviceInstanceRef ref="anonymous"/>
<serviceInstanceRef ref="policystore.xml"/>
</jpsContext>
When I run the application this custom login is not getting invoked.
I even tried to add these contents to DefaultDomain\config\fmwconfig\jps-config.xml still no result.
Can anyone who has configured custom login module direct me how to correct my application.Hi Frank,
After following the documentation suggested. I am able to create custom authenticator. But when I login I getting the below exception. When I debugged login method returned true. But this error is being thrown after that. Any clue.
java.lang.IllegalArgumentException: [Security:097531]Method com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principals) was unable to sign a principal
at com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(PrincipalValidationServiceImpl.java:188)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy10.sign(Unknown Source)
at weblogic.security.service.internal.WLSIdentityServiceImpl.getIdentityFromSubject(WLSIdentityServiceImpl.java:63)
at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:119)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy16.login(Unknown Source)
at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:91)
at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy34.authenticate(Unknown Source)
at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:237)
at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:186)
at weblogic.servlet.security.internal.FormSecurityModule.processJSecurityCheck(FormSecurityModule.java:254)
at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:209)
at weblogic.servlet.security.internal.FormSecurityModule.checkAccess(FormSecurityModule.java:92)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:82)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2204)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) -
Hi guys,
I am in the process to setup HeaderVariable Authentication for accessing to EP and have a some questions.
1) What Login Module Stack needs to be adjusted to use the HeaderVariableLoginModule? SAP J2EE Root or Ticket or ....
2) Are changes in the policy configurations (adding logon module) applied immediately or is a J2EE restart required?
Thanks,
Mario.Thank you Paul.
I've found on my own also to question 1. I have to modify the Login Module stack of template "tiket" as following:
1) EvaluateTicketLoginModule SUFFICIENT
2) HeaderVariableLoginModule OPTIONAL Header=REMOTE_USER
3) CreateTickeLoginModule SUFFICIENT
4) BasicPasswordLoginModule REQUISITE
5) CreateTicketLoginModule OPTIONAL
Now I'd like to know if is it possible to test the header variable login configuration without using any external web server but connect directly to Enerprise Portal.
When I try to connect directly to the Enerprise Portal using the URL
http://<server>:<port>/irj/portal?REMOTE_USER=<userID>
i'm not able to log into the system, but i'm redirected to the login page.
If I type in userID and password, portal doesn't authenticate the user.
Is the External Web Server mandatory for the Header Variable Login Module configuration?
Thanks in advance,
Mario. -
I adjusted the login module, but it does not work.
I Adjust the Login Module Stacks according to the
http://help.sap.com/saphelp_nw04/helpdata/en/aa/bf503e1dac5b46e10000000a114084/content.htm
I adjusted the Hello Application provided by the SAP J2EE Server, I remove all the login modules, I hope there is no login page displaying when I access to the Hello page again. But it does not work. The login page always appears.
Was I wrong to understand it?
Any reply is appreciated.1. I finished configuration for Login module.
2. And the document say, the last step is to make
sure the login modules take effort when the application
is accessed, using the Application Tracing Servie to
restart the affected application.
But, I have not found the Application Tracing Service
to restart the affected application.
I think it is why it does not work.
Hope your your any recommendations and Points must be
rewarded. -
JDEV deployment of web app with custom JAAS login module fails
For the first time, I am trying to implement a custom JAAS login module.
JDEV deployment to standalone OC4J only fails when my orion-application.xml is included. The deployment fails with a java.lang.InstantiationException.
This what I have done:
1) Wrote a custom LoginModule called com.whirlpoool.sjtc.jaas.gpa.LDAPLoginModule.
2) Put it and its dependent classes in a jar named sjtcjaas.jar.
3) Put the jar in $ORACLE_HOME\j2ee\home\lib
4) Changed library_path in $ORACLE_HOME\j2ee\home\config\application.xml to
<library path="../../home/lib/scheduler.jar;../../home/lib/sjtcjaas.jar" />
5) Added an orion-application.xml to the JDEV project. (I used an Oracle How-to as a pattern, see below.)
I think I'm close but no cigar, yet. Any help would be appreciated.
Regards,
Al Malin
=============== orion-application.xml ========================================
<?xml version="1.0"?>
<orion-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd" deployment-version="10.1.3.0.0" default-data-source="jdbc/OracleDS" schema-major-version="10" schema-minor-version="0" >
<security-role-mapping name="sr_manager">
<group name="managers" />
</security-role-mapping>
<security-role-mapping name="sr_developer">
<group name="developers" />
</security-role-mapping>
<log>
<file path="application.log" />
</log>
<!-- Configuring a Login Module in an Application EAR file. -->
<jazn-loginconfig>
<application>
<name>customjaas</name>
<login-modules>
<login-module>
<class>com.whirlpoool.sjtc.jaas.gpa.LDAPLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>debug</name>
<value>true</value>
</option>
</options>
</login-module>
</login-modules>
</application>
</jazn-loginconfig>
</orion-application>Starting OC4J from c:\oc4j\j2ee\home ...
2006-09-07 13:45:28.484 NOTIFICATION JMS Router is initiating ...
06/09/07 13:45:29 Oracle Containers for J2EE 10g (10.1.3.0.0) initialized
2006-09-07 13:45:58.609 NOTIFICATION Application Deployer for aam STARTS.
2006-09-07 13:45:58.640 NOTIFICATION Copy the archive to C:\oc4j\j2ee\home\applications\aam.ear
2006-09-07 13:45:58.656 NOTIFICATION Initialize C:\oc4j\j2ee\home\applications\aam.ear begins...
2006-09-07 13:45:58.656 NOTIFICATION Auto-unpacking C:\oc4j\j2ee\home\applications\aam.ear...
2006-09-07 13:45:58.687 NOTIFICATION Unpacking aam.ear
2006-09-07 13:45:58.687 NOTIFICATION Unjar C:\oc4j\j2ee\home\applications\aam.ear in C:\oc4j\j2ee\home\applications\aam
2006-09-07 13:45:58.750 NOTIFICATION Done unpacking aam.ear
2006-09-07 13:45:58.750 NOTIFICATION Finished auto-unpacking C:\oc4j\j2ee\home\applications\aam.ear
2006-09-07 13:45:58.750 NOTIFICATION Auto-unpacking C:\oc4j\j2ee\home\applications\aam\aam.war...
2006-09-07 13:45:58.750 NOTIFICATION Unpacking aam.war
2006-09-07 13:45:58.765 NOTIFICATION Unjar C:\oc4j\j2ee\home\applications\aam\aam.war in C:\oc4j\j2ee\home\applications\aam\aam
2006-09-07 13:45:58.765 NOTIFICATION Done unpacking aam.war
2006-09-07 13:45:58.765 NOTIFICATION Finished auto-unpacking C:\oc4j\j2ee\home\applications\aam\aam.war
2006-09-07 13:45:58.812 NOTIFICATION Initialize C:\oc4j\j2ee\home\applications\aam.ear ends...
2006-09-07 13:45:58.828 NOTIFICATION Starting application : aam
2006-09-07 13:45:58.828 NOTIFICATION Initializing ClassLoader(s)
2006-09-07 13:45:58.828 NOTIFICATION Initializing EJB container
2006-09-07 13:45:58.828 NOTIFICATION Loading connector(s)
2006-09-07 13:45:58.843 NOTIFICATION application : aam is in failed state
06/09/07 13:45:58 WARNING: Application.setConfig Application: aam is in failed state as initialization failedjava.lang.InstantiationException
Sep 7, 2006 1:45:58 PM com.evermind.server.Application setConfig
WARNING: Application: aam is in failed state as initialization failedjava.lang.InstantiationException
06/09/07 13:45:58 oracle.oc4j.admin.internal.DeployerException: java.lang.InstantiationException
06/09/07 13:45:58 at oracle.oc4j.admin.internal.ApplicationDeployer.addApplication(ApplicationDeployer.java:510)
06/09/07 13:45:58 at oracle.oc4j.admin.internal.ApplicationDeployer.doDeploy(ApplicationDeployer.java:191)
06/09/07 13:45:58 at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:93)
06/09/07 13:45:58 at oracle.oc4j.admin.jmx.server.mbeans.deploy.OC4JDeployerRunnable.doRun(OC4JDeployerRunnable.java:52)
06/09/07 13:45:58 at oracle.oc4j.admin.jmx.server.mbeans.deploy.DeployerRunnable.run(DeployerRunnable.java:81)
06/09/07 13:45:58 at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:814)
06/09/07 13:45:58 at java.lang.Thread.run(Thread.java:595)
06/09/07 13:45:58 Caused by: java.lang.InstantiationException
06/09/07 13:45:58 at com.evermind.server.ApplicationStateRunning.initDataSources(ApplicationStateRunning.java:1424)
06/09/07 13:45:58 at com.evermind.server.ApplicationStateRunning.initializeApplication(ApplicationStateRunning.java:195)
06/09/07 13:45:58 at com.evermind.server.Application.setConfig(Application.java:391)
06/09/07 13:45:58 at com.evermind.server.Application.setConfig(Application.java:308)
06/09/07 13:45:58 at com.evermind.server.ApplicationServer.addApplication(ApplicationServer.java:1771)
06/09/07 13:45:58 at oracle.oc4j.admin.internal.ApplicationDeployer.addApplication(ApplicationDeployer.java:507)
06/09/07 13:45:58 ... 6 more
2006-09-07 13:45:58.890 NOTIFICATION Application Deployer for aam FAILED.
2006-09-07 13:45:58.890 NOTIFICATION Application UnDeployer for aam STARTS.
2006-09-07 13:45:58.906 NOTIFICATION Removing all web binding(s) for application aam from all web site(s)
2006-09-07 13:45:59.015 NOTIFICATION Application UnDeployer for aam COMPLETES.
06/09/07 13:45:59 WARNING: DeployerRunnable.run java.lang.InstantiationExceptionoracle.oc4j.admin.internal.DeployerException: java.lang.InstantiationException
at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:126)
at oracle.oc4j.admin.jmx.server.mbeans.deploy.OC4JDeployerRunnable.doRun(OC4JDeployerRunnable.java:52)
at oracle.oc4j.admin.jmx.server.mbeans.deploy.DeployerRunnable.run(DeployerRunnable.java:81)
at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:814)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.InstantiationException
at com.evermind.server.ApplicationStateRunning.initDataSources(ApplicationStateRunning.java:1424)
at com.evermind.server.ApplicationStateRunning.initializeApplication(ApplicationStateRunning.java:195)
at com.evermind.server.Application.setConfig(Application.java:391)
at com.evermind.server.Application.setConfig(Application.java:308)
at com.evermind.server.ApplicationServer.addApplication(ApplicationServer.java:1771)
at oracle.oc4j.admin.internal.ApplicationDeployer.addApplication(ApplicationDeployer.java:507)
at oracle.oc4j.admin.internal.ApplicationDeployer.doDeploy(ApplicationDeployer.java:191)
at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:93)
... 4 more
2006-09-07 13:45:59.031 WARNING java.lang.InstantiationException -
Custom Login Module that should check only userId with out passwd
Hi All,
Can we write a custom login module which should check user name in the HTTPHeader and let the user login if the user id exists in the userstore(Active Directory Server).
It should not validate with the passwd, as the requesting server sends only the user id in the HTtp Header.
Is it possible to do this ?if so can anyone give me some inouts. I know how to configure cutom login module. But i am not sure with out validating th epasswd we can let the user log in through custom login module.
can anyone send me sample code.
Thanks a lot
LakshmiHi Lakshmi,
What describe the real issue you are trying to solve?
Regards
-Venkat Malempati -
Custom Login Module - all modules ignored
Hello,
we created a custom login module and deployed it as library to the server. We than configured the login module as described in the SAP manual:
http://help.sap.com/saphelp_nw70/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/frameset.htm
First we had a little problem with the library path. The security log has a nice overview what login stack and what modules where called, for our module it stated u201CCannot load login module class u2026.u201D
After reading the forum, we found that our login module path was wrong, we only added the class name as described in the tutorial. Correct was to use the library name from Visual Admin.
But now, if we call the portal, the security log is just empty. It seems no stack and no module is called at all. If we remove our custom module from the ticket stack, everything is fine and we get an entry in the security log with the ticket stack and all remaining modules.
If we add the custom login module to the stack again and enter username and password we get an error message that all modules are ignored.
Does anybody know this error and maybe what to do?
Best regards,
KaiHi Kai,
have you solved your problem?
Currently we are facing a similar Problem.
We have a custom login module. I deployed everything like in the tutorial. There should be no Problem with the login module itself, as it is an exact copy of a working one. Class names are the same. The only difference is in package names, project names, library names. I adjusted the classloader to the new library and also adjusted the classname in the user store where the login module is configured.The login module is part of the "ticket" authentication stack.
When we want to log on to the portal, we get an error like "all modules ignored".
Maybe you have found a solution which is also suitable for our problem.
Thanks
Regards
Pascal -
Login Module Options - How know which I can use?
Hello dear reader
I'm currently trying to develop a custom login module based on the Tutorial for NW '04 (https://websmp101.sap-ag.de/~sapidb/011000358700003517632004E.PDF).
In this tutorial on page 23 the author configures the Login-Module-Options as follows:
Name: "user_name_prefix"
Value: "Administrator"
This information can also be found in the java implementation of the tutorial where it checks if the "user_name_prefix" starts with "userName".
My question is:
How do I know what options I can access in my UserStore?
For example, I want to verify if the Email of the specified user ends with "@example.org" or if the user is assigned to the role "example_role".
How do I do this? How can I look this up? Where do I have to set this up?
Hope these are solvable questions and I hope, too, that this is not too noobie or to case-specific (like you'll say: "hmm, depends..."
Regards
MichaelI found it.
using configtool you can find it in a file called dataSourceConfiguration_xxxx.xml
or you browse through the portal; since I use a german portal I can only guess the english translations:
system administration - system configuration - UME configuration - first tab "datasource"
here you can download the file whoch contains the mappings between your data source and the UME.
regards -
Unable to specify web application Login Module
HI all,
i have the following problem with JDev11Tech Preview R2:
I have jazn login module which i specify under the Tools -> Embedded OC4J preferences -> Authentication -> Login Configuration
The login module data is filled into the system-jazn-data.xml under the:
\jdevstudio1111_TechnPreview2\system11.1.1.0.20.46.84\o.j2ee\embedded-oc4j\config:
<jazn-loginconfig>
<application>
<name>Insis</name>
<login-modules>
<login-module>
<class>com.fadata.insis.security.InsisLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>debug</name>
<value>false</value>
</option>
</options>
</login-module>
</login-modules>
</application>
</jazn-loginconfig>
But when i try to obtain the LoginContext i receive an exception
"No LoginModules configured for Insis"
I have that configuration working in JDev 10.1.3
Thank you very much in advance!
KrasimirKrasimir,
in JDeveloper 11 the LoginModule is no longer configured in system-jazn-data.xml but in jps-config.xml (which also has a different format for creating it). So you can look at the jps-config.xml and figure it out yourself or wait for us to document how it works (which is a how-to I am planning to write but with very low priority for now).
Frank -
Problems with custom login module/authscheme in Portal iViews
Hi,
In our portal users must login with their username and password ("ticket" login module stack) to access most of the content. For some of the iViews containing confidential data we would like to ask the users some personal questions before giving them access.
I followed all the steps described in the [official documentation |http://help.sap.com/saphelp_nw04s/helpdata/en/8c/f03541c6afd92be10000000a1550b0/content.htm]:
- created a custom login module
- added it to a custom login module stack
- added a custom authscheme in the authschemes.xml file
- assigned the iView to this authscheme
I also create a PortalComponent that reads the user entries and calls my login module (JSP not shown):
public void doContent(IPortalComponentRequest request, IPortalComponentResponse response) {
HttpServletRequest req = request.getServletRequest();
HttpServletResponse resp = request.getServletResponse(false);
ILogonAuthentication ila = UMFactory.getLogonAuthenticator();
Subject subject = ila.logon(req, resp, "myauthscheme");
// if authenticated what to do next??
Now when I try to access the protected iView, I see my screen to answer the questions, I press submit and my login module is called. But, I never get redirected to the iView I'm supposed to go. So I still have two questions:
1) Which login modules should be in the login module stack? Should I include the BasicPasswordLoginModule?
For the moment I have:
EvaluateTicketLoginModule (SUFFICIENT)
MyCustomLoginModule (REQUISITE)
CreateTicketLoginModule (OPTIONAL)
2) How can I be redirected to the protected iView after the user is being authenticated? Is it the portal framework who is responsible to navigate there automatically? Or is it in my own code after the logon() call? In that case how can I retrieve the destination URL?
Thanks,
MartinI'm using the version 10.1.3.0.4 (SU5).
The error is:
06/09/28 18:09:05 WARNING: Application.setConfig Application: current-workspace-app is in failed state as initialization failedjava.lang.InstantiationException
28/09/2006 18:09:05 com.evermind.server.Application setConfig
WARNING: Application: current-workspace-app is in failed state as initialization failedjava.lang.InstantiationException
2006-09-28 18:09:05.390 WARNING J2EE 0JR0013 Exception initializing deployed application: current-workspace-app. null
My JAAS-oc4j-app content is:
<log>
<file path="JAAS-oc4j-app.log" xmlns=""/>
</log>
<jazn provider="XML" location="JAAS-jazn-data.xml">
<property name="role.mapping.dynamic" value="true"/>
<property name="custom.loginmodule.provider" value="true"/>
<property name="jaas.username.simple" value="true"/>
</jazn>
<data-sources path="JAAS-data-sources.xml"/>
Thanks for reply.
Maybe you are looking for
-
Switch from MySQL to MS SQL Server, Query not working
I'm sure there is a simple setting somewhere for this, but cannot seem to find it and really would appreciate some assistance. Have an application which uses JDBC to connect to a MySQL DB to run the following query without an issue: SELECT * FROM use
-
(macpro13" 2.7GHz) I have a rocketfish HDMI adapter connected to a 42 inch plasma panasonic and it is not displaying any video or audio (does display blue screen as if properly connecting). attempted to play music and got occasional pops. Why is it n
-
Compare two structures dynamically.
Hi, How to compare two structures dynamically. Thanks, Ram.
-
I installed CS4 on my new Vista 64bit computer. I had it operating and now it will not open up in either 32 to 64 bit. Bridge will open up but CS4. Also it will not open up .cr2 files. It will open DNG's. Will I need to reinstall CS4? Any other cure?
-
How long does this usually take to install?
My photoshop has been taking a very long time and I wanted to make sure that I was doing it correctly.