Custom Login Module, SSO Ticket validity & Login Module Stack

Hi everybody,
we have a portal (running on jboss) which links to a J2EE web application (running on SAP WAS 6.40) which itself is protected by a custom login module and redirects to different WebDynpro applications (running on same WAS as the J2EE app) depending on some parameters.
So when we go from the portal to the J2EE web application, the custom login module authenticates the user, creates a MYSAPSSO2 Cookie and then redirects to a webdynpro app.
What happens is that the webdynpro app doesn't accept the cookie and redirects to the login mask.
Looking at the request header parameter HOST we have the request coming from sub1.sub2.mycompany.com, which is the portal.
The WAS is located on sub3.mycompany.com.
If we manipulate the HOST parameter to sub2.mycompany.com everything works fine and the webdynpro app successfully authenticates the user.
This does sound either like a domain relaxing issue or a multi domain issue, which we added as parameters to the CreateTicketLoginModule in the Login Module Stack for the J2EE web app.
Unfortunately without result.
Did anybody have a similar problem and can give some hints on how to solve this?
Any help is appreciated
Regards,
md
Edited by: Minh-Duc Truong on Jul 17, 2008 7:18 PM
Edited by: Minh-Duc Truong on Jul 17, 2008 7:19 PM
Edited by: Julius Bussche on Jul 18, 2008 7:25 PM

Hi md,
I have split your 2nd question into a seperate thread => That would make them easier to answer as well, which will help.
You can find it here: Custom Login Module, LM Stack ignored
Cheers,
Julius
Edited by: Julius Bussche on Jul 18, 2008 7:26 PM

Similar Messages

A failure occured while importing Java SSO ticket certificate in ABAP stack Exception : FOREIGN_ENQUEUE_LOCK

Dear All,
We have completed the fresh installation of Soman7.1.
Now , We are doing the "Configuration of the Solman" and we are in the Step "Basic configuration ".
SID: SMI
Hostname: Solmantrg
Solman version: 7.1
The SSO Setup is failing with below error.
Message :
A failure occured while connecting to ABAP stack on solmantrg.thetimes.co.in sys=01 client=001 user=null. Details : 'user' missing
Details of the Log
Found SID for SSO ACL entry : SMI
Found login.ticket_client for SSO ACL entry : 000
The Read entry permission on TicketKeystore/SAPLogonTicketKeypair-cert was given to sap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar
The TicketKeystore/SAPLogonTicketKeypair-cert was succesfully read (619 bytes)
ABAP SSO ticket certificate of SMI was imported in ABAP PSE of solmantrg.thetimes.co.in (client 001)
The ABAP SSO ticket certificate was successfully imported in ABAP System PSE, and the ACL updated accordingly (SID=SMI LoginTicketClient=001)
A failure occured while importing Java SSO ticket certificate in ABAP stack
!! Exception : FOREIGN_ENQUEUE_LOCK(Abap cause=SOLMAN_ADMINE_TABLEE)
The ABAP instance profile contains the parameter : login/accept_sso2_ticket=1
The SSO ticket Certificate <CN=SMI> has been successfully imported into Java Keystore
The com.sap.security.core.server.jaas.EvaluateTicketLoginModule already contained the entry : trustedsys=SMI, 001 trustediss=CN=SMI trusteddn=CN=SMI
The Authentication template for component sap.com/SQLTrace*OpenSQLMonitors was already set to ticket
The Authentication template for component sap.com/SQLTrace*SQLTrace was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*monitoring was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*sap_monitoring was already set to ticket
The Authentication template for component sap.com/com.sap.security.core.admin*useradmin was already set to ticket
The Authentication template for component sap.com/tc~webadministrator~solmandiag*smd was already set to ticket
The Authentication template for component sap.com/tc~smd~e2etraceupload*E2EClientTraceUploadW was already set to ticket
The com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule already contained the entry : trustedsys=SMI, 001 trustediss=CN=SMI trusteddn=CN=SMI
The Authentication template for component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1 has been set to evaluate_assertion_ticket
The Login Module BasicPasswordLoginModule was added to the security component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1
A failure occured while connecting to ABAP stack on solmantrg.thetimes.co.in sys=01 client=001 user=null
!! Exception : 'user' missing
The ABAP instance profile contains the parameter : login/create_sso2_ticket=2
Exception
com.sap.mw.jco.JCO$AbapException: (126) FOREIGN_ENQUEUE_LOCK: FOREIGN_ENQUEUE_LOCK
at com.sap.mw.jco.MiddlewareJRfc$Client.execute(MiddlewareJRfc.java:1512)
at com.sap.mw.jco.JCO$Client.execute(JCO.java:3937)
at com.sap.mw.jco.JCO$Client.execute(JCO.java:3570)
at com.sap.sup.admin.setup.AbapSysRfcAdapter.addTrustedIssuer(AbapSysRfcAdapter.java:276)
at com.sap.sup.admin.setup.AbapSysRfcAdapter.addTrustedIssuer(AbapSysRfcAdapter.java:249)
at com.sap.sup.admin.setup.ManagingServices.setupDualStackSSO(ManagingServices.java:752)
at com.sap.sup.admin.setup.SetupStep.runExec(SetupStep.java:564)
at com.sap.sup.admin.setup.SetupStep.execute(SetupStep.java:445)
at com.sap.smd.agent.plugins.remotesetup.SapInstance.setup(SapInstance.java:674)
at com.sap.sup.admin.setup.ws.SetupWrapper._diagSetup(SetupWrapper.java:279)
at com.sap.sup.admin.setup.ws.SetupWrapper.diagSetup(SetupWrapper.java:21)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:331)
at com.sap.engine.services.webservices.runtime.JavaClassImplementationContainer.invokeMethod(JavaClassImplementationContainer.java:76)
at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:174)
at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:81)
at com.sap.engine.services.webservices.runtime.servlet.ServletDispatcherImpl.doPost(ServletDispatcherImpl.java:90)
at SoapServlet.doPost(SoapServlet.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1060)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
========================
com.sap.mw.jco.JCO$Exception: (101) RFC_ERROR_PROGRAM: 'user' missing
at com.sap.mw.jco.MiddlewareJRfc.generateJCoException(MiddlewareJRfc.java:518)
at com.sap.mw.jco.MiddlewareJRfc$Client.connect(MiddlewareJRfc.java:1087)
at com.sap.mw.jco.JCO$Client.connect(JCO.java:3310)
at com.sap.sup.admin.setup.CommonServices.getJcoClient(CommonServices.java:773)
at com.sap.sup.admin.setup.CommonServices.getJcoClient(CommonServices.java:722)
at com.sap.sup.admin.setup.SolManRfcAdapter.getJ2eeSsoSettings(SolManRfcAdapter.java:649)
at com.sap.sup.admin.setup.ManagingServices.updateSSOfromURLrepository(ManagingServices.java:790)
at com.sap.sup.admin.setup.ManagingServices.setupDualStackSSO(ManagingServices.java:773)
at com.sap.sup.admin.setup.SetupStep.runExec(SetupStep.java:564)
at com.sap.sup.admin.setup.SetupStep.execute(SetupStep.java:445)
at com.sap.smd.agent.plugins.remotesetup.SapInstance.setup(SapInstance.java:674)
at com.sap.sup.admin.setup.ws.SetupWrapper._diagSetup(SetupWrapper.java:279)
at com.sap.sup.admin.setup.ws.SetupWrapper.diagSetup(SetupWrapper.java:21)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:331)
at com.sap.engine.services.webservices.runtime.JavaClassImplementationContainer.invokeMethod(JavaClassImplementationContainer.java:76)
at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:174)
at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:81)
at com.sap.engine.services.webservices.runtime.servlet.ServletDispatcherImpl.doPost(ServletDispatcherImpl.java:90)
at SoapServlet.doPost(SoapServlet.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1060)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
In strustsso2, cerficate date is valid only.
kindly help us to fix this SSO_Setup issue
Thanks and Regards,
Gayathri.K

Hi ,
Thanks for the above reply.
I have executed the Step 2.3 AND 2.4 and i started the SSO Setup again. Still i am getting below error
Message
A failure occured while importing Java SSO ticket certificate in ABAP stack
Details Of the Log
Found SID for SSO ACL entry : SMI
Found login.ticket_client for SSO ACL entry : 000
The Read entry permission on TicketKeystore/SAPLogonTicketKeypair-cert was given to sap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar
The TicketKeystore/SAPLogonTicketKeypair-cert was succesfully read (619 bytes)
ABAP SSO ticket certificate of SMI was imported in ABAP PSE of solmantrg (client 001)
The ABAP SSO ticket certificate was successfully imported in ABAP System PSE, and the ACL updated accordingly (SID=SMI LoginTicketClient=001)
A failure occured while importing Java SSO ticket certificate in ABAP stack
!! Exception : FOREIGN_ENQUEUE_LOCK(Abap cause=SOLMAN_ADMINE_TABLEE)
The ABAP instance profile contains the parameter : login/accept_sso2_ticket=1
The SSO ticket Certificate <CN=SMI> has been successfully imported into Java Keystore
The com.sap.security.core.server.jaas.EvaluateTicketLoginModule already contained the entry : trustedsys=SMI, 001 trustediss=CN=SMI trusteddn=CN=SMI
The Authentication template for component sap.com/SQLTrace*OpenSQLMonitors was already set to ticket
The Authentication template for component sap.com/SQLTrace*SQLTrace was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*monitoring was already set to ticket
The Authentication template for component sap.com/tc~monitoring~systeminfo*sap_monitoring was already set to ticket
The Authentication template for component sap.com/com.sap.security.core.admin*useradmin was already set to ticket
The Authentication template for component sap.com/tc~webadministrator~solmandiag*smd was already set to ticket
The Authentication template for component sap.com/tc~smd~e2etraceupload*E2EClientTraceUploadW was already set to ticket
The com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule already contained the entry : trustedsys=SMI, 001 trustediss=CN=SMI trusteddn=CN=SMI
The Authentication template for component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1 has been set to evaluate_assertion_ticket
The Login Module BasicPasswordLoginModule was added to the security component sap.com/tc~smd~EemAdminGateway*EemAdmin_Config1
The ABAP instance profile contains the parameter : login/create_sso2_ticket=2
Exception
com.sap.mw.jco.JCO$AbapException: (126) FOREIGN_ENQUEUE_LOCK: FOREIGN_ENQUEUE_LOCK
at com.sap.mw.jco.MiddlewareJRfc$Client.execute(MiddlewareJRfc.java:1512)
at com.sap.mw.jco.JCO$Client.execute(JCO.java:3937)
at com.sap.mw.jco.JCO$Client.execute(JCO.java:3570)
at com.sap.sup.admin.setup.AbapSysRfcAdapter.addTrustedIssuer(AbapSysRfcAdapter.java:276)
at com.sap.sup.admin.setup.AbapSysRfcAdapter.addTrustedIssuer(AbapSysRfcAdapter.java:249)
at com.sap.sup.admin.setup.ManagingServices.setupDualStackSSO(ManagingServices.java:752)
at com.sap.sup.admin.setup.SetupStep.runExec(SetupStep.java:564)
at com.sap.sup.admin.setup.SetupStep.execute(SetupStep.java:445)
at com.sap.smd.agent.plugins.remotesetup.SapInstance.setup(SapInstance.java:674)
at com.sap.sup.admin.setup.ws.SetupWrapper._diagSetup(SetupWrapper.java:279)
at com.sap.sup.admin.setup.ws.SetupWrapper.diagSetup(SetupWrapper.java:21)
at sun.reflect.GeneratedMethodAccessor2202.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:331)
at com.sap.engine.services.webservices.runtime.JavaClassImplementationContainer.invokeMethod(JavaClassImplementationContainer.java:76)
at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:174)
at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:81)
at com.sap.engine.services.webservices.runtime.servlet.ServletDispatcherImpl.doPost(ServletDispatcherImpl.java:90)
at SoapServlet.doPost(SoapServlet.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1060)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Also , i have checked the note # 1008474 Diagnostics Setup Wizard uses wrong ABAP client.
As mentioned in above note, i have checked in visual admin all settings are maintained correctly.
RFC destination WEBADMIN & SOLMANDIAG is also working fine.
please tel why i am getting Foreign Enquelock
Regards,
Gayathri.K

Custom login module and SSO using 10.1.3.3

We are using ADF 10.1.3.3 to build applications and recently a requirement from a customer was to use LDAP for authentication but use internal application tables for authorisation. So essentially the username and password will be in LDAP but all the roles definition are in the application. This is because the LDAP directory has tight controls on contents and is used enterprise wide.
I created a proof of concept to address this requirement using the examples at
http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
and also
http://technology.amis.nl/blog/1462/create-a-webapplication-secured-with-custom-jaas-database-loginmodule-deploy-on-jdeveloper-1013-embedded-oc4j-stand-alone-oc4j-and-opmn-managed-oc4j-10g-as
specifically using DBProcLoginModule to call a database package.
The PL/SQL package I created used DBMS_LDAP to call an LDAP directory with the username and password to check authentication and then used internal application tables to get the authorisation details required.
All this worked very well. I tested on both the embedded OC4J and also standalone OC4J.
Then one of my peers said will this work with SSO? Specifically we use Oracle OID as we have SSO for Forms and Reports.
My experience with SSO has been with Oracle OID and having all the user and role details stored within OID.
So my issue now is can I integrate the custom login module approach I have used with SSO? My knowledge of SSO and OID is limited so I'm not sure how (or if) it would interact with a custom login module. Are the two mutually exclusive?
Any guidance is appreciated.
Regards,
Adrian

Hi,
this question should be posted to the Oracle Application Server forum or the security forum. However, based on my findings and experience in this area, I don't think that SSO is integrated with custom LoginModules since the integration would need to be coded in the LoginModule.
Frank

Custom pluggable idm with custom login module

Hello All. I've developed a custom implementation of the pluggable identity management framework as explained in chapter 13 of the book "Oracle® Containers for J2EE Security Guide10g (10.1.3.1.0)". I have OAS 10.1.3.1.0.
Everything works fine except when the identity is validated with in the tokenAsserter. The process is supposed to continue with the login method implemented in my custom login module but instead the default oracle implementation (RealmLoginModule) is being executed.
The application is a servlet and is configured to use a custom loginModule. If I don't use de custom auth method (auth-method="CUSTOM_AUTH" in orion-application) my loginModule is called but when I plug it to my custom idm implementation it doesn't.
The custom idm is packed in to a jar containing the idm and the login module. The jar is deployed to the <ORACLE_HOME>/ext/lib directory.
Any suggestions? Thanks

Thanks for your answer, it really helps. I had already cheeked all that stuff and it was correct, but knowing that another person had made it worked the same way I was doing it, made me think I was doing it right and the problem may simpler. It really was. OC4J was really calling my login module all the time but it was getting a runtime exception, a very simple one, that was making OC4J to propagate the authentication to the default login module (RealmLoginModule), and that was the error I was watching in the logs that had me all confused.
I will start another thread though about stolen cookie in a SSO solution that I’m developing with this implementation.
Thank you.

How to get Custom Login Module to communicate with frontendtarget

We have created a custom login module and placed it in our login module stack.
So we have the following 3 Login Modules in our stack:
EvaluateTicketModule
OurCustomLoginModule
CreateTicketModule
Also we are using the standard SAP login screen for our frontendtarget, see our authschemes.xml entry:
<authscheme name="cglogon">
            <authentication-template>
                form
            </authentication-template>
            <priority>21</priority>
            <frontendtype>2</frontendtype>
            <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
        </authscheme>
Question:
There are standard screens in the SAP login PAR:
            changePasswordPage.jsp
            umLogonProblemPage.jsp
            umResetPasswordPage.jsp
How do I trigger one of these screens from my Login() method of my
custom login module? I thought if I throw some specific exception, these screens would
be called?

A bit more info.
We created a new Authentication Scheme for certain iviews that are deemed more "sensitive" that required a step-up authentication.
I changed the Iview property "Authentication Scheme" to our custom one.
If I navigate into one of these more sensitive Iviews, I get the standard SAP login screen: <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
Whis is what i expect.
I enter a username and password and click Logon button. I see that it successfully hits our custom login module and goes through Login(), and Commit() methods and finally displays the iview i originally requested.
However, on a failure, i want it to return focus to the SAP login screen with an error explaining why...(i.e. wrong password, account locked, etc.)
However, It always give iview runtime exception with Access Denied.
#1.5 #0018FE8C6FD800690000029000004D6C00045B6E5E7D6014#1226429496628#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Debug##Java###Login module {0} from authentication stack {1} does not authenticate the caller.#2#companyname.com.CGLoginModuleClass#form#
#1.5 #0018FE8C6FD800690000029100004D6C00045B6E5E7D6275#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule.abort()#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Plain###Entering method#
#1.5 #0018FE8C6FD800690000029200004D6C00045B6E5E7D6308#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Debug##Plain###Internal Login Module data has been reset.#
#1.5 #0018FE8C6FD800690000029300004D6C00045B6E5E7D6386#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Java###Exiting method with {0}#1#true#
#1.5 #0018FE8C6FD800690000029400004D6C00045B6E5E7D6438#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule.abort()#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Plain###Entering method#
#1.5 #0018FE8C6FD800690000029500004D6C00045B6E5E7D64B2#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Java###Exiting method with {0}#1#true#
#1.5 #0018FE8C6FD800690000029700004D6C00045B6E5E7D6750#1226429496630#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Info#1#/System/Security/Authentication#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: form
Login Module                                                               Flag        Initialize Login      Commit     Abort      Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT ok          exception             true       authscheme not sufficient: uidpwdlogon<cglogon
        \#1 ume.configuration.active = true
2. companyname.com.CGLoginModuleClass                                         REQUISITE   ok          exception             true       Authentication did not succeed.
3. com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok                                true
        \#1 ume.configuration.com = true#
#1.5 #0018FE8C6FD800690000029900004D6C00045B6E5E7DA973#1226429496647#System.err#sap.com/irj#System.err#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Plain###Nov 11, 2008 10:51:36...                    com.sap.portal.portal [SAPEngine_Application_Thread[impl:3]_24] Error: Exception ID:10:51_11/11/08_0002_176065950
#1.5 #0018FE8C6FD800690000029B00004D6C00045B6E5E7DCA91#1226429496647#com.sap.portal.portal#sap.com/irj#com.sap.portal.portal#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Error#1#/System/Server#Java###Exception ID:10:51_11/11/08_0002_176065950
[EXCEPTION]
{0}#1#com.sapportals.portal.prt.runtime.PortalRuntimeException: Access is denied: pcd:portal_content/com.companyname.portal.capitalgroup/com.companyname.com.security/com.companyname.portal.cghressnaaa/com.sap.pct.ess.employee_self_service/com.companyname.pg_sensitiveWebdynpro/com.cg.ivu_saplogon_0 - user: Guest
     at com.sapportals.portal.prt.deployment.DeploymentManager.getPropertyContentProvider(DeploymentManager.java:1936)
     at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.refresh(PortalComponentContextItem.java:230)
     at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.getContext(PortalComponentContextItem.java:312)
     at com.sapportals.portal.prt.component.PortalComponentRequest.getComponentContext(PortalComponentRequest.java:385)
     at com.sapportals.portal.prt.connection.PortalRequest.getRootContext(PortalRequest.java:435)
     at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:607)
     at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)
     at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:545)
and here's my login method...
     public boolean login() throws javax.security.auth.login.LoginException
          this.succeeded = false;
          String passwordString = "";
          if (callbackHandler == null)
               throw new LoginException("Error: no CallbackHandler available to garner authentication information from the user");
          HttpGetterCallback httpgettercallback = new HttpGetterCallback();
          NameCallback nc = new NameCallback("User:");
          PasswordCallback pc = new PasswordCallback("Password:", false);
          Callback[] callbacks = new Callback[] { nc, pc };
          try
               callbackHandler.handle(callbacks);
          catch (IOException e)
               throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
          catch (UnsupportedCallbackException e)
               return false;
          String userid = nc.getName();
          char[] password = pc.getPassword();
          pc.clearPassword();
          if (userid.length() == 0)
               throwNewLoginException("USERID IS MISSING!", LoginExceptionDetails.IO_EXCEPTION);
          else
               username = userid;
          if (password.length == 0)
               throwNewLoginException("PASSWORD IS MISSING!", LoginExceptionDetails.NO_PASSWORD);
          else
               passwordString = new String(password);
          String eccLoginResult = validateECCAuthentication(username, passwordString);
          if (!eccLoginResult.equals(""))
               myLoc.infoT(this.username + " - failed ECC authentication.");
               throwNewLoginException("Wrong UserId/Password", LoginExceptionDetails.WRONG_USERNAME_PASSWORD_COMBINATION);
          else
               myLoc.infoT(this.username + " - failed ECC authentication.");
               this.succeeded = true;
          if (this.succeeded)
               try
                    refreshUserInfo(this.username);
               catch (SecurityException e)
                    throwUserLoginException(e);
               if (sharedState.get(AbstractLoginModule.NAME) == null)
                    sharedState.put(AbstractLoginModule.NAME, this.username);
                    this.nameSet = true;
          else
               throwNewLoginException("Wrong UserId/Password", LoginExceptionDetails.WRONG_USERNAME_PASSWORD_COMBINATION);
          return this.succeeded;

Custom Login Module that should check only userId with out passwd

Hi All,
Can we write a custom login module which should check user name in the HTTPHeader and let the user login if the user id exists in the userstore(Active Directory Server).
It should not validate with the passwd, as the requesting server sends only the user id in the HTtp Header.
Is it possible to do this ?if so can anyone give me some inouts. I know how to configure cutom login module. But i am not sure with out validating th epasswd we can let the user log in through custom login module.
can anyone send me sample code.
Thanks a lot
Lakshmi

Hi Lakshmi,
What describe the real issue you are trying to solve?
Regards
-Venkat Malempati

Issues with OSSO ,custom login module and form based authentication

Hi:
We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
authentication and Custom login module.
Application is going in infinite loop when we we try to login using osso ,from the logs
what I got is looks like tha when we we try to login from OSSO application goes to the login
page and it gets the remote user from request so it forwards it to the home page till now
it is correct behaviour ,but after that It looks like home page find that authentication is
not done and sends it back to the login page and login page again sends it to the home as it
finds that remote user is not null.
Our web.xml form authentication entry looks like this :
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
</form-login-config>
</login-config>
While entry in orion-application.xml has the following entry for custom login :
<jazn provider="XML">
     <property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
</jazn>
Whether If I change the authentication type to BASIC and add the following line
in orion-application.xml will solve the issue :
<jazn provider="XML">
     <property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
<jazn-web-app auth-method="SSO" >
</jazn>
Any help regarding it will be appreciated .
Thanks
Anil

Hi:
We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
authentication and Custom login module.
Application is going in infinite loop when we we try to login using osso ,from the logs
what I got is looks like tha when we we try to login from OSSO application goes to the login
page and it gets the remote user from request so it forwards it to the home page till now
it is correct behaviour ,but after that It looks like home page find that authentication is
not done and sends it back to the login page and login page again sends it to the home as it
finds that remote user is not null.
Our web.xml form authentication entry looks like this :
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
</form-login-config>
</login-config>
While entry in orion-application.xml has the following entry for custom login :
<jazn provider="XML">
     <property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
</jazn>
Whether If I change the authentication type to BASIC and add the following line
in orion-application.xml will solve the issue :
<jazn provider="XML">
     <property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
<jazn-web-app auth-method="SSO" >
</jazn>
Any help regarding it will be appreciated .
Thanks
Anil

Custom login module - Not invoked...

Hi All
I have developed a custom login module and the necessary configuration steps in VA are performed. However, the custom login module is not called...
1. Developed a Java DC as a Child DC in a Library DC.
2. Added all the relevant jars needed as Used DC and Public Parts as required. Also updated the provider.xml with relevant references.
3. Build and Deployed. (No errors found here..)
4. In VA - Created a new Login Module.... updated the property LoginModuleClassLoaders to library:xyz where xyz is the name of the folder for deployed sda as found in cluster\j2ee\serverx\bin\ext...next updated the config tool for the same.... next modified the sap.com/irj*irj authentication as:
Basic - Requisite
CustomModule - Optional.
Then performed server restart. Yet, login module not called. Any ideas as to where I am going wrong..?? (In my login module, just trying to retrieve the user name and change their attributes like lastname etc... )
Thanks
Deepak

Issue solved....
Had forgot to add the module to the ticket stack...

Custom Login Module - ClassNotFound

Hello all
I developed a custom login module following the instructions I found here: http://help.sap.com/saphelp_nw04/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/frameset.htm
The general purpose of my module is to "filter" the username and look for (using the UMFactory) the corresponding uniqueUserID.
The problem is that my LoginModule cannot be loaded due to "ClassNotFound" Error which I see in the defaultTrace.
My steps were:
1. Create my LoginModuleImplementation
2. Create a Library as stated in the tutorial. Additionally I added some more references to the Library (Logging, webservices_lib) and successfully deplyed it to the J2EE-Server. I can see the file in one folder (...../j2ee/cluster/server0/bin/ext/MyModuleLib/MyModule.jar) so I think it's been correctly deployed.
3. I configured its usage in the securtiy provider-UserManagementPolicies and with security provider-policy-ticket.
4. I also ran the configtool to added it to the ClassLoader property there
I double- no, fourth-checked everything and it's spelled correctly and exactly (case-sensitive) as in NWDS.
So, do you have any idea please?
By the way: Do you know where I can set the Severity-Level for the LoginModul-Stack, so I get more informational messages?
Regards
Michael

Hi,
The problem was solved by using the name customer.com~com.customer.portal.login.IPRuleLibrary for the library (so basically look at the name of your library folder under cluster\j2ee\serverx\bin\ext , not the name reported by visual admin).
Also I was able to modify the properties of the login module runtime, which made me very happy
Dagfinn

Custom Login Module - all modules ignored

Hello,
we created a custom login module and deployed it as library to the server. We than configured the login module as described in the SAP manual:
http://help.sap.com/saphelp_nw70/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/frameset.htm
First we had a little problem with the library path. The security log has a nice overview what login stack and what modules where called, for our module it stated u201CCannot load login module class u2026.u201D
After reading the forum, we found that our login module path was wrong, we only added the class name as described in the tutorial. Correct was to use the library name from Visual Admin.
But now, if we call the portal, the security log is just empty. It seems no stack and no module is called at all. If we remove our custom module from the ticket stack, everything is fine and we get an entry in the security log with the ticket stack and all remaining modules.
If we add the custom login module to the stack again and enter username and password we get an error message that all modules are ignored.
Does anybody know this error and maybe what to do?
Best regards,
Kai

Hi Kai,
have you solved your problem?
Currently we are facing a similar Problem.
We have a custom login module. I deployed everything like in the tutorial. There should be no Problem with the login module itself, as it is an exact copy of a working one. Class names are the same. The only difference is in package names, project names, library names. I adjusted the classloader to the new library and also adjusted the classname in the user store where the login module is configured.The login module is part of the "ticket" authentication stack.
When we want to log on to the portal, we get an error like "all modules ignored".
Maybe you have found a solution which is also suitable for our problem.
Thanks
Regards
Pascal

What is so special about the "ticket" login module stack?

G'day,
I am observing some odd behaviour with login module stacks.
I have a custom login module that performs authentication using information in the HTTP servlet request. This custom login module does not require any interaction from the user. I want to use this custom login module when I authenticate to the portal.
By default, the portal uses an authentication scheme known as "uidpwdlogon", which uses the "ticket" login module stack, which is configured to perform basic password login. When I attempt to access the portal I am presented with a username/password page and I need to enter a username and password, hit the "submit" button, and access to the portal is granted.
So I replaced the BasicPasswordLoginModule entry in the "ticket" login module stack with my custom login module, and now access to the portal is granted automatically, as expected. There is no username/password page displayed.
But if I create a new login module stack that contains exactly the same modules as "ticket" login module stack, and modify the "uidpwdlogon" authentication scheme to use my new login module stack instead of the "ticket" login module stack, then something odd occurs: I am now presented with a username/password page again. I need to hit the "submit" button to navigate away from this page before the custom login module stack will process, which will then grant access to the portal.
If I change the "uidpwdlogon" authentication scheme back to use the "ticket" login module stack (which is exactly the same as the previous login module stack), then access to the portal is granted automatically without showing a username/password page.
So: if the (modified) "ticket" login module stack is used, there's no username/password page shown. If a copy of that login module stack is used, then a username/password page is shown.
What's going on here?

G'day,
Thanks for the reply.
The relevant parts of the authschemes.xml file are as follows:
        <authscheme name="uidpwdlogon">
            <authentication-template>myloginstack</authentication-template>
            <priority>21</priority>
            <frontendtype>2</frontendtype>
            <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
        </authscheme>
        <authscheme-ref name="default">
            <authscheme>uidpwdlogon</authscheme>
        </authscheme-ref>
        <authscheme-ref name="UserAdminScheme">
            <authscheme>uidpwdlogon</authscheme>
        </authscheme-ref>
Note that I have changed the uidpwdlogon element to use "myloginstack" instead of "ticket", and changed the priority from 20 to 21, as suggested (but it should be noted that the outcome is the same regardless of priority).
The "ticket" login module stack is defined as follows:
EvaulateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
MyLoginModule REQUISITE {...}
CreateTicketLoginModule OPTIONAL {ume.configuration.active=true}
and the "myloginstack" is defined identically as follows:
EvaulateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
MyLoginModule REQUISITE {...}
CreateTicketLoginModule OPTIONAL {ume.configuration.active=true}
When the "uidpwdlogon" authentication scheme is configured to use the "myloginstack" login module stack, the browser immediately opens up the normal username/password page. I wait for a few minutes (for logging reasons), then hit submit, and access to the portal is granted.
The log output for this is as follows:
Message : LOGIN.FAILED
User: N/A
Authentication Stack: myloginstack
Login Module                                                            Flag        Initialize Login      Commit     Abort      Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT ok          false                 true
MyLoginModule                                                           REQUISITE   ok          exception             true       Further authentication required from client
com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok                                true
Message : LOGIN.OK
User: testuser
Authentication Stack: myloginstack
Login Module                                                            Flag        Initialize Login      Commit     Abort      Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT ok          false      false
MyLoginModule                                                           REQUISITE   ok          true       true
com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok          true       true
Central Checks                                                                                true
There are two login stack events because the first login stack event asks the browser to pass along authentication data, which is processed in the second login stack event.
Also note that the time of the first login module event is a few minutes after the username/password page appears, suggesting that the portal is attempting to obtain information before it processes the login module stack.
If I change the "uidpwdlogon" authentication scheme to use the "ticket" login module stack, then no username/password page appears and the security log is essentially identical to that of "myloginstack":
Message : LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module                                                            Flag        Initialize Login      Commit     Abort      Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT ok          false                 true
MyLoginModule                                                           REQUISITE   ok          exception             true       Further authentication required from client
com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok                                true
Message : LOGIN.OK
User: testuser
Authentication Stack: ticket
Login Module                                                            Flag        Initialize Login      Commit     Abort      Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT ok          false      false
MyLoginModule                                                           REQUISITE   ok          true       true
com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok          true       true
Central Checks                                                                                true
I am creating the "myloginstack" login module stack using the Visual Administrator tool, by clicking the "Add" button for the "Policy Configurations" tab of the SecurityProvider service. Note that when I do this the entry for "myloginstack" gets a diamond icon, while the entry for "ticket" has a different icon (resembling a graph). I do not know what these different icons beside each policy configuration imply (is "ticket" different to "myloginstack" somehow?) nor how to create a new policy configuration that will have different icon.
I assume the username/password page is shown because the <frontendtarget> element in the "uidpwdlogon" authentication scheme is defined to use "com.sap.portal.runtime.logon.certlogon". Perhaps there is another value I can use here that displays nothing and redirects the browser directly to the portal?

Potential JavaSSO and Custom Login Module Bugs In Clustered Environment

We've been working with the custom login modules and JavaSSO and have found issues with deployment on 10.1.3.2 in a clustered environment. Deployment on a single server looks like it is working properly.
I'm wondering whether any one here has been using CLM with JavaSSO and have deployed in a clustered application server environment? I've posted in the past regarding this in the OC4J side, but never got a response, so I thought I'd try the experts here...
Here are some TARS that we've logged. Any help from the community would be appreciated.
6320304.994 JAVASSO JSSOUTIL.LOGOUT FUNCTION REDIRECT NOT WORKING ON CLUSTER
6365407.993 SETTING <distributable/> TAG IN WEB.XML CRASHES APPLICATION
6338664.992 JAVASSO LOGIN PAGE DOES NOT LOGIN USER BUT RELOADS LOGIN PAGE
Thanks!
Kenton

Hi Kenton,
Specifically, what were the issues that you ran into when clustering JavaSSO? Was it a problem only when combined with the Custom LM?
As long as the same CLM is configured for your app (I assume this is also clustered) and JavaSSO, that should be sufficient. Obviously, CLM need to be configured against the same user repository.
If the apps were on different hosts, did you remember to set the property "custom.sso.cookie.domain" to set the right domain name in the cookie? Otherwise, you will keep getting redirected to the login page.
http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/javasso.htm#BABJCGCB
-skt

Help with custom login module

i've been following franks' tutorial on how to use a custom login module. but no matter what i do, i cant get the jsp to authenticate my valid database account.
jazn-data.xml file

<name>scott</name>
<credentials>!tiger</credentials>
<jazn-loginconfig>
<application>
<name>foo</name>
<login-modules>
<login-module>
<class>oracle.sample.dbloginmodule.DBTableLM.DBSystemLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>debug</name>
<value>true</value>
</option>
<option>
<name>jdbcUrl</name>
<value>jdbc:oracle:thin:@localhost:1521:orcl</value>
</option>
<option>
<name>log_level</name>
<value>ALL</value>
</option>
</options>
</login-module>
</login-modules>
</application>
</jazn-loginconfig>
</jazn-data>
orion-application.xml
<jazn provider="XML" location="jazn-data.xml"
default-realm="jazn.com">
<property name="role.mapping.dynamic" value="true"/>
<property name="jaas.username.simple" value ="true" />
</jazn>
is there anything wrong with the settings?I've followed the tutorial to the last step. yet i cant get anything. Please help!

Sorry about the incomplete previous post:
I am trying to do the authentication using a customized login module in a stand alone OC4J server. I put some debug statements and found out that the authentication works but fails to authorize. I get the following error:
NOTIFICATION J2EE RMI-00005 Login permission not granted for myApp (testUser)
The only way I have been able to get this to work is to add the user 'testUser' in system-jazn-data.xml and specify that 'testUser' has the role 'USERS'. It's not practically possible to specify all the users in system-jazn-data.xml. Is there a workaround this? I have pasted below snippets of orion-application.xml and system-jazn-data.xml. Any help is greatly appreciated. Thanks in advance
I have specified the following in orion-application.xml
<namespace-access>
<read-access>
<namespace-resource root="">
<security-role-mapping>
<group name="USERS"/>
</security-role-mapping>
</namespace-resource>
</read-access>
<write-access>
<namespace-resource root="">
<security-role-mapping>
<group name="USERS"/>
</security-role-mapping>
</namespace-resource>
</write-access>
</namespace-access>
</orion-application>
In system-jazn-data.xml I have given permission for the role 'USERS' to login.
<grant>
<grantee>
<principals>
<principal>
<realm-name>jazn.com</realm-name>
<type>role</type>
<class>oracle.security.jazn.spi.xml.XMLRealmRole</class>
<name>jazn.com/USERS</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>com.evermind.server.rmi.RMIPermission</class>
<name>login</name>
</permission>
</permissions>
</grant>

Problems with custom login module/authscheme in Portal iViews

Hi,
In our portal users must login with their username and password ("ticket" login module stack) to access most of the content. For some of the iViews containing confidential data we would like to ask the users some personal questions before giving them access.
I followed all the steps described in the [official documentation |http://help.sap.com/saphelp_nw04s/helpdata/en/8c/f03541c6afd92be10000000a1550b0/content.htm]:
- created a custom login module
- added it to a custom login module stack
- added a custom authscheme in the authschemes.xml file
- assigned the iView to this authscheme
I also create a PortalComponent that reads the user entries and calls my login module (JSP not shown):
public void doContent(IPortalComponentRequest request, IPortalComponentResponse response)     {
    HttpServletRequest req = request.getServletRequest();
    HttpServletResponse resp = request.getServletResponse(false);
    ILogonAuthentication ila = UMFactory.getLogonAuthenticator();
    Subject subject = ila.logon(req, resp, "myauthscheme");
    // if authenticated what to do next??
Now when I try to access the protected iView, I see my screen to answer the questions, I press submit and my login module is called. But, I never get redirected to the iView I'm supposed to go. So I still have two questions:
1) Which login modules should be in the login module stack? Should I include the BasicPasswordLoginModule?
For the moment I have:
EvaluateTicketLoginModule (SUFFICIENT)
MyCustomLoginModule (REQUISITE)
CreateTicketLoginModule (OPTIONAL)
2) How can I be redirected to the protected iView after the user is being authenticated? Is it the portal framework who is responsible to navigate there automatically? Or is it in my own code after the logon() call? In that case how can I retrieve the destination URL?
Thanks,
Martin

I'm using the version 10.1.3.0.4 (SU5).
The error is:
06/09/28 18:09:05 WARNING: Application.setConfig Application: current-workspace-app is in failed state as initialization failedjava.lang.InstantiationException
28/09/2006 18:09:05 com.evermind.server.Application setConfig
WARNING: Application: current-workspace-app is in failed state as initialization failedjava.lang.InstantiationException
2006-09-28 18:09:05.390 WARNING J2EE 0JR0013 Exception initializing deployed application: current-workspace-app. null
My JAAS-oc4j-app content is:
<log>
<file path="JAAS-oc4j-app.log" xmlns=""/>
</log>
<jazn provider="XML" location="JAAS-jazn-data.xml">
<property name="role.mapping.dynamic" value="true"/>
<property name="custom.loginmodule.provider" value="true"/>
<property name="jaas.username.simple" value="true"/>
</jazn>
<data-sources path="JAAS-data-sources.xml"/>
Thanks for reply.

SOAP Web Service + Custom Login Module issue

Hi Guys,
We faced an authentication issue in our project. Could you please give any advice how the issue could be resolved.
Environment: A simple SOAP Web Service on top of POJO class created in a Web Application. The web application deployed to the SAP NetWeaver 7.10 Application Server in the Enterprise Application Archive.
Configuration:
      Single Service Administration Application(NetWeaver Administration -> SOA Management -> Application and Scenario Communication -> Single Service Administration)
       The web service endpoint has authentication configured to use User ID/Password HTTP Authentication.
    Authentication Application(NetWeaver Administration-> Configuration Management->Security->Authentication)
      The application(<vendorName>/<earName>*<vendor>~<webAppName>) has Authentication Stack configured to use our custom login module.
Issue: BasicPasswordLoginModule used by the J2EE when we are trying to execute the web service using Web Service Navigator(checked in debug mode). It seems that we missed something in configuration.
Idea: The main Idea is to use our custom login module when we are executing a web service.
Could you help me to resolve the issue.
Thanks,
Dmitry
Edited by: Dmitry Eidin on Jul 17, 2009 3:46 PM

> The web service endpoint has authentication configured to use User ID/Password HTTP Authentication.
That's the point.

Custom Login Module, SSO Ticket validity & Login Module Stack

Similar Messages

Maybe you are looking for