Custom login question

Similar Messages

• Questions about a custom login page.

  Could someone give me an example of a custom login page that does the error checking with
  p_error_code. I can't seem to get one to work correctly. I don't ever get any info in
  p_error_code when there is an error in login.
  You can email me the code at [email protected] if you would prefer.
  Thanks.
  Bethany

  Bethany,
  The best place for this question is the Orac le9ias Portal Security and Login Server forum.
  Thanks

• 11g Discoverer - Custom Login and private workbooks questions

  I would like to know if anyone has experience with the following issues.
  It appears that you could configure a custom login for Discoverer Plus/Viewer (users are authenticated via a custom application > provide a link within the custom application to launch Discoverer Plus > Discoverer Plus authenticate with the database as a generic single/service oracle username for a given EUL).
  My questions:
  1. Since we authenticate users in our application, could we just pass generic user information to allow a Discoverer Plus login via a URL (without the generic password being exposed to the user)?
  2. If a custom login works using a generic discoverer database username, how could you pass a unique user identifier so that a user could create and save their own workbooks privately?
  Essentially, we would like to authenticate the Discoverer Plus session via our own application (since the user is already authenticated within our application). And, we would like the Discoverer Plus database session to be generic so we do not require unique database accounts for every end-user. However, we also want the generic Discoverer Plus "session user" to be able to save private workbooks (possibly using sys_context('USERENV', 'CLIENT_IDENTIFIER')).
  Thanks for any insight

  Hi,
  1. Since we authenticate users in our application, could we just pass generic user information to allow a Discoverer Plus login via a URL (without the generic password being exposed to the user)?You can use an HTTP post to send a Discoverer URL that contains both the username and password, so this should allow you to connect ot a generic user.
  2. If a custom login works using a generic discoverer database username, how could you pass a unique user identifier so that a user could create and save their own workbooks privately?I don't think you can do this without using Oracle SSO. I workaround you could explore is for your Discoverer URL to run an initialisation workbook, which takes an encrypted username as a parameter and if this is OK the workbook sets the database environment using PL/SQL and DBMS_SESSION package. The user would then always see the results of the initialisation workbook when they connected which could just show a welcome message.
  Rod West

• Customer login session tracking questions

  Hi,
  I work for a research support group at a university. We have a mixed platform environment. The nature of the services we provide requires that we bill for time spent on out compute devices.
  There are a couple of questions in this posting. The fundamental one though is -- for 10.4 and higher Macs running on Intel and non-Intel hardware what is the "best" solution to track login sessions for our customers? A session has to include the concepts of logging in and out from the console or remote (ssh) access to the machine(s).
  I am interested in Apple native and third party or open source solutions. I need to track/log that customer-X logged in to machine-M at dateTime-T and logged out at dateTime-T'. I also need to know if the machine was (re)booted or had some other action occur that would impact a customer login session.
  So the main question is, are there existing customer session tracking solutions?
  I have an existing home grown (non-Intel) solution that works well on non-Intel macs and other *nix boxes. It is a daemon that reads accumulated, rotated wtmp files and then "hangs" on the current wtmp file waiting for and processing session records as they arrive.
  This worked like a champ until we installed our first Intel Mac. I re-compiled the C code that uses the utmp.h include files and structs to get at the info but it silently fails. I received some advice on changing my make file and am currently using:
  # Mac OS
  CC = gcc -Wall -g
  CFLAGS = -I/usr/include/mysql -isysroot \
  /Developer/SDKs/MacOSX10.4u.sdk -arch ppc -arch i386 \
  -framework CoreServices
  LDFLAGS = -L/usr/lib/mysql -lmysqlclient -lz \
  -Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk \
  -arch ppc -arch i386
  PLATFORM = osx
  wtmp_parser: wtmp_parser.c
  ${CC} ${CFLAGS} -o $@ $? ${LDFLAGS}
  /bin/mv $@ $@.${PLATFORM}
  Again, this compiles without error but silently fails. I don't know anything about compiling on any Macs, much less these new ones. Ideas are greatly appreciated.
  Lastly, I have started reworking the whole setup and may move it all to perl. Here I can read the wtmp files easily using unpack() even on the Intel Macs. I can daemonize the thing but I'm stumbling a bit on one issue.
  I have noticed in the past that there can be a sort of race condition during the wtmp rotation on some machines where the active wtmp gets rotated but the old logging still writes one or two records to the rotated file before switching to the new one. I was starting to look into a programmatic solution for this when I looked at the rotated wtmp files on this one machine and I see file dates of:
  Dec 5 15:29 wtmp
  Oct 1 01:47 wtmp.0.gz
  Aug 29 16:05 wtmp.1.gz
  Aug 1 05:29 wtmp.2.gz
  Jul 31 18:26 wtmp.3.gz
  May 31 2007 wtmp.4.gz
  Okee... I know there is a /etc/monthly script that should be doing the rotation but it looks like it is not doing what I expect. It seems that it is not rotating all the existing files correctly. Ideas?

  I am done. Sorry for bothering

• Jdev 10.1.3.1 "ADF Security": Application without a custom login page?

  Hi,
  We are trying to develop an application using "ADF security", which means we can give permissions to certain roles based on "Binding Container", "Iterator Binding", "Method Action Binding" and "Attribute-level Binding".
  After reading the document -- "Oracle® Containers for J2EE Security Guide 10g (10.1.3.1.0) B28957-01" that Frank pointed out. We have a question:
  Can we develop an ADF application without creating a custom login page? Right now we've followed the security guide and modified the configuration files. But when we run the application, we get the "user null" error message. The reason is clear because we do not have a login page. On the security guide, it says that it is possible to use the oracle default login module. But it does not say how. Does anyone have any idea?
  Thanks,
  Annie

  Brenden,
  Thank you so much for the reply. This is our code in the web.xml:
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>default</realm-name>
  </login-config>
  We are using HTTP basic Authentication. This technique worked for the container-managed security. The browser default login page pops up when the end users try to log into a secured JSP. But here we want to use "ADF security" to set up "Iterator binding" and "Attribute level binding" security. The browser default login page does NOT show up. Instead we get the "user null" error message.
  If you have detailed step on how to select HTTP Basic Authentication, it would be very helpful to us. Or if you know any document has the detail.
  regards,
  Annie

• How to get the Trusted Identity Login Page with the needed parameters to make custom login screen instead of sharepoint Login Page?

  hi guys
  i have configured trusted identity provider for my public facing internet portal, but i dont want to use the login screen
  since i have about 10 site collection which will use this authentication.
  is there a class or property that gives me the url ready with the parameters like "wa" and "wtrealm" and the redirect url based on the place the user click the link from.

  You can create your own login page and specify the URL for it in the authentication provider settings of a Web Application or Zone.  So the easiest way to do what you want would be to extend your existing Web Application to a new Zone, change the login
  Page url to point to use your custom zone, and tell users to use the url of that zone to login with the custom provider you have built.
  If you want a single zone then you will need to modify a copy of the login page you display above and have it redirect to a custom login page for your identity provider if the pick the correct entry in the dropdown.
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• Custom Login screen - Yammer app webpart not working

  Hi Team,
  I have created windows login  website and configured Yammer . it is working fine.
  But I have created another website with custom login screen and If i check Yammer Feed app webpart nothing is opening.for few browsers got exception like "401 : unauthorized access".
  I have placed custom log in page in "_layouts" folder.
  I am new to sharepoint 2013 and Yammer. kindly let me know in details what is the problem and root cause and solution.
  Otjherwise is there any chance to create a custom webpart using Yammer API ? If so where I can find it ? what are the root Dll's and root classes to implement it.
  Regards,
  Rajesh

  Hi,
  According to your description, my understanding is that when you access the Yammer Feed app, it occur "401:unauthorized access" .
  If this error occurs in few browsers, it could be related to browser settings.  The Yammer Feed app requires the user has third party cookies enabled in their browsers.
  Here are some similar threads about the solution for this issue:
  http://stackoverflow.com/questions/23248749/yammer-embed-feed-works-in-ie-and-firefox-but-not-in-chrome-gives-401-unauthori
  http://stackoverflow.com/questions/27383175/http-401-error-for-every-yammer-rest-api-call-for-a-given-network
  About how to use Yammer API to create custom web part, here are some detailed articles for your reference:
  https://samlman.wordpress.com/2015/03/02/using-the-yammer-api-in-a-net-client-application/
  http://pythonhosted.org/yampy/api.html
  https://github.com/yammer/yam
  Thanks
  Best Regards
  Jerry Guo
  TechNet Community Support

• How to call custom Login Module from JSP

  Hi,
  I am stuck with the following issue:
  1) Exactly as presented in help.sap.com (http://help.sap.com/saphelp_nw04/helpdata/en/3f/1be040e136742ae10000000a155106/content.htm) I created custom login module and deployed it as a library on J2EE server. When I configured it to be used for my applications in the Security provider but I am getting "No user name provided" exception everytime when my applications use this custom login module.
  2) I realized that I would need to call my custom module somewhere within my application (simple JSP) using LoginContext class and then use MyLoginContext.login() spec to initiate login process. But I am not able to pass CallbackHandler parameters from JSP application to my custom login module.
  So I have the following questions:
  1. Can I pass parameters using LoginContext and CallbackHandler from JSP to my custom login module (created as exact copy of HELP.SAP.COM example) or this module cannot be used this way.
  2. How to pass CallbackHandler correctly to my custom login module from JSP. When I am trying to use CallbackHandler, I am getting "Abstract Class cannot be called" error.
  I'd appreciate any little help on this matter.
  Thanks and regards,
  Mike

  You have two alternatives to do this:
  You can declare your JSP as a protected resource with the use of the deployment descriptors of the application (web.xml) and add the custom login module in the authentication stack of the application. This way, you will use container-based authentication, i.e. the Web Container will enforce the authentication and it will call the custom login module before it dispatches to the JSP. I recommend you this approach because it requires less coding and it makes the whole thing a matter of configuration. The configuration can be later on enhanced or changed runtime without the need to re-build and re-deploy the application. If you choose this approach you can go to the documentation of the server for help on how to modify the login module stack of the application.
  You can also use programmatic authentication by using JAAS API. To do this you need to create a custom security policy configuration with login module stack containing the custom login module, and then use the standard JAAS mechanism - new LoginContext(<configuration>, <callback-handler>).login(). This approach requires that you write your own callback handler and handle any LoginException.
  Let us know which approach you prefer and whether you have difficulties implementing it!

• Custom Login Module - Commit Method return TRUE always?

  Hi,
  I am creating a custom login module for my portal authentication.
  For the login module, should the commit() method always return TRUE?
  The example code on help.sap.com indicates yes to this question.
  However, the JAVA Sun standard indicates that commit should return FALSE if the preceding login method returned FALSE.
  Does the SAP example stray from the SUN standard?  How should I code the commit() method such that it works (Always TRUE, or follow lead of login() method)?
  Regards,
  Kevin

  Hi Kevin,
  I'm actually working with this document: <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/events/webinars/jaas%20login%20module%20development%20on%20webas%20java%20640.pdf#search=%22classloader%20sda%20jar%20reference%22">JAAS Login Modules</a>.
  There is also example code. If it should be ignored they return false, otherwise true (page 32).
  Regards,
  Marcus
  Message was edited by: Marcus Freiheit

• J2EE 6.40 Custom Login Module - how to config

  hello all,
  i am using WAS J2EE 6.40 Sneak Preview edition. Read all i can find about custom login module, in the forum and the online help. still confused. pls help.
  here is the background info:
  - i am writing a web app. the EAR file contains 5 ejbs, 1 war and bunch of java classes in jars.
  - access to my web app is protected through url pattern (in web.xml), i've defined the same named security role in web.xml and on j2ee engine.
  - my login module does the user name and password checking. both are stored in database through some other means.
  - login is FORM based
  following the discussion in another thread on the topic, i did the following:
  #1 develop my login module code. packaged it in a jar, then sda file. deploy the sda as a llibrary to the engine.
  #2 add my login module to the security store through the security provider service.
  #3 configure my web app to use the custom login module in web-j2ee-engine.xml
  #4 deploy my web app through the ear file
  at this point, in the visual administrator, i can see the library, the custom login module (added to the UME User Store), and also my web app has authentication set to use the custom login module (under policy configurations tab).
  now i try to login to my web app. it correctly complains when i enter non-existent user or wrong password and brings me to the login failed jsp page. but when i enter both correctly (as stored in my database), i get http 403 error code. i know it is 403 because i set that error code to a special jsp page in web.xml.
  question is why? now i create a user on the j2ee engine with the same name as in my user database. then i can login ok. i am confident that my login module is called since i see the println lines in j2ee engine server logs.
  ??? so i must be missing something obvious. is it because my web app is protected through security-role? i even tried removing all such roles, but still same problem.
  ??? or do i completely mis-understand how custom login modules are supposed to work. i thought it means i can authenticate users any way i want without having to use the j2ee engine's user mgmt. pls tell me if i am totally wrong.
  ??? or maybe my login module code is missing some key stmts. how should it tell the j2ee engine that a user is authenticated? in the login() method, it returns true if user name/passwd match. in the commit() method, it adds the principal to the subject. i don't what else is required.
  does anyone have a working scenario using custom login modules?
  thanks very much for your inputs and thoughts.
  wentao

  Hi Astrid,
  I guess I have the same understanding of JAAS as you. I want to deploy an application that internally makes use of JAAS to authenticate users. There is a LoginModule that authenticates users against some database tables containing all the user data and profile. The application was not designed to be deployed to NetWeaver. So it does not make use of UME or some other NetWeaver specific feature. Actually it handles user management and authoroization issues completely on its own. The only reason for having JAAS is to allow customers to plug in their own LoginModule to use some other kind of user store.
  When deploying the web application to a simple servlet engine like Tomcat, all I have to do is to register my LoginModule in the "jaas.conf" file that is parsed by JAAS default implementation. I also tell the JVM where my jaas.conf file is located by appending a "-Djava..." runtime parameter to the JVM startup script.
  When using other application servers like IBM WebSphere things become a bit different. Normally you use the administration GUI of that server to configure your LoginModules. WebSphere for example keeps the login configuration in an internal database rather than writing everything into a "jaas.conf" text file. But the way the application can use the LoginModule is the same as in Tomcat.
  But when it comes to Netweaver, it seems to me that it's not possible to define a LoginModule that your application can use WITHOUT having to couple it tightly to UME. Or did I get something wrong? Initially I've tried to modify the JVM's parameters (using SAP J2EE Config Tool) to include the location of my "jaas.conf" file containing the my login configuration. But that did not work. The parameter was really passed to the JVM but anyway my LoginModule was not found, I guess that NetWeaver has some own implementation of the JAAS interfaces that just ignore the plain text JAAS configuration files (like WebSphere also does).
  The documentation that I have downloaded from SDN doesn't seem to match the 6.4 sneak preview version that I just downloaded some days ago. They say you should deploy your LoginModule as a library and add a refernce to the application. I tried that out but it did not help. The login configuration that the application wants to access is still not found. Actually there seems to be no way to specify the name for a JAAS Login Configuration in NetWeaver. At least I cound not find that in the documentation.
  So basically my question is: is it possible to deploy an application that wants to use some own LoginModule (either deployed separately or together with the application, that does not matter) without making use of Netweaver specific features like UME? The application has its own user management infrastructure and just needs a way to setup a JAAS Login Configuration to access its own LoginModule.
  Thanks in advance
  Henning

• Problem with role mapping in custom login module

  Hi all,
  I have developed custom login modules. They don't use the default user store but own data tables holding the necessary user information.
  Login works fine. But there is one big problem: Only those users that exist with the same user-id in the default user store get roles assigned to it. Whicht leads to 403-errors in my web application.
  Now, this is weired because a user with id 'Susi' has completely different passwords in my custom tables and in the user store, therefore it shouldn't be possible to authenticate 'Susi' against the default user management.
  Next thing is, I don't use the default login modules at all. So why does the application validates against the user store?
  I thought a source of the  problem might be that I don't set the roles correctly. I set the roles as a principal to the subject. I have chosen the role based mapping  in the web-engine.xml and mapped all my custom roles to the server role 'guests'.
  Could anybody think of a solution to this problem ?
  Thanks,  Astrid

  Astrid,
  Sorry to go off-topic on your post...but I have a question in relation to how you deploy your login module. Do you deploy the login module with your application ? I've developed a login module that I would like to deploy by itself, I currently deploy it with the calculator example and it works fine like this, but I need to deploy it by itself. Any tips you can give would be greatly appreciated.
  I've tried to use the deploytool and deploy the module as a library...but I get a "cannot  load a login module" in the logs when authenticating a user.

• How to get Custom Login Module to communicate with frontendtarget

  We have created a custom login module and placed it in our login module stack.
  So we have the following 3 Login Modules in our stack:
  EvaluateTicketModule
  OurCustomLoginModule
  CreateTicketModule
  Also we are using the standard SAP login screen for our frontendtarget, see our authschemes.xml entry:
  <authscheme name="cglogon">
              <authentication-template>
                  form
              </authentication-template>
              <priority>21</priority>
              <frontendtype>2</frontendtype>
              <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
          </authscheme>
  Question:
  There are standard screens in the SAP login PAR:
              changePasswordPage.jsp
              umLogonProblemPage.jsp
              umResetPasswordPage.jsp
  How do I trigger one of these screens from my Login() method of my
  custom login module?  I thought if I throw some specific exception, these screens would
  be called?

  A bit more info. 
  We created a new Authentication Scheme for certain iviews that are deemed more "sensitive" that required a step-up authentication. 
  I changed the Iview property "Authentication Scheme" to our custom one.
  If I navigate into one of these more sensitive Iviews, I get the standard SAP login screen: <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
  Whis is what i expect.
  I enter a username and password and click Logon button.  I see that it successfully hits our custom login module and goes through Login(), and Commit() methods and finally displays the iview i originally requested.
  However, on a failure, i want it to return focus to the SAP login screen with an error explaining why...(i.e. wrong password, account locked, etc.)
  However, It always give iview runtime exception with Access Denied.
  #1.5 #0018FE8C6FD800690000029000004D6C00045B6E5E7D6014#1226429496628#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Debug##Java###Login module {0} from authentication stack {1} does not authenticate the caller.#2#companyname.com.CGLoginModuleClass#form#
  #1.5 #0018FE8C6FD800690000029100004D6C00045B6E5E7D6275#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule.abort()#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Plain###Entering method#
  #1.5 #0018FE8C6FD800690000029200004D6C00045B6E5E7D6308#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Debug##Plain###Internal Login Module data has been reset.#
  #1.5 #0018FE8C6FD800690000029300004D6C00045B6E5E7D6386#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Java###Exiting method with {0}#1#true#
  #1.5 #0018FE8C6FD800690000029400004D6C00045B6E5E7D6438#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule.abort()#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Plain###Entering method#
  #1.5 #0018FE8C6FD800690000029500004D6C00045B6E5E7D64B2#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Java###Exiting method with {0}#1#true#
  #1.5 #0018FE8C6FD800690000029700004D6C00045B6E5E7D6750#1226429496630#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Info#1#/System/Security/Authentication#Plain###LOGIN.FAILED
  User: N/A
  Authentication Stack: form
  Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
  1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          exception             true       authscheme not sufficient: uidpwdlogon<cglogon
          \#1 ume.configuration.active = true
  2. companyname.com.CGLoginModuleClass                                         REQUISITE   ok          exception             true       Authentication did not succeed.
  3. com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok                                true      
          \#1 ume.configuration.com = true#
  #1.5 #0018FE8C6FD800690000029900004D6C00045B6E5E7DA973#1226429496647#System.err#sap.com/irj#System.err#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Plain###Nov 11, 2008 10:51:36...                    com.sap.portal.portal [SAPEngine_Application_Thread[impl:3]_24] Error: Exception ID:10:51_11/11/08_0002_176065950
  #1.5 #0018FE8C6FD800690000029B00004D6C00045B6E5E7DCA91#1226429496647#com.sap.portal.portal#sap.com/irj#com.sap.portal.portal#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Error#1#/System/Server#Java###Exception ID:10:51_11/11/08_0002_176065950
  [EXCEPTION]
  {0}#1#com.sapportals.portal.prt.runtime.PortalRuntimeException: Access is denied: pcd:portal_content/com.companyname.portal.capitalgroup/com.companyname.com.security/com.companyname.portal.cghressnaaa/com.sap.pct.ess.employee_self_service/com.companyname.pg_sensitiveWebdynpro/com.cg.ivu_saplogon_0 - user: Guest
       at com.sapportals.portal.prt.deployment.DeploymentManager.getPropertyContentProvider(DeploymentManager.java:1936)
       at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.refresh(PortalComponentContextItem.java:230)
       at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.getContext(PortalComponentContextItem.java:312)
       at com.sapportals.portal.prt.component.PortalComponentRequest.getComponentContext(PortalComponentRequest.java:385)
       at com.sapportals.portal.prt.connection.PortalRequest.getRootContext(PortalRequest.java:435)
       at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:607)
       at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)
       at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:545)
  and here's my login method...
       public boolean login() throws javax.security.auth.login.LoginException
            this.succeeded = false;
            String passwordString = "";
            if (callbackHandler == null)
                 throw new LoginException("Error: no CallbackHandler available to garner authentication information from the user");
            HttpGetterCallback httpgettercallback = new HttpGetterCallback();
            NameCallback nc = new NameCallback("User:");
            PasswordCallback pc = new PasswordCallback("Password:", false);
            Callback[] callbacks = new Callback[] { nc, pc };
            try
                 callbackHandler.handle(callbacks);
            catch (IOException e)
                 throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
            catch (UnsupportedCallbackException e)
                 return false;
            String userid = nc.getName();
            char[] password = pc.getPassword();
            pc.clearPassword();
            if (userid.length() == 0)
                 throwNewLoginException("USERID IS MISSING!", LoginExceptionDetails.IO_EXCEPTION);
            else
                 username = userid;
            if (password.length == 0)
                 throwNewLoginException("PASSWORD IS MISSING!", LoginExceptionDetails.NO_PASSWORD);
            else
                 passwordString = new String(password);
            String eccLoginResult = validateECCAuthentication(username, passwordString);
            if (!eccLoginResult.equals(""))
                 myLoc.infoT(this.username + " - failed ECC authentication.");
                 throwNewLoginException("Wrong UserId/Password", LoginExceptionDetails.WRONG_USERNAME_PASSWORD_COMBINATION);
            else
                 myLoc.infoT(this.username + " - failed ECC authentication.");
                 this.succeeded = true;
            if (this.succeeded)
                 try
                      refreshUserInfo(this.username);
                 catch (SecurityException e)
                      throwUserLoginException(e);
                 if (sharedState.get(AbstractLoginModule.NAME) == null)
                      sharedState.put(AbstractLoginModule.NAME, this.username);
                      this.nameSet = true;
            else
                 throwNewLoginException("Wrong UserId/Password", LoginExceptionDetails.WRONG_USERNAME_PASSWORD_COMBINATION);
            return this.succeeded;

• Custom login module and SSO using 10.1.3.3

  We are using ADF 10.1.3.3 to build applications and recently a requirement from a customer was to use LDAP for authentication but use internal application tables for authorisation. So essentially the username and password will be in LDAP but all the roles definition are in the application. This is because the LDAP directory has tight controls on contents and is used enterprise wide.
  I created a proof of concept to address this requirement using the examples at
  http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
  and also
  http://technology.amis.nl/blog/1462/create-a-webapplication-secured-with-custom-jaas-database-loginmodule-deploy-on-jdeveloper-1013-embedded-oc4j-stand-alone-oc4j-and-opmn-managed-oc4j-10g-as
  specifically using DBProcLoginModule to call a database package.
  The PL/SQL package I created used DBMS_LDAP to call an LDAP directory with the username and password to check authentication and then used internal application tables to get the authorisation details required.
  All this worked very well. I tested on both the embedded OC4J and also standalone OC4J.
  Then one of my peers said will this work with SSO? Specifically we use Oracle OID as we have SSO for Forms and Reports.
  My experience with SSO has been with Oracle OID and having all the user and role details stored within OID.
  So my issue now is can I integrate the custom login module approach I have used with SSO? My knowledge of SSO and OID is limited so I'm not sure how (or if) it would interact with a custom login module. Are the two mutually exclusive?
  Any guidance is appreciated.
  Regards,
  Adrian

  Hi,
  this question should be posted to the Oracle Application Server forum or the security forum. However, based on my findings and experience in this area, I don't think that SSO is integrated with custom LoginModules since the integration would need to be coded in the LoginModule.
  Frank

• Custom Login Module, SSO Ticket validity & Login Module Stack

  Hi everybody,
  we have a portal (running on jboss) which links to a J2EE web application (running on SAP WAS 6.40) which itself is protected by a custom login module and redirects to different WebDynpro applications (running on same WAS as the J2EE app) depending on some parameters.
  So when we go from the portal to the J2EE web application, the custom login module authenticates the user, creates a MYSAPSSO2 Cookie and then redirects to a webdynpro app.
  What happens is that the webdynpro app doesn't accept the cookie and redirects to the login mask.
  Looking at the request header parameter HOST we have the request coming from sub1.sub2.mycompany.com, which is the portal.
  The WAS is located on sub3.mycompany.com.
  If we manipulate the HOST parameter to sub2.mycompany.com everything works fine and the webdynpro app successfully authenticates the user.
  This does sound either like a domain relaxing issue or a multi domain issue, which we added as parameters to the CreateTicketLoginModule in the Login Module Stack for the J2EE web app.
  Unfortunately without result.
  Did anybody have a similar problem and can give some hints on how to solve this?
  Any help is appreciated
  Regards,
  md
  Edited by: Minh-Duc Truong on Jul 17, 2008 7:18 PM
  Edited by: Minh-Duc Truong on Jul 17, 2008 7:19 PM
  Edited by: Julius Bussche on Jul 18, 2008 7:25 PM

  Hi md,
  I have split your 2nd question into a seperate thread => That would make them easier to answer as well, which will help.
  You can find it here: Custom Login Module, LM Stack ignored
  Cheers,
  Julius
  Edited by: Julius Bussche on Jul 18, 2008 7:26 PM

• Custom Login Module, LM Stack ignored

  Moderator's note: This is a question split from another thread:
  Maybe someone with LoginModuleStack knowledge can give us a hand
  Another issue (which is isolated from the other question) we have is that somehow the defined Login Module Stack for the J2EE app
  doesn't get called when there exits already a MYSAPSSO2 cookie in the session.
  The Login Module Stack looks like this:
  Custom Login Module Position 1 Required (also tested with optional & requisite)
  CreateTicketLoginModule Position 2 Sufficient (also tested with optional)
  So if we call the J2EE web app with no existing MYSAPSSO2 cookie (e.g. open in new browser window), everything
  works fine and the defined login module stack is run through.
  If we call the app with existing MYSAPSSO2 cookie (e.g. open in same browser window after logout of previous app),
  the login module stack is ignored and it seems that the EvaluateTicketLoginModule is called straight away, despite not being defined in the stack.
  What could be the problem and how can this be solved?
  Signed with greetings and a happy weekend on behalf of Minh-Duc Truong,
  Your,
  Julius
  Edited by: Minh-Duc Truong on Jul 18, 2008 4:52 PM
  Edited by: Julius Bussche on Jul 18, 2008 7:29 PM

  Hi,
  I cannot believe that the EvaluateTicketLoginModule is called if it is not defined in the stack. I guess the best way to track down the problem is to increase the severity of the following locations:
  (use Visual Admin / Log Configurator / Locations TAB to do that):
  com.sap.security.server.jaas
  com.sap.engine.services.security
  Set the Severity to ALL. After that call your application and paste the output in security.log here so I can have a look at it. It will contain a complete trace of the processing of your login modules so maybe we'll see what's going wrong.
  Cheers