Custom Logon module

Similar Messages

• Custom logon module not called by the portal

  Hi, all.
  I need some help urgently on this new portal requirement. There are some sensitive ESS/MSS iviews that we need to give the users an additional logon challenge. The normal ESS/MSS iviews will be using SSO. This one will still use SSO, but have to pass the userid/password challenge.
  We have decided to use the authentication scheme. Also, the "form" logon stack has been modified with only one logon module, which is our customized one. To create the java project, jar and library, we are following the link: http://help.sap.com/saphelp_nw04s/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/frameset.htm
  Here's the extract of our authscheme.xml:
          <authscheme name="certlogon">
              <authentication-template>
                  client_cert
              </authentication-template>
              <priority>21</priority>
              <frontendtype>2</frontendtype>
              <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
          </authscheme>
          <authscheme name="coo_secure">
              <authentication-template>
                  form
              </authentication-template>
              <priority>40</priority>
              <frontendtype>2</frontendtype>
              <frontendtarget>com.sap.portal.runtime.logon.basicauthentication</frontendtarget>
          </authscheme>
          <authscheme name="basicauthentication">
              <authentication-template>
                  ticket
              </authentication-template>
              <priority>20</priority>
              <frontendtype>2</frontendtype>
              <frontendtarget>com.sap.portal.runtime.logon.basicauthentication</frontendtarget>
          </authscheme>
  The authscheme is called coo_secure. When a user clicks on the iviews with the coo_secure authscheme, a userid/pwd prompt pops up. But it does not accept whatever I type in. From the defaulttrace, I do not see any hint that our customized logon module was ever called.
  Is there anyway to turn on portal tracing to see what is going on?
  Thanks,
  Jonathan.

  Hi Jonathan,
  Did you solved the problem with the custom logon module?
  We have a very similar scenario. I followed below help site to implement a custom logon module for particular iviews.
  http://help.sap.com/saphelp_nw70/helpdata/EN/54/f91fba71ae48309e4267b4a36fa47b/frameset.htm
  and also the documentation:
  SAP Netweaver Developers Guide - Integrating Security Functions
  But I am not able to get my own custom login module with the custom authscheme running.
  If I access my specific IViews that requires additional custom authentication I get the portal login page again. After giving login data I get the error message:
  Java iView Runtime
  An exception occured while processing your request.
  If this situation persists, please contact your system administrator.
  If you solved your problem, can you please share the solution with me?
  Thanks,
  Regards,
  Yasar

• CallbackHandler for custom logon module

  Hi Experts,
  we are using a custom logon module in a J2EE application.
  When creating the LoginContext object the following parameters are necessary:
  new LoginContext(String stackName, CallbackHandler callbackHandler)
  In local development we created SAPJ2EECallbackHandler (package com.sap.security.core.logon.imp), but we cannot do this when working with the NWDI, as DC com.sap.security.core.sda cannot be added (I was reading it's part of the design).
  Which callback handler class can be used instead?
  Thanks for your help,
  Ingo

  Hi Jonathan,
  Did you solved the problem with the custom logon module?
  We have a very similar scenario. I followed below help site to implement a custom logon module for particular iviews.
  http://help.sap.com/saphelp_nw70/helpdata/EN/54/f91fba71ae48309e4267b4a36fa47b/frameset.htm
  and also the documentation:
  SAP Netweaver Developers Guide - Integrating Security Functions
  But I am not able to get my own custom login module with the custom authscheme running.
  If I access my specific IViews that requires additional custom authentication I get the portal login page again. After giving login data I get the error message:
  Java iView Runtime
  An exception occured while processing your request.
  If this situation persists, please contact your system administrator.
  If you solved your problem, can you please share the solution with me?
  Thanks,
  Regards,
  Yasar

• How to call a Bapi or RFC from a custom logon module

  Can you provide an example of how to call a bapi or rfc from a custom logon module? (used to authenticate in portal)

  Hello all,
  Is it possible to use SAP JRA instead?
  We have a Connector deployed on the WebAS 6.40. From an EJB (Webservice) it is possible to lookup the connector, but if i try to lookup the connector from a custom LoginModule, i get the following error:
  Path to object does not exist at java:comp, the whole lookup name is java:comp/env/eis/SAPJRA_CRMDC.#
  The whole lookup in LoginModule looks
  try
                 initialcontext    = new InitialContext();
                 connectionFactory = (ConnectionFactory) initialcontext.lookup("java:comp/env/eis/SAPJRA_CRM");
            } catch (Exception ex)
                 location.errorT(ex.getMessage());
  Regards Oliver

• Why custom logon error messages doesn't work in WAS 7.0, EP 7.0?

  I managed to get custom error messages in WAS 6.40 / EP 6.0.
  I'm using JAAS custom Login module for user authentication and from there different Login Exceptions are thrown.
  I have modified logon.par file to display different error messages like "Logon ID is empty", "Password is empty", "Your user ID or password could not be validated.  Please check and try again."
  When i copy the same code into my working environment i.e WAS 7.0 / EP 7.0, it doesn't work, message always was "User Authentication Failed". Do anyone knows the reason why i was like that?
  Can you please explain exactly when the custom login module gets executed after the user clicks on "Logon" Button.
  In logon.par file i have not seen any code to execute JAAS - custom logon module. PLease explain exact execution flow ..
  Thanks in advance ..
  MMK

  Your card reader might be finicky like mine. Figure out which device your card reader is at (from what I'm reading probably sdb), then attempt to mount /dev/sdb to any location. If your card reader is like mine, this mount will fail but you'll find you now magically have /dev/sdb1, /dev/sdb2, etc devices, which will successfully mount... oddness, but it "just works" so I'm happy
  Note that if you plug a card into a slot that is to the kernel, for example, /dev/sda2, then try to mount /dev/sda1, this will (obviously) fail, so be sure to try mounting all the devices that magically appear (if any do).
  -dav7

• New JAAS Logon Module that calls RFC: Urgent

  I want to build a new logon module that extends AbstractLoginModule.
  I want to call an RFC in ECC using JCA in this logon module. The purpose of this RFC call is to read the users roles in the backend, if they have a certain role I will dynamically assign them a portal group using the UME API.
  which method in the Logon Module (AbstractLoginModule) should I make the call to the RFC? (initialize(), login(), commit(), etc.)
  Does anybody have any examples of how to make the RFC call from a custom logon module using JCA?
  Edited by: K Ferguson on Nov 3, 2008 5:39 PM

  [link at...|http://help.sap.com/saphelp_nw2004s/helpdata/en/17/d609b48ea5f748b47c0f32be265935/content.htm]

• New JAAS Logon Module that calls RFC

  I want to build a new logon module that extends AbstractLoginModule.
  I want to call an RFC in ECC using JCA in this logon module. The purpose of this RFC call is to read the users roles in the backend, if they have a certain role I will dynamically assign them a portal group using the UME API.
  which method in the Logon Module (AbstractLoginModule) should I make the call to the RFC?  (initialize(), login(), commit(), etc.)
  Does anybody have any examples of how to make the RFC call from a custom logon module using JCA?

  Hi K,
  I tend to put the bulk of the logic for my login modules in the login() method - although usually this is for checking authentication rather than assigning roles/groups.
  Have you thought about using UME type ABAP to map ECC roles to Portal Groups? If you then need to write a login module to handle, say, LDAP authentication, then at least it is doing what it should be - i.e. authentication, and the heavy-lifting to do with JCA, roles, etc is handled by SAP-standard code.
  For sample JCA code, there is some in the [Universal Worklist Wiki|https://wiki.sdn.sap.com/wiki/display/BPX/DeveloperStudioProject+Files] - just download and extract the Devlopment Component there (don't forget to remove the .gif extension - a hack I used to get a Zip file into the Wiki).  The file SapRfc.java gives you a user-friendly way of calling RFCs using JCA. To see it in use, see AbsenceApproval.java - the method getWorkitemDescription() is a good example to look at.
  The only downside of the SapRfc.java library is that the constructor takes a IPortalComponentRequest object as an argument (allowing you to use a Portal System Alias), and you don't really have access to one of those in a JAAS module. You will have to modify this code to take a set of ConnectionProperties instead (see the documentation [Using the SAP System Connector|http://help.sap.com/saphelp_nw04/helpdata/en/89/8a185c148e4f6582560a8d809210b4/frameset.htm]).
  Really, the component you want to develop might be better deployed as a Portal component. Your users would access this component first of all, and when it completes it would forward them on to the Portal proper.
  Hope this helps,
  Darren

• How to get Custom Login Module to communicate with frontendtarget

  We have created a custom login module and placed it in our login module stack.
  So we have the following 3 Login Modules in our stack:
  EvaluateTicketModule
  OurCustomLoginModule
  CreateTicketModule
  Also we are using the standard SAP login screen for our frontendtarget, see our authschemes.xml entry:
  <authscheme name="cglogon">
              <authentication-template>
                  form
              </authentication-template>
              <priority>21</priority>
              <frontendtype>2</frontendtype>
              <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
          </authscheme>
  Question:
  There are standard screens in the SAP login PAR:
              changePasswordPage.jsp
              umLogonProblemPage.jsp
              umResetPasswordPage.jsp
  How do I trigger one of these screens from my Login() method of my
  custom login module?  I thought if I throw some specific exception, these screens would
  be called?

  A bit more info. 
  We created a new Authentication Scheme for certain iviews that are deemed more "sensitive" that required a step-up authentication. 
  I changed the Iview property "Authentication Scheme" to our custom one.
  If I navigate into one of these more sensitive Iviews, I get the standard SAP login screen: <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
  Whis is what i expect.
  I enter a username and password and click Logon button.  I see that it successfully hits our custom login module and goes through Login(), and Commit() methods and finally displays the iview i originally requested.
  However, on a failure, i want it to return focus to the SAP login screen with an error explaining why...(i.e. wrong password, account locked, etc.)
  However, It always give iview runtime exception with Access Denied.
  #1.5 #0018FE8C6FD800690000029000004D6C00045B6E5E7D6014#1226429496628#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Debug##Java###Login module {0} from authentication stack {1} does not authenticate the caller.#2#companyname.com.CGLoginModuleClass#form#
  #1.5 #0018FE8C6FD800690000029100004D6C00045B6E5E7D6275#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule.abort()#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Plain###Entering method#
  #1.5 #0018FE8C6FD800690000029200004D6C00045B6E5E7D6308#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Debug##Plain###Internal Login Module data has been reset.#
  #1.5 #0018FE8C6FD800690000029300004D6C00045B6E5E7D6386#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Java###Exiting method with {0}#1#true#
  #1.5 #0018FE8C6FD800690000029400004D6C00045B6E5E7D6438#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule.abort()#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Plain###Entering method#
  #1.5 #0018FE8C6FD800690000029500004D6C00045B6E5E7D64B2#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Java###Exiting method with {0}#1#true#
  #1.5 #0018FE8C6FD800690000029700004D6C00045B6E5E7D6750#1226429496630#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Info#1#/System/Security/Authentication#Plain###LOGIN.FAILED
  User: N/A
  Authentication Stack: form
  Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
  1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          exception             true       authscheme not sufficient: uidpwdlogon<cglogon
          \#1 ume.configuration.active = true
  2. companyname.com.CGLoginModuleClass                                         REQUISITE   ok          exception             true       Authentication did not succeed.
  3. com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok                                true      
          \#1 ume.configuration.com = true#
  #1.5 #0018FE8C6FD800690000029900004D6C00045B6E5E7DA973#1226429496647#System.err#sap.com/irj#System.err#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Plain###Nov 11, 2008 10:51:36...                    com.sap.portal.portal [SAPEngine_Application_Thread[impl:3]_24] Error: Exception ID:10:51_11/11/08_0002_176065950
  #1.5 #0018FE8C6FD800690000029B00004D6C00045B6E5E7DCA91#1226429496647#com.sap.portal.portal#sap.com/irj#com.sap.portal.portal#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Error#1#/System/Server#Java###Exception ID:10:51_11/11/08_0002_176065950
  [EXCEPTION]
  {0}#1#com.sapportals.portal.prt.runtime.PortalRuntimeException: Access is denied: pcd:portal_content/com.companyname.portal.capitalgroup/com.companyname.com.security/com.companyname.portal.cghressnaaa/com.sap.pct.ess.employee_self_service/com.companyname.pg_sensitiveWebdynpro/com.cg.ivu_saplogon_0 - user: Guest
       at com.sapportals.portal.prt.deployment.DeploymentManager.getPropertyContentProvider(DeploymentManager.java:1936)
       at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.refresh(PortalComponentContextItem.java:230)
       at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.getContext(PortalComponentContextItem.java:312)
       at com.sapportals.portal.prt.component.PortalComponentRequest.getComponentContext(PortalComponentRequest.java:385)
       at com.sapportals.portal.prt.connection.PortalRequest.getRootContext(PortalRequest.java:435)
       at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:607)
       at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)
       at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:545)
  and here's my login method...
       public boolean login() throws javax.security.auth.login.LoginException
            this.succeeded = false;
            String passwordString = "";
            if (callbackHandler == null)
                 throw new LoginException("Error: no CallbackHandler available to garner authentication information from the user");
            HttpGetterCallback httpgettercallback = new HttpGetterCallback();
            NameCallback nc = new NameCallback("User:");
            PasswordCallback pc = new PasswordCallback("Password:", false);
            Callback[] callbacks = new Callback[] { nc, pc };
            try
                 callbackHandler.handle(callbacks);
            catch (IOException e)
                 throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
            catch (UnsupportedCallbackException e)
                 return false;
            String userid = nc.getName();
            char[] password = pc.getPassword();
            pc.clearPassword();
            if (userid.length() == 0)
                 throwNewLoginException("USERID IS MISSING!", LoginExceptionDetails.IO_EXCEPTION);
            else
                 username = userid;
            if (password.length == 0)
                 throwNewLoginException("PASSWORD IS MISSING!", LoginExceptionDetails.NO_PASSWORD);
            else
                 passwordString = new String(password);
            String eccLoginResult = validateECCAuthentication(username, passwordString);
            if (!eccLoginResult.equals(""))
                 myLoc.infoT(this.username + " - failed ECC authentication.");
                 throwNewLoginException("Wrong UserId/Password", LoginExceptionDetails.WRONG_USERNAME_PASSWORD_COMBINATION);
            else
                 myLoc.infoT(this.username + " - failed ECC authentication.");
                 this.succeeded = true;
            if (this.succeeded)
                 try
                      refreshUserInfo(this.username);
                 catch (SecurityException e)
                      throwUserLoginException(e);
                 if (sharedState.get(AbstractLoginModule.NAME) == null)
                      sharedState.put(AbstractLoginModule.NAME, this.username);
                      this.nameSet = true;
            else
                 throwNewLoginException("Wrong UserId/Password", LoginExceptionDetails.WRONG_USERNAME_PASSWORD_COMBINATION);
            return this.succeeded;

• Custom Login Module Behavior (JAAS)...Help!

  Problem: After successful authentication through a custom login module, the screen stays on the login screen and does not go to the iview you clicked on...
  I have created a login module as documented [here|http://help.sap.com/saphelp_nw04s/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/frameset.htm]. 
  I have added a new entry in the authschemes.xml file:
  <authscheme name="cglogon">
              <authentication-template>
                  form
              </authentication-template>
              <priority>21</priority>
              <frontendtype>2</frontendtype>
              <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
          </authscheme>
  As you can see above, i wanted to try to use the standard sap screen: com.sap.portal.runtime.logon.certlogon
  Also, the logon module stack called "form" contains one and only one login module:  mycompany.com.CGLoginModuleClass    (REQUISITE)
  Here is also the code to my Login() method of my module:
       public boolean login() throws LoginException
            Exception exception_on_the_way = null;
            String passwordString = "";
            NameCallback nc = new NameCallback("User:");
            PasswordCallback pc = new PasswordCallback("Password:", false);
            Callback[] callbacks = new Callback[] { nc, pc };
            try
                 callbackHandler.handle(callbacks);
            catch (IOException e)
                 exception_on_the_way = e;
            catch (UnsupportedCallbackException e)
                 exception_on_the_way = e;
            String userid = nc.getName();
            char[] password = pc.getPassword();
            pc.clearPassword();
            if (userid.length() == 0)
                 throw new LoginException(MISSING_UID);
            else
                 userName = userid;
            if (password.length == 0)
                 throw new LoginException(MISSING_PASSWORD);
            else
                 passwordString = new String(password);
            try
                 refreshUserInfo(userName);
            catch (SecurityException e)
                 exception_on_the_way = e;
            if (exception_on_the_way != null)
                 //             A productive application should write an entry
                 //             into the trace here
                 exception_on_the_way.printStackTrace();
                 throw new LoginException("Could not handle callbacks");
            String eccLoginResult = "";
            //eccLoginResult = validateECCAuthentication(userName, passwordString);
            if (!eccLoginResult.equals(""))
                 //throwNewLoginException(eccLoginResult);
                 //throw new LoginException(USER_AUTH_FAILED);
                 throwNewLoginException("Wrong UserId/Password", LoginExceptionDetails.WRONG_USERNAME_PASSWORD_COMBINATION);
            else
                 successful = true;
            if (sharedState.get(AbstractLoginModule.NAME) == null)
                 sharedState.put(AbstractLoginModule.NAME, userName);
                 nameSet = true;
            return true;
  I set up a random iview in the portal to use our new authentication scheme: cglogon by changing the iview property Authentication Scheme.
  After clicking the logon button, My login() method gets called and sucessful is set to true.  Also the commit() method gets called. 
  Problem: However, the screen gets redirected to the logon screen again...
  Here is the trace in the logs:
  Used Passport Type: 3
  #[Security Context : [Security Session (3929) for kcf created at Thu Nov 06 08:40:44 PST 2008]]#
  #1.5 #0018FE8C6FD8007200003781000041C100045B07FD434AB8#1225989778316#com.sap.engine.services.security.sessionmanagement##com.sap.engine.services.security.sessionmanagement#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###Persistent listeners of {0} notified#1#[Security Context : [Security Session (3929) for kcf created at Thu Nov 06 08:40:44 PST 2008]]#
  #1.5 #0018FE8C6FD8007200003782000041C100045B07FD4353D2#1225989778319#com.sap.engine.services.security.authentication.programmatic#sap.com/irj#com.sap.engine.services.security.authentication.programmatic.logon#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Java###Entering method with ({0})#1#com.sap.engine.services.servlets_jsp.server.runtime.client.HttpServletRequestFacade@2cbd9a10, com.sap.engine.services.servlets_jsp.server.runtime.client.HttpServletResponseFacade@5db3e73e, cglogon#
  #1.5 #0018FE8C6FD8007200003783000041C100045B07FD435510#1225989778319#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###Security context [{0}] successfully loaded from cache.#1#form#
  #1.5 #0018FE8C6FD8007200003784000041C100045B07FD43559B#1225989778319#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Entering PolicyConfigurationSecurityContext.getAuthenticationContext()#
  #1.5 #0018FE8C6FD8007200003785000041C100045B07FD43560F#1225989778319#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Exiting PolicyConfigurationSecurityContext.getAuthenticationContext()#
  #1.5 #0018FE8C6FD8007200003786000041C100045B07FD435864#1225989778320#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###New policy configuration modification context successfully created for configuration with path [{0}].#1#security/configurations/form#
  #1.5 #0018FE8C6FD8007200003787000041C100045B07FD4358F8#1225989778320#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Entering Storage.getStorage(Configuration config)#
  #1.5 #0018FE8C6FD8007200003788000041C100045B07FD435983#1225989778320#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###New storage [{0}] created.#1#com.sap.engine.services.security.server.storage.AtomicStorage@3091c97c#
  #1.5 #0018FE8C6FD8007200003789000041C100045B07FD435A00#1225989778320#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Exiting Storage.getStorage(Configuration config)#
  #1.5 #0018FE8C6FD800720000378A000041C100045B07FD435A7B#1225989778320#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Entering Storage.begin()#
  #1.5 #0018FE8C6FD800720000378B000041C100045B07FD435B31#1225989778321#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###New configuration handler [{0}] created.#1#com.sap.engine.core.configuration.impl.ConfigurationHandlerImpl@334304cd#
  #1.5 #0018FE8C6FD800720000378C000041C100045B07FD435BC8#1225989778321#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Exiting Storage.begin()#
  #1.5 #0018FE8C6FD800720000378D000041C100045B07FD435C3A#1225989778321#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Plain###New modification bundle started for the current thread.#
  #1.5 #0018FE8C6FD800720000378E000041C100045B07FD435CC6#1225989778321#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###Trying to get configuration [{0}] from storage; write access [{1}]; create if missing [{2}]#3#security/configurations/form/security/authentication#false#false#
  #1.5 #0018FE8C6FD800720000378F000041C100045B07FD435DC0#1225989778321#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###Configuration returned from storage successfully [{0}].#1#security/configurations/form/security/authentication#
  #1.5 #0018FE8C6FD8007200003790000041C100045B07FD436148#1225989778322#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Entering Storage.forget()#
  #1.5 #0018FE8C6FD8007200003791000041C100045B07FD436225#1225989778322#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Exiting Storage.forget()#
  #1.5 #0018FE8C6FD8007200003792000041C100045B07FD43629D#1225989778322#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Plain###Successful forget of modification bundle for the current thread.#
  #1.5 #0018FE8C6FD8007200003793000041C100045B07FD4363B9#1225989778323#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info##Plain###Re-authentication requested.#
  #1.5 #0018FE8C6FD8007200003794000041C100045B07FD4364BA#1225989778323#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###Security context [{0}] successfully loaded from cache.#1#form#
  #1.5 #0018FE8C6FD8007200003795000041C100045B07FD436534#1225989778323#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Entering PolicyConfigurationSecurityContext.getAuthenticationContext()#
  #1.5 #0018FE8C6FD8007200003796000041C100045B07FD4365A6#1225989778323#com.sap.engine.services.security.policyconfiguration#sap.com/irj#com.sap.engine.services.security.policyconfiguration#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Exiting PolicyConfigurationSecurityContext.getAuthenticationContext()#
  #1.5 #0018FE8C6FD8007200003797000041C100045B07FD439765#1225989778336#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info##Java###User [{0}] attempt to re-authenticate.#1#kcf#
  #1.5 #0018FE8C6FD8007200003798000041C100045B07FD439CA1#1225989778337#com.sap.engine.services.security.sessionmanagement#sap.com/irj#com.sap.engine.services.security.sessionmanagement#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info##Java###Principal {0} assigned to {1}#2#kcf#[Security Session (3929) for kcf created at Thu Nov 06 08:40:44 PST 2008]#
  #1.5 #0018FE8C6FD8007200003799000041C100045B07FD439D6C#1225989778338#com.sap.engine.services.security.sessionmanagement#sap.com/irj#com.sap.engine.services.security.sessionmanagement#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info##Java###Subject {0} assigned to {1}#2#Subject:
       Principal: kcf
  #[Security Session (3929) for kcf created at Thu Nov 06 08:40:44 PST 2008]#
  #1.5 #0018FE8C6FD800720000379A000041C100045B07FD439DF3#1225989778338#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info##Java###Re-authentication for user [{0}] successfull.#1#kcf#
  #1.5 #0018FE8C6FD800720000379C000041C100045B07FD439F9B#1225989778338#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info#1#/System/Security/Authentication#Plain###LOGIN.OK
  User: kcf
  Authentication Stack: form
  Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
  1. mycompany.com.CGLoginModuleClass                                         REQUISITE   ok          true       true                 
  Central Checks                                                                                true                  #
  #1.5 #0018FE8C6FD800720000379D000041C100045B07FD43A10D#1225989778338#com.sap.engine.services.security.authentication.programmatic#sap.com/irj#com.sap.engine.services.security.authentication.programmatic.logon#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Plain###Security session assigned successfully to the http session.#
  #1.5 #0018FE8C6FD800720000379F000041C100045B07FD43CC17#1225989778349#com.sap.engine.services.security.authentication.programmatic#sap.com/irj#com.sap.engine.services.security.authentication.programmatic#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Plain###Exiting logon with authenticated subject.#
  #1.5 #0018FE8C6FD80072000037A0000041C100045B07FD43D9FE#1225989778353#com.sap.engine.services.security.authentication.programmatic#sap.com/irj#com.sap.engine.services.security.authentication.programmatic.isAuthenticated#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Java###Entering method with ({0})#1#KCF#
  #1.5 #0018FE8C6FD80072000037A1000041C100045B07FD43DAC6#1225989778353#com.sap.engine.services.security.authentication.programmatic#sap.com/irj#com.sap.engine.services.security.authentication.programmatic.isAuthenticated#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Java###Exiting method with {0}#1#false#
  #1.5 #0018FE8C6FD80072000037A2000041C100045B07FD440358#1225989778364#com.sap.engine.services.security.authentication.logonapplication#sap.com/irj#com.sap.engine.services.security.authentication.logonapplication.initBeans#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info##Plain###LanguagesBean created#
  #1.5 #0018FE8C6FD80072000037A3000041C100045B07FD44045E#1225989778364#com.sap.engine.services.security.authentication.logonapplication#sap.com/irj#com.sap.engine.services.security.authentication.logonapplication.executeRequest#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Info##Plain###No command found, forwarding to umLogonPage#
  #1.5 #0018FE8C6FD80072000037A4000041C100045B07FD4429BF#1225989778373#com.sap.engine.services.security.sessionmanagement##com.sap.engine.services.security.sessionmanagement#kcf#3929##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Path##Java###Entering SecurityContext.empty() on {0}#1#[Security Context : [Security Session (3929) for kcf created at Thu Nov 06 08:40:44 PST 2008]]#
  #1.5 #0018FE8C6FD80072000037A5000041C100045B07FD442AC1#1225989778374#com.sap.engine.services.security.sessionmanagement##com.sap.engine.services.security.sessionmanagement#Guest#0##castoldi_EPX_176065950#KCF#a839a030ac2111ddb3dd0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_35##0#0#Debug##Java###Notifying persistent listener {0} of {1}#2#
  User ID           : kcf
  Service Type      : Web Request
  Action Name       : Appl.: irj:com.cg.ivu_saplogon_0
  Action Type       : http
  Additional Info   : null
  CPU Time [us]     : 0
  Queue Time [us]   : 4295152
  No of ext. calls  : 0
  Edited by: K Ferguson on Nov 6, 2008 6:07 PM

  I am facing the same problem.
  And how was is solved ?
  Thanks

• Custom Logon Page Error

  I created a custom logon page and its not working. I'm pretty sure that it has to do with the authscheme.xml file. Can someone post the authscheme.xml file they used for their custom logon page, or tell me what is wrong with mine. I posted it below and my custom logon par is named: CM_Logon.par.
  Really appreciate any help.
  Regards,
  Tom
    <?xml version="1.0" encoding="UTF-8" ?>
  - <!--   Configuration File for Authentication Schemes
    -->
  - <!--  $Id: //shared_tc/com.sapall.security/630_VAL_REL/src/_deploy/dist/configuration/shared/authschemes.xml#1 $ from $DateTime: 2004/03/08 16:48:43 $ ($Change: 14741 $)
    -->
  - <document>
  - <authschemes>
  - <!--   authschemes, the name of the node is used
    -->
  - <authscheme name="uidpwdlogon">
  - <!--  multiple login modules can be defined
    -->
    <authentication-template>ticket</authentication-template>
    <priority>20</priority>
  - <!--  the frontendtype TARGET_FORWARD = 0, TARGET_REDIRECT = 1, TARGET_JAVAIVIEW = 2
    -->
    <frontendtype>2</frontendtype>
  - <!--  target object
    -->
    <frontendtarget>CM_Logon.certlogon</frontendtarget>
    </authscheme>
  - <authscheme name="certlogon">
    <authentication-template>client_cert</authentication-template>
    <priority>21</priority>
    <frontendtype>2</frontendtype>
    <frontendtarget>CM_Logon.certlogon</frontendtarget>
    </authscheme>
  - <authscheme name="basicauthentication">
    <authentication-template>ticket</authentication-template>
    <priority>20</priority>
    <frontendtype>2</frontendtype>
    <frontendtarget>CM_Logon.basicauthentication</frontendtarget>
    </authscheme>
  - <authscheme name="header">
    <authentication-template>header</authentication-template>
    <priority>5</priority>
    <frontendtype>2</frontendtype>
    <frontendtarget>CM_Logon.header</frontendtarget>
    </authscheme>
  - <!--  Reserved 'anonymous' authscheme added for being in the list of authschemes
    -->
  - <authscheme name="anonymous">
    <priority>-1</priority>
    </authscheme>
    </authschemes>
  - <!--   References for Authentication Schemes, this section must be after authschemes
    -->
  - <authscheme-refs>
  - <authscheme-ref name="default">
    <authscheme>uidpwdlogon</authscheme>
    </authscheme-ref>
  - <authscheme-ref name="UserAdminScheme">
    <authscheme>uidpwdlogon</authscheme>
    </authscheme-ref>
    </authscheme-refs>
    </document>

  Venkat,
     Here is the only error message I can find in the server trace error log. This leads me to believe it is something to do with the authschemes.xml file.
  Thanks,
  Tom
  Time : 13:15:26:879
  Category : /System/Server
  Date : 07/18/2005
  Message : An error occured during authscheme computation.
  [EXCEPTION]
  com.sapportals.portal.prt.component.PortalComponentException: Error in init method
  Component : Demo_LogonPage.certlogon
       at com.sapportals.portal.prt.component.PortalComponentContext.init(PortalComponentContext.java:251)
       at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.refresh(PortalComponentContextItem.java:267)
       at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.getContext(PortalComponentContextItem.java:312)
       at com.sapportals.portal.prt.component.PortalComponentRequest.getComponentContext(PortalComponentRequest.java:385)
       at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLogonIView(AuthenticationService.java:235)
       at com.sapportals.portal.prt.service.hook.SecurityHookService.doNodeHook(SecurityHookService.java:154)
       at com.sapportals.portal.prt.connection.PortalHook.doNodeHook(PortalHook.java:469)
       at com.sapportals.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:138)
       at com.sapportals.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:50)
       at com.sapportals.portal.prt.pom.PortalNode.createComponentNode(PortalNode.java:276)
       at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:617)
       at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:232)
       at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:545)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:153)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:290)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:346)
       at com.sap.portal.navigation.Gateway.service(Gateway.java:68)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:385)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:263)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:340)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:318)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:824)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:239)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:147)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:37)
       at com.sap.engine.core.cluster.impl6.session.UnorderedChannel$MessageRunner.run(UnorderedChannel.java:71)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:94)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:162)
  Caused by: com.sapportals.portal.prt.core.broker.PortalComponentInstantiationException: Could not instantiate implementation class com.sapportals.portal.ume.component.logon.SAPMLogonCertComponent of Portal Component Demo_LogonPage.certlogon because: Linkage error while loading implementation class
       at com.sapportals.portal.prt.core.broker.PortalComponentItemFacade.getInstanceInternal(PortalComponentItemFacade.java:234)
       at com.sapportals.portal.prt.core.broker.PortalComponentItemFacade.getComponentInstance(PortalComponentItemFacade.java:160)
       at com.sapportals.portal.prt.core.broker.PortalComponentItem.getComponentInstance(PortalComponentItem.java:732)
       at com.sapportals.portal.prt.component.PortalComponentContext.getComponent(PortalComponentContext.java:103)
       at com.sapportals.portal.prt.component.PortalComponentContext.init(PortalComponentContext.java:242)
       ... 35 more
  Caused by: java.lang.NoClassDefFoundError: com/sap/security/core/logonadmin/IAccessToLogic
       at java.lang.Class.forName0(Native Method)
       at java.lang.Class.forName(Class.java:219)
       at com.sapportals.portal.prt.core.broker.PortalComponentItemFacade.getInstanceInternal(PortalComponentItemFacade.java:228)
       ... 39 more
  Severity : Error
  Location : com.sap.portal.portal
  Message ID : 000BCD9C959D00590000000F00001A400003FC2FBEF3AA88
  Thread : SAPEngine_Application_Thread[impl:3]_10
  Source Name : com.sap.portal.portal
  Datasource : 1121777405726:E:\usr\sap\EP6\JC00\j2ee\cluster\server0\log\defaultTrace.trc
  Application : sap.com/irj
  Argument Objs : com.sapportals.portal.prt.component.PortalComponentException: Error in init method
  Component : Demo_LogonPage.certlogon
       at com.sapportals.portal.prt.component.PortalComponentContext.init(PortalComponentContext.java:251)
       at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.refresh(PortalComponentContextItem.java:267)
       at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.getContext(PortalComponentContextItem.java:312)
       at com.sapportals.portal.prt.component.PortalComponentRequest.getComponentContext(PortalComponentRequest.java:385)
       at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLogonIView(AuthenticationService.java:235)
       at com.sapportals.portal.prt.service.hook.SecurityHookService.doNodeHook(SecurityHookService.java:154)
       at com.sapportals.portal.prt.connection.PortalHook.doNodeHook(PortalHook.java:469)
       at com.sapportals.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:138)
       at com.sapportals.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:50)
       at com.sapportals.portal.prt.pom.PortalNode.createComponentNode(PortalNode.java:276)
       at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:617)
       at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:232)
       at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:545)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:153)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:290)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:346)
       at com.sap.portal.navigation.Gateway.service(Gateway.java:68)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:385)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:263)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:340)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:318)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:824)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:239)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:147)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:37)
       at com.sap.engine.core.cluster.impl6.session.UnorderedChannel$MessageRunner.run(UnorderedChannel.java:71)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:94)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:162)
  Caused by: com.sapportals.portal.prt.core.broker.PortalComponentInstantiationException: Could not instantiate implementation class com.sapportals.portal.ume.component.logon.SAPMLogonCertComponent of Portal Component Demo_LogonPage.certlogon because: Linkage error while loading implementation class
       at com.sapportals.portal.prt.core.broker.PortalComponentItemFacade.getInstanceInternal(PortalComponentItemFacade.java:234)
       at com.sapportals.portal.prt.core.broker.PortalComponentItemFacade.getComponentInstance(PortalComponentItemFacade.java:160)
       at com.sapportals.portal.prt.core.broker.PortalComponentItem.getComponentInstance(PortalComponentItem.java:732)
       at com.sapportals.portal.prt.component.PortalComponentContext.getComponent(PortalComponentContext.java:103)
       at com.sapportals.portal.prt.component.PortalComponentContext.init(PortalComponentContext.java:242)
       ... 35 more
  Caused by: java.lang.NoClassDefFoundError: com/sap/security/core/logonadmin/IAccessToLogic
       at java.lang.Class.forName0(Native Method)
       at java.lang.Class.forName(Class.java:219)
       at com.sapportals.portal.prt.core.broker.PortalComponentItemFacade.getInstanceInternal(PortalComponentItemFacade.java:228)
       ... 39 more
  Arguments : com.sapportals.portal.prt.component.PortalComponentException: Error in init method
  Component : Demo_LogonPage.certlogon
       at com.sapportals.portal.prt.component.PortalComponentContext.init(PortalComponentContext.java:251)
       at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.refresh(PortalComponentContextItem.java:267)
       at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.getContext(PortalComponentContextItem.java:312)
       at com.sapportals.portal.prt.component.PortalComponentRequest.getComponentContext(PortalComponentRequest.java:385)
       at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLogonIView(AuthenticationService.java:235)
       at com.sapportals.portal.prt.service.hook.SecurityHookService.doNodeHook(SecurityHookService.java:154)
       at com.sapportals.portal.prt.connection.PortalHook.doNodeHook(PortalHook.java:469)
       at com.sapportals.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:138)
       at com.sapportals.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:50)
       at com.sapportals.portal.prt.pom.PortalNode.createComponentNode(PortalNode.java:276)
       at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:617)
       at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:232)
       at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:545)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:153)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:290)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:346)
       at com.sap.portal.navigation.Gateway.service(Gateway.java:68)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:385)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:263)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:340)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:318)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:824)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:239)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:147)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:37)
       at com.sap.engine.core.cluster.impl6.session.UnorderedChannel$MessageRunner.run(UnorderedChannel.java:71)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:94)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:162)
  Caused by: com.sapportals.portal.prt.core.broker.PortalComponentInstantiationException: Could not instantiate implementation class com.sapportals.portal.ume.component.logon.SAPMLogonCertComponent of Portal Component Demo_LogonPage.certlogon because: Linkage error while loading implementation class
       at com.sapportals.portal.prt.core.broker.PortalComponentItemFacade.getInstanceInternal(PortalComponentItemFacade.java:234)
       at com.sapportals.portal.prt.core.broker.PortalComponentItemFacade.getComponentInstance(PortalComponentItemFacade.java:160)
       at com.sapportals.portal.prt.core.broker.PortalComponentItem.getComponentInstance(PortalComponentItem.java:732)
       at com.sapportals.portal.prt.component.PortalComponentContext.getComponent(PortalComponentContext.java:103)
       at com.sapportals.portal.prt.component.PortalComponentContext.init(PortalComponentContext.java:242)
       ... 35 more
  Caused by: java.lang.NoClassDefFoundError: com/sap/security/core/logonadmin/IAccessToLogic
       at java.lang.Class.forName0(Native Method)
       at java.lang.Class.forName(Class.java:219)
       at com.sapportals.portal.prt.core.broker.PortalComponentItemFacade.getInstanceInternal(PortalComponentItemFacade.java:228)
       ... 39 more
  Dsr Component :
  Dsr Transaction : 886750b0f7af11d9c469000bcd9c959d
  Dsr User :
  Indent : 0
  Level : 0
  Message Code :
  Message Type : 1
  Relatives : /System/Server
  Resource Bundlename :
  Session : 92
  Source : com.sap.portal.portal
  ThreadObject : SAPEngine_Application_Thread[impl:3]_10
  Transaction :
  User : Guest

• Debugging custom login module

  Hi,
  We have implemented custom login module, all the required steps are done in VA and Configtool. What is the better way to debug custom login module? Please advise.
  Thanks,
  Dileep

  Hi Vijay,
  I already deployed my login module. I am not getting any error, it lets me login without any problems. I want to debug this and add more logic to it based on debug results.
  FYI for all, this is not logon par file, this is custom login module implemented as outlined in this link, http://help.sap.com/saphelp_nw70/helpdata/en/2b/65fa40ee14f26fe10000000a1550b0/content.htm
  Thanks,
  Dileep

• Problems with custom login module/authscheme in Portal iViews

  Hi,
  In our portal users must login with their username and password ("ticket" login module stack) to access most of the content. For some of the iViews containing confidential data we would like to ask the users some personal questions before giving them access.
  I followed all the steps described in the [official documentation |http://help.sap.com/saphelp_nw04s/helpdata/en/8c/f03541c6afd92be10000000a1550b0/content.htm]:
  - created a custom login module
  - added it to a custom login module stack
  - added a custom authscheme in the authschemes.xml file
  - assigned the iView to this authscheme
  I also create a PortalComponent that reads the user entries and calls my login module (JSP not shown):
  public void doContent(IPortalComponentRequest request, IPortalComponentResponse response)     {          
      HttpServletRequest req = request.getServletRequest();
      HttpServletResponse resp = request.getServletResponse(false);
      ILogonAuthentication ila = UMFactory.getLogonAuthenticator();
      Subject subject = ila.logon(req, resp, "myauthscheme");
      // if authenticated what to do next??
  Now when I try to access the protected iView, I see my screen to answer the questions, I press submit and my login module is called. But, I never get redirected to the iView I'm supposed to go. So I still have two questions:
  1) Which login modules should be in the login module stack? Should I include the BasicPasswordLoginModule?
  For the moment I have:
  EvaluateTicketLoginModule (SUFFICIENT)
  MyCustomLoginModule (REQUISITE)
  CreateTicketLoginModule (OPTIONAL)
  2) How can I be redirected to the protected iView after the user is being authenticated? Is it the portal framework who is responsible to navigate there automatically? Or is it in my own code after the logon() call? In that case how can I retrieve the destination URL?
  Thanks,
  Martin

  I'm using the version 10.1.3.0.4 (SU5).
  The error is:
  06/09/28 18:09:05 WARNING: Application.setConfig Application: current-workspace-app is in failed state as initialization failedjava.lang.InstantiationException
  28/09/2006 18:09:05 com.evermind.server.Application setConfig
  WARNING: Application: current-workspace-app is in failed state as initialization failedjava.lang.InstantiationException
  2006-09-28 18:09:05.390 WARNING J2EE 0JR0013 Exception initializing deployed application: current-workspace-app. null
  My JAAS-oc4j-app content is:
  <log>
  <file path="JAAS-oc4j-app.log" xmlns=""/>
  </log>
  <jazn provider="XML" location="JAAS-jazn-data.xml">
  <property name="role.mapping.dynamic" value="true"/>
  <property name="custom.loginmodule.provider" value="true"/>
  <property name="jaas.username.simple" value="true"/>
  </jazn>
  <data-sources path="JAAS-data-sources.xml"/>
  Thanks for reply.

• Custom Authentication Module on Identity Server

  Hi,
  I have a custom authentication module which I am trying to access through the policy agent.
  I have set the following property in AMAgent.properties file
  com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login?module=CustomLoginModule.
  My login module code is something like this:
  package com.iplanet.am.samples.authentication.providers;
  import java.util.*;
  import javax.security.auth.Subject;
  import javax.security.auth.callback.Callback;
  import javax.security.auth.callback.NameCallback;
  import javax.security.auth.callback.PasswordCallback;
  import javax.security.auth.login.LoginException;
  import com.sun.identity.authentication.spi.AMLoginModule;
  import com.sun.identity.authentication.spi.AuthLoginException;
  import java.rmi.RemoteException;
  import java.io.FileInputStream;
  import java.util.Properties;
  public class LoginModule1 extends AMLoginModule
  private String userName;
  private String userTokenId;
  private HashMap usersMap;
  private java.security.Principal userPrincipal = null;
  public LoginModule1() throws LoginException
  public void init(Subject subject, Map sharedState, Map options)
            System.out.println("LoginModule1 initialization");
            usersMap = new HashMap();
            ResourceBundle bundle = ResourceBundle.getBundle("users");
            Enumeration users = bundle.getKeys();
            while (users.hasMoreElements())
                 String user = (String)users.nextElement();
                 String password = bundle.getString(user.trim());
                 usersMap.put(user, password);
  public int process(Callback[] callbacks, int state) throws AuthLoginException
            int currentState = state;
            if (currentState == 1)
                 userName = ((NameCallback) callbacks[0]).getName().trim();
                 char[] passwd = ((PasswordCallback) callbacks[1]).getPassword();
                 String passwdString = new String (passwd);
                 if (userName.equals(""))
                      throw new AuthLoginException("names must not be empty");
                 if (userName.equals("testuser") && passwdString.equals("testuser"))
                      userTokenId = userName;
                      return -1;
                 if (usersMap.containsKey(userName))
                      if (usersMap.get(userName).equals(new String(passwd)))
                           userTokenId = userName;
                           return -1;
                 return 0;
       public java.security.Principal getPrincipal()
            if (userPrincipal != null)
                 return userPrincipal;
            else
            if (userTokenId != null)
                 userPrincipal = new SamplePrincipal("testuser");
                 return userPrincipal;
            else
                 return null;
  So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication does not succeed and I get the following error message in the agent log file.
  2004-08-09 15:24:08.640 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:09.030 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:23.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
  2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:29.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
  2004-08-09 15:24:29.499 128 2712:24fda5e8 RemoteLog: User unknown was denied access to http://ps0391.persistent.co.in:80/test/index.html.
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
  2004-08-09 15:24:29.499 -1 2712:24fda5e8 PolicyAgent: validate_session_policy() access denied to unknown user
  The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
  Thanks
  Srinivas

  Does the principal "testuser" exist in your realm? If I understand your module correctly, it looks like it always returns "testuser".
  I am guessing that Access Manager is not finding your principal. Typically if access manager cannot associate the principal returned by the custom AMLoginModule it will fail the authentication.
  I am wondering if this is related to a seperate problem I have seen with custom login modules. Try chaning the code to return an LDAP style principal it may work:
  so return "uid=testuser,ou=People,dc=yourdomain,dc=com" for example. In theory this should not be necessary but it solved some problems for me, though I am not sure why.

• SAP PI crashes because of Custom Adapter module

  Hi,
  We are facing a strange problem. We have deployed a custom adapter module developed in java which accesses a Hardware Security Module(HSM) and uses the keys in HSM to digitally sign our data. Now, when I use particular methods in this code and deploy it on PI server, the server crashes while testing this out. As soon as I run the channel having this adapter module, PI server becomes unavailable. It restarts on its own after a few minutes.
  One of the reasons I identified to be causing this issue is the signing mechanism used in code. When I used a mechanism that was not supported or not correct, it crashed the server. If i corrected it, it worked fine. I found no other thing in my code causing this behaviour apart from this mechanism. But I am still not able to understand how a single method in a code can cause the whole server to crash. Has anybody here faced such a problem? Any pointers would be appreciated.
  We are using SAP PI 7.31 java only installation.
  Thanks,
  Ravi Desai

  Hi Ravi
  1. To check if it is a memory issue. Once you start the channel, check the memory usage in nwa. Check if the memory is increasing once the channel is started.
  2. Add debug statements to print logs in default traces at as many places as possible. Since your code is not reaching the Catch block, using the debug statement you can reach the line in the code which is causing this issue.
  Regards
  Osman Jabri

• How to write the custom Function Module to trigger the Alert.

  Hi all,
  I have developed a custom alert category in Tx - alrtcatdef. Now i want to trigger it from my custom function module. what should i do or what is the procedure to trigger the alert from my custom function module.
  Arul Jothi

  hi arul,
  try this program.
  RSALERTTEST.
  check out this link...
  <a href="/people/ginger.gatling/blog/2005/12/02/innovative-ways-to-use-alerts:///people/ginger.gatling/blog/2005/12/02/innovative-ways-to-use-alerts
  regs,
  jaga