Do we need customer login modules?

Hi!
We start to think whether we need customer login modules on the top
of the existing login modules.
Plus, in some of our systems we see some customer login modules
BUT we do not know whether they are necessary or not.
Is there a way to  decide if a customer logn module is needed?
Thanks! Point guaranteed.

I hope that you are talking about the Portal Customization.
Incase if YES !  Then you can the first thing is that this is a customization of the Portal Display page with respect to the customer.
Hence it is left to the choice of the customer to customize the Portal look.
If it is required to be done then you can do it by login into the portal then System admin--> Portal display and then select the theme and do the customiztion as required.
Regards,
Prem

Similar Messages

  • Custom login module on OC4J 10.1.3.3.0

    Hi,
    I need to implement custom web form-based authentication on OC4J, in order to port an existing JBoss app. I was following Frank's example at http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm. Trying to access protected pages will correctly redirect to the j_security_check page, and from there call my custom login module - through LoginContext. The issue is that - even if the LoginModule correctly authenticates user's credentials, the request still doesn't get through, coming back to the authentication page.
    I perform the deployment using Oracle Enterprise Manager, and the relevant files are:
    web.xml:
    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>testJAAS</realm-name>
    <form-login-config>
    <form-login-page>/jsp/login.jsp</form-login-page>
    <form-error-page>/jsp/login.jsp</form-error-page>
    </form-login-config>
    </login-config>
    <!-- Security constraints -->
    <security-constraint>
         <web-resource-collection>
         <web-resource-name>Test Secure Application</web-resource-name>
         <description>Requires users to authenticate</description>
         <url-pattern>faces/*</url-pattern>
         <http-method>POST</http-method>
         <http-method>GET</http-method>
         <http-method>HEAD</http-method>     
         <http-method>PUT</http-method>     
         </web-resource-collection>     
         <auth-constraint>
         <description>Only allow role1 users</description>
         <role-name>role1</role-name>
         </auth-constraint>     
         <user-data-constraint>
         <description>Encryption is not required for the application in general. </description>
         <transport-guarantee>NONE</transport-guarantee>
         </user-data-constraint>
    </security-constraint>
    <!-- Define the security role(s) -->
    <security-role>
    <description>Example role</description>
    <role-name>role1</role-name>
    </security-role>
    orion-web.xml:
    schema-major-version="10" schema-minor-version="0" >
         <!-- Uncomment this element to control web application class loader behavior.
              <web-app-class-loader search-local-classes-first="true" include-war-manifest-class-path="true" />
         -->
         <resource-ref-mapping name="jdbc/lics" />
         <security-role-mapping name="role1">
              <group name="oc4j-app-administrators" />
         </security-role-mapping>
         <web-app>
         </web-app>
    orion-application.xml:
         <jazn provider="XML" >
              <property name="jaas.username.simple" value="true" />
              <property name="custom.loginmodule.provider" value="true" />
              <property name="role.mapping.dynamic" value="true" />
         </jazn>
    system-jazn-data.xml:
    <jazn-loginconfig>
         <application>
              <name>le5</name>
              <login-modules>
                   <login-module>
                        <class>com.tx.lic.oc4jsx.ext.LicLoginModule</class>
                        <control-flag>required</control-flag>
                        <options>
                             <option>
                                  <name>defaultRole</name>
                                  <value>role1</value>
                             </option>
                        </options>
                   </login-module>
              </login-modules>
         </application>
    I assume something is wrong with the deployment configuration, b/c when I specifically add users to the defined role1 role, it works fine(see below). But this is not an option, since users should only be specified in the data store of the LoginModule.
    Doing as above, the orion-web.xml is below:
         <resource-ref-mapping name="jdbc/lic" />
         <security-role-mapping name="role1">
              <group name="oc4j-app-administrators" />
              <user name="user1" />
              <user name="user2" />
         </security-role-mapping>
    Any insight would be much appreciated. Thanks.

    Hi,
    role to group mapping doesn't seem to work for custom LoginModules. This means hat your web applcation (web.xml) should use th same role names as used on the database authentication. So remove
    <security-role-mapping name="role1">
    <group name="oc4j-app-administrators" />
    </security-role-mapping>
    from orion-web.xml and it should start wrking
    Frank

  • Custom login module Authentication works but Authorization Does not work

    Hi:
    I am using custom login module and switched on the ADF authentication using adf-config.xml file. My custom authentication works i.e. it returns true but when it finally tries to display the page 401 Unauthorized message is shown. I am using JDev 10.1.3.2.
    Is there any other settings I need to perform. Could you please let me know.
    Thanks

    I have the same issue, please refer to this thread.
    Re: ADF Security Authorization

  • How to call custom Login Module from JSP

    Hi,
    I am stuck with the following issue:
    1) Exactly as presented in help.sap.com (http://help.sap.com/saphelp_nw04/helpdata/en/3f/1be040e136742ae10000000a155106/content.htm) I created custom login module and deployed it as a library on J2EE server. When I configured it to be used for my applications in the Security provider but I am getting "No user name provided" exception everytime when my applications use this custom login module.
    2) I realized that I would need to call my custom module somewhere within my application (simple JSP) using LoginContext class and then use MyLoginContext.login() spec to initiate login process. But I am not able to pass CallbackHandler parameters from JSP application to my custom login module.
    So I have the following questions:
    1. Can I pass parameters using LoginContext and CallbackHandler from JSP to my custom login module (created as exact copy of HELP.SAP.COM example) or this module cannot be used this way.
    2. How to pass CallbackHandler correctly to my custom login module from JSP. When I am trying to use CallbackHandler, I am getting "Abstract Class cannot be called" error.
    I'd appreciate any little help on this matter.
    Thanks and regards,
    Mike

    You have two alternatives to do this:
    You can declare your JSP as a protected resource with the use of the deployment descriptors of the application (web.xml) and add the custom login module in the authentication stack of the application. This way, you will use container-based authentication, i.e. the Web Container will enforce the authentication and it will call the custom login module before it dispatches to the JSP. I recommend you this approach because it requires less coding and it makes the whole thing a matter of configuration. The configuration can be later on enhanced or changed runtime without the need to re-build and re-deploy the application. If you choose this approach you can go to the documentation of the server for help on how to modify the login module stack of the application.
    You can also use programmatic authentication by using JAAS API. To do this you need to create a custom security policy configuration with login module stack containing the custom login module, and then use the standard JAAS mechanism - new LoginContext(<configuration>, <callback-handler>).login(). This approach requires that you write your own callback handler and handle any LoginException.
    Let us know which approach you prefer and whether you have difficulties implementing it!

  • J2EE 6.40 Custom Login Module - how to config

    hello all,
    i am using WAS J2EE 6.40 Sneak Preview edition. Read all i can find about custom login module, in the forum and the online help. still confused. pls help.
    here is the background info:
    - i am writing a web app. the EAR file contains 5 ejbs, 1 war and bunch of java classes in jars.
    - access to my web app is protected through url pattern (in web.xml), i've defined the same named security role in web.xml and on j2ee engine.
    - my login module does the user name and password checking. both are stored in database through some other means.
    - login is FORM based
    following the discussion in another thread on the topic, i did the following:
    #1 develop my login module code. packaged it in a jar, then sda file. deploy the sda as a llibrary to the engine.
    #2 add my login module to the security store through the security provider service.
    #3 configure my web app to use the custom login module in web-j2ee-engine.xml
    #4 deploy my web app through the ear file
    at this point, in the visual administrator, i can see the library, the custom login module (added to the UME User Store), and also my web app has authentication set to use the custom login module (under policy configurations tab).
    now i try to login to my web app. it correctly complains when i enter non-existent user or wrong password and brings me to the login failed jsp page. but when i enter both correctly (as stored in my database), i get http 403 error code. i know it is 403 because i set that error code to a special jsp page in web.xml.
    question is why? now i create a user on the j2ee engine with the same name as in my user database. then i can login ok. i am confident that my login module is called since i see the println lines in j2ee engine server logs.
    ??? so i must be missing something obvious. is it because my web app is protected through security-role? i even tried removing all such roles, but still same problem.
    ??? or do i completely mis-understand how custom login modules are supposed to work. i thought it means i can authenticate users any way i want without having to use the j2ee engine's user mgmt. pls tell me if i am totally wrong.
    ??? or maybe my login module code is missing some key stmts. how should it tell the j2ee engine that a user is authenticated? in the login() method, it returns true if user name/passwd match. in the commit() method, it adds the principal to the subject. i don't what else is required.
    does anyone have a working scenario using custom login modules?
    thanks very much for your inputs and thoughts.
    wentao

    Hi Astrid,
    I guess I have the same understanding of JAAS as you. I want to deploy an application that internally makes use of JAAS to authenticate users. There is a LoginModule that authenticates users against some database tables containing all the user data and profile. The application was not designed to be deployed to NetWeaver. So it does not make use of UME or some other NetWeaver specific feature. Actually it handles user management and authoroization issues completely on its own. The only reason for having JAAS is to allow customers to plug in their own LoginModule to use some other kind of user store.
    When deploying the web application to a simple servlet engine like Tomcat, all I have to do is to register my LoginModule in the "jaas.conf" file that is parsed by JAAS default implementation. I also tell the JVM where my jaas.conf file is located by appending a "-Djava..." runtime parameter to the JVM startup script.
    When using other application servers like IBM WebSphere things become a bit different. Normally you use the administration GUI of that server to configure your LoginModules. WebSphere for example keeps the login configuration in an internal database rather than writing everything into a "jaas.conf" text file. But the way the application can use the LoginModule is the same as in Tomcat.
    But when it comes to Netweaver, it seems to me that it's not possible to define a LoginModule that your application can use WITHOUT having to couple it tightly to UME. Or did I get something wrong? Initially I've tried to modify the JVM's parameters (using SAP J2EE Config Tool) to include the location of my "jaas.conf" file containing the my login configuration. But that did not work. The parameter was really passed to the JVM but anyway my LoginModule was not found, I guess that NetWeaver has some own implementation of the JAAS interfaces that just ignore the plain text JAAS configuration files (like WebSphere also does).
    The documentation that I have downloaded from SDN doesn't seem to match the 6.4 sneak preview version that I just downloaded some days ago. They say you should deploy your LoginModule as a library and add a refernce to the application. I tried that out but it did not help. The login configuration that the application wants to access is still not found. Actually there seems to be no way to specify the name for a JAAS Login Configuration in NetWeaver. At least I cound not find that in the documentation.
    So basically my question is: is it possible to deploy an application that wants to use some own LoginModule (either deployed separately or together with the application, that does not matter) without making use of Netweaver specific features like UME? The application has its own user management infrastructure and just needs a way to setup a JAAS Login Configuration to access its own LoginModule.
    Thanks in advance
    Henning

  • Problem with role mapping in custom login module

    Hi all,
    I have developed custom login modules. They don't use the default user store but own data tables holding the necessary user information.
    Login works fine. But there is one big problem: Only those users that exist with the same user-id in the default user store get roles assigned to it. Whicht leads to 403-errors in my web application.
    Now, this is weired because a user with id 'Susi' has completely different passwords in my custom tables and in the user store, therefore it shouldn't be possible to authenticate 'Susi' against the default user management.
    Next thing is, I don't use the default login modules at all. So why does the application validates against the user store?
    I thought a source of the  problem might be that I don't set the roles correctly. I set the roles as a principal to the subject. I have chosen the role based mapping  in the web-engine.xml and mapped all my custom roles to the server role 'guests'.
    Could anybody think of a solution to this problem ?
    Thanks,  Astrid

    Astrid,
    Sorry to go off-topic on your post...but I have a question in relation to how you deploy your login module. Do you deploy the login module with your application ? I've developed a login module that I would like to deploy by itself, I currently deploy it with the calculator example and it works fine like this, but I need to deploy it by itself. Any tips you can give would be greatly appreciated.
    I've tried to use the deploytool and deploy the module as a library...but I get a "cannot  load a login module" in the logs when authenticating a user.

  • Custome login module:SDA can't reference com.sap.portal.usermapping_api.jar

    I made my own j2ee custom login module and one of the things I wanted the custom login module to do is to clear out the UME roles for the user logging in,  "download" the role assignments from an ABAP WAS system, and reassign those roles in UME.  I got the coding done and created my JAR file. In building the SDA file, I can't figure out how to add com.sap.portal.usermapping_api.jar to the provider.xml file.  I tried specifying it on thru "create new" and tried looking for it in the list from "Select library/interface/service, but I still get an error when loading the login module.
    Does anyone know how to do this?
    TIA.
    Mel Calucin
    Bentley Systems, Inc.

    Hi Mel,
    why do you think you need to reference the portal's user mapping service API? I'm not sure whether you can reference Portal services at all from J2EE level.
    If you need to use user mapping in your login module, you don't need the Portal's user mapping service. Instead, you can directly use the user mapping interfaces and methods of the UME, which are contained in a J2EE library.
    You can use something like the following reference to get runtime access to the UME API library:
    <reference reference-type="weak">
      <reference-target target-type="library">
        com.sap.security.api.sda
      </reference-target>
    </reference>
    Accessing user mapping is possible via com.sap.security.api.UMFactory.getUserMapping() which returns an object implementing com.sap.security.api.umap.IUserMapping. This is the main entry point for all user mapping related features.
    Please check the Javadoc for details:
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/javadocs/nw04/sp12/user management engine - version 4.0/index.html
    I hope this helps.
    Best regards
    Heiko

  • Custom login module for EP7.4 with Captcha

    Hi
    I am trying to create a custom login module which validates the captcha shown at the login screen using SAP help link:
    http://help.sap.com/saphelp_nw73/helpdata/en/48/ff4faf222b3697e10000000a42189b/content.htm?frameset=/en/48/fcea4f62944e88e10000000a421937/frameset.htm&current_toc=/en/74/8ff534d56846e2abc61fe5612927bf/plain.htm&node_id=20
    The session is being set in the Captcha servlet which is used to render the image on the login page.
    However when I am trying to compare it with input or print the session value, its throwing an exception.
    I checked in the NWA logs and it just shows the following error message:
    6. com.temp.loginModule.MyLoginModuleClass OPTIONAL ok exception true Authentication did not succeed.
    Please help me analyse the error stack. Can someone point where do i check the detailed logs to trace the issue?
    Please find below source of my login module.
    package com.temp.loginModule;
    import java.io.IOException;
    import java.util.Map;
    import javax.security.auth.login.LoginException;
    import javax.security.auth.Subject;
    import javax.security.auth.callback.CallbackHandler;
    import javax.security.auth.callback.Callback;
    import javax.security.auth.callback.NameCallback;
    import javax.security.auth.callback.UnsupportedCallbackException;
    import nl.captcha.Captcha;
    import com.sap.engine.interfaces.security.auth.AbstractLoginModule;
    import com.sap.engine.lib.security.http.HttpGetterCallback;
    import com.sap.engine.lib.security.http.HttpCallback;
    import com.sap.engine.lib.security.LoginExceptionDetails;
    import com.sap.engine.lib.security.Principal;
    public class MyLoginModuleClass extends AbstractLoginModule{
      private CallbackHandler callbackHandler = null;
      private Subject subject = null;
      private Map sharedState = null;
      private Map options = null;
      // This is the name of the user you have created on
      // the AS Java so you can test the login module
      private String userName = null;
      private boolean successful;
      private boolean nameSet;
      public void initialize(Subject subject, CallbackHandler callbackHandler,
      Map sharedState, Map options) {
      // This is the only required step for the method
      super.initialize(subject, callbackHandler, sharedState, options);
      // Initializing the values of the variables
      this.callbackHandler = callbackHandler;
      this.subject = subject;
      this.sharedState = sharedState;
      this.options = options;
      this.successful = false;
      this.nameSet = false;
      * Retrieves the user credentials and checks them. This is
      * the first part of the authentication process.
      public boolean login() throws LoginException {
    // HttpGetterCallback httpGetterCallback = new HttpGetterCallback(); 
    //       httpGetterCallback.setType(HttpCallback.REQUEST_PARAMETER); 
    //       httpGetterCallback.setName("captchaInput"); 
           String value = null; 
    //       try { 
    //       callbackHandler.handle(new Callback[] { httpGetterCallback }); 
    //           String[] arrayRequestparam = (String[]) httpGetterCallback.getValue(); 
    //           if(arrayRequestparam!=null && arrayRequestparam.length>0)
    //           value = arrayRequestparam[0]; 
    //       } catch (UnsupportedCallbackException e) { 
    //       throwNewLoginException("An error occurred while trying to validate credentials."); 
    //       } catch (IOException e) { 
    //            throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION); 
      value = getRequestValue("captchaInput");
      userName = getRequestValue("j_username");
      HttpGetterCallback httpGetterCallbackSessionCaptcha = new HttpGetterCallback(); 
      httpGetterCallbackSessionCaptcha.setType(HttpCallback.SESSION_ATTRIBUTE); 
      httpGetterCallbackSessionCaptcha.setName("myCaptchaLogin"); 
      try { 
      callbackHandler.handle(new Callback[] { httpGetterCallbackSessionCaptcha }); 
      Captcha arraySessionParam = (Captcha) httpGetterCallbackSessionCaptcha.getValue();
    // System.out.println("****************************************************httpGetterCallbackSessionCaptcha" + (arraySessionParam==null?"null session":arraySessionParam.getAnswer())+
    // "\n captchaInput" + value+"*********************");
      if(arraySessionParam==null || !arraySessionParam.isCorrect(value)){
      throwNewLoginException("Entered code does not match with the image code.Session:"+(arraySessionParam==null?"null":arraySessionParam.getAnswer())+" Param:"+ value);
    // throwUserLoginException(new Exception("Entered code does not match with the image code."));
      httpGetterCallbackSessionCaptcha.setValue(null);
      } catch (UnsupportedCallbackException e) { 
      throwNewLoginException("An error occurred while trying to validate credentials."); 
      } catch (IOException e) { 
      throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION); 
      // Retrieve the user credentials via the callback
      // handler.
      // In this case we get the user name from the HTTP
      // NameCallback.
    // NameCallback nameCallback = new NameCallback("User name: ");
      /* The type and the name specify which part of the HTTP request
      * should be retrieved. For Web container authentication, the
      * supported types are defined in the interface
      * com.sap.engine.lib.security.http.HttpCallback.
      * For programmatical authentication with custom callback
      * handler the supported types depend on the used callback handler.
    // try {
    // callbackHandler.handle(new Callback[] {nameCallback});
    // catch (UnsupportedCallbackException e) {
    // return false;
    // catch (IOException e) {
    // throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
    // userName = nameCallback.getName();
    // if( userName == null || userName.length() == 0 ) {
    // return false;  
      /* When you know the user name, update the user information
      * using data from the persistence. The operation must
      * be done before the user credentials checks. This method also
      * checks the user name so that if a user with that name does not
      * exist in the active user store, a
      * java.lang.SecurityException is thrown.
    // try {
    // refreshUserInfo(userName);
    // } catch (SecurityException e) {
    // throwUserLoginException(e);
      /* Checks if the given user name starts with the specified
      * prefix in the login module options. If no prefix is specified,
      * then all users are trusted.
    // String prefix = (String) options.get("user_name_prefix");
    // if ((prefix != null) && !userName.startsWith(prefix)) {
    // throwNewLoginException("The user is not trusted.");
      /* This is done if the authentication of the login module is    
      * successful.
      * Only one and exactly one login module from the stack must put
      * the user name in the shared state. This user name represents
      * the authenticated user.
      * For example if the login attempt is successful, method
      * getRemoteUser() of
      * the HTTP request will retrieve exactly this name.
      if (sharedState.get(AbstractLoginModule.NAME) == null) {
      sharedState.put(AbstractLoginModule.NAME, userName);
      nameSet = true;
      successful = true;
      return true;
      * Commit the login. This is the second part of the authentication
      * process.
      * If a user name has been stored by the login() method,
      * the user name is added to the subject as a new principal.
      public boolean commit() throws LoginException {
      if (successful) {
      /* The principals that are added to the subject should
      * implement java.security.Principal.You can use the class
      * com.sap.engine.lib.security.Principal for this purpose.
      Principal principal = new Principal(userName);
      subject.getPrincipals().add(principal);
      /* If the login is successful, then the principal corresponding
      * to the <userName> (the same user name that has been added
      * to the subject) must be added in the shared state too.
      * This principal is considered to be the main principal
      * representing the user.
      * For example, this principal will be retrieved from method
      * getUserPrincipal() of the HTTP request.
      if (nameSet) {
      sharedState.put(AbstractLoginModule.PRINCIPAL, principal);
      } else {
      userName = null;
      return true;
      * Abort the authentication process.
      public boolean abort() throws LoginException {
      if (successful) {
      userName = null;
      successful = false;
      return true;
      * Log out the user. Also removes the principals and
      * destroys or removes the credentials that were associated 
      * with the user during the commit phase.
      public boolean logout() throws LoginException {
      // Remove principals and credentials from subject
      if (successful) {
      subject.getPrincipals(Principal.class).clear();
      successful = false;
      return true;
      private String getRequestValue(String parameterName) 
         throws LoginException { 
           HttpGetterCallback httpGetterCallback = new HttpGetterCallback(); 
           httpGetterCallback.setType(HttpCallback.REQUEST_PARAMETER); 
           httpGetterCallback.setName(parameterName); 
           String value = null; 
           try { 
          callbackHandler.handle(new Callback[] { httpGetterCallback }); 
               String[] arrayRequestparam = (String[]) httpGetterCallback.getValue(); 
               value = arrayRequestparam[0]; 
           } catch (UnsupportedCallbackException e) { 
                return null; 
           } catch (IOException e) { 
                throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION); 
           return value; 
    Regards
    Ramanender Singh

    Ramanender,
    JAAS modules usually requires a restart whenever you need to change them. So be very careful with what you expect once you re-deploy your code.
    Once the library is loaded it will never reload itself until you perform a restart of the VM. 
    Connect to the debug port may help, but basic debugging will not take you too far either.
    I would recommend you to use the log tracing facility on your code. Just enter the following class attribute:
    import com.sap.tc.logging.Location;
    private static final Location trace = Location.getLocation(<your_classname_here>.class);
    trace.warningT("Some Warning Text Here..." + variable here);
    trace.debugT("Some Warning Text Here..." + variable here);
    You may need to go NWA and set the Location Severity Level to Debug according to your needs.
    Leave the trace code on your module for IT personnel to debug it if necessary. Don't forget to have the severity level of your code properly set.
    Meaning: You don't want to have every trace message your module sills out with warningT() or infoT().
    There is a excellent blog here on how this works
    Then you will be able to inspect some variable contents while the callbackhandler is being executed.
    Pay special attention with the timing - variables have a lifetime when dealing with login modules.
    Use the entering(<method_name>) and exiting(<method_name> just ot make sure where in the code the variable should be populated and when.
    BR,
    Ivan

  • Custom login module and SSO using 10.1.3.3

    We are using ADF 10.1.3.3 to build applications and recently a requirement from a customer was to use LDAP for authentication but use internal application tables for authorisation. So essentially the username and password will be in LDAP but all the roles definition are in the application. This is because the LDAP directory has tight controls on contents and is used enterprise wide.
    I created a proof of concept to address this requirement using the examples at
    http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
    and also
    http://technology.amis.nl/blog/1462/create-a-webapplication-secured-with-custom-jaas-database-loginmodule-deploy-on-jdeveloper-1013-embedded-oc4j-stand-alone-oc4j-and-opmn-managed-oc4j-10g-as
    specifically using DBProcLoginModule to call a database package.
    The PL/SQL package I created used DBMS_LDAP to call an LDAP directory with the username and password to check authentication and then used internal application tables to get the authorisation details required.
    All this worked very well. I tested on both the embedded OC4J and also standalone OC4J.
    Then one of my peers said will this work with SSO? Specifically we use Oracle OID as we have SSO for Forms and Reports.
    My experience with SSO has been with Oracle OID and having all the user and role details stored within OID.
    So my issue now is can I integrate the custom login module approach I have used with SSO? My knowledge of SSO and OID is limited so I'm not sure how (or if) it would interact with a custom login module. Are the two mutually exclusive?
    Any guidance is appreciated.
    Regards,
    Adrian

    Hi,
    this question should be posted to the Oracle Application Server forum or the security forum. However, based on my findings and experience in this area, I don't think that SSO is integrated with custom LoginModules since the integration would need to be coded in the LoginModule.
    Frank

  • Custom login module with 10.1.3

    Hello all,
    I've been trying out Frank N's custom login module (http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm) with JDev 10.1.3/OC4J 10.1.3 and am not having much luck.
    Whenever I add <property name="role.mapping.dynamic" value="true"/> to orion-application.xml, the application fails to deploy with java.lang.InstantiationException. I even get this error when I try to set up a custom login module using the enterprise manager for OC4J 10.1.3. Is this a bug, or does the doc need to be updated? Without this item configured, I do get the basic login prompt, but no logging or anything - which indicates to me that the custom login module is not even being called. Nothing on metalink either.
    Thanks,
    John

    hmm i dont know... custom login module (db authentication) definitely works with standalone 10.1.3.0.0 and jdevloper standalone, but it doesnt work with jdev embeded oc4j (jdevstudio1013\jdev\system\oracle.j2ee.10.1.3.36.73\embedded-oc4j)
    i have the code, and it works.. however the application is entirerly made in jdev 10.1.3.04 production, it is not migrated from previous jdev.. make sure to deploy from war file (i have prob to deploy from ear)
    the only big problem i got is to setup ssl in separate oc4j standalone (ssl works with jdev standalone) and make client athentication to work
    because it wont run as it should.. (i did not have this prob in 10.1.2.1)

  • Deploying a custom login module to the J2EE engine

    I have developed a custom login module, and want to deploy it to the SAP j2ee engine. How should I go about this ? I tried packaging it as a jar and then using the deploytool, went into user management to register the module, but when the module was invoked I got an error in the log saying "Cannot load a login module".
    The way I currently deploy it is packaged with the Example Calculator, and this works. I just add my 2 java files into the web module (in com.sap.examples.calculator.beans) and it gets packaged in the war file.
    Can anyone help with the "proper" way of deploying my module ?
    Thanks in advance

    Hi Brad,
    >
    > What I'm actually trying to do is NOT deploy my
    > custom login module with an application. But rather
    > deploy the jar file as a library to the J2EE engine,
    > so that any application can use it by configuring it
    > in their login stacks. I'm still not totally clear
    > whether this is possible or not.
    Once again - It is possible to deploy the login module as a library to the J2EE Engine; furthermore, this is the PREFERRED way to use login modules!
    >
    > What I have currently done:
    >
    > 1. developed custom login module packaged as a jar in
    > NW studio (2 class files)
    >
    > 2. Using deploytool I deploy the jar as a library to
    > the j2ee engine. This works and the library shows up
    > under the libraries section.
    >
    > 3. Register the login module in the user
    > management->manage security stores section. I'm
    > unsure if this works properly. Do I just provide the
    > full path to the required class ? For example
    > "com.example.myloginmodule.LoginModule"
    > I have a suspicion that my error of "cannot load a
    > login module" stems from here.
    >
    > 4. I have then followed your step and added a
    > reference to the libray (Hard reference) and this
    > seems ok.
    >
    Sorry, Brad, I've made a mistake here. You need to set a reference from the Security Provider Service to the library that contains the login module (not from the application). To do that at runtime, you'll have to use the Configuration Adapter service on the J2EE Engine. For a description of the procedure, see this page in the documentation: http://help.sap.com/saphelp_nw04/helpdata/en/dd/1e3a3e5069eb6ce10000000a114084/frameset.htm
    You need to provide additional entry of the following type in the security-provider.xml file:
    <reference type="library" strength="weak">
            Your-library-name-here
          </reference>
    Regards,
    Ivo.
    Message was edited by: Ivaylo Ivanov

  • Custom Login Module for Tomcat to procted apps using Oracle Access Manager

    Hi all,
    I have the following scenario.
    A web application deployed in Tomcat to be protected using OAM. One solution is to use Access Gate though we have other alternative as Proxy infront of Tomcat with a webgate. Now I am implementing the Access Gate solution.
    So, when the user clicks the tomcat application, then the prompt (BASIC) appears for login details. custom login module should kick in and take those login details and authenticate against OAM using Access SDK API.
    I have created access gate profile and installed Access SDK. Ran the ConfigureAccessGateTool as well.
    I did some research googling for login module. I came to know that we need to write a custom realm for it. So, this realm implementation involves specifying role-name etc., in web.xml where the role-name would have been defined in tomcat-users.xml.
    This means that the user trying to authenticate against OAM has to have some roles defined in Tomcat to login. I didnot understand the flow end to end as how this will work.
    Please let me know if anybody has done this of customization.
    Thanks,
    Mahendra.

    Hi Ambarish,
    Initially I thought of implementing the way you suggested in Option 2.
    But there will be various redirections when we use option 2 as the login page should redirect it to a page where OAM authentication and authorization stuff has to be handled. And accordingly we have to redirect it to specific pages upon successful atn and atz. Hence, I was opted using Custom Login Module.
    However, I have been trying Option 2 now. In web.xml, I have specified a login page with FORM scheme. The login redirects it to another page say OAM_Authentication_Handler.jsp. Here we code which serves atn and atz. Upon doing this, I have observed that the protected resource in OAM is not getting evaluated using the method
    String ms_protocol = "http";
    String ms_method = "GET";
    String ms_resource = "http://localhost:8080/FormLogin/private.jsp";
    ObResourceRequest rrq = new ObResourceRequest(ms_protocol, ms_resource, ms_method);
    The method rrq.isProtected() is returning false which implies it to unprotected. I have tested using Access Tester for the resource and it results in expected behaviour.
    Is there any limitation here by using this approach?
    Any ideas?
    Thanks,
    Mahendra.

  • Custom login module - Not invoked...

    Hi All
    I have developed a custom login module and the necessary configuration steps in VA are performed. However, the custom login module is not called...
    1. Developed a Java DC as a Child DC in a Library DC.
    2. Added all the relevant jars needed as Used DC and Public Parts as required. Also updated the provider.xml with relevant references.
    3. Build and Deployed. (No errors found here..)
    4. In VA - Created a new Login Module.... updated the property LoginModuleClassLoaders to library:xyz where xyz is the name of the folder for deployed sda as found in cluster\j2ee\serverx\bin\ext...next updated the config tool for the same.... next modified the sap.com/irj*irj authentication as:
    Basic - Requisite
    CustomModule - Optional.
    Then performed server restart. Yet, login module not called. Any ideas as to where I am going wrong..?? (In my login module, just trying to retrieve the user name and change their attributes like lastname etc... )
    Thanks
    Deepak

    Issue solved....
    Had forgot to add the module to the ticket stack...

  • Error using 10.1.3 Security Provider:3rd party LDAP or Custom Login Module

    Hello all,
    After deploying my JSF/ADF application using Jdeveloper 10.1.3 to Oracle Application Server 10.1.3, I used the Application Server control to change the 'Security Provider' configuration:
    1. Using 3rd Party LDAP Provider (Novell eDirectory)
    I get the following error when restarting the application with the new config.
    06/06/21 16:42:32 Error while configuring security provider MBean for application AccessList
    06/06/21 16:42:32 java.lang.ClassNotFoundException: oracle/security/jazn/jmx/CustomLDAPSecurityProvider
    2. Using Custom Login Module (again programmatically talks to eDirectory and it works in UIX/10.1.2 application)
    I get the following error when restarting the application with the new config.
    06/06/21 14:31:19 Error while configuring security provider MBean for application AccessList
    06/06/21 14:31:19 java.lang.ClassNotFoundException: oracle/security/jazn/jmx/LoginModuleSecurityProviderAlso, I get this error with both the settings..
    06/06/21 14:31:19 WARNING: Application.setConfig Application: AccessList is in failed state as initialization failedjava.lang.
    InstantiationException
    Jun 21, 2006 2:31:19 PM com.evermind.server.Application setConfig
    WARNING: Application: AccessList is in failed state as initialization failedjava.lang.InstantiationException
    06/06/21 14:31:19 java.lang.InstantiationException
    06/06/21 14:31:19       at com.evermind.server.ApplicationStateRunning.initDataSources(ApplicationStateRunning.java:1424)
    06/06/21 14:31:19       at com.evermind.server.ApplicationStateRunning.initializeApplication(ApplicationStateRunning.java:195)
    java.lang.ClassNotFoundException error leads me to believe, I am just missing to include some libraries..
    I have included "bc4j.security" in my web project and I am not sure if that is what is needed!
    Will appreciate your help..
    Thanks,
    Karthik

    The problem i had with my Custom login module was that JDeveloper includes the datasources listed in the connection tab.
    When JDeveloper does that it writes the username and password in the jazn-data.xml. But with the Custom Login module the reference in de data-source declaration cannot find the password. that's why i got the InstantiationException at the initDataSources point.
    In tools>preferences>deployment you can uncheck the option:
    Bundle Default data-sources.xml During Deployment.
    The problem with this is when i specify a datasource in the data-sources.xml i included myself, jdeveloper will also put de datasources under the Connections tab in the data-sources.xml.
    Does anyone knows how to stop jdeveloper putting the datasources automatic in the file, or how to prevent jdeveloper storing the password in jazn-data.xml?

  • Potential JavaSSO and Custom Login Module Bugs In Clustered Environment

    We've been working with the custom login modules and JavaSSO and have found issues with deployment on 10.1.3.2 in a clustered environment. Deployment on a single server looks like it is working properly.
    I'm wondering whether any one here has been using CLM with JavaSSO and have deployed in a clustered application server environment? I've posted in the past regarding this in the OC4J side, but never got a response, so I thought I'd try the experts here...
    Here are some TARS that we've logged. Any help from the community would be appreciated.
    6320304.994 JAVASSO JSSOUTIL.LOGOUT FUNCTION REDIRECT NOT WORKING ON CLUSTER
    6365407.993 SETTING <distributable/> TAG IN WEB.XML CRASHES APPLICATION
    6338664.992 JAVASSO LOGIN PAGE DOES NOT LOGIN USER BUT RELOADS LOGIN PAGE
    Thanks!
    Kenton

    Hi Kenton,
    Specifically, what were the issues that you ran into when clustering JavaSSO? Was it a problem only when combined with the Custom LM?
    As long as the same CLM is configured for your app (I assume this is also clustered) and JavaSSO, that should be sufficient. Obviously, CLM need to be configured against the same user repository.
    If the apps were on different hosts, did you remember to set the property "custom.sso.cookie.domain" to set the right domain name in the cookie? Otherwise, you will keep getting redirected to the login page.
    http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/javasso.htm#BABJCGCB
    -skt

Maybe you are looking for

  • Error while installing Oracle Data miner 10G Release 2

    Hello, I am a student involved in research in Data mining. I am new to Oracle Database and data miner. I installed Oracle Enterprise Manager 10g Grid Control Release 2 (10.2.0.1). Now I am trying to install ORacle data miner (10.2.0.1). However, at t

  • Why won't my Mac Pro read a burnt copy of Photoshop CS5?

    I just got myself a Mac Pro. From upgrading my old G4. My Mac Pro is a 2 Dual-Core Intel Xeon 2.66 ghz Version 10.6.8. With a SONY DVD RW DW-D150A Drive and a NVIDIA GeForce 7300 GT graphics/display. So I have plenty of requirements to run CS5..I thi

  • How to track a PDF download as a webpage hit?

    My website provides people with free information via about 50 PDF downloads. although I have excellent tracking software (Extreme Tracking) on each HTML page, I have absolutely no idea how many PDFs are being downloaded or from which region of the wo

  • Slight Problem with Applet

    I am done making a current applet that I am working on it. I made the html, ran it in IE, and..I got an error. Here is the first one of many, and I think it is the main one: java.security.AccessControlException: access denied (java.io.FilePermission

  • Why is my computer showing a picture of the key I push (shift, command, etc.) in the top right hand corner of the screen??

    Every time I press the shift key, command key, option key, control key, or function key it shows it's symbol in the top right hand corner of the screen. It also locks in shift until I press shift again. Please help me get this off of my computer, it'