How to configure login modules for certificate logon

Similar Messages

• How to configure Login Modules Stack for Kerberos/LDAP

  Hello collegues,
  currenty we are working on UME configuration for the following use case.
  Clustered portal instance NW2004s running on AIX should be able to authenificate two groups of users.
  The first one is described by LDAP Data Source (Sun Directory Server) and using some artificial unique userID. Based on this userID, the SSO Ticket is created to get acces to the backend R/3 system. The LDAP schema has an "userdomain" attribute in it.
  The new group using ADS. These users are happy using it, because they have windows-based authentification and don't forced to type any credentials during login.
  There are plenty of blogs decribing how to connect ADS (even as a second DataSource) to UME.
  There are two unsolved problems: 
  1. ADS account attributes does not have the userID needed to get an SSO Ticket
  2. LDAP DataSource has no ADS password and can not be used for Kerberos authentification.
  What could be a solution for this case? I am sure we need an extra login module which enrich the Subject (user, which is already authentificated by SPNego module) with userID, selected from LDAP DataSource based on user attributes.
  Is there any other solution? May be I can mix some attributes in a DataSource configuration file?
  Best regards
  Sergej Naimark

  Hi Frank,
  did you configure the SSO for an individual policy configuration or did you edit and save the changes the ticket policy config? I ask, b/c if you applied the changes to the individual policy config then the SSO with certificates will be used <b>only</b> when you access the applications for that policy config.
  You can also double check the login module flags - perhaps the authentication check doesn't reach the ClientCertLM at all.
  Since you followed the help portal instruction I assume you've enabled strong crypto - it is required for client cert SSO. Ano easily committed mistake is to also not use the HTTPS port in the access URL.
  Let me know if this helps...
  Yonko

• How to configure Email notification for User login's in Exchange Infrastructure?

  How to configure Email notification for User login's in Client Machines?

  Hi ,
  Based on the description , you need to assign logon scripts to the end users via group policy and also use your exchange server as the smtp server in that logon script to relay emails to the internal recipients.
  Thanks & Regards S.Nithyanandham

• Login module for the J2EE application

  Hi ,
  I am trying to use the BasicPasswordLoginModule for my J2EE application which will be deployed in the SAP J2EE engine.My application will not be accessed through the portal.
  I am having a login screen in my application for which i want to use the already avaliable login module. ie.. BasicPasswordLoginModule.
  When i am trying to get the login(). i am getting the following the error.
  "javax.security.auth.login.LoginException: No LoginModules configured for BasicPasswordLoginModule".
  Please let me know what needs to be done.
  PS: The version environment is CE 7.1
  Regards
  Abu Bakar

  Hi Julius
  I am totally confused, my application is a pure J2EE application which has only one screen which just displays the details. And i want only the login screen to be implemented. I have gone through a couple of dec from sap which tells to created a custom login module if requiredl but i want to user the FORM based authentication and use the BasicPasswordLoginModule(in-built in WAS)
  All that i am doing is written a web.xml with the following information:
  <login-config>
     <auth-method>FORM</auth-method>
     <form-login-config>
     <form-login-page>/home.jsp</form-login-page>
     <form-error-page>/relogin.jsp</form-error-page>
     </form-login-config>
    </login-config>
    <security-role>
      <role-name>App_Viewer</role-name>
    </security-role>
  web-j2ee-engine with following information:
  <security-role-map>
            <role-name>App_Viewer</role-name>
             <server-role-name>Administrator</server-role-name>
       </security-role-map>
       <login-module-configuration>
       <login-module-stack>
       <!-- Contains all login modules used for authentication -->
            <login-module>
            <!-- Contains information about one login module -->
                 <login-module-name>BasicPasswordLoginModule</login-module-name>
                 <flag>SUFFICIENT</flag>
                 <options>
                      <option>
                      <!-- The option UserNamePrefix determines that the user name must start with "Admin" -->
                      <name>UserNamePrefix</name>
                      <value>Admin</value>
                      </option>
                 </options>
            </login-module>
       </login-module-stack>
       <security-policy-domain></security-policy-domain>
  </login-module-configuration>
  And I am not sure, if the above mentioned details are enough. My implementation code is as follows:
  try {
            HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
            HttpServletResponse response = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();
            request.setAttribute(ILoginConstants.LOGON_UID_ALIAS, this.getUserName());
            request.setAttribute(ILoginConstants.LOGON_PWD_ALIAS, this.getPassword());
            UMFactory.getLogonAuthenticator().logon(request, response, "BasicPasswordLoginModule");
            status = success;
       } catch (Exception e) {
            e.printStackTrace();
            status = e.toString();
  In the NWA i have just configured the UserNamePrefix with Admin, thats all . Since the form login authentication method is already configure with the BasicPasswordLoginModule, I left it untouched.
  I also implemented a custom login module and deployed it but not sure how to use it in my code.
  Please let me know if i am in the rite track. Correct me if i am wrong. At the end of the day i want to use the login screen just to get authenticated. I am also not bothered about the password changing etc.. As the users who are going to use my application are the users in the Identity Management. Few portions of my screen should be allowed to be displayed based on the roles.
  PS: My application is not configured in the portal. Its an independent application deployed on the WAS(CE 7.1).
  Please advice
  Regards
  Abu Bakar

• How to configure FM module in BW after ECC6.0

  Can someone advice me on how to configure FM Module in BW after ECC6
  My company just upgrade R/3 system from 4.6C to ECC6.0. Before this Fund Management(FM) reside under 0FI (Financial Accounting) after ECC6.0 the FM reside in 0PSM (Public Sector Management).
  In 4.6C,  there is only 2 extractor for FM but for ECC6.0 there are a lot of extractor listed such as.
  - FM_BW_BUDGET
  - FM_BW_ACTUAL
  ECC6.0
  - FM_BW_BUDGET_DELTA_ISPS       
  - FM_BW_BUDGET_ENTRY_DOCUMENTS  
  - FM_BW_BUDGET_ISPS             
  - FM_BW_BUDGET_LINE_ITEMS       
  - FM_BW_BUDGET_TOTALS           
  - FM_BW_ACTUAL_CO_LINE_ITEMS_IS 
  - FM_BW_ACTUAL_FI_LINE_ITEMS_IS 
  - FM_BW_ACTUAL_ISPS             
  - FM_BW_ACTUAL_OI_LINE_ITEMS_IS 
  I need to know how to configure this new FM in BW and the 0PSM are not in BW System.

  Is there a different in configuration between BI7 and BW 3.5?
  Before this in 4.6C the query for FM read from BW3.5 but since the R/3 has upgrade to ECC6 and our BW System also has upgrade to Netweaver 2004s, so we'll be using BI7

• Custom login module for weblogic portal 10.3.2

  Hi everyone
  i want to develop a custom portal login module for weblogic..
  can anyone help me out with details how can i implement it ...any links provided will ve very useful
  Thanks in advance.

  The credentials given on that page are wrong for 10.3.2. (They might be correct for 10.3, but that's not my problem.) I found the correct credentials -- weblogic / webl0gic -- at this URL:
  weblogic portal 10.3.2 sample domain admin console question
  It's also given correctly in section 6 of the Getting Started Guide, but you have to know to look there first.
  Edited by: dwschulze on Aug 19, 2010 1:47 PM

• Custom Login Module for EP7

  Hello Experts,
  i have a requirement to develop a custom Login Module for EP7. I am fine with the programming part and on this side everything should be fine. I am puzzling about the configuration. My LoginModule is configured according to this link: [SAP HELP|http://help.sap.com/saphelp_nw2004s/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/content.htm]. But when i configure sap.com/irj*irj in SecurityProvider in Visual Admin, the changes do not take affect. I restarted the portal as well as the Server. I am on NW2004s SP 14.
  What am I missing.
  Thanks for any help,
  best Regards,
  Rene

  Hello Laura,
  thank you for your reply. I have read you link and I doubt that this is the solution. In authschemes.xml you define the user interface for authentication and priority. In Visual admin, you can define the loginModule for your Scheme. But this must be possible without defining an authscheme. Am I right? In my understanding you only have to declare the loginmodule for the application in Visual Admin. And thats it.
  So what i have to do to change the login module for the Portal (irj).
  Any help will be appreciated,
  best regards,
  Rene

• How to configure release procedure for rate contracts release

  Dear all,
  How to configure release procedure for rate  contract following are the requirements
  they are two release codes c1 & c2 <=100000,>=100000
                  if  c1 is not there c2 has to be approved
       Change in the value of the rate contract contract
       Change in the validity of the rate contract
       Addition of deletion of line items
  While using a non u2013 released rate contract in the PO an error message should shoot out.
  Also the logic should be changed while using the rate contract in the PO.
  The usage of the rate contract should be till the validity of the rate contract. i.e. the measurement should be end date of the rate contract and the PO creation date and not the delivery date of the PO. &
  It should be possible to refer existing valid rate contracts in purchase orders.
  Regards,
  bhaskar

  Hi,
  In SAP rate contract is known as value contract denoted with wk. The release procedure for rate contract is same as that of other contracts and scheduling agreements. The tables  for contracts will vary with SA (Scheduling agreement) .You may try and maintain condition records based on the customer combination and maintian the validity date of condition records as per your requirement.For contract and PO will have the same header/item table as EKKO/EKPO, and the release
  class in standard is the same FRG_EKKO, you can use the same for contract.
  To distinguish if it's a contract or PO, EKKO-BSART can be used.
  For contract EKKO-BSART will be MK or WK, while PO will have NB/UB etc..
  You can restrict the document type to set up the release strategy for only contract.
  Of cause, you can also create your own release class Z* for contract copying standard
  one FRG_EKKO via CL01/Class type 032, and then assign the class Z* to customizing:
  OLME:
  -> contract
  ->Release Procedure for Contracts
  ->Define Release Procedure for Contracts
  ->Release Groups
  If you have already created the PO release class.
  Assign a new chracteristic of Document Category -BSTYP
  Please check below link for detailed release procedure. I hope this wil help you out .Thanking you.
  http://wiki.sdn.sap.com/wiki/display/ERPSCM/RELEASE+PROCEDURE#RELEASEPROCEDURE-TABLESUSEDFORRELEASEPROCEDURES

• How to configure Broadcast messaging for IC Webclient profile

  Dear all,
  How to configure Broadcast messaging for IC Webclient profile. what are the prerequisites for it?
  We are not using EP interface for IC Webclient, then where can I find broadcast messaging URL in SAP CRM system.
  I have checked for the relevant BSP application, but could not find.
  Please help me to configure the scenario successfully, your help will be highly appreciated.
  Best regards,
  Raghu ram

  Hi raghu
  In CRM Broad cast messaging application is CRM _BM,
  Go to easy access u2013 go to favourites u2013 select add other objects - select BSP Applications- then select CRM_BM Application.
  Select that BSP application and test it u2026
  `
  Regards,
  Narsimha

• How to configure SMTP server for osb 10.3.1

  Hi All,
  Can anyone share information on how to configure SMTP server for osb 10.3.1
  and then how to send an email from osb 10.3.1
  Thanks in Advance!!

  Thanks a lot!!
  I configured the same way. When I am sending email to an account on the same domain as my SMTP server is the sending of email is successful. But its giving error when I am trying to send an emain to an account which is on different domain. It giving error as "Operation has been cancelled"
  Please suggest something.

• How to configure Application module pooling?

  I want to know wheather bc4j container itself manages Application module pooling if yes then please tell me is there any file to set parameters for congiguration like one which we have for apache web server.
  If no then please let me know how to create applicatiom module pooling.
  Thanks in advance.

  Application module pooling is configurable through an application module configuration. In order to edit an application module configuration you may right click an application module and select Configurations...
  The BC4J data web beans and the BC4J JSP datatags are both application pool clients. The BC4J documentation includes descriptions of the application pool properties. The documentation also includes a code sample which illustrates how to write your own pool client.

• How to configure simultanous access for 11i application

  Hi All
  We have one existing 11i application instance on node grid1.In which we start the servicess from apps user.
  In our same we want another node for the same application in which we will start the servicess from another user(merge)
  For that we perfrom the following steps
  1.Copy the APPL_TOP,COMMON_TOP,ORA_TOP(8.0.6,iAS) from node "GRID1" to diffrent node "GRID2"
  2 configure the GRID2 node using adcfgclone.pl utility(we have configure new node for WEB and FORM Server)
  3 We perfrom the modification in the following files ON GRID2 .
  i Identify 'FNDNAM=apps' statement in $FND_TOP/secure/<context>.dbc
  and replace with 'FNDNAME=merge' to connect to MERGE schema instaed of APPS.
  ii. Go to the last line of $APACHE_TOP/jserv/etc/zone.properties file
  and identify 'schema=APPS' statement and change it to 'schema=MERGE'
  iii. Identify below lines in $APACHE_TOP/modplsql/cfg/wdbsvr.app file
  password = apps
       username = apps
       document_table = APPS.fnd_lobs_document
  and replace with modified below lines
  password = merge
       username = merge
       document_table = MERGE.fnd_lobs_document
  6. For redirecting user's request to new Application Server server, we
  changed the following 4 system profile options with proper URL and port
  at responsibility level only for the responsibilities,
  which we use for Merge views.
  Profile Options
       Application Framework Agent
       Applications JSP Agent
       Applications Web Agent
       Apps Servlet Agent
  When we are able to start the services on GRID2 node,but at the time of login we are getting invalid user name/ passwd error
  Please let us know is there any way to access application other than apps user
  Regards
  Sohail

  well thank you very much .I know how to define a DataSource inside Weblogic Server.
  But i am confused over one issue
  When We are going to use Container Managed EntityManager inside the SessionBean the persistence.xml file looks like this
  *<persistence>*
  *     <persistence-unit name="RamsEJBPU" transaction-type="JTA">*
  *          <jta-data-source>myJtaDataSource</jta-data-source>*
  *     </persistence-unit>*
  *</persistence>*
  But in some cases it looks like as shown below :     <persistence-unit name="RamsEJBPU" transaction-type="resource-local">
       <provider>org.hibernate.ejb.HibernatePersistence</provider>
                      <properties>
                 <property name = "hibernate.connection.driver_class" value = "oracle.jdbc.driver.OracleDriver"/>
                 <property name = "hibernate.connection.url" value = "jdbc:oracle:thin:@localhost:1521:orcl"/>
                 <property name = "hibernate.connection.username" value = "CHENNAISPAT"/>
                 <property name = "hibernate.connection.password" value = "CHENNAISPAT"/>
              </properties>
       </persistence-unit>
  </persistence>Can you please tell me why is it so ??

• How to configure Oracle SSO for forms and apex

  Hi All,
  I am trying to configure oracle SSO for forms and apex using third party external authentication. Please help me how to configure. I a have tried all possible things
  from web but I am not able to do it. Is there any doc or links are much appreciated.
  Info: Some reason my oiddas web link is not working it used to work fine before and also the from /pls/orasso/ link I am not able to login may be because of my oiddas issue
  Thanks

  Hi Andreas,
  Thanks you for your help. I am trying to implement third party external LDAP authentication for APEX and Forms.
  So I started with OID and SSO setup to create external Partner Applications. Some reason my oid and sso web login links are not working. I didn't find any errors. I need some help in finding the problem and direction, I already read docs on web but no proper direction. I appreciate your help.
  Thanks

• How to configure Oracle SSO for OBIEE

  Hi all
  Can anyone help me saying how to configure Oracle Single Sign-on with OBIEE?
  Basically I want to enable a common login for Dashboard and answers using SSO.
  I am using OBIEE 10.1.3.4 on a Redhat Linux
  thanks in advance

  Hi...
  See this, hope this what you want...??
  If not .. ignore...
  Thanks & Regards
  Kishore Guggilla

• How to fix Login failed for user ''. (Microsoft SQL Server, Error: 18456)in windows 2008?

  Hi All,
  we are facing the Login fails issue .
  how to resolve the bellow error , could you please suggested the possible ways .. ASAP
  TITLE: Connect to Server
  Cannot connect to ..
  ADDITIONAL INFORMATION:
  Login failed for user '  domain\name'. (Microsoft SQL Server, Error: 18456)
  For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476
  BUTTONS:
  OK
  Log Name:      Application
  Source:        MSSQLSERVER
  Date:          10/6/2011 1:56:28 PM
  Event ID:      18456
  Task Category: Logon
  Level:         Information
  Keywords:      Classic,Audit Failure
  User:          domain\name
  Computer:      
  Description:
  Login failed for user '  domain\name'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <local machine>]
  RAM

  I was hitting myself in the head with this problem for a couple of minutes.... Everything was fine on the DC and Domain itself.. I added the Domain admins Group Principal for which I am part of... I was getting this error  ... Long History... Short
   (Right Click and Run as Administrator took care of this for me..) UAC was the cause of the problem.
  Cannot connect to XX-DB-XX3.
  ===================================
  Login failed for user 'XXXXS\XXas'. (.Net SqlClient Data Provider)
  For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476
  Server Name: XX-DB-XX3
  Error Number: 18456
  Severity: 14
  State: 1
  Line Number: 65536
  Program Location:
     at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
     at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
     at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
     at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)
     at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject)
     at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart)
     at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)
     at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
     at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)
     at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup)
     at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
     at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
     at System.Data.SqlClient.SqlConnection.Open()
     at Microsoft.SqlServer.Management.SqlStudio.Explorer.ObjectExplorerService.ValidateConnection(UIConnectionInfo ci, IServerType server)
     at Microsoft.SqlServer.Management.UI.ConnectionDlg.Connector.ConnectionThreadUser()