Jaas database login module

Similar Messages

• JAAS - Solaris Login Module

  Hi all,
  Iam trying to use Solaris Authentication as backend.Iam using JAAS 1.0, jdk1.3.x
  I downloaded the tutorial from Sun's web site and changed the JAAS configuration file to use SolarisLoginModule
  In the code, i call the LoginContext's login() method passing
  lc.login(cfgEntryName, new myCallbackClass() )
  where cfgEntryName in the jaas config file has value like
  osgLogin {
  com.sun.security.auth.module.SolarisLoginModule required debug=true;
  I Dont know why the Solaris Login module is not calling my handle() method in myCallbackClass. Its just succeeding, without prompting me for user password.
  Does anyone know how to make SolarisLoginModule call my callback.?
  Thanks in advance!
  Madhu

  I am using jdk1.4 which has the JAAS included and I am having the same problems trying to get NTLoginModule and UnixLoginModule to using the handle() method in my callbackClass.
  I was able to get a different NT login module to do my authentication. The loginModule is called com.tagish.auth.win32.NTSystemLogin and is available from:
  http://free.tagish.net/jaas/
  I can not however find another LoginModule to do my solaris/unix authentication. Surely somebody has done this before. If so please let all of us know.
  thanks
  Mark

• JAAS Custom Login Modules does not run on JDev/OC4J 10.1.3, pls help...

  Hi all,
  I trying to use Custom Login Modules as described on :
  http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
  I open the DBLMTest.jws in JDeveloper 10.1.3.1, after completing the required steps, I try deploy it into OC4J Stand alone 10.1.3.
  I get ERROR :
  application : foo is in failed state
  Operation failed with error:
  java.lang.InstantiationException
  The cause of the error is the two lines below that I add into orion-application.xml :
  <property name="role.mapping.dynamic" value="true"/>
  <property name="jaas.username.simple" value ="true" />
  If I remove the two lines, it deploys succesfully.
  Please helpp... I have to implement security in our apps very soon....
  Thank you very much,
  xtanto
  The complete trace of deployment error :
  ---- Deployment started. ---- Apr 4, 2007 5:25:19 PM
  Target platform is Standalone OC4J 10g 10.1.3 (oc4j_oracle).
  Wrote WAR file to D:\_JDEV1013.APPs\jaasdatabaseloginmodule\JDeveloper1012Workspaces\DBLMTest\Project\deploy\DBLMTest.war
  Wrote EAR file to D:\_JDEV1013.APPs\jaasdatabaseloginmodule\JDeveloper1012Workspaces\DBLMTest\Project\deploy\DBLMTest.ear
  Uploading file foo.ear ...
  Uploading file foo.ear ...
  Application Deployer for foo STARTS.
  Copy the archive to C:\OC4J\j2ee\home\applications\foo.ear
  Initialize C:\OC4J\j2ee\home\applications\foo.ear begins...
  Unpacking foo.ear
  Done unpacking foo.ear
  Unpacking DBLMTest.war
  Done unpacking DBLMTest.war
  Initialize C:\OC4J\j2ee\home\applications\foo.ear ends...
  Starting application : foo
  Initializing ClassLoader(s)
  Initializing EJB container
  Loading connector(s)
  application : foo is in failed state
  Operation failed with error:
  java.lang.InstantiationException
  Deployment failed
  Elapsed time for deployment: 4 seconds

  Hello there again xtanto,
  I blogged about this last year - perhaps you could run over to http://stegemanoracle.blogspot.com and have a look. I'd send you the exact link, but I cannot access blogspot from work.
  John

• Custom Login Module Does Not  Work

  Hello,
  Can someone give me some suggestions on what I should look at to fix the following error.  I created jaas custom login module.  Within the module I authenticate against an active directory.  I've put many trace statements throughout the login module code.  So I can actually follow everystep of the way through the login process.  The user authenticates correctly and in the commit() method of the login module, the security principal is created and added to the principals and true is returned from the method.  Everything looks like it worked correctly... but the user doesn't actually get into the portal.  The login screen is redisplayed.  This login module is the only login module in the stack being used to authenticate.  According to the tracing, everything should of worked.  Does anyone have any suggestions on what I should look at?
  thanks,
  Keith
  NW04 SP14

  Marcel,
  The reason we are using a custom login is we want to handle different situations when logging in, for example, if a password is expired we re-direct to a change password page that allows the user to update their password.
  In our EP6 sp2 environment, this is working.  I then recoded the login module so it would work in NW04, be we are having no luck.
  Here is the weird thing, it works on some userid's but not on others.  For example, with a userid like "kjanks" it works fine.  But with a userid like "t.portal08" it fails, then your back at the login screen with the userid field displaying the userid, but the password field is empty. You can then click the login button again without doing anything else and then it works and you get in the portal.  So it seems like the "." in the one userid is causing trouble.
  Any Ideas?
  thanks,
  Keith

• Programmatic access to Login Module instances

  Does anyone know how, through code, to access (via JAAS or SAP APIs - prefer JAAS) configured Login Module instances? 
  I want to retrieve a list of LoginModule instances or LoginModule names.
  Thanks.
  James Walkup
  MomentumSI Inc

  Hi,
     There are different ways. as you said You can either drop it in jre/lib folder or a clsspath setting will do.
  But some times the server will not be able to catch up those libs so You can set the path to these libs in config tool. This will ensure the server will take these libs for sure.
  If you have set the classpath NWDS will take this reference

• Looking for example: JAAS login module using ADF BC

  Hello all,
  I have seen the article at http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm by Frank and Duncan detailing how to put together a login module that uses the database for authentication. Great idea. I would like to take it to the next level and use an ADF BC View Object to do the authentication and role assignment for users, but am stuck on a few points. First of all, is there anyone out there who has done this and would care to share? If not:
  1). How do I get a reference to the AM so that I can look up a view object in the login module?
  2). I assume that I am going to need to add my model project classes to the system classpath, correct?
  3). What are the other gotchas?
  4). Or should this be the first question, is this even possible?

  Hi John,
  I am trying to find a relevant example on JAAS login module with ADF BC,
  i have this application that is ready to go in production deployed on a test application server
  everything seems to work fine but it is totally deprived of security :o(
  i have sent post to get some information i read most of it i even came across your blog on the matter
  i am sort of understanding the things needed to do but i would need a working example to get a better grasp on the this subject. I need i think to built a custom login module but i dont know what exactly can be coded inside the jar file that is read from the application and that forces the authentification so if you could help in my research for an example you OR anyONE
  it would be appreciated
  Carl

• Urgent: JAAS Login Module Deployment Problem

  Hi,
  I have developed a JAAS Login module for the portal (EP6 SP9 sneak preview) and i am getting the following error:
  GroupAssignmentLoginModuleLibrary does not exist in LoadContextWrapper.modifyName.
  com.sap.engine.services.security.exceptions.BaseSecurityException: Can not load a login Module
  The next line is a ClassNotFoundException for the Login Module and the class found in negative cache.
  Please let me know if you know the solution to this problem.
  It is an urgent issue and a solution will be suitably rewarded.
  Regards,
  Vibhu

  Hi Diego,
  Scenario 1: SAP EP to SAP Backend Integration
        In this scenario the most commonly used strategy
        is SAP logon tickets. As far as I know this is the
        best and simple way to implement SSO.
  Scenario 2: SAP EP to Non SAP systems.
        In this scenario various mechanisms can be used.
        It depends on the application you are integrating
        with. SAP does deliver SSO soultions with Lotus
        Notes and Outlook etc. If supported probably it is
        simple to use the SAP solution [Reliability and
        Support].
  Scenario 3: Enterprise Uses third party authetication
        Software.
        For the authntication if the company chooses to use
        some third party product like SiteMinder etc, then
        you can simply use this solution for SAP EP authe-
        tication, and also all your other enterprise
        applications based on the product support. But SAP
        EP to other SAP systems be best integrated with SAP
        logon tickets.
  Scenario 4: SSO using homegrown authetication or some
        third party JAAS module.
        If you have significant applications that are home
        grown that uses some custom authentication mecha-
        nism (Example: Authentication based on ID and
        Password stored in company database ) you can write
        a JAAS module extention to authenticate using that
        database. In other words JAAS is flexible and
        for using external authentication mechanisms.
  There are several mechanisms available that all depends
  on your internal applications/security mechanism/integration etc.
  Here is the link to one of the good articles on SDN about the SAP supported SSO mechanisms.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/uuid/58094632-0301-0010-a391-fc0de26f010e
  Hope this information is useful.
  -Venkat Malempati

• Opinions on implementing a JAAS login module to achieve SSO

  We are looking at implementing SSO from a sharepoint website to the portal.  The users who are accessing the Sharepoint site are using their own computers and are not members of the AD Domain, so they could theoretically be using any computer in the world to access Sharepoint.
  the desired user experience looks something like this.
  user--login> sharepoint site -no login--
  >portal
  One of the methods we are looking at to achieve this is to implement a custom JAAS login module that would authenticate the user if they are coming from the Sharepoint site.
  I would like to get your opinions on how viable you think this method is.  One of the goals of this method is ease of implementation, so if you can think of an easier way to implement this please let us know.
  the method is basically this.
  1. User logs into sharepoint using their AD username and password and establish an active session with sharepoint
  2. user navigates to a link in sharepoint that points to a resource in the SAP Portal
  3. we don't want the user to have to login to access the resource when they click on the link
  4. to facilitate this, sharepoint has constructed the link in the following way
  5. the link is an https link
  6. the link has two additional parameters in addition to whatever is necessary to navigate to the resource
  7. the parameters are
  8. un = the users AD username
  9. uh = sha1("secret_password_known_to_both_the_login_module_and_sharepoint" + "username")
  10. the user clicks the link and is directed to the SAP portal
  11. the sap portal has a custom JAAS login module which performs it's checks before the other login modules
  12. the custom module computes ( sha1("secret_password_known_to_both_the_login_module_and_sharepoint" + un)) and then compares the result with uh, if they are equal, the custom login module authenticates the user bypassing any further need for authentication, otherwise authentication passes to the original authentication modules as normal.
  If you think there is an easier way, please let us know.  We are essentially looking for the easiest/fastest way to implement this functionality that is still secure.

  Hey Gary,
    I'm currently using Apache running on RedHat that leverage Apache's mod_rewrite module. I've got a bank of 6 reverse proxies sitting in front of an SAP Portal and each proxy runs on a host with dual 3.33GHz processors and 8Gb or RAM. I know... they're waaay over-sized and they pretty much snooze all day.
    This is the sole entry point for all SAP users and we sized them to accommodate the "worst case" of about 5000 (potential) named users, concurrently. Realistically, we've only ever had about 1500 unique users hitting the systems in a day (following an upgrade go-live, everybody is curious and wants to log on) and a typical load of about 500 to 750 users in a day.
    Never had a real performance problem to speak of. As long as the proxies are tuned properly (ssl cache, sessions, etc.), you should be fine.
    Setting header variables and some other "custom stuff" is handled in Perl (need Apache's mod_perl active). We've got a script that's called by all users before being passed to the Portal.
    We used IISProxy.dll with an IIS web server a long time ago (5 years maybe?) but opted to can it in favor of the approach described above.
    If you ask SAP, they'll recommend you use a WebDispatcher... and that's certainly an option as well.
  -Kevin

• Use of portal service in JAAS Login Module

  Is it possible to use an portal service in an JAAS Login Module?
  I've tried to use the IUserMappingService and always run in an Null Pointer Exception.
  All needed Used DC references are set and the build and the deployment of the
  login module is possible without any errors.
  Best regards,
  Thomas

  I've debuged my JAAS login modul.
  The following objects are in accessable over my context object
  {broker=broker, com.sap.portal.pcm.collaborative.ipartstemplates={}, UME=UME, com.sap.workflow.es.portal.IKMCRoomService=com.sap.workflow.es.room.KMCRoomHelper@44c944c9, comp.sap.portal.fpn.marshallersrepository={com.sapportals.portal.workset=com.sap.portal.fpn.marshal.WorksetMarshaller@7cf07cf0, com.sapportals.portal.rolefolder=com.sap.portal.fpn.marshal.RoleFolderMarshaller@489b489b, com.sapportals.portal.operationmodifier=com.sap.portal.unification.semanticlayer.marshalling.OperationModifierMarshaller@1a1b1a1b, com.sapportals.portal.businessobject=com.sap.portal.unification.semanticlayer.marshalling.BusinessObjectMarshaller@1fc71fc7, com.sapportals.portal.layout=com.sap.portal.fpn.marshal.LayoutMarshaller@454f454f, com.sapportals.portal.role=com.sap.portal.fpn.marshal.RoleMarshaller@590e590e, com.sap.portal.obn.semanticlayer.businessobject.BusinessObject=com.sap.portal.unification.semanticlayer.marshalling.BusinessObjectNYMarshaller@68af68af, com.sap.portal.obn.semanticlayer.operation.IOperation=com.sap.portal.unification.semanticlayer.marshalling.OperationNYMarshaller@4f4a4f4a, com.sap.portal.pcm.admin.PlainFolderConverter=com.sap.portal.fpn.marshal.FolderMarshaller@284a284a, com.sapportals.portal.iview=com.sap.portal.fpn.marshal.IViewMarshaller@7ba37ba3, com.sapportals.portal.page=com.sap.portal.fpn.marshal.PageMarshaller@a100a10, com.sapportals.portal.operation=com.sap.portal.unification.semanticlayer.marshalling.OperationMarshaller@ece0ece}, WP=com.sapportals.portal.prt.core.resource.MultiPropertiesResource@3b213b21, ContentCatalog=ContentCatalog, Navigation=Navigation, PCD=PCD, com.sap.portal.obn=com.sap.portal.obn, com.sap.portal.usermanagement.usermanagement=com.sapportals.portal.prt.service.usermanagement.UserManagementService@60cc60cc, ProductionMode=true, AdHocWorkflowConnector=com.sap.workflow.es.portal.WFEWorkitemProvider@30d630d6, com.sap.ip.bi=com.sap.ip.bi, com.sapportals.portal.pcm.registeredServies=com.sapportals.portal.pcm.registeredServies, UniversalWorklistService=com.sap.netweaver.bc.uwl.core.portal.UWLPortalService@57e957e9, com.sap.portal.appintegrator=com.sap.portal.appintegrator, rtmf_messaging=com.sap.ip.collaboration.core.api.rtmf.core.RTMFMessaging@41af41af, com.sap.workflow.es.portal.IKMNotificationService=com.sap.workflow.es.portal.KMNotificationService@1daa1daa, com.sap.portal.pcm.collaborative.pagestemplates={}, runtime=runtime, Authenticator=com.sapportals.portal.prt.service.authenticationservice.AuthenticationService@756f756f, com.sap.workflow.es.portal.IKMAttachmentService=com.sap.workflow.es.portal.KMAttachmentService@9750975, unification=unification}
  The IUserMappingService is missing.  Any ideas?
  Best regards,
  Thomas

• Custom JAAS login module configuration in Oracle application server

  I have a LDAP login module implementing javax.security.auth.spi.LoginModule. This login module works well with tomcat and weblogic, if I configure the JVM arguments -Djava.security.auth.login.config and -Djava.security.policy to point to the login.conf and access.policy files. The login.conf file has the below content
  FREEWAY_SERV
  com.wipro.freeway.security.LdapLoginModule required debug=true portal=false;
  FREEWAY_PORT
  com.wipro.freeway.security.LdapLoginModule required debug=true portal=true;
  The access.policy file has contains content like below:
  grant Principal com.wipro.freeway.security.RolePrincipal "UserAdministration" {
       permission com.wipro.freeway.security.URLPermission "/createOtherUser.frw";
       permission com.wipro.freeway.security.URLPermission "/createDealer.frw";
  The application uses these login modules by passing Name of the JAAS configuration (FREEWAY_SERV or FREEWAY_PORT).
  I would like to use the same login module and code in Oracle application sever 10.1.3 and I haven't got any success yet. I am not getting how to set these JVM properties and make my application identify this custom login module. I have tried configuring the custom login module via oc4j admin console and I couldn't give a name to my configuration. I also set the system properties for
  -Djava.security.auth.login.config and -Djava.security.policy with no success.
  Could anybody please help me to get this right?
  Thanks in advance.

  Hello,
  In OracleAS 10g R3 (10.1.3.x) you can register your login module in your application (and server) using Enterprise Manager, and config file. That is easier and more flexible that the parameter.
  I would invite you to take a look to the security how-to:
  - 10.1.3 How-tos, and How to integrate a custom login module
  You can also take a look to the 10.1.3 Documentation and the LDAP/Login Module integration.
  - Security guide: Login Modules

• JAAS login module configuration in Oracle application server

  I have a LDAP login module implementing javax.security.auth.spi.LoginModule. This login module works well with tomcat and weblogic, if I configure the JVM arguments -Djava.security.auth.login.config and -Djava.security.policy to pont to the login.conf and access.policy files. The login.conf file has the below content
  FREEWAY_SERV
  com.wipro.freeway.security.LdapLoginModule required debug=true portal=false;
  FREEWAY_PORT
  com.wipro.freeway.security.LdapLoginModule required debug=true portal=true;
  The application uses these login modules by passing Name of the JAAS configuration (FREEWAY_SERV or FREEWAY_PORT).
  I would like to use the same login modules and code in Oracle application sever 10.1.3 and I haven't got any success yet.
  Could anybody please help me to get this right?
  Thanks in advance.
  Message was edited by:
  vinayalva

  Hi,
  in OracleAs bet is to use Enterprise Manager to configure the login module. The LoginModule needs to be configured in the system-jazn-data.xml file, which is located in teh j2ee/home/config directory of the OC4J you use. Enterprise Manager does this all for you.
  In your application deployment the orion-application.xml file needs to specify that a custom LoginModule should be used. Again ENterprise Manager does it for you.
  To use the LoginModule e.d. for J2EE authentication, just make sure that the application name of the J2EE deployment matches the name of the LoginModule configuration
  If you want to use pure JAAS you may have to change the OC4J properties file in the j2ee/home/config directory. Best suggestion to give is to get the online documentation for OC4J security
  Frank

• Jaas Login module does not work

  Hello,
  I am developing simple web application wich uses jaas for authentication, but something strange happens, i have written security information in my web.xml:
  <security-constraint>
            <web-resource-collection>
                 <web-resource-name>simple</web-resource-name>
                 <url-pattern>/security/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                 <role-name>admin</role-name>
            </auth-constraint>
       </security-constraint>
       <login-config>
            <auth-method>FORM</auth-method>
            <form-login-config>
                 <form-login-page>/login.seam</form-login-page>
                 <form-error-page>/login.seam</form-error-page>
            </form-login-config>
       </login-config>
       <security-role>
            <role-name>admin</role-name>
       </security-role>my login module looks like this:
  package com.auth.security;
  public class SimpleLoginModule implements LoginModule {
       // initial state
       private Subject subject;
       private CallbackHandler callbackHandler;
       private Map sharedState;
       private Map options;
       // the authentication status
       private boolean succeeded = false;
       private boolean commitSucceeded = false;
       // login info
       private static final String[] userNames = { "admin", "guest", "user1", "user2" };
       private static final String[] passwords = { "admin", "sesame", "pass1", "pass2" };
       // current user
       private String username;
       private char[] password;
       // user's principal object
       private SimplePrincipal userPrincipal;
       public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
            System.out.println("INITIALIZE");
            this.subject = subject;
            this.callbackHandler = callbackHandler;
            this.sharedState = sharedState;
            this.options = options;
       }// end initialize()
            public boolean login() throws LoginException {
            System.out.println("LOGIN");
            // prompt for a user name and password
            if (callbackHandler == null)
                 throw new LoginException("Error: no CallbackHandler available " + "to garner authentication information from the user");
            Callback[] callbacks = new Callback[2];
            callbacks[0] = new NameCallback("\nuser name: ");
            callbacks[1] = new PasswordCallback("password: ", false);
            try {
                 callbackHandler.handle(callbacks);
                 username = ((NameCallback) callbacks[0]).getName();
                 char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
                 if (tmpPassword == null) // treat a NULL password as an empty
                      // password
                      tmpPassword = new char[0];
                 password = new char[tmpPassword.length];
                 System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length);
                 ((PasswordCallback) callbacks[1]).clearPassword();
            } catch (java.io.IOException ioe) {
                 throw new LoginException(ioe.toString());
            } catch (UnsupportedCallbackException uce) {
                 throw new LoginException("Error: " + uce.getCallback().toString() + " not available to authenticate user.");
            boolean usernameCorrect = false;
            boolean passwordCorrect = false;
            String passwordString = new String(password);
            for (int x = 0; x < userNames.length; x++) {
                 if (username.equals(userNames[x]))
                      usernameCorrect = true;
                 if (usernameCorrect && passwordString.equals(passwords[x])) {
                      // authentication succeeded!!!
                      passwordCorrect = true;
                      succeeded = true;
                      break;
                 } else {
                      // authentication failed -- clean out state
                      succeeded = false;
                      usernameCorrect = false;
                 }// end if/else
            }// end for( int x = 0; x < userNames.length; x++ )
            return succeeded;
       }// end login()
       public boolean commit() throws LoginException {
            System.out.println("COMMIT");
            if (!succeeded) {
                 return false;
            } else {
                 // add a Principal (authenticated identity)
                 // to the Subject
                 // assume the user we authenticated is the SimplePrincipal
                 userPrincipal = new SimplePrincipal(username);
                 if (!subject.getPrincipals().contains(userPrincipal))
                      subject.getPrincipals().add(userPrincipal);
                 // in any case, clean out state
                 username = null;
                 password = null;
                 commitSucceeded = true;
                 return true;
            }// end if( succeeded == false )
       }// end commit()
       public boolean abort() throws LoginException {
            System.out.println("ABORT");
            if (succeeded == false) {
                 return false;
            } else if (succeeded == true && commitSucceeded == false) {
                 // login succeeded but overall authentication failed
                 succeeded = false;
                 username = null;
                 if (password != null)
                      password = null;
                 userPrincipal = null;
            } else {
                 // overall authentication succeeded and commit succeeded,
                 // but someone else's commit failed
                 logout();
            }// end if/else
            return true;
       public boolean logout() throws LoginException {
            System.out.println("LOGOUT");
            subject.getPrincipals().remove(userPrincipal);
            succeeded = false;
            succeeded = commitSucceeded;
            username = null;
            if (password != null)
                 password = null;
            userPrincipal = null;
            return true;
  }I am using Jboss-4.2.3.GA and configured login-config.xml like this:
      <application-policy name="simpleLoginModule">
       <authentication>
        <login-module code="com.security.auth.simpleLoginModule" flag="required">
        </login-module>
       </authentication>
      </application-policy>I have jboss-web.xml also correctly configured.
  The problem is that when i type correct username/password happens the error:
  HTTP Status 403 - Access to the requested resource has been denied
  So can anyone help me? What i have to change/modify in my loginmodule java code?

  Hi,
  no need to change the authschemes.xml file when you don't know if your code works (you can perfectly break logon to other applications when doing so).
  Configure your application to use declarative authentication; this is done in the web.xml of the application:
  http://help.sap.com/SAPhelp_nw70/helpdata/en/08/0f0e4d1ffece4d8b9c5b84793aac50/content.htm
  http://help.sap.com/SAPhelp_nw70/helpdata/en/40/97ffdb74939747b402b0200780cab5/content.htm
  http://help.sap.com/SAPhelp_nw70/helpdata/en/b9/9482887ddb3e47bd1a738c3e900195/content.htm
  example:
       <login-config>
            <auth-method>FORM</auth-method>
            <realm-name>REALM</realm-name>
            <form-login-config>
                 <form-login-page>logon.jsp</form-login-page>
                 <form-error-page>error.jsp</form-error-page>
            </form-login-config>
       </login-config>
  With declarative authentication the AS Java will use the logon modules you confired in the VA for the application.
  br,
  Tobias

• Accessing LDAP in a custom JAAS login module

  Hi,
  I have developed a custom jaas login module in CE 7.1. I created a java dc which contains a class extending AbstractLoginModule. This DC is deployed on to the server using an EAR DC. I am trying to access LDAP in the custom login module. I am trying to establish an SSL connection to LDAP. For this purpose i have created a custom socket factory class which extends SSLSocketFactory. I used the code below to establish the connection.
            Hashtable<String,String> env=new Hashtable<String,String>();
            DirContext dirContext=null;
            env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL,ldapURL);
                  env.put(Context.SECURITY_PROTOCOL,"ssl");
                  env.put("java.naming.ldap.factory.socket", "com.test.ldap.MySSLSocketFactory");
                  dirContext=new InitialDirContext(env);
  MySSLSocketFactory is the name of custom socket factory.
  During a login process, the above code results in error because the connection to LDAP server could not be established. However the same code when executed in a webdynpro DC is working without any problem. What could be the reason for this?
  This is the error i could see in defaultTrace
  javax.naming.CommunicationException: js24.na.domain.net:636 [Root exception is java.lang.ClassNotFoundException: com.test.ldap.MySSLSocketFactory
  Loader Info -
  ClassLoader name: [service:security]
  Living status: alive
  Direct parent loaders:
     [system:Frame]
     [library:j2eeca]
     [service:timeout]
     [service:com.sap.security.core.ume.service]
     [service:adminadapter]
  Resources:
     /usr/sap/SV3/J10/j2ee/cluster/bin/services/security/lib/private/sap.comtcjesecurityimpl.jar
  at com.sun.jndi.ldap.Connection.<init>(Connection.java:205)
  at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
  at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1579)
  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2681)
  at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:299)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
  at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
  at com.sap.engine.system.naming.provider.DefaultInitialContext._getDefaultInitCtxt(DefaultInitialContext.java:64)
  at com.sap.engine.system.naming.provider.DefaultInitialContext.<init>(DefaultInitialContext.java:45)
  at com.sap.engine.system.naming.provider.DefaultInitialContextFactory.getInitialContext(DefaultInitialContextFactory.java:41)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
  at javax.naming.InitialContext.init(InitialContext.java:223)
  at javax.naming.InitialContext.<init>(InitialContext.java:197)
  at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)

  Hi,
  I used an EJB to perform the LDAP search and called the EJB from the login module. It is working as expected.
  Regards,
  Shabeer

• How to deploy and configure custom JAAS login module

  Dear Experts,
  I have created a custom jaas login module, In my .jar I am having
  1. MyLoginModule.class
  2. Handler.class
  3. MyPrincipal.class
  I want to know how to deploy the custom jaas module to oc4j. And make available to all
  other application to use the same for authentication & authorization. Please suggest me.
  Thanks,
  Rajesh A

  This article does not mention that you can put the <jazn-loginconfig> tag into the orion-application.xml as well.
  Much easier to deploy and test.
  --olaf                                                                                                                                                                                                                                                                                                                       

• How to create Jaas Login module !! Urgent

  <b>Hi developers</b>
                      I want to make some changes in logon messages. Right now we are getting only error <b>user authentication failed </b> on the portal even if user is locked or some other reason is there for failed authentiaction. I want proper message should be displaying based on user input. For it I hope its good to <b>create Jaas logon module</b> so that i can modify it accordingly .
  kindly if any one can give me way out , its urgent.
  how to create it step by step. it would be highly appriciable.
  any inputs are appriciated .
  Thanks in advance
  <b>Abhay</b>

  Hi Abhay,
  1.) Every question is "urgent"... Please read https://www.sdn.sap.com/irj/sdn/wiki?path=/display/home/rulesofEngagement - section "Use a Good Subject Line"
  2.) For JAAS Login Modules examples, see https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/4d65ed90-0201-0010-3aba-9209836e8242
  Hope it helps
  Detlev