New JAAS Logon Module that calls RFC: Urgent
I want to build a new logon module that extends AbstractLoginModule.
I want to call an RFC in ECC using JCA in this logon module. The purpose of this RFC call is to read the users roles in the backend, if they have a certain role I will dynamically assign them a portal group using the UME API.
which method in the Logon Module (AbstractLoginModule) should I make the call to the RFC? (initialize(), login(), commit(), etc.)
Does anybody have any examples of how to make the RFC call from a custom logon module using JCA?
Edited by: K Ferguson on Nov 3, 2008 5:39 PM
[link at...|http://help.sap.com/saphelp_nw2004s/helpdata/en/17/d609b48ea5f748b47c0f32be265935/content.htm]
Similar Messages
-
New JAAS Logon Module that calls RFC
I want to build a new logon module that extends AbstractLoginModule.
I want to call an RFC in ECC using JCA in this logon module. The purpose of this RFC call is to read the users roles in the backend, if they have a certain role I will dynamically assign them a portal group using the UME API.
which method in the Logon Module (AbstractLoginModule) should I make the call to the RFC? (initialize(), login(), commit(), etc.)
Does anybody have any examples of how to make the RFC call from a custom logon module using JCA?Hi K,
I tend to put the bulk of the logic for my login modules in the login() method - although usually this is for checking authentication rather than assigning roles/groups.
Have you thought about using UME type ABAP to map ECC roles to Portal Groups? If you then need to write a login module to handle, say, LDAP authentication, then at least it is doing what it should be - i.e. authentication, and the heavy-lifting to do with JCA, roles, etc is handled by SAP-standard code.
For sample JCA code, there is some in the [Universal Worklist Wiki|https://wiki.sdn.sap.com/wiki/display/BPX/DeveloperStudioProject+Files] - just download and extract the Devlopment Component there (don't forget to remove the .gif extension - a hack I used to get a Zip file into the Wiki). The file SapRfc.java gives you a user-friendly way of calling RFCs using JCA. To see it in use, see AbsenceApproval.java - the method getWorkitemDescription() is a good example to look at.
The only downside of the SapRfc.java library is that the constructor takes a IPortalComponentRequest object as an argument (allowing you to use a Portal System Alias), and you don't really have access to one of those in a JAAS module. You will have to modify this code to take a set of ConnectionProperties instead (see the documentation [Using the SAP System Connector|http://help.sap.com/saphelp_nw04/helpdata/en/89/8a185c148e4f6582560a8d809210b4/frameset.htm]).
Really, the component you want to develop might be better deployed as a Portal component. Your users would access this component first of all, and when it completes it would forward them on to the Portal proper.
Hope this helps,
Darren -
Custom logon module not called by the portal
Hi, all.
I need some help urgently on this new portal requirement. There are some sensitive ESS/MSS iviews that we need to give the users an additional logon challenge. The normal ESS/MSS iviews will be using SSO. This one will still use SSO, but have to pass the userid/password challenge.
We have decided to use the authentication scheme. Also, the "form" logon stack has been modified with only one logon module, which is our customized one. To create the java project, jar and library, we are following the link: http://help.sap.com/saphelp_nw04s/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/frameset.htm
Here's the extract of our authscheme.xml:
<authscheme name="certlogon">
<authentication-template>
client_cert
</authentication-template>
<priority>21</priority>
<frontendtype>2</frontendtype>
<frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
</authscheme>
<authscheme name="coo_secure">
<authentication-template>
form
</authentication-template>
<priority>40</priority>
<frontendtype>2</frontendtype>
<frontendtarget>com.sap.portal.runtime.logon.basicauthentication</frontendtarget>
</authscheme>
<authscheme name="basicauthentication">
<authentication-template>
ticket
</authentication-template>
<priority>20</priority>
<frontendtype>2</frontendtype>
<frontendtarget>com.sap.portal.runtime.logon.basicauthentication</frontendtarget>
</authscheme>
The authscheme is called coo_secure. When a user clicks on the iviews with the coo_secure authscheme, a userid/pwd prompt pops up. But it does not accept whatever I type in. From the defaulttrace, I do not see any hint that our customized logon module was ever called.
Is there anyway to turn on portal tracing to see what is going on?
Thanks,
Jonathan.Hi Jonathan,
Did you solved the problem with the custom logon module?
We have a very similar scenario. I followed below help site to implement a custom logon module for particular iviews.
http://help.sap.com/saphelp_nw70/helpdata/EN/54/f91fba71ae48309e4267b4a36fa47b/frameset.htm
and also the documentation:
SAP Netweaver Developers Guide - Integrating Security Functions
But I am not able to get my own custom login module with the custom authscheme running.
If I access my specific IViews that requires additional custom authentication I get the portal login page again. After giving login data I get the error message:
Java iView Runtime
An exception occured while processing your request.
If this situation persists, please contact your system administrator.
If you solved your problem, can you please share the solution with me?
Thanks,
Regards,
Yasar -
Create new JAAS login module & have to deploy in OC4J
Dear Experts,
Is it possible to create number of user roles under the group oc4jadmin. Then have to assign task for each user in group. please suggest me.
Thanks,
Rajesh
Edited by: Rajesh A on Mar 12, 2009 10:15 AM
Edited by: Rajesh A on Mar 12, 2009 6:48 PMh5. James,Anirudh
Is it possible to define new JAAS module that would first check with Oracle DB & then check with LDAP directory. Actually my requirement was to authenticate user with the help of backends. Here backend denotes both Oracle DB & LDAP. In the sense when user enters valid id & password it checks for existence in DB & if exist DB returns a new value (role) then have to check new value with LDAP( what are the privileges available for specified role & who is the superior for the same). The details maintaining in LDAP are dynamic so we cant able to move into DB. Every process involving here is automatic in the sense no external server connection should provide for authentication. The custom login module should be deploy in same OC4J container. Always available as service. I want to know about the following
1) How to define costom JAAS login module
2) How to configure coutom JAAS login module over OC4J
3) How to make use of it
Thanks,
Rajesh -
JAAS logon module portal user doesn't redirect any website
I adopted customing JAAS login module.(WAS640 SP14)
in login(), when portal user doesn't exist, portal site redirect any other website.
doesn't work res.sendRedirect
plaese post how do i work.....
=============================
public boolean login() throws LoginException {
NameCallback nameCallback = new NameCallback("user name: ");
PasswordCallback pwdCallback = new PasswordCallback("password: ", false);
try {
_callbackHandler.handle(new Callback[] {nameCallback, pwdCallback});
} catch (java.io.IOException ioe) {
throwUserLoginException(ioe, LoginExceptionDetails.IO_EXCEPTION);
} catch (UnsupportedCallbackException uce) {
_shouldBeIgnored=true;
return false;
String _userId = nameCallback.getName();
_password = pwdCallback.getPassword();
pwdCallback.clearPassword();
//WebCallback call
WebCallback wcb = new WebCallback ();
HttpServletResponse res = wcb.getResponse();
try
refreshUserInfo(_userId);
user =userContext.getUserInfo(_userId);
} catch(SecurityException e)
try {
res.sendRedirect("http://www.naver.com"); <<<==========
} catch (Exception e1) {
e1.printStackTrace();
//throwUserLoginException(e, (byte)0);
=======================================
Error in some of the login modules.
[EXCEPTION]
com.sap.engine.services.security.exceptions.BaseLoginException: Error in some of the login modules.
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:149)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:154)
Message was edited by: Won-Woo ParkI am getting this exact same error when attempting to redirect out of the JAAS custom login module we created. I inherited this code, so I am not sure what to do to make this work. Did you ever get it resolved? If so, can you tell me what you did to fix it?
My code looks similar to yours:
WebCallback wcb = new WebCallback ();
this.callbackHandler.handle(new Callback [] {wcb});
HttpServletResponse rsp = wcb.getResponse();
myLoc.infoT("URL: " + this.changepasswordurl + this.username);
rsp.sendRedirect(this.changepasswordurl + this.username);
I'm getting exactly the same stack dump you got. The URL gets printed in the trace log, and when I enter it directly into the browser, it works just fine. Something about the redirect is wreaking havoc in the portal.
Can anyone suggest how to make this redirect work?
Thank you,
Dave -
JAAS login module is calling password change page
Hi,
I am developing an login module on SAP Portal 7.0, but I stuck an issue. "User password change" page is appearing on the screen as soon as I call "http://<hostname>:<port>/irj/portal", after I add my custom login module under "ticket" component on "Visual Administrator". It is weird that custom login module is running properly on the portal with 1 server node. The problem is occured when I try to call it on the portal with 5 server nodes. I would like to indicate that I didn't call "User password change" page or something like a thing that can call that page, in the code. Anyone has a suggestion?
Thank youI solved the problem
-
JAAS Login Module using Deployable Web Service proxy
Hi,
We've created a JAAS Login Module that calls a deployable web service proxy to validate users on Netweaver Portal 2004 SP19. To do this the following steps were taken:
1) created a deployable web proxy named 'SGU_proxy' and uploaded it to server. This project created 2 files: 'SGU_proxy.ear' (the one uploaded) and 'SGU_proxyClientAPI.jar'.
2) created a Java project named 'AgregacaoLoginModule' with a single class to authenticate users, this is the class that calls the web service with the username and password. This project references the deployable web proxy project (Properties > Java Build Path > Projects > checkbox marked next to project SGU_proxy).
3) exported the Java project class, not including the 'SGU_proxyClientAPI.jar'.
4) created a 'J2EE Server Component' > 'Library' project named 'AgregacaoLoginModuleJ2EE'.
On the 'provider.xml' file added 2 jars: 'AgregacaoLoginModule.jar' and 'SGU_proxyClientAPI.jar'. References were made to the standard portal libraries. No references were made to the proxy 'SGU_proxy' or the 'AgregacaoLoginModule' project.
The library was uploaded to the server, everything was ok and no errors were reported.
The login module was configured on the server and is called when users try to acess Portal server.
The problem is that when trying to authenticate users: after getting a reference to the proxy using jndi I get a ClassCastException. Note that this proxy is used in a WebDyn Pro application and is working fine.
The web service client proxy generated the interface 'pt.agregacao.ws.sgu.Servicos' and from jndi I get 'class pt.agregacao.ws.sgu.ServicosImpl'. So this seems to be ok, why the exception?
Is it necessary to had a reference to 'SGU_proxy' on the 'AgregacaoLoginModuleJ2EE' project? If so, how?
Thanks in advance.
AlvaroHi,
We've created a JAAS Login Module that calls a deployable web service proxy to validate users on Netweaver Portal 2004 SP19. To do this the following steps were taken:
1) created a deployable web proxy named 'SGU_proxy' and uploaded it to server. This project created 2 files: 'SGU_proxy.ear' (the one uploaded) and 'SGU_proxyClientAPI.jar'.
2) created a Java project named 'AgregacaoLoginModule' with a single class to authenticate users, this is the class that calls the web service with the username and password. This project references the deployable web proxy project (Properties > Java Build Path > Projects > checkbox marked next to project SGU_proxy).
3) exported the Java project class, not including the 'SGU_proxyClientAPI.jar'.
4) created a 'J2EE Server Component' > 'Library' project named 'AgregacaoLoginModuleJ2EE'.
On the 'provider.xml' file added 2 jars: 'AgregacaoLoginModule.jar' and 'SGU_proxyClientAPI.jar'. References were made to the standard portal libraries. No references were made to the proxy 'SGU_proxy' or the 'AgregacaoLoginModule' project.
The library was uploaded to the server, everything was ok and no errors were reported.
The login module was configured on the server and is called when users try to acess Portal server.
The problem is that when trying to authenticate users: after getting a reference to the proxy using jndi I get a ClassCastException. Note that this proxy is used in a WebDyn Pro application and is working fine.
The web service client proxy generated the interface 'pt.agregacao.ws.sgu.Servicos' and from jndi I get 'class pt.agregacao.ws.sgu.ServicosImpl'. So this seems to be ok, why the exception?
Is it necessary to had a reference to 'SGU_proxy' on the 'AgregacaoLoginModuleJ2EE' project? If so, how?
Thanks in advance.
Alvaro -
Standard Component in CRM that will call RFC Function Module
HI all,
Is there any Standard Component in CRM that will call RFC Function Module from ECC and that called RFC FM should Fetch the data from ECC.You can call RFC from different places, like programs, function modules, web dynpros, classes...
So you just have to have appropriate RFC on ERP side and call it from CRM side. To call it you use the following statement...
CALL FUNCTION 'YOUR RFC FUNCTION'
DESTINATION i_dest "name of server
EXPORTING
your export parameters
IMPORTING
your import parameters
Regards. -
How to create Jaas Login module !! Urgent
<b>Hi developers</b>
I want to make some changes in logon messages. Right now we are getting only error <b>user authentication failed </b> on the portal even if user is locked or some other reason is there for failed authentiaction. I want proper message should be displaying based on user input. For it I hope its good to <b>create Jaas logon module</b> so that i can modify it accordingly .
kindly if any one can give me way out , its urgent.
how to create it step by step. it would be highly appriciable.
any inputs are appriciated .
Thanks in advance
<b>Abhay</b>Hi Abhay,
1.) Every question is "urgent"... Please read https://www.sdn.sap.com/irj/sdn/wiki?path=/display/home/rulesofEngagement - section "Use a Good Subject Line"
2.) For JAAS Login Modules examples, see https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/4d65ed90-0201-0010-3aba-9209836e8242
Hope it helps
Detlev -
Hi all,
Im developing a new JAAS login module which will use Apache's Axis API to call a remote SOAP server.
During the development process, I added the Axis library by using the classic Java Build path=> libraries on Sap Netweaver developer Studio.
The compilation, the deployment of the SDA and the configuration via Visual Admin are working well.
But when I tried to authenticate on the SAP EP through this module, Ive got the following error message:
java.lang.NoClassDefFoundError: org.apache.axis.client.Service
In my opinion, it seems that the Apache Axis API (jar files) is not present on the SAP EP.
Is there any way to add external libraries like Apache Axis API (jar files) on the SAP EP?
Is there any way to add external libraries like Apache Axis API (jar files) on the sda generated by Sap Netweaver developer Studio?
Thanks,Hi,
can't you add the Axis libs to the SDA? In the file server/provider.xml you have the possibility to add jars via the NWDS.
HTH
Daniel -
Opinions on implementing a JAAS login module to achieve SSO
We are looking at implementing SSO from a sharepoint website to the portal. The users who are accessing the Sharepoint site are using their own computers and are not members of the AD Domain, so they could theoretically be using any computer in the world to access Sharepoint.
the desired user experience looks something like this.
user--login> sharepoint site -no login--
>portal
One of the methods we are looking at to achieve this is to implement a custom JAAS login module that would authenticate the user if they are coming from the Sharepoint site.
I would like to get your opinions on how viable you think this method is. One of the goals of this method is ease of implementation, so if you can think of an easier way to implement this please let us know.
the method is basically this.
1. User logs into sharepoint using their AD username and password and establish an active session with sharepoint
2. user navigates to a link in sharepoint that points to a resource in the SAP Portal
3. we don't want the user to have to login to access the resource when they click on the link
4. to facilitate this, sharepoint has constructed the link in the following way
5. the link is an https link
6. the link has two additional parameters in addition to whatever is necessary to navigate to the resource
7. the parameters are
8. un = the users AD username
9. uh = sha1("secret_password_known_to_both_the_login_module_and_sharepoint" + "username")
10. the user clicks the link and is directed to the SAP portal
11. the sap portal has a custom JAAS login module which performs it's checks before the other login modules
12. the custom module computes ( sha1("secret_password_known_to_both_the_login_module_and_sharepoint" + un)) and then compares the result with uh, if they are equal, the custom login module authenticates the user bypassing any further need for authentication, otherwise authentication passes to the original authentication modules as normal.
If you think there is an easier way, please let us know. We are essentially looking for the easiest/fastest way to implement this functionality that is still secure.Hey Gary,
I'm currently using Apache running on RedHat that leverage Apache's mod_rewrite module. I've got a bank of 6 reverse proxies sitting in front of an SAP Portal and each proxy runs on a host with dual 3.33GHz processors and 8Gb or RAM. I know... they're waaay over-sized and they pretty much snooze all day.
This is the sole entry point for all SAP users and we sized them to accommodate the "worst case" of about 5000 (potential) named users, concurrently. Realistically, we've only ever had about 1500 unique users hitting the systems in a day (following an upgrade go-live, everybody is curious and wants to log on) and a typical load of about 500 to 750 users in a day.
Never had a real performance problem to speak of. As long as the proxies are tuned properly (ssl cache, sessions, etc.), you should be fine.
Setting header variables and some other "custom stuff" is handled in Perl (need Apache's mod_perl active). We've got a script that's called by all users before being passed to the Portal.
We used IISProxy.dll with an IIS web server a long time ago (5 years maybe?) but opted to can it in favor of the approach described above.
If you ask SAP, they'll recommend you use a WebDispatcher... and that's certainly an option as well.
-Kevin -
Problems deploying custom JAAS login module (ClassNotFound)
Hi,
I've developed a custom made JAAS login module that filters on IP addresse which I am moving from 6.20 to 6.40.
I've pretty much followed the procedures from http://help.sap.com/saphelp_nw04/helpdata/de/46/3ce9402f3f8031e10000000a1550b0/content.htm , the only major difference is that I needed a reference to WebCallback and therefore a reference to com.sap.security.api.sda from my library project.
I've especially followed the step with "Adding a Reference to the Classloader of the Security Provider" (http://help.sap.com/saphelp_nw04/helpdata/de/2b/23e4407211732ae10000000a155106/content.htm) , but I think its this step that fails. This has been set to library:<library name> , where <library name> is what is written on the right hand side of visual admin under library. I see that the library is deployed under the folder bin\ext\customer.com~com.customer.portal.login.IPRuleLibrary , so maybe I will try that name tomorrow morning.
The exceptions I get are
#1.5#001321B3B106005C0000000800002E380004039375E59BA6#1129831779936#com.sap.engine.services.security#sap.com/irj#com.sap.engine.services.security#Guest#1####ae7c5500419411daa7fd001321b3b106#SAPEngine_Application_Thread[impl:3]_17##0#0#Error#1#/System/Audit#Java###Exception #1#com.sap.engine.services.security.exceptions.BaseSecurityException: Cannot load a login module.
at com.sap.engine.services.security.login.LoginContextFactory.init(LoginContextFactory.java:95)
at com.sap.engine.services.security.login.LoginContextFactory.getLoginContext(LoginContextFactory.java:133)
at com.sap.engine.services.security.server.AuthenticationContextImpl.getLoginContext(AuthenticationContextImpl.java:227)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sap.engine.system.SystemLoginModule.initialize(SystemLoginModule.java:72)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:86)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:305)
at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)
at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
at java.security.AccessController.doPrivileged(Native Method)
at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:295)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:351)
at com.sap.portal.navigation.Gateway.service(Gateway.java:68)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:95)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:159)
Caused by: java.lang.ClassNotFoundException: com.customer.portal.login.IPRuleLoginModule
Found in negative cache
- Loader Info -
ClassLoader name: [common:library:com.sap.security.api.sda;library:com.sap.security.core.sda;library:security.class;library:webservices_lib;service:adminadapter;service:basicadmin;service:com.sap.security.core.ume.service;service:configuration;service:connector;service:dbpool;service:deploy;service:jmx;service:jmx_notification;service:keystore;service:security;service:userstore]
Parent loader name: [Frame ClassLoader]
References:
library:com.sap.ip.basecomps
library:core_lib
common:library:IAIKSecurity;library:activation;library:mail;library:tcsecssl
library:servlet
library:sapxmltoolkit
library:com.sap.mw.jco
library:com.sap.util.monitor.jarm
library:j2eeca
library:opensql
interface:security
interface:log
interface:shell
interface:keystore_api
library:ejb20
interface:webservices
library:com.sap.guid
interface:appcontext
interface:endpoint_api
interface:resourceset_api
interface:resourcecontext_api
common:service:iiop;service:naming;service:p4;service:ts
interface:ejbcomponent
interface:container
interface:visual_administration
interface:transactionext
interface:dsr_ejbcontext_api
service:timeout
library:tc~jmx
library:tcSLUTIL
service:memory
library:antlr
library:jdbdictionary
library:opensqlextensions
interface:cross
service:locking
service:file
Resources:
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_toolkit_api.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
adminadapter
adminadapter.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
com.sap.security.core.ume.service
com.sap.security.core.ume.service.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
webservices_lib
jaxrpc-api.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
com.sap.security.api.sda
com.sap.security.api.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
dbpool
opensqllib.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
jmx
jmx_sec.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
webservices_lib
jaxm-api.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
keystore
keystore.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
security
security.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
basicadmin
jstartupapi.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_jaas.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
connector
connectorimpl.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
webservices_lib
webservices_lib.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_jaas.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_service_api.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_userstore_lib.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
webservices_lib
saaj-api.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
com.sap.security.core.sda
com.sap.security.core.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
com.sap.security.core.sda
com.sap.security.core.tpd.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_csi.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_ssf.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
userstore
userstore.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
dbpool
sqljimpl.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_xmlbind.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_util.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
dbpool
dbpool.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
deploy
deploy.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_toolkit_core.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
jmx
jmx.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_compat.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
jmx_notification
jmx_notification.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
configuration
configuration.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
basicadmin
jstartupimpl.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_https.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
basicadmin
basicadmin.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_jaas_test.jar
C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
com.sap.security.api.sda
com.sap.security.api.perm.jar
Loading model: {parent,local,references}
at com.sap.engine.frame.core.load.ReferencedLoader.loadClass(ReferencedLoader.java:348)
at com.sap.engine.services.security.Util.loadClass(Util.java:262)
at com.sap.engine.services.security.Util.loadClassFromAdditionalLoaders(Util.java:204)
at com.sap.engine.services.security.login.LoginContextFactory.init(LoginContextFactory.java:92)
... 45 more
#1.5#001321B3B106005C0000000900002E380004039375E5A109#1129831779936#com.sap.engine.services.security#sap.com/irj#com.sap.engine.services.security#Guest#1####ae7c5500419411daa7fd001321b3b106#SAPEngine_Application_Thread[impl:3]_17##0#0#Error##Java###Cannot load login module class .#1#com.customer.portal.login.IPRuleLoginModule#Hi,
The problem was solved by using the name customer.com~com.customer.portal.login.IPRuleLibrary for the library (so basically look at the name of your library folder under cluster\j2ee\serverx\bin\ext , not the name reported by visual admin).
Also I was able to modify the properties of the login module runtime, which made me very happy
Dagfinn -
Hello all, I'm having a problem with authentication. I hava a jaas Login Module that authenticates users against a db. After some work I could configure it and got it working. But, even my Login Module works fine, after validating an user I get the exception:
Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: User not authorized.
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:223)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at com.lumina.security.jaasrbac.SecurityFacade.authenticate(SecurityFacade.java:119)
... 51 more
Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: User is locked.
at com.sap.engine.services.security.server.jaas.CheckAction.checkUserLockStatus(CheckAction.java:181)
at com.sap.engine.services.security.server.jaas.CheckAction.run(CheckAction.java:58)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.server.jaas.LoginModuleHelperImpl.checkUserLockStatus(LoginModuleHelperImpl.java:116)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:175)
... 63 more
This happens after my login module is invoked and succeeds authenticating an user.
Is it really necessary to have a copy of the user data in the UME store?
Thanks,
Juan ManuelHi Bhavik,
You have to use the VisualAdministrator tool.
These are the steps I did (or I think I did):
1) I created a library whith Developer Studio which contained the Login Module implementing class and its dependencies.
2) Deployed it to J2EE engine
3) Using Visual Administrator go to security provider (J2E/Server0/services)
4) Click UserManagement tab
5) Click Manage Security Stores button
6) Click Add Login Module button
7) Click Ok in the first dialog that appears
8) Fill the required data in the add Login Module dialog (className of the Login Module implementation,disply name, description and options (if any, iex: debug=true)
9) Click Ok
10)Click policy Configurations tab
11) Click add button (bottom of the component's panel)
12) Enter the name for the new policy configuration (I think it must be the same name you use in your application code when you refer to the login module) and click ok
13) Now, the new configuration appears in the components list. Click on it
14) Click 'add new' button which is at the bottom of the authentication tab (right panel)
15) Select the login module you created in 8) and click ok
16) In the authentication tab appears the login module you have created. There you can the right flag you desire for your login module (optional, required, requisite,sufficient)
17) Click the Properties tab next to Runtime tab
18) Click on property LoginModuleClassLoaders
19) Modify this property value to: library:libraryName (where libraryName is the name you deployed your login module library classes in step 2) )
20) Restart J2EE engine
Regards,
Juan Manuel -
Need a simple jaas login module
Hello,
I am in need of a simple jaas login module that makes a NameCallback, gets the name and adds it to the Subject – the simplest login module one can have.
Can anyone provide the same to me.
Thanks in advance.You might find this helpful
http://weblogic-wonders.com/weblogic/2010/06/15/jaas-login-in-weblogic-server/ -
Retrieving JDBC connection from datasource in JAAS login module
Hi,
I have a custom JAAS login module which calls a DAO for accessing user login details. The DAO looks up the datasource to retrieve connections from when the LoginModule is initialized. The datasource is simply defined through the admin interface. When a user tries to login (through the web container) an exception is thrown as shown below:
com.sun.enterprise.InvocationException
at com.sun.enterprise.resource.PoolManagerImpl.getResource(PoolManagerImpl.java:134)
at com.sun.enterprise.resource.JdbcDataSource.internalGetConnection(JdbcDataSource.java:241)
at com.sun.enterprise.resource.JdbcDataSource.getConnection(JdbcDataSource.java:154)
at com.dmdsecure.mobile.security.store.impl.JDBCUserStore.fetchUser(JDBCUserStore.java:330)
at com.dmdsecure.mobile.security.impl.LocalUserManager.authenticate(LocalUserManager.java:70)
at com.dmdsecure.mobile.security.adapter.sunone.DMDLoginModule.authenticate(DMDLoginModule.java:66)
at com.dmdsecure.mobile.security.adapter.sunone.DMDLoginModule.authenticate(DMDLoginModule.java:38)
at com.iplanet.ias.security.auth.login.PasswordLoginModule.login(PasswordLoginModule.java:163)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at com.sun.enterprise.security.auth.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:382)
at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:307)
at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:116)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:201)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:140)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:263)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:496)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:203)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:157)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:598)
It seems the datasource is valid but trying to retrieve connections from it will fail.
Anyone had any similar problems??Nope, sorry ... I am also having other troubles with JNDI lookups, this time from within the init method of a filter ... Seems there may still be some issues here for Sun to iron out ...
-Johan
Maybe you are looking for
-
Can't play VDO tutorials of Apple's web sites
I'm using Mac mini with Mac OS X 10.7.1 in school's proxy server. The port of proxy is 8080. My problem is my mac can not play VDO tutorials of Apple's web sites,http://www.apple.com/iwork/tutorials/#pages-hero (and other VDO of Apple). Every attempt
-
Can I create a time stamp of 2ms or 1ms resolution in a text file
I have trouble creating time stamps in text files that have 2ms resolution. Although my timed loop in LV 7.1 is running the code at 500 Hz without any late iterations, and I record all the data points in the data file, the time stamps are the same in
-
IMovie 6.0.4 locks up with Mavericks
When I try to split an audio track, iMovoe 6 locks up. It did not do that in the previous OSX, but does so in Mavericks. I know Apple is not supporting iMovie 6HD, but why is this happening and is there any workaround besides not splitting an audio t
-
Connecting an Apple 12/640 to my Imac.
I had my 12/640 connected to my iMac for some time prior to putting the printer in storage for about 9 months. When I brought it out again it wouldn't establish a connection. It would appear on my printer set up page and on my list of printers when I
-
Newbie-Size of video for export
I'm trying to finish my video. The problem is that after I exported it and made it into a video, the final product is too small. I was wondering if there are any settings to change the output size of my video so that people can see the details of t