SPNego Authentication

Similar Messages

• Logoff not working after SPNego Authentication

  Hi Experts,
  Configured SPNego authentication sucessfully.
  But after clicking logoff button again logged in back again.
  As per some advice, done as follows
  Example: Portal SSO URL: http://portal.example.com
  Create a URL like http://nonssoportal.example.com (Create the name in the DNS and point it to the IP of your portal server)
  Changed the logoff paramter to point to the new URL. After restart once logoff clicks went to new URL but still SSO ticket authenticating.
  I need to get the login page again so that i can login with administrator or other test user IDs.
  Please post your suggestions.
  Regards,
  Raja. G

  Hi,
  Created the alias for that server and made the logoff URL as http://<alias of the server>:<port>/irj/portal.
  Now am able to achieve the login page however it is asking for the windows authentication while logging off.
  If we click cancel then we can able to achieve the login page.
  Any idea to avoid the popup for asking windows credentials?
  Regards,
  Raja. G

• UI5 and SPNEGO authentication

  Hi,
  we already use the Netweaver Gateway to provide some OData services.
  These services are consumed by some 3rd party software components.
  To authenticate the user at the Gateway, these applications are using the SPNEGO authentication mechanism.
  Now I wanted to start to develop my first UI5 app. Of course I'd like to consume the OData services from our existing gateway installation.
  The main problem that I'm currently facing is, that I don't know how to use Single Sign On (based on Kerberos tickets) to consume the gateway services from an UI5 app. I would like to use SPNEGO but I didn't find any information on how to implement SPNEGO in an UI5 app.
  Can you please provide me some information (or even some code snippets) on how to use SPNEGO authentication from an UI5 app!?!?
  Thanks in advance
  Holger

  Hi Michael,
  Thanks for that.  My opinion of secondary authentication is the same, but hey ho.  The client insists.  I think the main iview is the payslip iview, so it is on the same server as the portal. 
  My thinking was that as form based logon uses com.sap.portal.runtime.logon.certlogon and basic authentication uses com.sap.portal.runtime.logon.basicauthentication they could have different priorities set in authschemes.xml and consequently it asks for secondary authentication.  However, I see your point that they are both in the ticket logon stack.
  Paul

• What is SPNego Authentication Scheme?

  Could anybody please give me overview of SPNego authentication scheme?
  Why its needed??Any docs Available.
  Thanks in advance.
  Any help will be highly appretiated.
  Thanks and Regards
  Gaurav Namdeo

  Hi Gaurav,
  SPNego is Authentication Scheme,And it Ovecomes the limitations of other schems like it works smoothly with Unix And other OS,And many more.
  Go through thease links.
  spnego
  Download ZIP archive from SAP Note 994197
  Unzip the archive
  Deploy EARs
  sap.comtcsecauthjmx~ear.ear
  sap.comtcsecauthspnego~wizard.ear
  ecurity_example.ear
  Active Directory configuration and further more settings have to be done in the Zip file you will get a user guide just refer thet and proceed acording to that.
  Regards
  Vinit

• SPNego authentication to Portal

  Hi
  Can anyone tell me whether SPNego authentication would work when you call the Portal via a web dispatcher? I can authenticate automatically when calling the Portal directly so I know it's configured and working when called directly.
  We have hidden our servers behind a VLAN and allow access only via the web dispatchers.
  Thanks
  Mark

  Thanks Patrick
  Have you got this scenario working yourself?
  I have the following scenario. False names to protect the innocent!!!
  Lets assume Portal server is called - pserver1.sap.somedomain.com
  N.B. Sits in subdomain sap of domain somedomain.com
  It is fronted by two load balanced web dispatchers in the parent domain somedomain.com
  webdisp1.somedomain.com
  webdisp2.somedomain.com
  load balancer is referred to as webdisp.somedomain.com
  To gain access to the portal the dispatcher is running on port 8107 on both web dispatchers
  so...
  Direct access to portal is
  http://pserver1.sap.somedomain.com:50000/irj/portal
  Web dispatcher access is
  http://webdisp.somedomain.com:8107/irj/portal
  Because i'm not sure I have grasped the full implications of Kerberos realms I have set up the following on both domains. It's overkill I know but I wanted to be sure.
  service user s-sid-j2ee on DC for sap.somedomain.com
  setspn -a HTTP/webdisp.somedomain.com:8107 s-sid-j2ee
  setspn -a HTTP/webdisp1.somedomain.com:8107 s-sid-j2ee
  setspn -a HTTP/webdisp2.somedomain.com:8107 s-sid-j2ee
  setspn -a HTTP/pserver1.sap.somedomain.com s-sid-j2ee
  service user s-sid-j2ee on DC for somedomain.com
  setspn -a HTTP/webdisp.somedomain.com:8107 s-sid-j2ee
  setspn -a HTTP/webdisp1.somedomain.com:8107 s-sid-j2ee
  setspn -a HTTP/webdisp2.somedomain.com:8107 s-sid-j2ee
  setspn -a HTTP/pserver1.sap.somedomain.com s-sid-j2ee
  I configured the SPNEGO wizard with both realms and their respective service users.
  result
  I get logged in when accessing pserver1
  I don't when accessing via web dispatcher load balnced address or each individual web dispatcher.
  Any ideas?
  Thanks
  Mark

• SPNEGO Authentication Error

  I have a web application monitor that is throwing an odd error.  It tells me that the "Response Body Evaluation Result" is in error and when I check the response body, I get:
  <html><head><title>SPNEGO authentication is not supported.</title></head><body>SPNEGO authentication is not supported on this client.</body></html>
  The odd part is that the monitor is set up woth no authenticatin.  So, why am I getting theis error?
  Thank
  Bert

  It sounds like the server asks for negotiation of authentication (windows auth?) and since your client doesn't use it, it gets an error. Maybe you would have to use windows auth with this site, in your synthetic test?

• Custom SPNEGO Authenticator

  I'm working on developing a custom spnego authenticator to JBoss. I saw a client example in Advanced JGSS Security Programming. But I haven't found if it's possible to develop a program that accepts a browser's token spnego in the server side. Is it possible in Java 6?
  Thanks a lot!!

  http://dev2dev.bea.com/utilitiestools/security.html

• HTTP/SPNEGO Authentication

  Hi,
  Having read in posting [http://forums.sun.com/thread.jspa?threadID=5362388&tstart=15|http://forums.sun.com/thread.jspa?threadID=5362388&tstart=15] that "Sun's GSSAPI implementation (a.k.a. JGSS) can only generate and consume raw Kerberos tokens and SPNEGO tokens containing Kerberos tokens" I' still wondering why the getPasswordAuthentication() in class MyAuthenticator of Sun's [HTTP/SPNEGO example (2nd case)|http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/part6.html#Example] is not called upon starting the client without giving any arguments, i.e.
  java RunHttpSpnego http://www.ad.local/hello/hello.htmlFrom the server the client receives a
  WWW-Authenticate: Negotiateresponse, and the client should enter the HTTP/SPNEGO challenge/response protocol.
  To summarize, class MyAuthenticator looks like:
  class MyAuthenticator extends Authenticator {
          public PasswordAuthentication getPasswordAuthentication() {
              // I haven't checked getRequestingScheme() here, since for NTLM
              // and Negotiate, the usrname and password are all the same.
              System.err.println("Feeding username and password for "
                 + getRequestingScheme());
              return (new PasswordAuthentication(kuser, kpass.toCharArray()));
      }It should be called as a side effect of openConnection() upon executing the following code:
  Authenticator.setDefault(new MyAuthenticator());
  URL url = new URL(args[0]);
  InputStream ins = url.openConnection().getInputStream();
  ...My client environment is Windows Vista, Java 1.6.0_16, and the client is not a member of an Active Directory.

  Perhaps the issue is with this quote:
  "Sun's GSSAPI implementation (a.k.a. JGSS) can only generate and consume raw Kerberos tokens and SPNEGO tokens containing Kerberos tokens"
  I believe the HttpURLConnection class in JDK 1.6 can handle NTLM.
  Meaning, if you logon to your workstation as a domain user and run the java code, it is probably using NTLM.
  I recall noticing this when I put TCPMon between the workstation and the server.

• SPNego authentication not working

  Hi,
  We are trying to configure SPNego and we are facing issues. We had done the configuration in another environment and it worked fine.
  I have checked the configuration at AD end and portal end multiple
  times and everything looks to be fine. Following is the error message coming in the logs.
  [JGSS_DBG_CTX] Client time Sat Feb 03 13:09:32 GMT 2007 too skewed
  13:04:05:373 Error Guest ~on_Thread[impl:3]_1 System.err org.ietf.jgss.GSSException, major code: 10, minor code: 37
  major string: Defective token
  minor string: Client time 03 February 2007 at 13:09:32 too skewed
  13:04:05:373 Error Guest ~on_Thread[impl:3]_1 System.err at com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java:5)
  at com.ibm.security.jgss.mech.krb5.k.a(k.java:896)
  at com.ibm.security.jgss.mech.krb5.k.a(k.java:6)
  at com.ibm.security.jgss.mech.krb5.k.b(k.java:231)
  at com.ibm.security.jgss.mech.krb5.k.acceptSecContext(k.java:1010)
  at com.ibm.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:30)
  at com.ibm.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:370)
  at com.sap.security.core.server.jaas.SPNegoLoginModule.doHandshake(SPNegoLoginModule.java:614)
  at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:322)
  at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:150)
  at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
  at java.security.AccessController.doPrivileged(AccessController.java:242)
  at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:172)
  at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
  at java.lang.reflect.Method.invoke(Method.java:391)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:699)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:151)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:634)
  at java.security.AccessController.doPrivileged(AccessController.java:242)
  at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:631)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:557)
  at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:142)
  at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:303)
  at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)
  at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
  at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
  at java.security.AccessController.doPrivileged(AccessController.java:242)
  at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
  at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
  at com.sap.portal.navigation.Gateway.service(Gateway.java:126)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
  at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
  at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:160)
  at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
  at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
  at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
  at java.security.AccessController.doPrivileged(AccessController.java:215)
  at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
  at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  Any help is highly appreciated.
  Many Thanks,
  Chandra

  Hi,
  per this part of the exception:
  minor string: Client time 03 February 2007 at 13:09:32 too skewed
  there seems to be a problem with the time syncronizations between the domain controller, the client system and the SAP NetWeaver system. Check that all system clocks are syncronized and have the correct time zone settings.
  Hope this helps,
  Yonko

• Error in visual administrator while implementing Spnego authentication sche

  hi,
  i have under gone all thease steps.
  for implementation of SPnego sceme on my portal.
  >downloaded SPnego wizad file from note specified.
  >unziped it and got .ear files
  >deployed those .ear files on my server.
  >now went for service user J2ee configuration  on visual administrator.
  >when i clicked on deploy and start button .
  >it asked me to browse file .
  >first .ear file was taken sucessfully.
  >in second file it give me this error message .
  ie>The directory D:\usr\.............\.....\   will be used for extracting the EAR file.the directory content will be deleated. please back up all usefullinformation from it
  >shall i click on ok and proceed further or not.
  please suggest me  what to do.

  Hi Sumit Bhargav,
  Based on the error message, it seems that the issue is related to NHivernate and MSBuild, but
  VS General Question forum discusses the usage issue of Visual Studio IDE such as
  WPF & SL designer, Visual Studio Guidance Automation Toolkit, Developer Documentation and Help System
  and Visual Studio Editor. In order to check where the issue is, could you please create a new and simple web application without having NHibernate, build it and clean the project?
  Whether the web application can be built successfully?
  If you get this error when you build or clean any solution, maybe you are experiencing the same issue 
  described here:
  http://stackoverflow.com/questions/26930376/how-to-fix-checkattributes-task-could-not-be-loaded-error-after-installing-v
  Please check whether the Microsoft.Web.Publishing.Tasks.dll assembly is located at
  C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v12.0\Web. If no, please copy it from somewhere else to this path. If you can’t get a copy of this assembly, I suggest uninstalling VS 2013 Update 4 or uninstalling and
  reinstalling all VS components.
  If the issue only occurs in the web app with NHibernate implement, then this issue is more related to the specific NHibernate implement in ASP.NET. I recommend consulting
  your issue on ASP.NET forum: http://forums.asp.net/
  Best regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• SPNego - LOGIN.FAILED error

  Hello,
  Hello gurus,
  we have installed BI 7.0 SP15 with Portal as the java side of the BI (double stack). We have CI + 3 dia instances.
  We get the following error only on the CI server:
  LOGIN.FAILED
  User: N/A
  Authentication Stack: com.sun.security.jgss.accept
  Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
  1. com.sun.security.auth.module.Krb5LoginModule                            OPTIONAL    ok          exception             false      null
  2. com.sun.security.auth.module.Krb5LoginModule                            OPTIONAL    ok                                false     
  3. com.sun.security.auth.module.Krb5LoginModule                            OPTIONAL    ok                                false
  The problem is that the SPNego authentication is not working on that server, we get the logon screen. On the other servers the authentication is working perfectly.
  What I've checked:
  *The spn is set correctly.
  *The wizard was configured.
  Please advice,
  Dimitry Haritonov

  Are you use Windows x64? Per Note 716604 - Access to Sun J2SE and recommended J2SE options
  your 1.4.2_17 -->
  With 1.4.2_14 - 1.4.2_17 you get an exception using Kerberos authentication with WebAS Java
  Best for you open OSS call to SAP -->
  http://service.sap.com/message
  Regards.

• SPNego for multi-forest using IBM JDK

  Hi All,
  I need to setup SPNego authentication for EP7 and IBM JDK for a multi-forest landscape (2 Active directory domains).  There's a guide about how to do this for Sun JDK : https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/c771c3d3-0c01-0010-b5b6-86755a2cf778 but I need one for IBM JDK as the login stack mudules are different.
  Can anyone supply me with a guide or any helpful information regarding this ?  Do you know if it works?  I've currently got SPNego working for a single domain.
  Thanks in Advance,
  Anthony

  Jan,
  ok, thanks. I will now explain how I think we can help.
  Firstly, to be sure you understand - I represent a SAP partner company known as CyberSafe, and we have a product which uses SPNEGO for Kerberos authentication in a browser environment, so my answer relates mainly to our product functionality, and not related to the SAP login module, which has less functionality.
  I must also apologise in case anybody reading this thread has an issue with me discussing non-SAP software. My view is that the most important thing on this forum is to help you (the SAP customer) get a solution that meets your needs, and if this involves SAP Partner products as well as SAP products, then that is acceptable.
  Firstly, our product does not use the Java implementation of Kerberos. Instead, we use a JNI (Java Native Interface) so that our host based Kerberos library can be used to implement the protocol. This means that any differences between IBM, SUN or any other vendor JDK version related to Kerberos functionality, multi-domain support etc. are not relavent to our product. We support many things in our product which are not supported in Java implementations of Kerberos, so you don't need to wait for new versions of JDK to take advantage.
  Secondly, and perhaps more relavent to this discussion is that our login module authenticates the user by decrypting the service ticket received using the key in the Key Table File on the host, and then we map this principal name onto a SAP user id. We then (via. the login module stack) cause the SAP system to issue an SSO2 logon ticket for this user id. The secret is the way we perform the mapping - we are not dependant on UME datasources for this, and I will describe below how we acheive mapping by using an example :
  Lets suppose a user is authenticated as user.name@DOMAIN1, the SAP system login module has been setup using domain 2 (Realm = DOMAIN2) and trusted via a key in a key table file, with principal name of HTTP/hostname@DOMAIN2. Then, using normal Kerberos cross realm trust, and cross realm TGTs the browser requests a ticket from AD for HTTP/hostname@DOMAIN2, and this is issued by AD in domain 2 using the cross realm TGT, but the principal name of the authenticated user inside this service ticket is user.name@DOMAIN1. The login module on the SAP server can decrypt the ticket it receives to find the users Kerberos principal name.
  So, the login module knows the user is user.name@DOMAIN1, it then has to decide how to determine the SAP user id. Our login module currently supports two different methods of performing this mapping, but we are adding more methods in each release to make the product even more flexible. Currently we support the following methods :
  1. Simple mapping - this is where we remove the realm name and convert the principal name to upper case, so in this example user.name@DOMAIN1 would be mapped to a SAP userid of USER.NAME and used to issue an SSO2 ticket. Clearly this is only suitable for single domains, and makes administration very easy - many of our customers use this method, but you would need a different mapping method due to yoru multiple domains.
  2. USRACL mapping - Since we also sell an SNC product for SAP GUI SSO, our customers already maintain mapping of Kerberos principal name to SAP user id using a table in ABAP engine called USRACL. This table is maintained using SU01 transaction. We now have support in our login module to read the USRACL table using the authenticated Kerberos principal name of the user (e.g. user.name@DOMAIN1) and find the required SAP user id, so that an SSO2 logon ticket can be issued.
  I hope this helps you understand. If you are interested in more detail about our product, and how we might be able to help you, please feel free to contact me offline instead of via this forum.
  Thanks,
  Tim

• Questions regarding SPNego with ADS

  Hello Michael,
  I don't really understand why you like to be able to login as UME Administrator. Why don't you provide the necessary permissions to the user you use for kerberos login?
  Regarding point 2: yes, you are reauthenticated. Some similar issues have already been discussed a lot of times in the past in SDN forum. Please check via search if you can find a solution. By the way: there is a discussion of how to bypass spnego just some days ago: /thread/964827 [original link is broken]
  Regards
  Anja

  Hello all
  Sorry I asked stupid questions that are already answered somewhere within SDN.
  I'd like to use SPNego- together with BasicPassword-Authentication because there will be e.g. external users with access to the Portal. Additionally, the Portal is also accessible from Intra- and Internet, so the users are able to access time & vacation management from their non-domain devices, e.g. home-PCs or mobiles. These devices are of course not in the Domain and it may be hard to emphasise the benefits of SPNego-Authentication within the company if the user has to enter his credentials twice if he logs in from another location.
  The link mentioned by Anja refers to a solution that involves custom LoginModule coding to check whether a user is in the internal network. Unfortunately it seems this is the only solution at the moment.
  BR
  Michael

• SPNEGO  and Windows 2008

  Hello,
  We've had  SPnego integrated authentication for Windows working with our EP  for sometime.
  Our company is moving to W2k8 domain and dc's  (kdc's)  for this question. 
  When one of our kdc functional servers has been replaced,  it appears that the SPNego authentication function  has started to fail  upon restart of  the Java\EP  system.
  Can anyone  provide any info as to what might need to change for the continued use of the  SPNego authentication against a W2k8 kdc?
  Upon pointing the java\ep system back to a w2k3 kdc  the implementation continues to work.  So it looks to be  windows version related.
  Appreciate any help.  Not seeing much from SAP areas possibly related to this?
  Rick

  Hi,
  >the Windows 2008 R2 server does not support DES encryption by default. So you have to enable it manually
  This workaround works but is not secure : DES has been abandonned for default because it has been conpromised.
  The real solution is to use the new SAP SPNEGO/Kerberos implementation which is able to use RC4 or AES.
  If you cannot because of an unsufficient relaase or SP level, you have to do like we had to do in my company : buy a third party product which is able to use RC4 even for Netweaver 7.0 J2EE.
  The security team has forbidden the use of DES in my company...
  Regards,
  Olivier

• Web Diagtool error while testing for SPNEGO

  Dear Experts,
  I have configured SPNEGO and got some trace from web-daigtool. While connecting through portal, I get UNKNOWN ERROR in the login page. I have checked the j2ee user password and its fine..The trace is as below,
  GSS Context created.
  12:23:45:618 Info J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 System.out Entered Krb5Context.acceptSecContext with state=STATE_NEW
  12:23:45:618 Info J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 System.out >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
  12:23:45:620 Error J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~rity.core.server.jaas.SPNegoLoginModule CreateContext failed: GSSException: Failure unspecified at GSS-API level (Mechanism level: Integrity check on decrypted field failed (31))
  [EXCEPTION]
  h1 GSSException: Failure unspecified at GSS-API level (Mechanism level: Integrity check on decrypted field failed (31))
  at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
  at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
  at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
  at com.sap.security.core.server.jaas.SPNegoLoginModule.doHandshake(SPNegoLoginModule.java:612)
  at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:321)
  at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:150)
  at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:172)
  at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
  at java.security.AccessController.doPrivileged(Native Method)
  12:23:45:623 Error J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~rity.core.server.jaas.SPNegoLoginModule Error during handshake (has already been reported). Authentication failed.
  12:23:45:623 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.engine.services.security Login module com.sap.security.core.server.jaas.SPNegoLoginModule from authentication stack spnego does not authenticate the caller.
  12:23:45:623 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~m.sap.security.core.server.jaas.login() Entering method
  12:23:45:623 Info J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas No authenticated user found.
  12:23:45:623 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas Exiting method with false
  12:23:45:624 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.engine.services.security No user name provided.
  12:23:45:624 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~m.sap.security.core.server.jaas.login() Entering method
  12:23:45:624 Info J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas No authenticated user found.
  12:23:45:624 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas Exiting method with false
  12:23:45:624 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.engine.services.security Unsuccessful login: no login module succeeded. The size of the used authentication stack spnego is 5.
  12:23:45:625 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.engine.services.security Exception : No login module succeeded.
  java.lang.Exception
  at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1141)
  at com.sap.exception.BaseExceptionInfo.<init>(BaseExceptionInfo.java:253)
  at com.sap.engine.services.security.exceptions.BaseLoginException.<init>(BaseLoginException.java:134)
  at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:190)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:172)
  at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
  at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:131)
  at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:303)
  at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)
  at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
  at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
  at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
  at com.sap.portal.navigation.Gateway.service(Gateway.java:126)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
  at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
  at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
  at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
  at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
  at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
  at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  ..more error below

  12:23:45:626 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~m.sap.security.core.server.jaas.abort() Entering method
  12:23:45:626 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas Internal Login Module data has been reset.
  12:23:45:626 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas Exiting method with true
  12:23:45:626 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~m.sap.security.core.server.jaas.abort() Entering method
  12:23:45:626 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas Exiting method with true
  12:23:45:627 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~m.sap.security.core.server.jaas.abort() Entering method
  12:23:45:627 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas Exiting method with true
  12:23:45:627 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~][md=getUserAccountByLogonId][cl=19874] Entering method
  12:23:45:627 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~][md=getUserAccountByLogonId][cl=19874] Found uniqueID for logonId J2EE_GUEST
  12:23:45:627 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~][md=getUserAccountByLogonId][cl=19874] Exiting method with userAccount from cache
  12:23:45:628 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~.security.core.server.jaas.initialize() Entering method with (Subject:
  , javax.security.auth.login.LoginContext$SecureCallbackHandler@6f6b52b2)
  12:23:45:628 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas The options of EvaluateTicketLoginModule in [spnego] authentication stack are: [{ume.configuration.active=true, trustediss1=OU=J2EE,CN=ABC, trustedsys1=ABC,555, trusteddn1=OU=J2EE,CN=ABC}].
  12:23:45:628 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~s.constructor(Map, Properties, boolean) Entering method with ({System-ID=ABC, sap.security.auth.configuration.name=spnego, sap.security.auth.context.object=Security Context : session (0) for J2EE_GUEST created at Wed Mar 11 12:13:58 AST 2009}, <null>)
  12:23:45:628 Info J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas got [ume.configuration.active]: [true]
  12:23:45:629 Warning J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas no authscheme found that has auth template spnego
  12:23:45:629 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas Exiting method with [Ljava.lang.Object;@6f025d43
  12:23:45:629 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~ity.core.server.jaas.getMergedOptions() Entering method
  12:23:45:629 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas Exiting method with [Ljava.lang.Object;@43912a5
  12:23:45:629 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas The options of EvaluateTicketLoginModule in [spnego] authentication stack after merge with UME properties are: [{ume.configuration.active=true, trustediss1=OU=J2EE,CN=ABC, system=ABC, client=555, j_authscheme=default, inclcert=0, trusteddn1=OU=J2EE,CN=ABC, ume.logon.httponlycookie=TRUE, alias=SAPLogonTicketKeypair, ume.logon.security.enforce_secure_cookie=FALSE, validity=8, keystore=TicketKeystore, trustedsys1=ABC,555, password=}].
  12:23:45:629 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas The options of EvaluateTicketLoginModule in [spnego] authentication stack after adding the default values are: [{ume.configuration.active=true, trustediss1=OU=J2EE,CN=ABC, system=ABC, client=555, j_authscheme=default, inclcert=0, trusteddn1=OU=J2EE,CN=ABC, ume.logon.httponlycookie=TRUE, alias=SAPLogonTicketKeypair, sap.security.auth.configuration.name=spnego, ume.logon.security.enforce_secure_cookie=FALSE, validity=8, keystore=TicketKeystore, trustedsys1=ABC,555, password=}].
  12:23:45:630 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas Exiting method
  12:23:45:630 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~.security.core.server.jaas.initialize() Entering method with (Subject:
  , javax.security.auth.login.LoginContext$SecureCallbackHandler@6f6b52b2, {System-ID=ABC, sap.security.auth.configuration.name=spnego, sap.security.auth.context.object=Security Context : session (0) for J2EE_GUEST created at Wed Mar 11 12:13:58 AST 2009}, {ume.configuration.active=true})
  12:23:45:630 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas The options of CreateTicketLoginModule in [spnego] authentication stack are: [{ume.configuration.active=true}].
  12:23:45:630 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~s.constructor(Map, Properties, boolean) Entering method with ({System-ID=ABC, sap.security.auth.configuration.name=spnego, sap.security.auth.context.object=Security Context : session (0) for J2EE_GUEST created at Wed Mar 11 12:13:58 AST 2009}, <null>)
  12:23:45:630 Info J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas got [ume.configuration.active]: [true]
  12:23:45:631 Warning J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas no authscheme found that has auth template spnego
  12:23:45:631 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas Exiting method with [Ljava.lang.Object;@3ef710cd
  12:23:45:631 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~ity.core.server.jaas.getMergedOptions() Entering method
  12:23:45:631 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas Exiting method with [Ljava.lang.Object;@4e702306
  12:23:45:631 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas The options of CreateTicketLoginModule in [spnego] authentication stack after merge with UME properties are: [{ume.configuration.active=true, system=ABC, client=555, j_authscheme=default, inclcert=0, ume.logon.httponlycookie=TRUE, alias=SAPLogonTicketKeypair, ume.logon.security.enforce_secure_cookie=FALSE, validity=8, keystore=TicketKeystore, password=}].
  12:23:45:632 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas The options of CreateTicketLoginModule in [spnego] authentication stack after adding the default values are: [{ume.configuration.active=true, system=ABC, client=555, j_authscheme=default, inclcert=0, ume.logon.httponlycookie=TRUE, alias=SAPLogonTicketKeypair, sap.security.auth.configuration.name=spnego, ume.logon.security.enforce_secure_cookie=FALSE, validity=8, keystore=TicketKeystore, password=}].
  12:23:45:632 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.server.jaas Exiting method
  12:23:45:632 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~.security.core.server.jaas.initialize() Entering method with (Subject:
  , javax.security.auth.login.LoginContext$SecureCallbackHandler@6f6b52b2, {System-ID=ABC, sap.security.auth.configuration.name=spnego, sap.security.auth.context.object=Security Context : session (0) for J2EE_GUEST created at Wed Mar 11 12:13:58 AST 2009}, {ume.configuration.active=true})
  12:23:45:635 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.engine.services.security Unsuccessful login: no login module succeeded. The size of the used authentication stack spnego is 5.
  12:23:45:637 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.engine.services.security Exception
  : No login module succeeded.
  java.lang.Exception
  at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1141)
  at com.sap.exception.BaseExceptionInfo.<init>(BaseExceptionInfo.java:253)
  at com.sap.engine.services.security.exceptions.BaseLoginException.<init>(BaseLoginException.java:134)
  at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:190)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:172)
  at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
  at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:848)
  at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:367)
  at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:126)
  at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
  at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
  at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  12:23:45:637 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~m.sap.security.core.server.jaas.abort() Entering method
  com.sap.security.core.server.jaas Exiting method with true
  12:23:45:639 Info J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~l.SecurityAudit][md=log(...)][cl=19874] ObjectID handed over is 'null'!
  12:23:45:639 Warning J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 com.sap.security.core.util.SecurityAudit J2EE_GUEST | LOGIN.ERROR | null |  | Login Method=[default], UserID=[null], IP Address=[10.150.162.205], Reason=[No login module succeeded.]
  12:23:45:639 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~][md=getUserAccountByLogonId][cl=19874] Entering method
  12:23:45:640 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~][md=getUserAccountByLogonId][cl=19874] Found uniqueID for logonId J2EE_GUEST
  12:23:45:640 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~][md=getUserAccountByLogonId][cl=19874] Exiting method with userAccount from cache
  12:23:45:646 Error J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~n.SAPMLogonLogic][md=doLogon][cl=22651] h1 doLogon failed
  [EXCEPTION]
  com.sap.security.core.logon.imp.UMELoginException
  at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:943)
  at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:367)
  at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:126)
  at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
  at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
  at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
  at com.sap.portal.navigation.Gateway.service(Gateway.java:126)
  12:23:45:647 Info J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~rBean][md=ErrorBean(Message)][cl=19874] message UNKNOWN_ERROR
  12:23:45:648 Error J2EE_GUEST SAPEngine_Application_Thread[impl:3]_0 ~.util.ResourceBean][md=print][cl=19874] Message ID (UNKNOWN_ERROR) not found in properties files-UNKNOWN_ERROR
  [EXCEPTION]
  java.util.MissingResourceException: Can't find resource for bundle java.util.PropertyResourceBundle, key h1 UNKNOWN_ERROR
  at java.util.ResourceBundle.getObject(ResourceBundle.java:325)
  at java.util.ResourceBundle.getObject(ResourceBundle.java:322)
  at java.util.ResourceBundle.getString(ResourceBundle.java:285)
  at com.sap.security.core.util.ResourceBean.getString(ResourceBean.java:119)
  at com.sap.security.core.util.ResourceBean.print(ResourceBean.java:133)
  at sapportalsjspumLogonPage.subDoContent(_sapportalsjsp_umLogonPage.java:538)
  at sapportalsjspumLogonPage.doContent(_sapportalsjsp_umLogonPage.java:67)
  at sapportalsjspumLogonPage.service(_sapportalsjsp_umLogonPage.java:47)
  at com.sapportals.portal.prt.core.broker.PortalComponentItemFacade.service
  12:23:48:712 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_38 ~.security.core.server.jaas.initialize() Entering method with (Subject:
  , javax.security.auth.login.LoginContext$SecureCallbackHandler@6038a47d)
  12:23:48:712 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_38 com.sap.security.core.server.jaas The options of EvaluateTicketLoginModule in [spnego] authentication stack are: [{ume.configuration.active=true, trustediss1=OU=J2EE,CN=ABC, trustedsys1=ABC,555, trusteddn1=OU=J2EE,CN=ABC}].
  12:23:48:712 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_38 ~s.constructor(Map, Properties, boolean) Entering method with ({System-ID=ABC, sap.security.auth.configuration.name=spnego, sap.security.auth.context.object=Security Context : session (0) for J2EE_GUEST created at Wed Mar 11 12:13:58 AST 2009}, <null>)
  12:23:48:712 Info J2EE_GUEST SAPEngine_Application_Thread[impl:3]_38 com.sap.security.core.server.jaas got [ume.configuration.active]: [true]