SSO is failing in custom login module

Hi All,
We are facing a problem with SSO in Portal, which is being called from another Intranet Application after
SP Upgrade. We have a common Intranet site which is a center point of access to many other applications like Portal, Java etc.
We used Login Custom Module Applicatio to develop the SSO from Local Intranet to Portal.
It was working fine till the SP Upgrade.
We were earlier using EP7 SP15 and IE6.
Now we upgraded to EP7 SP24. IE is 6 only. But now SSO is failing.
When Portal Link is clicked from the Local Intranet site it is re directing to Portal Authentication Screen,
insted of loggging in directly.
Kindly help in this.
Regards,
V V Lakshmi.

Hi,
Thank you for your reply. Already placed log files and it is failing at HttpSetterCallBack Handler.
It is returning a callback.gettype() value "17". Do you have any idea why is this 17 coming from?
Regards,
V V Lakshmi

Similar Messages

  • Custom login module and SSO using 10.1.3.3

    We are using ADF 10.1.3.3 to build applications and recently a requirement from a customer was to use LDAP for authentication but use internal application tables for authorisation. So essentially the username and password will be in LDAP but all the roles definition are in the application. This is because the LDAP directory has tight controls on contents and is used enterprise wide.
    I created a proof of concept to address this requirement using the examples at
    http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
    and also
    http://technology.amis.nl/blog/1462/create-a-webapplication-secured-with-custom-jaas-database-loginmodule-deploy-on-jdeveloper-1013-embedded-oc4j-stand-alone-oc4j-and-opmn-managed-oc4j-10g-as
    specifically using DBProcLoginModule to call a database package.
    The PL/SQL package I created used DBMS_LDAP to call an LDAP directory with the username and password to check authentication and then used internal application tables to get the authorisation details required.
    All this worked very well. I tested on both the embedded OC4J and also standalone OC4J.
    Then one of my peers said will this work with SSO? Specifically we use Oracle OID as we have SSO for Forms and Reports.
    My experience with SSO has been with Oracle OID and having all the user and role details stored within OID.
    So my issue now is can I integrate the custom login module approach I have used with SSO? My knowledge of SSO and OID is limited so I'm not sure how (or if) it would interact with a custom login module. Are the two mutually exclusive?
    Any guidance is appreciated.
    Regards,
    Adrian

    Hi,
    this question should be posted to the Oracle Application Server forum or the security forum. However, based on my findings and experience in this area, I don't think that SSO is integrated with custom LoginModules since the integration would need to be coded in the LoginModule.
    Frank

  • Custom Login Module, SSO Ticket validity & Login Module Stack

    Hi everybody,
    we have a portal (running on jboss) which links to a J2EE web application (running on SAP WAS 6.40) which itself is protected by a custom login module and redirects to different WebDynpro applications (running on same WAS as the J2EE app) depending on some parameters.
    So when we go from the portal to the J2EE web application, the custom login module authenticates the user, creates a MYSAPSSO2 Cookie and then redirects to a webdynpro app.
    What happens is that the webdynpro app doesn't accept the cookie and redirects to the login mask.
    Looking at the request header parameter HOST we have the request coming from sub1.sub2.mycompany.com, which is the portal.
    The WAS is located on sub3.mycompany.com.
    If we manipulate the HOST parameter to sub2.mycompany.com everything works fine and the webdynpro app successfully authenticates the user.
    This does sound either like a domain relaxing issue or a multi domain issue, which we added as parameters to the CreateTicketLoginModule in the Login Module Stack for the J2EE web app.
    Unfortunately without result.
    Did anybody have a similar problem and can give some hints on how to solve this?
    Any help is appreciated
    Regards,
    md
    Edited by: Minh-Duc Truong on Jul 17, 2008 7:18 PM
    Edited by: Minh-Duc Truong on Jul 17, 2008 7:19 PM
    Edited by: Julius Bussche on Jul 18, 2008 7:25 PM

    Hi md,
    I have split your 2nd question into a seperate thread => That would make them easier to answer as well, which will help.
    You can find it here: Custom Login Module, LM Stack ignored
    Cheers,
    Julius
    Edited by: Julius Bussche on Jul 18, 2008 7:26 PM

  • J2EE 6.40 Custom Login Module - how to config

    hello all,
    i am using WAS J2EE 6.40 Sneak Preview edition. Read all i can find about custom login module, in the forum and the online help. still confused. pls help.
    here is the background info:
    - i am writing a web app. the EAR file contains 5 ejbs, 1 war and bunch of java classes in jars.
    - access to my web app is protected through url pattern (in web.xml), i've defined the same named security role in web.xml and on j2ee engine.
    - my login module does the user name and password checking. both are stored in database through some other means.
    - login is FORM based
    following the discussion in another thread on the topic, i did the following:
    #1 develop my login module code. packaged it in a jar, then sda file. deploy the sda as a llibrary to the engine.
    #2 add my login module to the security store through the security provider service.
    #3 configure my web app to use the custom login module in web-j2ee-engine.xml
    #4 deploy my web app through the ear file
    at this point, in the visual administrator, i can see the library, the custom login module (added to the UME User Store), and also my web app has authentication set to use the custom login module (under policy configurations tab).
    now i try to login to my web app. it correctly complains when i enter non-existent user or wrong password and brings me to the login failed jsp page. but when i enter both correctly (as stored in my database), i get http 403 error code. i know it is 403 because i set that error code to a special jsp page in web.xml.
    question is why? now i create a user on the j2ee engine with the same name as in my user database. then i can login ok. i am confident that my login module is called since i see the println lines in j2ee engine server logs.
    ??? so i must be missing something obvious. is it because my web app is protected through security-role? i even tried removing all such roles, but still same problem.
    ??? or do i completely mis-understand how custom login modules are supposed to work. i thought it means i can authenticate users any way i want without having to use the j2ee engine's user mgmt. pls tell me if i am totally wrong.
    ??? or maybe my login module code is missing some key stmts. how should it tell the j2ee engine that a user is authenticated? in the login() method, it returns true if user name/passwd match. in the commit() method, it adds the principal to the subject. i don't what else is required.
    does anyone have a working scenario using custom login modules?
    thanks very much for your inputs and thoughts.
    wentao

    Hi Astrid,
    I guess I have the same understanding of JAAS as you. I want to deploy an application that internally makes use of JAAS to authenticate users. There is a LoginModule that authenticates users against some database tables containing all the user data and profile. The application was not designed to be deployed to NetWeaver. So it does not make use of UME or some other NetWeaver specific feature. Actually it handles user management and authoroization issues completely on its own. The only reason for having JAAS is to allow customers to plug in their own LoginModule to use some other kind of user store.
    When deploying the web application to a simple servlet engine like Tomcat, all I have to do is to register my LoginModule in the "jaas.conf" file that is parsed by JAAS default implementation. I also tell the JVM where my jaas.conf file is located by appending a "-Djava..." runtime parameter to the JVM startup script.
    When using other application servers like IBM WebSphere things become a bit different. Normally you use the administration GUI of that server to configure your LoginModules. WebSphere for example keeps the login configuration in an internal database rather than writing everything into a "jaas.conf" text file. But the way the application can use the LoginModule is the same as in Tomcat.
    But when it comes to Netweaver, it seems to me that it's not possible to define a LoginModule that your application can use WITHOUT having to couple it tightly to UME. Or did I get something wrong? Initially I've tried to modify the JVM's parameters (using SAP J2EE Config Tool) to include the location of my "jaas.conf" file containing the my login configuration. But that did not work. The parameter was really passed to the JVM but anyway my LoginModule was not found, I guess that NetWeaver has some own implementation of the JAAS interfaces that just ignore the plain text JAAS configuration files (like WebSphere also does).
    The documentation that I have downloaded from SDN doesn't seem to match the 6.4 sneak preview version that I just downloaded some days ago. They say you should deploy your LoginModule as a library and add a refernce to the application. I tried that out but it did not help. The login configuration that the application wants to access is still not found. Actually there seems to be no way to specify the name for a JAAS Login Configuration in NetWeaver. At least I cound not find that in the documentation.
    So basically my question is: is it possible to deploy an application that wants to use some own LoginModule (either deployed separately or together with the application, that does not matter) without making use of Netweaver specific features like UME? The application has its own user management infrastructure and just needs a way to setup a JAAS Login Configuration to access its own LoginModule.
    Thanks in advance
    Henning

  • Callbacks does not work in custom login module

    Hi,
    We are upgrading portal from 7.01 to 7.31. I am working on custom login module.
    I am using NameCallBack, PasswordCallback and httpcallback  (prior to upgrade used webCallback which is deprecated in 7.31)
    All these three callbacks works fine in our sandbox which uses Portal Database as UME, But same code fails and returns NULL for callbacks in Dev system where we use Active Directory.
    //In initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
    super.initialize(subject, callbackHandler, sharedState, options);
    this.callbackHandler = callbackHandler;
    // in logion()
    NameCallback nameCallback = new NameCallback("User name: ");
    PasswordCallback passwordCallback = new PasswordCallback("Password: ", true);
    try
      callbackHandler.handle(new Callback[] { nameCallback, passwordCallback });
    Any ideas will be appreciated.
    Thanks,
    Dileep

    Should be fixed in 4.5.  Set mouseEnabled=true on the Panel

  • How to get Custom Login Module to communicate with frontendtarget

    We have created a custom login module and placed it in our login module stack.
    So we have the following 3 Login Modules in our stack:
    EvaluateTicketModule
    OurCustomLoginModule
    CreateTicketModule
    Also we are using the standard SAP login screen for our frontendtarget, see our authschemes.xml entry:
    <authscheme name="cglogon">
                <authentication-template>
                    form
                </authentication-template>
                <priority>21</priority>
                <frontendtype>2</frontendtype>
                <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
            </authscheme>
    Question:
    There are standard screens in the SAP login PAR:
                changePasswordPage.jsp
                umLogonProblemPage.jsp
                umResetPasswordPage.jsp
    How do I trigger one of these screens from my Login() method of my
    custom login module?  I thought if I throw some specific exception, these screens would
    be called?

    A bit more info. 
    We created a new Authentication Scheme for certain iviews that are deemed more "sensitive" that required a step-up authentication. 
    I changed the Iview property "Authentication Scheme" to our custom one.
    If I navigate into one of these more sensitive Iviews, I get the standard SAP login screen: <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
    Whis is what i expect.
    I enter a username and password and click Logon button.  I see that it successfully hits our custom login module and goes through Login(), and Commit() methods and finally displays the iview i originally requested.
    However, on a failure, i want it to return focus to the SAP login screen with an error explaining why...(i.e. wrong password, account locked, etc.)
    However, It always give iview runtime exception with Access Denied.
    #1.5 #0018FE8C6FD800690000029000004D6C00045B6E5E7D6014#1226429496628#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Debug##Java###Login module {0} from authentication stack {1} does not authenticate the caller.#2#companyname.com.CGLoginModuleClass#form#
    #1.5 #0018FE8C6FD800690000029100004D6C00045B6E5E7D6275#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule.abort()#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Plain###Entering method#
    #1.5 #0018FE8C6FD800690000029200004D6C00045B6E5E7D6308#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Debug##Plain###Internal Login Module data has been reset.#
    #1.5 #0018FE8C6FD800690000029300004D6C00045B6E5E7D6386#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.EvaluateTicketLoginModule#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Java###Exiting method with {0}#1#true#
    #1.5 #0018FE8C6FD800690000029400004D6C00045B6E5E7D6438#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule.abort()#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Plain###Entering method#
    #1.5 #0018FE8C6FD800690000029500004D6C00045B6E5E7D64B2#1226429496629#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#sap.com/irj#com.sap.engine.services.security.authentication.loginmodule.ticket.CreateTicketLoginModule#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Path##Java###Exiting method with {0}#1#true#
    #1.5 #0018FE8C6FD800690000029700004D6C00045B6E5E7D6750#1226429496630#com.sap.engine.services.security.authentication.logincontext#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Info#1#/System/Security/Authentication#Plain###LOGIN.FAILED
    User: N/A
    Authentication Stack: form
    Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
    1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          exception             true       authscheme not sufficient: uidpwdlogon<cglogon
            \#1 ume.configuration.active = true
    2. companyname.com.CGLoginModuleClass                                         REQUISITE   ok          exception             true       Authentication did not succeed.
    3. com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok                                true      
            \#1 ume.configuration.com = true#
    #1.5 #0018FE8C6FD800690000029900004D6C00045B6E5E7DA973#1226429496647#System.err#sap.com/irj#System.err#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Plain###Nov 11, 2008 10:51:36...                    com.sap.portal.portal [SAPEngine_Application_Thread[impl:3]_24] Error: Exception ID:10:51_11/11/08_0002_176065950
    #1.5 #0018FE8C6FD800690000029B00004D6C00045B6E5E7DCA91#1226429496647#com.sap.portal.portal#sap.com/irj#com.sap.portal.portal#JOHNDOE#182##servername_EPX_176065950#JOHNDOE#bb3365a0b02111ddabea0018fe8c6fd8#SAPEngine_Application_Thread[impl:3]_24##0#0#Error#1#/System/Server#Java###Exception ID:10:51_11/11/08_0002_176065950
    [EXCEPTION]
    {0}#1#com.sapportals.portal.prt.runtime.PortalRuntimeException: Access is denied: pcd:portal_content/com.companyname.portal.capitalgroup/com.companyname.com.security/com.companyname.portal.cghressnaaa/com.sap.pct.ess.employee_self_service/com.companyname.pg_sensitiveWebdynpro/com.cg.ivu_saplogon_0 - user: Guest
         at com.sapportals.portal.prt.deployment.DeploymentManager.getPropertyContentProvider(DeploymentManager.java:1936)
         at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.refresh(PortalComponentContextItem.java:230)
         at com.sapportals.portal.prt.core.broker.PortalComponentContextItem.getContext(PortalComponentContextItem.java:312)
         at com.sapportals.portal.prt.component.PortalComponentRequest.getComponentContext(PortalComponentRequest.java:385)
         at com.sapportals.portal.prt.connection.PortalRequest.getRootContext(PortalRequest.java:435)
         at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:607)
         at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)
         at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:545)
    and here's my login method...
         public boolean login() throws javax.security.auth.login.LoginException
              this.succeeded = false;
              String passwordString = "";
              if (callbackHandler == null)
                   throw new LoginException("Error: no CallbackHandler available to garner authentication information from the user");
              HttpGetterCallback httpgettercallback = new HttpGetterCallback();
              NameCallback nc = new NameCallback("User:");
              PasswordCallback pc = new PasswordCallback("Password:", false);
              Callback[] callbacks = new Callback[] { nc, pc };
              try
                   callbackHandler.handle(callbacks);
              catch (IOException e)
                   throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
              catch (UnsupportedCallbackException e)
                   return false;
              String userid = nc.getName();
              char[] password = pc.getPassword();
              pc.clearPassword();
              if (userid.length() == 0)
                   throwNewLoginException("USERID IS MISSING!", LoginExceptionDetails.IO_EXCEPTION);
              else
                   username = userid;
              if (password.length == 0)
                   throwNewLoginException("PASSWORD IS MISSING!", LoginExceptionDetails.NO_PASSWORD);
              else
                   passwordString = new String(password);
              String eccLoginResult = validateECCAuthentication(username, passwordString);
              if (!eccLoginResult.equals(""))
                   myLoc.infoT(this.username + " - failed ECC authentication.");
                   throwNewLoginException("Wrong UserId/Password", LoginExceptionDetails.WRONG_USERNAME_PASSWORD_COMBINATION);
              else
                   myLoc.infoT(this.username + " - failed ECC authentication.");
                   this.succeeded = true;
              if (this.succeeded)
                   try
                        refreshUserInfo(this.username);
                   catch (SecurityException e)
                        throwUserLoginException(e);
                   if (sharedState.get(AbstractLoginModule.NAME) == null)
                        sharedState.put(AbstractLoginModule.NAME, this.username);
                        this.nameSet = true;
              else
                   throwNewLoginException("Wrong UserId/Password", LoginExceptionDetails.WRONG_USERNAME_PASSWORD_COMBINATION);
              return this.succeeded;

  • Custom pluggable idm with custom login module

    Hello All. I've developed a custom implementation of the pluggable identity management framework as explained in chapter 13 of the book "Oracle® Containers for J2EE Security Guide10g (10.1.3.1.0)". I have OAS 10.1.3.1.0.
    Everything works fine except when the identity is validated with in the tokenAsserter. The process is supposed to continue with the login method implemented in my custom login module but instead the default oracle implementation (RealmLoginModule) is being executed.
    The application is a servlet and is configured to use a custom loginModule. If I don't use de custom auth method (auth-method="CUSTOM_AUTH" in orion-application) my loginModule is called but when I plug it to my custom idm implementation it doesn't.
    The custom idm is packed in to a jar containing the idm and the login module. The jar is deployed to the <ORACLE_HOME>/ext/lib directory.
    Any suggestions? Thanks

    Thanks for your answer, it really helps. I had already cheeked all that stuff and it was correct, but knowing that another person had made it worked the same way I was doing it, made me think I was doing it right and the problem may simpler. It really was. OC4J was really calling my login module all the time but it was getting a runtime exception, a very simple one, that was making OC4J to propagate the authentication to the default login module (RealmLoginModule), and that was the error I was watching in the logs that had me all confused.
    I will start another thread though about stolen cookie in a SSO solution that I’m developing with this implementation.
    Thank you.

  • Custom login module with 10.1.3

    Hello all,
    I've been trying out Frank N's custom login module (http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm) with JDev 10.1.3/OC4J 10.1.3 and am not having much luck.
    Whenever I add <property name="role.mapping.dynamic" value="true"/> to orion-application.xml, the application fails to deploy with java.lang.InstantiationException. I even get this error when I try to set up a custom login module using the enterprise manager for OC4J 10.1.3. Is this a bug, or does the doc need to be updated? Without this item configured, I do get the basic login prompt, but no logging or anything - which indicates to me that the custom login module is not even being called. Nothing on metalink either.
    Thanks,
    John

    hmm i dont know... custom login module (db authentication) definitely works with standalone 10.1.3.0.0 and jdevloper standalone, but it doesnt work with jdev embeded oc4j (jdevstudio1013\jdev\system\oracle.j2ee.10.1.3.36.73\embedded-oc4j)
    i have the code, and it works.. however the application is entirerly made in jdev 10.1.3.04 production, it is not migrated from previous jdev.. make sure to deploy from war file (i have prob to deploy from ear)
    the only big problem i got is to setup ssl in separate oc4j standalone (ssl works with jdev standalone) and make client athentication to work
    because it wont run as it should.. (i did not have this prob in 10.1.2.1)

  • Issues with OSSO ,custom login module and form based authentication

    Hi:
    We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
    authentication and Custom login module.
    Application is going in infinite loop when we we try to login using osso ,from the logs
    what I got is looks like tha when we we try to login from OSSO application goes to the login
    page and it gets the remote user from request so it forwards it to the home page till now
    it is correct behaviour ,but after that It looks like home page find that authentication is
    not done and sends it back to the login page and login page again sends it to the home as it
    finds that remote user is not null.
    Our web.xml form authentication entry looks like this :
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/jsp/login.jsp</form-login-page>
    <form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
    </form-login-config>
    </login-config>
    While entry in orion-application.xml has the following entry for custom login :
    <jazn provider="XML">
         <property name="custom.loginmodule.provider" value="true" />
    <property name="role.mapping.dynamic" value="true" />
    </jazn>
    Whether If I change the authentication type to BASIC and add the following line
    in orion-application.xml will solve the issue :
    <jazn provider="XML">
         <property name="custom.loginmodule.provider" value="true" />
    <property name="role.mapping.dynamic" value="true" />
    <jazn-web-app auth-method="SSO" >
    </jazn>
    Any help regarding it will be appreciated .
    Thanks
    Anil

    Hi:
    We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
    authentication and Custom login module.
    Application is going in infinite loop when we we try to login using osso ,from the logs
    what I got is looks like tha when we we try to login from OSSO application goes to the login
    page and it gets the remote user from request so it forwards it to the home page till now
    it is correct behaviour ,but after that It looks like home page find that authentication is
    not done and sends it back to the login page and login page again sends it to the home as it
    finds that remote user is not null.
    Our web.xml form authentication entry looks like this :
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/jsp/login.jsp</form-login-page>
    <form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
    </form-login-config>
    </login-config>
    While entry in orion-application.xml has the following entry for custom login :
    <jazn provider="XML">
         <property name="custom.loginmodule.provider" value="true" />
    <property name="role.mapping.dynamic" value="true" />
    </jazn>
    Whether If I change the authentication type to BASIC and add the following line
    in orion-application.xml will solve the issue :
    <jazn provider="XML">
         <property name="custom.loginmodule.provider" value="true" />
    <property name="role.mapping.dynamic" value="true" />
    <jazn-web-app auth-method="SSO" >
    </jazn>
    Any help regarding it will be appreciated .
    Thanks
    Anil

  • Custom Login Module Called by WebLogic

    I have managed to write and deploy a custom login module that works just fine with
    other app servers (except WebLogic). I am using WebLogic 6.1 with sp2. When WebLogic
    starts up, it seems to be calling my custom login module with a user of "system".
    I then get the following exception:
    Authentication Failed: Unexpected Exception, weblogic.security.acl.DefaultUserInfoImpl
    java.lang.ClassCastException: weblogic.security.acl.DefaultUserInfoImpl
    <<no stack trace available>>
    I have updated the Server.policy file to only point to my custom login module, WebLogic's
    system path points to the JAR with my login module and I can see the module get called.
    Any advice as to what WebLogic is doing here. This behavior does not seem to be
    compliant with the JAAS spec. Here is a snippet of my login method:
    public boolean login() throws LoginException {
    if (callbackHandler == null)
    throw new LoginException("Error: blah blah");
    Callback[] callbacks = new Callback[2];
    callbacks[0] = new NameCallback(USER);
    callbacks[1] = new PasswordCallback(PWD, false);
    try {
    callbackHandler.handle(callbacks);
    username = ((NameCallback)callbacks[USERCALLBACK]).getName();
    char[] tmpPassword = ((PasswordCallback)callbacks[PWDCALLBACK]).getPassword();
    if (tmpPassword == null) {
    tmpPassword = new char[0];
    password = new String(tmpPassword);
    Environment env = new Environment();
    env.setProviderUrl(url);
    env.setSecurityPrincipal(username);
    env.setSecurityCredentials(password);
    Authenticate.authenticate(env, subject);
    return verifyCredentials();
    } catch (java.io.IOException ioe) {
    throw new LoginException(ioe.toString());
    } catch (UnsupportedCallbackException uce) {
    throw new LoginException("Error: " + uce.getCallback().toString()
    + " not available");

    Weblogic 6.x does not support replaceable server side login modules and only
    supports login modules on the client.
    <[email protected]> wrote in message
    news:3cf36c98$[email protected]..
    >
    I have managed to write and deploy a custom login module that works justfine with
    other app servers (except WebLogic). I am using WebLogic 6.1 with sp2.When WebLogic
    starts up, it seems to be calling my custom login module with a user of"system".
    I then get the following exception:
    Authentication Failed: Unexpected Exception,weblogic.security.acl.DefaultUserInfoImpl
    java.lang.ClassCastException: weblogic.security.acl.DefaultUserInfoImpl
    <<no stack trace available>>
    I have updated the Server.policy file to only point to my custom loginmodule, WebLogic's
    system path points to the JAR with my login module and I can see themodule get called.
    Any advice as to what WebLogic is doing here. This behavior does notseem to be
    compliant with the JAAS spec. Here is a snippet of my login method:
    public boolean login() throws LoginException {
    if (callbackHandler == null)
    throw new LoginException("Error: blah blah");
    Callback[] callbacks = new Callback[2];
    callbacks[0] = new NameCallback(USER);
    callbacks[1] = new PasswordCallback(PWD, false);
    try {
    callbackHandler.handle(callbacks);
    username = ((NameCallback)callbacks[USERCALLBACK]).getName();
    char[] tmpPassword =((PasswordCallback)callbacks[PWDCALLBACK]).getPassword();
    >
    if (tmpPassword == null) {
    tmpPassword = new char[0];
    password = new String(tmpPassword);
    Environment env = new Environment();
    env.setProviderUrl(url);
    env.setSecurityPrincipal(username);
    env.setSecurityCredentials(password);
    Authenticate.authenticate(env, subject);
    return verifyCredentials();
    } catch (java.io.IOException ioe) {
    throw new LoginException(ioe.toString());
    } catch (UnsupportedCallbackException uce) {
    throw new LoginException("Error: " +uce.getCallback().toString()
    + " not available");

  • Error using 10.1.3 Security Provider:3rd party LDAP or Custom Login Module

    Hello all,
    After deploying my JSF/ADF application using Jdeveloper 10.1.3 to Oracle Application Server 10.1.3, I used the Application Server control to change the 'Security Provider' configuration:
    1. Using 3rd Party LDAP Provider (Novell eDirectory)
    I get the following error when restarting the application with the new config.
    06/06/21 16:42:32 Error while configuring security provider MBean for application AccessList
    06/06/21 16:42:32 java.lang.ClassNotFoundException: oracle/security/jazn/jmx/CustomLDAPSecurityProvider
    2. Using Custom Login Module (again programmatically talks to eDirectory and it works in UIX/10.1.2 application)
    I get the following error when restarting the application with the new config.
    06/06/21 14:31:19 Error while configuring security provider MBean for application AccessList
    06/06/21 14:31:19 java.lang.ClassNotFoundException: oracle/security/jazn/jmx/LoginModuleSecurityProviderAlso, I get this error with both the settings..
    06/06/21 14:31:19 WARNING: Application.setConfig Application: AccessList is in failed state as initialization failedjava.lang.
    InstantiationException
    Jun 21, 2006 2:31:19 PM com.evermind.server.Application setConfig
    WARNING: Application: AccessList is in failed state as initialization failedjava.lang.InstantiationException
    06/06/21 14:31:19 java.lang.InstantiationException
    06/06/21 14:31:19       at com.evermind.server.ApplicationStateRunning.initDataSources(ApplicationStateRunning.java:1424)
    06/06/21 14:31:19       at com.evermind.server.ApplicationStateRunning.initializeApplication(ApplicationStateRunning.java:195)
    java.lang.ClassNotFoundException error leads me to believe, I am just missing to include some libraries..
    I have included "bc4j.security" in my web project and I am not sure if that is what is needed!
    Will appreciate your help..
    Thanks,
    Karthik

    The problem i had with my Custom login module was that JDeveloper includes the datasources listed in the connection tab.
    When JDeveloper does that it writes the username and password in the jazn-data.xml. But with the Custom Login module the reference in de data-source declaration cannot find the password. that's why i got the InstantiationException at the initDataSources point.
    In tools>preferences>deployment you can uncheck the option:
    Bundle Default data-sources.xml During Deployment.
    The problem with this is when i specify a datasource in the data-sources.xml i included myself, jdeveloper will also put de datasources under the Connections tab in the data-sources.xml.
    Does anyone knows how to stop jdeveloper putting the datasources automatic in the file, or how to prevent jdeveloper storing the password in jazn-data.xml?

  • JAAS Custom Login Modules does not run on JDev/OC4J 10.1.3, pls help...

    Hi all,
    I trying to use Custom Login Modules as described on :
    http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
    I open the DBLMTest.jws in JDeveloper 10.1.3.1, after completing the required steps, I try deploy it into OC4J Stand alone 10.1.3.
    I get ERROR :
    application : foo is in failed state
    Operation failed with error:
    java.lang.InstantiationException
    The cause of the error is the two lines below that I add into orion-application.xml :
    <property name="role.mapping.dynamic" value="true"/>
    <property name="jaas.username.simple" value ="true" />
    If I remove the two lines, it deploys succesfully.
    Please helpp... I have to implement security in our apps very soon....
    Thank you very much,
    xtanto
    The complete trace of deployment error :
    ---- Deployment started. ---- Apr 4, 2007 5:25:19 PM
    Target platform is Standalone OC4J 10g 10.1.3 (oc4j_oracle).
    Wrote WAR file to D:\_JDEV1013.APPs\jaasdatabaseloginmodule\JDeveloper1012Workspaces\DBLMTest\Project\deploy\DBLMTest.war
    Wrote EAR file to D:\_JDEV1013.APPs\jaasdatabaseloginmodule\JDeveloper1012Workspaces\DBLMTest\Project\deploy\DBLMTest.ear
    Uploading file foo.ear ...
    Uploading file foo.ear ...
    Application Deployer for foo STARTS.
    Copy the archive to C:\OC4J\j2ee\home\applications\foo.ear
    Initialize C:\OC4J\j2ee\home\applications\foo.ear begins...
    Unpacking foo.ear
    Done unpacking foo.ear
    Unpacking DBLMTest.war
    Done unpacking DBLMTest.war
    Initialize C:\OC4J\j2ee\home\applications\foo.ear ends...
    Starting application : foo
    Initializing ClassLoader(s)
    Initializing EJB container
    Loading connector(s)
    application : foo is in failed state
    Operation failed with error:
    java.lang.InstantiationException
    Deployment failed
    Elapsed time for deployment: 4 seconds

    Hello there again xtanto,
    I blogged about this last year - perhaps you could run over to http://stegemanoracle.blogspot.com and have a look. I'd send you the exact link, but I cannot access blogspot from work.
    John

  • Custom Login Module Does Not  Work

    Hello,
    Can someone give me some suggestions on what I should look at to fix the following error.  I created jaas custom login module.  Within the module I authenticate against an active directory.  I've put many trace statements throughout the login module code.  So I can actually follow everystep of the way through the login process.  The user authenticates correctly and in the commit() method of the login module, the security principal is created and added to the principals and true is returned from the method.  Everything looks like it worked correctly... but the user doesn't actually get into the portal.  The login screen is redisplayed.  This login module is the only login module in the stack being used to authenticate.  According to the tracing, everything should of worked.  Does anyone have any suggestions on what I should look at?
    thanks,
    Keith
    NW04 SP14

    Marcel,
    The reason we are using a custom login is we want to handle different situations when logging in, for example, if a password is expired we re-direct to a change password page that allows the user to update their password.
    In our EP6 sp2 environment, this is working.  I then recoded the login module so it would work in NW04, be we are having no luck.
    Here is the weird thing, it works on some userid's but not on others.  For example, with a userid like "kjanks" it works fine.  But with a userid like "t.portal08" it fails, then your back at the login screen with the userid field displaying the userid, but the password field is empty. You can then click the login button again without doing anything else and then it works and you get in the portal.  So it seems like the "." in the one userid is causing trouble.
    Any Ideas?
    thanks,
    Keith

  • Potential JavaSSO and Custom Login Module Bugs In Clustered Environment

    We've been working with the custom login modules and JavaSSO and have found issues with deployment on 10.1.3.2 in a clustered environment. Deployment on a single server looks like it is working properly.
    I'm wondering whether any one here has been using CLM with JavaSSO and have deployed in a clustered application server environment? I've posted in the past regarding this in the OC4J side, but never got a response, so I thought I'd try the experts here...
    Here are some TARS that we've logged. Any help from the community would be appreciated.
    6320304.994 JAVASSO JSSOUTIL.LOGOUT FUNCTION REDIRECT NOT WORKING ON CLUSTER
    6365407.993 SETTING <distributable/> TAG IN WEB.XML CRASHES APPLICATION
    6338664.992 JAVASSO LOGIN PAGE DOES NOT LOGIN USER BUT RELOADS LOGIN PAGE
    Thanks!
    Kenton

    Hi Kenton,
    Specifically, what were the issues that you ran into when clustering JavaSSO? Was it a problem only when combined with the Custom LM?
    As long as the same CLM is configured for your app (I assume this is also clustered) and JavaSSO, that should be sufficient. Obviously, CLM need to be configured against the same user repository.
    If the apps were on different hosts, did you remember to set the property "custom.sso.cookie.domain" to set the right domain name in the cookie? Otherwise, you will keep getting redirected to the login page.
    http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/javasso.htm#BABJCGCB
    -skt

  • Security constraints not being applied after using custom login module

    I am using form based authentication and I applied the custom login module - DBProcLoginModule to work with the embedded OC4J (JDeveloper 10.1.3.2). I have specified two security contraints in web.xml. The authentication is working correctly, however the security contraints are not being applied. All users are able to access all url resources. The security constraints were working properly before applying the custom login module. Pls help.
    Leena

    Hi,
    if "All users are able to access all url resources" then this indicates that the RL isn't properly protected. If the authorization would fail then noone would have access and you would see error code 401
    Make sure the role names in web.xml are the same as added by the LoginModule. Also make sure you set the dynamic.role property and the custom security provider property in the orion-application.xml
    <jazn provider="XML">
         <property name="custom.loginmodule.provider" value="true"/>
         <property name="role.mapping.dynamic" value="true"/>
    </jazn>
    Note that the above is not required (because done automatically) if the custom LoginModule configuration is deployed through the orion-application.xml file
    Frank

Maybe you are looking for