Surrogate-Control http header

Access to files from the http viewer seems to include some Surrogate-Control directives in the http response header. These directives either give a max-age of 0 or specify no-store.
Is this configurable for iFS and if so how can I avoid this. To be able to cache read-only documents would speed up access tremendously.

You may be running into an SSO bug where SSO is inserting these "no-cache" headers. (iFS does not insert any extra headers on its own.) Try posting on the SSO message board or following up with Oracle support to get the latest patches for SSO.

Similar Messages

Can't propagate Cache-Control headers with Surrogate-Control header

My application may set the following response header to cause webcache to process the esi:include's:
Surrogate-Control: content=ORAESI/9.0.4, max-age=3600
It and also may set the following intended for the browser cache:
Cache-Control: private
or say:
Cache-Control: max-age=3600
However Webcache removes this and always adds the following whenever surrogate-control has been set:
Cache-Control: max-age=0
This means I can't have browser caching and esi page compilation, just one or the other.
This seems to be designed behaviour can someone explain why this is and if it can be worked around?
I realise that the Cache-Control header should be ignored by webcache but why cant I propagate it to higher caches?

Patrik,
You'll need to convert the meta http-equiv tags into actual HTTP headers before sending for Web Cache to be able to parse it.

Prolem with Cache-Control:max-age http header

Hello
It seems that safari do not take into account Cache-Control:max-age=31536000 http header.
Sending this header to the browser I would expect that safari will not ask the server for these resources before current date + one year.
It's the way IE and FireFox are working but safari is asking the server for these resources every time my html page is loaded (see http requests below).
Server returns a 304 status to indicate that the resource is not modified.
Does somebody have an idea about this strange behaviour?
I'm surprise that Safari do not respect RFC specifications.
Is there a settings to enable Cache-Control ?
Perhaps I forgot safari's specific headers..
Thanks
+GET 786+
GET /xtend/htmrsrc/LIB/XtendAjaxScripts.js HTTP/1.1
+RESP 786+
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Wed, 15 Oct 2008 13:25:24 GMT
*Cache-Control: PUBLIC, max-age=31536000, must-revalidate*
*Expires: Thu, 05 Nov 2009 13:09:10 GMT*
Content-Type: application/x-javascript;utf-8
Content-Length: 2856
Date: Wed, 05 Nov 2008 13:09:10 GMT
+GET 799+
GET /xtend/htmrsrc/LIB/XtendAjax.js HTTP/1.1
If-Modified-Since: Fri, 24 Oct 2008 07:59:24 GMT
+RESP 799+
HTTP/1.1 304 Not modifed
Server: Apache-Coyote/1.1
Date: Wed, 05 Nov 2008 13:11:19 GMT

This is a User to User forum, not a developer forum. You need to avail yourself of developer resources for this problem instead of posting them here.
Mulder

How do I set the Http Header POST URL in SAAJ?

Hi ,
I am a newbie in the field of web services. I was trying to create a SOAP request with Http Header POST information having a POST url like
the following:
POST /OMASTI.xml HTTP/1.1
Content-Type: multipart/related; boundary="eladeladeladeladeladeladeladeladelad"; type=text/xml; start=11814460
Content-Length: 54596
Host: unspecified
SOAPAction: ""
to that effect I did the following in the SAAJ client:
MimeHeaders md = message.getMimeHeaders();
md.setHeader("SOAPAction" ,"\"\"");
md.setHeader("POST" ,"/OMASTI.xml");
However what I got was :
POST / HTTP/1.1
Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
SOAPAction: ""
POST: /OMASTI.xml
Content-Type: multipart/related; type="text/xml"; boundary="----=_Part_2_32124414.1153146262750"
Content-Length: 3352
Cache-Control: no-cache
Pragma: no-cache
User-Agent: Java/1.5.0_07
Host: www.google.com
Connection: keep-alive
I have two POSTs in the header. How do I fix it? Please Help ASAP.
Regards,
Zeus

Hi,
Please forgive my ignorance. I did the same as you said. and then checked the Http request being sent out using ethreal software... it was the same as I had told earlier. Is only POST supported by the connection object? And the does the URL that comes in the Mime header as POST refer to the URL to which the request was sent? what I mean is that if the mime header says
POST /OMASTI.xml HTTP 1.1, does it mean that the URL that was passed to the connection object was "/OMASTI.xml" ? I had given the url as http://www.google.com to test the request being sent.. I only have a sample SOAP request which shows a HTTP header with the post url as I said before. I need to create a SOAP request with the same sort of Http header and the body needs to follow a certain OMA-STI protocol. My experience in the SOAP domain is almost nil. So please enlighten me.
Thanks in advance,
zeus

SSRS web services 401 if you pass "Authorization" http header

We use both SSRS 2008 R2 and 2012. When i access a report using url access (direct ssrs server hit) and add a "Authorization: Bearer xyzelkalklsjsdfalsjdf" http header, i get a 401 from somewhere in the request pipeline. I have a custom httpmodule
registered at the top of the chain which does some OAuth related security checks. But when this header is included, the request never reaches the httpmodule. If i change the header slightly ex: "YAuthorization: ljlxzcvc..", then the request reaches
the httpmodule and everything works. So obviously SSRS is looking for a particular header named "Authorization" and does something with it. Point to note: we have implemented a custom forms authentication module and we are doing some rich authorization
using the extensible ssrs api.
Now my questions are:
1. What is happening here? Who is acting on my request before my HttpModule registered on top in ssrs\reporting service\web.config gets it?
2. How do i ensure my httpmodule executes before whatever component is terminating my request with a 401

Sorry if this sounds like I am new to this but I am.
So, the extended version is the format that would be used if you were not utilizing the files that the wsdl2java function creates?
And this is done to when you want more flexibiility for the user to call your service?
So, you would push to have the stub files used when you want to control how the web service is used?
thanks for the feedback.

Adding custom information in HTTP Header in an outgoing request from GWWS

Is there a way to send custom header information with the a webservice request (HTTP post) that happens via GWWS server?
All the methods I read about deal with managing the soap envelop that gets sent.
We are looking for ways which will allow us to put custom information in the headers.
I am aware there is something we can do using the Salt Plugins.
For example, we can write a Out bound plugin which has a capability of putting the "Authentication:Basic..." in the header.
Then there is message conversion plugin which deals with transformation of message, which gives us control over the soap body.
Is it possible to put information in the header for outgoing request (from GWWS) to a specific web service?
Thanks and Sincere Regards,
Mrugendra

Maurice,
Thanks for confirming this.
It clarifies the doubts that I was having while reading through the documentation Xu pointed to.
Yes, we need to add HTTP Headers (not SOAP header).
For now we just need to add Basic Authentication HTTP Header for outbound service calls.
We have developed a plugin to do that for now.
And even if the salt plugin takes care of adding the Basic Authentication in the HTTP Header for outgoing calls, I guess we do not have any option to include some custom information in the HTTP Header which might be required in the future.
At-least, not unless we request that enhancement.
Bringing the plugin into our mix requires a lot of changes to our architecture including inclusion of AUTHSVR in the UBB,
Which, in turn, makes it imperative to change the endpoint clients of our application.
In addition to that, the incoming web service calls also need to include TUXEDO authentication information, which would again require either communicating the authentication information to the consumers of our service or device some kind of a proxy which would add the authentication information for all the incoming requests!
With these facts in mind, we were wondering if we have an easier way to include the HTTP header information.
As you say, Maurice, it seems it is not possible yet.
Thank you again for your replies.
Sincere Regards,
Mrugendra

Authorization tag in http header

While making an end point call using the webservice control the authorization tag is getting added to the http header. This is causing 401 errors when going over SSL . We are adding the credentials as part of the SOAP header.
Why / How is the Authorization Basic tag getting created? Also how can we eliminate it?
****************** tcpmon output shown below
POST /DMIntegration/ContentService HTTP/1.1
User-Agent: BEA WebLogic Server 10.3.0.0
Content-Type: text/xml; charset=utf-8
SOAPAction: ""
Authorization: Basic U334567dGFsVXNlcjpQb3J0YW1234==
Host: 10.157.44.155:7080
Accept: text/html, image/gif, image/jpeg, */*; q=.2
Connection: Keep-Alive
Content-Length: 1834
Thanks,
- Shankar

Hi,
The Authorization group can be created as follows
Transaction SE54 >Select 'Authorization Groups'>Create/Change-->New Entries.
Now the authorization group created can be assigned to your table.
Goto transaction 'SE56' and select authorization group radio button and create your authorization group.
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
USE
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented.check Su22 and SU24u will get list of objects
Hope clear to you.
Regards,
R.Brahmankar

OSB http Header Problem

Hello all,
(I hope I'm right here with my Oracle Service Bus problem)
I have a Oracle Service Bus Proxy Service, that calls a Business Service (not in my control).
That business service is somehow crap, cause it doesn't respond correctly (in sense of http protocol):
POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
User-Agent: Java1.6.0_05
Host: somehost.net:8080
Accept: text/html, image/gif, image/jpeg, */*; q=.2
Connection: Keep-Alive
0093
<?xml version="1.0" encoding="UTF-8"?>
<somePayload/>
0000
*<TheResponse/>*
<TheResponse/> is all i get from that service. No http header..
My Proxy service doesn't like responses with no HTTP/1.1 200 OK
and returns an error (although its a correct answer.. from the service)
Is there a posibility to avoid this error and get the plain response instead?
Thanx in advance
Pat

You're right, that service doesn't respond correctly as defined by HTTP. I don't think there is an out of the box feature in OSB you could use to overcome this.
However, you can possibly write your own transport implementation as described here:
http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/transportsdk/architecture.html
There's also sample implementation that could be useful:
http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/transportsdk/example.html

Mapviewer SVG and Content-Type http header

Hello,
We have a Mapviewer installation that seems to be serving up the wrong Content-Type header for the SVG charts. The map is being created correctly and we can get GIF's and such.
The wrong Content-Type causes the Adobe SVG viewer to never render the SVG map successfully. When I save the SVG file to the desktop it opens perfectly or if I statically link it in to the web page from the sever it also opens perfectly. Is there some configuration that is missing somewhere on the mapviewer or the application server to correctly set the Content-Type ?
Notice the content type of the failing map compared to a working SVG chart we have.
HTTP/1.x 200 OK
Content-Length: 41979
Cache-Control: private
Content-Type: application/octet-streamConnection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-10g/10.1.2.0.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.0.0 (N;ecid=92576875655,0)
Last-Modified: Wed, 16 Aug 2006 20:31:58 GMT
Date: Wed, 16 Aug 2006 20:32:01 GMT
Accept-Ranges: bytes
instead of a working SVG graphic
HTTP/1.x 200 OK
Date: Wed, 16 Aug 2006 20:35:32 GMT
Server: Oracle9iAS/9.0.2 Oracle HTTP Server Oracle9iAS-Web-Cache/9.0.3
Content-Length: 3831
Content-Type: image/svg+xml; charset=utf-8Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
This seems to be the last sticking point in successfully rolling out this mapviewer implementation. Any help would be greatly appreciated.
Thanks, in advance.
Thanks,
Carl

Hello,
Thanks for the reply I've tried both SVG_URL and SVGZ_URL and used a http header sniffer to watch what's getting served up and the urls associated with MapViewer SVG are definitely getting served up with that wrong Content-Type.
Our front end is an Oracle APEX environment were we use APEX's SVG charting on the same page and they are getting served up with the correct Content-Type and display correctly, which is nice cause I can watch the header difference's side by side, and we know the mapping itself is working right because we can get image files back
Is there a sever config file or something like the httpd.conf for apache that needs to be set?
Thanks for any help or insight
Carl

Oracle control file header information

Hi,
I want information about control file header.
My requirement is,
1. Start database in backup mode so that header of the datafiles got freezed.
2. So i want to know header_information/freezed SCN no in the header of the control file. From which oracle view i can get this information?
Thanks

The informationi in controlfiles is the centralized information of whole database like db_name,dbid,logfiles & datafiles paths,SCNs,etc..So if you want the controlfile structure or its internals the following link may help you out :
http://www.ixora.com.au/notes/controlfile_structure.htm
GoodLuck!

Read Http header in Flex

Hi, I have a Flex web application accessed through a portal by users
of different organisations.
When user logs on to portal, user can access the Flex application without further authentication. However I need to know user credentials
in order to control the functionality within the Flex app.
If I can read the Http Header when Flex app is initialised, I will get all the required info.
In jsp, I can use request.getHeader("")
What is the best way to read Http Headers from a Flex App?

<mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute" creationComplete="load()">
<mx:Script>
        <![CDATA[
        public var xmlLoader:URLLoader=new URLLoader();
function load():void{
            var xmlString:URLRequest = new URLRequest("items.xml");
          xmlLoader.load(xmlString);
        xmlLoader.addEventListener(Event.COMPLETE,init);
   function init(event:Event):void{
       var xDoc:XMLDocument = new XMLDocument();
    xDoc.ignoreWhite = true;
   var myXML:XML=XML(xmlLoader.data);
   var fr:String=myXML.items.item[0].Value.toString();
]]>
    </mx:Script>
</mx:Application>
Suppose this is ur items.xml file
<items>
<item>
    <name>jk</name>
    <Value>high</Value>
</item>
<item>
    <name>coat</name>
<Value>medium</Value>
</item>
   <item>
<name>milk</name>
<Value>low</Value>
   </item>
</items>
May be u need some imports
Then the output will be :high(becoz items is a xml list containing many xml nodes...item[0] is first xml node and Value is the element..toString methods converts it into a string)

SSO to other apps via HTTP header variable

We are on NW EP6.0 SP16. We need to add the "user id" as http header variable so that other apps which are non SAP can access our header variable and log on with that user id. Is this available by default? Or we want to achieve this how best we can achieve this.
We can use the code to get the user id and add it to header variable. If we use this route which is the jsp page we need to add the code?
Thanks

Hi,
we can you login modules provided by SAP to accomplish this.. you can use header variable authentication login module to acheive your requirement.
please refer: http://help.sap.com/saphelp_nw04/helpdata/en/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
Hope that helps.
Regards,
S.Divakar

Single-Sign-On (SSO) configuration on JAVA Stack through HTTP Header method

Hello SDN community,
in the context of a Proof of Concept, we are testing the integration of Microsoft Sharepoint Portal with SAP Backend (addin) systems.
As the architecture impose use an external scenario (access from the internet), we couldn't use the Kerberos (SPNego) solution and thus we chosed the http header solution which in short uses an intermediary web server (in this case the IIS of the MOSS solution) which will act as authority.
I miss information on how the workflow works for this http header authentication method. Through the visual administrator of the addin JAVA stack, it is possible to configure each application with a customized authentication (a choice of security modules). But this all that I know.
My task is to configure SSO. From a sharepoint portal, the user should be able to access Web Dynpros and BSPs. I imagine that the very first call to a webdynpro or bsp (or maybe when we log on the sharepoint portal), the request to the WDP or BSP will first be forwareded by the intermediary server to the JAVA stack (or is it the SAP dispatcher that has to be configured).
Is there an application to be built on the java stack to deal with the authentication, modify http header?
What will the Java stack return? a sap long ticket? a token?
How will the redirect work (to by example a BSP which is in the ABAP stack)?
SAP preconise to secure with SSL the link between the intermediary web server and the JAVA stack, is IP restriction also a solution?
A lot of questions about how this SSO http header should work,
I would be very greatful for any help, or info,
Kind regards,
Tanguy Mezzano

Hi Tanguy,
to tell you the truth I'm really unsure about what you are trying to achieve. When I started posting to your thread I thought all you wanted was trying to access your J2EE engine via Browser and authenticate against the engine using HTTP Header Variables. Nevermind:
Here are some answers to your question:
in fact I did succeed, the problem was that even after domain-relaxation done by the J2EE, I had to change the domain of th SAP cookie to the bbbb.domain.com to be understood (I would have thought that all hosts in/under domain .domain would have accepted such a cookie but it seems that no...).
The server does not care about the domain because Cookies in an HTTP Request do not contain any domain information. The domain is just important when the Cookie is set by the server so your Client (Browser) will know in which cases the Cookie may be sent or not. So if your domain is xxx.yyy.domain.com and your cookie is issued to .domain.com then your Browser will definitely sent it to all hosts under .domain.com (This includes xxx.yyy.domain.com etc.)
My current scenario is: in a first request get a SAP Logon Ticket from the Java Stack, then change its domain and then directly call the backend with it.
You can do that but there is no Client involved in this scenario. So this is useful if you just want to test the functionality (e.g. authentication to J2EE using Header Variables (This works finally!!!) and then use the fetched Logon Ticket to test SSO against any trusted Backend!!)
So everything's is in a Java Client application without using any redirection.
If I understand you, you're solution is from the Browser call a servlet (which is deployed on the Java Stack and has no authentication schema) by passing to it our http header.
No, you should initially authenticate somewhere! I thought that maybe you had some resource you access before accessing the Java Stack. This could be any application (e.g. deployed on a Tomcat or JBOSS or other server or if you like even SAP J2EE). After authenticating there you are aware of the username and could use it to procceed (e.g. Authenticate against the J2EE using the same user and HTTP Header authentication for that particular user!)
That servlet will transfer the http header (with the HttpClient app) in order to get from the Java Stack a SAP Logon ticket, and then to redirect to the resource and by sending back the cookie in client browser. Am I correct?
This was just a suggestion because I realized that there was no Client ever involved in any of your testing (looked strange to me!). I was just thinking that it would be easier for you to just get the Cookie into your Browser so your Browser would do the rest for you (in your case finally send the Logon Ticket Cookie to your Backend to test SSO using Logon Tickets!).
The AuthenticatorServlet somehow serves as a Proxy to your client because your client is not able to set the Header Variable. That's why I initially suggested to use a Proxy (e.g. Apache) for that purpose. The problem is just that if you use a Proxy you will have to tell it somehow which username it should set in the Header Variable (e.g. using a URL Parameter or using a personalized client certificate and fetch the username (e.g. cn=<username> from the certificate!)
This way of doing would simplify the calls for sso for each new application needing authentication, instead of having all code each time in it...
I'm stuck again! Do you want to authenticate an End User or do you want to authenticate an application that needs to call any resources in your Backend that requires authentication?
So my problem now, is how to call the servlet from the client browser:
I'm trying to call my servlet from the browser but I don't succeed. I am able to understand how to reach a jsp from the Java Stack, but not to reach a servlet. I don't find the path to my servlet:
<FORM method="POST" action="SSORedirect2" >
A JSP is a servlet too. There is just no JAVA Class involved!
You do not need any POST Request to invoke a Servlet.
I see that my servlet is deployed, but I don't how what path to give to my form to invoke the servlet, here follows my web.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE web-app (View Source for full doctype...)>
- <web-app>
<display-name>WEB APP</display-name>
<description>WEB APP description</description>
- <servlet>
<servlet-name>SSOredirect2</servlet-name>
<servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
</servlet>
- <servlet>
<servlet-name>SSORedirect2.jsp</servlet-name>
<jsp-file>/SSORedirect2.jsp</jsp-file>
</servlet>
- <security-constraint>
<display-name>SecurityConstraint</display-name>
- <web-resource-collection>
<web-resource-name>WebResource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
- <auth-constraint>
<role-name>DefaultSecurityRole</role-name>
</auth-constraint>
</security-constraint>
- <security-role>
<role-name>DefaultSecurityRole</role-name>
</security-role>
</web-app>
If you have an AuthenticatorServlet Class all you need is to add the Servlet Mapping in your web.xml file
e.g.
<servlet>
<description>
</description>
<display-name>AuthenticatorServlet</display-name>
<servlet-name>AuthenticatorServlet</servlet-name>
<servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthenticatorServlet</servlet-name>
<url-pattern>/AuthenticatorServlet</url-pattern>
</servlet-mapping>
You can directly call the Servlet in your Browser by calling the URL provided in the url-pattern of your Servlet mapping ( in this case /AuthenticatorServlet). The engine will invoke the Class "com.atosorigin.examples.AuthenticatorServlet" in the background and do whatever you defined there!
I have also to pass my http header and the redirectUrl in the GET request.
If you like! I just suggested this for testing purposes. As I stated before you need a way to tell your proxy (or in your case AuthenticatorServlet) which user should be set when calling the Engine in order to authenticate using HTTP Header. You could use the URL Paramater to define the user you actually want to use when you set the Header Variable.
I just introduced the redirectURL because you were talking about redirects all the time. So if you finally want to call the Backend you could define the Backend URL in the redirectURL Parameter and the Servlet will make sure that you are redirected to this location after the whole process!
Thx for your input very helpful,
But again 0 points
Cheers

What happens to the HTTP header parameters I put there?

Our tool puts some parameters into the HTTP header. But, it appears that the Dispatcher is not passing them to the WAS. Could this be?
Is there a way to tell the Dispatcher to not drop our HTTP header stuff? Perhaps a configuration setting? I didn't find any.
When I set a break in my servlet running on NW WAS, I see:
referer:
Cookie:
etc.
but I don't see the parameters we put there.
This is the NW SneakPreview download.

Hi Farokh,
I think there should be much problem passing parameters through the Url. I am sorry however that I have not worked much on the Servlet but on WebDynpro, which I can share with you if its of any use to you.
Regards
Noufal

Error in setting up HTTP Header Variable Authentication

Hi,
I am trying to set-up SSO for SAP Biller Direct aplication (deployed on SAP J2EE 7.0) using HTTP Header variable authentication.
As per SAP documentation I have created a new login module "HeaderVariableLoginModule" pointing to class "com.sap.security.core.server.jaas.HeaderVariableLoginModule".
Then I have added this new login module to Statck "Ticket" and the new config looks as below. HTTP header when UID is passed is USI_LOP.
Name                                                                                Flag                                            Options
com.sap.security.core.server.jaas.HeaderVariableLoginModule    Sufficient                                    ume.configuration.active= tue,
                                                                                Header=USI_LOP
BasicPasswordLoginModule                                                           Optional
CreateTicketLoginModule                                                                 Optional                                         ume.configuration.active= tue
EvaluateTicketLoginModule                                                              Sufficient                                      ume.configuration.active= tue
The problem I am now having is that the authentication through HTTP_HEADEr does not work. Even though I ahve increased the trace level for JAAS module to debug, there is not any type of information generated in the log.
Each time I call the Biller Direct URL from the extrenal web server which also passes the HEADER variable for Authntication, the authrisation just fails and I am being shown a Logon Screen to pust UID/PASSWORD.
Can someone please guide me, how I can debug this? There is very no information whether anyone tried to login with HEADER varibale and that has failed...
Also, I am not pretty sure whether I am using the right Authentication Stack, which is is Ticket in my case..
But when I enter the application without any URL redirects and enter UID and password directly for Biller Direct, I get the following in log file, which makes me believe that I am using the right stack.
LOGIN.OK
User: CONDLG
Authentication Stack: ticket
Login Module                                                               Flag        Initialize Login      Commit     Abort      Details
1. com.sap.security.core.server.jaas.HeaderVariableLoginModule             SUFFICIENT ok          false      false
2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   OPTIONAL    ok          true       true
3. com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok          true       true
4. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT ok          false      false
Central Checks                                                                                true
Any help will be very much apprecated..
Thanks,
Vikrant Sud

Vikrant,
The reason why it is not working is because your login modules in ticket stack are in wrong order and with wrong flags. The first one should be EvaluateTicketLoginModule with flag=SUFFICIENT, then the Header Variable login module, with flag=OPTIONAL, then CreateTicketLoginModule with flag=SUFFICIENT, then BasicPasswordLoginModule with flag=REQUISITE, and lastly CreateTicektLoginModule with flag=OPTIONAL
Thanks,
Tim

Surrogate-Control http header

Similar Messages

Maybe you are looking for