User authentication (JSP) with knowledge warehouse 4

Similar Messages

• User authentication error with Proxy Java Calling web Service in XI

  Hello,
  I have deploy a Web Service in SAP XI 3.0. within a SOAP sender adapter.
  I have also created the Proxy Java Class to access the webservice in the Developer Studio and a Plain Java Class (only with a method main) which uses the proxy classes to consume the web service.
  But when I launch the program a get the next error message:
  java.rmi.RemoteException: Service call exception; nested exception is:
       com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized.
       at com.everis.serviciosweb.xi.MI_OUT_STATUSBindingStub.MI_OUT_STATUS(MI_OUT_STATUSBindingStub.java:73)
       at com.everis.llamadas.invocacionWSStatus.main(invocacionWSStatus.java:76)
  Caused by: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized.
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.handleResponseMessage
  Where MI_OUT_STATUSBindingStub is my Stub Class.
  I have tried to set USERNAME_PROPERTY and PASSWORD_PROPERTY at runtime from my Stub class to the values that I use to access SAP XI (Integration Repository & Integration Directory) but it still doesn't´t work.
  Have anyone a solution?
  Thanks.

  Hi,
      finally I have fixed it.
  The root of the problem was on the way that I proceed with the generation of wsdl in Integration Directory.
  The second step in the wizard for generation of wsdl ask for a url to call the web service and gives you an option to complete the url automatic. I have use this option and it have proposed my an url of type http://<host>:<port>/sap/xi/engine?entry=.......
  But the SOAP adapter call is in the form http://<host>:<port>/XISOAPAdapter/MessageServlet?channel=<party>:<business service>:<channel>
  So using this type of url in the generation of wsld solves all the problems.
  Regards,
  Antonio.

• Solution Manager instead of Knowledge Warehouse?

  Hi!
  We work today with Knowledge Warehouse (Version: 6200.600.144) to manage user guides and connect the user guides with R/3 via transactions. As we are upgrading SAP-GUI to 7.10 our version of KW stops to work with R/3. This means in the current situation that the person administering user guides in KW can not upgrade its GUI, which is unsustainable in the long run. It also means that KW does not work with our solution with Citrix/Metaframe.
  Therefore think we should take hold of this and focus on the possibility of using Solman as a possible replacement for KW. Is it at all possible to manage user guides in Solman? Can Solman generate html pages? Can Solman make same bindings via R/3 with transactions as our version of KW?
  We do not want to upgrade KW.
  What are your recommendations if Solman is not an option?
  Sincerely
  Jesper Sandberg

  Hi,
  Pls hav a look into dis.
  [http://help.sap.com/saphelp_smehp1/helpdata/en/4d/e41b12141f442786b0084d7842a99d/frameset.htm|http://help.sap.com/saphelp_smehp1/helpdata/en/4d/e41b12141f442786b0084d7842a99d/frameset.htm]
  Thx,
  waseem

• User Authentication possible???

  Greetings all.
  I'm working on a contract where the client is taking a first step at SOA, mainly for
  automating now manual processes. Part of the requirement is to implement a user interface to
  input/view data. The user interface is to be a web-app and any new business logic is to be
  done using JEE/Java web services. CAC's (Common Access Cards) (PKI certificates) are to be
  used for user authentication along with SSL.
  The problem is that while the client has stated that the user
  interface is to be made available as a thin-client (web browser), they have also stated that
  the server is NOT to be certifcate enabled, only the application.
  Is this even possible?
  This client is extremely fustrating as they have tasked many of there own people with JEE
  design and project management, yet not a single one of them has ever done any JEE
  developement, and very little, if any, other programming, and are very lacking in the
  area of project management and meeting organization.
  If it is possible, I suspect it would either be a huge amount of work, or require purchasing
  a third party product, which again, is something they have said they do not want to get
  locked into.
  Any thoughts.
  -Ed.
  To clarify, the question is, is it possible to do 2-way mutual client-cert authentication without having to configure it at the server?
  Edited by: Ed_Ward on Nov 12, 2009 3:20 PM

  I have seen a couple solutions to the problem that you are facing. I unfortunately have seen situations such as yours more than once.
  In the passed I usually simply tell them that they are incorrect in their requirments the server will be certificate enabled as "they know" this is the normal scenario. This strategy is usually "employment limiting". But i like it.
  If you are useing SSL then it is likely that personal information or personally identifiable information is being transfered. Many areas have laws about this with a little research you could make the case they must allow certificates on the server for legal compliance. (which may actually be true)
  If the server is not to be certificate enabled then perhaps enable certificates on another server.
  I have seen authentication done for applications deployed on glassfish in which the user had a user name, password and a dongle (which contained a client cert) that plugged into the USB port. In this case they where using OpenSSO. Plug-in and features and profiles in open sso handled all the login issues
  You could try mutual-authentication at a reverse proxy server in front of the application. ie set-up apache with a mutual auth ssl virtual host which passes through to the application with mod_jk. just keep the application server well fire-walled.
  Unfortunately most cases like this that I have been in are projects designed to fail. Which in my opinion is also a legal issue. Either way I would like to hear how things turn out.

• User authentication in knowledge warehouse 4

  Hi all,
  I am not sure whether I am posting into the right forum regarding my question but I'll go ahead anyhow :).
  I need to add a link to the knowledge warehouse browser gui that calls a JSP. This JSP will finally call a function module on the R/3 KW, but needs to authenticate the user before being allowed to make the call.
  I am wondering how user and password information are stored/maintained in a knowledge warehouse browser context. They are definitely not stored in a cookie, as far as I found out. Does anyone know if they can be found and accessed somehow?
  This is a vital question for the project I am working on and therefor I am very thankful for any input on this!
  With best regards,
  Helga

  Hallo Klaus,
  thanks for helping me out on this. I guess I should have posted it to the Java Programming forum what I will do now.
  I am curious if I will get a reply from out of the "dark inhouse channels" ;-).
  Thanks again!
  Helga

• End-to-End user authentication with XI

  Dear community,
  we sit in a situation where the customer wants to have an end-to-end-authentication throughout an integration process.
  The setup is as follows: a dialog-user in a legacy system uses an application that triggers an integration process through XI into SAP ERP. The dialog-user in the legacy system must be used for authentication in XI as well as SAP ERP.
  To avoid having to re-create all users in XI and SAP ERP, ideally an LDAP instance would be used for authentication.
  Based on my knowledge, the above scenario is not possible with XI and there is a 2 year old thread discussing the same without any positive outcome:
  XI and user authentication VS R/3 systems
  Nevertheless I consider this requirement as a pretty standard one. Has there been any development in this area - or how have similar customer requirements been met ?
  Thanks a lot in advance !
  Jochen

  Hi Jochen,
  i've heard rumours saying that credential forwarding will be incorporated in the next XI release as it is a rather frequent requirement by customers and will make live much easier.
  Maybe you can get a statement through your clients SAP account representative on the release date and the planned feature.
  Regards
  Christine

• Proxy User Authentication with SQL Developer

  Hello,
  I realized that there are 2 methods for configuring SQL Developer to user Proxy User Authentication.
  1) one-session method with Syntax:
  personaluser[appuser]
  2) two session-method with dialog "Proxy Connection"
  For me it is unclear, why anybody would want to use the two-session-method.
  a. you need username/password for both user acocunts (personaluser and appuser)
  b. it is unclear which operations in SQL Developer are using the personaluser account. It seems that the SQL Window is only using appuser account.
  What was the motivation to implement Two Session Method?
  Best regards,
  Martin

  I found the possibility that proxy authentication of both accounts can be enforced:
  SQL> alter user appuser grant connect through personaluser AUTHENTICATION REQUIRED;
  I guess that this is the motivation for implementing the 2-session proxy connection method in SQL Developer.
  Regards,
  Martin

• Redirect to the jsp page after user authenticated successfully  …

  Here is the requirement …
  I’m using “JAAS – Custom Login Module” for user authentication.
  I have few questions in Portal Logon process …
  1. Exactly at what point I can conclude that the user has been authenticated successfully, because I have to redirect the user to some other page for the first time logon to enter some information, subsequent logins shouldn’t be redirected. (I can update flag upon entering information).
  2. Where should I add my redirection code? Is it in my JASS Custom Login Module?
  If yes, how can I do that ? I’m more consider on “where should I add it”?
  3. Do I need to change my “UmLogonPage.jsp” to complete my requirement?
  4. Once after entering the Logon information, who will call my JASS – Custom Login Module for authentication? If authentication has failed who will return the control back to the “umLogonPage.jsp”?
  5. In my JASS Custom Login Module, I have no redirections except having logic for authentication process, and some Login Exceptions are thrown for failure logins.
  6. Who will catch these exceptions for failure logins to redirect back to the “umLogonPage.jsp”.
  7. Finally I like to know where can I add my redirection logic once the user has been authenticated successfully?
  8. last but not least can any of the experts explain the whole login process (using JASS module)? How the control goes from one component to another?
  Any kind of help is appreciated.
  Points can be awarded for useful answers.
  Thanks
  MMK

  Thanks a lot for your valuable reply.
  yes what you said was correct, storing information in R/3 System and getting the details from FM using Connector framework.
  You said i have to modify "header.jsp", can you please tell which .par file should i get to modify?
  one more question to you ... i have provide custom logon error messages to the user ... i did all the modification in logon.par and deployed in EP 6 .. working fine .. i can able to see "User ID Missing" , "Password Missing" etc ..
  when i place same peace of code in EP 7 it always displaying "User Authentication failed". can u guess what whould be the problem?
  Thanks
  MMK

• Need help with external user authentication

  Hello,
  I need some help to set up an external user authentication in Oracle DB 10g. Using the documentation at
  http://www.oracle-base.com/articles/misc/OsAuthentication.php
  I added the user alex to my linux system and checked the parameter os_authent_prefix:
  SQL> show parameter os_authent_prefix
  NAME TYPE VALUE
  os_authent_prefix string ops$
  SQL>
  I created the oracle user alex using
  CREATE USER alex IDENTIFIED EXTERNALLY;
  as well as
  CREATE USER ops$alex IDENTIFIED EXTERNALLY;
  The parameters in the sqlnet.ora are set to
  NAMES.DIRECTORY_PATH = (TNSNAMES, HOSTNAME, EZCONNECT)
  SQLNET.AUTHENTICATION_SERVICES = (ALL)
  Being the local user alex on the linux server I can login:
  $ sqlplus /
  SQL*Plus: Release 10.2.0.1.0 - Production on Tue Aug 30 08:56:26 2011
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Connected to:
  Oracle Database 10g Release 10.2.0.1.0 - 64bit Production
  SQL>
  Now using a Windows Client:
  C:\>sqlplus alex@<netservicename>
  SQL*Plus: Release 10.2.0.1.0 - Production on Di Aug 30 10:31:37 2011
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Kennwort eingeben:
  ERROR:
  ORA-01017: invalid username/password; logon denied
  - So, what's wrong?
  - Do I always have to create oracle users with the prefix "ops$" to the local username? How do these users login - with or without the prefix 'ops$'?
  - I read that kerberos authentication is only available through oracle advanced security addon. What about authentication through ldap?

  Obviously it doesn't work from any remote system.
  For this to happen the parameter remote_os_authent would have been set to true.
  Warning: this poses a security risk.
  As far as I know you should have been logged in as alex on the client, and using sqlplus /
  However, from 10g onwards Oracle comes with Oracle Wallet, which stores the password encrypted outside the database in a file, called wallet, and which is accessible from anywhere.
  You would better use that.
  Sybrand Bakker
  Senior Oracle DBA

• User Authentication Failed via http BUT not with Visual Administrator !!?

  OS : Win 2k3 Server UK * DB : SQL Server 2005
  SAP Netweaver 2004s Application Java
  Hi All,
  Since a couple of days, I have a problem concerning authentication to the java apllication on a SAP Netweaver 2004s.
  Using the user ‘Administrator’, I CAN logon the Visual Administrator tool, with the same user I tried to logon via http://host:port/nwa without success.
  At the beginning, I was thinking about a problem of password then I enabled the emergency user SAP*, the problem was the same. Ok with Visual Administrator but not via http.
  Here is two logs found in folder : D:\usr\sap\SID\JC02\j2ee\cluster\server0\log\system\
       security.3.log
       <i>#1.5#001871E5EA3A00550000006D0000172800043B836D838427#1191335570983#/System/Security/Audit#sap.com/com.sap.security.core.admin#com.sap.security.core.util.SecurityAudit#Guest#0####5aac137070f411dcc513001871e5ea3a#SAPEngine_Application_Thread[impl:3]_11##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest     | LOGIN.ERROR     | null     |      | Login Method=[default], UserID=[Administrator], IP Address=[192.168.10.125], Reason=[Authentication did not succeed.]#</i>
       server.0.log
       <i>#1.5#001871E5EA3A0052000000130000172800043B835E3661D1#1191335314249#/System/Server/SLDService##com.sap.sldserv.SldServerFrame######c1a349a070f311dcaa68001871e5ea3a#SAPEngine_System_Thread[impl:5]_71##0#0#Warning#1#com.sap.sldserv.SldServerFrame#Plain###Failed to collect SLD data. Failed to send HTTP data: 401 : Unauthorized. Please check if the target SLD system is available and the SLD bridge is started there.#</i>
  &#61664; I tried to connect http://host:port/sld same problem User Authentication Failed
  <b>Do you have an idea for me? Why a user can connect via Visual Administrator and not via the http interface?</b>
  Thanks in advance
  Yves

  Hi,
  I found the solution this last week-end.
  This behavior let's thinking to a problem of authentication.
  But the problem was in SQL, an index was missing in table J2EE_CONFIG, called J2EE_CONFIG_I3
  Cheers
  Yves

• Problems with 802.1x MS PEAP machine and user authentication

  Using Microsoft PEAP 802.1x client on Windows XP SP2, if we enable machine authentication against a Windows Domain, the machine authentication is successful and the machine gets access to the network. However, when user logon occurs to the domain, contrary to the flow given in ACS and Windows documentation, no user authentication takes place.
  We need to differentiate user access based on their identities. We need machine authentication only to allow users access to the domain controller and also GP implementation.
  Any idea why user does not get prompted when they logon. 802.1x is configured in users profile and I have tried with both integrated and non-integrated with Domain logon (i.e. "use my windows logon name and password and domain (if any) option"
  There is no record of any identity request/response in ACS after the initial machine authentication (which appears in successful authentication log)
  We are using MS-CHAPv2.

  Update...The problem of cached credentials in MS PEAP does not occur if "enable logon using Windows username and password (and domain if any) is checked. Using this option, MS PEAP always uses logged on users most current credentials.
  However, using this option sends the username as "DOMAIN\USERNAME". Since we are using ACS internal database for user authentication (even though the ACS and Windows passwords are same - using an identity management system) ACS does not recognize the user.
  I have tried proxy distribution with prefix stripping but it does not seem to work when it is pointing to the same ACS server on which proxy distribution is configured and which receives the request.
  Any idea how the domain\ can be ignored by ACS?

• User Authentication using Servlet and JSp

  Hi,
  I am developing a web app where i need to implement user Authentication to allow members to view and upload files on a certain directory say /data
  For this i am using a servlet as a controller which then forwads request to other jsps/servlets based on user response. I tried using servlet mapping in web.xml so that all browser requests would be directed to controller servlet and would branch from there on. However the problem all RequestDispatcher.forward() requests redirected to the servlet putting it in a loop.
  Is there another way to achieve this. (Apart from using form-based Basic Authentication).
  I am using Resin 1.2.8 servlet/jsp container.
  Any response as soon as possible would be appreciated.
  Thanks,
  Kushagra

  RequestDispatcher.forward() cause the HTTP request to be sent through the request processing flow as if the original request for the resource being forwarded to.
  It seems the servlet mapping you are talking about in web.xml should be made more specific. i.e. the mapping should be such that only your so called controller servlet will match up.
  You might want to specify the mapping for the controller servlet to be noticeably/effectively different from the mapping for other servlets and JSPs.

• "User authentication failed" when connecting with Visual Administrator

  Hello,
  I am having trouble making a connection to my local J2EE Engine using the Visual Administrator (VA).
  I open the VA interface and create a new connection. The default User Name is "Administrator". I put in "localhost" for host, "50004" for port and leave the Transport Layer selection to "Default".
  When I try to connect this way I get the following message:
  User authentication failed
  Next I went into Start|Settings|Control Panel|Users and Passwords  and saw that there were several ids created by the Developer Workplace (DW) installation. The ids that I see are: j2eadm,sapadmin,sapinstall and SAPServiceJ2E
  I checked all of them to see what groups they're members of and they're all at least members of "Administrators" group.
  There are also 3 new groups that must have been created by the DW installation: SAP_J2E_GlobalAdmin, SAP_J2E_LocalAdmin and SAP_LocalAdmin.
  The j2eadm id belonged to all 3 new sap groups so I changed its password to something I'd remember and then changed the connection to use that login.
  When I tried to connect thru VA using this id and the new password I still get the "User authentication failed" error message.
  Can anyone please tell me what I'm doing wrong?
  Thanks in advance for any help.
  David.

  Hi,
  During the installation the SAPINST asks for a Administrator  Password.. This password is very important.
  We had kept same passwords for all userids to start with.
  This helped reduce lot of confusion.
  Warning: if you enter the wrong password 5 times, the userid 'Administrator' gets locked.
  However there is an Emergency password recovery procedures.
  Try this link
  http://help.sap.com/saphelp_erp2004/helpdata/en/3a/4a0640d7b28f5ce10000000a155106/frameset.htm
  Hope that helps
  Regards,
  Siddhesh

• Machine and User authentication with ISE 1.2.1

  Hi ,
  Can any one tell me in machine authentication what access need to be enable DACL for machine logon?
  Can we enable the access on port level ? direct to tcp/udp or ip level what is the best practice.
  Thanks 
  Pranav

  is this what you are looking for EAP Chaining which uses a machine certificate or a machine username / password locked to the device through the Microsoft domain enrollment process. When the device boots, it is authenticated to the network using 802.1X. When the user logs onto the device, the session information from the machine authentication and the user credentials are sent up to the network as part of the same user authentication. The combination of the two indicates that the device belongs to the corporation and the user is an employee.
  http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_80_eapchaining_deployment.pdf

• Machine Authentication and User Authentication with ACS v5.1... how?

  Hi!
  I'm having trouble setting up Machine Authentication and User Authentication on ACS v5.1 using WinXP SP3 (or SP2) as supplicant.
  This is the goal:
  On wireless (preferably on wired too) networks, get the WinXP to machine authenticate against AD using certificates so the machine is possible to reach via for example ping, and it can also get GPO Updates.
  Then, when the user actually logs in, I need User Authentication, so we can run startup scripts, map the Home Directory and so on.
  I have set up a Windows Sertificate server, and the client (WinXP) are recieving both machine and user certificates just fine.
  I have also managed to set up so Machine Authenticaton works, by setting up a policy rule that checks on certificate only:
  "Certificate Dictionary:Common Name contains .admin.testdomain.lan"
  But to achieve that, I had to set EAP Type in WinXP to Smart Card or other Certificate, and then no PEAP authentication occurs, which I assume I need for User Authentication? Or is that possible by using Certificates too?
  I just don't know how to do this, so is there a detailed guide out there for this? I would assume that this is something that all administrators using wireless and WinXP would like to achieve.
  Thank you.

  Hello again.
  I found out how to do this now..
  What I needed to do was to add a new Certificate Authentication Profile that checks against Subject Alternative Name, because that was the only thing I could find that was the same in both user certificate and machine certificate.
  After adding that profile to the Identity Store Sequences, and making tthe appropriate rule in the policy, it works.
  You must also remember to change the AuthMode option in Windows XP Registry to "1".
  What I really wanted to do was to use the "Was Machine Authenticated" condition in the policies, but I have never gotten that conditon to work, unfortunately.
  That would have plugged a few security holes for me.