cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Change to FORM based authentication for custom application on EP7

Former Member

on ‎06-22-2009 10:19 AM

0 Kudos

Hi All,

We have developed a custom application for setting up SSO between portal's and the backend system's using redirectURL options. Currently when we access the application erpsso that we have developed, it uses basic authentication (ie., it uses a popup screen for getting login information).

Now we want to change it to use form based authentication, ie., instead of getting a popup, we need to get a login form (default provided by Netweaver), to login to that application. Here is the web.xml that i got from this application.

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"

"http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>

<display-name>WEB APP</display-name>

<description>WEB APP description</description>

<servlet>

<servlet-name>getsso.jsp</servlet-name>

<jsp-file>/getsso_old.jsp</jsp-file>

</servlet>

<servlet>

<servlet-name>getsso2.html.jsp</servlet-name>

<jsp-file>/getsso2.jsp</jsp-file>

</servlet>

<servlet>

<servlet-name>getsso.jsp1</servlet-name>

<jsp-file>/getsso.jsp</jsp-file>

</servlet>

<servlet>

<servlet-name>revalidate.jsp</servlet-name>

<jsp-file>/revalidate.jsp</jsp-file>

</servlet>

<security-constraint>

<display-name>SecurityConstraint</display-name>

<web-resource-collection>

<web-resource-name>WebResource</web-resource-name>

<url-pattern>*</url-pattern>

</web-resource-collection>

<auth-constraint>

<description>SSO Users will be promted for login</description>

<role-name>SSOUSERS</role-name>

</auth-constraint>

</security-constraint>

<login-config>

<auth-method>FORM</auth-method>

<realm-name>ERPSSO</realm-name>

</login-config>

<security-role>

<description>Role for all SSO users</description>

<role-name>SSOUSERS</role-name>

</security-role>

</web-app>

I have already changed the <auth-method> to FORM, but still we are getting popup screen for login when we login to this application.

Can anyone help suggest the solution.

Thanks and Regards,

Sailesh K

Edited by: Sailesh Kamaraj on Jun 22, 2009 11:21 AM

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎06-22-2009 8:49 PM
0 Kudos

Hello,

As long as you did not define the logon page location, the application pops up the HTTP protocol based authentication. What you need to do is to develop a logon page with HTML form (logon.jsp in this example) and declare that page in the web.xml:


    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>ERPSSO</realm-name>
        <form-login-config>
            <form-login-page>logon.jsp</form-login-page>
            <form-error-page>logon.jsp?error</form-error-page>
        </form-login-config>
    </login-config>

The other way round is to drop the web.xml security configuration and start using the UME API. Then the user will be redirected to the standard SAP logon page for authentication:


<%@ page language="java" %>
<%@ page import="com.sap.security.api.*" %>
<%  IUser user = UMFactory.getAuthenticator().getLoggedInUser(request, response); %>
<html><body>
<h1>Welcome, <%=user.getDisplayName()%>!</h1>
</body></html>

Hope this helps.

Kind regards,

Tsvetomir

Show replies
Show replies
Former Member
‎07-10-2009 1:55 PM
0 Kudos

Hi

Kindly refer to my answer on thread

Regards

Vikram

Ask a Question