cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Custom Login Module

Go to solution
Former Member

on ‎05-04-2006 10:07 PM

0 Kudos

Hello Everyone,

I am trying to create a custom login module which just authenticates users to an Oracle database table by following the example at <a href="http://help.sap.com/saphelp_nw04/helpdata/en/3f/1be040e136742ae10000000a155106/content.htm">this link</a>. My requirement is that, I should use this module for my J2EE web app. But, since my users don't exist in UME of SAP WebAS, I can not assign any users to my J2EE app in Visual Administrator>Security Provider Service.

So, does this mean that, I can not create a custom login module and authenticate users who do <b>not</b> exist in UME ?

If this is not possible, what are my options? I want to use Single Sign On between multiple J2EE apps where the users of these apps aren't tied to UME and exist in a separate database table.

Just that this question relates so much to Web AS in general, I am putting it here in this forum.

Thanks,

Kiran<b></b>

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

yonko_yonchev
Active Participant
‎05-05-2006 10:40 AM
0 Kudos

Hi Kiran,

To disperse any confusion - the UME does not store user information per se - the UME data sources do that. The UME enables the J2EE Engine to access the user data in the external data source. The latter can be and ABAP system, Dbase or an LDAP directory server.

So, the answer to your first question is that your custom login module will not <i>authorize</i> access for a user that does not exist in a UME data source (not the UME itself!). For that matter, any login module will fail to authenticate such a user, simply because the user store limits the user IDs that can be used to gain access and a user ID outside of these limits will be denied access.

As for your options - given you don't want the UME to access the database table - you'll have to provide a mapping mechanism (possibly in the custom login module) to map J2EE engine user IDs to the user IDs in the database table. This is the only option I can think of, and it will come down to developing a very much custom solution that likely won't be very secure at that. The other option would be to use the UME to retrieve the user data but store the corresponding users in separate User Groups for separate authorization management...

Hope this helps you out...

Regards,

Yonko

Show replies
Show replies
Former Member
‎05-05-2006 7:26 PM
0 Kudos

Yonko,

As you said correctly, I was meaning UME data source when I said "UME". Thanks for the response. For my scenario, there are no users in the UME datasource that I can map the users stored in external database to. So, I would have to forget the total idea of having custom login modules.

The initial idea was to use custom Login modules and implement SSO between couple of J2EE apps we are making. Now, I have to think of alternatives of providing SSO capability without using custom login modules.

Thanks again,

Kiran

Answers (0)

Ask a Question