06-02-2010 10:53 AM
Hi Folks,
I am working on a Portal 6 - Web AS 6.40 SPS 21
I have strange proprietary application (I guess aspx) handling user authentication in the production Portal: whenever a user points the browser to the production portal public URL (say https://portal.customer.com), a reverse proxy forward the request to the custom auth app; the user enters his domain credentials and, if successful, he's redirected over the Portal, in an authenticated session (if I look at the browser cookies I can see the SAPSSO2).
Now the problem: I would like my web module project (I am writing a very simple JSP using Web Module Project and Ent. App. project to deploy) to behave exactly as /irj does from a security perspective.
Question 1: how do I have to set up security in my xml descriptors (web.xml and web-j2ee-engine.xml) in NWDS to achieve this?
Question 2: do I need to change the auth template in the Security Provider in Visual Adiministrator for my app, or just leave it with the "basic" auth module it originally comes? I am confused about this because I would expect a "ticket" template with its 5 modules stack to be more appropriate then "basic", but if I look at how irj is configured in the Security Proivider, I see only "basic" used...
Finally: I am (try to be) a strict-RTFM-observer as much as I can, but I really need your help here guys.
Hope someone can shed some light on this foggy topic.
Thanks in advance.
Cheers,
Alex
06-05-2010 9:21 AM
Ok guys, fixed it myself, luckily.
See /people/alessandro.guarneri/blog/2010/06/05/http-header-variable-authentication-in-sap-portal