Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Enterprise Portal 7.3 Cannot login after loading loginmouldestack

Former Member
0 Kudos

Hi,

We are trying to implement header authentication to SAP EP 7.3 with Tivoli Access Manager for e Business. We followed the attached PDF from SAP to implement ip header authentication.

We followed the steps below:

  1. 1. Deployed the package (https://sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/business_packages/a1-8-4/IPHea...) with JSPM tool. The package was deployed successfully.
  2. 2. Configured the system for authentication with header variable. The header authentication was working successfully. We were able to login through a HTTP header passed by Tivoli Access Manager.
  3. 4. Registered a new login module with the class name de.platinion.security.IPHeaderLoginModule and name, IPHeaderLoginModule at the following location NWA>Configuration>Security>Authentication and Single Sign-On>Login modules.
  4. 5. In the NWA>Configuration>Security>Authentication and Single Sign-On, replaced the HeaderVariableLoginModule from the login module stack ticket with the new IPHeaderLoginModule. Added the following properties for this module:

-       Header = <TAM header name>

-       Ume.configuration.active = true

-       Ip = <TAM IP address>

The login module stack looks like:

-       EvaluateTicketLoginModule  SUFFICIENT  {ume.configuration.active=true}

-       IPHeaderLoginModule REQUIRED {ip = TAM_IP_ADDRESS, ume.configuration.active=true, Header=<header_name>}

-       BasicPasswordLoginModule REQUISITE {}

-       CreateTicketLoginModule OPTIONAL {ume.configuration.active=true}

After making this configuration change we restarted the EP J2EE engine. After restart we were not able to login though the Web GUI. The header authentication as well as the direct URL (username/password) authentication is not working. We are basically locked out of the system and cannot make any change in the configuration.

Please advise on next steps.

9 REPLIES 9

Former Member
0 Kudos

I had the same problem when I loaded the IPHeader Login Module in to our EP 7.3 System. In order to be able to login to Portal again login to Config tool and remove the class loader property from the config tool and restart the J2EE engine. Then you should be able to login to portal again.

The IPHeader Login Module that is currently available on sdn.sap.com is not compatable with 7.3 version.

The IPHeaderLoginModule library references the standard SAP classes “com.sap.engine.interfaces.security.AbstractLoginModule” and “com.sap.security.core.server.jaas.HeaderVariableLoginModule”. These class files are part of the standard SAP security libraries “security_api.jar” and “security.jar” files in the old 640 and 700 systems. When the IPHeader Login module was created the standard security api files were referenced in the code. This library was compiled using the old jdk 1.4.

With the new EP 7.3 the security libraries security.jar and security_api.jar are no longer available. The standard SAP classes ““com.sap.engine.interfaces.security.AbstractLoginModule” and “com.sap.security.core.server.jaas.HeaderVariableLoginModule” still exist in the new 7.3 version but these are defined in the new security libraries “sap.com~tc~je~security~impl.jar” and “sap.com~tc~je~security_api~impl.jar”. And on top of that JDk used by EP 7.3 is 1.6 version. So, EP 7.3 doesnot understand the IPHeader library compiled with jdk 1.4 and the old security libraries and that is the reason why you find "Java class com.sap.security.core.server.jaas.HeaderVariableLoginModule cannot be found" errors in the default trace and diagtool traces.

Since this component was never an SAP delivered component you most probably will not get support on this from SAP.

But since the code used for generating this library is available you can create a new custom login module using the existing code and by referencing the new security libraries "sap.com~tc~je~security~impl.jar” and “sap.com~tc~je~security_api~impl.jar” in NWDS 7.3.

In NWDS 7.3 since there is no direct way of creating  a library project, you will have to create a java project with the IPHeaderLoginModule code first and then create a ear project referencing the java project that you created earlier. This new ear project will now have the new library jar file. Now deploy this ear project into EP 7.3 and follow the below steps

(Steps for creation of new login Module are available on this wiki page http://scn.sap.com/community/netweaver-portal/blog/2012/01/30/getting-started-with-netweaver-73-port...)

1. Update class loader proerty with the new library name (Library name can be obtained from NWA Java Class Load Viewer)

2. Define the new login Module in NWA -> Configuration -> Security -> Authentication and Single Sign On -> Login Modules


3. Update the policy configuration "ticket" with the new IPHeaderlogin module and usually this login module is at priority 2 with option "optional". But adjust this login module as per your requirement.
Make sure to add the additional properties

com.ume.configuration = true
ip = <List of WAM IP's>
Header = <header_user>

I hope this helps.

Durga Pilli.

0 Kudos

Hi Durga

I am pretty sure I am experiencing a similar issue - except that I accidentally removed the basiclogin module and need to add it back (if possible).

In your reply you stated the following:

In order to be able to login to Portal again login to Config tool and remove the class loader property from the config tool and restart the J2EE engine. Then you should be able to login to portal again.

Can you please advise where this class loader property is? I have found one in the security area and the other in another area, however the values there for this property were blank.

Thanks in advance.

Rajdeep

0 Kudos

I have also faced the similar situation where in i removed the basic login module after which i was not able to login into the EP...., after addin it again i was able to login back.

0 Kudos

Hello Devpriy

My issue is that when I try to log back into the Netweaver Administrator I cannot get through as it gives me an unauthorised message.

Is there a way that this can be changed using the Config Tool?

0 Kudos

Hello Rajdeep,

Well not sure but i think you can try actvating emergency user with the help of config tool which will have super admin role and thn you can do many things..,

Hope it helps.

0 Kudos

Hi Devpriy

Sounds like a good idea. I'll give this a go and advise you on how this goes.

Cheers

Rajdeep

0 Kudos

Hello Rajdeep,

Was this issue resolved ever> I am in the same situation and wondering if you were able to resolve the situation before.

Please share the resolution in case you resolved it.

Kamal

0 Kudos

Hi Durga,

As you mentioned in your reply that code of IPHEADERLOgin moduleis availaible,

so can you please let me know from where I can get the code.

I need to implement the same login module.

Regards,

Anand