on 05-13-2014 11:46 AM
Hi,
We have configured the Secure login Server and enabled the SPNEGO. We are getting the certificates and able to fully get the features of X.509 and Kerberos functionallity in ABAP.
However in the case of JAVA stack it is not taking the windows authentication and logging in instead prompting to enter the user name and password.
Any help on this is appreciated.
Regards
Mukunthan
I think that the Service Principal ID may be corrupted. Recreate the SPNs and check
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
1. solution is to delete the service account and and recreate with assigning the SPN.
2. goto internet options -> security -> custom level -> user authentication -> and select automatic logon with current username and password. (IF using IE)
hope this will resolve the issue.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mukunthan,
From the traces taken, I cannot see the issue as this message
is shown in the failure of SPNego
"SPNego authentication has failed during previous attempt."
This means there is still references in the cache. Please clear the browser cache then close all browser sessions.
Take a new trace and attach here.
Some recommendation:
Try changing the mapping to the following
Mapping Mode = Principle Only
Source = Login ID
Also Adjust the ticket stack and add an addiontiona CreateTicketLoginModule after
3. com.sap.security.core.server.jaas.SPNegoLoginModule
Remove com.sap.engine.services.security.server.jaas.ClientCertLoginModule if not required
Regards,
David
Hi Mukunthan,
Now I can see why the SPNego is failing. The following error is written to the traces.
NTLM token received in authorization header
This message tells us that the system is receiving an invalid token and cannot process it. This issue is actuallyoutside of the SPNego configuration and is caused by a
problem on the Client side or domain controller.
Please have a look at the following KBA regarding this
1649110 - SPNego for Kerberos Authentication: NTLM token received in
authorization header
Please try the suggestions given there to resolve or at least figure
out as to why this is happening.
Regards,
David
Hi Mukunthan,
To get more information on why SS0 is failing, you should capture traces with the webdiagtool trace as per note 1045019.
If you are using an NW AS Java 7.3 system then use the Security Troubleshooting wizard from note 1332726.
After you capture the traces, you can let us know here what details are written.
Regards,
David
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Following is the log trace. I am using AS JAVA 7.4. From security trouble shooting wizard, i pulled the trace.
Trace as follows
Can't map exception.
[EXCEPTION]
com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user.
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:131)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:280)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:876)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:453)
at com.sapportals.portal.prt.service.hook.SecurityHookService.doNodeHook(SecurityHookService.java:151)
at com.sapportals.portal.prt.connection.PortalHook.doNodeHook(PortalHook.java:383)
at com.sap.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:136)
at com.sap.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:49)
at com.sap.portal.prt.pom.PortalNode.createComponentNode(PortalNode.java:270)
at com.sap.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:445)
at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:202)
at com.sap.portal.prt.dispatcher.DispatcherServlet.service(DispatcherServlet.java:132)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at com.sap.portal.prt.dispatcher.CustomHeaderFilter.doFilter(CustomHeaderFilter.java:58)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:334)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:490)
at com.sap.portal.navigation.Gateway.service(Gateway.java:161)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at com.sap.portal.http.EnrichNavRequestFilter.doFilter(EnrichNavRequestFilter.java:49)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at com.sap.portal.prt.dispatcher.CustomHeaderFilter.doFilter(CustomHeaderFilter.java:58)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:432)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:278)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by: javax.security.auth.login.LoginException: Trigger SPNEGO authentication.
at com.sap.security.core.server.jaas.SPNegoLoginModule.initialStateException(SPNegoLoginModule.java:366)
at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:173)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:66)
... 64 more
Regrds
Mukunthan
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.