cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO for Java not working

dm_mukunthan
Explorer

on ‎05-13-2014 11:46 AM

0 Kudos

Hi,

We have configured the Secure login Server and enabled the SPNEGO. We are getting the certificates and able to fully get the features of X.509 and Kerberos functionallity in ABAP.

However in the case of JAVA stack it is not taking the windows authentication and logging in instead prompting to enter the user name and password.

Any help  on this is appreciated.

Regards

Mukunthan

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Akashcm10
Explorer
‎05-20-2014 10:01 AM
0 Kudos

I think that the Service Principal ID may be corrupted. Recreate the SPNs and check

Show replies
Show replies
Akashcm10
Explorer
‎05-14-2014 9:22 AM
0 Kudos

1.  solution is to delete the service account and and recreate with assigning the SPN.  

2. goto internet options -> security -> custom level -> user authentication -> and select automatic logon with current username and password. (IF using IE)

  1. add the url to trusted sites in internet options -> Security -> Trusted sites ->sites
  2. goto internet options -> Security -> Trusted sites -> custom level -> user authentication -> and select automatic logon with current username and password.

hope this will resolve the issue.

Show replies
Show replies
dm_mukunthan
Explorer
‎05-14-2014 11:02 AM
0 Kudos

Hi Krishna Prasad,

I tried with your option but no luck.

Regards

Mukunthan

davefitzgibbon
Advisor
Advisor
‎05-14-2014 11:11 AM
0 Kudos

Hi Mukunthan,

In the trace, you should also see the authentication (Ticket) stack further down the trace after the above mentioned exceptions. this exception would always be present in the traces. There should be additional information and possibly an error given further down.

Regards,

David

dm_mukunthan
Explorer
‎05-14-2014 11:54 AM
0 Kudos

Hi,

I  have added the log file downloaded for reference.

Regards

Mukunthan

sso.txt.zip
davefitzgibbon
Advisor
Advisor
‎05-14-2014 12:00 PM
0 Kudos

Hi Mukunthan,

From the  traces taken, I cannot see the issue as this message
is shown in the failure of SPNego
"SPNego authentication has failed during previous attempt."

This means there is still references in the cache. Please clear the browser cache then close all browser sessions.

Take a new trace and attach here.

Some recommendation:

Try changing the mapping to the following

Mapping Mode = Principle Only

Source = Login ID

Also Adjust the ticket stack and add an addiontiona CreateTicketLoginModule after

3. com.sap.security.core.server.jaas.SPNegoLoginModule

Remove com.sap.engine.services.security.server.jaas.ClientCertLoginModule if not required

Regards,

David

dm_mukunthan
Explorer
‎05-14-2014 1:14 PM
0 Kudos

Hi,

I tried the additional suggestions provided by you, still not working. I have enclosed the fresh trace.

Regards

Mukunthan

sso_1.txt.zip
davefitzgibbon
Advisor
Advisor
‎05-14-2014 1:37 PM
0 Kudos

Hi Mukunthan,

Now I can see why the SPNego is failing. The following error is written to the traces.

NTLM token received in authorization header

This message tells us that the system is receiving an invalid token and cannot process it. This issue is actuallyoutside of the SPNego configuration and is caused by a
problem on the Client side or domain controller.

Please have a look at the following KBA regarding this

1649110 - SPNego for Kerberos Authentication: NTLM token received in
authorization header

Please try the suggestions given there to resolve or at least figure
out as to why this is happening.

Regards,

David

former_member188433
Participant
‎06-16-2015 7:00 PM
0 Kudos

Hello Mukunthan - I just completed a fresh install of NW 7.4 Portal and I am seeing the same error with SPNego.  Were you able to resolve your issue?  If so do you recall how the issue was fixed?
Best Regards - Jeff

davefitzgibbon
Advisor
Advisor
‎05-13-2014 7:36 PM
0 Kudos

Hi Mukunthan,

To get more information on why SS0 is failing, you should capture traces with the webdiagtool trace as per note 1045019.

If you are using an NW AS Java 7.3 system then use the Security Troubleshooting wizard from note 1332726.

After you capture the traces, you can let us know here what details are written.

Regards,

David

Show replies
Show replies
dm_mukunthan
Explorer
‎05-14-2014 11:07 AM
0 Kudos

Hi,

Following is the log trace. I am using AS JAVA 7.4. From security trouble shooting wizard, i pulled the trace.

Trace as follows

Can't map exception.

[EXCEPTION]

com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user.

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:131)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:280)

at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:876)

at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:453)

at com.sapportals.portal.prt.service.hook.SecurityHookService.doNodeHook(SecurityHookService.java:151)

at com.sapportals.portal.prt.connection.PortalHook.doNodeHook(PortalHook.java:383)

at com.sap.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:136)

at com.sap.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:49)

at com.sap.portal.prt.pom.PortalNode.createComponentNode(PortalNode.java:270)

at com.sap.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:445)

at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:202)

at com.sap.portal.prt.dispatcher.DispatcherServlet.service(DispatcherServlet.java:132)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)

at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)

at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)

at com.sap.portal.prt.dispatcher.CustomHeaderFilter.doFilter(CustomHeaderFilter.java:58)

at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)

at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:334)

at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:490)

at com.sap.portal.navigation.Gateway.service(Gateway.java:161)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)

at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)

at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)

at com.sap.portal.http.EnrichNavRequestFilter.doFilter(EnrichNavRequestFilter.java:49)

at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)

at com.sap.portal.prt.dispatcher.CustomHeaderFilter.doFilter(CustomHeaderFilter.java:58)

at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:432)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)

at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:278)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)

at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)

at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)

at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)

at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)

at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)

at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)

at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)

Caused by: javax.security.auth.login.LoginException: Trigger SPNEGO authentication.

at com.sap.security.core.server.jaas.SPNegoLoginModule.initialStateException(SPNegoLoginModule.java:366)

at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:173)

at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:66)

... 64 more

Regrds

Mukunthan

Ask a Question