Solved: SSO via LDAP doesn't work for some users

Former Member · ‎01-29-2015

Hello,

Other users that are in same LDAP are able to access the portal directly, but on some computers the users are not able to login at all.

The attached screenshot is visible to them and even if they add the correct user/pass it doesn't work.

Log Viewer for first attempt to login

LOGIN.FAILED
User: N/A
IP Address: 164.139.15.21
Authentication Stack: ticket
Authentication Stack Properties:

Login Module                                                               Flag        Initialize Login      Commit     Abort      Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT ok          false      false      true
2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   OPTIONAL    ok          false      false      true
3. com.sap.security.core.server.jaas.CreateTicketLoginModule               SUFFICIENT ok          false      false      true
        #1 ume.configuration.active = true
4. com.sap.security.core.server.jaas.SPNegoLoginModule                     REQUISITE   ok          true       true       true
5. com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok          true       exception true       String index out of range: -1
        #1 ume.configuration.active = true
6. de.mgi.np.logon.language.module.SetLanguageLoginModule                  OPTIONAL    ok          true                  true
        #1 DATASOURCE = INITIAL_USER_LANGUAGE
        #2 DEFAULT_LANGUAGE = en
        #3 SHARED_STATE_USER_NAME_PARAM1 = javax.security.auth.login.name
        #4 SHARED_STATE_USER_NAME_PARAM2 = sap.security.auth.refresh.done
No logon policy was applied

Login module com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl from authentication stack ticket errors while authenticating the caller. Most probably the authentication stack is not set up correctly.

Log Viewer on second attempt after adding the correct username/password

LOGIN.FAILED
User: Correct LDAP username

IP Address: 164.139.15.21
Authentication Stack: ticket
Authentication Stack Properties:

Login Module                                                               Flag        Initialize Login      Commit     Abort      Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT ok          false      false      true
2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   OPTIONAL    ok          true       true       true
3. com.sap.security.core.server.jaas.CreateTicketLoginModule               SUFFICIENT ok          true       exception true       String index out of range: -1
        #1 ume.configuration.active = true
4. com.sap.security.core.server.jaas.SPNegoLoginModule                     REQUISITE   ok                                true
5. com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok                                true
        #1 ume.configuration.active = true
6. de.mgi.np.logon.language.module.SetLanguageLoginModule                  OPTIONAL    ok                                true
        #1 DATASOURCE = INITIAL_USER_LANGUAGE
        #2 DEFAULT_LANGUAGE = en
        #3 SHARED_STATE_USER_NAME_PARAM1 = javax.security.auth.login.name
        #4 SHARED_STATE_USER_NAME_PARAM2 = sap.security.auth.refresh.done
No logon policy was applied

Thank you and best regards,

Cristian Manoliu

martin_voros · ‎01-29-2015

Hi,

seems like SSO cookie generation is failing. Maybe note 2082773 - SSO Logon Fails If the Original URL Cookie is Empty. Or search for similar ones on market place.

Cheers

martin_voros · ‎01-29-2015

Hi,

seems like SSO cookie generation is failing. Maybe note 2082773 - SSO Logon Fails If the Original URL Cookie is Empty. Or search for similar ones on market place.

Cheers