on 06-02-2005 9:52 PM
Hi guys,
I've got problem with EP 6.4 SP9 configuration, maybe somebody could help.
I'm trying to configure my Portal to client certificate authentication.
In particular, I'd like login to Portal automatically, without entering userlogin and password. I'd like all required credentials will be in my client certificate.
I've made all necessary configuration (SSL, certificates, logon stack, etc.) and almost everything is fine.
When I try to connect to portal main page via https, the certificate authentication on SSL level is performed successfully, but instead of the portal main page I got the portal login page with error message: "User authorisation failed" and info, that when I type user and password they will be mapped to certificate.
Login is ok, and I get to portal main page, but when I try to login next time I got the same page with error message.
The system security log says:
***********************************************
Guest | LOGIN.ERROR | NONE = null | | Login Method=[default], UserID=[null], IP Address=[10.90.1.92], Reason=[Access Denied!]
***********************************************
The default trace log says:
***********************************************
doLogon failed Exception : javax.security.auth.login.LoginException: USER_AUTH_FAILED
-
[BEGIN] Exception -
javax.security.auth.login.LoginException: USER_AUTH_FAILED
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:304)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:344)
at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:126)
at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:178)
at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
at java.security.AccessController.doPrivileged(Native Method)
at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:153)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:290)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:346)
at com.sap.portal.navigation.Gateway.service(Gateway.java:68)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:385)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:263)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:340)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:318)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:821)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:239)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:147)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:37)
at com.sap.engine.core.cluster.impl6.session.UnorderedChannel$MessageRunner.run(UnorderedChannel.java:71)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:94)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:162)
-
[ END ] Exception -
***********************************************
Why the system assume that user is Guest???!!!
Regards,
Marcin
I have seen this problem before. A couple of questions. Which system is your ticket issuing system? After importing the ticket into the keystore, and configuring the login module stacks did you recycle the apps that you configured the login module stacks for?
For example if you configured login module stacks for the web dynpro dispatcher, you would want to recycle that application within the deploy service.
Regards,
Steven Jones
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Have you seen this?
http://help.sap.com/saphelp_erp2004/helpdata/en/20/361941edd5ef23e10000000a155106/frameset.htm
Looks like maybe a Guest account mapping issue?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Somckit,
Thanks for link - the "Logon failed" topic actually says about similar problem, but I havn't found there the solution of my problem.
Maybe the log data will be helpful:
***********************
Guest | LOGIN.ERROR | NONE = null | | Login Method=[default], UserID=[null], IP Address=[10.90.1.92], Reason=[Access Denied!]
Cannot log info about the logon attempt because the user name is null.
No user name provided.
Cannot log info about the logon attempt because the user name is null.
No user name provided.
************************
The interesting and characteristic is that in the log, before the "login error for guest user" entry, I've got repeating entries saying "no user..." and "cannot log..."
Maybe somebody got similar problems?...
Of course I'm not trying to login as Guest. I have client certificate for Administrator user and I'm expecting, that Portal will automatically map my certificate to the user. Why it want to log as Guest??
Regards,
Marcin
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.