07-29-2007 11:27 PM
We have a custom J2EE application deployed as an ear on SAP Netweaver. In order to test the authentication stack we carried out the following tests:
Test1 - Successful) BasicPasswordLoginModule authetication is working fine when configured without SPNego.
Test2 - Successful) SPNegoLoginModule is working fine as well.
Test3 - Failed) SpNego is configured with BasicPasswordLoginModule as a fall back. In this scenario, "Enable Windows Integrated Authentication" check is disabled on the browser so that SPNego can fail and BasicPassword authentication is used. But a 401 unauthorized error is thrown by the J2EE engine. The stack has the following configuration:
1) EvaluateTicketLoginModule SUFFICIENT
2) SPNegoLoginModule OPTIONAL
3) CreateTicketLoginModule SUFFICIENT
4) BasicpasswordLoginModule REQUISITE
5) CreateTicketLoginModule REQUISITE
When "Enable Windows Integrated Authentication" is turned on SPNego kicks in and authentication is successful.
Can you suggest why BasicPasswordLoginModule can be failing ?
Thanks,
- Shankar
10-04-2007 3:43 PM
Hi,
Try by replacing the positions of BasicPasswordLoginModule and SPNegoLoginModule in the stack. The flags should remain the same - means second login mdoule with flag OPTIONAL and fourth with REQUISITE. Let me know if this works.
Regards,
Dimitar