cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JAAS login module

Former Member

on ‎07-25-2005 1:34 PM

0 Kudos

Hello all, I'm having a problem with authentication. I hava a jaas Login Module that authenticates users against a db. After some work I could configure it and got it working. But, even my Login Module works fine, after validating an user I get the exception:

Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: User not authorized.

at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:223)

at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:324)

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)

at javax.security.auth.login.LoginContext.login(LoginContext.java:534)

at com.lumina.security.jaasrbac.SecurityFacade.authenticate(SecurityFacade.java:119)

... 51 more

Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: User is locked.

at com.sap.engine.services.security.server.jaas.CheckAction.checkUserLockStatus(CheckAction.java:181)

at com.sap.engine.services.security.server.jaas.CheckAction.run(CheckAction.java:58)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.services.security.server.jaas.LoginModuleHelperImpl.checkUserLockStatus(LoginModuleHelperImpl.java:116)

at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:175)

... 63 more

This happens after my login module is invoked and succeeds authenticating an user.

Is it really necessary to have a copy of the user data in the UME store?

Thanks,

Juan Manuel

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎08-05-2005 1:10 PM
0 Kudos

Hi Bhavik,

I don't know if that class is the right one. A valid jaas login module has to implement javax.security.auth.spi.LoginModule

I developed the login module I use because I need to check certain restrictions during authentication time.

Hope this can help you.

Regards,

Juan Manuel

Show replies
Show replies
Former Member
‎08-05-2005 1:28 PM
0 Kudos

Hi Juan,

Can you share your login module with me so that i can check whether mine is correct or not.

I will give you my login module, so that you can also take a look to my login module.

My mail address is devisha_bhavik@yahoo.com

Regards,

Bhavik

Former Member
‎07-28-2005 2:21 PM
0 Kudos

Hi Bhavik,

I know the error says that the user is locked but my login module authenticates it with no problem. That error is thrown after my login module is called. I don't know if the app server is trying to validate the user against the UME store (which I don't want to).

Regards,

Juan Manuel

Show replies
Show replies
Former Member
‎07-26-2005 8:46 PM
0 Kudos

Hi Bhavik,

You have to use the VisualAdministrator tool.

These are the steps I did (or I think I did):


    1) I created a library whith Developer Studio which contained the Login Module implementing class and its dependencies.
    2) Deployed it to J2EE engine
    3) Using Visual Administrator go to security provider (J2E/Server0/services)
    4) Click UserManagement tab
    5) Click Manage Security Stores button
    6) Click Add Login Module button
    7) Click Ok in the first dialog that appears
    😎 Fill the required data in the add Login Module dialog (className of the Login Module implementation,disply name, description and options (if any, iex: debug=true)
    9) Click Ok
    10)Click policy Configurations tab
    11) Click add button (bottom of the component's panel)
    12) Enter the name for the new policy configuration (I think it must be the same name you use in your application code when you refer to the login module) and click ok
    13) Now, the new configuration appears in the components list. Click on it
    14) Click 'add new' button which is at the bottom of the authentication tab (right panel)
    15) Select the login module you created in 😎 and click ok
    16) In the authentication tab appears the login module you have created. There you can the right flag you desire for your login module (optional, required, requisite,sufficient)
    17) Click the Properties tab next to Runtime tab
    18) Click on property LoginModuleClassLoaders
    19) Modify this property value to: library:libraryName (where libraryName is the name you deployed your login module library classes in step 2) )
    20) Restart J2EE engine

Regards,

Juan Manuel

Show replies
Show replies
Former Member
‎07-28-2005 10:11 AM
0 Kudos

Hi Juan,

Thanks for prompt reply.

I will do this and let you know.

And for your problem, error says that your User ID is locked. So, you have to unlock that user id.

Thanks,

Bhavik

Former Member
‎08-02-2005 12:37 PM
0 Kudos

Hi Juan,

As you said in earlier post that we need to add our own login module in Visual administrator.

So, whether this login module is already available for Kerberoc ticket on net or in WAS, or we have to write code for that and then we can import in visula administrator?

What configurations are required at ADS or Domain controller side?

I heard that Kerberoc login module is available in WAS SP12. But i have checked on my WAS server and i can't get anything similar.

So, where i need to see for that?

Thanks,

Bhavik

Former Member
‎08-05-2005 10:44 AM
0 Kudos

Hi Juan,

As you have suggested, I followed all the steps.

For login module class, I found one class named krb5loginmodule.java file in Jdk 1.4. I have used that file as my kerberos loginmodule.

Is that file correct as login module? Or i need other things also with this, to deploy on the Server?

Please help me if you are knowing this.

Thanks in advance,

Bhavik

Former Member
‎07-26-2005 5:55 AM
0 Kudos

Hi Juan,

How you have configured JAAS login module?

Even i want to use JAAS login module for Kerbarose tickets. But i dont know how to use and configure it.

Is it available in WAS SP12?

Thnaks in Advance,

Bhavik

Show replies
Show replies
Ask a Question