on 07-25-2005 1:34 PM
Hello all, I'm having a problem with authentication. I hava a jaas Login Module that authenticates users against a db. After some work I could configure it and got it working. But, even my Login Module works fine, after validating an user I get the exception:
Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: User not authorized.
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:223)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at com.lumina.security.jaasrbac.SecurityFacade.authenticate(SecurityFacade.java:119)
... 51 more
Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: User is locked.
at com.sap.engine.services.security.server.jaas.CheckAction.checkUserLockStatus(CheckAction.java:181)
at com.sap.engine.services.security.server.jaas.CheckAction.run(CheckAction.java:58)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.server.jaas.LoginModuleHelperImpl.checkUserLockStatus(LoginModuleHelperImpl.java:116)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:175)
... 63 more
This happens after my login module is invoked and succeeds authenticating an user.
Is it really necessary to have a copy of the user data in the UME store?
Thanks,
Juan Manuel
Hi Bhavik,
I don't know if that class is the right one. A valid jaas login module has to implement javax.security.auth.spi.LoginModule
I developed the login module I use because I need to check certain restrictions during authentication time.
Hope this can help you.
Regards,
Juan Manuel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bhavik,
I know the error says that the user is locked but my login module authenticates it with no problem. That error is thrown after my login module is called. I don't know if the app server is trying to validate the user against the UME store (which I don't want to).
Regards,
Juan Manuel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bhavik,
You have to use the VisualAdministrator tool.
These are the steps I did (or I think I did):
1) I created a library whith Developer Studio which contained the Login Module implementing class and its dependencies.
2) Deployed it to J2EE engine
3) Using Visual Administrator go to security provider (J2E/Server0/services)
4) Click UserManagement tab
5) Click Manage Security Stores button
6) Click Add Login Module button
7) Click Ok in the first dialog that appears
😎 Fill the required data in the add Login Module dialog (className of the Login Module implementation,disply name, description and options (if any, iex: debug=true)
9) Click Ok
10)Click policy Configurations tab
11) Click add button (bottom of the component's panel)
12) Enter the name for the new policy configuration (I think it must be the same name you use in your application code when you refer to the login module) and click ok
13) Now, the new configuration appears in the components list. Click on it
14) Click 'add new' button which is at the bottom of the authentication tab (right panel)
15) Select the login module you created in 😎 and click ok
16) In the authentication tab appears the login module you have created. There you can the right flag you desire for your login module (optional, required, requisite,sufficient)
17) Click the Properties tab next to Runtime tab
18) Click on property LoginModuleClassLoaders
19) Modify this property value to: library:libraryName (where libraryName is the name you deployed your login module library classes in step 2) )
20) Restart J2EE engine
Regards,
Juan Manuel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Juan,
As you said in earlier post that we need to add our own login module in Visual administrator.
So, whether this login module is already available for Kerberoc ticket on net or in WAS, or we have to write code for that and then we can import in visula administrator?
What configurations are required at ADS or Domain controller side?
I heard that Kerberoc login module is available in WAS SP12. But i have checked on my WAS server and i can't get anything similar.
So, where i need to see for that?
Thanks,
Bhavik
Hi Juan,
As you have suggested, I followed all the steps.
For login module class, I found one class named krb5loginmodule.java file in Jdk 1.4. I have used that file as my kerberos loginmodule.
Is that file correct as login module? Or i need other things also with this, to deploy on the Server?
Please help me if you are knowing this.
Thanks in advance,
Bhavik
Hi Juan,
How you have configured JAAS login module?
Even i want to use JAAS login module for Kerbarose tickets. But i dont know how to use and configure it.
Is it available in WAS SP12?
Thnaks in Advance,
Bhavik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
78 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.