cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot load login module in SAP WAS 6.40 SP12

Former Member
0 Kudos

I have developed a custom login module per the documentation in the SAP Help Portal and deployed it from the SAP NetWeaver Developer Studio to SDM successfully. I've configured the J2EE Engine to use this module per the documentation. After restarting the application server with the custom login module, I cannot login to the portal at all due to a ClassNotFoundException on my custom login class (com.ugs.sap.webkey.WebKeySso).

I'm not sure why this is happening. I've added the JAR to the library project per the documentation. My library project that was deployed to SDM is called WebKeySsoForSapLib. I added "library:WebKeySsoForSapLib" to the LoginModuleClassLoaders property in the Config Tool per the documentation.

I saw another post with this very same problem but no resolution. Does anyone have a solution to this? Points will be awarded.

The documentation to which I refer can be found at http://help.sap.com/saphelp_nw04/helpdata/en/f8/9636eedafe8b4589cd6e9e4e73fd3c/frameset.htm

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi

What is the best way to debug a custom login module?? Is there anyway to put a break point in the custom login module class? Please advise!

Thank you.

Former Member
0 Kudos

It turns out the problem was that when creating the login module library in the SAP NetWeaver Developer Studio, I changed the <b>Provider Name</b> property in the provider.xml file from the default "sap.com" to "mycompany.com" without realizing the impact this would have when configuring the login module in the Visual Administrator.

Turns out that if you change the <b>Provider Name</b> it will be prepended to your module's name when deployed to the J2EE Engine. So, if your module name is "MyLoginModule" and your <b>Provider Name</b> is "mycompany.com" then your module will be deployed in a directory called "mycompany.comMyLoginModule" and this is the value you must reference in the <b>LoginModuleClassLoaders</b> property (in Visual Administrator or Config Tool). Note that you must prefix this value with "library:" when setting the <b>LoginModuleClassLoaders</b> property. Thus, for this example, you would have a value of "library:mycompany.comMyLoginModule" for the <b>LoginModuleClassLoaders </b>property.

I have yet to find any documentation that specifies this, but after filing a note with SAP we were able to deduce it from the response we received. None of the Help files or Tutorials that I worked with made any mention of this little fact. I specifically looked at the "Custom Login Module" Tutorial (version 1.00, August 2, 2004) and the "How to Set Up Single Sign-On Between an IBM WebSphere Portal and the SAP Enterprise Portal Using JAAS" paper (March 2005). Neither document tells you to change the default <b>Provider Name</b> value, so they are not inaccurate, they just fail to mention what happens if you change it.

Former Member
0 Kudos

Eric,

Thank you, for posting how you were able to fix the problem. We were running into the same problem, your post was able to guide me to the right direction. I wish more ppl would post the solution, once they resolve the issue.

Ketul Shah.

Former Member
0 Kudos

hi ketul and eric,

besides the provider-name, was there anything else that you can recall might cause the error?

i'm having the same exact issue, and like eric have followed all the procedures to the letter. my provider-name is sap.com, so something else is unfortunately the cause.

Former Member
0 Kudos

Hi,

check, whether your library (which contains your logon-module-class) is deployed correctly on your WebAS640-Server, and make sure you use the correct name of the library:

Use the VisualAdministrator, server-->libraries: There you should find your newly deployed library listed with the name you have specified in the property "display-name" in the "provider.xml"-file of your library-project.

Click on this library, and you should find your "jar-file" listed in the right box "JARS contained".

On top of this view, you find the library-name you need to use when pointing the class-loader to your lib; you just have to add the string "library:" before.

So you end up with something like: library:<the value you find in "library-name" of your deployed lib>

hope that helps

Josef

Former Member
0 Kudos

hi josef,

thanks for elaborating. however i discovered the cause of my problem and it was to do with my LoginContext calling the login module instead of the login module stack.

Former Member
0 Kudos

hi Eric,

we are also using custom Login Modules in our Web application.

I've got a question concerning custom LoginModules.

I hav read all the documents in SAP Library regarding creating LoginModule, making library and registering it on SAP J2EE engine.

I hav implemented a LoginModule as part of an application by using standard java interface <b>"LoginModule".</b>

I don't want it to implement interface <b>"AbstractLoginModule"</b> which is provided by SAP.

public class TestLoginModule  implements LoginModule
{//...}

1.Now where can i mention the Login configuration information? for example

MyLoginModule
{
	com.mypackage.auth.TestLoginModule 
	required 
	debug="true" 
	serviceName="SecurityService";
};

2. is ther any <b>.config</b> to mention this Login information?

I found out <b>"fallback.config"</b> file which is in dir D:\usr\sap\J2E\JC00\j2ee\cluster\server0\temp\security.

Is this file helpful for me.

3. Steps i done are as follows,

1) I created the library <b>MyLoginModuleLibrary</b> for the TestLoginModule and deployed it on J2EE engine.

2) Then deployed my web application.

3) Create entry for my login module in Visual Administartor ->Security Service Provider.

4) I also added my LoginModule to LoginModule stack for my web application.

5)Now i m refering this LoginModule in my servlet page as

CallbackHandler callbackHandler = new MyCallbackHandler(userName, password);
LoginContext loginContext = new LoginContext("MyLoginModule", callbackHandler);

But at second line it is giving <b>Exception :</b>

javax.security.auth.login.LoginException: No LoginModules configured for MyLoginModule 
at javax.security.auth.login.LoginContext.init(LoginContext.java:189)

Can u plz help me, i caant able to go forward without this.

Former Member
0 Kudos

Have u add the library to LoginModulesClassLoader?

Follow all the steps in:

https://websmp101.sap-ag.de/~sapidb/011000358700003517632004E.PDF

I'm trying to make a little application works. It has two parts: a little client and a server part which runs on a jboss server, and comunicates between them using JAAS + SSL.

It's a compiled application, so I cannot debug it, only the jdk classes it calls. It uses an "auth.conf" file. The client is a little class that works perfectly alone if I run it in a java project, without the messing sap JAAS implementation.

I managed to apply this configuration into the security service of WAS, following the steps in the above pdf, using jboss-client.jar as the library with the login module, and org.jboss.security.ClientLoginModule as the login module.

I'm trying to include the client class into a web service developed for my WAS, packing the class and its library with my ear.

But when it tries to do the authentication, sometimes it uses:

org.jboss.security.ClientLoginModule (that's the correct class) but throws a "User is locked" exception.

Have I need to create the user who I use to connect to the other jboss server in my was UME ? This has no sense. Anyway doesn't work either.

Other times (withouth changing anything) it uses:

com.sap.engine.system.SystemLoginModule

and throws this exception:

com.sap.engine.services.security.exceptions.BaseLoginException: Call logout before login

I'm desperate. I'm having nightmares trying to integrate things which works in every application server in WAS. Why couldn't they simply follow the standard!?!?

I'm thinking in installing a tomcat with the client, and use axis to wrap it with a proxy I can consume from my WAS. But I think this is an horrible solution.

Any idea? I can't go forward.