Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAML with MYSAPSSO2 cookie

Go to solution
Former Member

‎02-20-2008 5:14 PM

0 Kudos

Hi,

We are trying to setup SAML authentication with a J2EE engine (7.00). We are browsing to an application with a jsp page. On this application I put the SAMLLoginModule on. This jsp page does a redirect a bsp page on ABAP (/sap/bc/echo), with basic authentication the sso between the J2EE and ABAP works. But when I try to authenticate with SAML the SSO isn't working, I get a popup to authenticate in ABAP, also no MYSAPSSO2 cookie in the browser. Does anybody now how we need to configure the Login Modules for this application?

Current setup:

SAMLLoginModule sufficent {AcceptedAuthenticationMethods=*, Mode=Standalone}

CreateTicketLoginModule sufficent {ume.confiugration=true}

EvaluateTicketLoginModule sufficent {ume.confiugration=true}

BasicPasswordLoginModule requisite {}

CreateTicketLoginModule sufficent {ume.confiugration=true}

Thanks in advance

Steven

1 ACCEPTED SOLUTION

Go to solution
tim_alsop
Active Contributor

‎02-20-2008 5:20 PM

0 Kudos

>

> SAMLLoginModule sufficent {AcceptedAuthenticationMethods=*, Mode=Standalone}

> CreateTicketLoginModule sufficent {ume.confiugration=true}

> EvaluateTicketLoginModule sufficent {ume.confiugration=true}

> BasicPasswordLoginModule requisite {}

> CreateTicketLoginModule sufficent {ume.confiugration=true}

Instead of above, I suggest you try:

EvaluateTicketLoginModule sufficent {ume.confiugration=true}

SAMLLoginModule optional {AcceptedAuthenticationMethods=*, Mode=Standalone}

CreateTicketLoginModule sufficent {ume.confiugration=true}

BasicPasswordLoginModule requisite {}

CreateTicketLoginModule optional {ume.confiugration=true}

Thanks,

Tim

3 REPLIES 3

Go to solution
tim_alsop
Active Contributor

‎02-20-2008 5:20 PM

0 Kudos

>

> SAMLLoginModule sufficent {AcceptedAuthenticationMethods=*, Mode=Standalone}

> CreateTicketLoginModule sufficent {ume.confiugration=true}

> EvaluateTicketLoginModule sufficent {ume.confiugration=true}

> BasicPasswordLoginModule requisite {}

> CreateTicketLoginModule sufficent {ume.confiugration=true}

Instead of above, I suggest you try:

EvaluateTicketLoginModule sufficent {ume.confiugration=true}

SAMLLoginModule optional {AcceptedAuthenticationMethods=*, Mode=Standalone}

CreateTicketLoginModule sufficent {ume.confiugration=true}

BasicPasswordLoginModule requisite {}

CreateTicketLoginModule optional {ume.confiugration=true}

Thanks,

Tim

Go to solution
Former Member

‎02-20-2008 7:51 PM

0 Kudos

Hi Tim,

Thanks for your help it's working now. Can you give some more info why it should be configured like this?

br

Steven

Go to solution
tim_alsop
Active Contributor
In response to Former Member

‎02-20-2008 8:00 PM

0 Kudos

I am pleased I was able to help you.

The main issue with your previous login module stack was that you didn't have the EvaluateTicketLoginModule at the start, so if an SSO2 ticket was already issued and passed to J2EE Engine, it was not being recognising and was therefore trying to authenticate again. I also changed a few params to ensure that login tickets are created only after successful authentication, either using BasicPassword or SAML.

Thanks,

Tim