02-20-2008 5:14 PM
Hi,
We are trying to setup SAML authentication with a J2EE engine (7.00). We are browsing to an application with a jsp page. On this application I put the SAMLLoginModule on. This jsp page does a redirect a bsp page on ABAP (/sap/bc/echo), with basic authentication the sso between the J2EE and ABAP works. But when I try to authenticate with SAML the SSO isn't working, I get a popup to authenticate in ABAP, also no MYSAPSSO2 cookie in the browser. Does anybody now how we need to configure the Login Modules for this application?
Current setup:
SAMLLoginModule sufficent {AcceptedAuthenticationMethods=*, Mode=Standalone}
CreateTicketLoginModule sufficent {ume.confiugration=true}
EvaluateTicketLoginModule sufficent {ume.confiugration=true}
BasicPasswordLoginModule requisite {}
CreateTicketLoginModule sufficent {ume.confiugration=true}
Thanks in advance
Steven
02-20-2008 5:20 PM
>
> SAMLLoginModule sufficent {AcceptedAuthenticationMethods=*, Mode=Standalone}
> CreateTicketLoginModule sufficent {ume.confiugration=true}
> EvaluateTicketLoginModule sufficent {ume.confiugration=true}
> BasicPasswordLoginModule requisite {}
> CreateTicketLoginModule sufficent {ume.confiugration=true}
Instead of above, I suggest you try:
EvaluateTicketLoginModule sufficent {ume.confiugration=true}
SAMLLoginModule optional {AcceptedAuthenticationMethods=*, Mode=Standalone}
CreateTicketLoginModule sufficent {ume.confiugration=true}
BasicPasswordLoginModule requisite {}
CreateTicketLoginModule optional {ume.confiugration=true}
Thanks,
Tim
02-20-2008 5:20 PM
>
> SAMLLoginModule sufficent {AcceptedAuthenticationMethods=*, Mode=Standalone}
> CreateTicketLoginModule sufficent {ume.confiugration=true}
> EvaluateTicketLoginModule sufficent {ume.confiugration=true}
> BasicPasswordLoginModule requisite {}
> CreateTicketLoginModule sufficent {ume.confiugration=true}
Instead of above, I suggest you try:
EvaluateTicketLoginModule sufficent {ume.confiugration=true}
SAMLLoginModule optional {AcceptedAuthenticationMethods=*, Mode=Standalone}
CreateTicketLoginModule sufficent {ume.confiugration=true}
BasicPasswordLoginModule requisite {}
CreateTicketLoginModule optional {ume.confiugration=true}
Thanks,
Tim
02-20-2008 7:51 PM
Hi Tim,
Thanks for your help it's working now. Can you give some more info why it should be configured like this?
br
Steven
02-20-2008 8:00 PM
I am pleased I was able to help you.
The main issue with your previous login module stack was that you didn't have the EvaluateTicketLoginModule at the start, so if an SSO2 ticket was already issued and passed to J2EE Engine, it was not being recognising and was therefore trying to authenticate again. I also changed a few params to ensure that login tickets are created only after successful authentication, either using BasicPassword or SAML.
Thanks,
Tim