cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JAAS Login Module

Former Member

on ‎07-08-2008 5:42 PM

0 Kudos

Hi All,

I am trying to implement JAAS login Module as per the following documentation.

http://help.sap.com/saphelp_nw04s/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/content.htm

However when I configure the same in Visual Admin->Security Provider->Policy Configurations->ticket after the BasicPasswordLoginModule I cannot login with anyuser id not even using administrator.

Please let me know if anything is missing.

Thanks & Regards,

Vanita M.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎07-23-2008 6:44 PM
0 Kudos

Hi,

I tried out all the steps exactly as ypu mentiones.Thanks for such a detailed message.

However i cannot access my JSP page at all in the Mapping-> Add I have added my self as the user however I still cant access it.

Please help me with the same.

Thanks & Regards,

Vanita

Show replies
Show replies
former_member698570
Active Participant
‎07-24-2008 8:21 AM
0 Kudos

Hi,

what does that mean?

Do you get a prompt to login or do you get an error message when trying to access the JSP??

Is your application deployed?

- Start Visual Administrator

- Start Deploy Service

- Choose Runtime TAB and at the bottom of the page Click on Application (Radio Button)

- Navigate to your Application and expand it until you see servlet_jsp and what is underneath. Please tell me what you see here. Also check if the App is running (indicated by blue arrow)

Cheers

Former Member
‎07-24-2008 9:08 PM
0 Kudos

Hi Marcel,

I had made a mistake and hence could not see the JSP page, now i can see the JSP page however my login module is not getting called. Do u have any steps to test that, I have used the standard example in the following link, where if the user id does not have the prefix mentioned in the options in Visual Admin, then a login exception should be thrown.

However my application is getting executed with any user id if i have added it to Security Roles -> Mapping.

http://help.sap.com/saphelp_nw04s/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/content.htm

Please let me know if you have any pointers.

Thanks,

Vanita

former_member698570
Active Participant
‎07-25-2008 5:47 AM
0 Kudos

Hi Vanita,

please adjust the logging as described in my previous posts of this thread.

When done please call your application again and paste the output of the security.log here (Only the part that contains the processing of the login module stack of your application).

Please do also paste the exact URL you are using to access your application (including all URL Parameters)

Cheers

former_member698570
Active Participant
‎07-11-2008 3:19 PM
0 Kudos

Hi,

did you implement everything exactly as described in the doc or did you make some changes (e.g. use different vendor etc.)

Are you sure your new module is loaded (Check for errors in the tracefile)?

If everything is ok you should adjust the severity for JAAS in the Log Configurator Service to make sure that you can see what is going on when trying to login!

Start Log Configurator Service > Locations and adjust the severity for the locations

- com.sap.security.server.jaas

- com.sap.engine.services.security

Have a look at the security log while performing the login and post the output here so I can assist you

Maybe for testing you should use your own custom application and create a custom logon stack. This assures that it will not interfere any other portal application

Cheers

Show replies
Show replies
Former Member
‎07-11-2008 6:15 PM
0 Kudos

Hi Marcel ,

Thanks for your reply.

I did change one thing the flag for the custom module was changed from SUFFICIENT to REQUISITE. Now when i change it back to SUFFICIENT I can login for any id into portal, so basically it looks like my module is not getting executed.

Once i have attached my module to ticket in Security Profile is there any other way to test it.

Thanks & Regards,

Vanita M

former_member698570
Active Participant
‎07-14-2008 9:30 AM
0 Kudos

Hi Vanita,

how does your logon module stack exactly look like?

Did you change the severity of the mentioned log locations? Please do as suggested and paste the trace from the security log here so I can have a look at it. It's the best way to see what exactly happens during logon.

As I said. The best way to test is to create a custom very basic application (it's enough if it just contains a jsp with "hello world" in it). All you have to do is configure the security constraints so you can configure the modules for the application. When deployed you can adjust the logon module stack of the app as desired.

Cheers

Former Member
‎07-18-2008 5:41 PM
0 Kudos

Hi Marcel,

Thank you so much for your help!

I am a lil confused can you give an example with steps.Looks like i am missing out on something.

Thanks,

Vanita M.

former_member698570
Active Participant
‎07-21-2008 9:40 AM
0 Kudos

Hi,

do you need steps on howto create a custom application or steps on howto change the severity of the log locations?

Cheers

Former Member
‎07-21-2008 3:35 PM
0 Kudos

Hi,

Just to make sure i am not missing out on anythg would it be possible to provide an example and steps for both?

I basically need to create a login module that can authenticate the user and then change its ID to another user.

I have also tried to change authschemes.xml with my Login Module however the new login module does not appear for a particular iView.

Thanks for your help!

Vanita.

former_member698570
Active Participant
‎07-23-2008 9:37 AM
0 Kudos

Hi vanita,

so here are the steps (I hope you have NWDS installed on your machine!):

Steps to create a custom very basic and simple application

- Open NWDS (We Create our EAR Project first)

- Choose File > New > Project

- Choose J2EE > Enterprise Application Project

- Define Project Name (e.g. MyTestApp)

- Open application-j2ee-engine.xml

- Choose Gneral TAB and define Vendor Name if desired (default ist sap.com) => You can set it to your company domain e.g. com.yourdomain

- Choose File > New > Web Module Project (We create our Web Module Project now)

- Define a name for your Web Module (e.g. MyTestWebApp)

Now we link EAR and Web Module

- Right Click on the previously created EAR Project (MyTestApp)

- From the Context Menu choose "Add Modules"

- From the list in the opening Dialog Box Choose your previously create Web Module (MyTestWebApp)

Now we create a sample JSP within our Web Module

- Expand MyTestWebApp

- Right Click on the webContent Folder and Choose New > File

- Define the Filename (e.g. index.jsp)

- Edit the Source Code of your JSP and enter the following Code

<div>
This is a Test Web Application
</div>

- Open the web.xml of your Web Module Project (you find it under WEB-INF)

- Make sure that your jsp is configured in the welcome-file-list (see Source of web.xml)

- In order to use authentication (use Login Modules in the Login Module Stack) you will have to define some Security Constraints and at least one Security Role(e.g. Default Security Role)

To make this short:

Use the following Code for your web.xml and replace it with yours:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
	<display-name>WEB APP</display-name>
	<description>WEB APP description</description>
	<welcome-file-list>
		<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>
	<security-constraint>
		<display-name>My Test Web APP Protected Area</display-name>
		<web-resource-collection>
			<web-resource-name>WebResource</web-resource-name>
			<url-pattern>/*</url-pattern>
			<http-method>GET</http-method>
			<http-method>POST</http-method>
		</web-resource-collection>
		<auth-constraint>
			<role-name>DefaultSecurityRole</role-name>
		</auth-constraint>
	</security-constraint>
	<security-role>
		<role-name>DefaultSecurityRole</role-name>
	</security-role>
</web-app>

Now we BUILD our app

- Right Click on your Web-Module and choose "Build WEB Archive" => After generation the message "WAR generation has finished successfully"

- Right Click on Enterprise Application and choose "Build Application Archive" => After generation the message "EAR generation has finished successfully"

Deploy

You can deploy the EAR directly from NWDS or you can use Visual Admin > Deploy Service to do this. From NWDS is much faster (Make sure your SDM is running)

- Choose Window > Preferences in NWDS

- Choose "SAP J2EE Engine is insalled on remote host"

- Enter the Message Server Host (Your J2EE Engine Hostname) and Message Server Port (should be 39 and your Instance No +1 so if your Instance No. is 00 (default) you should use 3901)

=> If 3901 does not work you will have to find out the Message Server Port of your engine by calling the SystemInfo of your engine

http://<yourengine>:<yourport>/sap/monitoring/SystemInfo

In the top left corner you can see the Message Server Port (use the one displayed here!)

- Click Apply and OK

- Now right click the created EAR File (MyTestApp.ear) and choose "Deploy to J2EE engine" from the Context Menu

You will be asked for the SDM Password

- Type the password and your app will be deployed to J2EE

Now we have to add any Group or User to the Default Security Role so we can authenticate

- Open Visual Admin

- Start the Security Provider Service

- In the Policy Configurtations > Component List choose your application (com.domain/MyTestApp... if you specified a custom vendor, otherwise sap.com/MyTestApp...)

- Open the Security Roles Tab (In the List you should see the DefaultSecurityRole)

- For test purposes add a User by Clicking the Mappings > Users > Add Button on the right side of the screen

- Add an existing user (e.g. your user)

- You are now able to access your Application using the URL

http://<yourhost>:<yourport>/MyTestWebApp/index.jsp

and you should be prompted for authentication

In the Security Provider > Tab Authentication you can now define Login Modules for your application as desired and test them

Now increase the Severity of the Locations as descrived before

- Start Visual Admin

- Open the Log Configurator Service

- On the right side Choose Runtime TAB > Locations TAB

- Browse to com > sap > engine > services > security and on the right side change the Severity to All.

- Click Save and choose "Apply to all "server nodes""

- Repeat the steps for Location com > sap > security > core > server > jaas

You will now be able to see detailled information of the processing of your logon stack and modules in the security log. You find it under

/usr/sap/<SID>/JC<InstanceNO>/j2ee/cluster/serverN/log/system

Hope this helps (Please reward points if helpful )

Cheers

Ask a Question