on 07-01-2015 3:27 PM
Hello everybody,
is anyone able to give me some advice on the following topic?
-----
What I have:
* EP 7.4
* a custom login module (MyOwnLoginModule) which is able to check provided user credentials
* a custom stack which uses:
1. EvaluateTicketLoginModule
2. MyOwnLoginModule
3. CreateTicketLoginModule
I can see this in NWA at "Authentication & single sign on" as a Policy Configuration of type CUSTOM.
The policy configuration is called "com.company.portal.login"
* a custom logon page project which shows a re-branded login page. It is a portal component named "com.company.portal.runtime.logon"
* a custom authschemes.xml which combines the above:
<authscheme name="uidpwdlogon">
<authentication-template> com.company.portal.login </authentication-template>
<priority>20</priority>
<frontendtype>2</frontendtype>
<frontendtarget>com.companx.portal.runtime.logon.certlogon</frontendtarget>
</authscheme>
----
What I want to achieve:
1. User enters http://host:port/irj
2. My CustomLogonPage is displayed
3. user enters credentials and submits form
4. Login Stack is executed, checks userid and password
5. Success!
---
What really happens:
1. User enters http://host:port/irj
2. Login Stack is executed. The login module doesn't find username and password and quits with "no username provided"
3. My CustomLogonPage is displayed. ERROR MESSAGE: "User authentication failed..."
4. user enters credentials and submits form
5. Login Stack is executed AGAIN, checks userid and password
6. Success!
As you can see I am nearly there...
Problem is: The login module is executed once even before the logon page has been displayed (step 2.). Obviously it has to fail because no credentials have been provided at that point of time. After that everything is fine.
You find the log output of this step 2 attached.
Question:
What causes this behavior? Why is the login stack executed once before the Login Page is shown? How can i avoid that?
Hi Ingo,
According to your description you did the custom login page using the method of 7.0x versions.
In order to have the supported 7.4 approach please refer to SAP KBA 1935486 - NetWeaver Portal 7.3X/7.4 and custom logon screens. http://service.sap.com/sap/support/notes/1935486
I don't think this will change the behavior you currently experiencing though.
Best Regards,
Dror
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
i think it is normal behavior
when u access the protected resource, of course it will try to authenticate u first.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the suggestion. What do you expect to happen exactly with the SUFFICENT flag here?
For my understanding that would just influence the behavior of the stack in the case of successful authentication and should not have any impact on the Login Page.
Nevertheless I tried it - but no change.
Hi,
Can you change order of logon module in the stack and check the the security zone initial permissions.
one more thing check the Policy Configuration Name here default loading the any url like irj that time calling the ticket Policy.So here Authentication Stack tab your configuration check it. Because this the loading the first time before the logon page.
Otherwise check this help link
Login Modules - User Authentication and Single Sign-On - SAP Library
BR,
Durga
Hi Ingo,
- can you post the loginstack and the control flag settings (e.g. Suffient) ?
-what happens if you call the portal with the additional /portal : http://host:port/irj/portal ?
- Clear the login page beans by restarting the component com.sap.security.core.logon
- what happens, if you use the custom login component, but the JSP Login page is pure SAP ?
Some hints with Login pages:
At /nwa and Operation --> Start & Stop --> Tab "Java Anwendungen"
Application start/stop : com.sap.security.core.logon
This will help you, when you changed text and it does not show up.....
Just in case: There is a second login JSP which is used for HTTPS ....
Gruss,
Kai
Hi Kai,
good to know you are reading here!
/irj/portal does the same as /irj/
Several restarts of the whole server where done in the meanwhile. No change.
Yes, the HTTPS jsp has been looked at. Doesn't seem to have any influence.
The login stack is
1. EvaluateTicketLoginModule - SUFFICENT
2. MyOwnLoginModule - REQUIRED
3. CreateTicketLoginModule - OPTIONAL
Using the SAP "BasicPasswordLoginModule" here at 2. works ok.
This brings me to the point that the Login module handles the request in an incorrect way.
Maybe it is normal behauvior that the module is called once before the login page is displayed? It could ignore the first request in a way without error message.
But I don't find any hint if this would be ok or not.
Regards
Ingo Biermann
Hi Durga,
thanks for your suggestions. Checking the SecurityZone seemed to be a good idea. But there is alreads "no safety" configured.
> one more thing check the Policy Configuration Name here
> default loading the any url like irj that time calling the ticket Policy.
> So here Authentication Stack tab your configuration check it.
Hm. To be honest I don't really get what you mean. What exactly do you think I should check?
Best regards
Ingo
If the solution from Dror Last does not help, try this :
1. EvaluateTicketLoginModule - SUFFICENT
2. MyOwnLoginModule - Optional
3. BasicPasswordLoginModule - Requisite
4. CreateTicketLoginModule - OPTIONAL
Did you add/modify in the EAR/META-INF the files :
BR,
Kai
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.