cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Custom Login Module is executed even before the Logon Page

IngoBiermann
Explorer

on ‎07-01-2015 3:27 PM

0 Kudos

Hello everybody,

is anyone able to give me some advice on the following topic?

-----

What I have:

* EP 7.4

* a custom login module (MyOwnLoginModule) which is able to check provided user credentials

* a custom stack which uses:

1. EvaluateTicketLoginModule

2. MyOwnLoginModule

3. CreateTicketLoginModule

I can see this in NWA at "Authentication & single sign on" as a Policy Configuration of type CUSTOM.

The policy configuration is called "com.company.portal.login"

* a custom logon page project which shows a re-branded login page. It is a portal component named "com.company.portal.runtime.logon"

* a custom authschemes.xml which combines the above:

<authscheme name="uidpwdlogon">

<authentication-template> com.company.portal.login </authentication-template>

<priority>20</priority>

<frontendtype>2</frontendtype>

<frontendtarget>com.companx.portal.runtime.logon.certlogon</frontendtarget>

</authscheme>

----

What I want to achieve:

1. User enters http://host:port/irj

2. My CustomLogonPage is displayed

3. user enters credentials and submits form

4. Login Stack is executed, checks userid and password

5. Success!

---

What really happens:

1. User enters http://host:port/irj

2. Login Stack is executed. The login module doesn't find username and password and quits with "no username provided"

3. My CustomLogonPage is displayed. ERROR MESSAGE: "User authentication failed..."

4. user enters credentials and submits form

5. Login Stack is executed AGAIN, checks userid and password

6. Success!

As you can see I am nearly there...

Problem is: The login module is executed once even before the logon page has been displayed (step 2.). Obviously it has to fail because no credentials have been provided at that point of time. After that everything is fine.

You find the log output of this step 2 attached.

Question:

What causes this behavior? Why is the login stack executed once before the Login Page is shown? How can i avoid that?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

dror_last
Active Participant
‎07-13-2015 10:30 AM
0 Kudos

Hi Ingo,

According to your description you did the custom login page using the method of 7.0x versions.

In order to have the supported 7.4 approach please refer to SAP KBA 1935486 - NetWeaver Portal 7.3X/7.4 and custom logon screens. http://service.sap.com/sap/support/notes/1935486

I don't think this will change the behavior you currently experiencing though.

Best Regards,

Dror

Show replies
Show replies
junwu
Active Contributor
‎07-01-2015 3:57 PM
0 Kudos

i think it is normal behavior

when u access the protected resource, of course it will try to authenticate u first.

Show replies
Show replies
IngoBiermann
Explorer
‎07-01-2015 6:49 PM
0 Kudos

Thanks for your reply!

In this case - where is the difference to the standard login page? There it does not display the error message on the first page.

And do you have a proposal to avoid the message?

junwu
Active Contributor
‎07-01-2015 7:33 PM
0 Kudos

when you configure the stack, for your module, can you make the flag to be "SUFFICIENT"?

just have a try.

IngoBiermann
Explorer
‎07-02-2015 7:54 AM
0 Kudos

Thanks for the suggestion. What do you expect to happen exactly with the SUFFICENT flag here?

For my understanding that would just influence the behavior of the stack in the case of successful authentication and should not have any impact on the Login Page.

Nevertheless I tried it - but no change.

vdurgarao09
Contributor
‎07-06-2015 9:11 AM
0 Kudos

Hi,

Can you change order of logon module in the stack and check the the security zone initial permissions.

one more thing check the Policy Configuration Name here default loading the any url like irj  that time calling the ticket Policy.So here Authentication Stack tab your configuration check it. Because this the loading the first time before the logon page.

Otherwise check this help link

Login Modules - User Authentication and Single Sign-On - SAP Library

BR,

Durga

kai_unewisse3
Active Contributor
‎07-10-2015 4:05 PM
0 Kudos

Hi Ingo,

- can you post the loginstack and the control flag settings (e.g. Suffient) ?

-what happens if you call the portal with the additional /portal :  http://host:port/irj/portal ?

- Clear the login page beans by restarting the component com.sap.security.core.logon


- what happens, if you use the custom login component, but the JSP Login page is pure SAP ?


Some hints with Login pages:

At /nwa and Operation --> Start & Stop --> Tab "Java Anwendungen"

Application start/stop : com.sap.security.core.logon

This will help you, when you changed text and it does not show up.....

Just in case: There is a second login JSP which is used for HTTPS  ....


Gruss,

Kai

IngoBiermann
Explorer
‎07-11-2015 2:34 PM
0 Kudos

Hi Kai,

good to know you are reading here!

/irj/portal does the same as /irj/

Several restarts of the whole server where done in the meanwhile. No change.

Yes, the HTTPS jsp has been looked at. Doesn't seem to have any influence.

The login stack is

1. EvaluateTicketLoginModule - SUFFICENT

2. MyOwnLoginModule - REQUIRED

3. CreateTicketLoginModule - OPTIONAL

Using the SAP "BasicPasswordLoginModule" here at 2. works ok.

This brings me to the point that the Login module handles the request in an incorrect way.

Maybe it is normal behauvior that the module is called once before the login page is displayed? It could ignore the first request in a way without error message.

But I don't find any hint if this would be ok or not.

Regards

Ingo Biermann

IngoBiermann
Explorer
‎07-11-2015 2:39 PM
0 Kudos

Hi Durga,

thanks for your suggestions. Checking the SecurityZone seemed to be a good idea. But there is alreads "no safety" configured.

> one more thing check the Policy Configuration Name here

> default loading the any url like irj  that time calling the ticket Policy.

> So here Authentication Stack tab your configuration check it.


Hm. To be honest I don't really get what you mean. What exactly do you think I should check?


Best regards

Ingo

vdurgarao09
Contributor
‎07-13-2015 5:31 AM
0 Kudos

Hi Ingo,

Sorry,

Check the ticket policy configuration.

BR,

Durga Rao.

kai_unewisse3
Active Contributor
‎07-13-2015 12:37 PM
0 Kudos

If the solution from Dror Last does not help, try this :

1. EvaluateTicketLoginModule - SUFFICENT

2. MyOwnLoginModule - Optional

3. BasicPasswordLoginModule - Requisite

4. CreateTicketLoginModule - OPTIONAL

Did you add/modify in the EAR/META-INF the files :

  • application-j2ee-engine.xml
  • application.xml

See

BR,
Kai

Ask a Question