cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO with HTTP Header Authentication

Former Member

on ‎05-15-2013 2:49 PM

0 Kudos

Hi All,

I
am trying to implement SSO from Non SAP system (CAS - Central authentication system) to SAP Portal. I have configured the HTTP Header Login module in the Login Module stack as per the below link.

http://help.sap.com/saphelp_nw73/helpdata/en/4a/47abb3e1f41cd4e10000000a421937/content.htm

I  have developed a Test JSP which set's the Header Variable IV_HTTP_USER with Portal login ID and re-directs to SAP Portal. When we test now, the HTTP Header Login module doesnt succeed and Login page comes up.

I have generated trace from NWA-Troubleshooting->Security troubleshooting wizard for authentication type and below the error i see. IV_HTTP_USER variable always show's as null.

Few Questions I have:

1. Do we have to change Authschemes file inculde authschem "Header" as mentioned in the below thread.

http://scn.sap.com/thread/2127692

2. In case yes - I did change the authscheme's file as per above discussion and checked. But when i navigate to NWA->Configuration Management Security Authentication and Single Sign-On, I get and information saying Authscheme file is invalid.

Please help.

Portal Version: NW7.3 SP08

Thanks

Hussain

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎05-29-2014 12:49 PM
0 Kudos

Dear,

We try to logon CE by headervarible with URL paramater. But userid was not sent to header variable, can you share how to send userid to header variable and J2ee engine.

Below is trace logs.

...thentication.callbackhandler.handleHandle com.sap.engine.interfaces.security.auth.HeaderVariableCallback@7fbcf227
...dler.handle(HeaderVariableCallback)Getting header by name: username
...dler.handle(HeaderVariableCallback)Header retrieved: null
...thentication.callbackhandler.handleExiting method
...ule.HeaderVariableLoginModule.loginSuccessfuly handled.
...ule.HeaderVariableLoginModule.loginheader username has value <null>
Show replies
Show replies
former_member432219
Active Participant
‎05-15-2013 3:07 PM
0 Kudos

Hello Hussain,

Changes to the authschemes file are not required, adding the HeaderVariableLoginModule with the appropriate value for the Header option, to a suitably configured ticket policy configuration should suffice.

Are you sure that the header variable is being populated correctly?. You have captured the issue using the security troubleshooting wizard (authentication incident), if you look at the requests that are logged from location com.sap.engine.services.httpserver.HttpTraceRequest.traceRaw. (you can filter on this location) - do you see the header variable values there?

If not, if you configure ICM to trace the http requests as per Enable HTTP traces from ICM you can see if the IV_HTTP_USER header is populated when it is received by the AS Java system (If you're accessing the portal via https, you may have to set icm/trace_secured_data=1 to get ICM to trace the relevant requests)

Show replies
Show replies
Former Member
‎05-15-2013 3:36 PM
0 Kudos

Hi Patrick,

Thanks!

I was about the post the HTTP trace log - but i missed it. yes i do see the IV_HTTP_USER variable with the user Id populated. But in the login module this http vraible somehow becomes null.

Can you please provide some more pointers.

Thanks

Hussain

former_member432219
Active Participant
‎05-15-2013 4:10 PM
0 Kudos

Hi Hussain,

I would expect the header to be contained in the request in the form

IV_HTTP_USER: <userid> just like the other headers shown in the request rather than in the form IV_HTTP_USER = <userid>

Perhaps you can review how the header is being added to the request by your JSP?

Ask a Question