on 10-27-2006 7:52 PM
Hi All,
I want to implement single sign-on in SAP xMII. I follow all steps in the help. In LDAP User Configuration windows I get the user list, but I don't know what I have to do with this results... In Policy window I setup the LDAP too, and the same trouble, I don't logon with my LDAP account...
What I have to do? What the main difference between LDAP User Configuration and Policy?
Thanks for any answer,
Vinicius
Konitech/Neoris - Brasil
Hi Vinicius,
LDAP User Configuration is used to manage the users and all aspects of users on the ldap side. Policy is used only for authentication, roles and users and their attributes would be handled by xMII.
If you are interested in seting up SSO with LDAP take a look at web parts configuration in the help documentation. Try searching for 'sso' to find it. You could also use ntlm, which is a much easier setup.
Regards,
Jamie Cawley
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Joe,
I try many ways. I will discrib:
1 - Using LDAP Authentication
In the SAP xMII Admin Menu -> Security Services -> Security Manager -> User Manager -> LDAP User Configuration:
I setup the default_ldap with my settings, and wrote te "select" code in the Select User List, I receive my user list correctly.
2 - Policy
I did the same settings using LDAP, but nothing happend. One time, I made a mistake to set Control Flag to required... To correct this I need to reinstall my xMII.
I read the help, but I could find the correct way to do this: authenticate Windows (LDAP) and xMII togheter.
Thanks,
Vinicius
Joe,
In LDAP User Configuration - Tab Queries:
- Select User List
select sAMAccountName from XXXX where objectCategory=user
- Select User
select sAMAccountName from XXXX where sAMAccountName=?
XXXX - is the same for both
When I login using my LDAP/Windows account I receive this message "Sorry, you entered an invalid username or password. Please try again!".
I try many codes in sql, and nothing.
Sorry for a lot of questions...
Vinicius
Joe,
Follow the log error:
<i>Tue Nov 07 15:44:16 GMT-03:00 2006 WARN Login Invalid username or password</i>
<i>Tue Nov 07 15:44:16 GMT-03:00 2006 ERROR JAASHandler Could not authenticate - javax.security.auth.login.LoginException: Login Failure: all modules ignored
at com.lighthammer.cas.authentication.security.spi.LHLoginContext.invoke(Unknown Source)
at com.lighthammer.cas.authentication.security.spi.LHLoginContext.access$000(Unknown Source)
at com.lighthammer.cas.authentication.security.spi.LHLoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.lighthammer.cas.authentication.security.spi.LHLoginContext.invokeModule(Unknown Source)
at com.lighthammer.cas.authentication.security.spi.LHLoginContext.login(Unknown Source)
at com.lighthammer.cas.authentication.handler.JAASHandler.authenticate(Unknown Source)
at com.lighthammer.cas.gui.servlet.Login.service(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.newatlanta.servletexec.SERequestDispatcher.forwardServlet(SERequestDispatcher.java:638)
at com.newatlanta.servletexec.SERequestDispatcher.forward(SERequestDispatcher.java:236)
at com.newatlanta.servletexec.SERequestDispatcher.internalForward(SERequestDispatcher.java:283)
at com.newatlanta.servletexec.ApplicationInfo.processApplRequest(ApplicationInfo.java:1846)
at com.newatlanta.servletexec.ServerHostInfo.processApplRequest(ServerHostInfo.java:937)
at com.newatlanta.servletexec.ServletExec.ProcessRequest(ServletExec.java:1091)
at com.newatlanta.servletexec.ServletExec.ProcessRequest(ServletExec.java:973)
at com.newatlanta.servletexec.ServletExecService.processServletRequest(ServletExecService.java:167)
at com.newatlanta.servletexec.ServletExecService.Run(ServletExecService.java:204)
at com.newatlanta.servletexec.HttpServerRequest.run(HttpServerRequest.java:487)</i>
I do nothing in Policy. Have I do something? What diference between this two modes of authentication?
Thanks again,
Vinicius
Message was edited by: Vinicius Martins
Joe,
I called to Exton and talked with Jamie Cawley. I show my settings with WeBex.
I disable the LDAP User Authentication, and in the Policy I import the users.
Follow the log in the General Log:
<i>Timestamp Level Class Name Message
2006-11-08 16:34:39,386 WARN Login Invalid username or password
2006-11-08 16:34:39,386 ERROR JAASHandler Could not authenticate javax.security.auth.login.LoginException: Could not login into LDAP System at com.lighthammer.cas.authentication.security.spi.LdapLoginModule.doAuthenticate(Unknown Source) at com.lighthammer.cas.authentication.security.spi.AbstractLoginModule.login(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at com.lighthammer.cas.authentication.security.spi.LHLoginContext.invoke(Unknown Source) at com.lighthammer.cas.authentication.security.spi.LHLoginContext.access$000(Unknown Source) at com.lighthammer.cas.authentication.security.spi.LHLoginContext$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.lighthammer.cas.authentication.security.spi.LHLoginContext.invokeModule(Unknown Source) at com.lighthammer.cas.authentication.security.spi.LHLoginContext.login(Unknown Source) at com.lighthammer.cas.authentication.handler.JAASHandler.authenticate(Unknown Source) at com.lighthammer.cas.gui.servlet.Login.service(Unknown Source) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.newatlanta.servletexec.SERequestDispatcher.forwardServlet(SERequestDispatcher.java:638) at com.newatlanta.servletexec.SERequestDispatcher.forward(SERequestDispatcher.java:236) at com.newatlanta.servletexec.SERequestDispatcher.internalForward(SERequestDispatcher.java:283) at com.newatlanta.servletexec.ApplicationInfo.processApplRequest(ApplicationInfo.java:1846) at com.newatlanta.servletexec.ServerHostInfo.processApplRequest(ServerHostInfo.java:937) at com.newatlanta.servletexec.ServletExec.ProcessRequest(ServletExec.java:1091) at com.newatlanta.servletexec.ServletExec.ProcessRequest(ServletExec.java:973) at com.newatlanta.servletexec.ServletExecService.processServletRequest(ServletExecService.java:167) at com.newatlanta.servletexec.ServletExecService.Run(ServletExecService.java:204) at com.newatlanta.servletexec.HttpServerRequest.run(HttpServerRequest.java:487)
2006-11-08 16:34:39,386 FATAL LdapLoginModule javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893]</i>
I will try to setup in another enviromment.
What I don't undertand is when I press the Load User, the xMII bring me the list of users... In the LDAP User Authentication -> Select User List, the select bring the same list. Why I have problem with password only in the authentication process, not in the select process?
Vinicius
Check that your license has a "true" setting for external users.
Also - what version and build are you using?
I did a google search on the error ([LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B) and found that this error could be caused by not using a full DN.
Not sure why the full list of name would come back though.
Joe
Bingo!!!!
This is correct, I found the same tip in Google. The DN Suffix in my network in not simple, I talk with the network administrator and he told me true value.
Now, I have another question. Have I to edit all import users to add the Roles? What I have to do when the user open the browser, put the xMII URL, and the xMII open with your Windows/LDAP Logon Permissions?
Thanks so much your attention, pacient and good answers.
Best Regards,
Vinicius
Vinicius,
I believe you are managing your users externally? In External mode, you do not define users in Security Manager. You define queries against an LDAP system or against a database that store your users, roles, and role membership information. You effectively map Security Manager to the third party provider.
For you logon question - search Programmatic login in the help. That may have the imformation that you need.
Joe
Vinicius,
Please search on the SDN for 'xMII SSO'. This document was written by Jamie Cawley of the xMII Support Team and will give you the 'How-To' steps that you are looking for.
Regards,
Salvatore Castro
xMII Consulting and Field Enablement
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Salvatore,
I found one with name "Setting up Single Sign On between xMII and Enterprise Portal.pdf", this is the correct document?
This document talk about the SSO betwenn xMII and EP. I want to use LDAP or Windows Domain with the logon windows... I can't figure out what I have to do with this document in my case.
Regards,
Vinicius Martins
User | Count |
---|---|
11 | |
6 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.