Skip to Content
author's profile photo Former Member
0
Former Member

Creating Logon Tickets with the CreateTicketLoginModule

Posted on Apr 28, 2004 at 06:52 AM 99 Views

Hello All,

I've been trying to create the Logon Ticket MYSAPSSO2 by adding the login module CreateTicketLoginModule to my web app (the calculator) and the to example Hello app. I first tried setting it as SUFFICIENT then as REQUISITE but it hasn't made a difference.

The help.sap.com "Testing the Use of Lof Logon Tickets" says the logon ticket is a cookie with the name MYSAPSSO2. However, setting my browser to prompt for cookies and using ethereal to look at the traffic, I don't get this cookie.

I only get a JSESSIONID and a sapj2ee_<appname> cookie.

I'm not getting any information written into the security.log either.

I'm using the sneak preview version of sap web as 6.40

Thanks in advance for your help.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • author's profile photo Svetlana Stancheva
    Svetlana Stancheva
    Posted on May 05, 2004 at 07:08 AM
    0

    Hi Joe,

    1. If you have SUFFICIENT login module in the stack before CreateTicketLoginModule, then if this login module succeeds, the login modules that are after it (including CreateTicketLoginModule) will not be executed.

    2. If you have REQUISITE login module in the stack and this login module fails, none of the login modules after it will be executed.

    2. You must have in the authentication stack at least one login module that successfully authenticate the user. (For example BasicPasswordLoginModule or ClientCertLoginModule. If you are using custom login module, then it should put in the shared state the name of the authenticated user - under key AbstractLoginModule.NAME.).

    This login module should be before CreateTicketLoginModule in the stack.

    After the user is identified, CreateTicketLoginModule can create ticket for that user.

    Regards,

    Svetlana

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Svetlana Stancheva
      Jun 09, 2004 at 06:48 AM

      Howdy Svetlana,

      thanks for the help.

      I've made my login module and CreateTicketLoginModule "Requisite".

      In the login method in my login module I've put

      userPrincipal = new SimplePrincipal(userID);

      sharedState.put("javax.security.auth.login.name", userPrincipal);

      the userID comes from the http Callback.

      Then in commit I've put

      sharedState.put("javax.security.auth.login.principal", userPrincipal);

      When I try to log in the log gives me this error

      Exception com.sap.engine.services.security.exceptions.BaseLoginException: Error in some of the login modules.

      at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:102)

      at java.security.AccessController.doPrivileged(Native Method)

      at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:123)

      at com.sap.engine.services.servlets_jsp.server.runtime.context.SessionServletContext.doLogin(SessionServletContext.java:547)

      at com.sap.engine.services.servlets_jsp.server.runtime.context.SessionServletContext.checkUser(SessionServletContext.java:267)

      at com.sap.engine.services.servlets_jsp.server.runtime.context.ApplicationContext.checkMap(ApplicationContext.java:400)

      at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.checkRequest(HttpHandlerImpl.java:64)

      at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:655)

      at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:221)

      at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)

      at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:146)

      at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:37)

      at com.sap.engine.core.cluster.impl6.session.UnorderedChannel$MessageRunner.run(UnorderedChannel.java:71)

      at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

      at java.security.AccessController.doPrivileged(Native Method)

      at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:94)

      at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:140)

      Caused by: java.lang.ClassCastException

      at com.sap.security.core.server.jaas.CreateTicketLoginModule.login(CreateTicketLoginModule.java:249)

      at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:54)

      ... 16 more

      Have I put the items in the shared state properly?

      From my understanding, to create the SAP login ticket I need an authenticated user...to make the SAP WAS acknowledge my authenticated user I need to add the name to the shared State and it will check that name against the User Store...and then make the MYSAPSS02 cookie. Is this correct?

      Thanks,

      Joe

    Comment on This Answer

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.