Hello All,
I've been trying to create the Logon Ticket MYSAPSSO2 by adding the login module CreateTicketLoginModule to my web app (the calculator) and the to example Hello app. I first tried setting it as SUFFICIENT then as REQUISITE but it hasn't made a difference.
The help.sap.com "Testing the Use of Lof Logon Tickets" says the logon ticket is a cookie with the name MYSAPSSO2. However, setting my browser to prompt for cookies and using ethereal to look at the traffic, I don't get this cookie.
I only get a JSESSIONID and a sapj2ee_<appname> cookie.
I'm not getting any information written into the security.log either.
I'm using the sneak preview version of sap web as 6.40
Thanks in advance for your help.
Hi Joe,
1. If you have SUFFICIENT login module in the stack before CreateTicketLoginModule, then if this login module succeeds, the login modules that are after it (including CreateTicketLoginModule) will not be executed.
2. If you have REQUISITE login module in the stack and this login module fails, none of the login modules after it will be executed.
2. You must have in the authentication stack at least one login module that successfully authenticate the user. (For example BasicPasswordLoginModule or ClientCertLoginModule. If you are using custom login module, then it should put in the shared state the name of the authenticated user - under key AbstractLoginModule.NAME.).
This login module should be before CreateTicketLoginModule in the stack.
After the user is identified, CreateTicketLoginModule can create ticket for that user.
Regards,
Svetlana
Add a comment