Skip to Content
author's profile photo Former Member
Former Member

Creating Logon Tickets with the CreateTicketLoginModule

Posted on Apr 28, 2004 at 06:52 AM 76 Views

Hello All,

I've been trying to create the Logon Ticket MYSAPSSO2 by adding the login module CreateTicketLoginModule to my web app (the calculator) and the to example Hello app. I first tried setting it as SUFFICIENT then as REQUISITE but it hasn't made a difference.

The help.sap.com "Testing the Use of Lof Logon Tickets" says the logon ticket is a cookie with the name MYSAPSSO2. However, setting my browser to prompt for cookies and using ethereal to look at the traffic, I don't get this cookie.

I only get a JSESSIONID and a sapj2ee_<appname> cookie.

I'm not getting any information written into the security.log either.

I'm using the sneak preview version of sap web as 6.40

Thanks in advance for your help.

SAP NetWeaver Application Server
Add comment
10|10000 characters needed characters exceeded

1 Answer

  • author's profile photo Svetlana Stancheva
    Svetlana Stancheva
    Posted on May 05, 2004 at 07:08 AM

    Hi Joe,

    1. If you have SUFFICIENT login module in the stack before CreateTicketLoginModule, then if this login module succeeds, the login modules that are after it (including CreateTicketLoginModule) will not be executed.

    2. If you have REQUISITE login module in the stack and this login module fails, none of the login modules after it will be executed.

    2. You must have in the authentication stack at least one login module that successfully authenticate the user. (For example BasicPasswordLoginModule or ClientCertLoginModule. If you are using custom login module, then it should put in the shared state the name of the authenticated user - under key AbstractLoginModule.NAME.).

    This login module should be before CreateTicketLoginModule in the stack.

    After the user is identified, CreateTicketLoginModule can create ticket for that user.

    Regards,

    Svetlana

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Svetlana Stancheva
      Jun 09, 2004 at 06:48 AM

      Howdy Svetlana,

      thanks for the help.

      I've made my login module and CreateTicketLoginModule "Requisite".

      In the login method in my login module I've put

      userPrincipal = new SimplePrincipal(userID);

      sharedState.put("javax.security.auth.login.name", userPrincipal);

      the userID comes from the http Callback.

      Then in commit I've put

      sharedState.put("javax.security.auth.login.principal", userPrincipal);

      When I try to log in the log gives me this error

      Exception com.sap.engine.services.security.exceptions.BaseLoginException: Error in some of the login modules.

      at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:102)

      at java.security.AccessController.doPrivileged(Native Method)

      at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:123)

      at com.sap.engine.services.servlets_jsp.server.runtime.context.SessionServletContext.doLogin(SessionServletContext.java:547)

      at com.sap.engine.services.servlets_jsp.server.runtime.context.SessionServletContext.checkUser(SessionServletContext.java:267)

      at com.sap.engine.services.servlets_jsp.server.runtime.context.ApplicationContext.checkMap(ApplicationContext.java:400)

      at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.checkRequest(HttpHandlerImpl.java:64)

      at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:655)

      at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:221)

      at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)

      at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:146)

      at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:37)

      at com.sap.engine.core.cluster.impl6.session.UnorderedChannel$MessageRunner.run(UnorderedChannel.java:71)

      at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

      at java.security.AccessController.doPrivileged(Native Method)

      at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:94)

      at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:140)

      Caused by: java.lang.ClassCastException

      at com.sap.security.core.server.jaas.CreateTicketLoginModule.login(CreateTicketLoginModule.java:249)

      at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:54)

      ... 16 more

      Have I put the items in the shared state properly?

      From my understanding, to create the SAP login ticket I need an authenticated user...to make the SAP WAS acknowledge my authenticated user I need to add the name to the shared State and it will check that name against the User Store...and then make the MYSAPSS02 cookie. Is this correct?

      Thanks,

      Joe