Skip to Content
author's profile photo Former Member
0
Former Member
Sep 09, 2011 at 06:45 AM

UME Java API - created Users are denied access randomly

78 Views

Dear Experts,

I'm not sure whether I got the correct forum for this question, so please hint me if I didn't.

I'm working with SAP Netweaver 7.3 and AS Java.

Our customer needs a more specific way to create and manage his users, so he won't use the standard usermanagement (/useradmin) provided by SAP. We build a Java Application using the UME Java API to create / update / delete users. (http://help.sap.com/javadocs/NW73/SPS02/CE/se/com.sap.se/com/sap/security/api/IUserFactory.html)

It all works fine except for one problem.

It happens from time to time that users we created with the Java Application cannot login. "Authentification failed." This NEVER happens to users we created with the standard useradmin provided by SAP.

The UME is mapped to a LDAP Server - this accounts of course for both, the standard useradmin and the Java Application - may this affect anything when loading users?

May UME's caching become a problem only for the Java API but not for the standard useradmin?

We also implemented a selfregistration Java Application which uses the anonymous portal access. This is triggered by a link. Is there any way this might cause problems?

Thanks in advance for your answers!

Milena May

The log says:

LOGIN.FAILED

User: N/A

IP Address: *********

Authentication Stack: ticket

Login Module Flag Initialize Login Commit Abort Details

1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true

#1 trusteddn1 = OU=J2EE,CN=S00

#2 trusteddn2 = CN=S00,OU=I0020256495,OU=SAP Web AS,O=SAP Trust Community,C=DE

#3 trustediss1 = OU=J2EE,CN=S00

#4 trustediss2 = CN=S00,OU=I0020256495,OU=SAP Web AS,O=SAP Trust Community,C=DE

#5 trustedsys1 = S00,000

#6 trustedsys2 = S00,100

#7 ume.configuration.active = true

2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok exception true Authentication did not succeed.

3. com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok true

EDIT:

There are two different solutions to make the user account able to login again:

- Wait for some time (several minutes won't do but half an hour mostly will) -> might point to a caching problem...

- Set an administrative lock in the standard usermanagement and make the account active again.

Strange though, when locking and unlocking the account in the Java Application, the user can still not login.

Edited by: MilenaMMay on Sep 9, 2011 9:06 AM