Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

UME Java API - created Users are denied access randomly

Former Member
0 Kudos

Dear Experts,

I'm not sure whether I got the correct forum for this question, so please hint me if I didn't.

I'm working with SAP Netweaver 7.3 and AS Java.

Our customer needs a more specific way to create and manage his users, so he won't use the standard usermanagement (/useradmin) provided by SAP. We build a Java Application using the UME Java API to create / update / delete users. (http://help.sap.com/javadocs/NW73/SPS02/CE/se/com.sap.se/com/sap/security/api/IUserFactory.html)

It all works fine except for one problem.

It happens from time to time that users we created with the Java Application cannot login. "Authentification failed." This NEVER happens to users we created with the standard useradmin provided by SAP.

The UME is mapped to a LDAP Server - this accounts of course for both, the standard useradmin and the Java Application - may this affect anything when loading users?

May UME's caching become a problem only for the Java API but not for the standard useradmin?

We also implemented a selfregistration Java Application which uses the anonymous portal access. This is triggered by a link. Is there any way this might cause problems?

Thanks in advance for your answers!

Milena May

The log says:

LOGIN.FAILED

User: N/A

IP Address: *********

Authentication Stack: ticket

Login Module Flag Initialize Login Commit Abort Details

1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true

#1 trusteddn1 = OU=J2EE,CN=S00

#2 trusteddn2 = CN=S00,OU=I0020256495,OU=SAP Web AS,O=SAP Trust Community,C=DE

#3 trustediss1 = OU=J2EE,CN=S00

#4 trustediss2 = CN=S00,OU=I0020256495,OU=SAP Web AS,O=SAP Trust Community,C=DE

#5 trustedsys1 = S00,000

#6 trustedsys2 = S00,100

#7 ume.configuration.active = true

2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok exception true Authentication did not succeed.

3. com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok true

EDIT:

There are two different solutions to make the user account able to login again:

- Wait for some time (several minutes won't do but half an hour mostly will) -> might point to a caching problem...

- Set an administrative lock in the standard usermanagement and make the account active again.

Strange though, when locking and unlocking the account in the Java Application, the user can still not login.

Edited by: MilenaMMay on Sep 9, 2011 9:06 AM

1 REPLY 1

Former Member
0 Kudos

Problem resolved:

When dealing with user and account you may either CREATE BOTH or UPDATE BOTH.

It is not possible to create an user, save it and afterwards create and save the account.

When you're dealing wrongly with user and account, NO UMException will be thrown, your code will work fine. Except that the UME then uses a TRANSIENT account that is deleted when the UME's cache is updated.

When creating accounts / users, you should always stick to the ORDER of COMMANDS as SAP intended them to. Look at this example and use the commands in EXACTLY the same order and everything will work fine:

http://help.sap.com/saphelp_nw73/helpdata/en/90/0ac06cdde041a2a4d81c9f7faed143/frameset.htm

Regards,

Milena May