Error in setting up HTTP Header Variable Authentication

Former Member — Wed, 04 Nov 2009 15:05:47 GMT

Hi,

I am trying to set-up SSO for SAP Biller Direct aplication (deployed on SAP J2EE 7.0) using HTTP Header variable authentication.

As per SAP documentation I have created a new login module "HeaderVariableLoginModule" pointing to class "com.sap.security.core.server.jaas.HeaderVariableLoginModule".

Then I have added this new login module to Statck "Ticket" and the new config looks as below. HTTP header when UID is passed is USI_LOP.

Name Flag Options

com.sap.security.core.server.jaas.HeaderVariableLoginModule Sufficient ume.configuration.active= tue,

Header=USI_LOP

BasicPasswordLoginModule Optional

CreateTicketLoginModule Optional ume.configuration.active= tue

EvaluateTicketLoginModule Sufficient ume.configuration.active= tue

The problem I am now having is that the authentication through HTTP_HEADEr does not work. Even though I ahve increased the trace level for JAAS module to debug, there is not any type of information generated in the log.

Each time I call the Biller Direct URL from the extrenal web server which also passes the HEADER variable for Authntication, the authrisation just fails and I am being shown a Logon Screen to pust UID/PASSWORD.

Can someone please guide me, how I can debug this? There is very no information whether anyone tried to login with HEADER varibale and that has failed...

Also, I am not pretty sure whether I am using the right Authentication Stack, which is is Ticket in my case..

But when I enter the application without any URL redirects and enter UID and password directly for Biller Direct, I get the following in log file, which makes me believe that I am using the right stack.

User: CONDLG

Authentication Stack: ticket

1. com.sap.security.core.server.jaas.HeaderVariableLoginModule SUFFICIENT ok false false

2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule OPTIONAL ok true true

3. com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok true true

4. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false false

Central Checks true

Any help will be very much apprecated..

Thanks,

Vikrant Sud

Re: Error in setting up HTTP Header Variable Authentication

tim_alsop — Wed, 04 Nov 2009 15:11:51 GMT

Vikrant,

The reason why it is not working is because your login modules in ticket stack are in wrong order and with wrong flags. The first one should be EvaluateTicketLoginModule with flag=SUFFICIENT, then the Header Variable login module, with flag=OPTIONAL, then CreateTicketLoginModule with flag=SUFFICIENT, then BasicPasswordLoginModule with flag=REQUISITE, and lastly CreateTicektLoginModule with flag=OPTIONAL

Thanks,

Tim

Re: Error in setting up HTTP Header Variable Authentication

Former Member — Wed, 04 Nov 2009 16:25:15 GMT

Hi Tim,

Mnay thanks for your reply. It works perfectly.

Thanks,

Vikrant Sud

topic Re: Error in setting up HTTP Header Variable Authentication in Application Development and Automation Discussions

Error in setting up HTTP Header Variable Authentication

Re: Error in setting up HTTP Header Variable Authentication

Re: Error in setting up HTTP Header Variable Authentication