Joe,

I would suggest you use EvaluateTicketLoginModule and write a new customer login module which redirects and then use flags in the authetication stack to trigger the custom login module to redirect based on return code from the EvaluateTicketLoginModule. This would be better than trying to re-code a login module written by SAP which is already available and widely tested/used.

Thanks,

Tim

Joe,

No, I wasn't suggesting that your code calls the EvaluateTicketLoginModule. I was suggesting that you configure this login module in the authentication stack so it is called by NetWeaver before your login module is invoked, and then you can use auth stack flags to get NetWeaver to trigger your login module based on whether the EvaluateTicketLoginModule is successful or fails.

You might want to look in SAP help library for details of login module stacks. For example: http://help.sap.com/erp2005_ehp_03/helpdata/EN/20/f66e424925c253e10000000a1550b0/frameset.htm

Thanks,

Tim

Joe,

Since you are using "Sufficient" for the EvaluateTicketLoginModule, when the user is returning this login module will return true and no other login modules will be invoked. So, if you expect to have special processing for returning users this is not possible using Sufficient flag.

I am trying to understand the overall requirement / use case, to understand what you are trying to acheive with your login module because it seems strange to want to redirect a user when they return to the application after their initial login. My company has a use case where redirection is required in order to support web-based applications on ABAP systems, and we do that with a servlet that triggers UME authentication and has parameters which are passed to it so it knows where to redirect to - this is best approach for such needs, not to code redirection in a login module.

Thanks,

Tim

Joe,

Thankyou. This explanation is very useful.

Instead of redirecting to the Java engine and then to ABAP where Webgui is running, I suggest you use the following approach.

1. When portal user needs to access Webgui, redirect them to the Webgui URL

2. In t-code SICF in ABAP system, configure the error page for Webgui service so that if SSO2 cookie is not provided it will redirect them to the Java engine (to a servlet where you pass parameter telling location of webgui). Then, when they return they will be setn back to the Webgui service in ABAP stack and the SSO2 ticket will be recognised and accepted by ABAP system. Once completed the servlet will redirect them back to webgui using the parameter passed when it was called from the ICF error page configurated in Webgui service.

The above approach will work. I know because i have used it many times to acheive the same, and will work with any authentication method, not just your own which validates the encrypted message from portal.

Thanks,

Tim

Joe,

ok, but I think you will have extreme difficulty if you try to analyse the SSO2 ticket as you have suggested. It is far better to use standard techniques to handle returning users and not do it the way you are trying at moment.

Also, I know that in future SAP are planning to provide a standards based replacement for the SSO2 ticket, using SAML Tokens, and when this happens your approach will not work, but my approach will work fine and will not require any changes to any code.

I cannot think of any alternative based on what you have mentioned, so I think you should consider redirecting the user to the required application URL instead of redirecting them somewhere which is only valid for the initial login (e.g. when no SSO2 ticket is present).

Thanks,

Tim