Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Custom Login Module, LM Stack ignored

Former Member
0 Kudos
106

Moderator's note: This is a question split from another thread:

###############################################

Maybe someone with LoginModuleStack knowledge can give us a hand

Another issue (which is isolated from the other question) we have is that somehow the defined Login Module Stack for the J2EE app

doesn't get called when there exits already a MYSAPSSO2 cookie in the session.

The Login Module Stack looks like this:

Custom Login Module Position 1 Required (also tested with optional & requisite)

CreateTicketLoginModule Position 2 Sufficient (also tested with optional)

So if we call the J2EE web app with no existing MYSAPSSO2 cookie (e.g. open in new browser window), everything

works fine and the defined login module stack is run through.

If we call the app with existing MYSAPSSO2 cookie (e.g. open in same browser window after logout of previous app),

the login module stack is ignored and it seems that the EvaluateTicketLoginModule is called straight away, despite not being defined in the stack.

What could be the problem and how can this be solved?

Signed with greetings and a happy weekend on behalf of Minh-Duc Truong,

Your,

Julius

Edited by: Minh-Duc Truong on Jul 18, 2008 4:52 PM

Edited by: Julius Bussche on Jul 18, 2008 7:29 PM

1 REPLY 1

former_member698570
Active Participant
0 Kudos
37

Hi,

I cannot believe that the EvaluateTicketLoginModule is called if it is not defined in the stack. I guess the best way to track down the problem is to increase the severity of the following locations:

(use Visual Admin / Log Configurator / Locations TAB to do that):

com.sap.security.server.jaas

com.sap.engine.services.security

Set the Severity to ALL. After that call your application and paste the output in security.log here so I can have a look at it. It will contain a complete trace of the processing of your login modules so maybe we'll see what's going wrong.

Cheers