Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Auto logon and detect already logged on

Go to solution
Former Member

on ‎2007 Apr 27 9:14 PM

0 Likes
274

In version 10 we did not use authorization and would like to bypass in 11.5 if possible. The personalization does not fit well with our site, since many custom pages and dynamic generated pages are used. We see the programmatic logon, and it works ok, but we'd like for it to all be seamless to the end users. If they're not logged in we'd prefer it simply log them in and complete the page it's on.

Any suggestions are appreciated.

(Ed discussing for Shari)

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

jcgood25
Active Contributor
‎2007 May 03 11:37 PM
0 Likes

Shari (Ed),

It's time to move on with the evolution of the product and actually use the authentication aspects. Authentication was introduced in version 9.0, and starting with either 9.5 or 10.0 we started enabling it by default, and with 11.0 you no longer could turn it off, which brings us to your 11.5 version.

In version 12.0, which runs on NetWeaver's WebAS instead of ServletExec/IIS, you will not be able to 'hack' the page like Sascha has shown.

Ed - please tell Shari I said hello!

Regards,

Jeremy Good

Show replies
Show replies

Answers (2)

Answers (2)

sufw
Active Participant
‎2007 Apr 30 12:30 AM
0 Likes

Hi Shari,

you can make this possible by slightly modifying one of the xMII JSP files which processes the login. Be careful however, because I don't think this will be supported by SAP and is likely to be overwritten when you upgrade xMII. You'll have to manually restore the changes after an upgrade, and have to make sure you test after an upgrade.

Add the following to C:\ServletExec AS\se-xMII\webapps\default\Lighthammer\error.jsp around line 17 (after the first if statement in the first JSP processing instruction):


if (message.equals("Unable to build user information for authorization response")){
        message = "Logging in as Guest";
        response.sendRedirect("/Illuminator/PortalLogin.jsp?&session=true&Guest=yes");
    }

As you can see, this is a very simplistic hack which will stop to work if SAP changes the error message we check for, changes the URL, etc.

For this to work, you will also need to create an account with limited privileges (I'd suggest making it part of the Everybody role only), and setting this account as the guest account. You can do this via the xMII Security Manager.

The idea behind this is that we trap an "authentication failed" error and automatically log in the user as Guest. This is useful if you also use NTLM authentication as everybody who has a local account (developers, etc.) gets logged in with their privileges and all end users (no local account) get logged in as Guest.

I guess another option would be to set up redirection in IIS itself to completely bypass the login screen (e.g. http://server/xMII redirects to http://server//Illuminator/PortalLogin.jsp?&session=true&Guest=yes).

Hope this helps,

Sascha

Show replies
Show replies
Former Member
‎2007 May 02 4:48 PM
0 Likes

Sascha,

This first part trying to trap the error string doesn't seem to work. Is that the exact syntax? "Unable to build user information for authorization response"

Thanks, Ed for Shari

sufw
Active Participant
‎2007 May 03 1:39 AM
0 Likes

Hi Shari,

As far as I remember, this was the only file I changed to make this work. However, I also modified the syntax of the following lines in the same file:


	String message = request.getParameter("msg");
	if (message == null) message = "INTERNAL_ERROR";

... was changed to ...


	String message = request.getParameter("msg");
	if (message == null){
             message = "INTERNAL_ERROR";
        }

I then simply added the lines from my previous post after that if statement.

How are you doing authentication? I've set up xMII so that it authenticates against our Active Directory service.

The error message trapped by the code occurs when xMII can authenticate a user (via Active Directory or any other external provider as configured in the Security Policy), but is unable to determine that user's authentication (i.e. it can't find the authenticated user in its local system or in any external provider). We don't use external authentication sources (e.g. database, LDAP, etc.) and rely on xMII alone for role mappings.

How is your system set up?

Former Member
‎2007 Apr 27 9:49 PM
0 Likes

U might want to define the client (from where the http request is coming to the xMII ) as a Trusted Server to the xMII server . You can set this up via the xMII Menu.

This would bypass the log in screen.

This is not a recommendation though , as the client will then be an admin to xMII and surely you don't want anybody and everybody to do that!

Show replies
Show replies
Ask a Question