cancel
Showing results for 
Search instead for 
Did you mean: 

SPNego on Portal 7.4 doesn't work

Former Member
0 Kudos


Hi Gurus,

I just finished the steps for implementing SPNego on our Portal server 7.4 on Linux machine having user storage on MS AD. I followed the steps starting from modifying datasource conf file for kerberos till running SPNego wizrd as described in the documentation (1488409 - New SPNego Implementation).and 2029432 - Spnego wizard walkthrough for 7.3/7.4 netweaver versions but at the end it failed. It didn't give me any error message but on hitting the url it simply displaying the login page that it used to display before.

I am attaching some screenshots for review.

I will appreciate for any help here.

Thanks

Accepted Solutions (1)

Accepted Solutions (1)

FabricioPereira
Participant
0 Kudos

Hello Navaid,

Did you try selecting Souce: ADS Data Source, as your user storage is MS AD?

Also, do you need to have the three different keys? wouldn't RC4-HMAC be enough?

For the ticket template, I'd recommend you to enter:

EvaluateTicketLoginModule     SUFFICIENT

SPNegoLoginModule              OPTIONAL

CreateTicketLoginModule        SUFFICIENT

BasicPasswordLoginModule    REQUIRED

CreateTicketLoginModule        REQUIRED

If it doesn't work, send us the error that appears in the log from the Security Troubleshooting Wizard for the authentication.

Regards,

Fabricio Pereira

Former Member
0 Kudos


Hi Fabricio,

Thanks for your reply on this. I donloaded the unlimited strength file from oracle website and with that it brought me 4th key with AES256 code 18 and hence no error during spnego wizard. I changed the mapping mode to "Principal and Realm" with "ADS Data Source". My ticket stack now contains exactly as you mentioned above. I am getting the same result (SPNego not working) when I use all 4 keys or when I use only RC4-HMAC key. I collected the logfiles for both so if you please reply me to my email navaid.rafiq@yahoo.com then I will send those files to you.

FabricioPereira
Participant
0 Kudos

Hello Navaid,

Just send us the error log displayed in the troubleshooting tool. whatever is in RED or in YELLOW.

regards,

Fabricio Pereira

Former Member
0 Kudos

Hi Fabricio,

I found in th logfile "NTLM token found in authorization header during SPNEGO authentication."

In note 934138 it explains the solution as;

The possible reasons for the IE misbehavior are:

1)     The IE browser configuration is not correct. Check if the Integrated Windows Authentication is enabled in IE browser options going to Tools -> Internet Options -> Advanced -> Security. The AS Java hostname must be added to the Intranet sites list in Tools -> Internet Options -> Security -> Local Intranet -> Sites button -> Advanced button. You can use asterix (*) in order to add a whole domain to the site list.
2)     Test the scenario from another host.
Most probably the issue is host specific. Checking the scenario from another host you will be able to find out if the issue is caused by workstation OS misbehavior.
3)     Check if the AS Java SPNego service user Service Principal Name (SPN) is unique through the LDAP repository.
If there is another user with same SPN in MS ADS the KDC cannot provide Kerberos token for the J2EE web service to the IE browser web client.
4)     IE browser sends NTLM token when the Kerberos token has expired. IE browser must request a new Kerberos token but fails to get it due to Microsoft bug for Windows XP SP2 workstation.
Please apply Microsoft hotfix KB899587.
5)     If the AS Java system is registered with several aliases in the Domain Name System (DNS), add SPN entry for each of the DNS alises as well as for the physical hostname of the AS Java system.
The reason is that the client (desktop) system might resolve the hostname to alias name and vice versa. For more info check note 1313880

************* end of note ****************

My logfile doesn't have the entry "Decoding error in parsing of SPNego token" as mentioned in that note.  Point#5 above is the only step that can be performed as all other steps are already in place and we have windows 7 prof with IE9 so step 4 is not valid.

We can access to Portal as

http://myhost.erp.domain.com:50000/irj

http://myalias.erp.domain.com:50000/irj

whereas nslookup to both myhost & myalias is diffrent as 10.x.x.106 & 10.x.x.156 resp.

In the setSPN command I only defined myalias not myhost so do you think defining myhost there too could solve the issue? any stuff if I am overlooking anything?

Thanks for your help.

Navaid

FabricioPereira
Participant
0 Kudos

Hello Navaid,

I always enter all the aliases in the SPN. You should try that first.

Regards,

Fabricio Pereira

Former Member
0 Kudos

Hi Fabricio,

While I was planning to enter that hostname too in the setspn command as it would take at least 4-5 days going through change management. I tested today and didn't find NTLM occurance in the logfile which is strange as I didn't change anything on portal and pretty sure nothing was changed on AD side too yet.

Anyway I was doing trial and error method and defined the realm instead of erp.mydomain.com (previously defined) to myalias.erp.mydomain.com and only using RC4-HMAC key. After defining this realm I tested and didn't find NTLM entry in the log file but SPNego still failing. I took the screenshot of that security logfile which is attached here.

Please let me know if you find any clue from this file.

Thanks,

Navaid

******************************* LOG FILE ************************************

SPNego is
runnig in normal (new) mode.

SPNEGO configuration:

----------

SPNEGORealm: myalias.ERP.mydomain.COM

Enabled: true

Description:

User mapping:
SPNEGOUserMapping: mode = principal,REALM, source = ADS

Default user groups: []

Default user roles: []

SPNEGOKey:
code = 23, type = rc4-hmac

SPNEGORealm: ERP.mydomain.COM

Enabled: true

Description:

User mapping: SPNEGOUserMapping: mode = principal,REALM, source = ADS

Default user groups: []

Default user roles: []

SPNEGOKey: code = 23, type = rc4-hmac

----------

Get cookie MYSAPSSO2

Cookie MYSAPSSO2 is not found

------------

Received no
SAPLogonTicket. Authentication stack: [ticket].

Exiting
method with <null>

-----------

Get request
attribute spnego

Set value to
<null>

Authorization
header not received. Original URL cookie found in request. SPNego running in
fallback mode.

No
authenticated user found.

Enabled
redirect to login/error page

Authentication
type of the request is <null>

Authentication
method from authentication context: <null>

Use default
authentication method: FORM

User name in
the request is <null>

Former Member
0 Kudos

... additional files

Answers (3)

Answers (3)

FabricioPereira
Participant
0 Kudos

The only thing I could find related to your log was in the note 2026991 - SPNego Fails if a User didn't Logoff Correctly Last Time

But I'm not sure if it is related to the problem you are having as you were not able to get SPNego to work yet.

At this point, I'd suggest you to open an incident to SAP.

Regards,

Fabricio Pereira

Former Member
0 Kudos

Hi Fabricio,

If the user logs off then he would be automatically logged in due to windows integrated authentication (provided SSO is working). So basically user can't logoff in SSO case, right? or unless he opens the browser as an admin user. But in my case I logged off properly through the logoff button.

An SAP incident has been opened last week on this and they are also looking into it. Just one thing to confirm about the realm. What format of realm I should use from the following;

serviceuser@alias.erp.domain.com

serviceuser@hostname.erp.domain.com OR

serviceuser@erp.domain.com

Thanks for all your help.

Navaid

FabricioPereira
Participant
0 Kudos

Hello,

I'm using serviceuser@FQDN.

For example:

mysite.google.com

Realm: google.com

To add new Realm by principal manually:

Principal Name: serviceuser@google.com

Hope it helps.

Regards,

Fabricio Pereira

Former Member
0 Kudos

Hi Fabricio,

I exactly defined the everything in the same way that you mentioned as,

Realm: erp.company.com

Principal Name: serviceuser@erp.company.com

using key as RC4-HMAC

Mapping mode is: Principal and Realm

Source: ADS Data Source

Defined all physical and virtual hostnames in SPN of service user as per note 934138

Result is still NTLM token.

Any other idea? SAP support suggested to contact microsoft for AD not issuing SPNego token but just wondering if we can tweak anything on SAP side still? if you can tell any change on AD side to make it issue SPNego token.

Will appreciate for your valuable suggestion

Thanks,

Navaid

FabricioPereira
Participant
0 Kudos

Hello Navaid,

Have you read the note 1649110 - SPNego for Kerberos Authentication: NTLM token received in authorization header?

Maybe you should look to the problem from the KDC side. Was the configuration in the KDC done as explained in the note  1488409 - New SPNego Implementation?

The documentation says:


Assumptions

  • The Windows domain name is IT.CUSTOMER.DE
  • The fully qualified domain name (FQDN) of the AS Java engine host is hades.customer.de
  • The AS Java engine has an additional alias su3x24.customer.de
  • The AS Java engine instance is D21


Configuration steps on the ADS

  1. Create a service user named “j2ee-d21-hades”
  2. Select the “Password never expires” check on the user’s account
  3. Make sure the “Use DES encryption” check on the user’s account is not selected
  4. From the command line, execute the following commands in order to register Service Principal Names (SPNs) for the AS Java engine host name and alias to the service user “j2ee-d21-hades”

setspn –a HTTP/hades.customer.de j2ee-d21-hades

setspn –a HTTP/su3x24.customer.de j2ee-d21-hades

Doing so registers both the host name and the alias as SPNs of the service user in the ADS

     5. In order to check the configuration, execute the following command from the command line for every SPN that you registered

ldifde –r serviceprincipalname=HTTP/hades.customer.de –f out.txt

ldifde –r serviceprincipalname=HTTP/su3x24.customer.de –f out2.txt

Execute the command for every single SPN you registered to the service user and check the generated files.

The output of each invocation must be only one entry – the service user created earlier, in the example – j2eed21-hades. In other words, all SPNs must be unique

Procedure for Microsoft Internet Explorer

  1. Enable Windows Integrated Authentication: “Tools” >> “Internet Options” >> “Advanced” >> choose “Enable Windows Integrated Authentication” (requires restart)
  2. Enable automatic logon in the Intranet zone: “Tools” >> “Internet Options” >> “Security” >> “Local Intranet” >> “Custom Level” >> choose “Automatic logon only in Intranet Zone” from the “User Authentication” section
  3. Add the AS Java engine’s host name to the list of local Intranet sites: “Tools” >> “Internet Options” >> “Security” >> “Local Intranet” >> “Sites” >> “Advanced”
  4. Add the AS Java engine’s host name to the list of sites bypassed by the proxy (if available): “Tools” >> “Internet Options” >> “Connections” >> “LAN Settings” >> “Advanced”

Regards,

Fabricio

Former Member
0 Kudos

Hi Fabricio,

Thanks for your reply. Both notes that you mentioned I followed both of them and that pdf document too during my development. I now feel to explain you briefly the network here as compare to the example given in that document/note.

My AD domain is: corp.<mycompany>.net   =>     IT.CUSTOMER.DE  (in example)

my Portal domain is erp.<myCompany>.com

My Portal FQHN:

sappd1di00.erp.<myCompany>.com     =>    hades.customer.de (in example)

sapptlcap80.erp.<myCompany>.com     =>     su3x24.customer.de (in example)

where sappd1di00 is virtual and sapptlcap80 is physical hostnames having different IP addresses.

My Portal instance:     PD1          =>     D21 (in example)

My Realm: ERP.<MYCOMPANY>.COM

My Servioce user: SRVSAPPD1     =>     j2ee-d21-hades (in example)

UPN for service user:

SRVSAPPD1@CORP.<myCompany>.NET     =>     <samaccountname>@<REALM> as in note 1313880 which should be j2ee-d21-hades@IT.CUSTOMER.DE

Question1: does it mean I should change realm to SRVSAPPD1@CORP.<myCompany>.NET from SRVSAPPD1@ERP.<myCompany>.COM.  My AD and Portal domains are different.

Question2: should I change UPN from SRVSAPPD1@CORP.<myCompany>.NET to SRVSAPPD1@ERP.<myCompany>.COM

My entries in SPN:

HTTP/sappd1di00

HTTP/sappd1di00.erp.<myCompany>.com

HTTP/sapptlcap80

HTTP/sapptlcap80.erp.<myCompany>.com

If I hit Portal URL I get the portal login page (NTLM token issue) but when I run klist command in DOS then it doesn't show any ticket being generated or any entry. I want to make sure that Portal is doing what it is supposed to do before sending any request to DC.

Would you tell how can I install kerbtray on windows 7 to monitor such request and from where I can get that utility.

Our AD folks notified us that AD by default generates Kerberos ticket and they didn't turn that feature off. What kind of logs or monitoring can be done on AD to find such thing?

Thanks again for your inputs.

Navaid

FabricioPereira
Participant
0 Kudos

Hello Naid,

I believe that is what is so complex in your set up. The Portal and AD are in different domains.

So:

Answer1: Yes, the Realm should be in the same domain as AD.

Answer2: The service user should be serviceuser@AD_DOMAIN. In your case: SRVSAPPD1@corp.<mycompany>.net

SPN should be:

setspn -a HTTP/sappd1di00.erp.<myCompany>.com SRVSAPPD1

setspn -a HTTP/sapptlcap80.erp.<myCompany>.com SRVSAPPD1


I also thing that you should remove the entries

HTTP/sappd1di00

HTTP/sapptlcap80



It's been a long time I don't have to use the kerbtray tool. I'm not sure how you can get that on windows 7.


I have a question:

Do you generate your own keytab file or you configure it manually in NWA?


Try both ways and see if it changes anything...

To create the keytab file:

ktab.exe -a serviceuser@AD_DOMAIN -k Keytabfile

ktab.exe -a SRVSAPPD1@corp.<mycompany>.net -k Keytabfile


Regards,

Fabricio Pereira

Former Member
0 Kudos

Hi Fabricio,

Thanks for a detailed response and very useful one.

In response to your query about Realm, I manually generated it through NWA as our AD folks said that they don't find ktab utility on DC and won't download it either for just nothing so I had to do that on portal side.

I tried earlier almost every option including creating Realm exactly you mentioned here as SRVSAPPD1@corp.<mycompany>.net but it didn't work so I changed it to  ERP.<MYCOMPANY>.COM and eventually that also didn't work as problem might be somewhere else. But at least I know from you now about defining the realm correctly.

I just changed the realm accordingly but it didn't change the status for that NTLM token issue so I will contact AD folks for the log file.

Regards,

Navaid

Former Member
0 Kudos

Hi Fabricio,

Other than Security Wizard logfile from http://<FQHN>:50000/tshw what other tool we can use to check if Portal is sending the correct request through browser header for getting the ticket/token from AD. I use F12 developer tool but it doesn't give that kind of detail. Just want to check and make sure that Portal is sending the request in the right/compatable format request through browser to AD.

What other helpful tools are for monitoring/checking such header.

Also which log file on AD side I will have to analyse to check if the request is coming in the right way through browser. Does that AD log file has any correlation to SAP Security wizard logfile?

One very important thing to ask is as SPNego is giving issues so can we have SAML setup between portal and AD to get SSO. Is this really easier to implement and provides the same purpose as that of SPNego?

Let me know please.

                                                                                                                               

Thanks,

Navaid

FabricioPereira
Participant
0 Kudos

Hello Navaid,

I'm sorry for hearing that the issue still persists.

About the tool, I use the HTTPWatch to have more information about the HTTP Calls.

Regards,

Fabricio

Former Member
0 Kudos

Hi Fabricio,

I eventually got it fixed. There were 2 places to look, one under /etc/krb5.conf file that I customized it as per my server setting and second is to run ktpass command on AD (same as ktab command). After I got keytab file from AD I created realm on the basis of that and selected Principal only using HMAC key option. It worked after.

Thanks for all your support and effort in helping me out, I really appreciate it and you definitely deserve more than one point.

Kind Regards

Navaid

Former Member
0 Kudos

How can I reward a point as I don't see any link here, any idea?

Steffi_Warnecke
Active Contributor
0 Kudos

Hello Navaid,

try the buttons in the replies instead.   See the blog

to learn more.


Regards,

Steffi.

FabricioPereira
Participant
0 Kudos

I see you have two Realms in your SPNego configuration.

What if you just keep the one that has the SPN correctly configured? Delete the one that is not configured yet and try accessing the Portal through the other one.

I can't read very well your printscreens, but waht I could read, didn't give me much information about what could be the issue.

Regards,

Fabricio

Former Member
0 Kudos

Hi Fabricio,

I deleted one of the realm and kept the one with serviceuser@myalias.erp.mydomain.com. I checked the key and it is only RC4-HMAC. I am attaching the complete logfile here.

Please let me know if you notice anything there.

Thanks,

Navaid

10:41:49:244DebugGuestHTTP Worker [@938643046],5,D......ttpserver.HttpTraceRequest.traceRawCLIENT: 1284, REQUEST:
GET /irj/portal HTTP/1.1
accept: application/x-ms-application, image/jpeg,
  application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap,
  application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
  */*
accept-language: en-US
user-agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
accept-encoding: gzip, deflate
host: myalias.erp.mydomain.com:50000
connection: Keep-Alive
cookie:
  com.sap.engine.security.authentication.original_application_url=GET#vInZfOrx15zICfaLePYmLtj%2Fmfn0LsCegX9PCEUTEmZc5ylwop9Kv4mc%2FZ4UtQU4FRfLpdlwwe6jwKCBLQoCOHyrR5Nyb2ntfFr0Er%2BlKzLQgIvBdkmHBw%3D%3D;
  PortalAlias=portal; saplb_*=(J2EE4359720)4359750
10:41:49:245PathGuestHTTP Worker [@938643046],5,D.......getLoggedInUser(request, response)Entering method with
  (com.sap.portal.http.RequestWrapper@5dd0e33,
  com.sap.portal.prt.dispatcher.DispatcherServletResponseWrapper@73cf3946)
10:41:49:245DebugGuestHTTP Worker [@938643046],5,D.......getLoggedInUser(request, response)No user in session, relogin.
10:41:49:246DebugGuestHTTP Worker [@938643046],5,D.......getLoggedInUser(request, response)Login module stack is ticket
10:41:49:246PathGuestHTTP Worker [@938643046],5,D......riginalURLDecryptedFromCookieRandomEntering method
10:41:49:246PathGuestHTTP Worker [@938643046],5,D......r.getOriginalURLEncryptedFromCookieEntering method
10:41:49:246PathGuestHTTP Worker [@938643046],5,D......r.getOriginalURLEncryptedFromCookieExiting method
10:41:49:246PathGuestHTTP Worker [@938643046],5,D......riginalURLDecryptedFromCookieRandomExiting method
10:41:49:246DebugGuestHTTP Worker [@938643046],5,D......ication.callbackhandler.compareSaltWrong salt value. See SAP Note 1441999 for more information.
10:41:49:246DebugGuestHTTP Worker [@938643046],5,D......ication.callbackhandler.compareSaltNo salt received.
10:41:49:246DebugGuestHTTP Worker [@938643046],5,D......khandler.AbstractWebCallbackHandlerPolicy configuration name: sap.com/irj*irj
10:41:49:246DebugGuestHTTP Worker [@938643046],5,D......ecurity.authentication.logincontextINITIALIZE() for auth stack [ticket].
10:41:49:247PathGuestHTTP Worker [@938643046],5,D......luateTicketLoginModule.initialize()Entering method with (Subject:
,
  com.sap.engine.interfaces.security.auth.WebCallbackHandler@29b95e10)
10:41:49:247DebugGuestHTTP Worker [@938643046],5,D......le.ticket.EvaluateTicketLoginModuleThe options of EvaluateTicketLoginModule in [ticket]
  authentication stack are: [{ume.configuration.active=true,
  trustediss2=CN=ED1, trustediss1=CN=SMD, trusteddn4=CN=GD1, trusteddn3=CN=BD1,
  trusteddn2=CN=ED1, trusteddn1=CN=SMD, trustedsys4=GD1,100, trustedsys3=BD1,100,
  trustedsys2=ED1,100, trustedsys1=SMD,001, trustediss4=CN=GD1,
  trustediss3=CN=BD1}].
10:41:49:247PathGuestHTTP Worker [@938643046],5,D......nstructor(Map, Properties, boolean)Entering method with
  ({sap.security.auth.context.object=[Security Context : [Security Session
  (session number: 0) (anonymous) (user name: Guest) (created at: Mon Jul 20
  16:28:46 MDT 2015)]], sap.security.auth.configuration.name=ticket,
  System-ID=PD1}, <null>)
10:41:49:247PathGuestHTTP Worker [@938643046],5,D......nstructor(Map, Properties, boolean)Exiting method with [Ljava.lang.Object;@48ce81d6
10:41:49:247PathGuestHTTP Worker [@938643046],5,D......ginmodule.ticket.getMergedOptions()Entering method
10:41:49:247PathGuestHTTP Worker [@938643046],5,D......ginmodule.ticket.getMergedOptions()Exiting method with [Ljava.lang.Object;@6dae2df1
10:41:49:247DebugGuestHTTP Worker [@938643046],5,D......le.ticket.EvaluateTicketLoginModuleThe options of EvaluateTicketLoginModule in [ticket]
  authentication stack after merge with UME properties are: [{password=,
  keystore=TicketKeystore, validityMin=0, system=PD1, client=000,
  ume.configuration.active=true, j_authscheme=basicauthentication, validity=16,
  alias=SAPLogonTicketKeypair, ume.logon.security.enforce_secure_cookie=false,
  ume.logon.httponlycookie=true, trustedsys4=GD1,100, trustedsys3=BD1,100,
  trustedsys2=ED1,100, trustedsys1=SMD,001, trustediss4=CN=GD1,
  trusteddn4=CN=GD1, trustediss3=CN=BD1, trusteddn3=CN=BD1, trusteddn2=CN=ED1,
  trustediss2=CN=ED1, trusteddn1=CN=SMD, trustediss1=CN=SMD, inclcert=0}].
10:41:49:247DebugGuestHTTP Worker [@938643046],5,D......le.ticket.EvaluateTicketLoginModuleThe options of EvaluateTicketLoginModule in [ticket]
  authentication stack after adding the default values are: [{password=,
  keystore=TicketKeystore, validityMin=0, system=PD1, client=000,
  ume.configuration.active=true, j_authscheme=basicauthentication, validity=16,
  alias=SAPLogonTicketKeypair, ume.logon.security.enforce_secure_cookie=false,
  sap.security.auth.configuration.name=ticket, ume.logon.httponlycookie=true,
  trustedsys4=GD1,100, trustedsys3=BD1,100, trustedsys2=ED1,100,
  trustedsys1=SMD,001, trustediss4=CN=GD1, trusteddn4=CN=GD1,
  trustediss3=CN=BD1, trusteddn3=CN=BD1, trusteddn2=CN=ED1, trustediss2=CN=ED1,
  trusteddn1=CN=SMD, trustediss1=CN=SMD, inclcert=0}].
10:41:49:247PathGuestHTTP Worker [@938643046],5,D......luateTicketLoginModule.initialize()Exiting method
10:41:49:247PathGuestHTTP Worker [@938643046],5,D......r.jaas.SPNegoLoginModule.initializeEntering method with (Subject:
,
  com.sap.engine.interfaces.security.auth.WebCallbackHandler@29b95e10,
  {sap.security.auth.context.object=[Security Context : [Security Session
  (session number: 0) (anonymous) (user name: Guest) (created at: Mon Jul 20
  16:28:46 MDT 2015)]], sap.security.auth.configuration.name=ticket,
  System-ID=PD1}, {})
10:41:49:247DebugGuestHTTP Worker [@938643046],5,D......e.server.jaas.spnego.cfg.SPNEGOUtilRoot configuration successfully opened.
10:41:49:247DebugGuestHTTP Worker [@938643046],5,D......e.server.jaas.spnego.cfg.SPNEGOUtilPending configuration changes successfully rollbacked.
10:41:49:248DebugGuestHTTP Worker [@938643046],5,D......e.server.jaas.spnego.cfg.SPNEGOUtilAll configurations successfully closed.
10:41:49:248DebugGuestHTTP Worker [@938643046],5,D.......core.server.jaas.SPNegoLoginModuleSPNego is runnig in normal (new) mode.
10:41:49:248InfoGuestHTTP Worker [@938643046],5,D.......core.server.jaas.SPNegoLoginModuleSPNEGO configuration:
SPNEGORealm: myalias.ERP.mydomain.COM
Enabled: true
Description:
User mapping: SPNEGOUserMapping: mode = principal,REALM, source
  = ADS
Default user groups: []
Default user roles: []
SPNEGOKey: code = 23, type = rc4-hmac
10:41:49:248PathGuestHTTP Worker [@938643046],5,D......r.jaas.SPNegoLoginModule.initializeExiting method
10:41:49:248PathGuestHTTP Worker [@938643046],5,D......reateTicketLoginModule.initialize()Entering method with (Subject:
,
  com.sap.engine.interfaces.security.auth.WebCallbackHandler@29b95e10,
  {sap.security.auth.context.object=[Security Context : [Security Session
  (session number: 0) (anonymous) (user name: Guest) (created at: Mon Jul 20
  16:28:46 MDT 2015)]], sap.security.auth.configuration.name=ticket,
  System-ID=PD1}, {})
10:41:49:248DebugGuestHTTP Worker [@938643046],5,D......dule.ticket.CreateTicketLoginModuleThe options of CreateTicketLoginModule in [ticket]
  authentication stack are: [{}].
10:41:49:248PathGuestHTTP Worker [@938643046],5,D......nstructor(Map, Properties, boolean)Entering method with
  ({sap.security.auth.context.object=[Security Context : [Security Session
  (session number: 0) (anonymous) (user name: Guest) (created at: Mon Jul 20
  16:28:46 MDT 2015)]], sap.security.auth.configuration.name=ticket,
  System-ID=PD1}, <null>)
10:41:49:248PathGuestHTTP Worker [@938643046],5,D......nstructor(Map, Properties, boolean)Exiting method with [Ljava.lang.Object;@464a6178
10:41:49:248PathGuestHTTP Worker [@938643046],5,D......ginmodule.ticket.getMergedOptions()Entering method
10:41:49:248PathGuestHTTP Worker [@938643046],5,D......ginmodule.ticket.getMergedOptions()Exiting method with [Ljava.lang.Object;@3d453155
10:41:49:248DebugGuestHTTP Worker [@938643046],5,D......dule.ticket.CreateTicketLoginModuleThe options of CreateTicketLoginModule in [ticket]
  authentication stack after merge with UME properties are: [{validityMin=0,
  system=PD1, client=000, j_authscheme=basicauthentication, inclcert=0,
  ume.logon.httponlycookie=true, alias=SAPLogonTicketKeypair,
  ume.logon.security.enforce_secure_cookie=false, keystore=TicketKeystore,
  validity=16, password=}].
10:41:49:248DebugGuestHTTP Worker [@938643046],5,D......dule.ticket.CreateTicketLoginModuleThe options of CreateTicketLoginModule in [ticket]
  authentication stack after adding the default values are: [{validityMin=0,
  system=PD1, client=000, j_authscheme=basicauthentication, inclcert=0,
  ume.logon.httponlycookie=true, alias=SAPLogonTicketKeypair,
  sap.security.auth.configuration.name=ticket,
  ume.logon.security.enforce_secure_cookie=false, keystore=TicketKeystore,
  validity=16, password=}].
10:41:49:248PathGuestHTTP Worker [@938643046],5,D......reateTicketLoginModule.initialize()Exiting method
10:41:49:249PathGuestHTTP Worker [@938643046],5,D......reateTicketLoginModule.initialize()Entering method with (Subject:
,
  com.sap.engine.interfaces.security.auth.WebCallbackHandler@29b95e10,
  {sap.security.auth.context.object=[Security Context : [Security Session
  (session number: 0) (anonymous) (user name: Guest) (created at: Mon Jul 20
  16:28:46 MDT 2015)]], sap.security.auth.configuration.name=ticket,
  System-ID=PD1}, {})
10:41:49:249DebugGuestHTTP Worker [@938643046],5,D......dule.ticket.CreateTicketLoginModuleThe options of CreateTicketLoginModule in [ticket]
  authentication stack are: [{}].
10:41:49:249PathGuestHTTP Worker [@938643046],5,D......nstructor(Map, Properties, boolean)Entering method with
  ({sap.security.auth.context.object=[Security Context : [Security Session
  (session number: 0) (anonymous) (user name: Guest) (created at: Mon Jul 20
  16:28:46 MDT 2015)]], sap.security.auth.configuration.name=ticket,
  System-ID=PD1}, <null>)
10:41:49:249PathGuestHTTP Worker [@938643046],5,D......nstructor(Map, Properties, boolean)Exiting method with [Ljava.lang.Object;@9a9e2e0
10:41:49:249PathGuestHTTP Worker [@938643046],5,D......ginmodule.ticket.getMergedOptions()Entering method
10:41:49:249PathGuestHTTP Worker [@938643046],5,D......ginmodule.ticket.getMergedOptions()Exiting method with [Ljava.lang.Object;@706de514
10:41:49:249DebugGuestHTTP Worker [@938643046],5,D......dule.ticket.CreateTicketLoginModuleThe options of CreateTicketLoginModule in [ticket]
  authentication stack after merge with UME properties are: [{validityMin=0,
  system=PD1, client=000, j_authscheme=basicauthentication, inclcert=0,
  ume.logon.httponlycookie=true, alias=SAPLogonTicketKeypair,
  ume.logon.security.enforce_secure_cookie=false, keystore=TicketKeystore,
  validity=16, password=}].
10:41:49:249DebugGuestHTTP Worker [@938643046],5,D......dule.ticket.CreateTicketLoginModuleThe options of CreateTicketLoginModule in [ticket]
  authentication stack after adding the default values are: [{validityMin=0,
  system=PD1, client=000, j_authscheme=basicauthentication, inclcert=0,
  ume.logon.httponlycookie=true, alias=SAPLogonTicketKeypair,
  sap.security.auth.configuration.name=ticket,
  ume.logon.security.enforce_secure_cookie=false, keystore=TicketKeystore,
  validity=16, password=}].
10:41:49:249PathGuestHTTP Worker [@938643046],5,D......reateTicketLoginModule.initialize()Exiting method
10:41:49:249DebugGuestHTTP Worker [@938643046],5,D......ecurity.authentication.logincontextLOGIN() for auth stack [ticket].
10:41:49:249PathGuestHTTP Worker [@938643046],5,D......t.EvaluateTicketLoginModule.login()Entering method
10:41:49:249PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleEntering method
10:41:49:249DebugGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleHandle
  com.sap.engine.lib.security.http.HttpGetterCallback@3edabdb6
10:41:49:249DebugGuestHTTP Worker [@938643046],5,D......khandler.handle(HttpGetterCallback)Get cookie MYSAPSSO2
10:41:49:250DebugGuestHTTP Worker [@938643046],5,D......khandler.handle(HttpGetterCallback)Cookie MYSAPSSO2 is not found
10:41:49:250PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleExiting method
10:41:49:250InfoGuestHTTP Worker [@938643046],5,D......le.ticket.EvaluateTicketLoginModuleReceived no SAPLogonTicket. Authentication stack: [ticket].
10:41:49:250PathGuestHTTP Worker [@938643046],5,D......t.EvaluateTicketLoginModule.login()Exiting method with <null>
10:41:49:250PathGuestHTTP Worker [@938643046],5,D......server.jaas.SPNegoLoginModule.loginEntering method
10:41:49:250PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleEntering method
10:41:49:250DebugGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleHandle
  com.sap.engine.lib.security.http.HttpGetterCallback@add17f7
10:41:49:250DebugGuestHTTP Worker [@938643046],5,D......khandler.handle(HttpGetterCallback)Get request parameter spnego
10:41:49:250DebugGuestHTTP Worker [@938643046],5,D......khandler.handle(HttpGetterCallback)Set value to null
10:41:49:250PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleExiting method
10:41:49:250PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleEntering method
10:41:49:250DebugGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleHandle
  com.sap.engine.lib.security.http.HttpGetterCallback@39505eb3
10:41:49:250DebugGuestHTTP Worker [@938643046],5,D......khandler.handle(HttpGetterCallback)Get request attribute spnego
10:41:49:250DebugGuestHTTP Worker [@938643046],5,D......khandler.handle(HttpGetterCallback)Set value to <null>
10:41:49:250PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleExiting method
10:41:49:250PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleEntering method
10:41:49:250DebugGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleHandle
  com.sap.engine.lib.security.http.HttpGetterCallback@4b79572a
10:41:49:251DebugGuestHTTP Worker [@938643046],5,D......khandler.handle(HttpGetterCallback)Get header Authorization
10:41:49:251DebugGuestHTTP Worker [@938643046],5,D......khandler.handle(HttpGetterCallback)Set value to <null>
10:41:49:251PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleExiting method
10:41:49:251DebugGuestHTTP Worker [@938643046],5,D.......core.server.jaas.SPNegoLoginModuleAuthorization header [Authorization] read from HTTP request:
  <null>
10:41:49:251PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleEntering method
10:41:49:251DebugGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleHandle
  com.sap.engine.lib.security.http.HttpGetterCallback@b49ad1c
10:41:49:251DebugGuestHTTP Worker [@938643046],5,D......khandler.handle(HttpGetterCallback)Get cookie
  com.sap.engine.security.authentication.original_application_url
10:41:49:251DebugGuestHTTP Worker [@938643046],5,D......khandler.handle(HttpGetterCallback)Set value to
  GET#vInZfOrx15zICfaLePYmLtj%2Fmfn0LsCegX9PCEUTEmZc5ylwop9Kv4mc%2FZ4UtQU4FRfLpdlwwe6jwKCBLQoCOHyrR5Nyb2ntfFr0Er%2BlKzLQgIvBdkmHBw%3D%3D
10:41:49:251PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleExiting method
10:41:49:251DebugGuestHTTP Worker [@938643046],5,D.......core.server.jaas.SPNegoLoginModuleAuthorization header not received. Original URL cookie found in
  request. SPNego running in fallback mode.
10:41:49:251PathGuestHTTP Worker [@938643046],5,D......ket.CreateTicketLoginModule.login()Entering method
10:41:49:251InfoGuestHTTP Worker [@938643046],5,D......dule.ticket.CreateTicketLoginModuleNo authenticated user found.
10:41:49:251PathGuestHTTP Worker [@938643046],5,D......ket.CreateTicketLoginModule.login()Exiting method with false
10:41:49:251PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleEntering method
10:41:49:251DebugGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleHandle javax.security.auth.callback.NameCallback@12040f0e
10:41:49:251PathGuestHTTP Worker [@938643046],5,D......ackhandler.parseUserNameAndPasswordEntering method
10:41:49:251DebugGuestHTTP Worker [@938643046],5,D......ackhandler.parseUserNameAndPasswordEnabled redirect to login/error page
10:41:49:251PathGuestHTTP Worker [@938643046],5,D......ication.callbackhandler.getAuthTypeEntering method
10:41:49:252DebugGuestHTTP Worker [@938643046],5,D......ication.callbackhandler.getAuthTypeAuthentication type of the request is <null>
10:41:49:252DebugGuestHTTP Worker [@938643046],5,D......ication.callbackhandler.getAuthTypeAuthentication method from authentication context: <null>
10:41:49:252DebugGuestHTTP Worker [@938643046],5,D......ication.callbackhandler.getAuthTypeUse default authentication method: FORM
10:41:49:252PathGuestHTTP Worker [@938643046],5,D......ication.callbackhandler.getAuthTypeExiting method
10:41:49:252DebugGuestHTTP Worker [@938643046],5,D......ackhandler.parseUserNameAndPasswordAuthentication type: FORM
10:41:49:252DebugGuestHTTP Worker [@938643046],5,D......callbackhandler.initFormCredentialsUser name in the request is <null>
10:41:49:252InfoGuestHTTP Worker [@938643046],5,D......ackhandler.parseUserNameAndPasswordSearching the username and password in the Authorization header
  although the auth method is FORM.
10:41:49:252DebugGuestHTTP Worker [@938643046],5,D......ion.callbackhandler.parseAuthHeaderProvided authorization header name is null
10:41:49:252DebugGuestHTTP Worker [@938643046],5,D......ackhandler.parseUserNameAndPasswordThe attribute j_username set in the request is null.
10:41:49:252DebugGuestHTTP Worker [@938643046],5,D......ackhandler.parseUserNameAndPasswordUser name in the attributes is <null>
10:41:49:252DebugGuestHTTP Worker [@938643046],5,D......allbackhandler.getPasswordAttributeThe attribute j_password set in the request is null.
10:41:49:252PathGuestHTTP Worker [@938643046],5,D......ackhandler.parseUserNameAndPasswordExiting method
10:41:49:252DebugGuestHTTP Worker [@938643046],5,D......allbackhandler.handle(NameCallback)Set name in NameCallback to <null>
10:41:49:252DebugGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleHandle javax.security.auth.callback.PasswordCallback@4878695f
10:41:49:252PathGuestHTTP Worker [@938643046],5,D......ackhandler.parseUserNameAndPasswordEntering method
10:41:49:252PathGuestHTTP Worker [@938643046],5,D......ication.callbackhandler.getAuthTypeEntering method
10:41:49:252PathGuestHTTP Worker [@938643046],5,D......ication.callbackhandler.getAuthTypeExiting method
10:41:49:252DebugGuestHTTP Worker [@938643046],5,D......ackhandler.parseUserNameAndPasswordAuthentication type: FORM
10:41:49:253DebugGuestHTTP Worker [@938643046],5,D......callbackhandler.initFormCredentialsUser name in the request is <null>
10:41:49:253InfoGuestHTTP Worker [@938643046],5,D......ackhandler.parseUserNameAndPasswordSearching the username and password in the Authorization header
  although the auth method is FORM.
10:41:49:253DebugGuestHTTP Worker [@938643046],5,D......ion.callbackhandler.parseAuthHeaderProvided authorization header name is null
10:41:49:253DebugGuestHTTP Worker [@938643046],5,D......ackhandler.parseUserNameAndPasswordThe attribute j_username set in the request is null.
10:41:49:253DebugGuestHTTP Worker [@938643046],5,D......ackhandler.parseUserNameAndPasswordUser name in the attributes is <null>
10:41:49:253DebugGuestHTTP Worker [@938643046],5,D......allbackhandler.getPasswordAttributeThe attribute j_password set in the request is null.
10:41:49:253PathGuestHTTP Worker [@938643046],5,D......ackhandler.parseUserNameAndPasswordExiting method
10:41:49:253DebugGuestHTTP Worker [@938643046],5,D......ackhandler.handle(PasswordCallback)Set password in PasswordCallback
10:41:49:253PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleExiting method
10:41:49:253DebugGuestHTTP Worker [@938643046],5,D......oginmodule.BasicPasswordLoginModuleNo user name provided.
10:41:49:253PathGuestHTTP Worker [@938643046],5,D......ket.CreateTicketLoginModule.login()Entering method
10:41:49:253InfoGuestHTTP Worker [@938643046],5,D......dule.ticket.CreateTicketLoginModuleNo authenticated user found.
10:41:49:253PathGuestHTTP Worker [@938643046],5,D......ket.CreateTicketLoginModule.login()Exiting method with false
10:41:49:254DebugGuestHTTP Worker [@938643046],5,D......ecurity.authentication.logincontextLogin failed!
[EXCEPTION]
java.security.PrivilegedActionException:
  com.sap.engine.services.security.exceptions.BaseLoginException: Cannot
  authenticate the user.
at java.security.AccessController.doPrivileged(Native Method)
at
  com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:280)
at
  com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:361)
at
  com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.loginWithRequestCredentials(AuthenticationService.java:337)
at
  com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:321)
at
  com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:60)
at
  com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:162)
at
  com.sap.portal.prt.dispatcher.DispatcherServlet.service(DispatcherServlet.java:132)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at
  com.sap.portal.prt.dispatcher.CustomHeaderFilter.doFilter(CustomHeaderFilter.java:58)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
  com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:334)
at
  com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:490)
at com.sap.portal.navigation.Gateway.service(Gateway.java:161)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at
  com.sap.portal.http.EnrichNavRequestFilter.doFilter(EnrichNavRequestFilter.java:49)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
  com.sap.portal.prt.dispatcher.CustomHeaderFilter.doFilter(CustomHeaderFilter.java:58)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
  com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:432)
at
  com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
at
  com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
at
  com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
at
  com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:278)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
at
  com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at
  com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
at
  com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
at
  com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at
  com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at
  com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at
  com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by:
  com.sap.engine.services.security.exceptions.BaseLoginException: Cannot
  authenticate the user.
at
  com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:131)
... 60 more
Caused by: javax.security.auth.login.LoginException: SPNego
  authentication has failed during previous attempt.
at
  com.sap.security.core.server.jaas.SPNegoLoginModule.fallbackStateException(SPNegoLoginModule.java:361)
at
  com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:167)
at
  com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)
at
  com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:66)
... 60 more
10:41:49:254DebugGuestHTTP Worker [@938643046],5,D......ecurity.authentication.logincontextABORT() for auth stack [ticket].
10:41:49:254PathGuestHTTP Worker [@938643046],5,D......t.EvaluateTicketLoginModule.abort()Entering method
10:41:49:254DebugGuestHTTP Worker [@938643046],5,D......le.ticket.EvaluateTicketLoginModuleInternal Login Module data has been reset.
10:41:49:254PathGuestHTTP Worker [@938643046],5,D......t.EvaluateTicketLoginModule.abort()Exiting method with true
10:41:49:254PathGuestHTTP Worker [@938643046],5,D......server.jaas.SPNegoLoginModule.abortEntering method
10:41:49:254PathGuestHTTP Worker [@938643046],5,D......server.jaas.SPNegoLoginModule.abortExiting method with true
10:41:49:254PathGuestHTTP Worker [@938643046],5,D......ket.CreateTicketLoginModule.abort()Entering method
10:41:49:254PathGuestHTTP Worker [@938643046],5,D......ket.CreateTicketLoginModule.abort()Exiting method with true
10:41:49:254PathGuestHTTP Worker [@938643046],5,D......ket.CreateTicketLoginModule.abort()Entering method
10:41:49:254PathGuestHTTP Worker [@938643046],5,D......ket.CreateTicketLoginModule.abort()Exiting method with true
10:41:49:255InfoGuestHTTP Worker [@938643046],5,D......y.authentication.logincontext.tableLOGIN.FAILED
User: N/A
IP Address: 151.215.220.176
Authentication Stack: ticket
Authentication Stack Properties:
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule
  SUFFICIENT ok false true
#1 trusteddn1 = CN=SMD
#2 trusteddn2 = CN=ED1
#3 trusteddn3 = CN=BD1
#4 trusteddn4 = CN=GD1
#5 trustediss1 = CN=SMD
#6 trustediss2 = CN=ED1
#7 trustediss3 = CN=BD1
#8 trustediss4 = CN=GD1
#9 trustedsys1 = SMD,001
#10 trustedsys2 = ED1,100
#11 trustedsys3 = BD1,100
#12 trustedsys4 = GD1,100
#13 ume.configuration.active = true
2. com.sap.security.core.server.jaas.SPNegoLoginModule OPTIONAL
  ok exception true SPNego authentication has failed during previous attempt.
3. com.sap.security.core.server.jaas.CreateTicketLoginModule
  SUFFICIENT ok false true
4.
  com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
  REQUIRED ok false false
5. com.sap.security.core.server.jaas.CreateTicketLoginModule
  REQUIRED ok false true
No logon policy was applied
10:41:49:255PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleEntering method
10:41:49:255DebugGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleHandle javax.security.auth.callback.LanguageCallback@594e0124
10:41:49:255DebugGuestHTTP Worker [@938643046],5,D......ackhandler.handle(LanguageCallback)Set locale in LanguageCallback to English (United States)
10:41:49:255PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleExiting method
10:41:49:255DebugGuestHTTP Worker [@938643046],5,D......ecurity.authentication.logincontextGetting message to be displayed to the user for exception cause
  -1
10:41:49:255DebugGuestHTTP Worker [@938643046],5,D......ecurity.authentication.logincontextThe localized message to be dispalyed to the user is null
10:41:49:255PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleEntering method
10:41:49:255DebugGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleHandle
  com.sap.engine.interfaces.security.auth.AuthStateCallback:[FAILED]
10:41:49:255InfoGuestHTTP Worker [@938643046],5,D......uthStateCallback(AuthStateCallback)The callback handler does not send response. No redirect is
  possible.
10:41:49:255PathGuestHTTP Worker [@938643046],5,D......thentication.callbackhandler.handleExiting method
10:41:49:256DebugGuestHTTP Worker [@938643046],5,D......ecurity.authentication.programmaticgetLoggedInUser(request, response)
[EXCEPTION]
com.sap.engine.services.security.exceptions.BaseLoginException:
  Cannot authenticate the user.
at
  com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:131)
at java.security.AccessController.doPrivileged(Native Method)
at
  com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:280)
at
  com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:361)
at
  com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.loginWithRequestCredentials(AuthenticationService.java:337)
at
  com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:321)
at
  com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:60)
at
  com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:162)
at
  com.sap.portal.prt.dispatcher.DispatcherServlet.service(DispatcherServlet.java:132)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at
  com.sap.portal.prt.dispatcher.CustomHeaderFilter.doFilter(CustomHeaderFilter.java:58)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
  com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:334)
at
  com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:490)
at com.sap.portal.navigation.Gateway.service(Gateway.java:161)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at
  com.sap.portal.http.EnrichNavRequestFilter.doFilter(EnrichNavRequestFilter.java:49)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
  com.sap.portal.prt.dispatcher.CustomHeaderFilter.doFilter(CustomHeaderFilter.java:58)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
  com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:432)
at
  com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
at
  com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
at
  com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
at
  com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:278)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
at
  com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at
  com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
at
  com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
at
  com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at
  com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at
  com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at
  com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by: javax.security.auth.login.LoginException: SPNego
  authentication has failed during previous attempt.
at
  com.sap.security.core.server.jaas.SPNegoLoginModule.fallbackStateException(SPNegoLoginModule.java:361)
at
  com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:167)
at
  com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)
at
  com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:66)
... 60 more
Former Member
0 Kudos

... continued

....getLoggedInUser(request, response)Exiting
  method with null
...tion.programmatic.getLoggedInUser()Entering method
...tication.programmatic.getAuthschemeTrying to get subject from security session.
...tication.programmatic.getAuthschemeNo authentication template attached to session/subject
...thentication.programmatic.getTicketDoes not have private credentials
...hentication.programmatic.enrichUserTicket string is not available.
...hentication.programmatic.enrichUserDoes not have any public credentials
...tion.programmatic.getLoggedInUser()Exiting method with Guest
...tion.programmatic.getLoggedInUser()Entering method
...tication.programmatic.getAuthschemeTrying to get subject from security session.
...tication.programmatic.getAuthschemeNo authentication template attached to session/subject
...thentication.programmatic.getTicketDoes not have private credentials
...hentication.programmatic.enrichUserTicket string is not available.
...hentication.programmatic.enrichUserDoes not have any public credentials
...tion.programmatic.getLoggedInUser()Exiting method with Guest
...tion.programmatic.getLoggedInUser()Entering method
...tication.programmatic.getAuthschemeTrying to get subject from security session.
...tication.programmatic.getAuthschemeNo authentication template attached to session/subject
...thentication.programmatic.getTicketDoes not have private credentials
...hentication.programmatic.enrichUserTicket string is not available.
...hentication.programmatic.enrichUserDoes not have any public credentials
...tion.programmatic.getLoggedInUser()Exiting method with Guest
...tion.programmatic.getLoggedInUser()Entering method
...tication.programmatic.getAuthschemeTrying to get subject from security session.
...tication.programmatic.getAuthschemeNo authentication template attached to session/subject
...thentication.programmatic.getTicketDoes not have private credentials
...hentication.programmatic.enrichUserTicket string is not available.
...hentication.programmatic.enrichUserDoes not have any public credentials
...tion.programmatic.getLoggedInUser()Exiting method with Guest
...tion.programmatic.getLoggedInUser()Entering method
...tication.programmatic.getAuthschemeTrying to get subject from security session.
...tication.programmatic.getAuthschemeNo authentication template attached to session/subject
...thentication.programmatic.getTicketDoes not have private credentials
...hentication.programmatic.enrichUserTicket string is not available.
...hentication.programmatic.enrichUserDoes not have any public credentials
...tion.programmatic.getLoggedInUser()Exiting method with Guest
...tion.programmatic.getLoggedInUser()Entering method
...tication.programmatic.getAuthschemeTrying to get subject from security session.
...tication.programmatic.getAuthschemeNo authentication template attached to session/subject
...thentication.programmatic.getTicketDoes not have private credentials
...hentication.programmatic.enrichUserTicket string is not available.
...hentication.programmatic.enrichUserDoes not have any public credentials
...tion.programmatic.getLoggedInUser()Exiting method with Guest
...tication.programmatic.getAuthSchemeEntering method with (default)
...tication.programmatic.getAuthSchemeEntering method with (anonymous)
...khandler.AbstractWebCallbackHandlerPolicy configuration name: sap.com/irj*irj
...ogon(request, response, authscheme)Entering method with
  (com.sap.portal.prt.util.PortalServletRequestWrapper@13e570c8,
  com.sap.portal.prt.dispatcher.DispatcherServletResponseWrapper@73cf3946,
  default)
...ogon(request, response, authscheme)The authscheme for logon is default
...ogon(request, response, authscheme)The login module stack for logon is ticket
...ecurity.authentication.logincontextINITIALIZE() for auth stack [ticket].
...luateTicketLoginModule.initialize()Entering method with (Subject:
Principal:
  com.sap.security.api.logon.AuthSchemePrincipal@3c4f64ac
,
  com.sapportals.portal.prt.service.authenticationservice.PortalSecurityHandler@5a7723)
...le.ticket.EvaluateTicketLoginModuleThe options of EvaluateTicketLoginModule in [ticket]
  authentication stack are: [{ume.configuration.active=true,
  trustediss2=CN=ED1, trustediss1=CN=SMD, trusteddn4=CN=GD1, trusteddn3=CN=BD1,
  trusteddn2=CN=ED1, trusteddn1=CN=SMD, trustedsys4=GD1,100, trustedsys3=BD1,100,
  trustedsys2=ED1,100, trustedsys1=SMD,001, trustediss4=CN=GD1,
  trustediss3=CN=BD1}].
...nstructor(Map, Properties, boolean)Entering method with
  ({sap.security.auth.context.object=[Security Context : [Security Session
  (session number: 0) (anonymous) (user name: Guest) (created at: Mon Jul 20
  16:28:46 MDT 2015)]], sap.security.auth.configuration.name=ticket,
  System-ID=PD1}, <null>)
...nstructor(Map, Properties, boolean)Exiting method with
  [Ljava.lang.Object;@33439b03
...ginmodule.ticket.getMergedOptions()Entering method
...ginmodule.ticket.getMergedOptions()Exiting method with
  [Ljava.lang.Object;@1b75fc40
...le.ticket.EvaluateTicketLoginModuleThe options of
  EvaluateTicketLoginModule in [ticket] authentication stack after merge with
  UME properties are: [{password=, keystore=TicketKeystore, validityMin=0,
  system=PD1, client=000, ume.configuration.active=true,
  j_authscheme=basicauthentication, validity=16, alias=SAPLogonTicketKeypair,
  ume.logon.security.enforce_secure_cookie=false,
  ume.logon.httponlycookie=true, trustedsys4=GD1,100, trustedsys3=BD1,100,
  trustedsys2=ED1,100, trustedsys1=SMD,001, trustediss4=CN=GD1,
  trusteddn4=CN=GD1, trustediss3=CN=BD1, trusteddn3=CN=BD1, trusteddn2=CN=ED1,
  trustediss2=CN=ED1, trusteddn1=CN=SMD, trustediss1=CN=SMD, inclcert=0}].
...le.ticket.EvaluateTicketLoginModuleThe options of
  EvaluateTicketLoginModule in [ticket] authentication stack after adding the
  default values are: [{password=, keystore=TicketKeystore, validityMin=0,
  system=PD1, client=000, ume.configuration.active=true,
  j_authscheme=basicauthentication, validity=16, alias=SAPLogonTicketKeypair,
  ume.logon.security.enforce_secure_cookie=false,
  sap.security.auth.configuration.name=ticket, ume.logon.httponlycookie=true,
  trustedsys4=GD1,100, trustedsys3=BD1,100, trustedsys2=ED1,100,
  trustedsys1=SMD,001, trustediss4=CN=GD1, trusteddn4=CN=GD1,
  trustediss3=CN=BD1, trusteddn3=CN=BD1, trusteddn2=CN=ED1, trustediss2=CN=ED1,
  trusteddn1=CN=SMD, trustediss1=CN=SMD, inclcert=0}].
...luateTicketLoginModule.initialize()Exiting method
...r.jaas.SPNegoLoginModule.initializeEntering method with (Subject:
Principal:
  com.sap.security.api.logon.AuthSchemePrincipal@3c4f64ac
,
  com.sapportals.portal.prt.service.authenticationservice.PortalSecurityHandler@5a7723,
  {sap.security.auth.context.object=[Security Context : [Security Session
  (session number: 0) (anonymous) (user name: Guest) (created at: Mon Jul 20
  16:28:46 MDT 2015)]], sap.security.auth.configuration.name=ticket,
  System-ID=PD1}, {})
...e.server.jaas.spnego.cfg.SPNEGOUtilRoot configuration successfully opened.
...e.server.jaas.spnego.cfg.SPNEGOUtilPending configuration changes
  successfully rollbacked.
...e.server.jaas.spnego.cfg.SPNEGOUtilAll configurations
  successfully closed.
....core.server.jaas.SPNegoLoginModuleSPNego is runnig in normal (new) mode.
....core.server.jaas.SPNegoLoginModuleSPNEGO configuration:
SPNEGORealm: myalias.ERP.mydomain.COM
Enabled: true
Description:
User mapping: SPNEGOUserMapping: mode = principal,REALM, source
  = ADS
Default user groups: []
Default user roles: []
SPNEGOKey: code = 23, type = rc4-hmac
...r.jaas.SPNegoLoginModule.initializeExiting method
...reateTicketLoginModule.initialize()Entering method with (Subject:
Principal:
  com.sap.security.api.logon.AuthSchemePrincipal@3c4f64ac
,
  com.sapportals.portal.prt.service.authenticationservice.PortalSecurityHandler@5a7723,
  {sap.security.auth.context.object=[Security Context : [Security Session
  (session number: 0) (anonymous) (user name: Guest) (created at: Mon Jul 20
  16:28:46 MDT 2015)]], sap.security.auth.configuration.name=ticket,
  System-ID=PD1}, {})
...dule.ticket.CreateTicketLoginModuleThe options of CreateTicketLoginModule in [ticket]
  authentication stack are: [{}].
...nstructor(Map, Properties, boolean)Entering method with
  ({sap.security.auth.context.object=[Security Context : [Security Session
  (session number: 0) (anonymous) (user name: Guest) (created at: Mon Jul 20
  16:28:46 MDT 2015)]], sap.security.auth.configuration.name=ticket,
  System-ID=PD1}, <null>)
...nstructor(Map, Properties, boolean)Exiting method with [Ljava.lang.Object;@5f03dbd5
...ginmodule.ticket.getMergedOptions()Entering method
...ginmodule.ticket.getMergedOptions()Exiting method with [Ljava.lang.Object;@7655adae
...dule.ticket.CreateTicketLoginModuleThe options of CreateTicketLoginModule in [ticket]
  authentication stack after merge with UME properties are: [{validityMin=0,
  system=PD1, client=000, j_authscheme=basicauthentication, inclcert=0,
  ume.logon.httponlycookie=true, alias=SAPLogonTicketKeypair,
  ume.logon.security.enforce_secure_cookie=false, keystore=TicketKeystore,
  validity=16, password=}].
...dule.ticket.CreateTicketLoginModuleThe options of CreateTicketLoginModule in [ticket]
  authentication stack after adding the default values are: [{validityMin=0,
  system=PD1, client=000, j_authscheme=basicauthentication, inclcert=0,
  ume.logon.httponlycookie=true, alias=SAPLogonTicketKeypair,
  sap.security.auth.configuration.name=ticket,
  ume.logon.security.enforce_secure_cookie=false, keystore=TicketKeystore,
  validity=16, password=}].
...reateTicketLoginModule.initialize()Exiting method
...reateTicketLoginModule.initialize()Entering method with (Subject:
Principal:
  com.sap.security.api.logon.AuthSchemePrincipal@3c4f64ac
,
  com.sapportals.portal.prt.service.authenticationservice.PortalSecurityHandler@5a7723,
  {sap.security.auth.context.object=[Security Context : [Security Session
  (session number: 0) (anonymous) (user name: Guest) (created at: Mon Jul 20
  16:28:46 MDT 2015)]], sap.security.auth.configuration.name=ticket,
  System-ID=PD1}, {})
...dule.ticket.CreateTicketLoginModuleThe options of CreateTicketLoginModule in [ticket]
  authentication stack are: [{}].
...nstructor(Map, Properties, boolean)Entering method with
  ({sap.security.auth.context.object=[Security Context : [Security Session
  (session number: 0) (anonymous) (user name: Guest) (created at: Mon Jul 20
  16:28:46 MDT 2015)]], sap.security.auth.configuration.name=ticket,
  System-ID=PD1}, <null>)
...nstructor(Map, Properties, boolean)Exiting method with [Ljava.lang.Object;@72fdb733
...ginmodule.ticket.getMergedOptions()Entering method
...ginmodule.ticket.getMergedOptions()Exiting method with [Ljava.lang.Object;@6f06b03f
...dule.ticket.CreateTicketLoginModuleThe options of CreateTicketLoginModule in [ticket]
  authentication stack after merge with UME properties are: [{validityMin=0,
  system=PD1, client=000, j_authscheme=basicauthentication, inclcert=0,
  ume.logon.httponlycookie=true, alias=SAPLogonTicketKeypair,
  ume.logon.security.enforce_secure_cookie=false, keystore=TicketKeystore,
  validity=16, password=}].
...dule.ticket.CreateTicketLoginModuleThe options of CreateTicketLoginModule in [ticket]
  authentication stack after adding the default values are: [{validityMin=0,
  system=PD1, client=000, j_authscheme=basicauthentication, inclcert=0,
  ume.logon.httponlycookie=true, alias=SAPLogonTicketKeypair,
  sap.security.auth.configuration.name=ticket,
  ume.logon.security.enforce_secure_cookie=false, keystore=TicketKeystore,
  validity=16, password=}].
...reateTicketLoginModule.initialize()Exiting method
...ecurity.authentication.logincontextLOGIN() for auth stack [ticket].
...t.EvaluateTicketLoginModule.login()Entering method
...thentication.callbackhandler.handleEntering method
...thentication.callbackhandler.handleHandle
  com.sap.engine.lib.security.http.HttpGetterCallback@201d310b
...khandler.handle(HttpGetterCallback)Get cookie MYSAPSSO2
...khandler.handle(HttpGetterCallback)Cookie MYSAPSSO2 is not found
...thentication.callbackhandler.handleExiting method
...le.ticket.EvaluateTicketLoginModuleReceived no SAPLogonTicket. Authentication stack: [ticket].
...t.EvaluateTicketLoginModule.login()Exiting method with <null>
...server.jaas.SPNegoLoginModule.loginEntering method
...thentication.callbackhandler.handleEntering method
...thentication.callbackhandler.handleHandle
  com.sap.engine.lib.security.http.HttpGetterCallback@5c7ed9a5
...khandler.handle(HttpGetterCallback)Get request parameter spnego
...khandler.handle(HttpGetterCallback)Set value to null
...thentication.callbackhandler.handleExiting method
...thentication.callbackhandler.handleEntering method
...thentication.callbackhandler.handleHandle
  com.sap.engine.lib.security.http.HttpGetterCallback@c030f14
...khandler.handle(HttpGetterCallback)Get request attribute spnego
...khandler.handle(HttpGetterCallback)Set value to <null>
...thentication.callbackhandler.handleExiting method
...thentication.callbackhandler.handleEntering method
...thentication.callbackhandler.handleHandle
  com.sap.engine.lib.security.http.HttpGetterCallback@1cd2f035
...khandler.handle(HttpGetterCallback)Get header Authorization
...khandler.handle(HttpGetterCallback)Set value to <null>
...thentication.callbackhandler.handleExiting method
....core.server.jaas.SPNegoLoginModuleAuthorization header [Authorization] read from HTTP request:
  <null>
...thentication.callbackhandler.handleEntering method
...thentication.callbackhandler.handleHandle
  com.sap.engine.lib.security.http.HttpGetterCallback@5c98365b
...khandler.handle(HttpGetterCallback)Get cookie
  com.sap.engine.security.authentication.original_application_url
...khandler.handle(HttpGetterCallback)Set value to
  GET#vInZfOrx15zICfaLePYmLtj%2Fmfn0LsCegX9PCEUTEmZc5ylwop9Kv4mc%2FZ4UtQU4FRfLpdlwwe6jwKCBLQoCOHyrR5Nyb2ntfFr0Er%2BlKzLQgIvBdkmHBw%3D%3D
...thentication.callbackhandler.handleExiting method
....core.server.jaas.SPNegoLoginModuleAuthorization header not received. Original URL cookie found in
  request. SPNego running in fallback mode.
...ket.CreateTicketLoginModule.login()Entering method
...dule.ticket.CreateTicketLoginModuleNo authenticated user found.
...ket.CreateTicketLoginModule.login()Exiting method with false
...thentication.callbackhandler.handleEntering method
...thentication.callbackhandler.handleHandle javax.security.auth.callback.NameCallback@d18bfdb
...ackhandler.parseUserNameAndPasswordEntering method
...ackhandler.parseUserNameAndPasswordEnabled redirect to login/error page
...ication.callbackhandler.getAuthTypeEntering method
...ication.callbackhandler.getAuthTypeAuthentication type of the request is <null>
...ication.callbackhandler.getAuthTypeAuthentication method from authentication context: <null>
...ication.callbackhandler.getAuthTypeUse default authentication method: FORM
...ication.callbackhandler.getAuthTypeExiting method
...ackhandler.parseUserNameAndPasswordAuthentication type: FORM
...callbackhandler.initFormCredentialsUser name in the request is <null>
...ackhandler.parseUserNameAndPasswordSearching the username and password in the Authorization header
  although the auth method is FORM.
...ion.callbackhandler.parseAuthHeaderProvided authorization header name is null
...ackhandler.parseUserNameAndPasswordThe attribute j_username set in the request is null.
...ackhandler.parseUserNameAndPasswordUser name in the attributes is <null>
...allbackhandler.getPasswordAttributeThe attribute j_password set in the request is null.
...ackhandler.parseUserNameAndPasswordExiting method
...allbackhandler.handle(NameCallback)Set name in NameCallback to <null>
...thentication.callbackhandler.handleHandle javax.security.auth.callback.PasswordCallback@53dbc994
...ackhandler.parseUserNameAndPasswordEntering method
...ication.callbackhandler.getAuthTypeEntering method
...ication.callbackhandler.getAuthTypeExiting method
...ackhandler.parseUserNameAndPasswordAuthentication type: FORM
...callbackhandler.initFormCredentialsUser name in the request is <null>
...ackhandler.parseUserNameAndPasswordSearching the username and password in the Authorization header
  although the auth method is FORM.
...ion.callbackhandler.parseAuthHeaderProvided authorization header name is null
...ackhandler.parseUserNameAndPasswordThe attribute j_username set in the request is null.
...ackhandler.parseUserNameAndPasswordUser name in the attributes is <null>
...allbackhandler.getPasswordAttributeThe attribute j_password set in the request is null.
...ackhandler.parseUserNameAndPasswordExiting method
...ackhandler.handle(PasswordCallback)Set password in PasswordCallback
...thentication.callbackhandler.handleExiting method
...oginmodule.BasicPasswordLoginModuleNo user name provided.
...ket.CreateTicketLoginModule.login()Entering method
...dule.ticket.CreateTicketLoginModuleNo authenticated user found.
...ket.CreateTicketLoginModule.login()Exiting method with false
...ecurity.authentication.logincontextLogin failed!
[EXCEPTION]
java.security.PrivilegedActionException:
  com.sap.engine.services.security.exceptions.BaseLoginException: Cannot
  authenticate the user.
at java.security.AccessController.doPrivileged(Native Method)
at
  com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:280)
at
  com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:876)
at
  com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:453)
at
  com.sapportals.portal.prt.service.hook.SecurityHookService.doNodeHook(SecurityHookService.java:151)
at
  com.sapportals.portal.prt.connection.PortalHook.doNodeHook(PortalHook.java:383)
at
  com.sap.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:136)
at
  com.sap.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:49)
at
  com.sap.portal.prt.pom.PortalNode.createComponentNode(PortalNode.java:270)
at
  com.sap.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:445)
at
  com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:202)
at
  com.sap.portal.prt.dispatcher.DispatcherServlet.service(DispatcherServlet.java:132)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at
  com.sap.portal.prt.dispatcher.CustomHeaderFilter.doFilter(CustomHeaderFilter.java:58)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
  com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:334)
at
  com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:490)
at com.sap.portal.navigation.Gateway.service(Gateway.java:161)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at
  com.sap.portal.http.EnrichNavRequestFilter.doFilter(EnrichNavRequestFilter.java:49)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
  com.sap.portal.prt.dispatcher.CustomHeaderFilter.doFilter(CustomHeaderFilter.java:58)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
  com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:432)
at
  com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
at
  com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
at
  com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
at
  com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:278)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
at
  com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at
  com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
at
  com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
at
  com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at
  com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at
  com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at
  com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by:
  com.sap.engine.services.security.exceptions.BaseLoginException: Cannot
  authenticate the user.
at
  com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:131)
... 64 more
Caused by: javax.security.auth.login.LoginException: SPNego
  authentication has failed during previous attempt.
at
  com.sap.security.core.server.jaas.SPNegoLoginModule.fallbackStateException(SPNegoLoginModule.java:361)
at
  com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:167)
at
  com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)
at
  com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:66)
... 64 more
...ecurity.authentication.logincontextABORT() for auth stack [ticket].
...t.EvaluateTicketLoginModule.abort()Entering method
...le.ticket.EvaluateTicketLoginModuleInternal Login Module data has been reset.
...t.EvaluateTicketLoginModule.abort()Exiting method with true
...server.jaas.SPNegoLoginModule.abortEntering method
...server.jaas.SPNegoLoginModule.abortExiting method with true
...ket.CreateTicketLoginModule.abort()Entering method
...ket.CreateTicketLoginModule.abort()Exiting method with true
...ket.CreateTicketLoginModule.abort()Entering method
...ket.CreateTicketLoginModule.abort()Exiting method with true
...y.authentication.logincontext.tableLOGIN.FAILED
User: N/A
IP Address: 151.215.220.176
Authentication Stack: ticket
Authentication Stack Properties:
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule
  SUFFICIENT ok false true
#1 trusteddn1 = CN=SMD
#2 trusteddn2 = CN=ED1
#3 trusteddn3 = CN=BD1
#4 trusteddn4 = CN=GD1
#5 trustediss1 = CN=SMD
#6 trustediss2 = CN=ED1
#7 trustediss3 = CN=BD1
#8 trustediss4 = CN=GD1
#9 trustedsys1 = SMD,001
#10 trustedsys2 = ED1,100
#11 trustedsys3 = BD1,100
#12 trustedsys4 = GD1,100
#13 ume.configuration.active = true
2. com.sap.security.core.server.jaas.SPNegoLoginModule OPTIONAL
  ok exception true SPNego authentication has failed during previous attempt.
3. com.sap.security.core.server.jaas.CreateTicketLoginModule
  SUFFICIENT ok false true
4.
  com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
  REQUIRED ok false false
5. com.sap.security.core.server.jaas.CreateTicketLoginModule
  REQUIRED ok false true
No logon policy was applied
...thentication.callbackhandler.handleEntering method
...thentication.callbackhandler.handleHandle javax.security.auth.callback.LanguageCallback@28f3e8f
...ackhandler.handle(LanguageCallback)Set locale in LanguageCallback to English (United States)
...thentication.callbackhandler.handleExiting method
...ecurity.authentication.logincontextGetting message to be displayed to the user for exception cause
  -1
...ecurity.authentication.logincontextThe localized message to be dispalyed to the user is null
...thentication.callbackhandler.handleEntering method
...thentication.callbackhandler.handleHandle
  com.sap.engine.interfaces.security.auth.AuthStateCallback:[FAILED]
...llbackhandler.isCustomLogonPageUsedNo custom logon page set
...callbackhandler.saveOriginalPageURLEntering method
...riginalURLDecryptedFromCookieRandomEntering method
...callbackhandler.saveOriginalPageURLOriginal Page URL Cookie is currently stored as :
  http://myalias.erp.mydomain.com:50000/irj/portal
...callbackhandler.saveOriginalPageURLRedirect URL not found. Original URL cookie from the request
  will be used: http://myalias.erp.mydomain.com:50000/irj/portal. Original
  method: null
...callbackhandler.saveOriginalPageURLOriginal Page URL Cookie will not be changed. It is equal to
  current URL.
...callbackhandler.saveOriginalPageURLExiting method
...uthStateCallback(AuthStateCallback)hasPasswordChange = false
...tication.programmatic.getAuthSchemeEntering method with (default)
...tion.programmatic.getLoggedInUser()Entering method
...tication.programmatic.getAuthschemeTrying to get subject from security session.
...tication.programmatic.getAuthschemeNo authentication template attached to session/subject
...thentication.programmatic.getTicketDoes not have private credentials
...hentication.programmatic.enrichUserTicket string is not available.
...hentication.programmatic.enrichUserDoes not have any public credentials
...tion.programmatic.getLoggedInUser()Exiting method with Guest
...tion.programmatic.getLoggedInUser()Entering method
...tication.programmatic.getAuthschemeTrying to get subject from security session.
...tication.programmatic.getAuthschemeNo authentication template attached to session/subject
...thentication.programmatic.getTicketDoes not have private credentials
...hentication.programmatic.enrichUserTicket string is not available.
...hentication.programmatic.enrichUserDoes not have any public credentials
...tion.programmatic.getLoggedInUser()Exiting method with Guest
...tion.programmatic.getLoggedInUser()Entering method
...tication.programmatic.getAuthschemeTrying to get subject from security session.
...tication.programmatic.getAuthschemeNo authentication template attached to session/subject
...thentication.programmatic.getTicketDoes not have private credentials
...hentication.programmatic.enrichUserTicket string is not available.
...hentication.programmatic.enrichUserDoes not have any public credentials
...tion.programmatic.getLoggedInUser()Exiting method with Guest
...thentication.callbackhandler.handleExiting method
...curityAudit][md=log(...)][cl=14214]ObjectID handed over is 'null'!
...ap.security.core.util.SecurityAuditLogon failed | LOGIN.ERROR | null | | Login Method=[default],
  IP Address=[151.215.220.176], UserID=[null], Reason=[Cannot authenticate the
  user.]
...ogon(request, response, authscheme)Stored data for security audits
...tion.programmatic.getLoginExceptionCan't map exception.
[EXCEPTION]
com.sap.engine.services.security.exceptions.BaseLoginException:
  Cannot authenticate the user.
at
  com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:131)
at java.security.AccessController.doPrivileged(Native Method)
at
  com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:280)
at
  com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:876)
at
  com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:453)
at
  com.sapportals.portal.prt.service.hook.SecurityHookService.doNodeHook(SecurityHookService.java:151)
at
  com.sapportals.portal.prt.connection.PortalHook.doNodeHook(PortalHook.java:383)
at
  com.sap.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:136)
at
  com.sap.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:49)
at
  com.sap.portal.prt.pom.PortalNode.createComponentNode(PortalNode.java:270)
at
  com.sap.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:445)
at
  com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:202)
at
  com.sap.portal.prt.dispatcher.DispatcherServlet.service(DispatcherServlet.java:132)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at
  com.sap.portal.prt.dispatcher.CustomHeaderFilter.doFilter(CustomHeaderFilter.java:58)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
  com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:334)
at
  com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:490)
at com.sap.portal.navigation.Gateway.service(Gateway.java:161)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at
  com.sap.portal.http.EnrichNavRequestFilter.doFilter(EnrichNavRequestFilter.java:49)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
  com.sap.portal.prt.dispatcher.CustomHeaderFilter.doFilter(CustomHeaderFilter.java:58)
at
  com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
  com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:432)
at
  com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
at
  com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
at
  com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
at
  com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:278)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
at
  com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at
  com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
at
  com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at
  com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at
  com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
at
  com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
at
  com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at
  com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at
  com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at
  com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by: javax.security.auth.login.LoginException: SPNego
  authentication has failed during previous attempt.
at
  com.sap.security.core.server.jaas.SPNegoLoginModule.fallbackStateException(SPNegoLoginModule.java:361)
at
  com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:167)
at
  com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)
at
  com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:66)
... 64 more
Former Member
0 Kudos

... continued

Exiting logon(request, response, authscheme) with authenticated
  subject.
Entering method
Trying to get subject from security session.
No authentication template attached to
  session/subject
Does not have private credentials
Ticket string is not available.
Does not have any public credentials
Exiting method with Guest
Entering method
Trying to get subject from security session.
No authentication template attached to
  session/subject
Does not have private credentials
Ticket string is not available.
Does not have any public credentials
Exiting method with Guest
Entering method
Trying to get subject from security session.
No authentication template attached to
  session/subject
Does not have private credentials
Ticket string is not available.
Does not have any public credentials
Exiting method with Guest
Entering method
Trying to get subject from security session.
No authentication template attached to
  session/subject
Does not have private credentials
Ticket string is not available.
Does not have any public credentials
Exiting method with Guest
Entering method
Trying to get subject from security session.
No authentication template attached to
  session/subject
Does not have private credentials
Ticket string is not available.
Does not have any public credentials
Exiting method with Guest
Entering method
Trying to get subject from security session.
No authentication template attached to
  session/subject
Does not have private credentials
Ticket string is not available.
Does not have any public credentials
Exiting method with Guest
Entering method
Trying to get subject from security session.
No authentication template attached to
  session/subject
Does not have private credentials
Ticket string is not available.
Does not have any public credentials
Exiting method with Guest
Entering method
Trying to get subject from security session.
No authentication template attached to
  session/subject
Does not have private credentials
Ticket string is not available.
Does not have any public credentials
Exiting method with Guest
Entering method
Trying to get subject from security session.
No authentication template attached to
  session/subject
Does not have private credentials
Ticket string is not available.
Does not have any public credentials
Exiting method with Guest
Entering method
Trying to get subject from security session.
No authentication template attached to
  session/subject
Does not have private credentials
Ticket string is not available.
Does not have any public credentials
Exiting method with Guest
Entering method
Trying to get subject from security session.
No authentication template attached to
  session/subject
Does not have private credentials
Ticket string is not available.
Does not have any public credentials
Exiting method with Guest
Entering method
Found action: show uid password logon page
Entering method
Get locale from request
Locale is en_US
LogonLocaleBean and LogonMessageBean created
LanguagesBean created
setType( logon )
Entering method
Entering method
Exiting method with
Exiting method
Entering method with (SELF_REGISTRATION)
Entering method
Trying to get subject from security session.
No authentication template attached to
  session/subject
Does not have private credentials
Ticket string is not available.
Does not have any public credentials
Exiting method with Guest
The current user is [Message buffer:
No
  messages available.
Transient
  data:
***************************************************************************
*
  com.sap.security.core.persistence.imp.PrincipalDatabag Tue Jul 21 10:41:49
  MDT 2015
*
  UniqueID: USER.PRIVATE_DATASOURCE.un:Guest
* Type:
  USER
* Home
  data source: PRIVATE_DATASOURCE
*
  Private id part: un:Guest
*
*
  Existence not checked.
*
***************************************************************************
Persistent
  data:
***************************************************************************
*
  com.sap.security.core.persistence.imp.PrincipalDatabag Tue Jul 21 10:41:49
  MDT 2015
*
  UniqueID: USER.PRIVATE_DATASOURCE.un:Guest
* Type:
  USER
* Home
  data source: PRIVATE_DATASOURCE
*
  Private id part: un:Guest
*
*
  Principal exists.
*
* Direct
  parents:
* ROLE:
* GRUP:
  GRUP.PRIVATE_DATASOURCE.un:Guests
*
  GRUP.SUPER_GROUPS_DATASOURCE.EVERYONE
*
  GRUP.SUPER_GROUPS_DATASOURCE.Anonymous Users
*
  "$serviceUser$"|->"SERVICEUSER_ATTRIBUTE" (no time
  limit)=
*
  "com.sap.portal.dsm"|->"DebugControlFlag" (no time
  limit)=
*
  "com.sap.portal.aidebug"|->"AppIntegratorDebugMode"
  (no time limit)=
*
  "PrimaryHelpNS"|->"PrimaryHelpFlag" (no time limit)=
*
  "com.sap.security.core.usermanagement"|->"timezone"
  (no time limit)=
*
  "com.sap.security.core.usermanagement"|->"accessibilitylevel"
  (no time limit)=
*
  "com.sap.security.core.usermanagement"|->"email" (no
  time limit)=
*
  "com.sap.security.core.usermanagement"|->"locale" (no
  time limit)=
*
  "com.sap.security.core.usermanagement"|->"lastname"
  (no time limit)="Guest"
*
  "com.sap.security.core.usermanagement"|->"firstname"
  (no time limit)=
*
  "com.sap.security.core.usermanagement"|->"salutation"
  (no time limit)=
*
  "com.sap.security.core.usermanagement"|->"uniquename"
  (no time limit)="Guest"
*
  "com.sap.security.core.usermanagement"|->"displayname"
  (no time limit)=
*
  "com.sapportals.portal.navigation"|->"uipmode" (no
  time limit)=
***************************************************************************
].
Exiting method with false
uid = null
isCertLogonAllowed=false
Entering method with (LOGON_HELP)
Entering method
Trying to get subject from security session.
No authentication template attached to
  session/subject
Does not have private credentials
Ticket string is not available.
Does not have any public credentials
Exiting method with Guest
The current user is [Message buffer:
No
  messages available.
Transient
  data:
***************************************************************************
*
  com.sap.security.core.persistence.imp.PrincipalDatabag Tue Jul 21 10:41:49
  MDT 2015
*
  UniqueID: USER.PRIVATE_DATASOURCE.un:Guest
* Type:
  USER
* Home
  data source: PRIVATE_DATASOURCE
*
  Private id part: un:Guest
*
*
  Existence not checked.
*
***************************************************************************
Persistent
  data:
***************************************************************************
*
  com.sap.security.core.persistence.imp.PrincipalDatabag Tue Jul 21 10:41:49
  MDT 2015
*
  UniqueID: USER.PRIVATE_DATASOURCE.un:Guest
* Type:
  USER
* Home
  data source: PRIVATE_DATASOURCE
*
  Private id part: un:Guest
*
*
  Principal exists.
*
* Direct
  parents:
* ROLE:
* GRUP:
  GRUP.PRIVATE_DATASOURCE.un:Guests
*
  GRUP.SUPER_GROUPS_DATASOURCE.EVERYONE
*
  GRUP.SUPER_GROUPS_DATASOURCE.Anonymous Users
*
  "$serviceUser$"|->"SERVICEUSER_ATTRIBUTE" (no time
  limit)=
*
  "com.sap.portal.dsm"|->"DebugControlFlag" (no time
  limit)=
*
  "com.sap.portal.aidebug"|->"AppIntegratorDebugMode"
  (no time limit)=
*
  "PrimaryHelpNS"|->"PrimaryHelpFlag" (no time limit)=
*
  "com.sap.security.core.usermanagement"|->"timezone"
  (no time limit)=
*
  "com.sap.security.core.usermanagement"|->"accessibilitylevel"
  (no time limit)=
*
  "com.sap.security.core.usermanagement"|->"email" (no
  time limit)=
*
  "com.sap.security.core.usermanagement"|->"locale" (no
  time limit)=
*
  "com.sap.security.core.usermanagement"|->"lastname"
  (no time limit)="Guest"
*
  "com.sap.security.core.usermanagement"|->"firstname"
  (no time limit)=
*
  "com.sap.security.core.usermanagement"|->"salutation"
  (no time limit)=
*
  "com.sap.security.core.usermanagement"|->"uniquename"
  (no time limit)="Guest"
*
  "com.sap.security.core.usermanagement"|->"displayname"
  (no time limit)=
*
  "com.sapportals.portal.navigation"|->"uipmode" (no
  time limit)=
***************************************************************************
].
Exiting method with false
Exiting method
Exiting method
CLIENT: 1284, REPLY:
HTTP/1.1
  200 OK
CLIENT: 1284, REPLY:
Server:
  SAP NetWeaver Application Server 7.41 / AS Java 7.40
Content-Type:
  text/html; charset=UTF-8
Pragma:
  no-cache
Cache-Control:
  no-store, no-cache, must-revalidate
expires:
  0
Content-Encoding:
  gzip
Date:
  Tue, 21 Jul 2015 16:41:49 GMT
Transfer-Encoding:
  chunked
Set-Cookie:
  PortalAlias=portal; Path=/
CLIENT: 1285, REQUEST:
GET
  /com.sap.portal.design.portaldesigndata/themes/portal/Xcel_Energy_Theme/prtl_std/prtl_std_ie6.css?v=7.31.10.0.4
  HTTP/1.1
accept:
  */*
referer:
  http://myalias.erp.mydomain.com:50000/irj/portal
accept-language:
  en-US
user-agent:
  Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2;
  .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC
  6.0; .NET4.0C; .NET4.0E; InfoPath.3)
accept-encoding:
  gzip, deflate
host:
  myalias.erp.mydomain.com:50000
if-modified-since:
  Thu, 28 May 2015 23:43:13 GMT
connection:
  Keep-Alive
cookie:
  PortalAlias=portal; saplb_*=(J2EE4359720)4359750
CLIENT: 1285, REPLY:
HTTP/1.1
  304 Not Modified
CLIENT: 1285, REPLY:
Server:
  SAP NetWeaver Application Server 7.41 / AS Java 7.40
Cache-Control:
  max-age=604800
Date:
  Tue, 21 Jul 2015 16:41:49 GMT
CLIENT: 1286, REQUEST:
GET
  /com.sap.portal.design.urdesigndata/themes/portal/Xcel_Energy_Theme/ur/ur_ie6.css?0d0c07274b0773705edd374a7f550ac3?v=7.33.3.62.4
  HTTP/1.1
accept:
  */*
referer:
  http://myalias.erp.mydomain.com:50000/irj/portal
accept-language:
  en-US
user-agent:
  Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2;
  .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC
  6.0; .NET4.0C; .NET4.0E; InfoPath.3)
accept-encoding:
  gzip, deflate
host:
  myalias.erp.mydomain.com:50000
if-modified-since:
  Thu, 28 May 2015 23:43:10 GMT
connection:
  Keep-Alive
cookie:
  PortalAlias=portal; saplb_*=(J2EE4359720)4359750
CLIENT: 1286, REPLY:
HTTP/1.1
  304 Not Modified
CLIENT: 1286, REPLY:
Server:
  SAP NetWeaver Application Server 7.41 / AS Java 7.40
Cache-Control:
  max-age=604800
Date:
  Tue, 21 Jul 2015 16:41:49 GMT
Content-Encoding:
  gzip
CLIENT: 1287, REQUEST:
POST
  /webdynpro/resources/sap.com/tc~sec~tools~tsh~wd/TCT HTTP/1.1
accept:
  */*
x-requested-with:
  XMLHttpRequest
content-type:
  application/x-www-form-urlencoded
referer:
  http://hostname.erp.mydomain.com:50000/webdynpro/resources/sap.com/tc~sec~tools~tsh~wd/TCT
accept-language:
  en-us
accept-encoding:
  gzip, deflate
user-agent:
  Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2;
  .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC
  6.0; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; managedpc)
host:
  hostname.erp.mydomain.com:50000
content-length:
  698
connection:
  Keep-Alive
cache-control:
  no-cache
cookie:
  fsr.s=%7B%22v2%22%3A1%2C%22v1%22%3A1%2C%22rid%22%3A%22d925c34-148514807-b231-ed89-6b464%22%2C%22ru%22%3A%22http%3A%2F%2Fwww.mydomain.com%2F%22%2C%22r%22%3A%22www.mydomain.com%22%2C%22st%22%3A%22%22%2C%22to%22%3A4%2C%22mid%22%3A%22d925c34-148514834-e81c-42f9-d4e87%22%2C%22rt%22%3Afalse%2C%22rc%22%3Afalse%2C%22c%22%3A%22http%3A%2F%2Fwww.mydomain.com%2F%22%2C%22pv%22%3A1%2C%22lc%22%3A%7B%22d0%22%3A%7B%22v%22%3A1%2C%22s%22%3Afalse%7D%7D%2C%22cd%22%3A0%2C%22sd%22%3A0%2C%22f%22%3A1437414553640%7D;
  _ga=GA1.2.490465353.1437414512;
  GeographicLocation=%2FGeographic%20Location%2FColorado; PortalAlias=portal;
  saplb_*=(J2EE4359720)4359750;
  JSESSIONID=AmbJMVuvIBu3716bg5HGU-nzxCqtTgFGhkIA_SAPXdUVkt2CPnNgVjysZj5Xlh8v;
  JSESSIONMARKID=kPRAjwaC7nHNJLkY-h-Q_bjDwMWmAdVUhwaUaGQgA;
  MYSAPSSO2=AjExMDAgAA1wb3J0YWw6MjE4MjUwiAAHZGVmYXVsdAEABjIxODI1MAIAAzAwMAMAA1BEMQQADDIwMTUwNzIxMTYyMgUABAAAABAKAAYyMTgyNTD%2FASswggEnBgkqhkiG9w0BBwKgggEYMIIBFAIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYH0MIHxAgEBMEYwPjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1OMRQwEgYDVQQKEwtYY2VsIEVuZXJneTEMMAoGA1UEAxMDUEQxAgRRDRbDMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTA3MjExNjIyNTRaMCMGCSqGSIb3DQEJBDEWBBSDRATG4cba91i%2FWdXrSuwol74VwDAJBgcqhkjOOAQDBC8wLQIUfL7wush0Oj3J3ItPq8uxLYHrexUCFQDKnpK7a4buQL7hvU0MVL7J3LWfMA%3D%3D
sap-wd-appwndid=81fedd212fc511e59e4d000000428646&sap-wd-cltwndid=81fedd202fc511e58c40000000428646&sap-wd-norefresh=X&sap-wd-secure-id=jXByH1DVISBASbltJmOdUw%3D%3D&SAPEVENTQUEUE=Button_Press%EE%80%82Id%EE%80%84DJEH.TraceCollectorView.ToolBarButtonStop%EE%80%83%EE%80%82ClientAction%EE%80%84submit%EE%80%83%EE%80%82urEventName%EE%80%84BUTTONCLICK%EE%80%83%EE%80%81Form_Request%EE%80%82Id%EE%80%84...form%EE%80%85Async%EE%80%84false%EE%80%85FocusInfo%EE%80%84%40%7B%22sFocussedId%22%3A%20%22DJEH.TraceCollectorView.ToolBarButtonStop%22%7D%EE%80%85Hash%EE%80%84%EE%80%85DomChanged%EE%80%84false%EE%80%85IsDirty%EE%80%84false%EE%80%83%EE%80%82EnqueueCardinality%EE%80%84single%EE%80%83%EE%80%82%EE%80%83
Former Member
0 Kudos

I downloaded the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 by following the sap note 1240081 but I am still getting the error for AES256 encryption ket (screenshot) while creating the realm using spnego wizard.

The logfile shows that it is unable to read the user in session and hence failing. Any idea?