Off late I have been a bit regular on Portal Forums, One question which has been frequently asked and I haven’t found any definitive answer is regarding the Logon Language. People (Including me), who are so used to R3 Logon, find it difficult to understand why there is no Logon Language option for Portal. Things get a bit messier, when you read about the property ume.logon.lcoale. If you set it as true through config-tool you get a Language Selection Drop down on Logon Page. But alas, nothing happens when you select the language from Drop down and login to portal. Not good…Don’t worry Not that Bad either. It’s a valuable point learnt which can be used to simplify what we want to achieve.
While trying to dig in, I saw some suggestions that it can be achieved through Custom Logon Module. That sounds good, but unfortunately I didn’t find any concrete idea on how to do it. I saw some words Like JAAS (Java Authentication and Authorization Service), Logon Stack etc, which didn’t make much sense to me at that time (Even today I can just manage). The reason is partly due to the fact that I started my career with SAP and whatever JAVA I know, is based on need.
Let’s come back to Logon Module :-).
Before continuing further, I strongly recommend you to go through these two very useful documents
The second document will require access to Service Market Place.
We have a possible solution and a broad guideline, but how do we implement it ?
I could see in the document and also in Visual Administrator that there is a login module with the name BasicPasswordLoginModule.
This was the Eureka moment. If I could get hold of the source code, it will not be difficult to write my own Logon Module.
JAR Class Finder and JAD Eclipse are two very useful tools. If you aren’t already using them, trust me your life will be much easier if you use them.
You can find some useful information regarding the Installation and configuration of JAD Eclipse and JAR Class finder in my earlier blog.
Jar class finder tells me that the class com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
is packaged in security.jar
After doing a JAD (I was not able to do it through NWDS directly, had to extract the class file through Winrar and decompile it through Command Line JAD), the result is quite pleasing. I will let you do that by yourself and decide.
Before going forward let’s summarize how far we have reached
1. Our aim is to allow for Logon Language on Logon Page
2. This can be achieved through Custom Logon Module
3. We understand the basic of Logon module and theoretically how to do it
4. We have a template implementation in form of BasicPasswordLoginModule
After going through BasicPasswordLoginModule and above documents, I was certain that if I can get the Language in request parameter I can use HttpGetterCallback to retrieve this and using UM APIs I can update the User Profile.
In one of the threads I read that before a certain SP version it was possible to login with a specific locale using the URL
There was no way I could verify this, as I am on EP 7 and it doesn’t work. However, it gave me a hope that the parameter is getting set in request.
Based on the above let’s create our Custom Logon Module
1. Create a Java Project (in my case it’s CTSJAAS) and add the following jar files to project Build Path
2. Create a Class which extends the class AbstractLoginModule. (In my case it’s Ctsjaasimpl)
3. Look at the BasicPasswordLoginModule and implement the methods accordingly. Alternatively copy and paste the below, and make appropriate changes.
4. Export the jar file.
5. Create a J2EE Library Project
6. Configure provider.xml General Tab, as shown (Change the provider name)
7. On Jars tab add the Jar file which contains your Custom Logon Module (Please note that, to be able to add the jar file it should be available in current Workspace)
8. On References tab, you need to add the Reference to the Library, interfaces, services for the jar file which you have used in your project. This can be tricky and it took me lot of time to figure out what to add here. I will suggest you to directly go to the source tab and copy and paste the references section at appropriate place.
9. Configure sda-dd.xml and set Software type as library
10. Build Library Archive, it will generate a .sda file. Right click on the .sda file and deploy it.
We are done with the Development. Now we can move to configuration.
1. Login to Visual Administrator (go.bat). Expand the node Server -> Libraries, and confirm that the Library Project has been Deployed Successfully. See below
2. Open the node Server->Services->Security Provider
3. Go to User Management Tab. Switch to Edit Mode. Click on Manage Security Stores.
4. Select UME User Store, and click Add Login Module
5. Provide the class name for your Login Module. (In my case it’s com.cts.jaas.Ctsjaasimpl)
6. Now we need to add this Login Module to Login Module Stack
Note: If you haven’t done already, please read the above two documents carefully to understand the Login Module Authentication Process. It’s vital to understand what you are doing, as any misconfiguration will mean, no one will be able to login to portal. Of course you can login through Visual admin and Rollback.
Navigate to Policy Configurations -> ticket and click on Add New
7. Select your logon module and click Modify. Adjust the Position and flag. Look at the below screen shot for help.
8. Click on the Properties tab and modify the property LoginModuleClassLoaders, so that it points to your library project. Take help of step1 to know the exact value.
We are done with the login module configuration. At this point I saved my changes and restarted my server. I was able to successfully test it by using the URL http://<host:<port>/irj/portal?ume.logon.locale=de
This will set the locale in User Profile to de.
However, now I have the benefit of hindsight and I don’t want you to come back to configuration and restart your server again. We will finish the configuration for the missing bit. The Drop down on the logon screen.
9. Start the Configtool (configtool.bat) and navigate to cluster-data ->Global Server Configuration->Services.
10. Select com.sap.security.core.ume.service.
11. Locate the property ume.logon.locale and set it as true.
12. Save your changes and restart the cluster.
13. After restart access the Portal logon URL. You will notice the Drop Down for Language Selection. Provide the Credentials, Select the Language and hit logon.
14. If everything is fine, you will see something similar to below.
Custom login module opens up lots of interesting possibilities. In one of the forums, I read that the logical attribute mapping doesn’t work for UME using Java Database. Fellow SDNer wanted to configure the portal so that it allows for login using e-mail address instead of User ID. This can easily be achieved through Custom Logon Module. Also in the above document there is an interesting scenario, where you can filter the IPs. Either allow certain IP ranges or block certain IP ranges, Easy, with your own logon module.