Skip to Content

Off late I have been a bit regular on Portal Forums, One question which has been frequently asked and I haven’t found any definitive answer is regarding the Logon Language. People (Including me), who are so used to R3 Logon, find it difficult to understand why there is no Logon Language option for Portal. Things get a bit messier, when you read about the property ume.logon.lcoale. If you set it as true through config-tool you get a Language Selection Drop down on Logon Page. But alas, nothing happens when you select the language from Drop down and login to portal.  Not good…Don’t worry Not that Bad either. It’s a valuable point learnt which can be used to simplify what we want to achieve.

While trying to dig in, I saw some suggestions that it can be achieved through Custom Logon Module. That sounds good, but unfortunately I didn’t find any concrete idea on how to do it. I saw some words Like JAAS (Java Authentication and Authorization Service), Logon Stack etc, which didn’t make much sense to me at that time (Even today I can just manage). The reason is partly due to the fact that I started my career with SAP and whatever JAVA I know, is based on need.

Let’s come back to Logon Module :-).

Before continuing further, I strongly recommend you to go through these two very useful documents

1. JAAS Login Module Development on WebAS Java 640

2. Custom Login Module Tutorial

The second document will require access to Service Market Place.

We have a  possible solution and a broad guideline, but how do we implement it ?

I could see in the document and also in Visual Administrator that there is a login module with the name BasicPasswordLoginModule.

This was the Eureka moment. If I could get hold of the source code, it will not be difficult to write my own Logon Module.

JAR Class Finder and JAD Eclipse are two very useful tools. If you aren’t already using them,  trust me your life will be much easier if you use them.

You can find some useful information regarding the Installation and configuration of JAD Eclipse and JAR Class finder in my earlier blog.

http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/25225

Jar class finder tells me that the class com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule

is packaged in security.jar

After doing a JAD (I was not able to do it through NWDS directly, had to extract the class file through Winrar and decompile it through Command Line JAD), the result is quite pleasing. I will let you do that by yourself and decide.

Before going forward let’s summarize how far we have reached

1. Our aim is to allow for Logon Language on Logon Page

2. This can be achieved through Custom Logon Module

3. We understand the basic of Logon module and theoretically how to do it

4. We have a template implementation in form of BasicPasswordLoginModule

After going through BasicPasswordLoginModule and above documents, I was certain that if I can get the Language in request parameter I can use HttpGetterCallback to retrieve this and using UM APIs I can update the User Profile.

In one of the threads I read that before a certain SP version it was possible to login with a specific locale using the URL

http://<host>:<port>/irj/portal?ume.logon.locale=<locale>

There was no way I could verify this, as I am on EP 7 and it doesn’t work. However, it gave me a hope that the parameter is getting set in request.

Based on the above let’s create our Custom Logon Module

Development

1. Create a Java Project (in my case it’s CTSJAAS) and add the following jar files to project Build Path

  • admin.jar
  • com.sap.security.api.jar
  • connector.jar
  • exception.jar
  • logging.jar
  • security.jar
  • security_api.jar

2. Create a Class which extends the class AbstractLoginModule. (In my case it’s Ctsjaasimpl)

3. Look at the BasicPasswordLoginModule and implement the methods accordingly. Alternatively copy and paste the below, and make appropriate changes.

\

\

4. Export the jar file.

jaas-6.JPG

5. Create a J2EE Library Project

jaas-3.JPG

6. Configure provider.xml General Tab, as shown (Change the provider name)

jaas-4.JPG

7. On Jars tab add the Jar file which contains your Custom Logon Module (Please note that, to be able to add the jar file it should be available in current Workspace)

jaas-5.JPG

8. On References tab, you need to add the Reference to the Library, interfaces, services for the jar file which you have used in your project. This can be tricky and it took me lot of time to figure out what to add here. I will suggest you to directly go to the source tab and copy and paste the references section at appropriate place.

\

9. Configure sda-dd.xml and set Software type as library

jaas-6.JPG

10. Build Library Archive, it will generate a .sda file. Right click on the .sda file and deploy it.

jaas-7.JPG

We are done with the Development. Now we can move to configuration.

Configuration

1. Login to Visual Administrator (go.bat). Expand the node Server -> Libraries, and confirm that the Library Project has been Deployed Successfully. See below

jaas-7.JPG

2. Open the node Server->Services->Security Provider

3. Go to User Management Tab. Switch to Edit Mode. Click on Manage Security Stores.

jaas-9.JPG

4. Select UME User Store, and click Add Login Module

jaas-10.JPG

5. Provide the class name for your Login Module. (In my case it’s com.cts.jaas.Ctsjaasimpl)

jaas-10.JPG

6. Now we need to add this Login Module to Login Module Stack

Note: If you haven’t done already, please read the above two documents carefully to understand the Login Module Authentication Process. It’s vital to understand what you are doing, as any misconfiguration will mean, no one will be able to login to portal. Of course you can login through Visual admin and Rollback.

Navigate to Policy Configurations -> ticket and click on Add New

jaas-12.JPG

7. Select your logon module and click Modify. Adjust the Position and flag. Look at the below screen shot for help.

jaas-13.JPG

8. Click on the Properties tab and modify the property LoginModuleClassLoaders, so that it points to your library project. Take help of step1 to know the exact value.

jaas-14.JPG

We are done with the login module configuration. At this point I saved my changes and restarted my server. I was able to successfully test it by using the URL http://<host:<port>/irj/portal?ume.logon.locale=de

This will set the locale in User Profile to de.

However, now I have the benefit of hindsight and I don’t want you to come back to configuration and restart your server again. We will finish the configuration for the missing bit. The Drop down on the logon screen.

9. Start the Configtool (configtool.bat) and navigate to cluster-data ->Global Server Configuration->Services.

10. Select com.sap.security.core.ume.service.

11. Locate the property ume.logon.locale and set it as true.

jaas-15.JPG

12. Save your changes and restart the cluster.

13. After restart access the Portal logon URL. You will notice the Drop Down for Language Selection. Provide the Credentials, Select the Language and hit logon.

jaas-16.JPG

14. If everything is fine, you will see something similar to below.

jaas-17.JPG

Conclusion

Custom login module opens up lots of interesting possibilities. In one of the forums, I read that the logical attribute mapping doesn’t work for UME using Java Database. Fellow SDNer wanted to configure the portal so that it allows for login using e-mail address instead of User ID. This can easily be achieved through Custom Logon Module. Also in the above document there is an interesting scenario, where you can filter the IPs. Either allow certain IP ranges or block certain IP ranges, Easy, with your own logon module.


To report this post you need to login first.

5 Comments

You must be Logged on to comment or reply to a post.

  1. Preetham Asoda

    Hey Prashant,

    We are facing an issue with a new Login module we deployed. The authentication log says “No application classloader can load login module class: de.platinion.security.IPHeaderLoginModule.

    Probably application that deployed the login module is stopped and cannot be started.”

    We are following the above post and basically we are stuck at step 8 “Click on the Properties tab and modify the property *LoginModuleClassLoaders, *so that it points to your library project. Take help of step1 to know the exact value.”

    When we add the new login module we created (IPHeaderLoginModule) to the login stack and click on properties tab, there is no property for LoginModuleClassLoaders and we are not being able to add a new property as well.

    Please guide us with some directions. Thanks in advance.

    Thanks,
    Preetham

    PS: I cannot access the link to the image file you posted

    (0) 
  2. Loc Nguyen Xuan

    Hi Kumar,

    I am going to customize our Logon Page on SAP Portal 7.4. Your blog is very useful but I am being stuck on the first step, I cannot find the jar files your mentioned in anywhere. I found some jar files on installation folder of the Portal but still not enough to proceed the customization.

    Below are 2 import that cannot be resolved:

    import javax.resource.spi.security.PasswordCredential;

    import com.sap.engine.services.security.exceptions.BaseSecurityException;

    And below is the list of jar files I have added in Build Path of JAVA project:

    sap.com~tc~bl~jkernel_util~impl.jar

    sap.com~tc~exception~impl.jar

    sap.com~tc~je~appadmin~impl.jar

    sap.com~tc~je~basicadmin~impl.jar

    sap.com~tc~je~connector~impl.jar

    sap.com~tc~je~security_api~impl.jar

    sap.com~tc~je~security~impl.jar

    sap.com~tc~logging~java~impl.jar

    sap.com~tc~sec~ume~api~impl.jar

    I am using SAP Enhancement Package 1 for SAP NetWeaver Developer Studio 7.3 SP15 PAT0001.

    Please help me.

    Regards,

    Loc Nguyen

    (0) 
  3. Sarah Bavousett

    Hello Kumar

    I am new to developing a custom Login Module and I am having trouble finding the BasicPasswordLoginModule code. I would like to Import into NWDS the project that contains the BasicPasswordLoginModule as a starting point. Can you give me a few tips on how to view and Import the BasicPasswordLoginModule code into NWDS.

    Thank you Sarah

    (0) 

Leave a Reply