Adjusting the Login Module Stacks 
Use
The login module HeaderVariableLoginModule is used for integrated Windows authentication. To set up integrated Windows authentication in the portal, this login module must be included in the login module stack used by the portal in the SAP Web Application Server Java.
See also Using Header Variables or Integrated Windows Authentication for User Authentication.
Prerequisites
The login module HeaderVariableLoginModule exists in the active user store. (To check if it exists, in the Security Provider service, choose Runtime ® Policy Configurations, select any component in the component list, and choose the Add New button to add a new login module to the login module stack. A list of all available login module appears.) If it does not exist, then make it available as follows:
...
a. In the Visual Administrator, choose Security Provider.
b. Choose the User Management tab and choose Manage Security Stores.
The currently active user store and the login modules for that user store are displayed.
c. Choose Add Login Module.
A dialog box prompting you to choose an editor for the login module option appears.
d. Choose OK.
A dialog box prompting you to add a login module appears.
e. Fill in the fields as follows:
Field name |
Field value |
Class Name |
com.sap.security.core.server.jaas |
Display Name |
HeaderVariableLoginModule |
f. Choose OK.
The HeaderVariableLoginModule now appears in the list of login modules for the active user store.
Procedure
...
1. Find out which login module stack is used by the portal.
a. In the Visual Administrator of the J2EE Engine, choose Configuration Adapter.
b. Navigate to cluster_data ® server ® persistent ®com.sap.security.core.ume.service ® authschemes.xml.
Your portal may be configured to use a different file for authentication schemes. Check the UME property login.authschemes.definition.file to find out the name of the authentication schemes file that your portal is using.
c. Open the file for viewing by double-clicking on it.
d. Check which authentication scheme is used as the default authentication scheme.
You can find this in the <authscheme-refs> section under <authscheme-ref name=”default”>.
In the following example excerpt from authschemes.xml, the default portal authentication scheme is uidpwdlogon.
<authscheme-refs> |
e. When you have identified the default authentication scheme, check which authentication template it references.
You can find this under the relevant authentication scheme in the <authentication-template> tag.
In the following example excerpt, the authentication scheme is ticket.
<authschemes> |
This tells you which login module stack is used by the portal. Now you can modify this stack in the Visual Administrator. In a default portal installation, this will be the ticket authentication template
2. In the Visual Administrator, add the HeaderVariableLoginModule to the login module stack you identified above as described in Adjusting the Login Module Stacks for Using Header Variables. Set the options as follows:
Option |
Value |
Comment |
ume.configuration.active |
True |
Specifies that UME authentication is used as opposed to container-based authentication. |
Header |
REMOTE_USER |
For integrated Windows authentication this value must be REMOTE_USER |
windows_integrated |
true |
|
domain (this option is optional) |
<comma-separated list of Windows domains> |
Specifies a comma-separated list of Windows domains which are supported. If the list is not empty, the Windows user must be from one of the domains. |