Login Module Name

Description

BasicPasswordLoginModule

Performs a JSP logon using Basic or Form authentication. That is, you use this login module to perform user authentication with user name and password. For more information, see Using Basic Authentication (User ID and Password) in the Administration Manual.

CallerImpersonationMapping
LoginModule

Used when the credentials of the caller principal are directly passed to the Enterprise Information System (EIS) and used for authentication of the resource principal.

ClientCertLoginModule

Performs a certificate logon to J2EE Engine. For more information, see Using Client Certificates for User Authentication in the Administration Manual.

ConfiguredIdentityMapping
LoginModule

Used when all caller principals obtain a connection to the EIS using use the same pre-configured identity. You have to specify either a user store that contains the identity, or a user name and a password for the configured identity.

CreateTicketLoginModule

Login module to create SAP Logon Tickets after successful logon. For more information, see Using Logon Tickets for Single Sign-On in the Administration Manual.

CredentialsMappingLoginModule

Used when the credentials of the caller principal are replaced by the credentials that are used for authentication to the EIS; in this case, you have to specify a user store where the EIS credentials are stored.

CSILoginModule

Login module for the IIOP service.

DigestLoginModule

Authenticates applications, which defines their Digest authentication method in the deployment descriptors. This is a more advanced form of the Basic authentication type. Here the password of the user is digested (encoded).

EvaluateAssertionTicketLoginModule

Used for SSO with SAP Authentication Assertion Ticket. The login module verifies the ticket that arrives on the J2EE Engine.

EvaluateTicketLoginModule

Login module to evaluate SAP Logon Tickets.

HeaderVariableLoginModule

Login module at SSO using header variables. For more information, see Using Header Variables for User Authentication in the Administration Manual.

PrincipalMappingLoginModule

Used when particular caller principals are mapped to an EIS principal. Only authorized caller principals can obtain a connection using a specific identity. You can either specify the user store where this identity is stored, or enter the name and the password of the resource principal.

SAMLLoginModule

Performs authentication using the SAML Browser/Artifact profile.

SecuritySessionLoginModule

Login module used by download.ear. It uses the tickets, generated by the Security Provider service on the engine.

SPNegoLoginModule

Used for SSO with Kerberos authentication. This login module implements the Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) on the J2EE Engine.

SPNEGO is a standard Generic Security Services Application Program Interface (GSS API) pseudo-mechanism. It is used to determine which GSS API mechanisms are shared, select one and then establish a security context for communication with it.

Krb5LoginModule

Used in the policy configuration com.sun.security.jgss.accept for SSO with Kerberos authentication. The login module is invoked to obtain the J2EE Engine credentials from the Kerberos keytab file. The Krb5LoginModule succeeds only if the attempt to log in to the Kerberos KDC as a specified entity is successful. Therefore, the Krb5LoginModule is a required login module for Kerberos authentication.

MappingModule

Used in the policy configuration com.sun.security.jgss.accept for SSO with Kerberos authentication. The MappingModule is used to retrieve the service user that corresponds to the J2EE Engine on the Kerberos KDC. The corresponding user is retrieved by value of the property com.sap.spnego.uid.resolution.attr. By default this value is krb5principlaname.