Show TOC

 Managing Login ModulesLocate this document in the navigation structure

To change the options of a login module or to remove a standard login module, you use the authentication configuration functions of the SAP NetWeaver Administrator.

  • To add or update a custom login module, you use the Deploy view of the SAP NetWeaver Developer Studio.

  • To remove a custom login module, you use the Undeploy view of the Developer Studio.

Inheriting login module options

If you change the options of a login module in the user store, the changes will be inherited by all policy configurations that use this login module.

If you change the options of a login module in a single policy configuration, the change applies only to that policy configuration. In this case, the login module no longer inherits its options from the user store. To restore the inheritance, change the options in the policy configuration or in the user store so that they are identical.

If you are deploying a Web application you can set it to automatically inherit the options of a login module in the user store. To do this, enter the login module's display name in the Web deployment descriptor's tag <login-module-name>, for example: BasicPasswordLoginModule. In this case the system ignores the options you configure in the Web deployment descriptor. If you want to configure specific login module options for a Web application, enter the class name of the login module, for example: com.sap.engine.services.userstore.jaas.BasicPasswordLoginModule. In this case the system ignores the options in the user store and uses the options you specify in the deployment descriptor.

More information about the Web deployment descriptor: web-j2ee-engine.xsd.

The type of the project in the SAP NetWeaver Developer Studio must be an Enterprise Application Project so that you can export a deployable file with an extension .ear. The Enterprise Archive (EAR) file must contain the following two files:

  • • A JAR file, containing the login module, which is generated from another Java Project. The Enterprise Application Project must have a Java EE Module Dependency to the Java Project so that the JAR file is included in the EAR file.
  • • A LoginModuleConfiguration.xml file that should be located in the root directory of the EAR file.
Add or Update a Login Module
  1. Make sure the connection to SAP NetWeaver AS for Java is properly configured.

    To check the connection, from the menu path choose Start of the navigation path Window Next navigation step Preferences End of the navigation path and choose SAP AS Java. Adjust the parameters if necessary, for example: in the field Instance host enter localhost, in the field Instance number enter 0 and then choose Register SAP Instance.

  2. From the menu path, choose Start of the navigation path Window Next navigation step Show View Next navigation step Other End of the navigation path.
  3. In the dialog that appears, choose Start of the navigation path Deploy View Next navigation step Deploy View End of the navigation path.
  4. In the Deploy view tab, choose Workspece Deployable Archives or External Deployable Archives, depending on the location of your deployable file.
  5. Define the Update Strategy:
    • If you are deploying the login module for the first time, then you can leave the default settings.
    • If you are updating a login module, select the proper Update Strategy.
  6. Choose the button with the quick info text Add element.
    • If you selected Workspace Deployable Archives, then a dialog containing all deployable archives in your workspace appears. Select the archive that contains the login module you want to deploy and choose OK.
    • If you selected External Deployable Archives, then browse to the location of the archive that contains the login module you want to deploy. Select the archive and choose Open.
  7. To deploy the login module, choose the  button with the quick info text Deploy.
    Caution

    The deployable file must contain a JAR file with the class of the login module and a configuration XML file with the name LoginModuleConfiguration.xml. The configuration file contains the display name, the class name and the options of the login module and is used by the system to automatically register the login module on the AS Java.

    Note the following:

    • The display name of the login module must be unique in the user store.
    • The display name of the login module must not be the same as its class name.
    • If you are updating a login module, do not change its display name.

More information: Creating the Configuration File for Login Modules.

Manage Login Module Options
  1. Using the SAP NetWeaver Administrator, go to Start of the navigation path Configuration Management Next navigation step Security Next navigation step Authentication and Single Sign-On Next navigation step Authentication End of the navigation path.
  2. Choose the Login Modules tab.
  3. Select the login module whose options you want to change.
  4. In the Login Module Options tab, choose Edit.
    • To add an option for the selected login module, do the following:
      1. Choose the Add button with the quick info text Add new login module option.
      2. Enter the name of the new login module option.
      3. Enter the value of the new login module option.
      4. Choose Add.
    • To remove an option from the login module, select the option and choose Remove.
  5. Choose Save to save your changes, or choose Cancel to cancel all changes to the last saved configuration.
Remove a Login Module
Caution

Before removing a login module, make sure that you have removed that login module from all policy configurations that use it. Otherwise those policy configurations will not work properly after the login module is removed.

To remove a login module (for example: BasicPasswordLoginModule), proceed as follows:

  1. Using the SAP NetWeaver Administrator, go to Start of the navigation path Configuration Management Next navigation step Security Next navigation step Authentication and Single Sign-On Next navigation step Authentication End of the navigation path.
  2. Choose the Login Modules tab.
  3. Select the login module that you want to remove and choose Delete.

To remove a custom login module, you use the Undeploy view of the Developer Studio:

  1. Make sure the connection to SAP NetWeaver AS for Java is properly configured.

    To check the connection, from the menu path choose Start of the navigation path Window Next navigation step Preferences End of the navigation path and choose SAP AS Java. Adjust the parameters if necessary, for example: in the field Instance host enter localhost, in the field Instance number enter 0 and then choose Register SAP Instance.

  2. From the menu path, choose Start of the navigation path Window Next navigation step Show View Next navigation step Other End of the navigation path.
  3. In the dialog that appears, choose Start of the navigation path Deploy View Next navigation step Undeploy View End of the navigation path.
  4. On the Undeploy view tab, select the login module you want to remove.
  5. Choose the  button with the quick info text Add Items to undeploy list.
  6. Choose the Undeploy button with the quick info text Undeploy all items in the list, to undeploy the selected login module.
    Caution

    All login modules that have the same class name as the undeployed module will also be removed.