Managing Authentication Policy for AS Java
Components
Use
Use this section to manage the authentication stacks for the policy configurations of AS Java components.
The authentication management functions of the SAP NetWeaver Administrator (NWA) enable you to manage component policy configurations, as well as the login modules registered in the authentication stacks of policy configurations. When you change the configuration options for the login modules in the authentication stacks of a policy configuration, the configured login module options apply only to the component policy configuration where the login module is used. To globally configure options for all usage instances of a login module in policy configurations, see Managing Login Modules.
Procedure
...
1. Using the NWA, go to Configuration Management → Security Management → Authentication.
2. Choose the Components tab to access the policy configurations for the AS Java components.
...
a. To display the configured authentication stack for a policy configuration, select the policy configuration from the list of Component Policy Configurations.
You can use the navigation buttons for the Component Policy Configurations list to navigate to a policy configuration. Alternatively, you can use the search functions to search for a policy configuration or to filter the displayed policy configuration by policy configuration type. In addition, the advanced search functions also enable you to find policy configuration that use a specific template or login module.
For more information about AS Java policy configuration types, see Policy Configurations and Authentication Stacks.
b. Choose Edit to switch to editing mode and proceed to the sections below for information about managing the component policy configurations and their authentication stacks.
Manage Component Policy Configurations
Action |
Procedure |
Add a custom policy configuration |
... 1. Choose Create from the Component Policy Configurations list. 2. Specify a name for the policy configuration. 3. Choose Ok.
The newly created policy configuration is of type Custom. |
Remove a policy configuration |
... 1. Select the component’s policy configuration from the Component Policy Configurations list. 2. Choose Remove. |
Manage Authentication Stacks for Component Policy Configurations
Action |
Procedure |
Add login module to an authentication stack |
... 1. Select the component’s policy configuration from the Component Policy Configurations list. 2. Choose Add for the Authentication Stack table. 3. Choose a registered login module from the list to add it to the Authentication Stack. 4. Choose Ok to confirm your choice. The login module appears in the Authentication Stack list. |
Apply an authentication template to a policy configuration |
... 1. Select the component’s policy configuration from the Component Policy Configurations list. 2. Use the dropdown list in Details for Selected Component to choose a Referenced Authentication Template. |
Manage a login module configuration in an authentication stack |
... 1. Select the component’s policy configuration from the Component Policy Configurations list. 2. Select the login module from the Authentication Stack list. a. Choose the processing flag for the login module to open the dropdown list menu and choose a different flag. b. Use the MoveUp and MoveDown buttons for the Authentication Stack list to modify the processing position of the login module in the authentication stack. c. Configure the login module options in the Options for Selected Login Module list.
If you configure options for login modules in an authentication stack you override the globally configured options for this login module. Therefore, you also have to configure all relevant options for this login module instance in the authentication stack. |
Remove login module from the authentication stack |
... 1. Select the component’s policy configuration from the Component Policy Configurations list. 2. Select the login module from the Authentication Stacks list. 3. Choose the Remove button for the Authentication Stack table. |
...
3. Choose Save to save your changes, or Revert to cancel them to the last saved configuration.
Viewing Application Properties for Authentication
The application properties for authentication only apply to policy configurations of type Web. Otherwise application properties are defined in the deployment descriptors.
For more
information, see
Configuring
Authentication.
...
1. Select a policy configuration of type Web.
2. Under Details of policy configuration "<policy_name>", choose the Properties tab.
The table below lists the application properties for authentication.
Application Property |
Description |
policy_domain |
The security policy domain of the application as specified in its web-j2ee-engine.xml. If this property is not specified in web-j2ee-engine.xml, then the system generates a unique policy domain name. |
realm_name |
The realm name of the application as defined in its web.xml. |
auth_method |
Specifies the way the server communicates with the client to request the required credentials (as defined by the Servlet specification). Possible values are BASIC, FORM, CLIENT_CERT. Default is FORM. |
form_login_page |
The form login page of the application as defined in its web.xml. If this property is not present, then the default form login page of the NetWeaver logon application is used. |
form_error_page |
The form error page of the application as defined in its web.xml. If this property is not present, then the default form page of the NetWeaver logon application is used. |
password_change_login_page |
The password change page of the application as defined in its web-j2ee-engine.xml. If this property is not present, then the default password change page of the NetWeaver logon application is used. |
password_change_error_page |
The password change error page of the application as defined in its web-j2ee-engine.xml. If this property is not present, then the default password change error page of the NetWeaver logon application is used. |