The SAPSSOTokenLoginModule has been deprecated, Use the HttpAuthenticationLoginModule when SAP SSO2 token authentication is required. This authentication module will be removed in a future release.
| Property | Description |
|---|---|
| Implementation class | (Required) – the fully qualified class that implements the login module. com.sybase.security.sap.SAPSSOTokenLoginModule is the default class. |
| Provider type | (Required and read-only) – LoginModule is the only supported value. |
| Control flag | (Required) – optional is the default value. Determines how success or failure of this module affects the overall authentication decision. |
| SAP server URL | (Required) – the SAP server URL that provides the SSO2 token. This may or may not be the same server that authenticates the user. If providing and authenticating servers are different, you must import the SAP Token provider server certificate or one of its CA signers into the Unwired Server truststore in addition to that of the authenticating server to enable HTTPS communication. In environments where the servers are different, the basic flow is:
Note: The SAP Server URL must be configured to require BASIC authentication, not just FORM based authentication.
|
| Clear password | (Optional) – if set to True, the login module clears the username and password in the shared context. |
| Disable server certificate validation | (Optional) – the default is False. If set to True, disables certificate validation when establishing an HTTPS connection to the SAP server using the configured URL. Set to True only for configuration debugging. |
| SAP server certificate | (Optional) – name of the file containing the SAP certificate's public key in .pse format. This is required only when token caching is enabled by setting a SAP SSO token persistence data store value. |
| SAP server certificate password | (Optional) – password used to access the SAP server certificate. |
| SAP SSO token persistence data store | (Optional) – JNDI name used to look-up the data source to persist the retrieved SSO2 tokens. Set to "jdbc/default" to store tokens in the Unwired Server CDB. If unconfigured, some caching is still done based on the "Authentication cache timeout interval" property associated with the security configuration setting. If you use the default setting, you do not need to set SAP SSO token persistence data store, SAP server certificate, SAP server certificate password, or Token expiration interval properties.To enable token caching through the SAPSSOTokenLoginModule:
|
| Store password | (Optional) – if set to true, the login module stores the username/password in the shared context after successfully authenticating the user. |
| Token expiration interval | (Optional) – this property is ignored when the SAP SSO token persistence data store property is not configured. It specifies the token validity period, after which time a new token is retrieved from the SAP EIS. The default value is 120 seconds. Keep in mind that:
|
| Try first password | (Optional) – if set to True, the login module attempts to retrieve the username/password from the shared context, before calling the callback handler. |
| Use first password | (Optional) – if set to True, the login module attempts to retrieve the username/password only from the shared context, and never calls the callback handler. |
| HTTP connection timeout interval | The value, in seconds, after which an HTTP(s) connection request to the EIS times out. If the HTTP connection made in this module (for either user authentication or configuration validation) does not have a time out set, and attempts to connect to an EIS that is unresponsive, the connection hangs, which could potentially cause Unwired Server to hang. Setting the timeout interval ensures authentication failure is reported without waiting for ever for the server to respond. |