Hi,
We are trying to implement header authentication to SAP EP 7.3 with Tivoli Access Manager for e Business. We followed the attached PDF from SAP to implement ip header authentication.
We followed the steps below:
- 1. Deployed the package (https://sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/business_packages/a1-8-4/IPHeaderLoginModuleLibrary.zip) with JSPM tool. The package was deployed successfully.
- 2. Configured the system for authentication with header variable. The header authentication was working successfully. We were able to login through a HTTP header passed by Tivoli Access Manager.
- 4. Registered a new login module with the class name de.platinion.security.IPHeaderLoginModule and name, IPHeaderLoginModule at the following location NWA>Configuration>Security>Authentication and Single Sign-On>Login modules.
- 5. In the NWA>Configuration>Security>Authentication and Single Sign-On, replaced the HeaderVariableLoginModule from the login module stack ticket with the new IPHeaderLoginModule. Added the following properties for this module:
- Header = <TAM header name>
- Ume.configuration.active = true
- Ip = <TAM IP address>
The login module stack looks like:
- EvaluateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
- IPHeaderLoginModule REQUIRED {ip = TAM_IP_ADDRESS, ume.configuration.active=true, Header=<header_name>}
- BasicPasswordLoginModule REQUISITE {}
- CreateTicketLoginModule OPTIONAL {ume.configuration.active=true}
After making this configuration change we restarted the EP J2EE engine. After restart we were not able to login though the Web GUI. The header authentication as well as the direct URL (username/password) authentication is not working. We are basically locked out of the system and cannot make any change in the configuration.
Please advise on next steps.