2642443 - Issue authenticating more than one user in shared device - Agentry SSO - Windows Mobile | SAP Knowledge Base Article

SAP Knowledge Base Article - Preview

2642443 - Issue authenticating more than one user in shared device - Agentry SSO - Windows Mobile

Symptom

  • Using Agentry application - SAP Inventory Manager 4.3.1 solution running on Windows Mobile devices
  • In SAP Mobile Platform SMP 3.0, there is an issue with the mobile application in a shared device scenario
  • When 2 or more users want to use the application in the same mobile device

    The process is at follows:
    1. The first user comes and logs him/herself into the application, performs the initial synchronization, use the app and then he/she exits the app
    2. The second user comes, take the device, enters user name and password and since he/she is not the one synced, the app asks to connect to the server for authentication
    3. After continuing this action, an error message saying that the user or password is invalid is displayed.
      • The problem seems to be related to the LDAP authentication, the user tried removing the SSO and everything works fine
      • After checking the logs, it seems that the LDAP is not validating properly the second user or the client is not sending the info correctly
      • See log extract below:

        ~~~~~~~~~~Log Error~~~~~~~~~~~~~~~~~
        CheckIfSessionExists returned false. Was logged out due to webapp switchfalse |
        No AuthenticationEntryPoint was set during login attempt. Falling back to HTTP 401 + WWW-Authenticate |
        ~~~~~~~~~~End~~~~~~~~~~~~~~~~~~~~~
      • Have checked the application side and SMP server side, and everything seems fine
      • Tested this with the Agentry WPF client and Android client and everything works
      • The problem could be the Windows Mobile specific

        ~~~~~~~Error From Windows Mobile~~~~~~~~~

        "The username/password is invalid" on Windows mobile device only

        ~~~~~~~~~End~~~~~~~~~~~~~~~~~~~~~~

      • Additional log errors:

        ~~~~~~~Error~~~~~~~~~~~~~~~~~~~~~~~

        2018 01 04 10:32:38#+00#DEBUG#com.sap.mobile.platform.server.foundation.security.filter.AuthenticationFilter###http-bio-8081-exec-9####6620e674-e786-48f1-b217-ca2dd75cc670#####Authenticating request |

        2018 01 04 10:32:38#+00#DEBUG#com.sap.mobile.platform.server.foundation.security.filter.AuthenticationFilter###http-bio-8081-exec-9####6620e674-e786-48f1-b217-ca2dd75cc670#####authfilter-1: Security Configuration setto: 'LDAP_XXXXX' |

         

        2018 01 04 10:32:39#+00#INFO#com.sap.mobile.platform.server.foundation.security.filter.AuthenticationFilter###http-bio-8081-exec-9####6620e674-e786-48f1-b217-ca2dd75cc670#####Authentication Failed for: 'null' |

        2018 01 04 10:32:39#+00#WARN#com.sap.mobile.platform.server.foundation.security.filter.AuthenticationFilter###http-bio-8081-exec-9####6620e674-e786-48f1-b217-ca2dd75cc670#####sec_smp_auth_failed |

        2018 01 04 10:32:39#+00#DEBUG#com.sap.mobile.platform.server.foundation.security.filter.AuthenticationFilter###http-bio-8081-exec-9####6620e674-e786-48f1-b217-ca2dd75cc670#####No AuthenticationEntryPoint was set

        during login attempt. Falling back to HTTP 401 + WWW

        -Authenticate |

        ~~~~~~~~~End~~~~~~~~~~~~~~~~~~

      • From the additonal log error above, it is assumed that the device is not sending the credentials properly when the user has been changed in Windows
      • By utilizing the technique:
        1. Sync User A.
        2. Log out User A.
        3. Clear the client (reference: SAP KBA # 1859005).
        4. Then Login as User B.
        5. Sync User B.
      • This technique works and the issue is tied to shared devices and the problem will be that the user has to do an initial (long sync) each time they change users

Read more...

Environment

  • SMPSSO
  • Windows Mobile 6.5 Prof.
  • LDAP (SMPSSO2 generator)
  • SAP Mobile Platform SDK 3.0
  • SAP Mobile Platform 3.0 (SP12)

Product

SAP Mobile Platform 3.0 ; SAP Mobile Platform SDK 3.0

Keywords

"more than one user Agentry","Initial Sync on 2nd user Agentry","LDAP SSO fail Agentry","HTTP 401 Agentry Authenticate","SSO fails Agentry for 2nd user","2nd user needs to clear client after first user", "Agentry Windows Mobile SSO" , KBA , MOB-SDK-AGC , SAP Mobile SDK Agentry Clients , MOB-SYC-SAP , Syclo Mobility for SAP backend , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.