Information regarding the VSJ AbstainIfNotMappedLoginFilter
The AbstainIfNotMappedLoginFilter implements the following behavior: when a user tries to access a NetWeaver Java web application, if they are successfully authenticated using SSO, but not mapped to any UME user, they will be able to enter a login/password using the SAP Logon/Form.
Note, The AbstainIfNotMappedLoginModule is not useful when users cannot do SSO (ie. The user is not logged on with Active Directory credentials).
To use the AbstainIfNotMappedLoginFilter you need VSJ 3.3 for NetWeaver with Patch 3536 or greater.
In VSJ for NetWeaver, the VsjLoginModule has a concept of login filters (a similar design pattern to Java servlet filters, but for the JAAS LoginModule interface).
The VsjLoginModule lets you configure a list of zero or more login filters. For each login filter you must specify the name of the Java class that implements the login filter; optionally you can also specify configuration parameters for the login filter (if it needs some). In order to be able to refer to each login filter, the syntax that the VsjLoginModule uses requires you to pick a name for it (and use that name consistently). (The name can be anything you want, but generally its a good idea to use a name that makes sense.)
The AbstainIfNotMappedLoginFilter is a simple login filter that doesnt need any configuration parameters and can be used on its own, i.e. the length of the login-filters list is 1.
For example, if you use abstain as the name that we will use to refer to this login filter. Then the JAAS options that you need to add to the VsjLoginModule in order to use the AbstainIfNotMappedLoginFilter are:-
loginFilters = abstain
abstain.class = com.quest.vsj.netweaver.login.AbstainIfNotMappedLoginFilter