Authentication of users for an applicaion..

Similar Messages

• How to use an authenticated user for a proxy call

  Dear all,
  I am currently working on a JEE application where the user needs to authenticate (for this I have configured the web.xml).
  Now inside this application I need to do a proxy call to a PI webservice.
  I would like to use the user credentials of the already logged in user in order to call the proxy.
  What I don't want to do is to use a service user for the proxy call.
  The code I am trying to call looks something like this:
       private IntegratedConfigurationIn getPort() throws Exception{
            IntegratedConfigurationIn port = null;
            try {
                 IntegratedConfigurationInService service = null;
                 service = new IntegratedConfigurationInService();
                 port = (IntegratedConfigurationIn) service.getIntegratedConfigurationIn_Port();
                BindingProvider bp = (BindingProvider)port;
                bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, user);
                bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);
                if (url.length() != 0)
                     bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, url);
            catch (Exception ex){
                 ex.printStackTrace();
            return port;
  The examples I found to retrieve the userdata pointed to codes similar to this one:
  public HttpServletRequest getHttpRequest() throws Exception {
            // Get runtime context
            Properties props = new Properties();
            props.put("domain", "true");
            Context initialContext = new InitialContext(props);
            ApplicationWebServiceContext wsContext = (ApplicationWebServiceContext) initialContext
                      .lookup(" /wsContext/ApplicationWebServiceContext");
            HttpServletRequest req = wsContext.getHttpServletRequest();
            return req;
  com.sap.security.api.IUser sapUser = com.sap.security.api.UMFactory.getAuthenticator().getLoggedInUser(getHttpRequest(), null);
            IUser ep5User = com.sapportals.wcm.util.usermanagement.WPUMFactory.getUserFactory().getEP5User(sapUser);
  Now I don't know how to bring it togehter and how to use an authenticated user for the BindingProvider.
  I would appreciate any hints or ideas.

  Peter,
  from the first screenshot, what I understood is that, you are calling an inbound PI web service that is intended to create an integrated configuration object (this is used for whole lot of other reason completely) but not actually calling a development web service.
  For this, you would have to generate your client classes from the WSDL provided by the PI developer for that particular service. Once you get those client classes generated, you could used the method provided in the other screenshot to extract the user and password and call the intended web service.
  Vijay Konam

• Hot to retrieve an authenticated user for JCA in a repository service?

  Hi,
  I implemented a repository service wich calls an ABAP Functionmodule via JCA and RFC. This connection has to be build up with the current logged in user.
  But how can I get an authenticated ep6-user in the repository service received-event? Or is it possible to do this with an ep5-user?
  I don't want to use username/password.
  String sapsystem = "R3SYSTEM";
  IConnectorGatewayService cgService = (IConnectorGatewayService)PortalRuntime.getRuntimeResources().getService(IConnectorService.KEY);
  ConnectionProperties connProps = new ConnectionProperties(locale, (IPrincipal)user);
  IConnection connection = cgService.getConnection(sapsystem, connProps);
  In the last line I got the error message:
  com.sapportals.connector.connection.ConnectionFailedException: Connection Failed: Nested Exception. Failed to get connection. Please contact your admin.
  Any ideas?
  Thanks.

  Peter, the autheticated user is available from the portal request object. Get that one in your application and read from the UME all the properties you wanna get and build your web service call with it. It looks for me straight forward, what exactly is your problem?
  cheers

• Why Unable to identify a user for 802.1X authentication (0x50001)?

  Hello, 
    We are trying to set up wifi single-sign-on. When logging to a laptop get a message
  "Connecting to Pivot_Users" and after some time "Unable to connect to Pivot_Users" and after that we are logged in to a laptop and successfully connected to Pivot_Users wifi network.
  Server: windows server 2003 (with all updates)
  laptop: windows 7 professional SP1 (with all updates)
  When looking to event log i found this error:
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          2012-10-10 10:38:01
  Event ID:      5632
  Task Category: Other Logon/Logoff Events
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:      sba01-nb
  Description:
  A request was made to authenticate to a wireless network.
  Subject:
  Security ID:                
  Account Name:                -
  Account Domain:                -
  Logon ID:                0x0
  Network Information:
  Name (SSID):                Pivot_Users
  Interface GUID:                {64773f24-bf8b-4e91-bbd7-eb199e3c2c5e}
  Local MAC Address:        C4:85:08:12:77:44
  Peer MAC Address:        00:24:97:83:8E:61
  Additional Information:
  Reason Code:                Unable to identify a user for 802.1X authentication (0x50001)
  Error Code:                0x525
  EAP Reason Code:        0x0
  EAP Root Cause String:        
  EAP Error Code:                0x0
  Event Xml:
    <System>
      <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
      <EventID>5632</EventID>
      <Version>1</Version>
      <Level>0</Level>
      <Task>12551</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8010000000000000</Keywords>
      <TimeCreated SystemTime="2012-10-10T07:38:01.093305500Z" />
      <EventRecordID>37791</EventRecordID>
      <Correlation />
      <Execution ProcessID="760" ThreadID="2224" />
      <Channel>Security</Channel>
      <Computer>sba01-nb</Computer>
      <Security />
    </System>
    <EventData>
      <Data Name="SSID">Pivot_Users</Data>
      <Data Name="Identity">
      </Data>
      <Data Name="SubjectUserName">-</Data>
      <Data Name="SubjectDomainName">-</Data>
      <Data Name="SubjectLogonId">0x0</Data>
      <Data Name="PeerMac">00:24:97:83:8E:61</Data>
      <Data Name="LocalMac">C4:85:08:12:77:44</Data>
      <Data Name="IntfGuid">{64773F24-BF8B-4E91-BBD7-EB199E3C2C5E}</Data>
      <Data Name="ReasonCode">0x50001</Data>
      <Data Name="ReasonText">Unable to identify a user for 802.1X authentication</Data>
      <Data Name="ErrorCode">0x525</Data>
      <Data Name="EAPReasonCode">0x0</Data>
      <Data Name="EapRootCauseString">
      </Data>
      <Data Name="EAPErrorCode">0x0</Data>
    </EventData>
  </Event>
  Thank you for answer and help.
  Regards, 
    Tadas

  Hi,
  Thanks for your post.
  Have you configured the client to only use user authentication for 802.1X? If so, I would like to inform you that this is expected when you configure the 802.1X to user only authentication.
  Here is the process that is followed.
  1. As soon as client is connected to the network the Authenticator (switch) periodically sends EAP request packet/frame to the client/supplicant.
  2. The client has to respond back with an identify and if its configured only for User authentication then it will send blank identity.
  3. The Authenticator cannot validate and the authentication would fail.
  4. Windows client is configured for a block time of 20 min. So, once the authentication fails the NIC card will go in block time for 20 min until there is a change in credentials. So, even if the authenticatior(swithch) is periodically sending EAP request
  it will just ignore them
  5. You will see event 15506 after the event 15514.
  Here’s the technet that you we can refer for the reason code : Reason: 0x50001 that we see in the event 15514
  http://technet.microsoft.com/en-us/library/cc727747(WS.10).aspx
  0x50001 = Dec 327681
  Reason code:  327681   Event log message:  The 802.1X module was unable to identify a set of credentials to be used. [An example is when the authentication mode is set to “User” but no user is logged on.]   # def name: 
  ONEX_UNABLE_TO_IDENTIFY_USER
  Best Regards,
  Aiden
  Aiden Cao
  TechNet Community Support

• Setup OID authenticated users for DB user globally identified users.

  I keep reading that you can setup Globally Identified users in Oracle database that
  are authenticated by OID. But it does not seem to work and I cannot find explicit
  directions for setting this up. I assume there must be some OID/SSO site
  configuration I am not aware of.
  We have an AS 10g app, a DB 9.2, and Forms 10g application. I created an OID
  user, Created a Globally Identified User in DB, but when I log into SSO, setup my
  RAD with password "doesnotmatter", then the database login comes up with
  invalid Username/Password.
  Whats not right?
  We have to use OID to get Case Sensitive Passwords and we can get it to login
  to a normal user account with a valid matching password. However, passwords
  must be expired every 30-90 days and the change in OID during login does not
  go through to the DB account. OID does care but I can't have DB accounts sitting
  around with passwords that never expire and OID can't change them. I'd rather
  have DB accounts that cannot be logged into.
  Any else sucessfully implemented OID and Globally Identified DB users or found a
  way to change DB Password after login/change password to OID?

  Have you configured enterprise user security for your database? If not, that would be the first step to take.
  The credentials stored in the RAD must match the SSO/OID user's credentials. There is no automatic way of doing that, so the user (or admin) has to set this up.
  So, the steps to follow are:
  1. Configure DB for EUS.
  2. Create OID user. Assuming you have mapped the shared schema to the users container, there is not need to create a DB user (for the OID user).
  3. If you want a one-to-one mapping, then you need to create a map the schema to the OID user (using Enterprise Security Manager).
  4. Create the RAD and add the SSO user's credentials.
  5. Test the above steps by accessing the Form using the RAD.
  Sanjay
  I keep reading that you can setup Globally Identified
  users in Oracle database that
  are authenticated by OID. But it does not seem to
  work and I cannot find explicit
  directions for setting this up. I assume there must
  be some OID/SSO site
  configuration I am not aware of.
  We have an AS 10g app, a DB 9.2, and Forms 10g
  application. I created an OID
  user, Created a Globally Identified User in DB, but
  when I log into SSO, setup my
  RAD with password "doesnotmatter", then the database
  login comes up with
  invalid Username/Password.
  Whats not right?
  We have to use OID to get Case Sensitive Passwords
  and we can get it to login
  to a normal user account with a valid matching
  password. However, passwords
  must be expired every 30-90 days and the change in
  OID during login does not
  go through to the DB account. OID does care but I
  can't have DB accounts sitting
  around with passwords that never expire and OID can't
  change them. I'd rather
  have DB accounts that cannot be logged into.
  Any else sucessfully implemented OID and Globally
  Identified DB users or found a
  way to change DB Password after login/change password
  to OID?

• How to setup database user for windows NT SSO

  Hi,
  We have a scenario where we have to setup a database user so that SSO can be worked in windows environment.
  We have oracle 10g installed on UNIX server. Now we want to setup a autosys user which will also be a winows user for eg by the name kumaral and domain (which is Logon option in windows) will be FM, so eventually user name will be FM\kumaral. Autosys will be on windows machine and we have installed oracle client on this machine.
  On oracle database we have created two user by following syntax:
  (1) CREATE USER "OPS$FM\KUMARAL" IDENTIFIED EXTERNALLY;
  (2) CREATE USER "OPS$FM\kumaral" IDENTIFIED EXTERNALLY;
  Also we have provided connect grant to these users.
  GRANT CONNECT TO "OPS$FM\KUMARAL".
  GRANT CONNECT TO "OPS$FM\kumaral".
  I am login in windows through FM\kumaral user, but we are not able to connect to oracle through this user, we are trying to connect to oracle from below mentioned query:
  sqlplus /
  but we are not able to connect.
  Can someone please help me on this?
  Thanks in Advance.
  Amit.

  Check MOS note :
  WIN: Setup O/S Authentication [ID 60634.1]
  Regards
  Rajesh

• SSO Authentication Audit Information for Partner Apps ?

  Hi,
  Is it possible to get Audit Information to show when a users has been authenticated by SSO for a Partner Application ?
  If I look at orasso.wwsso_audit_log_view I can see when a user has been authenticated and a row for Portal and each Partner App that gets authenticated. The question is can you tell which row relates to which Partner App or is there another table with this information ?
  i.e I have two Partner Apps, a user logs onto Portal and only visits pages for one of them, When I log I see 2 rows, I need to know which Partner App they vistied (A or B).
  Thanks
  Simon.

  Well in that case i guess am in luck because i am working with oracle. The thing however is that I don't know where to fetch the information about the installation and all that in order to proceed ahead.
  Besides it seems, the easier it was to make the application and deploy it on the apex, the harder it is to integrate it with the SSO.
  Also i don't understand when you say "public apex.oracle.com", I always thought it was meant only for oracle employees as in it's not accessible through the internet.
  You won't (unless you work for Oracle) be able to do
  that on the public apex.oracle.com site as far as I'm
  aware.

• Authenticating a user using JCO

  Hi,
  I was authenticating a user in SAP using the following code:
     System.out.println("\n\nVersion of the JCO-library:\n" + "----
  \n"
                      + JCO.getMiddlewareVersion());
              Properties props = new Properties();
              props.put("jco.client.client", "800");
              props.put("jco.client.user", "gk1");
              props.put("jco.client.passwd", "password");
              props.put("jco.client.lang", "EN");
              props.put("jco.client.sysnr", "01");
              props.put("jco.client.ashost", "172...*");
              client = JCO.createClient(props);
              // Open the connection
              client.connect();
  Here, the password for the "gk1" user is "password". Now if I update the password to be "password1" in the code - the user is still authenticated. No matter how many times I add digits towards the end of the password for this user, it still gets authenticated. Any ideas?
  Thanks

  Hi Gaurav,
  In SAP R/3 system, it takes only 8 digit password for any user. So, it checks upto 8 characters only. No metter how much digits or characters you have appended.
  Try to give some other password instead of just appending digits or characters behing "password".
  Regards,
  Bhavik

• Negotiate Authentication Not working for Outlook

  This is a very odd situation so bear with me when explaining this.
  I have several users scattered out in different remote offices that are haveing authentication issues in outlook 2007 when trying to connect to our exchange 2010 public folder servers (CAS).  When the users open outlook it constantly sits at trying
  to connect and eventually locks the machine up until you use the task manager to close outlook.  I have only determined this is a public folder issue because if you hold down the cntrl key and right click on the outlook icon in the taskbar (next to clock) you
  get and option to see connection status.  This shows the server name (one of the CAS) and the type as public folder and the connection status is empty. 
  We opened a microsoft ticket on this and they said it was a client side issue because we have 1700 users connection to the same set of servers with out issues.  Well we have reimaged the users desktop, replaced all cableing from the user to the switch,
  and confirmed the IOS on the routers matches other offices that are working.   Still the same problem.
  Heres the kicker!  This problem does not effect other users in the same office and if this paticular user logs into another machine the same problem happens.  But if she accesses her mailbox from Web Access she has no problems and if I log this
  user on here at our home office on the same LAN as the Exchange system she has no issues.
  But wait theres more.  We have deleted the user's mailbox and LAN account.  Created a new mailbox and LAN account with a similar name not the same one and when I log on to her machine exacte same issue.  I have removed all antivirus software
  from the machine and still have the same problem.  
  Not until we ran wireshark on her machine did I start seeing some ntlm authentication issues to the exchange system. We manually changed outlook from Negotiate Authentication to  Password Authenticatoin (NTLM) and viola her email started syncing??? 
  When i change this setting on the other users they connect also. But why are we not haveing to change this on the other 1700 users?
  Can anyone please offer some insite in to what the hell is causing this and why it seem to follow the user around.  I have been troubleshooting this for weeks and am so frustrated because it just doesnt make any sense. 
  Thankyou to anyone willing to provide any ideas into what could be causing this.  When we opened a Microsoft ticket they were convinced that its client side but I have replaced everything.

  Hello,
  if you using OAW (Outlook AnyWhere) check the authentication method
  get-OutlookAnywhere -Identity "<Servername>xpv00645\RPC (Default Web Site)" | fl *AuthenticationMethod*
  I think it is set of NTLM or Negotiate.
  Outlook 2007 has negotiate
  problems at an OAW connection
  authentication.
  Change the authentication to NTLM for
  the internal and Basic for the extenal method.
  You need to reconfigure the Outlook Exhange settings to anonymous authentication and in the proxy settings to default authentication

• Authentication Failed: User xelsysadm javax.security.auth.login.FailedLogin

  Hi All,
  I have an critical ssue to be solved on Production environemt :(,
  we have oim installed on cluster in production(OIM11g installed on server ), the configuration is as mentioned below
  cluster 1--oim1,soa1--server1--holds admin server
  cluster 2--oim2,soa2--server2--managed server and no admin server
  This instance was working fine, we had to restart the server machine for some reason and i am not able to start OIM server :( after that.
  following is the exception i get when i start the OIM server , Please help :(
  2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.weblogic.listeners.ADFApplicationLifecycleListener] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFApplicationLifecycleListener.preStop. Cleaning up Application caches.
  [2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Clean up Application Caches
  [2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
  [2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
  [2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
  [2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
  [*2011-05-13T13:42:30.193+05:30] [wls_oim1] [ERROR] [] [OIM Authenticator] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Error while retrieving user xelsysadm*
  *[2011-05-13T13:42:30.224+05:30] [wls_oim1] [ERROR] [IAM-0020011] [oracle.iam.platform.auth.client] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Login Exception encountered when trying to login as admin {0}[[*
  *javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied*
  at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:199)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:684)
  at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
  at Thor.API.Security.LoginHandler.weblogicLoginHandler.login(weblogicLoginHandler.java:62)
  at oracle.iam.platform.OIMClient.login(OIMClient.java:134)
  at oracle.iam.platform.OIMClient.login(OIMClient.java:114)
  at oracle.iam.platform.OIMInternalClient.loginAsAdmin(OIMInternalClient.java:69)
  at oracle.iam.scheduler.impl.util.SchedulerUtil.getSchedulerService(SchedulerUtil.java:735)
  at oracle.iam.scheduler.webapp.SchedulerStartupServlet.resetRunningJobStatus(SchedulerStartupServlet.java:247)
  at oracle.iam.scheduler.webapp.SchedulerStartupServlet.stopScheduler(SchedulerStartupServlet.java:123)
  at oracle.iam.scheduler.webapp.SchedulerStartupServlet.destroy(SchedulerStartupServlet.java:261)
  at weblogic.servlet.internal.StubSecurityHelper$ServletDestroyAction.run(StubSecurityHelper.java:303)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
  at weblogic.servlet.internal.StubSecurityHelper.destroyServlet(StubSecurityHelper.java:81)
  at weblogic.servlet.internal.StubLifecycleHelper.destroyOneInstance(StubLifecycleHelper.java:144)
  at weblogic.servlet.internal.StubLifecycleHelper.destroy(StubLifecycleHelper.java:134)
  at weblogic.servlet.internal.ServletStubImpl.destroy(ServletStubImpl.java:438)
  at weblogic.servlet.internal.WebAppServletContext.destroyServlets(WebAppServletContext.java:3232)
  at weblogic.servlet.internal.WebAppServletContext.destroy(WebAppServletContext.java:3192)
  at weblogic.servlet.internal.ServletContextManager.destroyContext(ServletContextManager.java:241)
  at weblogic.servlet.internal.HttpServer.unloadWebApp(HttpServer.java:461)
  at weblogic.servlet.internal.WebAppModule.destroyContexts(WebAppModule.java:1540)
  at weblogic.servlet.internal.WebAppModule.deactivate(WebAppModule.java:513)
  at weblogic.application.internal.flow.ModuleStateDriver$2.previous(ModuleStateDriver.java:389)
  at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
  at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
  at weblogic.application.internal.flow.ModuleStateDriver.deactivate(ModuleStateDriver.java:141)
  at weblogic.application.internal.flow.ScopedModuleDriver.deactivate(ScopedModuleDriver.java:207)
  at weblogic.application.internal.flow.ModuleListenerInvoker.deactivate(ModuleListenerInvoker.java:261)
  at weblogic.application.internal.flow.DeploymentCallbackFlow$2.previous(DeploymentCallbackFlow.java:538)
  at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
  at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
  at weblogic.application.internal.flow.DeploymentCallbackFlow.deactivate(DeploymentCallbackFlow.java:182)
  at weblogic.application.internal.flow.DeploymentCallbackFlow.deactivate(DeploymentCallbackFlow.java:175)
  at weblogic.application.internal.BaseDeployment$2.previous(BaseDeployment.java:1281)
  at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
  at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
  at weblogic.application.internal.BaseDeployment.deactivate(BaseDeployment.java:453)
  at weblogic.application.internal.EarDeployment.deactivate(EarDeployment.java:58)
  at weblogic.application.internal.DeploymentStateChecker.deactivate(DeploymentStateChecker.java:199)
  at weblogic.deploy.internal.targetserver.AppContainerInvoker.deactivate(AppContainerInvoker.java:98)
  at weblogic.deploy.internal.targetserver.BasicDeployment.deactivate(BasicDeployment.java:263)
  at weblogic.deploy.internal.targetserver.BasicDeployment.deactivateFromServerLifecycle(BasicDeployment.java:458)
  at weblogic.management.deploy.internal.DeploymentAdapter$1.doDeactivate(DeploymentAdapter.java:74)
  at weblogic.management.deploy.internal.DeploymentAdapter.deactivate(DeploymentAdapter.java:215)
  at weblogic.management.deploy.internal.AppTransition$6.transitionApp(AppTransition.java:67)
  at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
  at weblogic.management.deploy.internal.ConfiguredDeployments.deactivate(ConfiguredDeployments.java:199)
  at weblogic.management.deploy.internal.ConfiguredDeployments.undeploy(ConfiguredDeployments.java:191)
  at weblogic.management.deploy.internal.DeploymentServerService.shutdownApps(DeploymentServerService.java:195)
  at weblogic.management.deploy.internal.DeploymentServerService.shutdownHelper(DeploymentServerService.java:127)
  at weblogic.application.ApplicationShutdownService.stop(ApplicationShutdownService.java:106)
  at weblogic.t3.srvr.ServerServicesManager.stopInternal(ServerServicesManager.java:495)
  at weblogic.t3.srvr.ServerServicesManager.stop(ServerServicesManager.java:316)
  at weblogic.t3.srvr.T3Srvr.shutdown(T3Srvr.java:1036)
  at weblogic.t3.srvr.T3Srvr.gracefulShutdown(T3Srvr.java:939)
  at weblogic.t3.srvr.GracefulShutdownRequest.run(GracefulShutdownRequest.java:41)
  at weblogic.work.ContextWrap.run(ContextWrap.java:41)
  at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Thanks in advance

  Agreed with all above pointers.
  I think you have to raise SR with oracle, because it is prod environment.
  If you still want to do some R&D.
  1. Also check this URL might help, but not sure.
  http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14308/handlinglcm.htm#CIAJCEEF
  http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14308/handlinglcm.htm#CIAEFAGF
  2. Restart all servers (along with Admin server and DB).

• Can we define users for both studio and integrator server

  Can someone please let me know how can we define users for both studio and integrator server so that the user can be used to view UI page but not modify it.I want to define user in studio which will access the Page but not modify it. And the user in integrator server should be able to view scheduled jobs.
  Thanks a lot.
  Regards,
  Amrit

  Amrit,
  Both Studio and Integrator Server support LDAP. See http://docs.oracle.com/cd/E35976_01/studio.240/eid_studio_users/toc.htm#Integrating%20with%20an%20LDAP%20System%20to%20Manage%20Users for details about implementing LDAP in Studio. For Integrator Server, see "LDAP Authentication", p. 38 (document pagination; p. 44 pdf file pagination) in the Integrator Server Guide (http://docs.oracle.com/cd/E35976_01/integrator.240/DataIntegratorServer.pdf).
  RLJII

• Machine Authentication and User Authentication with ACS v5.1... how?

  Hi!
  I'm having trouble setting up Machine Authentication and User Authentication on ACS v5.1 using WinXP SP3 (or SP2) as supplicant.
  This is the goal:
  On wireless (preferably on wired too) networks, get the WinXP to machine authenticate against AD using certificates so the machine is possible to reach via for example ping, and it can also get GPO Updates.
  Then, when the user actually logs in, I need User Authentication, so we can run startup scripts, map the Home Directory and so on.
  I have set up a Windows Sertificate server, and the client (WinXP) are recieving both machine and user certificates just fine.
  I have also managed to set up so Machine Authenticaton works, by setting up a policy rule that checks on certificate only:
  "Certificate Dictionary:Common Name contains .admin.testdomain.lan"
  But to achieve that, I had to set EAP Type in WinXP to Smart Card or other Certificate, and then no PEAP authentication occurs, which I assume I need for User Authentication? Or is that possible by using Certificates too?
  I just don't know how to do this, so is there a detailed guide out there for this? I would assume that this is something that all administrators using wireless and WinXP would like to achieve.
  Thank you.

  Hello again.
  I found out how to do this now..
  What I needed to do was to add a new Certificate Authentication Profile that checks against Subject Alternative Name, because that was the only thing I could find that was the same in both user certificate and machine certificate.
  After adding that profile to the Identity Store Sequences, and making tthe appropriate rule in the policy, it works.
  You must also remember to change the AuthMode option in Windows XP Registry to "1".
  What I really wanted to do was to use the "Was Machine Authenticated" condition in the policies, but I have never gotten that conditon to work, unfortunately.
  That would have plugged a few security holes for me.

• Authenticating Guest Users Using External Database.

  Folks, greetings.
  Due to the limitations imposed by wlc's database size, we decided to go for an external authentication server.
  Since this external database is for guest access, we are considering in using a Linux box with LDAP, along with a web-based application which will be presented to the user for authentication purposes. This way, the user would type in his/her credentials on this portal and the same box would process the authentication.
  In such a scenario, we would buid an application for the "Lobby Amabassadors" input the guest data (for auditing purposes we need to enter the user's SSN, passport # or any other official ID), and this application would generate the password to be used during the authentication process.
  I've used web-auth before, with the users database loaded on the WLC (local net users). Even using an external web-auth portal, the user is still authenticated by the controller that in turn, will control whether the traffic is to be allowed or not, based on the authentication results.
  That's exactly where our question lies: how should we configure the WLAN so that the WLC would receive the access request and forward it to the authentication portal/server? Would it envolve radius?
  This same Linux would be the DHCP server for this guest WLAN.
  WLC vesion: 4.2.130.0
  Regards,
  AL

  Using the Web Authentication feature on a Cisco wireless LAN controller, we can authenticate a guest user on the wireless LAN controller, on an external web server or on an external database on a RADIUS server. We can configure the wireless LAN used for guest traffic to authenticate the user from an external RADIUS server.
  To enable an external RADIUS server to authenticate traffic using the GUI, follow this link.
  http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1001207

• Secondary Domain Controller Not Authenticating Domain Users

  Hi.
  I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
  DC USA
  Installation & replication of AD went fine
  India domain users login is damn slow.
  When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
  Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
  Please find the dcdiag results below and any help much appreciated
  Performing initial setup:
     Trying to find home server...
     Home Server = server2
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: INDIA\server2
        Starting test: Connectivity
           ......................... server2 passed test Connectivity
  Doing primary tests
     Testing server: INDIA\server2
        Starting test: Advertising
     Warning: DsGetDcName returned information for \\server1.tst.mycompany.com, when we were trying to reach
     server2.
     SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
           ......................... server2 failed test Advertising
        Starting test: FrsEvent
           ......................... server2 passed test FrsEvent
        Starting test: DFSREvent
           There are warning or error events within the last 24 hours after th
           replication problems may cause Group Policy problems.
           ......................... server2 failed test DFSREvent
        Starting test: SysVolCheck
           ......................... server2 passed test SysVolCheck
        Starting test: KccEvent
           ......................... server2 passed test KccEvent
        Starting test: KnowsOfRoleHolders
           ......................... server2 passed test KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... server2 passed test MachineAccount
        Starting test: NCSecDesc
           ......................... server2 passed test NCSecDesc
        Starting test: NetLogons
           Unable to connect to the NETLOGON share! (\\server2\netlogon)
           [server2] An net use or LsaPolicy operation failed with error 67,
           ......................... server2 failed test NetLogons
        Starting test: ObjectsReplicated
           ......................... server2 passed test ObjectsReplicated
        Starting test: Replications
           ......................... server2 passed test Replications
        Starting test: RidManager
           ......................... server2 passed test RidManager
        Starting test: Services
           ......................... server2 passed test Services
        Starting test: SystemLog
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 02/22/2015   17:10:30
              Event String: Intel(R) 82574L Gigabit Network Connection
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 02/22/2015   17:11:24
              Event String: The WinRM service is not listening for WS-Manageme
           An error event occurred.  EventID: 0x0000271A
              Time Generated: 02/22/2015   17:11:24
              Event String:
              The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not regist
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 02/22/2015   17:12:41
              Event String: Intel(R) 82574L Gigabit Network Connection
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 02/22/2015   17:19:36
              Event String:
              Name resolution for the name mycompany.com timed out after none
           A warning event occurred.  EventID: 0x00001796
              Time Generated: 02/22/2015   17:28:54
              Event String:
              Microsoft Windows Server has detected that NTLM authentication i
  his server. This event occurs once per boot of the server on the first time
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 02/22/2015   17:33:35
              Event String: The WinRM service is not listening for WS-Manageme
           A warning event occurred.  EventID: 0x00001796
              Time Generated: 02/22/2015   17:35:54
              Event String:
              Microsoft Windows Server has detected that NTLM authentication i
  his server. This event occurs once per boot of the server on the first time
           ......................... server2 failed test SystemLog
        Starting test: VerifyReferences
           ......................... server2 passed test VerifyReferences
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValida
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValida
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidat
     Running partition tests on : tst
        Starting test: CheckSDRefDom
           ......................... tst passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... tst passed test CrossRefValidation
     Running enterprise tests on : tst.mycompany.com
        Starting test: LocatorCheck
           ......................... tst.mycompany.com passed test LocatorChec
        Starting test: Intersite
           ......................... tst.mycompany.com passed test Intersite

  Hi.
  I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
  DC USA
  Installation & replication of AD went fine
  India domain users login is damn slow.
  When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
  Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
  Firstly make sure that you have configured sites and subnets correctly. According to your information which you have two locations, you should have at least 2 sites and 2 subnets associated to them. If you have forgotten to configure subnets of India in your
  site and services and assigned them to the India site you are experiencing this issue. Also make sure if clients in India has appropriate network connectivity to the domain controllers in India.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Enforce AnyConnect client to do machine authentication when user is logged on

  Hi All,
  I want to use AnyConnect as a supplicant to our corporate WLAN and also use Machine Authentication feature on ACS 5.3.
  Is there a way how to enforce AnyConnect client to do machine authentication when user is logged on? Sometimes can happen, when user just hybernate the computer and do not log off and log on. If they don't do this in some period, then they are not allowed to use WLAN.
  Thanks for your help.
  Regards
  Karel

  The problem appears to be if a user hibernate or ACS is reloaded and machine authentication  timer expired and user need to logout and wait or reboot the machine. After that it authenticates and then user can login again.  Anyconnect 3.1 will allow eap chainging and should be able to address that problem.