Catalyst Web-Based Authentication

Similar Messages

• Web based authentication for wired client, Crendentials submission failure.

  Hi,
  I am trying to set up the functionnality "cisco web based authentication" for the wired clients.
  The problem i encountered is that my switch doesnt forward the client's password to the ACS.
  When the user validate his credentials on the login page only the login seems to be forwarded.
  The result of the command "show ip admission cache" always show the client in the init state.(i use the default cisco web login page).
  the connection between aaa servers and the switch is working.
  You will find in attachements the running-config and the debug file.
  Thanks for your help, any ideas are welcome :) (its t os version c3750e-ipbasek9-mz.150-2.SE7).

  Well i took a look on your documents but i didnt find anything that helped me ;S.
  I'm still stucked on the same step.

• IBNS web-based authentication HTTPS intercept

  Hi everybody,
  Hopefully this is an easy question.
  I have configured an IBNS setup with Wired Web-Authentication. To sum this up: connect a computer to the switch, go to a web page, the switch intercepts the http request, sends you a log-in page, you log in and get directed to the original web page.
  For this, I have used the following guide http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577494.html
  Before I implemented this, I had the HTTP and HTTPS server on the switch disabled. But if I disable the HTTP serer (and leave the HTTPS server enabled), the switch doesn't intercept the web pages anymore. Is there a way to use web-based authentication without using the HTTP server and using only the HTTPS server on the switch?
  Hope someone can help me with this.
  Thanks
  Ian

  Well I haven't had any luck getting an iPhone to present an SSL certificate to an IIS7 ASP.Net webserver.
  The same .p12 certificate works on IE7, PocketIE (WM6), Firefox and Safari (PC version). The website is set to Require an SSL certificate. From the Windows Mobile or PC browsers, you get a prompt for the client certificate. I have tried Nick's website and the iPhone will prompt to choose between his and my certificates, however with IIS7 you just get a 403.7 client SSL certificate required error.
  I have turned on SSL tracing in HTTP.Sys and get the following (edited for length) :
  <Opcode>SslInititateSslRcvClientCert</Opcode>
  - <Keywords>
  <Keyword>Flagged on all HTTP events handling ssl interactions</Keyword>
  </Keywords>
  <Task>HTTP SSL Trace Task</Task>
  <Message>Server application is attempting to receive the SSL client certificate, which will be provided if available. If the client certificate is not available, a renegotiation will be initiated.</Message>
  <Channel>HTTP Service Channel</Channel>
  <Provider>Microsoft-Windows-HttpService</Provider>
  ... then after various SSL negotiations and receive raw data traces I see...
  <Opcode>SslRcvClientCertFailed</Opcode>
  - <Keywords>
  <Keyword>Flagged on all HTTP events handling ssl interactions</Keyword>
  </Keywords>
  <Task>HTTP SSL Trace Task</Task>
  <Message>Attempt by server application to receive client certificate failed with status: 0xC0000225.</Message>
  <Channel>HTTP Service Channel</Channel>
  <Provider>Microsoft-Windows-HttpService</Provider>
  Which basically seems to mean a "not found" error.
  Anyone had any luck with iPhone to IIS 7 (which we have to use as it is an ASP.Net website)?

• IOS 4.2.1 breaks web-based authentication to wifi access points

  Whenever I tried to access the *wifi access points* I use more often *whose authentication is web-based*, like the one at my public library or at my office, although I input my username and password correctly, I am always bounced back to the login form.
  Before iOS 4.2.1 I know that there was a problem of this sort already, related to *some incompatibility between Safari's auto-fill features and the access points*, that could be solved by simply turning off auto-fill, and I did that. But know *it looks like the problem got to a new level of subtlety*.
  Interestingly, *everything worked nicely while I was using the Gold Master version of iOS 4.2.0* that never made it to release, so the solution has to be found among the differences between 4.2.0 and 4.2.1, if you're an Apple engineer reading this.
  Can you help? Any idea or trick to try that I didn't already? Thanks!
  Giacecco

  Hi Richard,
  You mentioned that 'Apple put the AirPrint spec out there for all printer makers'. I've been looking around but I haven't found any spec. Where did you find it?
  Do printer makers have to buy a license in order to be able to advertise that they've implemented the AirPrint protocol? Is there maybe an Apple review process in place?
  TIA
  Geert

• Identity SSO API with non-web based appilcations

  hi,
  i can appreciate hwo this works with cookies etc for web based applications that use the api or one of the agents on apache etc.
  but how does it go with non web based java and say windows applications?
  can anyone point me to some docs?
  thanks

  I don't work for Sun but here are my thoughts
  1. Yes, if you don't want to use the AM SDK then the
  XML auth service is the way to go.
  2 & 3. dunno
  4. I think if you pass around the SSOToken ID
  generated by AM then any application can issue a SAML
  query to see if the session is still valid and get
  identity/auth attributes back
  5. I think SAML 2.0 supports authentication and
  single signoff
  6. If you are doing a lot of thick client apps you
  should use kerberos instead of AM web based
  Authentication. AM supports kerberos authentication,
  most modern browsers support SPEGNO for passing
  credentials to web server, AD supports Kerberos, and
  even Solaris 10 comes with a free KDC built into the
  OS. There is plenty of documentation around kerberos
  and the JDK out of the box supports GSS-API for
  Kerberos authenticationThank you for your feedback.
  We looked at the use of kerberos as well, but this is not really an option as we are dealing with fat clients installed on desktops of clients. So these desktops do not fall within our span control (multiple domain controllers etc.).
  Regards,
  Thomas

• How to pass credentials/saml token access sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication

  How to pass credentials/saml token exchange to the sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication 
  Identity provider here is Oracle identity provider 
  harika kakkireni

  Hi,
  The following materials for your reference:
  Consuming List.asmx on a claims based sharepoint site
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/f965c1ee-4017-4066-ad0f-a4f56cd0e8da/consuming-listasmx-on-a-claims-based-sharepoint-site?forum=sharepointcustomizationprevious
  Sharepoint Claims based authentication and Single Sign on
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/2dfc1fdc-abc0-4fad-a414-302f52c1178b/sharepoint-claims-based-authentication-and-single-sign-on?forum=sharepointadminprevious
  Sharepoint Claim Based Authentication Web Service issuehttp://social.msdn.microsoft.com/Forums/office/en-US/dd4cc581-863c-439f-938f-948809dd18db/sharepoint-claim-based-authentication-web-service-issue?forum=sharepointgeneralprevious
  Best Regards
  Dennis Guo
  TechNet Community Support

• Authentication between Single Sign-On and Web based applications

  Hi everyone,
  I need to create a way in Portal 10g (10.1.2.0.2) that allow me to do the following:
  Once the user is logged on Portal (against Single Sign-On - SSO) he doesn't need to retype his username/password when he access a web based application throught the portal, in my case, an ASP application (not .NET, just ASP).
  I made a test creating a External Application in SSO and after publishing this portlet (external application) inside portal.
  It worked, BUT I was prompted to inform username/password to log on the aplication.
  So, the user end up entering his password twice.
  Does anybody know a way to acomplish this task?
  The documentation I'm researching is:
  Oracle Application Server Single Sign-On
  Administrator's Guide
  10g Release 2 (10.1.2)
  B14078-02
  Oracle Application Server Single Sign-On
  Security Guide
  10g Release 2 (10.1.2)
  B13999-03
  Thank you very much,
  Diogo Santos.

  have figured out how to secure any HTML, ASP, PHP, CFM, etc. web page again Portal / OID using the PDK toolkit.
  Using AJAX (Asynchronous JavaScript and XML) and one Oracle Stored Procedure just adding a simple Javascript call to any HTML, ASP, PHP, etc. web page can secure it via Oracle SSO (OID). Access to any secured web page will require that it to be linked from an authenticated Portal session or a page opened in an authenticated Portal session.
  This process can be easily modified to add in group security etc. This is just my starting point.
  1) Create a stored procedure
  # Make sure it has access to portal.wwctx_api.is_logged_on
  CREATE OR REPLACE PROCEDURE login_ajax_check (
  display_error IN number default NULL) AS
  BEGIN NULL;
  If portal.wwctx_api.is_logged_on = false then
  htp.prn('DENY');
  ELSE
  htp.prn('ALLOW');
  END IF;
  Exception when others then htp.p('DENY');
  END;
  2) Use this Javascript in any page you wish to secure.
  <-- Begin Paste Here -->
  <script>
  var allowgo=2
  function ajaxCallRemotePage(url)
  if (window.XMLHttpRequest)
  // Non-IE browsers
  req = new XMLHttpRequest();
  req.onreadystatechange = processStateChange;
  req.open("GET", url, false);
  req.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
  req.send(null);
  else if (window.ActiveXObject)
  // IE
  req = new ActiveXObject("Msxml2.XMLHTTP");
  req.onreadystatechange = processStateChange;
  req.open("GET", url, false);
  req.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
  req.send();
  else
  return; // Navigateur non compatible
  // process the return of the "ajaxCallRemotePage"
  function CheckPortal()
  ajaxCallRemotePage('[Your page calling the procedure from above]');
  function processStateChange()
  if (req.readyState == 4)
  if (req.status == 200)
  if (req.responseText.substring(0,4) == 'ALLO')
  allowgo = 0;
  else
  allowgo = 1;
  function doPage()
  if (allowgo==1)
  window.location='[Your login or error page]';
  CheckPortal();
  doPage();
  </script>
  <-- End Paste Here -->
  That's it!!! Super easy. It works great too.
  Larry Schenavar
  [email protected]

• SharePoint 2013 web service: Error while sending claim based authentication request (The corresponding SID in the domain is not part of the intended account type)

  We are using .asmx services for SharePoint features such as comments, and rating.
  Service
  Feature   used
  http://<<hostname>>/_vti_bin/socialdataservice.asmx
  Commenting, Rating
  http://<<hostname>>/_vti_bin/UserProfileService.asmx
  For out of box workflows
  In SharePoint 2013,
  SharePoint – 80  web application is on claims based mode and user is logging in with windows authentication. With logged-in client context used to call SharePoint's default web service, we are getting below error message from
  web service (Social data and user profile services).
  Server was unable to process request. ---> The corresponding SID in the domain is not part of the intended account type.
  When the service is accessed using console application with Visual Studio credentials (logged in user), we are able to access the service. Below is the code snippet
  using   (SocialDataService
  service = new  
  SocialDataService())
                    service.Credentials =
  CredentialCache.DefaultCredentials;
  SocialCommentDetail detail =   service.AddComment("<<url>>",
    "Test Comment",
  null,  
  null);
  Are SharePoint 2013 web services not supporting request coming with claim based authentication web application?
  Thanks, Pratik Agrawal (MAQ Software)

  While this applies to 2010, I believe the same is true with 2013:
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/925e5f46-317f-46d3-bc55-c67f07eb2372/call-sharepoint-web-services-using-claimbased-authentication?forum=sharepointgeneralprevious
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Office Web Apps and Forms Based Authentication

  Is it possible to use Office Web Apps Server 2013 to give external SharePoint Foundation 2013 clients access to Office documents in a View only capacity?
  Does FBA work with Office Web Apps or would external users have to at least have a Windows CAL in AD if we are just using SharePoint Foundation?

  Hi,
  It may be possible.
  Here are some links for your situation:
  http://technet.microsoft.com/en-us/library/ff431682(v=office.15).aspx
  http://blogs.technet.com/b/office_web_apps_server_2013_support_blog/archive/2014/03/20/office-web-apps-2013-errors-previewing-viewing-editing-documents-when-using-fba-in-the-extended-zone-but-not-the-default-zone.aspx
  http://technet.microsoft.com/en-us/library/ee806890(v=office.15).aspx
  Office Web Apps can be used only by SharePoint 2013 web applications that use claims-based authentication.
  There is a known issue when using Office Web App in the extended zone with FBA, but not the default zone. Please configure FBA authentication in the Default zone in case of that.
  Hope it helps.
  Regards,
  Rebecca Tu
  TechNet Community Support

• Can you enable both Windows Based Authentication and Forms Based Authenication for the same web application?

  Hello Community
      In WS2012 and SharePoint 2013 Server is it possible when creating a
  web application to enable both Windows Based Authentication/Negotiate
  (Kerberos) and enable Forms Based Authentication or does the web application
  use either one or the other?
      Thank you
      Shabeaut 

  Yes , you can use dual authentication on same web application. You can use same web application , at OOB login page you will have option to use windows or form login.
  Or you can extend your web application to a new web app and configure extended web application to use Form Based Authentication(Note extended web application will also show same content database , so the content will same only url will be different)
  http://blogs.technet.com/b/ptsblog/archive/2013/09/20/configuring-sharepoint-2013-forms-based-authentication-with-sqlmembershipprovider.aspx
  http://gj80blogtech.blogspot.in/2013/11/forms-based-authentication-fba-in.html
  Thanks
  Ganesh Jat [My Blog |
  LinkedIn | Twitter ]
  Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful.

• Window for Form-Based Authentication in web.xml for JAZN.

  Whether probably to make so that the form-authorization in Form-Based Authentication in web.xml for JAZN opened in a separate window?
  Thanks,
  Alexandre

  this is what i have so far...in my web.xml deployment descriptor
  am using Jbuilder 6 with tomcat.....if i run it from IDE, will the featuresi have added to the web.xml file...eg Error page be used ...or only when i deplo the app ???
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
  <web-app>
  <display-name>Java Pet Store</display-name>
  <description>Web Application for Reseach</description>
  <session-config>
  <session-timeout>54</session-timeout>
  </session-config>
  <welcome-file-list>
  <welcome-file>Default.jsp</welcome-file>
  </welcome-file-list>
  <error-page>
  <error-code>500</error-code>
  <location>/</location>
  </error-page>
  <taglib>
  <taglib-uri>PetStoreTagLib</taglib-uri>
  <taglib-location>/WEB-INF/PetStoreTagLib.tld</taglib-location>
  </taglib>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>SecurePages</web-resource-name>
  <url-pattern>Checkout.jsp</url-pattern>
  <url-pattern>OrderList.jsp</url-pattern>
  <url-pattern>OrderDetails.jsp</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>LoggedInUser</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/Login.jsp</form-login-page>
  <form-error-page>/ErrorPage.jsp</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>Logged In User</description>
  <role-name>LoggedInUser</role-name>
  </security-role>
  </web-app>
  in setting up the tomcat-users.xml file am i to add table to my database, to relate the user to the role.......

• Form-based authentication problem with weblogic

  Hi Everyone,
  The following problem related to form-based authentication
  was posted one week ago and no reponse. Can someone give it
  a shot? One more thing is added here. When I try it on J2EE
  server and do the same thing, I didn't encounter this error
  message, and I am redirected to the homeage.
  Thanks.
  -John
  I am using weblogic5.1 and RDBMSRealm as the security realm. I am having the following problem with the form-based authentication login mechanism. Does anyone have an idea what the problem is and how to solve it?
  When I login my application and logout as normal procedure, it is OK. But if I login and use the browser's BACK button to back the login page and try to login as a new user, I got the following error message,
  "Form based authentication failed. Could not find session."
  When I check the LOG file, it gives me the following message,
  "Form based authentication failed. One of the following reasons could cause it: HTTP sessions are disabled. An old session ID was stored in the browser."
  Normally, if you login and want to relogin without logout first, it supposes to direct you to the existing user session. But I don't understand why it gave me this error. I also checked my property file, it appears that the HTTP sessions are enabled as follows,
  weblogic.httpd.session.enable=true

  Hi...
  Hehe... I actually did implement the way you implement it. My login.jsp actually checks if the user is authenticated. If yes, then it will forward it to the home page. On the other hand, I used ServletAuthentication to solve the problem mentioned by Cameron where Form Authentication Failed usually occurs for the first login attempt. I'm also getting this error occasionally. Using ServletAuthentication totally eliminates the occurence of this problem.
  I'm not using j_security_check anymore. ServletAuthentication does all the works. It also uses RDBMSRealm to authenticate the user. I think the biggest disadvantage I can see when using ServletAuthentication is that the requested resource will not be returned after authentication cause the page returned after authenticating the user is actually hard coded (for my case, it's the home.jsp)
  cheers...
  Jerson
  "John Wang" <[email protected]> wrote:
  >
  Hi Jerson,
  I tried your code this weekend, it didn't work in my case. But
  I solved my specific problem other way. The idea behind my problem is that the user tries to relogin when he already logs in. Therefore, I just redirect the user into another page when he is getting the login page by htting the BACK button, rather than reauthenticate the user as the way you did.
  But, I think your idea is very helpful if it could work. Problems such multiple concurrence logins can be solved by pre-processing.
  In your new code, you solved the problem with a new approach. I am just wondering, do you still implement it with your login.jsp file? In other word, your action in login.jsp is still "Authenticate"? Where do you put the URL "j_security_check"?
  Thanks.
  -John
  "Jerson Chua" <[email protected]> wrote:
  I've solved the problem by using ServletAuthentication. So far I'm not getting the error message. One of the side effects is that it doesn't return the requested URI after authentication, it will always return the home page.
  Jerson
  package com.cyberj.catalyst.web;
  import weblogic.servlet.security.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import java.io.*;
  public class Authenticate extends HttpServlet {
  private ServletAuthentication sa = new ServletAuthentication("j_username", "j_password");
  public void doPost(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, java.io.IOException {
  int authenticated = sa.weak(request, response);
  if (authenticated == ServletAuthentication.NEEDS_CREDENTIALS ||
  authenticated == ServletAuthentication.FAILED_AUTHENTICATION) {
  response.sendRedirect("fail_login.jsp");
  } else {
  response.sendRedirect("Home.jsp");
  public void doGet(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, java.io.IOException {
  doPost(request, response);
  "Jerson Chua" <[email protected]> wrote:
  The problem is still there even if I use page redirection. Grrr... My boss wants me to solve this problem so what are the alternatives I can do? Are there any other ways of authenticating the user? In my web tier... I'm using isUserInRole, getRemoteUser and the web tier actually connects to EJBs. If I implement my custom authentication, I wouldn't be able to use this functionalities.
  Has anyone solved this problem? I've tried the example itself and the same problem occurs.
  Jerson
  "Cameron Purdy" <[email protected]> wrote:
  Jerson,
  First try it redirected (raw) to see if that indeed is the problem ... then
  if it works you can "fix" it the way you want.
  Peace,
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  +1.617.623.5782
  WebLogic Consulting Available
  "Jerson Chua" <[email protected]> wrote in message
  news:[email protected]...
  Hi...
  Thanks for your suggestion... I've actually thought of that solution. Butusing page redirection will expose the user's password. I'm thinking of
  another indirection where I will redirect it to another servlet but the
  password is encrypted.
  What do you think?
  thanks....
  Jerson
  "Cameron Purdy" <[email protected]> wrote:
  Maybe redirect to the current URL after killing the session to let the
  request clean itself up. I don't think that a lot of the request (such
  as
  remote user) will be affected by killing the session until the nextrequest
  comes in.
  Peace,
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  +1.617.623.5782
  WebLogic Consulting Available
  "Jerson Chua" <[email protected]> wrote in message
  news:[email protected]...
  Hello guys...
  I've a solution but it doesn't work yet so I need your help. Because
  one
  of the reason for getting form base authentication failed is if an
  authenticated user tries to login again. For example, the one mentionedby
  John using the back button to go to the login page and when the user logsin
  again, this error occurs.
  So here's my solution
  Instead of submitting the page to j_security_check, submit it to a
  servlet
  which will check if the user is logged in or not. If yes, invalidates its
  session and forward it to j_security_check. But there's a problem in this
  solution, eventhough the session.invalidate() (which actually logs theuser
  out) is executed before forwarded to j_security_check, the user doesn't
  immediately logged out. How did I know this, because after calling
  session.invalidate, i tried calling request.RemoteUser() and it doesn't
  return null. So I'm still getting the error. What I want to ask you guyis
  how do I force logout before the j_security_check is called.
  here's the code I did which the login.jsp actually submits to
  import javax.servlet.*;
  import javax.servlet.http.*;
  import java.io.*;
  public class Authenticate extends HttpServlet {
  public void doPost(HttpServletRequest request, HttpServletResponseresponse)
  throws ServletException, java.io.IOException {
  if (request.getRemoteUser() != null) {
  HttpSession session = request.getSession(false);
  System.out.println(session.isNew());
  session.invalidate();
  Cookie[] cookies = request.getCookies();
  for (int i = 0; i < cookies.length; i++) {
  cookies.setMaxAge(0);
  getServletContext().getRequestDispatcher("/j_security_check").forward(reques
  t, response);
  public void doGet(HttpServletRequest request, HttpServletResponseresponse)
  throws ServletException, java.io.IOException {
  doPost(request, response);
  let's help each other to solve this problem. thanks.
  Jerson
  "Jerson Chua" <[email protected]> wrote:
  I thought that this problem will be solved on sp6 but to my
  disappointment, the problem is still there. I'm also using RDBMSRealm,same
  as John.
  Jerson
  "Cameron Purdy" <[email protected]> wrote:
  John,
  1. You are using a single WL instance (i.e. not clustered) on that
  NT
  box
  and doing so without a proxy (e.g. specifying http://localhost:7001),
  correct?
  2. BEA will pay more attention to the problem if you upgrade to SP6.If
  you don't have a reason NOT to (e.g. a particular regression), then
  you
  should upgrade. That will save you one go-around with support: "Hi,I
  am
  on SP5 and I have a problem.", "Upgrade to SP6 to see if that fixes
  it.
  Call back if that doesn't work."
  3. Make sure that you are not doing anything special before or after
  J_SECURITY_CHECK ... make sure that you have everything configuredand
  done
  by the book.
  4. Email BEA a bug report at [email protected] ... see what they say.
  Peace,
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  +1.617.623.5782
  WebLogic Consulting Available
  "John Wang" <[email protected]> wrote in message
  news:[email protected]...
  Cameron,
  It seems to me that the problem I encountered is different a little
  from
  what you have, evrn though the error message is the same eventually.
  Everytime I go through, I always get that error.
  I am using weblogic5.1 and sp5 on NT4.0. Do you have any solutions
  to
  work
  around this problem? If it was a BUG as you
  pointed out, is there a way we can report it to the Weblogic
  technical support and let them take a look?
  Thnaks.
  -John
  "Cameron Purdy" <[email protected]> wrote:
  John,
  I will verify that I have seen this error now (after having read
  about it
  here for a few months) and it had the following characteristics:
  1) It was intermittent, and appeared to be self-curing
  2) It was not predictable, only seemed to occur at the first
  login
  attempt,
  and may have been timing related
  3) This was on Sun Solaris on a cluster of 2 Sparc 2xx's; the
  proxy
  was
  Apache (Stronghold)
  4) After researching the newsgroups, it appears that this "bug"
  may
  have gone away temporarily (?) in SP5 (although Jerson Chua
  <[email protected]> mentioned that he still got it in SP5)
  I was able to reproduce it most often by deleting the tmpwar and
  tmp_deployments directories while the cluster was not running,
  then
  restarting the cluster. The first login attempt would fail(roughly
  90%
  of
  the time?) and that server instance would then be ignored by the
  proxy
  for a
  while (60 seconds?) -- meaning that the proxy would send all
  traffic,
  regardless of the number of "clients", to the other server in thecluster.
  As far as I can tell, it is a bug in WebLogic, and probably has
  been
  there
  for quite a while.
  Peace,
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  +1.617.623.5782
  WebLogic Consulting Available
  "John Wang" <[email protected]> wrote in message
  news:[email protected]...
  Hi Everyone,
  The following problem related to form-based authentication
  was posted one week ago and no reponse. Can someone give it
  a shot? One more thing is added here. When I try it on J2EE
  server and do the same thing, I didn't encounter this error
  message, and I am redirected to the homeage.
  Thanks.
  -John
  I am using weblogic5.1 and RDBMSRealm as the security realm. I
  am
  having
  the following problem with the form-based authentication login
  mechanism.
  Does anyone have an idea what the problem is and how to solve it?
  When I login my application and logout as normal procedure, it
  is
  OK.
  But
  if I login and use the browser's BACK button to back the login
  page
  and
  try
  to login as a new user, I got the following error message,
  "Form based authentication failed. Could not find session."
  When I check the LOG file, it gives me the following message,
  "Form based authentication failed. One of the following reasons
  could
  cause it: HTTP sessions are disabled. An old session ID was stored
  in
  the
  browser."
  Normally, if you login and want to relogin without logout first,
  it
  supposes to direct you to the existing user session. But I don'tunderstand
  why it gave me this error. I also checked my property file, it
  appears
  that
  the HTTP sessions are enabled as follows,
  weblogic.httpd.session.enable=true

• Web Based Application Single Sign on With Enterprise Portal

  Good day Developers,
  My question is really a two part question so forgive me in advance for asking in one post as I think they are relative to each other. My project is currently exlporing the creation of functionality that will allow the following:
  1. We want to allow a secure Web Based application possessing the abilitiy to auithenticate the user into Enterprise Portal and by passing the login screen to get to a landing page/iview in our Enterprise Portal instannce.
  2. We want the abilitity to perform a check of the user and create the user in the enterprise portal on the fly if they do not already exist.
  So far in my research I've come across tools and white papers mentioning the use rof oAuth and OpenID. Is that the right way to tackle these two items. Thanks for your help in advance.
  JD

  Hi
  1. You can do SSO between you application and portal using Verisign or third party authentication tool. I am not pretty sure how landing page and all will work as you mentioned.
  As portal is web based, you can deply your application in portal server. So that you will not need any other authentication tool.Also you can save effort , cost.
  2. By deploying application in portal also you do not have to concentrate on User management, which is itself a huge effort you have to put. Else you can go for third party tools like Identity management or ADS.
  -Yogesh

• Registering the Web based application as a Partner Application

  Good day
  I went through the suggested documentation of registering a
  web based application as a partner application of the SSO Login Server.
  I installed the SSOSDK.JAR and went through the demo application (JSP Demo)
  which consists of the following programs :
  papp.jsp
  ssoinclude.jsp
  ssoEnablerJspBean
  SSOEnablerBean
  SSOSignon
  As per the technical documentation,I register this demo application as a
  partner application.
  1 - The source code of the papp.jsp checks for the existence of the user
  through method of ssoEnablerJspBean [getSSOUserInfo(request, response)] which
  calls method of SSOEnablerBean [getSSOUserInfo (request, response) and this
  method calls getUserInfo(p_request) of SSOEnablerBean (the same program) to
  check the existence of the application cookie.
  2 - If it doesn't exit , it redirect it to the SSO Login page for user
  authentication.Once the user is authenticated, a SSO login cookie is created on
  the client's browser and redirects back to the SSOSignOn.
  3 - The SSOSignOn program creates the application cookie and redirects back to
  the entry point of the demo application which is papp.jsp.
  My Questions are as follows :
  1 - Instead of creating a session object within my web based application to hold some
  information used between the different pages, can I define them in the
  application cookie? kindly advise? Is there any limitation for the length of
  the application cookie? If yes, what will be the risk?
  2 - The SSOSignOn program is calling a method in the SSOEnablerBean
  [setPartnerAppCookie(response, request). Within this method , it is retrieving
  the parameters values of the request object as :
  request.getParameterValues("urlc")[0];
  What is the role of this [urlc]? Is it hard coded? Can I change it?
  3 - In order to ensure that I am still dealing with the same user, shall I put
  the above security check procedure on each page of my weeb based application? Kindly advise?
  Thanks in advance for your prompt feedback
  regards

  Dear Paul
  I think there is a misunderstanding regarding the last correspondence.
  I am talking about the customized home page of the PORTAL and not the home page of my web based application (JSP) .So in this case, Am I able to use the customized home page which contains a login portlet instead of the default Login page of the SSO Login Server.Kindly advise!!!
  On the other hand, I am facing a problem during the surfing of the web based application.
  The web based application consists mainly of two packages :
  Package I : Bank.counter which contains a set of jsp pages.
  JSP_HOME_COUNTER (MAIN PAGE WHICH CONTAINS 2 FRAMES)
  JSP_LEFT_FRAME_COUNTER
  JSP_MAIN_FRAME_COUNTER
  JSP_MAIN_FRAME_COUNTER_DETAIL
  Package II : Bank.portfolio which contains a set of jsp pages.
  JSP_HOME_PORTFOLIO (MAIN PAGE WHICH CONTAINS 2 FRAMES)
  JSP_LEFT_FRAME_PORTFOLIO
  JSP_MAIN_FRAME_PORTFOLIO
  Please note that the SSO classes are residing under the first package.
  As agreed on in the third question, I am including in each page of my web based application, a security check procedure as follows :
  <%@ include file="ssoinclude.jsp" %>
  <%
  if(usrInfo == null)
  response.getWriter().println("<center>User information not found</center>");
  else
  my jsp code.......
  %>
  Please note that all the jsp page of the portfolio package are pointing to the SSO classes as follows :
  <%@ include file="../counter/ssoinclude.jsp" %>
  <%
  if(usrInfo == null)
  response.getWriter().println("<center>User information not found</center>");
  else
  my jsp code.......
  %>
  Once I invoke the JSP_HOME_COUNTER , it will render the JSP_LEFT_FRAME_COUNTER page and
  JSP_MAIN_FRAME_COUNTER page which invokes the SSO Login page. Once the user has been authenticate, the result of the JSP_MAIN_FRAME_COUNTER is rendered successfully. The result contains an hyperlink to the
  JSP_MAIN_FRAME_COUNTER_DETAIL page. As the user has been authenticated , this page is rendering automatically the result without displaying the SSO Login page. (Perfect as of now!!).
  Once I invoke the JSP_HOME_PORTFOLIO from the JSP_HOME_COUNTER, it runs the security procedure without any rendering of the SSO Login page (fine!!) but redirects me back to JSP_HOME_COUNTER instead of rendering the result of the JSP_HOME_PORTFOLIO.
  please note that the m_requestUrl variable in the SSOEnablerJSPBean class has been assigned the folowing value : JSP_HOME_COUNTER
  Kindly advise .

• Cannot create dataset from claims based authentication sharepoint site in report builder 3.0

  I have a sharepoint site, which is configured as claims based authentication (ref:
  http://ashrafhossain.wordpress.com/2011/05/25/how-to-configure-claim-based-authentication-for-sharepoint-project-server-2010/) . both AD and asp.net members can log in to the site successfully. My user need to use the report build to create report
  on this sharepoint site. As a result, the site is also integrated with reporting service. I try to create a report in the sharepoint site by clicking "New Document" -> "Report builder Report". The report builder will comes out and ask for credential to
  connect to the report server. I use asp.net member to login and it can let me to create a data source which connect to a the list of the sharepoint site with credential option "Use current Windows user. Kerberos delegation might be required". However, when
  I try to create a data set and click the query designer, error "Server was unable to process request. ---> Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" appear as below:
  Besides, non of my AD account can be used to login to the report builder. Errors below found in the ULS log:
  09/26/2012 14:47:27.75 w3wp.exe (0x116C)
  0x11F4 SharePoint Foundation
  Claims Authentication fo1t
  Monitorable SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated.
  (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
  09/26/2012 14:47:27.76 w3wp.exe (0x140C)
  0x0F38 SharePoint Foundation
  Claims Authentication fsq7
  High Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message
  response)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken
  rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  524a2f96-f5ff-4c96-80d1-f08d3c7ef14f
  09/26/2012 14:47:27.76 w3wp.exe (0x140C)
  0x0F38 SharePoint Foundation
  Claims Authentication 8306
  Critical An exception occurred when trying to issue security token: The security token username and password could not be validated..
  524a2f96-f5ff-4c96-80d1-f08d3c7ef14f

  Hi Foxvito,
  Claims authentication types supported by SharePoint 2010 are Windows Claims, forms-based authentication Claims, and SAML Claims. In SAML-Claims mode, SharePoint Server accepts SAML tokens from a trusted external Security Token Provider (TST). From the
  blog you referenced, it seems to use the SAML Claims authentication.
  However, the Reporting Services client applications: Report Builder, the Report Designer in Business Intelligence Development Studio, and Management Studio do not support connecting and authenticating with LiveID or SAML Claims based SharePoint Web applications.
  That's because the SAML Claims don't use the Reporting Services authentication endpoint. So, you have to change the Claims authentication type to use Report Builder on the SharePoint site.
  References:
  Overview of Kerberos authentication for Microsoft SharePoint 2010 Products
  Claims Authentication and Reporting Services
  Regards,
  Mike Yin
  Mike Yin
  TechNet Community Support