Configuring the authentication scheme for a web application

Hi all,
We have a requirement to configure the authentication scheme for a web application where some set of users should access the application using basic LDAP (userid/password) authentication and some using digital certificate authentication.
Since the deployment descriptor (web.xml) allows only one directive for auth-method in logic-config, we want to know if there is any other way to achieve this requirement. We are thinking of a custom login module approach. But we are not able to figure out how to configure the auth-method at runtime from the login servlet.
Please let us know if there is any other approach to achieve this.
I will be thankful if any body shares any specific solution to this issue.

This forum is probably not the correct one to ask in. It's more related to the web container than Java Programming.
Kaj

Similar Messages

  • There is an inconsistency between the authentication mode of target web application and the source web application after migrating to claims

    I've had my farm upgraded from SP2010 to SP2013 for over 6 months now and all is well, however, I was refreshing my staging environment from production and I noticed that one of the databases still shows these errors when I run test-spcontentdatabase:
    Category             : Configuration
    Error             : False
    UpgradeBlocking : False
    Message           : The [SharePoint Web App] web application is configured with claims authentication mode however the content database you are trying to attach is intended to be used against
    a windows classic authentication mode.
    Remedy              : There is an inconsistency between the authentication mode of target web application and the source web application. Ensure that the authentication mode setting in upgraded web application is the
    same as what you had in previous SharePoint 2010 web application. Refer to the link "http://go.microsoft.com/fwlink/?LinkId=236865" for more information.
    This doesn't make sense considering I converted the production web application to claims during the upgrade and then verified all sites were working with claims logins. I also verified that existing AD user identities were converted to claims by checking out
    the database tables. Yet test-spcontentdatabase still thinks there is a mismatch here.
    My farm is SP1 and no further CUs. The point of this particular refresh is so I can update to the November CUs in my test farm. Anyone else see this? Seems like it's a bug/safe to ignore because my stuff is working.
    Thanks,
    Aaron

    See:
    http://thesharepointfarm.com/2014/11/test-spcontentdatabase-classic-to-claims-conversion/
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • Authentication Scheme for sample application in Oracle Express

    All, I recently installed Oracle Express on linux and I was browsing the sample application and when I look up the Authentication Scheme for this app I get the message
    No authentication schemes have been defined. You can create a new authentication scheme starting with the Create Scheme button above
    Now when I click "Authentication Status " I see
    Application: 100
    Method: Authentication Scheme
    Details: Uses authentication schemes to control user authentication and all other aspects of session management for your application.
    Logout URL: wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_se
    ss=&APP_ID.:1
    Public Pages: (none)
    Action: Manage authentication schemes using the report above.
    Yet when I run the app I know it is looking up the data in the demo_users table. What I don't see is where the function custom_auth is defined for this app as the function to call for authenticating users. Can someone point me in the right direction.
    Also has anyone upgraded apex in express to 2.2. Any issues?
    thanks
    Scott.

    I think i found it when you are in list view no schemes appear. However, when you switch to detail view then I can see the custom scheme.
    scott

  • Configure Log File for each web application deployed in weblogic server usi

    Hi All,
    How do I configure Log4J to log separately for each web application? i.e. Assuming, I have a web application "AWeb" and a web application "BWeb". I need a log file to be created for AWeb Separately and BWeb Separately. i.e. All the log information for "AWeb" web application will be stored in AWeb.log and all the "BWeb" web application will be stored in BWeb.log
    Do you have any sample code and configuration details for the above-mentioned requirement?
    Thanks in Advance,
    C R Baradwaj

    You do not need to do anything strange, just use log4j the usual way with the exception that you do not need to init log4j (this is not necesary when using a log4j.xml.)
    A minimal sample of a log4j.xml is
    <?xml version="1.0" encoding="UTF-8" ?>
    <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
    <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
    <appender name="ConsoleAppender" class="org.apache.log4j.ConsoleAppender">
    <layout class="org.apache.log4j.SimpleLayout"/>
    </appender>
    <root>
    <priority value ="debug" />
    <appender-ref ref="ConsoleAppender"/>
    </root>
    </log4j:configuration>
    You just have to be sure that you have different log4j.xml in your classpath for different web applications.
    Regards,
    LG

  • Example storing data in the default schema with a Web Dynpro application

    Hi,
    is there any example or tutorial for storing data in the default schema with a Web Dynpro application via SQLJ or Hibernate by using the default DataSource?
    Thanks for Help,
    Dirk

    Hi,
    When you create the TAB-Strip object you should be able to set the default displayed TAB against the properties of the TAB-Strip.
    Gareth.

  • WCF - Getting the "The authentication schemes configured on the host ('Anonymous') ....." error

    "The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Ntlm'). "
    I am brand new to WCF and services in general.  I have turned on the basic, windows & digest auth modes in my iis express.  
    One thing I just noticed in my iis express config file, I had turned on basic auth in the "turn of windows stuff" in the task manager then rebooted, but I just opened the applicationhost.config file on my machine and saw this:
                <authentication>
                    <anonymousAuthentication enabled="true" userName="" />
                    <basicAuthentication enabled="false" />
    shouldn't that basicAuthentication read as true?
    I was given this existing project to make some changes to, but I cant even get it to run on my machine, so I'm assuming something is up with my local iis express settings.
    This project has 3 services in it.  Here is a partial of the webConfig:
            <bindings>
              <basicHttpBinding>
                <binding name="BasicHttpBinding_IDataMaintenanceService" maxBufferSize="2147483647" maxReceivedMessageSize ="2147483647" maxBufferPoolSize="2147483647" >
                  <readerQuotas maxDepth="2147483647"
                  maxArrayLength="2147483647" maxBytesPerRead="2147483647"
                  maxNameTableCharCount="2147483647" maxStringContentLength="2147483647"/>
                  <security mode="TransportCredentialOnly" >
                    <transport clientCredentialType="Ntlm"/>
                  </security>
                </binding>
                <binding name="BasicHttpBinding_IYearEndProcessingService" maxBufferSize="2147483647" maxReceivedMessageSize ="2147483647" maxBufferPoolSize="2147483647" >
                  <readerQuotas maxDepth="2147483647"
                  maxArrayLength="2147483647" maxBytesPerRead="2147483647"
                  maxNameTableCharCount="2147483647" maxStringContentLength="2147483647"/>
                  <security mode="TransportCredentialOnly" >
                    <transport clientCredentialType="Ntlm"/>
                  </security>
                </binding>
    Simon.

    Hi battlFrog,
    Well Done!
    I am very glad that you have solved your problem by yourself.
    If you have any others problem, welcome to post it in this forum.
    Best Regards,
    Amy Peng
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • Configuring the Destination URL for the Adobe Document Services

    hi all,
    I am going through the documentation for "Configuring the Destination URL for the Adobe Document Services " at :
    http://help.sap.com/saphelp_nw2004s/helpdata/en/02/560f41ca73d349e10000000a1550b0/frameset.htm
    I am not able to understand 7th step
    <b>7.      Define the user name and password. To find out how to create the user name and password for the Adobe document services, see Creating a User for Basic Authentication in the document Adobe Document Services – Configuration Guide. You can find this guide in the SAP Service Marketplace under Quick Link /InstguidesNW04.</b>
    In our scenario
    <i>We are running NW04s SP11 on 2 machines
    1) <u>32-bit machine with ADS and credentials properly configured on Web AS for Java installation</u>
    <b>com.adobe  AdobeDocumentServices  null (710.20061024154505.342190)
    com.adobe  AdobeDocumentServicesEjbClientLibrary  null (705.20060407121920.289077)
    sap.com  SAP-JEE  7.00 SP11 (1000.7.00.11.0.20070201154700) 
    sap.com  SAP-JEECOR  7.00 SP11 (1000.7.00.11.0.20070201154700)
    com.adobe  DocumentServicesBinaries2  null (710.20060629085312.115621) 
    com.adobe  DocumentServicesConfiguration  null (710.20061024154505.342190) 
    com.adobe  DocumentServicesDestProtoService  null (710.20060821084105.325745) 
    com.adobe  DocumentServicesLibrary  null (710.20060629090137.115621) 
    com.adobe  DocumentServicesLicenseDatabase  null (705.20051005114147.242570) 
    com.adobe  DocumentServicesLicenseManager  null (710.20060929113452.336248) 
    com.adobe  DocumentServicesLicenseService  null (710.20060929113452.336248) 
    com.adobe  DocumentServicesLicenseSupportService  null (710.20060929113641.336248)
    </b>
    2) <u>64-bit machine with portal installation on Web AS for Java, with ESS and MSS</u>
    <b>sap.com/SAP-JEECOR  7.00 SP11 (1000.7.00.11.0.20070201154700)  20070308153304 
    sap.com/SAP-JEE  7.00 SP11 (1000.7.00.11.0.20070201154700)  20070308153213 
    sap.com  SAP_ESS  600 SP7 (1000.600.0.7.12.20070314050106)
    sap.com  SAP_MSS  600 SP7 (1000.600.0.7.4.20070321052655)
    sap.com  tc/wd/webdynpro  null (7.0009.20060804145649.0000) </b>
    </i>
    Why do we have to create a new user for the server which is consuming the web service? We already have an user "ADSUser" defined for the Web AS server which has ADS services deployed.
    I have opened this thread to solve the previous unanswered question I posted on SDN Empty area in place of Interactive form. .
    One more thing the adobe print forms of ESS [Total Compensation Statement and Salary Statement] are rendering properly, only the ones with Interactive ability or not.
    thanks,
    Sanketh

    Hello Sanketh,
    1. To access the NW04s configuration guide,
        - Go to https://service.sap.com/adobe
        - On the left frame (tree), under Adobe > Media Library > Documentation
        - On the right had pane you will find the link to the NW04s Configuration guide
    2. The link that you have mentioned below details the steps required to be carried out on the client machine that consumes the Adobe Document Services. In our case that is the j2ee engine on which your Web Dynpro application is running. It could be the same physical machine with two different j2ee instances hosting Web Dynpro and ADS or it could be two different physical machine or a single machine having a single instance of j2ee engine hosting both the Web Dynpro and the ADS.
    You do not have to create a separate username and a password on the consuming machine but you need to configure the Web Service client proxy to point to the ADS (maybe hosted on a different machine) with the username and the password created on the ADS server. As you have mentioned, you have already created such an user on the ADS (ADSUser). This user authentication on the client machine (consuming server - Web Dynpro) would be required at the runtime by the j2ee engine to authenticate itself with the ADS.
    Best Regards,
    Krish

  • How to find the root document of my web application, if it is in WAR file ?

    Hi,
    I want the root document of my web application. I my EAR file, i have only one WAR file. In my WAR file the following are the folders:-
    enterprise/..
    properties/sql/..
    locale/..
    WEB-INF/..
    Once i get the 'real path' or 'root document', I will use that in my application in no.of times. Path(root document) is used in the following way in my application:-
    File emailTemplatesFolder = new File( path + "/enterprise/"+ enterpriseCode+"/EmailTemplates");
    If i use getRealPath() method, it works fine, in use Oracle9ias, because, EAR file will be extracted. Where as in Weblogic 6.1, EAR file willn't be extracted, so that getRealPath() is giving 'null', that is reason why i am seeking for alternative.
    Thanks in Advance
    Srinivas

    Yes, that is the corrected behaviour.
    What you need to do is to get the ServletContext, and then load the files as resources.
    Here is how to load a properties file in the init() servlet method, which has access to the ServletConfig object that can give u the ServletContext.
    String classesDir = "/WEB-INF/classes";
    ServletContext sc = config.getServletContext();
    InputStram is = sc.getResourceAsStream(classesDir+"default.properties");
    props.load(is);
    Hope it helps,
    Liviu

  • One Search service application for multiple web applications in a single server

      We are planning to host 17 Web applications in a single Server. Do I need to create search service application for each web application or I need to create one  Search service application , create a Content source for each web
    application and create a Result source for filtering. Which is the best approach. And which approach takes more RAM memory.
       In my application I am using Search web part, "Recently Changed Items", "Popular Items" web parts. when I created only one one  Search Service application for all web applications and using Result sources ,
    I am not getting the results. What could be the problem.

    Hi,
    One SSA is ok, but you should think about access rights. If the access is clear cut between all the web apps you should be ok with one SSA. Multiple result sources limiting on content source also works, but could easily be bypassed.
    Multiple SSA's will eat up RAM/CPU like a mother :)
    As for popular etc.. it could be due to how those sources are set up, but haven't investigated or tested this much.
    Thanks,
    Mikael
    Search Enthusiast - SharePoint MVP/MCT/MCPD - If you find an answer useful, please up-vote it.
    http://techmikael.blogspot.com/
    Author of Working with FAST Search Server 2010 for SharePoint

  • Office Web Apps - how to disable office web apps features for one web application

    ENV: Sharepoint 2010 farm with office web apps + fast search
    I have the requirement for one web application to open all its documents in client applications - I can enable feature "OpenInClient". This web application uses team site template and other web application also uses team site template. ( feature
    stapling ruled out)  Now I can run powershell cmdlet to enable this feature on all the currently existing site collections. But the requirement is to enable this feature for all the future site collections. This web applications has 60 k site collections
    and atleast more than 10 site collections get created each day and they dont like the option to run a powershell script each day to activate this solution.
    Is there any other way to by default activate new site collections on this WA to open in client applications by default (can we disable this office webapps features only on one web app)?
    VM

    I have learnt from this forum that it is not possible to turn off Office web apps on single web application. The line of control lies at farm level and then at site collection.
    Disable
    Office Web Apps on web application
    VM

  • SPSiteCollection.Add in WCF service for FBA web application throws "user not found"

    Hi,
    I use SharePoint 2010 SP2. Programmatically I can create a FBA-based web application and now I want to add a new site collection ("/") subsequently. Everything is done in a WCF web service with its own application pool and web
    application. In extracts my code looks like this:
    const uint cLID = 1031;
    const string cSiteWebTemplate = "BLANKINTERNETCONTAINER#0";
    const string cAdminName = "i:0#.f|user|username";
    const string cDisplayName = "username";
    const string cSiteAdminEmail = "[email protected]";
    SPWebApplication webApplication = SPWebApplication.Lookup(new Uri("https://www.someurl.com"));
    using (SPSite newSite = webApplication.Sites.Add("/", "some title", "some site collection comment", cLID, cSiteWebTemplate, cAdminName, cDisplayName, cSiteAdminEmail, null, null, null, false))
    I also have a Windows forms based application where the exactly same code (except the changes required for WCF services) runs smooth, no exceptions or errors.
    Now every time the webApplication.Sites.Add-method is called inside the WCF service by any client I get the following exception (it is in German, English
    translation in square brackets):
    Microsoft.SharePoint.SPException: Der Benutzer kann nicht gefunden werden. [user cannot be found]
      bei [at] Microsoft.SharePoint.Administration.SPSiteCollection.Add(SPContentDatabase database, SPSiteSubscription siteSubscription, String siteUrl, String title, String description, UInt32 nLCID, String webTemplate, String ownerLogin, String ownerName,
    String ownerEmail, String secondaryContactLogin, String secondaryContactName, String secondaryContactEmail, String quotaTemplate, String sscRootWebUrl, Boolean useHostHeaderAsSiteName)
      bei Microsoft.SharePoint.Administration.SPSiteCollection.Add(SPSiteSubscription siteSubscription, String siteUrl, String title, String description, UInt32 nLCID, String webTemplate, String ownerLogin, String ownerName, String ownerEmail, String secondaryContactLogin,
    String secondaryContactName, String secondaryContactEmail, Boolean useHostHeaderAsSiteName)
      bei Microsoft.SharePoint.Administration.SPSiteCollection.Add(String siteUrl, String title, String description, UInt32 nLCID, String webTemplate, String ownerLogin, String ownerName, String ownerEmail, String secondaryContactLogin, String secondaryContactName,
    String secondaryContactEmail, Boolean useHostHeaderAsSiteName)
    The process user is the same both for my Windows forms based application and my WCF service and I expect the code runs the same in both cases. I did not find any matching forum entry and I have no idea why a WCF service does not execute
    the same way as a Windows forms application. Additionally, before applying SP2, I used an ASMX service with a similar code snippet and it also worked fine.
    Can anyone please tell me why calling
    webApplication.Sites.Add-method by a WCF service does not work? Is there anything I can do to make it work properly?

    The creation of a new web application using SharePoint API works in WCF service. I also lined out that...
    SPWebApplication webApplication = SPWebApplication.Lookup(new Uri(https://www.someurl.com));
    ... works in WCF service. In return I really get the very web application that I requested. Also exactly the same code snippet is called by exactly the same user context both in WCF Service and Windows forms application. Only for Windows forms
    application it does not throw the exception but in WCF Service it does. I had some WCF Service specialist colleague looking through the code and web.config and he stated it looks ok (unfortunately he does not have any experience with SharePoint).
    If you state "It's not, then your WCF config is wrong" what do you think I need to add or change in web.config in order to make it work? BTW: I did not modify app.config in my Windows forms application, so I thought I do not need to modify my web.config.

  • Defining an Authentication Scheme for user ID and password and client certi

    Hi,
                    I do need to define an Authentication Scheme for user ID/Password and client certificate,, both at the same time, so whenever the end user access the SAP Portal he/she will be asked to provide user and password as well digital certificate,
                    Despite of the whole idea behind o f the concept of digital certificate, my client sill wants to keep the user ID and password to complies with business requirements.
         I found a documentation that discuss Authentication Scheme with example using both ID and Digital certificate, but the priority was set different for each authentication method.
    http://help.sap.com/saphelp_nw04s/helpdata/en/d3/1dd4516c518645a59e5cff2628a5c1/content.htm
         So I am wondering with I can accomplish User ID/Pwd plus digital certificate just by making the priority the same value. Anyone had a similar requirement?
    Best Regards
    Claudio Rocha

    Hi
    Did you get an answer for this Query ?
    Regards
    Priyanka

  • Why an organization require SSL for Shared Web Applications?

    Hi
    what is ssl and why an organization  require SSL for Shared Web Applications?
    adil

    Hi adil,
    Secure Socket Layer (SSL) is an encrypted communication protocol which uses encryption certificates. For more information about SSL in SharePoint, please refer to:
    http://technet.microsoft.com/en-us/magazine/2009.09.insidesharepoint.aspx
    http://technet.microsoft.com/en-us/library/cc262366(v=office.15).aspx
    SSL is supported for server-to-server authentication and app authentication.
    Regards,
    Rebecca Tu
    TechNet Community Support

  • Query for log Parser to get number of hits in a day or week for particular web applications or site collection

    Hi All,
    Want to get the number of hits in a day for a web application with IIS logs. so need to know Query for log Parser to get number hits in a day or week for particular web applications or site collection. Kindly help
    Regards,
    Naveen

    I'm trying to get this from WSS 3.0, Hence using the Log Parser

  • Good exception handling policy for Java web application

    I'm looking for a good exception handling policy for Java web application. First I found this Java exception handling best practices - How To Do In Java which says that you should never catch the Trowable class nor use e.printStackTrace();
    Then I found this Oracle page The Message-Driven Bean Class - The Java EE 6 Tutorial, which does just that. So now I'm confused. Is there a good page online for an exception handling policy for Java EE Web applications? I have a hard time finding one. I've read that you should not catch the Exception class. I've been catching it previously to make sure that some unknown exception doesn't slip through early in the loop and stops all other customers from executing later on in the loop. We have a loop which runs once a minute implemented using the Quartz framework. Is it OK if you just change the implementation to catch the RuntimeException class instead of the Exception class? We're using Java 7 and the Jetty Servlet Container.

    I'm looking for a good exception handling policy for Java web application.
    If you have not done so I suggest you start by reviewing the several trails in The Java Tutorials.
    Those trails cover both HOW to use exceptions and WHEN to use them.
    This trail discusses  the 'controversy' you mention regarding 'Unchecked Exceptions'
    http://docs.oracle.com/javase/tutorial/essential/exceptions/runtime.html
    Unchecked Exceptions — The Controversy
    Because the Java programming language does not require methods to catch or to specify unchecked exceptions (RuntimeException, Error, and their subclasses), programmers may be tempted to write code that throws only unchecked exceptions or to make all their exception subclasses inherit from RuntimeException. Both of these shortcuts allow programmers to write code without bothering with compiler errors and without bothering to specify or to catch any exceptions. Although this may seem convenient to the programmer, it sidesteps the intent of the catch or specify requirement and can cause problems for others using your classes.
    Why did the designers decide to force a method to specify all uncaught checked exceptions that can be thrown within its scope? Any Exception that can be thrown by a method is part of the method's public programming interface. Those who call a method must know about the exceptions that a method can throw so that they can decide what to do about them. These exceptions are as much a part of that method's programming interface as its parameters and return value.
    The next question might be: "If it's so good to document a method's API, including the exceptions it can throw, why not specify runtime exceptions too?" Runtime exceptions represent problems that are the result of a programming problem, and as such, the API client code cannot reasonably be expected to recover from them or to handle them in any way. Such problems include arithmetic exceptions, such as dividing by zero; pointer exceptions, such as trying to access an object through a null reference; and indexing exceptions, such as attempting to access an array element through an index that is too large or too small.
    Generally don't catch an exception unless you plan to HANDLE the exception. Logging, by itself is NOT handliing.
    First I found this Java exception handling best practices - How To Do In Java which says that you should never catch the Trowable class nor use e.printStackTrace(); 
    That article, like many, has some good advice and some poor or even bad advice. You get what you pay for!
    I've read that you should not catch the Exception class.
    Ok - but all that does is indicate that a problem of some sort happened somewhere. Not very useful info. Java goes to a lot of trouble to provide specific exceptions for specific problems.
    I've been catching it previously to make sure that some unknown exception doesn't slip through early in the loop and stops all other customers from executing later on in the loop.
    If the exception is 'unknown' then maybe it NEEDS to 'stop all other customers from executing later on in the loop'.
    That is EXACTLY why you don't want to do that. You need to identify which exceptions should NOT stop processing and which ones should.
    Some 'unknown' exceptions can NOT be recovered and indicate a serious problem, perhaps with the JVM itself. You can NOT just blindly keep executing and ignore them without risking data corruption and/or the integrity of the entire system Java is running on.
    Is it OK if you just change the implementation to catch the RuntimeException class instead of the Exception class? We're using Java 7 and the Jetty Servlet Container.
    No - not if you want a well-behaved system.
    Don't catch exceptions unless you HANDLE/resolve them. There are times when it makes sense to log the exception (which does NOT handle it) and then raise it again so that it gets handled properly later. Yes - I know that is contrary to the advice given in that article but, IMHO, that article is wrong about that point.
    If you have ever had to maintain/fix/support someone else's Java code you should already understand how difficult it can be to find WHERE a problem occurs and WHAT the exact problem is when exceptions are not handled properly.

Maybe you are looking for