Forcing logonui to reenumerate credential providers
I am trying to determine if there is an accepted method to get logonui to reenumerate the available credential providers.  The scenario I am trying to address is if a new credential provider is installed on a system when logonui is active.  In
this scenario I would like the new credential provider to become available without rebooting the system.
A potential solution I have is to kill the logonui process if it is active, then either wait for winlogon to restart the logonui process, Â attempt to get winlogon to restart logonui by sending a Ctrl-Alt-Del sequence, or have the installer respawn logonui.
For the later option I have not yet determined if there are security implications by just starting logonui, and if the process needs to be related to winlogon as its parent process. Â Some general testing has shown that I can manually kill the logonui
process and then start it remotely and still be able to logon.
I have not been able to locate any documentation that talks about the possibility of restarting logonui or about its parent/child relationship with winlogon.
Are there security issues with any of the above mentioned solutions?
Is there an accepted (but perhaps not recommended) method to get logonui to reenumerate credential providers?
Similar Messages
-
How to disable additional credential providers
Scenario:
Credential providers are in-process COM objects that are used to collect credentials and run in local system context. They are used to process and validate user credentials during logon or when authentications is required. For more
information, please refer to this article Windows Interactive Logon Architecture.
When users logon, there might be duplicate
input boxes that need to input the credentials more than once on the logon screen, or there might be no place to sign in with the password, only displaying the smart card logon.
The cause of these symptoms is likely to be the
multiple credential providerswhich are usually caused by some third-party software. This article describes how to resolve this kind of
issues.
Solution:
In order to solve the above issue, we should disable the additional credential providers.
Step One: Check if the cause is multiple credential providers.
Check the credential provider and find its CLSID used by last logged on. Open Registry Editor, and then navigate to the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI.
On the right side, navigate to the String Value LastLoggedOnProvider whose data is the CLSID of credential provider, as shown in the figure below.
Check Microsoft built-in credential providers. Boot into safe mode which would only load the built-in credential provider, and redo step 1.
Check if the two CLSIDs in step 1 and 2 are the same. If not, we could disable the additional credential provider to solve this issue.
Step Two: Disable the additional credential provider.
Method 1: Using Group Policy.
Open local Group Policy editor, navigate to Computer Configuration -> Administrative Templates -> System -> Logon,
and then find the policy Exclude credential providers
on the right side.
Right Click Exclude credential providers, click
Edit, click Enabled and enters the
comma-separated CLSID which to exclude multiple credential providers during authentication.
Click OK to save the changes.
Method 2: Using Registry.
Open Registry Editor , then Navigate to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
Right click on the CLSID of the provider, select New ->
DWORD (32-bit) Value, then enter the value name to
Disabled, after that modify the value data to 1.
The provider will be disabled on the next session which is created during log off, switch user, or reboot.
Note: Credential providers are all defined in the following registry key with related CLSID:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.I found the solution:
https://addons.mozilla.org/en-US/firefox/addon/click-to-play-per-element/
Still so stupid of Firefox/Mozilla to go this direction in the first place.... starting to actually hate Firefox more and more with each release. Less and less reminiscent of the actual ideas behind Phoenix/Firebird when it first started. -
802.1x Credential Provider
I have a custom Credential Providers for Windows 7 and I'm trying to implement support for a wired 802.1x enabled network.
Since my Credentail Provider is used in a Windows domain network, I have to perform a network authentication (using the users credential) before the user can logon to the domain.
Is there a way to perform (Win32 API or equivalent) a network authentication using the native Windows 802.1x supplicant, or is the only option to build my own supplicant using the EAPHost framework.
Any help is much appreciated!
Regards
MagnusNo, no special network code. I just want to establish a network connection for Windows to auth the user.
In the GetSerialization function, I serialize the user credentials and returns the resulting blob to Windows. Windows then authenticates the user and, if successful, the user is logged on. With an 802.1x enabled network, Windows cannot connect to the AD,
and as a consequence the user is not logged in. If I disable 802.1x on the switch, everything works as expected.
If the user is already logged in, I can force a re-auth by using netsh lan reconnect. In this scenario, our Provider is loaded, the user can select the smart card and enter the PIN. Our CSP is then used to access the smart card and eventually, the user is
auth by the switch. To be able to perform such an authentication, I only started the “Wired AutoConfig” service and made some configuration.
I’m a bit puzzled by the fact that I have to take in to account that the computer is connected to an 802.1x network at all. Windows should be able to resolve this issue by using the credentials I’m supplying via the GetSerialization function. I really hope
that I have misunderstood how this works in Windows, I rather use Windows built-in supplicant then writing my own.
If you have any pointers to any Win32 API and/or configuration etc. that resolves the situation described above, it would be much appreciated.
Is it possible to configure Windows to first use the machine account and then at a later stage (when the user is logged on) force a re-auth using the users credential?
Regards
Magnus -
Force Active Directory Users to Log Into a Shared Local Profile.
I've searched long and hard for an answer to this but I've found very little info on it so I'm starting to wonder if it's at all possible.
On some of our "Presenter PC's" at work it has been deemed that the creation of a new account from the Default profile takes too long when logging into Active Directory and slows presenting down too much. Our Default profile is probably around 120Mb due to
the contents of the image after deployment and how every application is tailored for use hence the AppData folder takes the bulk of the size up and it's not an option to remove it.
These PC's are (for now at least but hopefully not for much longer) locked down by Deep Freeze which resets all changes to all files when the PC is rebooted so a shared profile is not a problem at this point in time.
What I want to know is whether there is ANY way to make it so that a user authenticating to Active Directory can ALWAYS be forced into a pre-configured, local profile running on Win 7 32/64 Pro?
I've been looking at credential providers and replacing USERINIT.exe. I'm just not 100% sure which part of the process actually tells the PC which profile to use. I know that the registry is checked for the user GUID and if not present creates a new entry and
copies the Default profile but I don't know quite where this is called and how to modify it.
My programming knowledge limited to a bit of CMD and AutoIt but I do know a few coders so if we really have to get our hands dirty on this it isn't the end of the world.
I should also add I've recently been toying with taking the AppData folder outside of the Default profile and creating a SymLink to it but upon copying the Default profile to a new profile (much quicker and more acceptable) the SymLink is lost and replaced
with a relatively empty set of folders which can't be deleted and replaced with a SymLink because the LSASS.exe process is using it and obviously you can't stop that process...
Making the PC log into a local profile on startup is also not an option because a user MUST log into AD to not be in breach of our AUP and all network drives must be availalbe (mapped by GPo and login script).
Any help is more than welcome at this point in time as I've pretty much exhausted all avenues that I know of and have turned to you helpful folk. CheersHi,
For mandatory profile, I suggest you refer to the following articles:
Customize the default local user profile when preparing an image of Windows
http://support.microsoft.com/kb/973289
mandatory profiles
http://social.technet.microsoft.com/Forums/en/w7itproinstall/thread/d2406a55-e053-45c5-b064-bf009c4bfafc
Hope this helps.
Vincent Wang
TechNet Community Support -
X230 Win 8.1 Pro Fingerprint single swipe power on and login black screen
When i try to log on using the single swipe power on and login feature sometimes the screen will go to the login screen, the finger print scanner will flash, and then i get a black screen. I can see the mouse cursor, but nothing else. If I swipe my finger again, I will see the login screen again briefly, before it returns to a blank screen again. There is no way to get past this, aside from forcing the machine to power down (Hold down power key for 10 seconds).
Does anyone have a solution for this. Powering on the device and logging in with a single swipe is a really great feature, but I need it to not brick logging in.
Thanks for any help or advice.
-If this post was helpful maybe consider giving me a kudos for it.
Thinkpad x230 -i5, 16gb RAM, 240gb SSD, 500gb 7.2k hdd, win 8.1 pro
Thinkpad x220t - multi-touch, i7, 16gb RAM, 80gb SSD, 320gb 7.2k hdd, win 7 pro 64I apologize I didn't already provide these answers initially.
Questions:1. Does this happen 100% of the time, or is it intermittent?
I have only noticed this intermittently.
2. Does it happen starting from full shutdown (press and hold SHIFT key while you shutdown the computer normally, then swipe to power on and log in).
I have only had this problem when resuming from a state of hibernation.
3. Does it happen starting from sleep (swipe to resume the system from sleep and log in)
I rarely sleep the system, but I recall it hanging once or twice when coming back from sleep as well.
4. Can you check "View all problem reports" screen in Action Center to see if any crash happens at the same time the problem occurs?
the only problem reports that corresponds with the times this has happened today refer to an problem with the Anti malware Service Executable with the summary being MpTelemetry.
5. Can you export registry at these locations:
a. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters]
b. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers]
I have this, but unfortunately do not see how I can attach it this post.
Edit: Here is a link to download it directly. Once you respond I'll disable this.
Link removed
It should also be noted that I do not have a problem when single swipe is disabled. (So I need to swipe twice. One to power on, and the other to log in.)
-If this post was helpful maybe consider giving me a kudos for it.
Thinkpad x230 -i5, 16gb RAM, 240gb SSD, 500gb 7.2k hdd, win 8.1 pro
Thinkpad x220t - multi-touch, i7, 16gb RAM, 80gb SSD, 320gb 7.2k hdd, win 7 pro 64 -
802.1X cannot change expired password at login
Hi all,
I'm trying to roll out 802.1X authentication for wifi access at my company, however there's one major problem I can't for the life of me figure out. I'm not able to get the Macs to prompt for a password change when the password has expired at login.
On Windows when you log in it will prompt you to change your password when it's expired. However on OSX when you're on the workstation login screen, you can see the wireless icon briefly connect, then it will think for a bit and the user cannot log in at all.
OSX can definitely can change expired passwords via 802.1X, as if I log into a local account and connect to the wifi with the user whose password has expired, it will prompt to change it, and changes it successfully.
I'm using NPS for RADIUS authentication against AD, and using Profile Manager in OSX Server to create the 802.1X profile.
Does anyone have any experience with OSX and using WPA Enterprise/802.1X Profiles?
Thanks!Hi,
Can you post a screenshot for this situation?
Sometimes, the third party credential provider would lead to some issue like this, I suggest you check the
current credential provider via the following path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\x\LastLoggedOnProvider
You should compare the result with the values in the following path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\credential providers
If the current value is third party credential provider, try to disable it:
To disable the provider add a REG_DWORD value "Disabled"=1 to that provider’s CLSID subkey.
The provider will be disabled on the next session creation (sessions are created when you log off, switch users, or reboot.
If you have any feedback on our support, please click
here
Alex Zhao
TechNet Community Support -
Novell login not available with remote desktop on windows 7
Installed Novell Client 2 SP3 for Windows Server 2012 on my terminal server. When I log in from Windows XP to that terminal server I am getting an option to login with Novell Client. On Windows 7 however I only can logon to the server. What am I missing here?
djaquays <[email protected]> wrote:
> Mostly, that MS RDP for Mac ignores the authentication level:i:0 option
> in an RDP file and there's no GUI equivalent to force legacy
> authentication.
Microsoft's Network Level Authentication (NLA) feature is supported in
Windows Server 2008 and later terminal servers, and supported by
Remote Desktop Connection (MSTSC) 6.x and later terminal clients.
Windows XP did not ship with a MSTSC 6.x terminal client, but it is
available optionally through Windows Update.
The NLA authentication is essentially requiring that valid Windows
user account credentials for the Windows Server machine must be
provided /before/ the RDP-level terminal session connection is even
attempted or permitted. If the Windows user credentials you're logged
in with on the client workstation do not already satisfy this
requirement, the NLA-aware MSTSC clients will prompt you for valid NLA
credentials before even attempting to open the terminal session.
In other words, NLA doesn't directly have anything to do with whom you
will become authenticated as within the terminal session, or whether
you'll reconnect to some other already-running terminal session; it's
a new default mechanism which requires Windows credentials for
authorizing you to create an RDP connection to the Windows Server
machine "at all."
Unfortunately Windows Server 2008 and later don't permit you to turn
NLA completely off. You can configure the Windows Server to always
require NLA, which means pre-MSTSC 6.x terminal clients will be unable
to connect. Or you can configure the Windows Server to "not require
NLA" ("Allow connections from computers running any version or Remote
Desktop"), but this still means Windows Server will use NLA if the
workstation's MSTSC client supports NLA.
The only option which has been available to "disable NLA" even when a
Windows Server 2008 or later terminal server and a MSTSC 6.x or later
terminal client are involved is to configure the
"enablecredsspsupport:i:0" setting in the MSTSC client's .RDP file
(e.g. default.rdp in the My Documents folder), in addition to
configuring the terminal server to "not require NLA."
Once you have "Allow connections from computers running any version or
Remote Desktop" set on the Windows Server, and
"enablecredsspsupport:i:0" set in the MSTSC client, now you're back to
the Windows XP & Windows Server 2003 behavior where an RDP terminal
connection can be established without first having to supply NLA
credentials, and the first thing the MSTSC client user will experience
is the full normal credential provider-based login experience just
like you see at the physical console of the terminal server.
Note that if you do leave NLA enabled and supply NLA credentials
during the MSTSC connection attempt, after successfully using those
credentials to authorize creation of the RDP connection, the MSTSC
client will /also/ default to using the NLA credentials as default
credentials to attempt logging on with within the terminal session
itself. In other words, if you successfully supply NLA credentials,
by default you also become logged in on the terminal session and go
straight to the desktop of the Windows user account specified in the
NLA credentials. So even though "NLA credentials" and "whom I will
logon as within the terminal session" are two separate things, by
default the MSTSC client tries to use the same credentials for both.
But it's not that the NLA credentials "must" be used for logging in on
the terminal session; that's simply the default behavior. If you
leave NLA enabled on the Server 2008 or later terminal server, after
NLA credentials are successfully used to authorize creation of an RDP
connection, if you wanted to instead be prompted within the terminal
session with the normal credential provider login experience, enable
the "Always prompt for password" on the Windows Server 2008 or later
terminal server.
(On the Server 2008 or later machine, under "Administrative Tools"
find the "Remote Desktop Services" group and launch the "Remote
Desktop Session Host Configuration" console. Highlight/select the
"RDP-Tcp" connection, right-click and select "Properties". On the "Log
On Settings" tab elect "Always prompt for password".)
That sounds like probably the scenario which fits best for the "I have
a Macintosh-based client which doesn't allow enablecredsspsupport:i:0
/ authentication level:i:0." You would leave NLA enabled on the
Server 2012 machine, but enable "Always prompt for password" in the
RPC-Tcp connection properties on the Server 2012 machine. Such that
after NLA authentication was performed and Windows allowed creation of
the terminal session, instead of immediately also attempting to login
within the terminal session as the Windows account specified in the
NLA credentials, Windows will instead present the normal interactive
credential provider login experience to allow the user to specify whom
they want to login as.
Finally, note that everything described above applies even to a
Windows Server and Windows client workstation that do /not/ have the
Novell Client for Windows installed. The same mechanisms remain in
effect even once the Novell Client is installed; the presence of the
Novell Client just changes what credential providers would be used or
presented within the terminal session once the terminal session was
allowed to be created. The fact that NLA is required by default and
requires valid Windows credentials in order to authorize an RDP
connection is still the same, regardless of whether the Novell Client
is present or not.
Alan Adams
Novell Client CPR Group
[email protected]
Novell
Making IT Work As One
www.novell.com
Upgrade to OES Community
http://www.novell.com/communities/co.../upgradetooes/ -
User cannot change expired password at logon
Hi
I've got 4 Fujitsu laptop with Windows 7 business SP1 x64 (Fujitsu setup). When the domain password expired, users cannot change their password at logon. Also, they can change password in their opened session before it expire (CTRL+ALT+DEL ==>
change password).
The change password at logon windows is buggy : It only display one field to put password in, the confirmation field does not display.
When user valid is change, Windows display error "wrong username or password ". Only way to unlock this situation is to reset user password in ADUC and never let expire.
I seen no sofware or driver wich could interfe.
Domain controler (only one) is Windows server 2012 standard.
Has somebody ever seen this type of problem ?Hi,
Can you post a screenshot for this situation?
Sometimes, the third party credential provider would lead to some issue like this, I suggest you check the
current credential provider via the following path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\x\LastLoggedOnProvider
You should compare the result with the values in the following path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\credential providers
If the current value is third party credential provider, try to disable it:
To disable the provider add a REG_DWORD value "Disabled"=1 to that provider’s CLSID subkey.
The provider will be disabled on the next session creation (sessions are created when you log off, switch users, or reboot.
If you have any feedback on our support, please click
here
Alex Zhao
TechNet Community Support -
X61 power user cannot change display DPI
Hi,
I have one X61 (7673-CH4) XP Pro and login a Power User, I want to change the DPI setting in display advanced setting properties,
but this X61 notebook always prompt a dialog box "Windows Setup has not changed the requested setting, You may not have the required Administrator privilege to install or uninstall new files or drivers. please contact your Administrator".
1. because this X61 is a domain computer, can not provide user in administrator rights,
2. I try updated last display driver (v6.14.10.4926)
3. I try other general desktop PC login Power user can change about DPI setting no need administrator rights.
Please give me advise solution allow user can change DPI
Many thanks
FilexHi,
Can you post a screenshot for this situation?
Sometimes, the third party credential provider would lead to some issue like this, I suggest you check the
current credential provider via the following path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\x\LastLoggedOnProvider
You should compare the result with the values in the following path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\credential providers
If the current value is third party credential provider, try to disable it:
To disable the provider add a REG_DWORD value "Disabled"=1 to that provider’s CLSID subkey.
The provider will be disabled on the next session creation (sessions are created when you log off, switch users, or reboot.
If you have any feedback on our support, please click
here
Alex Zhao
TechNet Community Support -
How to configure Remote desktop connection double sign-on?
All dear,
I need help. I install a terminal server 2012, but when I try to remote login, only once sign on. How can I to configure the server to double sign-on.
ThanksIf I understand you right you have custom credential provider on the server. In this case Microsoft says that it is impossible to overcome double sign-on, just search for the "RDC and Custom Credential Providers" on the Internet.
-
URGENT ::: How to add UserName Token to SOAP Message Header.
Hi,
I created a webservice client using CLIENTGEN utility of weblogic from the WSDL file. When I am trying to call a webservice which is hosted on TOMCAT server, I am getting the following exception::
5/12/2008 06:09:02 com.sun.xml.wss.impl.filter.DumpFilter process
INFO: ==== Sending Message Start ====
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://settlementService.au.db.com/types">
<env:Body>
<env:Fault>
<faultcode xmlns:ans1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ans1:FailedAuthentication</faultcode>
<faultstring>Message does not conform to configured policy [ AuthenticationTokenPolicy ]: No Security Header found</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
==== Sending Message End ====
The webservice ic configured as secured webservice, there is some certificate file which was provided to me from client. Useing java KEYTOOL command I have created the keystore from that certificate and configure it in the weblogic server console.
Issue is the SOAP message header is blank I need to add the USERNAME TOken profile to this header, in order to access this webservice. The current CLIENT code snippet is shown below:
try{
String WSDLUrl = "https://shappzu2.au.db.com:8297/settlementService-ws/settlementService?WSDL";
String wsUserName = "tracer-us";
String wsPassword = "R0na!do#11";
InputStream[] policies = new InputStream[]{Client.class.getResourceAsStream("/wl-unt-policy.xml")};
SettlementService_Impl settlementServiceObj = new SettlementService_Impl(WSDLUrl);
SettlementServiceFacade port = settlementServiceObj.getSettlementServiceFacadePort(policies, policies);
List credProviders = new ArrayList();
CredentialProvider cp = new ClientUNTCredentialProvider(wsUserName.getBytes(), wsPassword.getBytes());
credProviders.add(cp);
Stub stub = (Stub)port;
// Set stub property to point to list of credential providers
stub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
if(sharesXMLString != null && sharesXMLString.length() > 0) {
port.loadEquityTrade(sharesXMLString);
}catch(Exception e){
//throw new SystemException(e.getMessage());
e.printStackTrace();
Can any one help me in this?1) Use something like TCPmon https://tcpmon.dev.java.net/ or verbose logging to see the actual message content on the wire that the client is sending
2) Inside the WLS samples there is a UNT sample in the INSTALL_DIR/wlserver_10.0(or equivalent)/samples/server/examples/src/examples/webservices/security_jws
If that works correctly and puts the UNT in the header, then I would compare that code with yours. -
Implementation of ws-secureconversation in webservice
I have to implement a message level secured webservice which wud cater to client on .NET. We have weblogic 10.3.6. Through the tutorials i have configured my server with "weblogic.wsee.security.wssc.v13.sct.ServerSCCredentialProvider" , "weblogic.wsee.security.wssc.v13.dk.DKCredentialProvider", weblogic.xml.crypto.wss.UNTCredentialProvider", and "weblogic.wsee.security.bst.ServerBSTCredentialProvider" credential providers and used policy as policy:Wssp1.2-Wssc1.3-Bootstrap-Wss1.1.xml in the webservice.
While invoking the service froma stand-alone client , I get an exception "<WSEE:15>Context token does not have a shared secret that is required for deriving secret keys<DKTokenBase.getSecretKey:240>".
Following a code snippet from the client code:-
CredentialProvider cp = new ClientBSTCredentialProvider( "plcom.jks", "1234", "com", "1234", "JKS");
credProviders.add(cp);
stub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
stub._setProperty(StubPropertyBSTCredProv.SERVER_ENCRYPT_CERT, CertUtils.getCertificate(serverCertFile )); //serverCert));
stub._setProperty(WlMessageContext.SCT_LIFETIME_PROPERTY, new Long( 2 * 60 * 60 * 1000L));
stub._setProperty(WSSecurityContext.TRUST_MANAGER,
new TrustManager()
public boolean certificateCallback(X509Certificate[] chain, int validateErr)
{ return true; }
Please guide me how to add the shared key to the context in otrder to successfully invoke the service.are u using any tool to generate ur java files from wsdl...??
-
Set username/password using in Java client proxy for a JAX-WS webservice
Hi, i am invoking one deployed EBS webservice , while trying to run that client program me
i am getting error WSSE security, where can i set Uname pwd , through java program me
++Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Missing <wsse:Security> in SOAP Header
Thanks Regards
Raj
Edited by: 952094 on Jan 23, 2013 1:42 PMimport java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.xml.ws.BindingProvider;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
you can add username for weblogic client using
// Create list of credential providers
List credProviders = new ArrayList();
// Create user name token provider
ClientUNTCredentialProvider unt = new ClientUNTCredentialProvider("weblogic", "weblogic");
credProviders.add(unt);
credProviders.add(cp);
// Finally add the credential providers to the request context
Map<string, object=""> requestContext = ((BindingProvider)brokerService).getRequestContext();
requestContext.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders); -
OC4J client with WCF Web Service using Mutual Certificates
I'm trying to generate client stubs for a WCF web service.
I tried using docs here:
http://docs.oracle.com/cd/B10464_05/web.904/b10447/tools.htm
# OC4J 9.0.4
Java sdk 1.4.2_03
cd \dev\oc4j-9.0.4\webservices\lib
- config.xml
<?xml version="1.0"?>
<web-service>
<proxy-gen>
<proxy-dir>output/clientclass/examples/webservices/simple_client</proxy-dir>
<option name="include-source">true</option>
<option name="wsdl-location">
http://xxx.xxxxx.xxx:9000/WCFTestService/Service.svc?wsdl</option>
</proxy-gen>
</web-service>
java -jar WebServicesAssembler.jar -debug
- ends with NullPointerException:
<output>
Please wait ...
..parsing top level elements
..generating client side proxy for wsdl :
http://xxx.xxxxx.xxx:9000/WCFTestService/Service.svc?wsdl
....compiling client side proxy for package :proxy
Exception in thread "main" java.lang.NullPointerException
at oracle.j2ee.ws.tools.WsAssmProxyGenerator.doCompile(WsAssmProxyGenerator.java:284)
at oracle.j2ee.ws.tools.WsAssmProxyGenerator.processProxy(WsAssmProxyGenerator.java:135)
at oracle.j2ee.ws.tools.WsAssmProxyGenerator.clientGenerate(WsAssmProxyGenerator.java:112)
at oracle.j2ee.ws.tools.WsAssembler.assemble(WsAssembler.java:96)
at oracle.j2ee.ws.tools.WsAssembler.main(WsAssembler.java:54)
</output>
- Then tried using Sun jdk to gen proxy:
# Just SDK
Java sdk 1.6.0_25
wsimport -keep -extension -d output -s src -p examples.webservices http://xxx.xxxxx.xxx:9000/WCFTestService/Service.svc?wsdl
<ListOfGeneratedJavaFiles>
CompositeType.java
GetData.java
GetDataResponse.java
GetDataUsingDataContract.java
GetDataUsingDataContractResponse.java
IService.java
ObjectFactory.java
package-info.java
Service.java
</ListOfGeneratedJavaFiles>
- creates the service and port, but where is the stub?
in my code I use the stub to set the certificate auth
<codeSnip>
// get the ws stub
IService_Stub serviceStub = (IService_Stub)iSampleService;
// add the credential providers to the ws stub
serviceStub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST,
credProviders);
</codeSnip>
# WebLogic 10.3.5
I'm happy to say that everything seems to work well under WebLogic 10.3.5.
I used weblogic.wsee.tools.anttasks.ClientGenTask with ant
to generate the proxy files.
<ListOfGeneratedJavaFiles>
IService.java
IService_Stub.java
Service.java
Service_Impl.java
</ListOfGeneratedJavaFiles>
I understand how to use these files and everything works.
But we need this to work in the OC4J orion server before we are ready to upgrade to WebLogic.
I have also tried OC4J 10.1.2.0.2 - same a OC4j 9.0.4 - null pointer.
I also tried Metro, but it uses wsimport, so also does not have a stub.
I'm out of ideas. Any pointers or advice are greatly appreciated.
Thank you.My guess would be that the server's certificate isn't in your client's trust-store (which defaults to "cacerts"). Chances are your senior architect has already imported the server-cert on his machine and forgotten he did so.
Grant -
Using NetBeans Java ME Designer for List
I'm using the Java ME screen Designer in NetBeans. I'd like to create a simple list from which users can select one option. I know how to write code to do it, but how do I do it through the screen designer?
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.xml.ws.BindingProvider;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
you can add username for weblogic client using
// Create list of credential providers
List credProviders = new ArrayList();
// Create user name token provider
ClientUNTCredentialProvider unt = new ClientUNTCredentialProvider("weblogic", "weblogic");
credProviders.add(unt);
credProviders.add(cp);
// Finally add the credential providers to the request context
Map<string, object=""> requestContext = ((BindingProvider)brokerService).getRequestContext();
requestContext.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
Maybe you are looking for
-
Printing Duplex Pages, Single Page, Hidden Page Question
I have an 8 page form where there are several forms in the following format Page 1 - Single Sided Page 2 and 3 - Double Sided Page 4 - Single Sided Page 5 and 6 - Souble Sided Page 7 and 8 - Double Sided What I would like to do is have those blank pa
-
Generate a .doc with Bps
Hi all experts, I have no much idea about Bps, but in my company we have this problem and we would like to solve it: - We would like to present via Bps a web based form to insert data in a textarea and when the user clicks "submit" button, we would l
-
IPhone standard weather app is not accessin local weather
It seems that local weather is now not updating in the standard iPhone weather app, seemed to have started with this issue today & coincidently yahoo Australia has updated its web page so when I click on the yahoo app with in the weather app it takes
-
Question pertaining to firewire 400 vs. 800
I am currently in the process of learning the Mac world. I have been using my wife's iBook for sometime and am waiting for things to work out for a new MacBook. So as I embark on my switch over from the Dark-side to Mac I was wondering, if firewire 8
-
.dbc file during mapping instances
Where can we get the .dbc files during mapping instances setup. We tried getting it from OAM.