Forcing logonui to reenumerate credential providers

I am trying to determine if there is an accepted method to get logonui to reenumerate the available credential providers.  The scenario I am trying to address is if a new credential provider is installed on a system when logonui is active.  In
this scenario I would like the new credential provider to become available without rebooting the system.
A potential solution I have is to kill the logonui process if it is active, then either wait for winlogon to restart the logonui process,  attempt to get winlogon to restart logonui by sending a Ctrl-Alt-Del sequence, or have the installer respawn logonui.
For the later option I have not yet determined if there are security implications by just starting logonui, and if the process needs to be related to winlogon as its parent process.  Some general testing has shown that I can manually kill the logonui
process and then start it remotely and still be able to logon.
I have not been able to locate any documentation that talks about the possibility of restarting logonui or about its parent/child relationship with winlogon.
Are there security issues with any of the above mentioned solutions?
Is there an accepted (but perhaps not recommended) method to get logonui to reenumerate credential providers?

Similar Messages

  • How to disable additional credential providers

    Scenario:
    Credential providers are in-process COM objects that are used to collect credentials and run in local system context. They are used to process and validate user credentials during logon or when authentications is required. For more
    information, please refer to this article Windows Interactive Logon Architecture.
    When users logon, there might be duplicate
    input boxes that need to input the credentials more than once on the logon screen, or there might be no place to sign in with the password, only displaying the smart card logon.
    The cause of these symptoms is likely to be the
    multiple credential providerswhich are usually caused by some third-party software. This article describes how to resolve this kind of
    issues.
    Solution:
    In order to solve the above issue, we should disable the additional credential providers.
    Step One: Check if the cause is multiple credential providers.
    Check the credential provider and find its CLSID used by last logged on. Open Registry Editor, and then navigate to the key
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI.
    On the right side, navigate to the String Value LastLoggedOnProvider whose data is the CLSID of credential provider, as shown in the figure below.
    Check Microsoft built-in credential providers. Boot into safe mode which would only load the built-in credential provider, and redo step 1.
    Check if the two CLSIDs in step 1 and 2 are the same. If not, we could disable the additional credential provider to solve this issue.
    Step Two: Disable the additional credential provider.
    Method 1: Using Group Policy.
    Open local Group Policy editor, navigate to Computer Configuration -> Administrative Templates -> System -> Logon,
    and then find the policy Exclude credential providers
    on the right side.
    Right Click Exclude credential providers, click
    Edit, click Enabled and enters the
    comma-separated CLSID which to exclude multiple credential providers during authentication.
    Click OK to save the changes.
    Method 2: Using Registry.
    Open Registry Editor , then Navigate to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
    Right click on the CLSID of the provider, select New ->
    DWORD (32-bit) Value, then enter the value name to
    Disabled, after that modify the value data to 1.
    The provider will be disabled on the next session which is created during log off, switch user, or reboot.
    Note: Credential providers are all defined in the following registry key with related CLSID:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    I found the solution:
    https://addons.mozilla.org/en-US/firefox/addon/click-to-play-per-element/
    Still so stupid of Firefox/Mozilla to go this direction in the first place.... starting to actually hate Firefox more and more with each release. Less and less reminiscent of the actual ideas behind Phoenix/Firebird when it first started.

  • 802.1x Credential Provider

    I have a custom Credential Providers for Windows 7 and I'm trying to implement support for a wired 802.1x enabled network.
    Since my Credentail Provider is used in a Windows domain network, I have to perform a network authentication (using the users credential) before the user can logon to the domain.
    Is there a way to perform (Win32 API or equivalent) a network authentication using the native Windows 802.1x supplicant, or is the only option to build my own supplicant using the EAPHost framework.
    Any help is much appreciated!
    Regards
    Magnus

    No, no special network code. I just want to establish a network connection for Windows to auth the user.
    In the GetSerialization function, I serialize the user credentials and returns the resulting blob to Windows. Windows then authenticates the user and, if successful, the user is logged on. With an 802.1x enabled network, Windows cannot connect to the AD,
    and as a consequence the user is not logged in. If I disable 802.1x on the switch, everything works as expected.
    If the user is already logged in, I can force a re-auth by using netsh lan reconnect. In this scenario, our Provider is loaded, the user can select the smart card and enter the PIN. Our CSP is then used to access the smart card and eventually, the user is
    auth by the switch. To be able to perform such an authentication, I only started the “Wired AutoConfig” service and made some configuration.
    I’m a bit puzzled by the fact that I have to take in to account that the computer is connected to an 802.1x network at all. Windows should be able to resolve this issue by using the credentials I’m supplying via the GetSerialization function. I really hope
    that I have misunderstood how this works in Windows, I rather use Windows built-in supplicant then writing my own.
    If you have any pointers to any Win32 API and/or configuration etc. that resolves the situation described above, it would be much appreciated.
    Is it possible to configure Windows to first use the machine account and then at a later stage (when the user is logged on) force a re-auth using the users credential?
    Regards
    Magnus

  • Force Active Directory Users to Log Into a Shared Local Profile.

    I've searched long and hard for an answer to this but I've found very little info on it so I'm starting to wonder if it's at all possible.
    On some of our "Presenter PC's" at work it has been deemed that the creation of a new account from the Default profile takes too long when logging into Active Directory and slows presenting down too much. Our Default profile is probably around 120Mb due to
    the contents of the image after deployment and how every application is tailored for use hence the AppData folder takes the bulk of the size up and it's not an option to remove it.
    These PC's are (for now at least but hopefully not for much longer) locked down by Deep Freeze which resets all changes to all files when the PC is rebooted so a shared profile is not a problem at this point in time.
    What I want to know is whether there is ANY way to make it so that a user authenticating to Active Directory can ALWAYS be forced into a pre-configured, local profile running on Win 7 32/64 Pro?
    I've been looking at credential providers and replacing USERINIT.exe. I'm just not 100% sure which part of the process actually tells the PC which profile to use. I know that the registry is checked for the user GUID and if not present creates a new entry and
    copies the Default profile but I don't know quite where this is called and how to modify it.
    My programming knowledge limited to a bit of CMD and AutoIt but I do know a few coders so if we really have to get our hands dirty on this it isn't the end of the world.
    I should also add I've recently been toying with taking the AppData folder outside of the Default profile and creating a SymLink to it but upon copying the Default profile to a new profile (much quicker and more acceptable) the SymLink is lost and replaced
    with a relatively empty set of folders which can't be deleted and replaced with a SymLink because the LSASS.exe process is using it and obviously you can't stop that process...
    Making the PC log into a local profile on startup is also not an option because a user MUST log into AD to not be in breach of our AUP and all network drives must be availalbe (mapped by GPo and login script).
    Any help is more than welcome at this point in time as I've pretty much exhausted all avenues that I know of and have turned to you helpful folk.  Cheers

    Hi,
    For mandatory profile, I suggest you refer to the following articles:
    Customize the default local user profile when preparing an image of Windows
    http://support.microsoft.com/kb/973289
    mandatory profiles
    http://social.technet.microsoft.com/Forums/en/w7itproinstall/thread/d2406a55-e053-45c5-b064-bf009c4bfafc
    Hope this helps.
    Vincent Wang
    TechNet Community Support

  • X230 Win 8.1 Pro Fingerprint single swipe power on and login black screen

    When i try to log on using the single swipe power on and login feature sometimes the screen will go to the login screen, the finger print scanner will flash, and then i get a black screen. I can see the mouse cursor, but nothing else. If I swipe my finger again, I will see the login screen again briefly, before it returns to a blank screen again. There is no way to get past this, aside from forcing the machine to power down (Hold down power key for 10 seconds).
    Does anyone have a solution for this. Powering on the device and logging in with a single swipe is a really great feature, but I need it to not brick logging in.
    Thanks for any help or advice.
    -If this post was helpful maybe consider giving me a kudos for it.
    Thinkpad x230 -i5, 16gb RAM, 240gb SSD, 500gb 7.2k hdd, win 8.1 pro
    Thinkpad x220t - multi-touch, i7, 16gb RAM, 80gb SSD, 320gb 7.2k hdd, win 7 pro 64

    I apologize I didn't already provide these answers initially.
    Questions:1.  Does this happen 100% of the time, or is it intermittent?
    I have only noticed this intermittently.
    2.  Does it happen starting from full shutdown (press and hold SHIFT key while you shutdown the computer normally, then swipe to power on and log in).
    I have only had this problem when resuming from a state of hibernation.
    3.  Does it happen starting from sleep (swipe to resume the system from sleep and log in)
    I rarely sleep the system, but I recall it hanging once or twice when coming back from sleep as well.
    4.  Can you check "View all problem reports" screen in Action Center to see if any crash happens at the same time the problem occurs?
    the only problem reports that corresponds with the times this has happened today refer to an problem with the Anti malware Service Executable with the summary being MpTelemetry.
    5.  Can you export registry at these locations:
        a.  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters]
        b.  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers]
    I have this, but unfortunately do not see how I can attach it this post.
    Edit: Here is a link to download it directly. Once you respond I'll disable this.
    Link removed
    It should also be noted that I do not have a problem when single swipe is disabled. (So I need to swipe twice. One to power on, and the other to log in.)
    -If this post was helpful maybe consider giving me a kudos for it.
    Thinkpad x230 -i5, 16gb RAM, 240gb SSD, 500gb 7.2k hdd, win 8.1 pro
    Thinkpad x220t - multi-touch, i7, 16gb RAM, 80gb SSD, 320gb 7.2k hdd, win 7 pro 64

  • 802.1X cannot change expired password at login

    Hi all,
    I'm trying to roll out 802.1X authentication for wifi access at my company, however there's one major problem I can't for the life of me figure out. I'm not able to get the Macs to prompt for a password change when the password has expired at login.
    On Windows when you log in it will prompt you to change your password when it's expired. However on OSX when you're on the workstation login screen, you can see the wireless icon briefly connect, then it will think for a bit and the user cannot log in at all.
    OSX can definitely can change expired passwords via 802.1X, as if I log into a local account and connect to the wifi with the user whose password has expired, it will prompt to change it, and changes it successfully.
    I'm using NPS for RADIUS authentication against AD, and using Profile Manager in OSX Server to create the 802.1X profile.
    Does anyone have any experience with OSX and using WPA Enterprise/802.1X Profiles?
    Thanks!

    Hi,
    Can you post a screenshot for this situation?
    Sometimes, the third party credential provider would lead to some issue like this, I suggest you check the
     current credential provider via the following path:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\x\LastLoggedOnProvider
    You should compare the result with the values in the following path:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\credential providers
    If the current value is third party credential provider, try to disable it:
    To disable the provider add a REG_DWORD value "Disabled"=1 to that provider’s CLSID subkey.
    The provider will be disabled on the next session creation (sessions are created when you log off, switch users, or reboot.
    If you have any feedback on our support, please click
    here
    Alex Zhao
    TechNet Community Support

  • Novell login not available with remote desktop on windows 7

    Installed Novell Client 2 SP3 for Windows Server 2012 on my terminal server. When I log in from Windows XP to that terminal server I am getting an option to login with Novell Client. On Windows 7 however I only can logon to the server. What am I missing here?

    djaquays <[email protected]> wrote:
    > Mostly, that MS RDP for Mac ignores the authentication level:i:0 option
    > in an RDP file and there's no GUI equivalent to force legacy
    > authentication.
    Microsoft's Network Level Authentication (NLA) feature is supported in
    Windows Server 2008 and later terminal servers, and supported by
    Remote Desktop Connection (MSTSC) 6.x and later terminal clients.
    Windows XP did not ship with a MSTSC 6.x terminal client, but it is
    available optionally through Windows Update.
    The NLA authentication is essentially requiring that valid Windows
    user account credentials for the Windows Server machine must be
    provided /before/ the RDP-level terminal session connection is even
    attempted or permitted. If the Windows user credentials you're logged
    in with on the client workstation do not already satisfy this
    requirement, the NLA-aware MSTSC clients will prompt you for valid NLA
    credentials before even attempting to open the terminal session.
    In other words, NLA doesn't directly have anything to do with whom you
    will become authenticated as within the terminal session, or whether
    you'll reconnect to some other already-running terminal session; it's
    a new default mechanism which requires Windows credentials for
    authorizing you to create an RDP connection to the Windows Server
    machine "at all."
    Unfortunately Windows Server 2008 and later don't permit you to turn
    NLA completely off. You can configure the Windows Server to always
    require NLA, which means pre-MSTSC 6.x terminal clients will be unable
    to connect. Or you can configure the Windows Server to "not require
    NLA" ("Allow connections from computers running any version or Remote
    Desktop"), but this still means Windows Server will use NLA if the
    workstation's MSTSC client supports NLA.
    The only option which has been available to "disable NLA" even when a
    Windows Server 2008 or later terminal server and a MSTSC 6.x or later
    terminal client are involved is to configure the
    "enablecredsspsupport:i:0" setting in the MSTSC client's .RDP file
    (e.g. default.rdp in the My Documents folder), in addition to
    configuring the terminal server to "not require NLA."
    Once you have "Allow connections from computers running any version or
    Remote Desktop" set on the Windows Server, and
    "enablecredsspsupport:i:0" set in the MSTSC client, now you're back to
    the Windows XP & Windows Server 2003 behavior where an RDP terminal
    connection can be established without first having to supply NLA
    credentials, and the first thing the MSTSC client user will experience
    is the full normal credential provider-based login experience just
    like you see at the physical console of the terminal server.
    Note that if you do leave NLA enabled and supply NLA credentials
    during the MSTSC connection attempt, after successfully using those
    credentials to authorize creation of the RDP connection, the MSTSC
    client will /also/ default to using the NLA credentials as default
    credentials to attempt logging on with within the terminal session
    itself. In other words, if you successfully supply NLA credentials,
    by default you also become logged in on the terminal session and go
    straight to the desktop of the Windows user account specified in the
    NLA credentials. So even though "NLA credentials" and "whom I will
    logon as within the terminal session" are two separate things, by
    default the MSTSC client tries to use the same credentials for both.
    But it's not that the NLA credentials "must" be used for logging in on
    the terminal session; that's simply the default behavior. If you
    leave NLA enabled on the Server 2008 or later terminal server, after
    NLA credentials are successfully used to authorize creation of an RDP
    connection, if you wanted to instead be prompted within the terminal
    session with the normal credential provider login experience, enable
    the "Always prompt for password" on the Windows Server 2008 or later
    terminal server.
    (On the Server 2008 or later machine, under "Administrative Tools"
    find the "Remote Desktop Services" group and launch the "Remote
    Desktop Session Host Configuration" console. Highlight/select the
    "RDP-Tcp" connection, right-click and select "Properties". On the "Log
    On Settings" tab elect "Always prompt for password".)
    That sounds like probably the scenario which fits best for the "I have
    a Macintosh-based client which doesn't allow enablecredsspsupport:i:0
    / authentication level:i:0." You would leave NLA enabled on the
    Server 2012 machine, but enable "Always prompt for password" in the
    RPC-Tcp connection properties on the Server 2012 machine. Such that
    after NLA authentication was performed and Windows allowed creation of
    the terminal session, instead of immediately also attempting to login
    within the terminal session as the Windows account specified in the
    NLA credentials, Windows will instead present the normal interactive
    credential provider login experience to allow the user to specify whom
    they want to login as.
    Finally, note that everything described above applies even to a
    Windows Server and Windows client workstation that do /not/ have the
    Novell Client for Windows installed. The same mechanisms remain in
    effect even once the Novell Client is installed; the presence of the
    Novell Client just changes what credential providers would be used or
    presented within the terminal session once the terminal session was
    allowed to be created. The fact that NLA is required by default and
    requires valid Windows credentials in order to authorize an RDP
    connection is still the same, regardless of whether the Novell Client
    is present or not.
    Alan Adams
    Novell Client CPR Group
    [email protected]
    Novell
    Making IT Work As One
    www.novell.com
    Upgrade to OES Community
    http://www.novell.com/communities/co.../upgradetooes/

  • User cannot change expired password at logon

    Hi
    I've got 4 Fujitsu laptop with Windows 7 business SP1 x64 (Fujitsu setup). When the domain password expired, users cannot change their password at logon. Also, they can change password in their opened session before it expire (CTRL+ALT+DEL ==>
    change password).
    The change password at logon windows is buggy : It only display one field to put password in, the confirmation field does not display.
    When user valid is change, Windows display error "wrong username or password ". Only way to unlock this situation is to reset user password in ADUC and never let expire.
    I seen no sofware or driver wich could interfe.
    Domain controler (only one) is Windows server 2012 standard.
    Has somebody ever seen this type of problem ?

    Hi,
    Can you post a screenshot for this situation?
    Sometimes, the third party credential provider would lead to some issue like this, I suggest you check the
     current credential provider via the following path:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\x\LastLoggedOnProvider
    You should compare the result with the values in the following path:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\credential providers
    If the current value is third party credential provider, try to disable it:
    To disable the provider add a REG_DWORD value "Disabled"=1 to that provider’s CLSID subkey.
    The provider will be disabled on the next session creation (sessions are created when you log off, switch users, or reboot.
    If you have any feedback on our support, please click
    here
    Alex Zhao
    TechNet Community Support

  • X61 power user cannot change display DPI

    Hi,
    I have one X61 (7673-CH4) XP Pro and login a Power User, I want to change the DPI setting in display advanced setting properties,
    but this X61 notebook always prompt a dialog box "Windows Setup has not changed the requested setting, You may not have the required Administrator privilege to install or uninstall new files or drivers. please contact your Administrator".
    1. because this X61 is a domain computer, can not provide user in administrator rights, 
    2. I try updated last display driver (v6.14.10.4926)
    3. I try other general desktop PC login Power user can change about DPI setting no need administrator rights.
    Please give me advise solution allow user can change DPI
    Many thanks
    Filex

    Hi,
    Can you post a screenshot for this situation?
    Sometimes, the third party credential provider would lead to some issue like this, I suggest you check the
     current credential provider via the following path:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\x\LastLoggedOnProvider
    You should compare the result with the values in the following path:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\credential providers
    If the current value is third party credential provider, try to disable it:
    To disable the provider add a REG_DWORD value "Disabled"=1 to that provider’s CLSID subkey.
    The provider will be disabled on the next session creation (sessions are created when you log off, switch users, or reboot.
    If you have any feedback on our support, please click
    here
    Alex Zhao
    TechNet Community Support

  • How to configure Remote desktop connection double sign-on?

    All dear,
    I need help. I install a terminal server 2012, but when I try to remote login, only once sign on. How can I to configure the server to double sign-on.
    Thanks

    If I understand you right you have custom credential provider on the server. In this case Microsoft says that it is impossible to overcome double sign-on, just search for the "RDC and Custom Credential Providers" on the Internet.

  • URGENT ::: How to add UserName Token to SOAP Message Header.

    Hi,
    I created a webservice client using CLIENTGEN utility of weblogic from the WSDL file. When I am trying to call a webservice which is hosted on TOMCAT server, I am getting the following exception::
    5/12/2008 06:09:02 com.sun.xml.wss.impl.filter.DumpFilter process
    INFO: ==== Sending Message Start ====
    <?xml version="1.0" encoding="UTF-8"?>
    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-
    instance" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://settlementService.au.db.com/types">
    <env:Body>
    <env:Fault>
    <faultcode xmlns:ans1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ans1:FailedAuthentication</faultcode>
    <faultstring>Message does not conform to configured policy [ AuthenticationTokenPolicy  ]: No Security Header found</faultstring>
    </env:Fault>
    </env:Body>
    </env:Envelope>
    ==== Sending Message End ====
    The webservice ic configured as secured webservice, there is some certificate file which was provided to me from client. Useing java KEYTOOL command I have created the keystore from that certificate and configure it in the weblogic server console.
    Issue is the SOAP message header is blank I need to add the USERNAME TOken profile to this header, in order to access this webservice. The current CLIENT code snippet is shown below:
              try{
                   String WSDLUrl = "https://shappzu2.au.db.com:8297/settlementService-ws/settlementService?WSDL";
                   String wsUserName = "tracer-us";
                   String wsPassword = "R0na!do#11";
                   InputStream[] policies = new InputStream[]{Client.class.getResourceAsStream("/wl-unt-policy.xml")};
                   SettlementService_Impl settlementServiceObj = new SettlementService_Impl(WSDLUrl);
                   SettlementServiceFacade port = settlementServiceObj.getSettlementServiceFacadePort(policies, policies);               
                   List credProviders = new ArrayList();
                   CredentialProvider cp = new ClientUNTCredentialProvider(wsUserName.getBytes(), wsPassword.getBytes());
              credProviders.add(cp);
              Stub stub = (Stub)port;
              // Set stub property to point to list of credential providers
              stub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
                   if(sharesXMLString != null && sharesXMLString.length() > 0) {
                        port.loadEquityTrade(sharesXMLString);
              }catch(Exception e){
                   //throw new SystemException(e.getMessage());
                   e.printStackTrace();
    Can any one help me in this?

    1) Use something like TCPmon https://tcpmon.dev.java.net/ or verbose logging to see the actual message content on the wire that the client is sending
    2) Inside the WLS samples there is a UNT sample in the INSTALL_DIR/wlserver_10.0(or equivalent)/samples/server/examples/src/examples/webservices/security_jws
    If that works correctly and puts the UNT in the header, then I would compare that code with yours.

  • Implementation of ws-secureconversation in webservice

    I have to implement a message level secured webservice which wud cater to client on .NET. We have weblogic 10.3.6. Through the tutorials i have configured my server with "weblogic.wsee.security.wssc.v13.sct.ServerSCCredentialProvider" , "weblogic.wsee.security.wssc.v13.dk.DKCredentialProvider", weblogic.xml.crypto.wss.UNTCredentialProvider", and "weblogic.wsee.security.bst.ServerBSTCredentialProvider" credential providers and used policy as policy:Wssp1.2-Wssc1.3-Bootstrap-Wss1.1.xml in the webservice.
    While invoking the service froma stand-alone client , I get an exception "<WSEE:15>Context token does not have a shared secret that is required for deriving secret keys<DKTokenBase.getSecretKey:240>".
    Following a code snippet from the client code:-
    CredentialProvider cp = new ClientBSTCredentialProvider( "plcom.jks", "1234", "com", "1234", "JKS");
    credProviders.add(cp);
    stub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
    stub._setProperty(StubPropertyBSTCredProv.SERVER_ENCRYPT_CERT, CertUtils.getCertificate(serverCertFile )); //serverCert));
    stub._setProperty(WlMessageContext.SCT_LIFETIME_PROPERTY, new Long( 2 * 60 * 60 * 1000L));
    stub._setProperty(WSSecurityContext.TRUST_MANAGER,
    new TrustManager()
    public boolean certificateCallback(X509Certificate[] chain, int validateErr)
    { return true; }
    Please guide me how to add the shared key to the context in otrder to successfully invoke the service.

    are u using any tool to generate ur java files from wsdl...??

  • Set username/password using in Java client proxy for a JAX-WS webservice

    Hi, i am invoking one deployed EBS webservice , while trying to run that client program me
    i am getting error WSSE security, where can i set Uname pwd , through java program me
    ++Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Missing <wsse:Security> in SOAP Header
    Thanks Regards
    Raj
    Edited by: 952094 on Jan 23, 2013 1:42 PM

    import java.util.ArrayList;
    import java.util.List;
    import java.util.Map;
    import javax.xml.ws.BindingProvider;
    import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
    import weblogic.xml.crypto.wss.WSSecurityContext;
    import weblogic.xml.crypto.wss.provider.CredentialProvider;
    you can add username for weblogic client using
    // Create list of credential providers
    List credProviders = new ArrayList();
    // Create user name token provider
    ClientUNTCredentialProvider unt = new ClientUNTCredentialProvider("weblogic", "weblogic");
    credProviders.add(unt);
    credProviders.add(cp);
    // Finally add the credential providers to the request context
    Map<string, object=""> requestContext = ((BindingProvider)brokerService).getRequestContext();
    requestContext.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);

  • OC4J client with WCF Web Service using Mutual Certificates

    I'm trying to generate client stubs for a WCF web service.
    I tried using docs here:
    http://docs.oracle.com/cd/B10464_05/web.904/b10447/tools.htm
    # OC4J 9.0.4
    Java sdk 1.4.2_03
    cd \dev\oc4j-9.0.4\webservices\lib
    - config.xml
    <?xml version="1.0"?>
    <web-service>
    <proxy-gen>
    <proxy-dir>output/clientclass/examples/webservices/simple_client</proxy-dir>
    <option name="include-source">true</option>
    <option name="wsdl-location">
    http://xxx.xxxxx.xxx:9000/WCFTestService/Service.svc?wsdl</option>
    </proxy-gen>
    </web-service>
    java -jar WebServicesAssembler.jar -debug
    - ends with NullPointerException:
    <output>
         Please wait ...
         ..parsing top level elements
         ..generating client side proxy for wsdl :
                        http://xxx.xxxxx.xxx:9000/WCFTestService/Service.svc?wsdl
         ....compiling client side proxy for package :proxy
         Exception in thread "main" java.lang.NullPointerException
                             at oracle.j2ee.ws.tools.WsAssmProxyGenerator.doCompile(WsAssmProxyGenerator.java:284)
                             at oracle.j2ee.ws.tools.WsAssmProxyGenerator.processProxy(WsAssmProxyGenerator.java:135)
                             at oracle.j2ee.ws.tools.WsAssmProxyGenerator.clientGenerate(WsAssmProxyGenerator.java:112)
                             at oracle.j2ee.ws.tools.WsAssembler.assemble(WsAssembler.java:96)
                             at oracle.j2ee.ws.tools.WsAssembler.main(WsAssembler.java:54)
    </output>
    - Then tried using Sun jdk to gen proxy:
    # Just SDK
    Java sdk 1.6.0_25
    wsimport -keep -extension -d output -s src -p examples.webservices http://xxx.xxxxx.xxx:9000/WCFTestService/Service.svc?wsdl
    <ListOfGeneratedJavaFiles>
    CompositeType.java
    GetData.java
    GetDataResponse.java
    GetDataUsingDataContract.java
    GetDataUsingDataContractResponse.java
    IService.java
    ObjectFactory.java
    package-info.java
    Service.java
    </ListOfGeneratedJavaFiles>
    - creates the service and port, but where is the stub?
    in my code I use the stub to set the certificate auth
         <codeSnip>
         // get the ws stub
         IService_Stub serviceStub = (IService_Stub)iSampleService;
         // add the credential providers to the ws stub
         serviceStub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST,
                                                      credProviders);
         </codeSnip>
    # WebLogic 10.3.5
    I'm happy to say that everything seems to work well under WebLogic 10.3.5.
    I used weblogic.wsee.tools.anttasks.ClientGenTask with ant
    to generate the proxy files.
    <ListOfGeneratedJavaFiles>
    IService.java
    IService_Stub.java
    Service.java
    Service_Impl.java
    </ListOfGeneratedJavaFiles>
    I understand how to use these files and everything works.
    But we need this to work in the OC4J orion server before we are ready to upgrade to WebLogic.
    I have also tried OC4J 10.1.2.0.2 - same a OC4j 9.0.4 - null pointer.
    I also tried Metro, but it uses wsimport, so also does not have a stub.
    I'm out of ideas. Any pointers or advice are greatly appreciated.
    Thank you.

    My guess would be that the server's certificate isn't in your client's trust-store (which defaults to "cacerts"). Chances are your senior architect has already imported the server-cert on his machine and forgotten he did so.
    Grant

  • Using NetBeans Java ME Designer for List

    I'm using the Java ME screen Designer in NetBeans. I'd like to create a simple list from which users can select one option. I know how to write code to do it, but how do I do it through the screen designer?

    import java.util.ArrayList;
    import java.util.List;
    import java.util.Map;
    import javax.xml.ws.BindingProvider;
    import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
    import weblogic.xml.crypto.wss.WSSecurityContext;
    import weblogic.xml.crypto.wss.provider.CredentialProvider;
    you can add username for weblogic client using
    // Create list of credential providers
    List credProviders = new ArrayList();
    // Create user name token provider
    ClientUNTCredentialProvider unt = new ClientUNTCredentialProvider("weblogic", "weblogic");
    credProviders.add(unt);
    credProviders.add(cp);
    // Finally add the credential providers to the request context
    Map<string, object=""> requestContext = ((BindingProvider)brokerService).getRequestContext();
    requestContext.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);

Maybe you are looking for

  • Printing Duplex Pages, Single Page, Hidden Page Question

    I have an 8 page form where there are several forms in the following format Page 1 - Single Sided Page 2 and 3 - Double Sided Page 4 - Single Sided Page 5 and 6 - Souble Sided Page 7 and 8 - Double Sided What I would like to do is have those blank pa

  • Generate a .doc with Bps

    Hi all experts, I have no much idea about Bps, but in my company we have this problem and we would like to solve it: - We would like to present via Bps a web based form to insert data in a textarea and when the user clicks "submit" button, we would l

  • IPhone standard weather app is not accessin local weather

    It seems that local weather is now not updating in the standard iPhone weather app, seemed to have started with this issue today & coincidently yahoo Australia has updated its web page so when I click on the yahoo app with in the weather app it takes

  • Question pertaining to firewire 400 vs. 800

    I am currently in the process of learning the Mac world. I have been using my wife's iBook for sometime and am waiting for things to work out for a new MacBook. So as I embark on my switch over from the Dark-side to Mac I was wondering, if firewire 8

  • .dbc file during mapping instances

    Where can we get the .dbc files during mapping instances setup. We tried getting it from OAM.