JNLP & User Authentication (Application Portal Dilemma)

There is an interesting article on JavaWorld under the Applied Java Topic about distributed applications and Java Web Start. Recently I have also become a big fan of rapid thick-client deployment using the JNLP framework. However, I (and many others I suspect) have come across a road-block implicit to distributed application (non-applet) development. There is no ability to preserve a session.
Now in Jonathan Simon's article, in presents the case for "Application Portals" in which one could easily set up an authentication servlet and during run-time construct a list of verified applications. This implementation seems straightforward and but I am confused on one simple point for which I am in "dying-need" of clarity. The JNLP simply provides a link and protocol to deploy and update the client-side application. Upon initial execution or launching, the "link" is unknown making this solution great. However, once launched the link can be determined and the application can be executed without the use of the authentication portal (or if an off-line implementation is also deployed - launched locally).
Is there a current design pattern to circumvent this limitation? How can I pass session information or even arguments to the client-application when launched? What happens when the application is launched via the desktop integrated icon? At first glance, I would expect the solution to be to invoke a WebService from the application upon execution of main. This service would then authenticate, but still would require its own interface for data (user/pass) capturing - thereby nullifying the entire point of setting up an authenticating application portal.
Any suggestions or clarity would be well received

I'm not sure if this will help you guys or not, but there is a guide for deploying JNLP applications from a servlet here: http://java.sun.com/j2se/1.5.0/docs/guide/javaws/developersguide/downloadservletguide.html
Perhaps you can use this to dynamically specify the JNLP file. If a user accesses the server from the plain URL the servlet assigns a new session id, and places this in the codebase or href of the JNLP file it sends to the user. Later when the user runs the JNLP application from app manager, or an icon, the servlet will see the decorated codebase/href and act accordingly.
Anyway, like I said, I'm not sure if this is exactly what you are looking for, but I think it has been used in the past for session maintenance.
As to why JNLP doesn't support portal tech... these two technologies were invented at the same time. Initially they were somewhat competing ideas.
For the future it might be possible to make JNLP more portal friendly, but in that case, Sun needs to have a better idea from the users what is needed. Simply saying, "make it better" is just to vague. Be specific, and who knows what good ideas might be picked up. (Another possibility is to contribute your own ideas for improvement through http://www.java.net/).
Mike.

Similar Messages

  • How to display active directory users through weblogic portal Application?

    Hi,
    Does anyone has faced this situation?
    I configured the activedirectory and able to see the users and group in the weblogic console at Security->Realms->Myrealm->users. when I run my portal application,I am able to see only the users that are configured in embedded weblogic LDAP ie, I can see only the users weblogic,portaladmin and yahooadmin that are of defaultauthenticator provider.I need to display the active directory users also in our portal.
    I have two doubts on this?
    1)Is it I need to write custom code to view the active directory users in our portal?
    2)Does I need to use any jars that supports active directory authenticator?
    I would appreciate if any one can reply on this with helpfull docs/information.
    We are using BEA 8.1 SP4.
    Windows 2000.
    Surendra

    Hi,
    I too have a similar kind of requirement, i use a jsp to do this activity, but i get an exception, i have shown the entire jsp code below,
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <%@ page import="java.util.Set" %>
    <%@ page import="javax.naming.Context" %>
    <%@ page import="weblogic.jndi.Environment" %>
    <%@ page import="weblogic.management.MBeanHome" %>
    <%@ page import="weblogic.management.configuration.DomainMBean" %>
    <%@ page import="weblogic.management.configuration.SecurityConfigurationMBean" %>
    <%@ page import="weblogic.management.security.RealmMBean" %>
    <%@ page import="weblogic.management.security.authentication.AuthenticationProviderMBean" %>
    <%@ page import="weblogic.management.security.authentication.UserPasswordEditorMBean" %>
    <%@ page import="weblogic.security.providers.authentication.LDAPAuthenticatorMBean" %>
    <%@ page import="weblogic.management.configuration.EmbeddedLDAPMBean" %>
    <%@ page import="weblogic.management.security.authentication.UserEditorMBean" %>
    <%@ page import="weblogic.management.security.authentication.UserReaderMBean" %>
    <%@ page import="weblogic.management.security.authentication.GroupReaderMBean" %>
    <%@ page import="weblogic.management.utils.ListerMBean" %>
    <%@ page import="javax.management.MBeanException" %>
    <%@ page import="javax.management.modelmbean.RequiredModelMBean" %>
    <%@ page import="examples.security.providers.authentication.manageable.*" %>
    <%@ page import="weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBean" %>
    <%@ page import="weblogic.management.utils.InvalidParameterException" %>
    <%@ page import="weblogic.management.utils.NotFoundException" %>
    <%@ page import="weblogic.security.SimpleCallbackHandler" %>
    <%@ page import="weblogic.servlet.security.ServletAuthentication"%>
    <%!
    private String makeErrorURL(HttpServletResponse response,
    String message)
    return response.encodeRedirectURL("welcome.jsp?errormsg=" + message);
    %>
    <html>
    <head>
    <title>Password Changed</title>
    </head>
    <body>
    <h1>Password Changed</h1>
    <%
    // Note that even though we are running as a privileged user,
    // response.getRemoteUser() still returns the user who authenticated.
    // weblogic.security.Security.getCurrentUser() will return the
    // run-as user.
    System.out.println("------------------------------------------------------------------");
    String username = request.getRemoteUser();
    System.out.println("User name -->"+username);
    // Get the arguments
    String currentpassword = request.getParameter("currentpassword");
    System.out.println("Current password -->"+currentpassword);
    String newpassword = request.getParameter("newpassword");
    System.out.println("New password -->"+newpassword);
    String confirmpassword = request.getParameter("confirmpassword");
    System.out.println("Confirm password -->"+confirmpassword);
    // Validate the arguments
    if (currentpassword == null || currentpassword.length() == 0 ||
    newpassword == null || newpassword.length() == 0 ||
    confirmpassword == null || confirmpassword.length() == 0) { 
    response.sendRedirect(makeErrorURL(response, "Password must not be null."));
    return;
    if (!newpassword.equals(confirmpassword)) {
    response.sendRedirect(makeErrorURL(response, "New passwords did not match."));
    return;
    if (username == null || username.length() == 0) {
    response.sendRedirect(makeErrorURL(response, "Username must not be null."));
    return;
    // First get the MBeanHome
    String url = request.getScheme() + "://" +
    request.getServerName() + ":" +
    request.getServerPort();
    System.out.println("URL -->"+url);
    Environment env = new Environment();
    env.setProviderUrl(url);
    Context ctx = env.getInitialContext();
    MBeanHome mbeanHome = (MBeanHome) ctx.lookup(MBeanHome.LOCAL_JNDI_NAME);
    System.out.println("MBean home obtained....");
    DomainMBean domain = mbeanHome.getActiveDomain();
    SecurityConfigurationMBean secConf = domain.getSecurityConfiguration();
    // Sar
    EmbeddedLDAPMBean eldapBean = domain.getEmbeddedLDAP();
    System.out.println("Embedded LDAP Bean obtained...."+eldapBean );
    RealmMBean realm = secConf.findDefaultRealm();
    System.out.println("RealmMBean obtained....");
    AuthenticationProviderMBean authenticators[] = realm.getAuthenticationProviders();
    System.out.println("AuthProvMBean obtained....");
    // Now get the UserPasswordEditorMBean
    // This code will work with any configuration that has a
    // UserPasswordEditorMBean.
    // The default authenticator implements these interfaces
    // but other providers could work as well.
    // We try each one looking for the provider that knows about
    // this user.
    boolean changed=false;
    UserPasswordEditorMBean passwordEditorMBean = null;
    System.out.println("UserPwdEdtMBean obtained....");
    //System.out.println("Creating MSAI....");
    //ManageableSampleAuthenticatorImpl msai =
    // new ManageableSampleAuthenticatorImpl(new RequiredModelMBean());
    //System.out.println("Done....");
    for (int i=0; i<authenticators.length; i++) {
    System.out.println("### Authenticator --->"+authenticators);
    if (authenticators[i] instanceof ActiveDirectoryAuthenticatorMBean)
    ActiveDirectoryAuthenticatorMBean adamb =
    (ActiveDirectoryAuthenticatorMBean)authenticators[i];
    System.out.println("### ActiveDirectoryAuthenticatorMBean .....");
    String listers = adamb.listUsers("*",0);
    while(adamb.haveCurrent(listers))
    System.out.println("### ActiveDirectoryAuthenticatorMBean user advancement.....");
    adamb.advance(listers);
    if (authenticators[i] instanceof UserPasswordEditorMBean) {
    passwordEditorMBean = (UserPasswordEditorMBean) authenticators[i];
    System.out.println("Auth match ...."+passwordEditorMBean);
    try {
    // Now we change the password
    // Sar comment
    System.out.println("Password changed....");
    //passwordEditorMBean.changeUserPassword(username,
    // currentpassword, newpassword);
    changed=true;
    // Sar Comment
    catch (InvalidParameterException e) {
    response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
    return;
    catch (NotFoundException e) {
    catch (Exception e) {
    response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
    return;
    // Sar code
    LDAPAuthenticatorMBean ldapBean = null;
    UserReaderMBean urMBean = null;
    UserEditorMBean ueMBean = null;
    GroupReaderMBean gMBean = null;
    //ListerMBean lBean = null;
    try
    if (authenticators[i] instanceof LDAPAuthenticatorMBean)
    ldapBean = (LDAPAuthenticatorMBean) authenticators[i];
    String userFilter = ldapBean.getAllUsersFilter();
    System.out.println("userFilter ="+userFilter);
    if (authenticators[i] instanceof UserEditorMBean)
    try
    System.out.println("UserEditorMBean...");
    ueMBean = (UserEditorMBean) authenticators[i];
    System.out.println("List users..."+ueMBean);
    boolean b = ueMBean.userExists("webuser");
    System.out.println("User Exists->>>"+b);
    String cursor = ueMBean.listUsers("webuser", 2);
    System.out.println("List User ----->"+cursor);
    catch(InvalidParameterException e)
    response.sendRedirect(makeErrorURL(response, "ERROR InvalidParameterException:" + e));
    catch(java.lang.reflect.UndeclaredThrowableException e)
    response.sendRedirect(makeErrorURL(response, "ERROR UndeclaredThrowableException :" + e));
    e.printStackTrace();
    catch(Exception e)
    response.sendRedirect(makeErrorURL(response, "ERROR LBean:" + e));
    catch(Exception ex)
    ex.printStackTrace();
    response.sendRedirect(makeErrorURL(response, "ERROR:" + ex));
    return;
    if (passwordEditorMBean == null) {
    response.sendRedirect(makeErrorURL(response, "Internal error: Can't get UserPasswordEditorMBean."));
    return;
    System.out.println("pwd changed ->"+changed);
    if (!changed) {
    // This happens when the current user is not known to any providers
    // that implement UserPasswordEditorMBean
    response.sendRedirect(makeErrorURL(response,
    "No password editors know about user " + username + "."));
    return;
    %>
    User <%= username %>'s password has been changed!
    <br>
    <br>
    </body>
    </html>
    Here is the console log
    User name -->webuser
    Current password -->i
    New password -->u
    Confirm password -->u
    URL -->http://localhost:7011
    MBean home obtained....
    Embedded LDAP Bean obtained....[Caching Stub]Proxy for mydomain:Name=mydomain,Type=EmbeddedLDAP
    RealmMBean obtained....
    AuthProvMBean obtained....
    UserPwdEdtMBean obtained....
    ### Authenticator --->Security:Name=myrealmDefaultAuthenticator
    Auth match ....Security:Name=myrealmDefaultAuthenticator
    Password changed....
    UserEditorMBean...
    List users...Security:Name=myrealmDefaultAuthenticator
    User Exists->>>true
    java.lang.reflect.UndeclaredThrowableException
    at $Proxy1.listUsers(Unknown Source)
    at jsp_servlet.__updatepassword._jspService(__updatepassword.java:411)
    at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
    at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.jav
    a:1006)
    at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
    at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:463)
    at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletC
    ontext.java:6718)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:37
    64)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    Caused by: javax.management.MBeanException
    at weblogic.management.commo.CommoModelMBean.invoke(CommoModelMBean.java:551)
    at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1560)
    at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1528)
    at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.j
    ava:988)
    at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:946)
    at weblogic.management.commo.CommoProxy.invoke(CommoProxy.java:365)
    ... 14 more
    ### Authenticator --->Security:Name=myrealmDefaultIdentityAsserter
    pwd changed ->true
    Can u pls let me know how to get all the entries from LDAP.
    Thanx
    Sar

  • Execute Webdynpro4Abap Application with same ERP-User for all portal-users?

    Hi,
    is it possible to let a Webdynpro4Abap application run with only one ERP-User for all portal-users? Therefore not needing an ERP-license for every portal-user?
    Somekind of mapping maybe?
    Regards
    Jan

    Jan,
    It is possible but it all depends on the type of application .If you want to show same data for all users you can use one user but if data is different for all users then you cannot go with this approach.
    to configure single backend user for your application go to tcode SICF and look for that application and go to logon data tab by double clicking and give one common user details
    Thanks
    Bala Duvvuri

  • Can we use AD authentication for SPoint users to access Portal behind OID?

    Hi,
    We have Oracle Portal with OID-AD sychronization set up, and are currently implementing SharePoint in our organization.
    We would like to provide links to a few pages on our Portal to some of the SharePoint users.
    The SharePoint users are authenticated by the Active Directory SSO and the Portal users are authenticated by our OID SSO setup.
    What we want to do is to let some SharePoint users access our Portal using their AD login. The SharePoint users should not have to login again to get to our Portal pages.
    Is there a way to let the AD authentication to pass through the OID setup so that SharePoint users can directly access our Portal?
    We don't have any external authentication plug-ins set up for our Portal.
    Currently we are on Portal version 9.0.4.1 but may be upgrading to version 10.1.4.2 in the near future.
    Any help would be greatly appreciated.
    Thanks.
    CV

    Hi,
    Thanks for the quick reply.
    But I have a different scenario.
    I want to establish it in such a way that certain users are stored in the LDAP and certain users are stored in the Portal Database.

  • Any pointers on implementing user authentication in Adobe AIR application ?

    Hello
    I am using an AIR 3.0 to create my client that connects to my server LCDS application that uses oracle XE database. I now need to implement the user authentication & access controls to GUI screens. Any pointers that show best practices in this regard or get me started...
    thanks
    RK

    You can use the mechanisms built into the AMF protocol, or manage the session manually by passing around an authentication token generated on the server.
    Here is some basic info on AMF sessions: http://livedocs.adobe.com/blazeds/1/blazeds_devguide/help.html?content=services_security_5 .html
    It's written for BlazeDS, but the principal is the same.

  • OFT- Recording Application which require User Authentication

    hi,
    I have recorded the application which requires user authentication and once the recording has been done i have logout from the application. and now if i playback the script ,then again it will playback from the login page.
    So according to my opinion,it should skip the login page at the time of playback the script. But it is not. So what would be the reason for that?

    Actually i have a confusion regarding this note given in the "OFTFunctionalTestingUserGuide pdf"
    "If you record a Visual Script with a login Web page (not a popup dialog box), which may not reappear when you revisit the site due a session cookie, Oracle Functional Testing for Web Applications recognizes the cookie and skips the login page during playback. Oracle Functional Testing for Web Applications logs a message indicating the
    login page was skipped and playback continues with the next page."
    If i m not wrong, when we record the process of visiting the pages on the site from login to log out from the site.
    and when we run the playback scirpt it should be not start from the login page as per the above mentioned note.
    Could u please help me to understand the fact given on the note.
    Thanks
    Mamta

  • User authentication Failed in XMII portal

    Hi,
    we are using XMII 12.0 version and deployed in SAP netweaver 2004s. We are frequently facing issue in XMII Menu page login and in SAP netweaver user management logins as "User authentication Failed". It is happening for all users suddenly. we are giving  username and password correctly but we faced the same problems. We tried with all users then also we cant able to find the probem. Every time we needs to restart the server then it works.
    What is the issue and how to resolve it?
    Regards,
    Senthil

    Hi Senthil,
    I would strongly recommend upgrading your installation.  You are on 12.0.2 and the current release is 10 service packs later.  You should upgrade to 12.0.12 before working on what is probably the original GA version from about 4 years ago.
    Regards,
    Mike

  • User Authentication in Web Dynpro Java

    Hi guys,
    I was just wondering how user authentication can be achieved in WDJ? In Web Dynpro ABAP this comes for free when you launch an application. However, in WDJ we can deploy and call the URL without any authentication at all. Is there a way to configure this or do we really have to code this? Thanks! Generous points will be awarded!

    Hi Alex,
    check this links,
    Re: User Authentication in Web Dynpro Application
    Authentication of Web Dynpro
    Using Web Dynpro authentication for a Web Service call
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/dd48d990-0201-0010-92a3-c3ed7e9fd244
    http://help.sap.com/saphelp_nw04s/helpdata/en/04/ee8b8b0d23b746854897adc5611c1d/frameset.htm
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/8304e990-0201-0010-ed8b-d978f1e67b1e
    Regards,
    vino

  • Problems with User profile Application not available

    Hi
    Have a 2 tier SP 2010, with SQL server and a single SharePoint2010 server. We have a problem with the User profile Application service.
    The main problem is that we cannot go to "Edit" under Manage User Profiles. If we want to edit a user, we just get an error:
    "Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException: No User Profile Application available to service the request. Contact your farm administrator."
    When rebooting the server, we get the following in event viewer: Warning: ASP.NET 2.0.50727.0
    Event code: 3005 
    Event message: An unhandled exception has occurred. 
    Event time: 2/5/2015 12:25:25 PM 
    Event time (UTC): 2/5/2015 11:25:25 AM 
    Event ID: 84d104331476453b88c60a37d7a0b8fe 
    Event sequence: 9 
    Event occurrence: 1 
    Event detail code: 0 
    Application information: 
        Application domain: /LM/W3SVC/1212406818/ROOT-1-130676090755160256 
        Trust level: WSS_Minimal 
        Application Virtual Path: / 
        Application Path: C:\inetpub\wwwroot\wss\VirtualDirectories\14877\ 
        Machine name: SPMACHINE 
    Process information: 
        Process ID: 4668 
        Process name: w3wp.exe 
        Account name: domain\spfarm 
    Exception information: 
        Exception type: UserProfileApplicationNotAvailableException 
        Exception message: No User Profile Application available to service the request. Contact your farm administrator. 
    Request information: 
        Request URL: http://sp2010:2010/_layouts/ProfMngr.aspx?ID=51982fe8-4886-4ebd-ad68-f5934656e54d&IsDlg=1 
        Request path: /_layouts/ProfMngr.aspx 
        User host address: ::1 
        User: domain\spfarm 
        Is authenticated: True 
        Authentication Type: NTLM 
        Thread account name: domain\spfarm
    Thread information: 
        Thread ID: 15 
        Thread account name: domain\spfarm 
        Is impersonating: False 
        Stack trace:    at Microsoft.SharePoint.Portal.UserProfiles.AdminUI.ProfileAdminPage.get_CurrentApplication()
       at Microsoft.SharePoint.Portal.UserProfiles.AdminUI.ProfileAdminPage.get_CurrentApplicationProxy()
       at Microsoft.SharePoint.Portal.WebControls.ProfileQueryUsers._FillSubtypeCollection()
       at Microsoft.SharePoint.Portal.WebControls.ProfileQueryUsers..ctor()
       at ASP._layouts_profmngr_aspx.__BuildControlProfileQuery()
       at ASP._layouts_profmngr_aspx.__BuildControl__control6(Control __ctrl)
       at ASP._admin_admin_master.__BuildControlPlaceHolderMain()
       at ASP._admin_admin_master.__BuildControl__control21()
       at ASP._admin_admin_master.__BuildControl__control2()
       at ASP._admin_admin_master.__BuildControlTree(_admin_admin_master __ctrl)
       at System.Web.UI.MasterPage.CreateMaster(TemplateControl owner, HttpContext context, VirtualPath masterPageFile, IDictionary contentTemplateCollection)
       at System.Web.UI.Page.get_Master()
       at System.Web.UI.Page.ApplyMasterPage()
       at System.Web.UI.Page.PerformPreInit()
       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

    Hi Thomas,
    Based on the error message, I recommend to verify the things below:
    Please make sure that User Profile Service is started in Central Administration.
    Please make sure Forefront Identity Manager Service and Forefront Identity Manager Synchronization Service are started in services.msc.
    Change the schedule for the "Timer Service Recycle" job to run during off peak hours, when a small amount of timer jobs are running.
    Check ULS log for more detailed error message.  For SharePoint 2010, by default, ULS log is at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS.
    Thanks,
    Victoria
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Victoria Xia
    TechNet Community Support

  • Function Module used for user Authentication in B2B webshop

    Hi Gurus,
    Can someone please help me in finding a Function module which is getting called for the user authentication in B2B webshop and where can i find this class file which is getting called in the NWDS?
    Thanks
    Saurabh

    Depending upon if you are coming from Portal (SSO) or B2B logon screen, one of the following function modules is called to authenticate authorize the B2B application usage.
    CRM_ISA_IUSER_LOGIN
    CRM_ISA_LOGIN_CHECKS
    Easwar Ram
    http://www.parxlns.com

  • Issue in Step 12-Maintain User Assignment in Portal (RSPOR_SETUP)

    Hi,
    I had issue with step 12--Maintain User Assignment in Portal when running prog RSPOR_SETUP [to setup BEx Web configuration] with error " System failure during call of function module RSWR_RFC_SERVICE_TEST".
    Note: BI certificate was already exported & imported to Portal.
    Evaluate Ticket Login Module is done with trustedsys, trustediss & trusteddn.
    Evaluate Assertion Ticket Login Module is done with trustedsys, trustediss & trusteddn.
    User-id: bex_admin with SAP_ALL in ABAP and mapping is done in Portal as per step 12 intruction.
    <b>Error in dev_jrfc.trc:</b>
    Exception thrown [Tue Jan 16 09:24:46,102]:Exception thrown by application running in JCo Server
    com.sap.engine.services.rfcengine.RFCException: Incoming call is not authorized
            at com.sap.engine.services.rfcengine.RFCDefaultRequestHandler.handleRequest(RFCDefaultRequestHandler.java:74)
    Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Authentication failed.
    Caused by: com.sap.security.core.server.jaas.DetailedLoginException: Authentication failed: Issuer of SAP Logon Ticket is not trusted. Authentication stack: evaluate_assertion_ticket
            at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:167)
    It looks like the issue with <b>evaluate_assertion_ticket</b> & somehow Portal is not trusted the BI certificate.  I tried SAP note 917950, 888687, 878455, 721815, etc. & many more but cannot resolved the issue.
    SAP system: NW04s with Java add-in in the same server.
    SP stack 9
    I appreciate if someone already resolved the same issue and share the solution. I already opened a ticket with SAP but they have no solution yet.
    Thanks.
    Mimosa

    Hi
    Try maintaining the following property values for the SAP BW System:
    Authentication Ticket Type = SAP Assertion Ticket
                      Logon Method = SAPLOGONTICKET
              User Mapping Type = admin,user
    Regards,
    Trikanth Basetty

  • Please guide me for user authentication and authorization in WebDynPro App

    Hi,
        I just study the WebDynPro to develop the SAP Portal. I've ever developed the Web-based App using J2EE. So when i developed the Web-based App i have to develop the control of the user authentication and authorization on each page for example ,checking the session of the user whether they can access this page or whether session is expired or not,. So i have no idea with the WebDynPro and the SAP Portal because i never had experience for both WebDynPro and Portal.
    I need to ask you some question to clarify my doubt :
    1. SAP Portal  is web page that include every enterprise application with in one page and user log-in to them just on time, isn't it?
    2. If i integrate WebDynPro with SAP Portal, which one will do the authentication and authorization?. I mean that, Do i have to develop the code to check authentication and authorization in the WebDynPro App or Let the SAP Portal manage them?
    3.Could you please suggest the best practice for authentication and authorization in webDynPro.
    Many Thanks
    Noppong J

    in most case you don't have to write code to deal with session, authentication and authorization.
    1. yes,
    2. no, no code needed. you just set an attribute to your application, which make the the authentication required. when user access this page, portal will display the logon page
    3 you can put some authorization related code in web dynpro for specific requirement, search this doc "Protecting Access to the Web Dynpro Car Rental Application Using UME Permissions"

  • User Authentication for subfolder not working in Web Browser

    We are using Oracle Application Server 10.1.2.3 and Database Server 10.2.0.5 for our application.
    One of the functionalities of the Application is to send emails with attachments.
    The logic is that the Application would generate the attachment file on the Application Server.
    Then a database package uses Oracle's utl_http package/procedures(more specifically utl_http.request_pieces where the single argument is a URL) to pick up the file from the Application Server via URL, attach the file and send the email.
    Exchange and Relay Server is also set in the Application.
    The problem is that the folder containing the folder which stores the attachments is having user authentication set.
    Example : The main folder is /apps/interface, this folder requires a valid user when it is accessed via URL on a web browser.
    Alias created in httpd.conf
    Alias /int-dir/ "/apps/interface/"
    The folder /apps/interface/email/ is the folder where the attachment files are generated and stored.
    Application Server : 10.12.213.21
    Database Server : 10.12.213.22
    Email Server : 10.12.213.44
    Configuration as per httpd.conf
    Alias /int-dir/ "/apps/interface/"
    <Location /int-dir/>
    AuthName "Interface folder"
    AuthType Basic
    AuthUserFile "/u01/app/oracle/as10g/oasmid/Apache/Apache/conf/.htpasswd"
    require user scott
    </Location>
    <Location /int-dir/email>
    Options Indexes Multiviews IncludesNoExec
         Order deny,allow
         Deny from all
         Allow from 10.12.213.21
         Allow from 10.12.213.22
         Allow from 10.12.213.44
    </Location>
    Using the above configuration the Application is able to attach the files and send the email, however, when we access the following URL :
    http://10.12.213.21:7778/int-dir/ - it prompts for user authentication
    However if we use the following URL :
    http://10.12.213.21:7778/int-dir/email/ - it does not prompt for user authentication, and all the files in the folder are displayed in the browser.
    I have tried so many things including AllowOverride, .htaccess, but i am not able to get user authentication for the email folder.
    Please help me if you can.
    Thanking you in advance,
    GLad to give any more information that i can.
    dxbrocky

    Thanks for your response.  I fixed the problem by selecting "full site" or "full website" at bottom of the web page.  After making this selection the zoom function returned.  Thanks again for your interest.

  • User Authentication failed

    Hi all,
    I like to share one of my peculiar issue with you and like to get a solution as well.
    I am trying to install a portal server with r3load based method. I did a java export of mssql Portal server and suceefully imported in the newly installed server.The server is up and running.I also completed the post installation activites like SLD ,SSO and Jco creation. I am not able to log in to the java page using administrator user and also other users..It keep on saying that user authentication is failed.
    But the beauty is that using the same adminsitrator user i am logging in the visaul administrator .
    I dont know where the problem and also i verified the log files under cluset/server nodes. There i found the log as  follows  --- > Connection is already closed and no longer associated with a managed connection,,
    I dont know where i am missing. Due to this I reinstalled the server and imported again..But the same problem is existing to me. Anyone have suggestion on this please do reply.
    Thanks and Regards
    Vijay

    Hi,
    Thnaks for reply. Its only a java system ,, So no activity needs to be done in SU01. I checked the table in database..the users are exisitng as well in the table.
    FYI: I am able to log in visaul admin but not in the java pages like
    http://<hostname>:port/
    http://<hostname>:port/irj
    Hope i explained  my problem it in right way
    Regards
    Vijay

  • Programmatically adding/deleting users to/from portal groups

    I am using the following PDK api, to delete an user from a portal group (otp_sales).
    I get the following error which doestn make sense. I tested the following api from a
    script shown below. In my application, this gets called from a trigger, and fails
    because it sees a ROLLBACK getting used in the API.
    <<<<<<<<<<<<< delete_from_group.sql >>>>>>>>>>>>>>>>>>>>>>
    DECLARE
    BEGIN
    moc.wwsec_api.delete_user_from_list (p_group_id
    =>MOC.wwsec_API.GROUP_ID('OTP_SALES')
    ,p_member_person_id =>73);
    END;
    <<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    SQL> @delete_from_group.sql
    Input truncated to 1 characters
    DECLARE
    ERROR at line 1:
    ORA-01086: savepoint 'DELETEUSERFROMLIST_SAVEPOINT' never established
    ORA-06512: at "MOC.WWSEC_API", line 2467
    ORA-06510: PL/SQL: unhandled user-defined exception
    ORA-06512: at "MOC.WWCTX_SSO", line 849
    ORA-06510: PL/SQL: unhandled user-defined exception
    ORA-06512: at "MOC.WWCTX_SSO", line 669
    ORA-06502: PL/SQL: numeric or value error
    ORA-06512: at line 3
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    Thanks
    regards
    -Ananth

    We had the same problem and it turned out that deleting a portal user(delete_portal_user), removing a portal user from a list (delete_user_from_list) or updating a portal user, the "savepoint xxxx never established message" came up when there was no context set. If the procedure is called from within a portal page (or as user portal30) ,and the context is set and it works. The solution is to check to see if the context was set, and then set it if not.
    if not portal30.wwctx_api_private.is_context_set then
    portal30.wwctx_api_private.set_context(p_user_name => 'portal30');
    end if;
    Hope this helps
    Tania

Maybe you are looking for

  • DBMS_SQL.parse error when working with string 32k

    Hi, In order to execute a dynamic string > 32 k , i followed metalink note: 77470.1 :" How to Execute DML and DDL Statements Larger than 32k Using dbms_sql " When running a procedure to dynamicaly recreate a view i got the following error message. Ca

  • I get this error when attempting to check plugin status: "Plugin Finding Service Error"

    When I attempt to check the plugin status of the plugins installed in firefox i get this error :Plugin Finding Service Error

  • IPhone SDK 3.1.3??!?!?

    I have been trying to download the iPhone SDK 3.1.3 for hours, but I can't seem to find where to download it. I've read on the Apple site that it was free to download. I have found it before, tried to download it, and said I needed to log in. I was a

  • Me estan cobrando dos veces la misma aplicacion

    Hola por favor revisen bien, me estan cobrando dos veces la misma aplicacion del mismo dia, es ilogico que yo compre la misma aplicacion para el mismo telefono espero respuesta gracias Hello please check it, I being billed twice for the same applicat

  • Why is quicktime screen recording playback choppy?

    I'm trying to record gameplay on my computer screen with quicktime's screen record feature, but when I go back and watch it, it is really choppy and skips some parts. I have a 27 inch iMac (Late 2009) 3.06 GHz Intel Core 2 Duo 4 GB Memory Snow Leopar