Portal integration and Windows Active Directory

Hello experts,
We have a SAP Netweaver Portal SP14 and the UME is configure in one Active Directory of Windows 2003. The UME is working correctly but the SSL connection between the two system doesn't work.
We have applied the help in the link:
"http://help.sap.com/saphelp_nw70/helpdata/en/7d/77fa735e5f47a2a50b5336fd1b5a61/content.htm"
but we got the error
"Peer certificate is not trusted or expired".
The Active Directory server has its own certificate.
We think that the problem is with the trusted certificate but we have not correct it.
In active directory server when we access to  https:
myserverAD:636, we got the error that the page could not be show.
Thanks in advanced.
Paco Hernandis.

>  https:
myserverAD:636, we got the error that the page could not be show.
The SAP Help is outdated: MS IE doesn't show those certs any more, as you have found.
I'm sure there's a better way, but here's how I get that when I need it: install an OLD version of Firefox (I keep the install EXE for Firefox 1.5.0.8 around just for this) because v.2 responds with an error the same as IE. I use Firefox for this (rather than an old version of IE) so that it doesn't clobber my IE config. Since it's an old release there are many security problems: so don't use it for anything else, and uninstall it immediately afterwards.
http://download.mozilla.org/?product=firefox-1.5.0.8&os=win&lang=en-US

Similar Messages

  • Oracle database and Windows Active directory authentication

    Hello,
    Our developers have created a couple of web apps which look at our oracle database. Presently they use the APPS user and the user/password is hard coded into the config files.
    Is it possible to authenticate these using Windows Active Directory instead? Is it possible to use AD authentication for all developer access to the database?
    I'm trying to research this on the web but getting very confused. Would a lot of work be involved to get this up and running?
    Is anyone able to offer and advise?
    Thank you very much
    Sarah

    I don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
    Perhaps the following links are useful:
    http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
    http://www.linuxmail.info/active-directory-integration-samba-centos-5/
    http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/

  • Oracle Linux and Windows Active Directory

    I am looking for a good article on joining an Oracle Linux server to a Windows Active directory domain.
    We are primarily a Windows shop but need to bring up a couple of Oracle Linux servers (VM Server and VM Manager). I would like to use the existing Windows domain controller for user authentication.

    I don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
    Perhaps the following links are useful:
    http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
    http://www.linuxmail.info/active-directory-integration-samba-centos-5/
    http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/

  • Crystal Reports and Windows Active Directory

    Hi,
    I am trying to authenticate using the Windows Active Directory. I have created a test group in the Active directory and added myself as a member to that group. On the Crystal reports server side, I have enabled the Windows Active Directory. I can see the group that I created on the Active Directory. But I do not see any users. I have a Java infoview and I changed the web.xml file. I changed the authentication parameter to secWinAD. But does anyone know how to restart the web application server? I restarted the service Intelligent Agent. But when I login using my user id and password it still gives me the same error:
    Account Information Not Recognized: Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)
    Any help will be appreciated.
    Thanks.

    Infoview doesn't even need to be restarted.
    You said "I have a Java infoview and I changed the web.xml file" in your original post
    If you have .net IIS then it would be a web.config file that needs to be changed. IIS will pick up the changes as soon as you save the file and open an infoview logon page. you may also opt to set authentication.visible to true so users will have the ability to select AD when logging in.
    Regards,
    Tim

  • CUCM IM & Presence 9.1 and Window Active Directory 2012 R2

    Currently envinronment is
    1.CUCM 9.1
    2.IM & Presence 9.1
    3 AD 2012 R2
    i have configured for Jabber for iPhone 9.6.1 and Window 9.7 and use UDS as service profile.
    Everything working properly unless i can't use AD user for authentication it appear screen as can't locate server. 
    Local user in CUCM can login normally and confirm that all AD configuration in CUCM are configured (LDAP directory, authentication and even in service profile)and i can use AD user to login via CUCM and IMAP user option page which mean LDAP integration should be working fine. but i can't log in via Jabber for iPhone or Window.
    When i look through CUCM IMAP 9.1 document in LDAP integration support list. it not show AD version 2012 so i am not sure it won't work because it not include in support list or not
    This is Problem report from Jabber for iPhone with login user "test". It look like there is network connectivity problem but this client can ping and browse into IMAP correctly
    -- 2014-08-06 16:45:55.343 WARNING [3c12018c] - [JabberWerx][log] [LoginMgr]: ha, invalid HA soap server index:1
    -- 2014-08-06 16:45:55.354 INFO [3c12018c] - [JabberWerx][log] [LoginMgr]: #1, OnStateChanged CLoginStop::OnStateChanged
    -- 2014-08-06 16:45:55.357 INFO [3c12018c] - [JabberWerx][log] [XmppSDK]: CXmppClient::FinalCleanData
    -- 2014-08-06 16:45:55.378 INFO [3c12018c] - [JabberWerx][log] [LoginMgr]: #1, OnStateChanged conn, canceled due to no needs. supposed:0, signning-on:0, signed-on:0
    -- 2014-08-06 16:45:55.379 ERROR [3c12018c] - [JabberWerx][log] [LoginMgr]: #1, Fire_OnError login, OnError, 9
    -- 2014-08-06 16:45:55.380 ERROR [3c12018c] - [JabberWerx][log] [JabberWerxCPP]: JWLoginSink::OnError, lerr:9
    -- 2014-08-06 16:45:55.381 DEBUG [3c12018c] - [imp.service][OnLoginError] Entry
    -- 2014-08-06 16:45:55.382 INFO [3c12018c] - [imp.service][OnLoginError] ****************************************************************
    -- 2014-08-06 16:45:55.384 INFO [3c12018c] - [imp.service][OnLoginError] OnLoginError: (data=0) LERR_CUP_UNREACHABLE <9>:
    -- 2014-08-06 16:45:55.385 INFO [3c12018c] - [imp.service][OnLoginError] ****************************************************************
    -- 2014-08-06 16:45:55.385 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][GetCredentialsImplForService] ScopedLock to protect access to credentialsMap
    -- 2014-08-06 16:45:55.387 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][CreateBlankCredentials] ScopedLock to protect access to credentialsMap
    -- 2014-08-06 16:45:55.387 INFO [3c12018c] - [csf-unified.services.system.CredentialsManager][CreateBlankCredentials] Unable to find credential object associated with the Authentication ID: WebEx - it was not found in the cache. Initialising a blank credentials object
    -- 2014-08-06 16:45:55.388 DEBUG [3c12018c] - [CredentialsImpl][CredentialsImpl] Credentials constructed[authenticatorId=1201;synced=false;username=;password=empty;oAuthToken=empty;rememberMe=false;ssoMode=0;verified=false;userVerified=false]
    -- 2014-08-06 16:45:55.388 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][GetSsoMode] Authenticator [1201] has sso mode set to off
    -- 2014-08-06 16:45:55.392 DEBUG [3c12018c] - [ConfigStoreManager][getValue] key : [WebEx_UseCredentialsFrom] skipLocal : [0]  value: [] success: [false] configStoreName: []
    -- 2014-08-06 16:45:55.393 DEBUG [3c12018c] - [ConfigStoreManager][getValue] key : [1201_UseCredentialsFrom] skipLocal : [0]  value: [] success: [false] configStoreName: []
    -- 2014-08-06 16:45:55.394 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][CheckDeprecatedSyncSettings] No Standard Config Based Sync Key found for WebEx so check for deprecated sync key
    -- 2014-08-06 16:45:55.394 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][CheckDeprecatedSyncSettings] No deprecated config sync key found for WebEx so check for defaults
    -- 2014-08-06 16:45:55.394 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][SetupSyncSettings] Checking defaults for WebEx
    -- 2014-08-06 16:45:55.401 INFO [3c12018c] - [startup-handler][loadConfig] Entering loadConfig
    -- 2014-08-06 16:45:55.401 DEBUG [3c12018c] - [csf-unified.services.system.CredentialsManager][SetupSyncSettings] No default sync found for WebEx
    -- 2014-08-06 16:45:55.401 INFO [3c12018c] - [csf-unified.services.system.CredentialsManager][SetupSyncSettings] No sync settings for WebEx credentials configured
    -- 2014-08-06 16:45:55.403 DEBUG [3c12018c] - [imp.service][LoginErrortoErrorCode] LoginErrortoErrorCode: 9 mapped to: UnableToConnectToTheServer
    -- 2014-08-06 16:45:55.404 DEBUG [3c12018c] - [imp.service][OnLoginError] errCode: UnableToConnectToTheServer
    -- 2014-08-06 16:45:55.406 INFO [3c12018c] - [imp.service][OnSignOn] Entry
    -- 2014-08-06 16:45:55.406 INFO [3c12018c] - [imp.service][OnSignOn] OnSignOn: false
    -- 2014-08-06 16:45:55.407 ERROR [3c12018c] - [imp.service][OnSignOn] OnSignOn failed while in starting state...
    -- 2014-08-06 16:45:55.409 INFO [3c12018c] - [imp.service][OnSignOn] Exit
    -- 2014-08-06 16:45:55.409 DEBUG [7d81000] - [imp.service][waitForSignedOn] Exit
    -- 2014-08-06 16:45:55.409 DEBUG [3c12018c] - [imp.service][OnLoginError] Exit
    -- 2014-08-06 16:45:55.410 DEBUG [7d81000] - [imp.service][performSignOn] Exit
    -- 2014-08-06 16:45:55.410 DEBUG [7d81000] - [imp.service][performActions] performed call to signedOn: success: false
    -- 2014-08-06 16:45:55.411 ERROR [7d81000] - [imp.service][performActions] Unable to login. SignOn Command Failed...
    i also have RTMT for ClientProfileAgent, XCP Connection manager, XCP router, tomcatsecuritylog. If anyone want these please let me know

    This issue has been solved!
    The root cause was compatibility problem between CUCM 9.1 and AD 2012. We need to upgrade CUCM and IM and Presence to version 10.5 to solve this issue.
    Many thanks TAC engineer name Tapan Dutt for solved this issue
    Have a nice day!!

  • Portal Integration with Microsoft Active Directory

    We are working on a project to integrate Oracle9iAS Portal with Microsoft Active Directory. I am wondering if anyone has any experience with this and hence suggestions. Particularly, I'm wondering if its possible and how to use Active Directory to manage the Portal user accounts and group relationships?

    Please note that we finally got this working. For Active Directories sake, I would suggest using userPrincipalName or sAMAccountName as the Unique Attribute. Also, note that Active Directory uses OUs for organization, not CNs, so the search base should be either just the DN of the domain or an OU in the domain. Also, be sure to specify the full DN of the Bind DN as in CN=Administrator,CN=Users,DN=domain,DN=com

  • Weblogic 10.3.3 and Windows Active Directory connection error

    Hi,
    A i am trying to set up Windows AD LDAP realm.
    But the connection is not working. I have already double checked the passwords, user names and host. Everything is correct - but the only thing that i got in the log file is this (with enabled debug):
    <Debug> <JMXCore> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <Invoking method listUsers with (java.lang.String,java.lang.Integer,)>
    <Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <list users, user:*,max:1001>
    <Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <new LDAP connection to host 192.168.10.253 port 389 use local connection is false>
    <Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098113> <BEA-000000> <created new LDAP connection LDAPConnection { ldapVersion:2 bindDN:""}>
    <Debug> <DiagnosticContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <new localDiagnosticContext for thread [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'>
    <Debug> <WorkContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <copyThreadContexts(weblogic.management.JMXContext, | SOAP)>
    <Debug> <WorkContext> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098128> <BEA-000000> <copyThreadContexts(weblogic.diagnostics.DiagnosticContext, | MIME_HEADER)>
    <Debug> <SecurityAtn> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098144> <BEA-000000> <connection failed netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772 >
    <Error> <Console> <srv-13> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <Administrator> <> <4b403cde0296f14d:-16ba72e6:12edd7cc453:-8000-0000000000000060> <1300804098160> <BEA-240003> <Console encountered the following error weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
         at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3479)
         at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3466)
         at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2251)
         at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:178)
         at weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBeanImpl.listUsers(ActiveDirectoryAuthenticatorMBeanImpl.java:227)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
         at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
         at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
         at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
         at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
         at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
         at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
         at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
         at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
         at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
         at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
         at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
         at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
         at javax.management.remote.rmi.RMIConnectionImpl_1033_WLStub.invoke(Unknown Source)
         at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
         at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
         at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
         at $Proxy149.listUsers(Unknown Source)
         at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
         at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
         at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:82)
         at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
         at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2121)
         at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:261)
         at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
         at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
         at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:159)
         at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:257)
         at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:416)
         at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:134)
         at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
         at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
         at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
         at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
         at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
         at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:429)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
         at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
         at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
         at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
         at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
         at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:389)
         at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
         at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:212)
         at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
         at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:253)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
         at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
         at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:131)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Caused by: java.lang.reflect.InvocationTargetException
         at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4153)
         at weblogic.security.utils.Pool.newInstance(Pool.java:37)
         at weblogic.security.utils.Pool.getInstance(Pool.java:33)
         at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3474)
         ... 117 more
    Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
         at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
         at netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
         at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
         at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1273)
         at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1562)
         at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4130)
         ... 120 more
    >
    could any one know where is the problem or do i need some patch to apply? I am running out of ideas what could be the cause to it.
    Thanks in advance!

    Hi ,
    From the error stack trace I could find the below error.
    Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772
    This error occurs if there is a LDAP authentication issue for the user used to bind to Active Directory, the value
    Data 525, refers to user not found error that is used to bind to the Active Directory.
    Make sure you have the correct credentials to connect to the Active Directory.
    You can simplify the test using the LDAP Broswer, which helps you to connect to the LDAP servers.
    A sample usage of LDAP Broswer is given below.
    http://weblogic-wonders.com/weblogic/2010/05/20/connecting-to-weblogic-server-embedded-ldap-using-ldap-browser/
    Note: The LDAP Browsers help us to traverse the LDAP Tree, there are many LDAP Broswers available in the market.
    You can download a sample version of softerra.
    http://www.ldapbrowser.com/download.htm
    You can also refer the below link for details about WebLogic and Active Directory configuration.
    http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/
    For more details about different LDAP Issues.
    http://weblogic-wonders.com/weblogic/2010/11/08/common-ldap-server-issues/
    Regards,
    Anandraj
    http://weblogic-wonders.com

  • SSO on WAS 6.20 (unix) using kerberos and Windows Active Directory (AD)

    Hi Gurus!!
    We are looking for the way to implement the Single Sign On in our R/3 Systems installed on unix of the Active Directory (obviously windows) users using Microsoft Kerberos.
    I'm not able to find a documentation about this arquitecture.
    Can somebody help me?
    Is any documentation related with this topic?
    Did Somwbody configure this kind of SSO?
    Thank you very much in advanced,
    Edorta Ramos

    Ramos,
    I should have made it clearer. When I referred to AS, I was referring to the SAP ABAP AS (e.g. application server). Of course the KDC (e.g. Microsoft Active Directory) has an AS service as well...
    yes, you can Kerberos enable (Kerberize) the SAP ABAP AS and SAP GUI using Kerberos libraries for Windows and AIX. As I mentioned already, since AIX is involved you should consider evaluating and buying SAP certified SNC libraries available from a SAP partner. Your first place to look is in SAP EcoHub (click link at top of this SDN forum to enter EcoHub) and search for SNC or Kerberos.
    You asked about gssapi library - as I have said a few times, there is no gssapi (e.g. SNC library) provided by SAP for UNIX or Linux, so if you are using AIX you need to look elsewhere (e.g. SAP partner) and the SAP partner will also provide the compatible/supported library for the Windows workstations as well so you get a complete solution from the vendor.
    Thanks,
    Tim

  • ACS 3.2 for Windows and Windows Active Directory.

    I'm using a member W2K server to run ACS 3.2.
    I'm using ACS and Windows group mapping but my users always go into default group.
    Why?
    Thanks.
    Andrea.

    I'm assuming your ACS \DEFAULT domain has NT Groups mapped to . Use a new Domain Configuration to add your AD and group mappings.
    The group name in ACS must match exactly the same group in AD. ie. If your AD group name is "Engineering" , create a ACS group with exactly the same spelling. Also,avoid certain characters such as @#%&*() in the naming of groups, both in AD and ACS.
    Hope this helps. let us know.
    P

  • Wlc and window active directory

    On the client side "user Credentials", I set "Use Windows logon" to autenticate. Here is my problem, upon boot no drives are mapped so I am assuming windwows is booting before authenication takes place. How can I resolve this? Thanks

    The problem is that unless you are authenticating the machine to AD as well, then when you log onto the laptop, you are using
    cached domain credentials and then the user is authenticating to the wireless.  In order for login scripts, group policy changes, etc to work, the machine must authenticate to the wireless so it is on the domain.  Then when you log onto the laptop, you are logging into the domain, just like with a wired PC.  So what you need to use is a wireless suplicant like WZC or CSSC that integrates into the msgina of the OS that allows authentication before login.  With the WZC, you will see an option to "authenticate as computer when computer information is available" on the Authentication tab of your wireless profile. Check out step 9 of the Client configuration section of this document  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml#t31.
    Your RADIUS server would also need to allow computers to authenticate.
    Thanks,
    Lee

  • Integration of sap R/3 (4.7) and Microsoft active directory (2003)

    Hi All,
    I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
    Pls help me with this issue.
    Thanks in advance,
    Regards,
    Raghav.

    Hi,
    First You should read:
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
    Regards,
    Jarek

  • Windows Active Directory 2008 And Java

    Hi,
    I need to do the following.
    1. Integrate my application's authentication module with Microsoft Windows Active Directory (Server 2008 Edition).
    2. Need to use Kerberos authentication.
    Can you please let me know what api can I use? Is there a good tutorial for this ?
    Regards,
    Pradeep.
    Edited by: user10502962 on Oct 9, 2011 12:51 AM

    Finally managed to resolve the problem.
    I tried to do a lot of things reading forums. But this is what worked.
    1. create a key store using $ keytool -genkey -keystore /home/rohan/mystore -keysize 1024 -keyalg RSA --- created "mystore" key store. From the cert file I got the information on RSA and encryption of 1024 bits.
    2. import the certificate the keystore - $ keytool -import -keystore /home/rohan/mystore -alias primarydc -file DC2K8.cer
    3. In the code just added these lines
    env.put(Context.PROVIDER_URL, "ldap://myldapserver:389"); // Port 389 on Windows Domain Controller
    String keystore = "/home/rohan/mystore";
    System.setProperty("javax.net.ssl.trustStore",keystore);
    System.setProperty("javax.net.ssl.keyStorePassword","password");
    4. Change of Password (code provided by stevead )
    StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
                   tls.negotiate();
                   ModificationItem[] mods = new ModificationItem[2];
    String newQuotedPassword = "\""+password+"\"";
                   byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
                   mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
                   mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD)));
                   ctx.modifyAttributes(userName, mods);
    Useful links
    http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
    http://blog.smartkey.co.uk/2010/09/working-around-a-sslhandshakeexception/
    http://www.thinkplexx.com/learn/howto/security/tools/understanding-java-keytool-working-with-crt-files-fixing-certificate-problems
    Thanks to stevead and handat for helping.
    Rohan

  • Integrating OEDQ with Active Directory - Disabling SSL

    Hi fellows,
    I've just installed OEDQ (latest release) on a Unix machine (deployed on WebLogic Server 10.3.6) but I've a couple of concerns:
    SSL Communication --> is it mandatory? I mean, I've tried to expose the dndirector admin page through an OHS Apache Web server. I'm able to access the admin page in plain mode but whenever I try to access a specific functionality (dashboard, user management, server configuration, etc) I'm being redirected to https://<web-server-hostname>:<wls-server-ssl-port>/dndirector, so this is not what I'm expecting. What's wrong? By the way, If SSL is mandatory, is there a way to expose the console via apache (avoiding any redirection)?
    OEDQ with Active Directory --> the following documentation -- Integrating OEDQ with Active Directory -- covers just the Single Sign-on configuration (on both Windows/Unix os). What about a simple configuration pointing to an external ldap? The documentation reports the following statement:
              It is also possible to configure OEDQ to work with different directory servers for user authentication and user identification. For information on alternative configurations, "see "Contact Us"
    So, how can I achieve that?
    Any pointers?
    Thanks in advance,
    Marco

    Hi Marco
    Was out of the office a bit - apologies for the delay.
    It looks like you removed these lines from the configuration:
    cdpad.auth  
    = ldap
    cdpad.auth.bindmethod
    = digest-md5
    cdpad.auth.binddn
    = search: sAMAccountName
    If these are not present, the user name is combined with @cdpsede.cassaddpp.it and used to login into AD.  Depending on how user names are setup, this may or may not work.
    If you replace the lines above, then the user account is searched for against the AD UserPrincipalName or the sAMAccountName attributes.  The value of the latter attributre is then used as the login attempt.
    So for example, if you enter the user name if marco.bonadonna, EDQ would search for an AD entry with userPrincipalName = [email protected] or with sAMAccountName = marco.bonadonna and then it would use the value of the sAMAccountName attribute to connect to AD (using digest-md5 for encryption) along with the password.
    If you use
    cdpad.auth.binddn = search: dn
    then EDQ will use the full distiinguished name (DN) of the entry in the bind attempt.
    It is sometimes easier to test connections using a LDAP browser - Apache Directory Studio (see http://directory.apache.org/studio/) is one I use.  You can then check user name and password combination outside EDQ.
    You can also get additional server logging on LDAP interactions in EDQ by adding the line:
    userauth.level = all
    to the logging.properties file in the EDQ config directory.  Then where will be lots of diagnostics in the EDQ main0,log file.
    By the way, there is some documentation for this in the on-line help for EDQ.
    Richard

  • Windows Active directory group policy objects

    Like many small to medium businesses, we use Firefox in addition to Internet Explorer. The Windows Active Directory group policy objects we have for IE works nicely in all versions of IE. Firefox on the other hand has stopped playing ball. Any policy files I have found on the Internet simply does not fire when used in Windows Group Policy. We have Windows 2008 R2 servers with Windows 7 clients.
    Does Mozilla have official group policy objects that will work with Windows Active Directory group policy and is supported in Firefox versions 27 onwards? A lot of the material on the Internet are simply workarounds to achieve something simple.
    I believe this may have been asked several times already, but no definitive answer has been supplied to
    resolve the issue to my knowledge.
    Thanks and regards

    To my knowledge, Firefox historically has not had integration with group policy, and third party tools have been required to bridge the gap. You may have found templates that work in one of those tools.
    These threads have links to third party tools, articles, mailing lists, and other resources:
    * [https://support.mozilla.org/questions/980567 i need to include the Firefox Browser Configuration in my Group Policy and Control Proxy and Browsing Settings]
    * [https://support.mozilla.org/questions/978874 Is it possible to configure firefox using group policy]
    Please report back if you find a solution. Thanks.

  • How can I authenticate a User In Windows Active Directory?

    I need to authenticate a user in Windows Active Directory, but I found use the code below will return true if the user name and password are both correct and false if one of them is wrong. But when I input a user name which is not exist in Active Driectory with a blank password, it will also return true. What shall I do? Ask every user must input a password withnot blank?
    Please give me some help to solve this problem. Thanks a lot.
    Code:
    private Context ctx = null;
    Hashtable env = new Hashtable ();
    boolean isValid = false;
    try {
    this.setEnvironmentProperties();
    String domainName = AuthenticateResources.getString("mydomain.com");
    //set the name of domain with the user name
    String fullName = name + "@" + domainName;
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL,"ldap://mydomain:389");
    env.put(Context.SECURITY_AUTHENTICATION,"simple");
    //set user related information
    env.put(Context.SECURITY_PRINCIPAL, fullName);
    //set user password
    env.put(Context.SECURITY_CREDENTIALS, password);
    //validate user
    ctx = new InitialDirContext(env);
    isValid = true;
    }catch (AuthenticationException ex){
    isValid = false;
    catch (NamingException ex) {
    throw ex;
    }finally{
    this.freeContext();
    return isValid;

    This is usually a problem if Anonymous Binding is enabled. I have faced this in other Directory Servers, but I am not familiar with Active Directory.
    I think by default Active Directory disables Anonymous Binding, but you may want to check.

Maybe you are looking for

  • Did I  destroy my Hardrive? what are my options now?

    Hello forum. I am in desperate need of your help today. I have a macbook air 11inch. Here is the story guys: Last night I was watching a youtube video as well as downloading a few videos. my Macbook air froze completely. I didnt even get the spinning

  • How do I move my contacts and folders from Earthlink Webmail to Thunderbird

    Just installed Thunderbird and I want to import all my contact addresses and saved folders from Earthlink Webmail to Thunderbird Mail.

  • LR5 on my two Macs

    I bought (and registered) LR5 in hard copy (disk) form.  I installed it on my iMac.  Since then I recently bought a Mac Book laptop without a CD slot.  Can I now download LR5 to my laptop?

  • Grand total for user

    Hello, Using obiee 11g, I am trying to build a report where i am trying do a count(distinct un),so i created a logical column for that and using that in my answers. The un i am showing for over months.IS works fine except that the grand total shows w

  • Problem in maintaining communication strategy

    Hi All, I have the error message TK455 when creating or modifying a communication strategy. The first field is named "Position" and is a 'numc' type field. I tried to give 1 or 01 but it keeps giving error message "Enter numeric values only" The deta