Windows Authenticated User Login
Hi All,
Does anybody know if there are plans to incorporate Windows Authenticated Login to SAP Business One in the future?
We have many customers who ask this question - why should people have to remember a windows login AND one to B1?
If this is not yet planned for release, could you please consider it?
Many thanks
Mark
Hi Vikas
As Patrick mentioned, there is no native support built into the ABAP AS for LDAP authentication via SAPGUI.
As an option and If you have SAP Identity Management you could look at deploying the password hook, this provides an enterprise password of same password approach. Hence end users can enter their MSAD password to gain access to SAP via SAPGUI - it works well.
SAP Identity Management : Password Hook Configuration Guide
http://scn.sap.com/docs/DOC-17112
The SAP NetWeaver Identity Management Password Hook is a password hook DLL that can be installed on the Microsoft domain controller(s) in the password verification chain. The hook intercepts password changes in the Microsoft domain and distributes it to other applications using the SAP NetWeaver Identity Management Identity Center.
Hope it helps.
Rgrds
Craig
Similar Messages
-
HOW TO CREATE WINDOWS AUTHENTICATION USER IN SQL SERVER AFTER INSTALLING SQL SERVER 2008
I had an error while executing asp.net appcation from IIS as follows
Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
Description:
An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
[SqlException (0x80131904): Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.]
Can the above problem be solved by CREATING WINDOWS AUTHENTICATION LOGIN FOR
'IIS APPPOOL\ASP.NET v4.0' ?
If yes, how to create the login?
If no,what is the best possible solution?
Please reply as soon as possible as i am unable to run my project which I had done in my lab,in my home system.Hi Praveen,
To fix this issue, you need to change the Identity of your website's Application Pool to use the
NetworkService account (or the less secure LocalSystem account). By default, IIS7 seems to set the Application Pools Identity to 'ApplicationPoolIdentity' instead of NetworkService or LocalSystem.
Here's a step-by-step guide for determining your websites Application Pool, then changing its Process Model Idenitty in IIS7:
1.Open Internet Information Services (IIS) Manger.
2.In the Connections sidebar, drill down into Default Web Site and click on your website.
3.Now in the Actions sidebar (on right side), click on Advance Settings... In the popup box, under General you will see your Application Pool listed for your website (in my case the app pool is: ASP.NET V4.0).
4.Click Cancel... If you choose, you can change the Application Pool here, but for the sake of this example we just wanted to find out what the website's App Pool was.
Then change the app pool's (Process Model) Identity to 'NetworkService', the steps are showed as below:
1.Open Internet Information Services (IIS) Manger.
2.In the Connections sidebar, click on Application Pools.
3.Now right-click on theApplication Pool that your website is using (in this case my site is using the ASP.NET v4.0 application pool), and select Advanced Settings... from the menu.
4.In the Advanced Settings pop-up box, locate the Process Model -> Identity section and click on the Application Pool Identity.
5.In the Application Pool Identity pop-up box, change the Built-in account to NetworkService (or if you want LocalSystem), then click OK, and click OK again to save your Advanced Settings changes.
Hope this helps.
Best Regards,
Peja
Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
SQL Windows Authentication with Login of AD Group 'Domain Admins'
Having a bit of a difficulty with Microsoft SQL Server 2012 windows authentication integration...
The server is setup to have Windows authentication used as its means of login authentication. No issues with this other than a strange error that occurs on multiple SQL servers in our domain:
When a login is created for domain group "[domain]\Domain Admins", users within this AD group cannot connect to the SQL server through the Management Studio. The error that SQL server gives is Error 18456, Sate 11, i.e. "Valid login but server
access failure"
However when a different AD group is added as a login (like [domain]\[group]), users from this group can successfully log into SQL server. It seems that adding any other group, even groups from a different domain, grants successful authentication as I would
expect EXCEPT the AD group 'Domain Admins".
Is there some restriction/security feature at play here on this AD group that makes using the 'Domain Admins' group as a login not possible?
AndrewYes, this group was removed and readded just yesterday to try to fix the issue.
Here is the output of the command:
class
class_desc
major_id
minor_id
grantee_principal_id
grantor_principal_id
type
permission_name
state
state_desc
105
ENDPOINT
2
0
2
1
CO
CONNECT
G
GRANT
105
ENDPOINT
3
0
2
1
CO
CONNECT
G
GRANT
105
ENDPOINT
4
0
2
1
CO
CONNECT
G
GRANT
105
ENDPOINT
5
0
2
1
CO
CONNECT
G
GRANT -
Trying to Learn MVC code first with Vs2013 web express on windows 7 os computer. When code runs to create database get: An exception of type 'System.Data.SqlClient.SqlException' occurred in EntityFramework.dll but was not handled in user code
Additional information: CREATE DATABASE permission denied in database 'master'.
Have this problem with the 'OdeToFood' plurasight course as well with the
'developing ASP.NET MvC 4 Web Applications Jump Start' MVA course.
Re-installed sql2008r2 using window
admin user and ran the project and get same message as when i run the project with the none admin user.
What are steps to allow database creation for admin user and none windows admin user?
Daniel HowardDavid, thanks for the reply.
I believe the problem may be something else because after adding the
user to 'sysadmin' and I still get the message
Additional information: CREATE DATABASE permission denied in database 'master'.
Perhaps I need to go to ASP.NET forum to ask the question.
I will mark you answer as answer.
Thanks again
Daniel
Daniel Howard -
View logs in windows server (User login and logout )
Hi Guys,
I want to see the user login and logout times to the systems. I want know on which systems (Hostname) they logged into that account.
Could you please help me. Thanks in advanceHi
You can check the log's on event viewer console,here is good article for your needs,please check;
https://support.microsoft.com/en-us/kb/556015?wa=wsignin1.0 -
Windows 8 - user login and Kerberos Realm problems.
Hi,
Just installed Windows 8 Enterprise x64 from our MDT into our production enviroment for some final testing. I have done this with both Consumer and the Release Preview just to make sure our infrastructure can support user that want to run Windows 8 (Win
7 Enterprise will still be the default OS for our client desktops).
The problem I reported here with the Consumer Preview
http://social.technet.microsoft.com/Forums/en-US/W8ITProPreRel/thread/069f59be-b89c-4005-8cd2-ff5fd756825a is still alive and kicking.
Logon after fresh reboot. (Windows 8)
Username: XWYZ
Password: *********
Sign in to: "OURKERBEROSREALM.SE"
We authenticate all our users with our Kerberos Realm and in our AD's all user passwords are random dummy placeholders, and are linked to the Kerberos realm.
When a user lock their computer, or put it in sleep mode, they should see this at their login.
XWYZ (their full name)
"OURKERBEROSREALM.SE\XWYZ(their username)
Locked
Password: ********
But it does not show this… it shows:
XWYZ (their full name)
WINDOWS DOMAIN NAME\XWYZ(their username)
Locked
Password: ********
This meens that when they want to unlock their desktop, or login after sleep, it will try and authenticate their login on the domain AD and not the Kerberos realm. Howver if you choose to go back and select "other user" it defaults back to using "OURKERBEROSREALM.se"
as "Sign in to:" domain.
This worked flawlessly in XP, Vista and Windows 7, but not in Windows 8. Not having our Kerberos realm as default login in every scenario is kind of a bummer.I had some brief time looking into this, and my awesome workbuddy found that you can poke about the keys found in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\1
With the LastLoggedONSAMUser and LastLoggedOnUser values I changed from from "domain"\username to "kerberosrealm"\user, and when locking my computer or restating, I now have no need to choose "other user" every time I want to login again.
Atleast somewhere to start. -
Moving/Linking Claims Windows Auth user to an ADFS Claims
Hi guys,
Here is my situation:
Initial deployment: SharePoint 2010 with Windows Authentication - Users login using AD
We successfully migrated the web application to use "Claims"
We then integrated the web application with ADFS 2.0 - Using the same AD users
Everything seems good and working fine.
The question I have is related to content already created in SharePoint. Is it possible to map the new ADFS account usernames to the existing windows authentication claims usernames?
This is important for users, because we would like the "My" views of lists and libraries to work. SharePoint at the moment thinks that the logged in users (using ADFS) is different than the user who created/modified the documents. (Although it
is the same AD account)Hi Inderjeet
Thanks for your reply. The article did help in moving users (Move-SPUser) from AD to ADFS (Which I noticed in the securities in groups), however, the issue I'm looking for is still standing where the items that were created by the user using "Windows
Auth Claim" were not moved/updated to the "ADFS Claim" user, which in fact they map to the same AD user.
Is there away to transfer/update the created by and modified by attributes of users from Windows Claims to ADFS Claims user?
UPDATE: The above statement is not correct. Move-SPUser actually updates the created by and modified by attributes to. -
I am currently logged in to my database engine using SSMS and Windows Authentication; specifically, I am logged in with Joe-PC\Joe, where Joe-PC is the domain name of the machine hosting the database, and Joe is the user that created the database.
If it matters, I am running all of this locally from Joe-PC.
I have a .bak backup file stored in my C:\Users\Joe\Desktop folder that I am trying to restore. However, I get an error saying 'Either the location does not exist, or the current login account does not have access to it.' I am certain the location
exists, as I am looking at it right now, and I can't see why Joe-PC\Joe wouldn't have access to it's own user folder.
I am absolutely baffled as to why this is behaving this way. I am fully aware that I can work around the issue, but I'd like to know why this isn't working as it seems like it should. Does the Windows Authentication that SQL Server uses not have
the permissions that the account would normally have? Is the Windows Authentication user even the same thing as the user that logs into Windows? What else could be going on that I don't understand?Keith
Thanks for your answer. My user account is one of two administrator accounts on this computer (the other is only set up for consistency sake, and has probably only been logged into a total of 5 times; all of our computers have the account though, so
I thought I should put it on here as well). The issue isn't that my account doesn't have restore permissions, just that SSMS can't access the user folder when logged in using Windows Authentication. Another issue that I assume is related results
in a lack of permissions on backup files until I manually set permissions to 'Everyone' under the backup file's properties\security tab. Also, not sure if it matters, the backup is taken from a customer's computer running Win 7 Pro x86 while my computer
is on Win 7 Ultimate x64.
Not sure if this helps pinpoint the issue, but my current workaround is as follows:
Copy the .bak file to the C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.WSA\MSSQL\Backup (default backup folder)
Right-click the .bak file and go to the properties toolbox. Select the Security Tab, give full permission to 'Everyone'.
In SSMS, select 'Restore Database' after right-clicking on 'Databases' in left-hand tree.
Give the DB a name, restore from device, select my file.
This method hasn't failed me yet, but any deviation (other than setting permissions before or after moving) causes me to get access errors when I try to restore. Fortunately, this isn't a production database engine, just a testing environment, but
I'd like to get an idea of what's going on, because I know it's only a matter of time before I or a customer runs into this issue. -
How to resolve a windows authenticated orphaned user in Sql Server 2008 R2?
Hi,
We have some orphaned windows authenticated users(domain) in the database while it had been
migrated from Sql Server 2005 to Sql Server 2008 R2, because there are no corresponding
logins for the users. Will just adding the logins would be sufficient or after adding the
logins should we also run sp_change_users_login @Action='update_one' to resolve any sid
conflict. Thanking you in advance,
With regards
Binny MathewBinny
You have issue with orphaned users if you use Mixed Authentication. If you use Windows and move the db to the new server the Windows Login should be exist on the new server already.
Best Regards,Uri Dimant SQL Server MVP,
http://sqlblog.com/blogs/uri_dimant/
MS SQL optimization: MS SQL Development and Optimization
MS SQL Consulting:
Large scale of database and data cleansing
Remote DBA Services:
Improves MS SQL Database Performance
SQL Server Integration Services:
Business Intelligence -
Database access using windows authentication
We are updating our Applications to use single sign on and are running into a problem with database access. We are using CF11 Enterprise and SQL Server 2008 on IIS 7.5.
We have set up the ColdFusion Application Service to run under an AD service account and have created the data sources in CFAdmin leaving the username and password blank. The data sources verify and all seems good. The problem comes when running a query. The credential passed to the database is the service account and not the windows authenticated user. As such the query fails. What are we missing to get CF to pass the Windows Authenticated user credential instead of the service account?
Thanks
TimColdFusion does not pass user's credentials to the database connections by default, and cannot pass Windows Authentication credentials that way. It only sends the service account's credentials (if you leave username/password blank as you have done). The only way to pass user credentials is to put them into the individual query calls themselves, and even then you can't pass Windows Authentication credentials. You would have to use SQL Server Logins, and create accounts for each user.
I think most people are using either a dedicated SQL Server login for ColdFusion and run all queries under that account, or they do as you have already done and use Windows Authentication along with the ColdFusion service account. If you need an audit trail, then pass usernames into the insert/update queries and store them manually along with the other data you are inserting/updating.
-Carl V. -
Essbase SSO based in Windows authentication
Hi,
Its possible to have a SSO in a EPM System based in reusing windows authenticated user to avoid having to refill user credentials in a EPM System? (We are using Java embedded container as app server)
Thanksalfons wrote:
Its possible to have a SSO in a EPM System based in reusing windows authenticated user to avoid having to refill user credentials in a EPM System? (We are using Java embedded container as app server)It is not possible to do this currently. I have seen Essbase roadmaps that show Kerberos authentication and hope they put it into the Essbase Java API..
Tim Tow
Applied OLAP, Inc -
Hi,
I use the windows authentication to login into planning 4.1 and reports 7.2, but now for the last few days i can login into planning but not into hyperion reports with the windows id. What can be the issue and how should it be solved? ThanksWhat is the error you are getting while logging on to reports ?.
-
Retain Windows authentication but allow re-login as another user
I have been reading all about Login as a different user being disabled, the use of loginasanotheruser and how this is not recommended for later browser. Here is my situation that I am at a loss to resolve.
All of our users connect to SharePoint using Windows authentication. This needs to remain. However in our board room we have a number of computers all logged in with a common windows user account. Executive meetings are confidential and
we do not want to allow access to their site by the common Windows user - they must user their own login. Normal browsing is to retain the Windows authentication however when they come to the executive SharePoint site we need to present a login before
they progress.
I have seen comments on using "runas.exe" or the "Run as" option on shift-right click. The trouble is that we do not know which participant will sit at a particular seat/computer in the room. Our executive want everying by
minimal clicks and complexity. The expectation is that they enter the room and the site login page is already displayed as they arrive.
So any ideas? This one has me stumped.You could have a little batch file that asks for username and password then runs the 'runas.exe' with those details. That does the same thing as leaving a login page lying around.
-
Users using Windows Authentication unable to login after upgrade to SQL Server 2012 SP2 CU1
We upgraded from SQL Server 2008 R2 to SQL Server 2012 SP2 CU1. Upgrade was successful. Users that have SQL Server Management Studio 2012 can successfully log in via Windows Authentication, but users with an older version of SQL Server Management
Studio are unable to log in via Windows Authentication.
The error they receive is listed below:
Connect not connect to XXXXXXX
Login Failed. The login is from an untrusted domain and cannot be used with Windows Authentication.
(Microsoft SQL Server, Error: 18452)
If we switch to Mixed authentication, users can log in via SQL Server Authentication.
Our security policy prohibits SQL Authentication.
Outside of having the staff upgrade to SQL Server 2012 SQL Server Management Studio, is there any setting I can set/unset to allow older version of SQL Server Management studio to connect to SQL Server 2012?
Thanks.
DJGlad to see that you were able to resolve the issue yourself, but for the curious, could you explain what this
Extended Protection is?
Erland Sommarskog, SQL Server MVP, [email protected] -
I have been experiencing several issues with my MacBook Pro Retina mid 2012. My MBPR is scheduled to go into the depot. However, I am wondering if anyone may be able to shed light on a few issues as this is the third "official" time my MBPR is going back for service ("one depot" trip; "one authorized" dealer; several in-store visits).
My Bluetooth is stating that the Bluetooth Chipset is Unknown (0). I also have had Bluetooth Preferences mysteriously change on me. In addition, while Bluetooth is off there are two serial modems turning on. I have turned them off, but they continue to pop up.
In addition, when I log in, my MBPR is not remembering me and my login name is not appearing on the slate-gray screen. The name and password are blank and the following message appears in the lower left hand corner. "login window authentication login window Name edit text has keyboard focus." As a side note, I am the only user. The login issue is a recent occurrence as we just totally wiped it again via a Command + R, and I don't believe I have an accessibility setting set to anything that would cause this, but wanted to check.
Should I be concerned here? Has anyone else had issues like this? I don't want to worry if I don't have to. I have had so many issues over the course of nine months. 5-6 wipes. Airport card replaced and I am about to pull my hair out if my MBPR doesn't come back worldly like clock work this time. I just can't send my days trying to get a $2300 product to work for me any longer. No idea what is wrong with it, but it is driving me insane. Cross your fingers for me and any guidance you have or thoughts would be welcomed. Thank you. EMMA few more issues...
In Console, the following is greyed out:
User and Diagnostic reports
Com.apple.launchd.peruser.0
Com.apple.launchd.peruser.88
Com.apple.launchd.peruser.89
Com.apple.launchd.peruser.92
Com.apple.launchd.peruser.97
Com.apple.launchd.peruser.200
Com.apple.launchd.peruser.201
Com.apple.launchd.peruser.202
Com.apple.launchd.peruser.212
*[user logs are accessible]
Krb5kdc
Radius
My guest files are locked, but again I am the administrator of MBPR.
I am worried about a keystroke logged or at least, trying to rule it out.
Also:
Mdworker32(225) [and other mdworker numbers] are sandboxing; stating deny Mach-lookup
Com.apple.Powermanagement.control, etc. long attachment with those files with version: ??? (???).
Postinstall: removing applications/Microsoft Office 2011/Microsoft Outlook.app
WARNINGS in Console include:
[NSImage compositeToPoint:fromRect:operation:fraction:] is deprecated in MacOSX 19.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction] instead.
There are a ton of other warnings. Before I go through this again, can someone tell me if this is normal (all of it -- above too); or if these are symptoms is a keystroke logger or hardware issues?
I ask because originally, when my computer went in for diagnostics (more than once), Apple stated the hardware was fine (other than Airport Card -- finally). However, if I've done 5-6 total wipes; created new users; do not have sharing set-up; have not played around in Terminal; and am up-to-date with versions -- and various issues KEEP COMING BACK -- I am left wondering if a keystroke logger would be possible here?!? I thought maybe a faulty logic board, but why would diagnostics be okay, then? Not trying to be hyperbole, just desperate.
Please help me rule keystroke logger out or at least, tell me so I know, so I can take appropriate action. If you think it could be the logic board with symptoms above, that would be a great too.
All I want to do is use the computer as intended, but I can't seem to get a real answer, so after nine months -- I am turning to the communities to see if anyone -- anyone at all -- can help. The last thing I can do is have the MBPR come back from the depot and the same thing occur. Any guidance or advice would be so gratefully appreciated.
Maybe you are looking for
-
Customer cancels purchase order
Hi alltogether, I have to give a recommendation for the following case: - user created a customer order with one item and item cat. TAB! - user created a po with ME57/ME21N and ordered the parts - user received the parts (with or w/o MIGO, doesn't ma
-
I'm using a new intel mac mini to replace a video player in our middle school production studio. the Mac mini is running Mac is Lion, and a software package called Playback Pro. the main monitor is using the mini display port, and I purchased an hdmi
-
How to make a photo lister?
I want to show a bunch of photos in a single row, so I create a UIScrollView with a big content rectangle. But how do I draw into the proper spots inside the UIScrollView the various photos? I see in the Apple example code where they create a viewcon
-
How do I change the default email client from Thunderbird to Gmail in FF 3.6.17?
Using Mac, OS 10.6.7 and Firefox 3.6.17 When I click on an email address link, Thunderbird launches, but I want always to use Gmail. How do I change the email client from Thunderbird to Gmail?
-
i want to transfer the resulset to a different array.how can i do that.shall i use vector or arraylist.or is there an easier way.could you give me sample codes.