3rd party authentication - PingFederater

We are looking to use a 3rd party authentication tool (PingFederater) and was wondering if anyone has ever tried this.

Hi,
i never heard that this should work. When i take a look at the tech specs of the product i never saw BOE working with these technologies.
Beside it is not listed in the PAM i think this would not work.
To have an official statement i would recommend you open a Support Message with the SAP Support.
Regards
-Seb.

Similar Messages

3rd party authentication before ACS (TACACS+) auth

Dear experts,
I've been struggling to find out information on 3rd party authentication integration to the ACS. I know that ACS can use external databases, but this is not what I'm looking for.
I have someone, who wishes to use ACS for user authentication and at the same time develop real single sign-on to their corporate infrastructure. I have the product that can deliver this Single Sign-On, but thus far I've been able to reduce Sign-Ons to two (ACS and then Single Sign-On).
What I would like to know is, that can I implement a third party authentication _before_ ACS authentication. In this scenario the 3rd party authentication server would be the first point of contact. After successfully receiving the user credentials from the user, the authentication server would forward this inforamtion to ACS. So is there any kind of descriptions / API documentation on how to implement this? If this is possible, my customer could get real single sign-on to multitude of Intranet services and continue utilizing the ACS investment.

Here is a document on Monitoring and Reporting Tool Integration into Network Admission Control.
http://www.cisco.com/en/US/netsol/ns466/networking_solutions_white_paper0900aecd801dee49.shtml

Using Weblogic LDAP JAAS credentials for 3rd party authentication

Hello to all!
I'm posting this question because I'm developing a software layer that will connect a weblogic based web application, with LDAP authentication, to a 3rd party application, also with LDAP authentication, and I'm having difficulties in getting a <b><i>javax.security.auth.Subject</i></b> object from the weblogic server.
I already have a way of doing it, but it requires that a username and a password exist in some sort of storage, in order to work (either hardcoded (which is to be avoided as much as possible) or stored in a file (which is to be avoided if possible, but if nothing better exists...)).
I'm using a Weblogic 11g server, with LDAP authentication (LDAP provider placed in last at the provider list, with flag SUFFICIENT) and I'm developing the software layer using Oracle's jDeveloper 11g Release 1.
Now, this 3rd party application requires a <b><i>javax.security.auth.Subject</i></b> object in order to perform authentication.
How do I get this from the weblogic server ?
Of the following approaches, can you tell me which are the most correct ones ?
<ul>
a)<b>
    LoginContext lc = null;
    try {
        lc = new LoginContext("<JAAS instance name>");
        lc.login();
    } catch (LoginException e) {
        e.printStackTrace();
    javax.security.auth.Subject subject = lc.getSubject();
</b>
</ul>
<ul>
b)<b>
    LoginContext lc = new LoginContext("<JAAS instance name>"
        new MyClass.CallbackHandler(userid, password));
    lc.login();
    javax.security.auth.Subject subject = lc.getSubject();
    javax.security.auth.Subject.doAs(subject, myClassObject);
</b>
</ul>
<ul>
c)<b>
    javax.security.auth.Subject subjectA = weblogic.security.Security.getCurrentSubject();
    subjectA.doAs(subjectA, myClassObject);
</b>
</ul>
Thanks in advance,
Nuno B.

Here is a document on Monitoring and Reporting Tool Integration into Network Admission Control.
http://www.cisco.com/en/US/netsol/ns466/networking_solutions_white_paper0900aecd801dee49.shtml

Consume 3rd party authentication (providers) in SP13

I have a situation where I should have multiple authentications for my SP13 farm.
1. Since Claims is dominant in SP13, how can I integrate different (multiple) authentications? I am not clear on how claims works internally :(
2. How users from different authentication types can be grouped into SharePoint specific groups?
- GEM

Hi GEM,
1.Claims-based authentication is more general authentication mechanism that allows users to authenticate on external systems that provide asking system with claims about user. For how claims-based authentication works, you can have a look at the blog:
http://www.c-sharpcorner.com/UploadFile/Ashush/authentication-methods-in-sharepoint-2013/
For integrating multiple authentication methods in claims based web application, you can refer to the blog:
http://www.dotnetspark.com/kb/2845-configuring-multiple-authentication-providers.aspx
2.For adding users from diffferent authentication types into SharePoint groups, there is no special steps. Because with claims-based identities, a user obtains a digitally signed security token from a commonly trusted identity provider. The token contains
a set of claims. Each claim represents a specific item of data about a user such as his or her name, group memberships, and role on the network. Claims-based authentication is user authentication that uses claims-based identity technologies and infrastructure.
Applications that support claims-based authentication obtain a security token from a user, rather than credentials, and use the information within the claims to determine access to resources.
Reference:
http://technet.microsoft.com/en-us/library/cc262350(v=office.15).aspx
Best Regards,
Eric
Eric Tao
TechNet Community Support

SGD with Third Party Authentication issue

Hi
I am trying to setup SGD with Third Party Authentication and have done all the requisites for this.
I input the SGD URL and get the Third Party Login page but after I input my credentials, I get redirected to the SGD default login page which should not be the case. I had already set "Tomcat Authentication" as false in server.xml and enabled the Third Party authentication scheme in Array Manger
What else am I missing ?
Kindly advise
SGD ver4.31
Thanks

Every now and then I have found the same. One thing that almost always solved the problem was recreating a new trusted user, you can follow the steps from:
[http://docs.sun.com/source/820-1088/trusted_users.html|http://docs.sun.com/source/820-1088/trusted_users.html]
Especially the step to test the trusted_user is a very good test to see if the trusted user is ok: http://server/axis/services/rpc/externalauth
When prompted, log in as the trusted user.
An other way to test it is via the api-test functionality: http://server/sgd/admin/apitest/
First setup a session: webtopsession->startSession(0)
Then authenticate via externalauth->setSessionIdentity
These steps are the minimal steps to perform 3rdParty Authentication
(There is also an example jsp for 3rd Party Authentication on the wikis.sun: [http://wikis.sun.com/display/SecureGlobalDesktop/Single+sign-on+(before+4.40)|http://wikis.sun.com/display/SecureGlobalDesktop/Single+sign-on+(before+4.40)] )
- Remold

Authentication on PocketPC through 3rd Party SSO client

Dear community,
I am currently investigating into the possibility of authenticating a user on a PocketPC device through a 3rd party SSO client.
Does anyone have any experience in this ? What is the configuration effort is and what product was used ?
Thank you very much, best regards
Jochen

as an addendum to my post, I've seen that this can be done.
http://www.hardcopy.de/hardcopy/english/bsp_sap_neu_kz.php3

3rd party Certificate and AAA Authentication

I am using a cisco asa5520 and i have set up remote access vpn with an AnyConnect connection profile.
In the connection profile i have set up that users should authenticate using both certificate and AAA.
Due to a high security requirement, the user certificate is issued from a 3rd party.
This is working fine and the user now need a valid certificate and a username/password to authenticate successfully.
I added the CA certificate as a associated trustpoint on the ASA box to get the certificate verification working.
Problem:
If Jane and Joe both have a valid certificate AND a valid username/password, Jane could authenticate using a combo of Joes certificate, and Janes username/password. Both are valid (isolated), but i only want jane to be able to authenticate with her username/password and her personal certificate.
I got an idea that i could put the Serial Number of the users certificate on the user object in AD (on the users department field or something like that) and check if this value match during authentication.
So, to sum things up, i want to compare the Serial Number (SER) field of the users certificate with a field on the user object in AD during authentication. As far as i can see the user would need a valid certificate and a valid username/password to authenticate. The user would also be authenticated only if the serial field match the value on the user object in AD.
I am happy for any help that could point me in the right direction on how to accomplish this.
Best regards,
Kenneth

I actually got a better idea, and i think this will work great!
One of the guys at work pointed out that the sAMAAccountName is still used in many areas even though it is called pre-windows 2000.
After some trying and failing i got the idea that should try to change the "Naming Attribute(s)" on the defined AAA (ldap) server under "AAA server groups".
So i change the Naming attribute to "department", and put in the certificate serial number. I changed the connection profile and specified that it should use the "SER" value from the certificate as username. After that i tried to log in, and voila:
[123] LDAP Search:
        Base DN = [dc=Testlab,dc=local]
        Filter = [department=xxxx-xxxx-xxxxxxxxx]
        Scope   = [SUBTREE]
[123] User DN = [CN=Peter Pan,OU=Wonderland,DC=testlab,DC=local]
The ldap debug is clear, the ldap query during authentication is now searching for the user using the department field, and looking for the value of the serial number from my certificate.
I wasnt quite happy about using the "department" field and i took a look at the user object looking for a more suitable attribute. To my surprise the user has got a "serialNumber" attribute, and it can hold multiple values. I changed the "Naming Attribute(s)" from "department" to "serialNumber" and added the serial number from the certificat to the "serialNumber" attribute on the user object:
[138] LDAP Search:
        Base DN = [dc=Testlab,dc=local]
        Filter = [serialNumber=xxxx-xxxx-xxxxxxxxx]
        Scope   = [SUBTREE]
[138] User DN = [CN=Peter Pan,OU=Wonderland,DC=testlab,DC=local]
Worked like a charm!
I will settle for this solution, i cant see any issues regarding security, and it will be a breeze to admin. I will make a tool now so i can search for users in AD and update/view this attribute on the user objects.
Thank you for the input Marcin

Adobe Muse form with 3rd party host is not working

I have uploaded a form with Adobe Muse to a 3rd party host. Upon testing the link scripts/form_check.php, I see 3 green checkmarks. Upon testing the form, the form appears to submit successfully, however I never receive the email.
I checked with the hosting company and this is what they said:
...this form is using localhost smtp of webserver which was stopped due to spamming issues...actually, localhost doesn't have proper rDNS record and the return path for all mails is the server itself, so whenever a client uses its domain for spamming the server's mail queue gets choked and creates issues for others. So we generally do not open localhost smtp and recommend users to use proper SMTP Authentication so that each mail will be delivered and won't create issues for server even if someone does spamming because in that case all mails will bounce back to the mailbox. So, we recommend you to use smtp authentication in the form and use proper smtp details to send mail.
Please provide a recommendation on what I should do to resolve this? Is there a way to modify the form so that it uses proper SMTP Authentication instead of Localhost?

Hi
Please refer to this document :
https://forums.adobe.com/docs/DOC-3581
Thanks,
Sanjit

Using 3rd party tags in JSF application

I have a 3rd party tag library used previously in a Struts application to check if an user is authenticated / has logged in. The tag looks like this: <authn:authenticate userVarName="user" scope="session" errorPage="error.jsp" successPage="/faces/Page1.jsp"></authn:authenticate>. One unusual thing about the tag is that the uri for it references a jar file that includes the tld.
I can build the app okay but deployment fails with the following error:
Deploying application in domain failed; Error loading deployment descriptors for authapp Line 91 Column 10 -- cvc-complex-type.2.4.a: Invalid content was found starting with element 'taglib'. One of '{"http://java.sun.com/xml/ns/j2ee":description, "http://java.sun.com/xml/ns/j2ee":display-name, "http://java.sun.com/xml/ns/j2ee":icon, "http://java.sun.com/xml/ns/j2ee":distributable, "http://java.sun.com/xml/ns/j2ee":context-param, "http://java.sun.com/xml/ns/j2ee":filter, "http://java.sun.com/xml/ns/j2ee":filter-mapping, "http://java.sun.com/xml/ns/j2ee":listener, "http://java.sun.com/xml/ns/j2ee":servlet, "http://java.sun.com/xml/ns/j2ee":servlet-mapping, "http://java.sun.com/xml/ns/j2ee":session-config, "http://java.sun.com/xml/ns/j2ee":mime-mapping, "http://java.sun.com/xml/ns/j2ee":welcome-file-list, "http://java.sun.com/xml/ns/j2ee":error-page, "http://java.sun.com/xml/ns/j2ee":jsp-config, "http://java.sun.com/xml/ns/j2ee":security-constraint, "http://java.sun.com/xml/ns/j2ee":login-config, "http://java.sun.com/xml/ns/j2ee":security-role, "http://java.sun.com/xml/ns/j2ee":env-entry, "http://java.sun.com/xml/ns/j2ee":ejb-ref, "http://java.sun.com/xml/ns/j2ee":ejb-local-ref, "http://java.sun.com/xml/ns/j2ee":service-ref, "http://java.sun.com/xml/ns/j2ee":resource-ref, "http://java.sun.com/xml/ns/j2ee":resource-env-ref, "http://java.sun.com/xml/ns/j2ee":message-destination-ref, "http://java.sun.com/xml/ns/j2ee":message-destination, "http://java.sun.com/xml/ns/j2ee":locale-encoding-mapping-list}' is expected.
; requested operation cannot be completed
Exception=Deployment failed.
The tag's tld is <tlib-version>1.1</tlib-version> <jsp-version>1.2</jsp-version>. I'm not sure if this is the problem or if 3rd party tags don't necessarily work within JSF (am using Creator) without modification. Does anyone have any advise on this? Should 3rd party tags work? If not, how do they need to be modified or turned into a component to work? This tag doesn't display anything - it checks if users have logged in and redirects them to another site to login if they did not log in.
Message was edited by:
sstgermain
Message was edited by:
sstgermain

Thanks for your reply! I do have the jar file, which includes the .tld, in my WEB-INF/lib
On Page1.jsp I tried using <%@ taglib uri="/WEB-INF/lib/myLibrary.jar" prefix="myTag" %> but got errors so I moved it to <jsp:root version="1.2" xmlns:myTag="/WEB-INF/lib/myLibrary.jar"...Should the <%@taglib uri = work? When I tried to use <%@taglib version I got errors saying strict xml enforced.
I am using the format prefix:tag format <myTag:checkaccess userVarName="user"
scope="session"
errorPage="error.jsp" ></myTag:checkaccess>
Do I need to somehow convert this tag into a component?
I think the jar is fine since I'm using it in a number of other applications.
Should the tag work? Do non-JSF tags have to be turned into components?

Map security roles to group within LDAP using external 3rd Party LDAP

I'm haveing a problem mapping my logical role defined in my web.xml to a role within Active Directory. I'm currently authenticating using Active Directory succsfully, however after the user is authenticated I get a message from the OC4J container that my role can not be found. Can you map a logical role to group within Active Directory? Below are details about my configuration.
Any help would be greatly appreciated.
Log.xml log entry that confirms webtA is communicating successfully with AD.
SG_TEXT>JAAS-LDAPLoginModule: authenticating user wmgraham</MSG_TEXT>
</PAYLOAD>
</MESSAGE>
<MESSAGE>
<HEADER>
</CORRELATION_DATA>
<PAYLOAD>
<MSG_TEXT>JAAS-LDAPLoginModule: DN for user wmgraham is cn=wmgraham,ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi</MSG_TEXT>
</PAYLOAD>
</MESSAGE>
<MESSAGE>
<HEADER>
Error reported in the log
<MESSAGE>
<HEADER>
<TSTZ_ORIGINATING>2008-08-27T11:38:05.991-04:00</TSTZ_ORIGINATING>
<COMPONENT_ID>j2ee</COMPONENT_ID>
<MSG_TYPE TYPE="TRACE"></MSG_TYPE>
<MSG_LEVEL>16</MSG_LEVEL>
<HOST_ID>F2287032-W</HOST_ID>
<HOST_NWADDR>30.30.16.14</HOST_NWADDR>
<MODULE_ID>security</MODULE_ID>
<THREAD_ID>14</THREAD_ID>
<USER_ID>wmgraham</USER_ID>
</HEADER>
<CORRELATION_DATA>
<EXEC_CONTEXT_ID><UNIQUE_ID>30.30.16.14:59560:1219851485804:6</UNIQUE_ID><SEQ>0</SEQ></EXEC_CONTEXT_ID>
</CORRELATION_DATA>
<PAYLOAD>
<MSG_TEXT>for group=[JAZNGroupAdaptor: webta] there's no matching role found.</MSG_TEXT>
</PAYLOAD>
</MESSAGE>
Web.xml Logical Role definition
<security-constraint>
<web-resource-collection>
<web-resource-name>allpages</web-resource-name>
<url-pattern>/servlet/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>WEBTA_J2EE_USER</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>WEBTA_J2EE_USER</role-name>
</security-role>
Orion-web.xml This file maps the logical role defined in webxml to a group within Active Directory.
<security-role-mapping name="WEBTA_J2EE_USER">
<group name="webta"/> <-- Group defined in AD -->
</security-role-mapping>

What is the name of the group in AD (provide the DN) that you want to map the j2ee logical role WEBTA_J2EE_USER? What are the group search base and group mapping attribute?
When wmgraham logs into the app, the 3rd party ldap login module will attempt to query for the groups wmgraham is a member of - this is done using the group search base configuration for the provider.
In this example, the DN is "cn=wmgraham,ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi" and likely user search base is set to "ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi".
Assuming group search base is (say) "ou=groups,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi" and and group mapping attr is "cn", then the role mapping you mention should work for group DN "cn=webta,ou=groups,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi"

Can't sign in using any 3rd party email client with my iCloud account on any Mac. Tried every settings, My iCloud only works with Mail.app

Can't sign in using any 3rd party email client with my iCloud account on any Mac or any other Mac. My iCloud will only work with Mail.app. All the clients I tried work perfectly well as long as I sign in with somebody else's iCloud account. But mine won't work no matter the client (Postbox, Unibox, Airmail...) and no matter the computer.
I can access my account on iCloud.com, but I can't use email clients without getting error messages prompting me to check my password or login.
I was able to use those clients in the past but a couple of months ago I got logged out of Airmail and the issue started just like that!
I tried every possible mail server settings including the following:
IMAP information for the incoming mail server
Server name: imap.mail.me.com
SSL Required: Yes
If you receive errors when using SSL, try using TLS instead.
Port: 993
Username: The name part of your iCloud email address (for example, emilyparker, not [email protected])
Password: Your iCloud password
SMTP information for the outgoing mail server
Server name: smtp.mail.me.com
SSL Required: Yes
If you receive errors when using SSL, try using TLS instead.
Port: 587
SMTP Authentication Required: Yes
Username: Your full iCloud email address (for example, [email protected], not emilyparker)
Password: Your iCloud password

Those are the correct settings, and they work with any email client that supports Imap.
Try again.

CERT_TRUST_IS_NOT_SIGNATURE_VALID when installing a 3rd-party cert in Windows 2008 Domain Controller

Hello,
I'm facing with a problem while trying to install a 3rd-party digital certificate on a Windows 2008 Domain Controller.
Basically, I'm following this TechNet
http://technet.microsoft.com/en-us/library/cc783835(v=ws.10).aspx
1) I did create the file Reqdccert.vbs on the Domain Controller
2) then I did generate the inf file
cscript reqdccert.vbs DomainController E
3) and then I generated a certificate request
certreq -new AD.inf AD.req
4) also I've imported RootCA and SubCA into the Certificate Store of the DC
5) I got a signed certificate from our 3rd-party CA running on Windows 2000
6) when importing the certificate I get the below error
C:\>certreq -ACCEPT ad.p7c
Certificate Request Processor: The signature of the certificate cannot be verifi
ed. 0x80096004 (-2146869244)
Here is the verbose log from CAPI2:
+ System
- Provider
[ Name] Microsoft-Windows-CAPI2
[ Guid] {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
EventID 11
Version 0
Level 2
Task 11
Opcode 2
Keywords 0x4000000000000003
- TimeCreated
[ SystemTime] 2014-06-13T09:33:02.604870500Z
EventRecordID 304
Correlation
- Execution
[ ProcessID] 1700
[ ThreadID] 3032
Channel Microsoft-Windows-CAPI2/Operational
Computer ad.eac.igs
- Security
[ UserID] S-1-5-21-4171312682-976198474-2692596432-500
- UserData
- CertGetCertificateChain
- Certificate
[ fileRef] 4DA02894B4AFB76F8D6B8722A96A3444041573C6.cer
[ subjectName] ad.eac.com
- AdditionalStore
- Certificate
[ fileRef] 691847ADD248AEB8579462249B063A1555716B21.cer
[ subjectName] SubCA
- Certificate
[ fileRef] 4DA02894B4AFB76F8D6B8722A96A3444041573C6.cer
[ subjectName] ad.eac.com
- Certificate
[ fileRef] 0175DDA12776ED8CA4657E921E9AE3C6B0698F71.cer
[ subjectName] RootCA
ExtendedKeyUsage
- Flags
[ value] 0
- ChainEngineInfo
[ context] user
- AdditionalInfo
- NetworkConnectivityStatus
[ value] 1
[ _SENSAPI_NETWORK_ALIVE_LAN] true
- CertificateChain
[ chainRef] {0B005F9F-F15B-4FE2-A630-7BBEE6AB5C0A}
- TrustStatus
- ErrorStatus
[ value] 8
[ CERT_TRUST_IS_NOT_SIGNATURE_VALID] true
- InfoStatus
[ value] 0
- ChainElement
- Certificate
[ fileRef] 4DA02894B4AFB76F8D6B8722A96A3444041573C6.cer
[ subjectName] ad.eac.com
- SignatureAlgorithm
[ oid] 1.2.840.113549.1.1.11
[ hashName] SHA256
[ publicKeyName] RSA
- PublicKeyAlgorithm
[ oid] 1.2.840.113549.1.1.1
[ publicKeyName] RSA
[ publicKeyLength] 2048
- TrustStatus
- ErrorStatus
[ value] 8
[ CERT_TRUST_IS_NOT_SIGNATURE_VALID] true
- InfoStatus
[ value] 4
[ CERT_TRUST_HAS_NAME_MATCH_ISSUER] true
- ApplicationUsage
- Usage
[ oid] 1.3.6.1.5.5.7.3.1
[ name] Server Authentication
- Usage
[ oid] 1.3.6.1.5.5.7.3.2
[ name] Client Authentication
- Usage
[ oid] 1.3.6.1.4.1.311.20.2.2
[ name] Smart Card Logon
IssuanceUsage
- ChainElement
- Certificate
[ fileRef] 691847ADD248AEB8579462249B063A1555716B21.cer
[ subjectName] SubCA
- SignatureAlgorithm
[ oid] 1.2.840.113549.1.1.5
[ hashName] SHA1
[ publicKeyName] RSA
- PublicKeyAlgorithm
[ oid] 1.2.840.113549.1.1.1
[ publicKeyName] RSA
[ publicKeyLength] 2048
- TrustStatus
- ErrorStatus
[ value] 0
- InfoStatus
[ value] 101
[ CERT_TRUST_HAS_EXACT_MATCH_ISSUER] true
[ CERT_TRUST_HAS_PREFERRED_ISSUER] true
- ApplicationUsage
[ any] true
IssuanceUsage
- ChainElement
- Certificate
[ fileRef] 0175DDA12776ED8CA4657E921E9AE3C6B0698F71.cer
[ subjectName] RootCA
- SignatureAlgorithm
[ oid] 1.2.840.113549.1.1.5
[ hashName] SHA1
[ publicKeyName] RSA
- PublicKeyAlgorithm
[ oid] 1.2.840.113549.1.1.1
[ publicKeyName] RSA
[ publicKeyLength] 2048
- TrustStatus
- ErrorStatus
[ value] 0
- InfoStatus
[ value] 10C
[ CERT_TRUST_HAS_NAME_MATCH_ISSUER] true
[ CERT_TRUST_IS_SELF_SIGNED] true
[ CERT_TRUST_HAS_PREFERRED_ISSUER] true
- ApplicationUsage
[ any] true
- IssuanceUsage
[ any] true
- EventAuxInfo
[ ProcessName] certreq.exe
[ startTime] 2014-06-13T09:32:53.369Z
[ endTime] 2014-06-13T09:33:02.604Z
[ duration] PT9.232850S
- CorrelationAuxInfo
[ TaskId] {A8DC7725-FEE9-4E09-905A-FEFF7FAE9B8B}
[ SeqNumber] 27
- Result The signature of the certificate cannot be verified.
[ value] 80096004
Any idea what the problem is?
Thanks in advance,
Davide.

One common reason for that error is that the wrong SubCA certificate had been imported accidentally - e.g. an earlier 'version' of that SubCA with the same Subject CA name but a different key. In this case the validating client will try to build a chain
based on name only but finally the signature check fails.
Could you cross-check if the extension Authority Key Identifier in your DC certificate is the same as the field
Subject Key Identifier of the SubCA certificate? (These are typically hashes of the keys though it is not standardized - it should be a unique string characteristic for the CA)
For the client cert. CERT_TRUST_HAS_NAME_MATCH_ISSUER is indicated in your log - thus Isser name in client cert. matches Subject Name in CA cert, but we don't know about SKI/AKI.
Elke

After upgrade 3rd party apps are looking for serials

Not wanting to jeopardize my Mavericks install, I cloned my main HD and after checking that the cloned drive did boot, I installed Yosemite to it. Despite all my apps showing up in the application folder, some won't open and some are requesting I reinstall the serial numbers. I used Carbon Copy and asked it to clone all files. Are there hidden files it missed or is this requirement to reregister all the 3rd party apps. normal?

Same problem here too!! Here's my Log:
AppleFairplayTextCrypterSession::fairplayOpen() failed, error -42184
Thu Jul 30 08:20:29 unknown SpringBoard[24] <Warning>: Failed to spawn Kingdoms. Unable to obtain a task name port right for pid 321: (os/kern) failure
Thu Jul 30 08:20:29 unknown com.apple.launchd[1] <Notice>: (UIKitApplication:com.storm8.kingdomslive35[0x2a79]) Exited: Killed
Thu Jul 30 08:20:29 unknown com.apple.launchd[1] <Warning>: (UIKitApplication:com.storm8.kingdomslive35[0x2a79]) Throttling respawn: Will start in 2147483647 seconds
Thu Jul 30 08:20:29 unknown SpringBoard[24] <Warning>: Application 'Kingdoms' exited abnormally with signal 9: Killed
Thu Jul 30 08:20:31 unknown kernel[0] <Debug>: AppleFairplayTextCrypterSession::fairplayOpen() failed, error -42184
Thu Jul 30 08:20:31 unknown SpringBoard[24] <Warning>: Failed to spawn Authenticator. Unable to obtain a task name port right for pid 322: (os/kern) failure
Thu Jul 30 08:20:31 unknown com.apple.launchd[1] <Notice>: (UIKitApplication:com.blizzard.Authenticator[0x8488]) Exited: Killed
Thu Jul 30 08:20:31 unknown com.apple.launchd[1] <Warning>: (UIKitApplication:com.blizzard.Authenticator[0x8488]) Throttling respawn: Will start in 2147483647 seconds
Thu Jul 30 08:20:31 unknown SpringBoard[24] <Warning>: Application 'Authenticator' exited abnormally with signal 9: Killed

ICal server and external invitations via 3rd party mail server

Hi everyone,
OS 10.6.5 Server:
Services running
AFP
DNS
iCal
Open Directory
Push Notification
We are currently testing iCal server and have configured it to send out invites via our mail server (which is running on a different server) by creating the com.apple.calendarserver user on our mail server.
Email notifications are then configured under the Enable Email Invitations tab in the iCal service of Server Admin as follows:
IMAP
Email address: [email protected]
Incoming server: mail.mytest.com
Port: 143 (not using SSL)
Username: com.apple.calendarserver
Password: secret
SMTP: mail.mytest.com
Port: 25 (not using SSL)
Server requires authentication
Username: com.apple.calendarserver
Password: secret
My test OD users are able to send out invites both internally to other iCal users and externally via email.
So for example, I invite someone to a meeting and enter their gmail address ([email protected]), the invitation goes out correctly - when I log into gmail I see the invitation.
When responding to the invitation (clicking Yes), the mail server receives the response from gmail and the iCal server collects the message via IMAP.
However, the iCal server doesn't seem to parse the received email correctly as I get the following error in the iCal error logs:
[twistedcaldav.extensions#info] Cannot authenticate proxy user 'com.apple.calendarserver' without X-Authorize-As header
2011-03-03 17:44:03+1100 [-] [mailgateway] 2011-03-03 17:44:03+1100 [AuthorizedHTTPGetter,client] [twistedcaldav.mail#error] Mail gateway failed to inject message <[email protected]> (Reason: 400 Bad Request)
2011-03-03 17:44:03+1100 [-] [mailgateway] 2011-03-03 17:44:03+1100 [AuthorizedHTTPGetter,client] [twistedcaldav.mail#debug] Failed calendar body: BEGIN:VCALENDAR
2011-03-03 17:44:03+1100 [-] [mailgateway] VERSION:2.0
2011-03-03 17:44:03+1100 [-] [mailgateway] CALSCALE:GREGORIAN
2011-03-03 17:44:03+1100 [-] [mailgateway] METHOD:REPLY
2011-03-03 17:44:03+1100 [-] [mailgateway] PRODID:-//Google Inc//Google Calendar 70.9054//EN
2011-03-03 17:44:03+1100 [-] [mailgateway] BEGIN:VEVENT
2011-03-03 17:44:03+1100 [-] [mailgateway] UID:43121576-1183-40C8-82D8-A052754AD1CE
2011-03-03 17:44:03+1100 [-] [mailgateway] DTSTART:20110406T080000Z
2011-03-03 17:44:03+1100 [-] [mailgateway] DTEND:20110406T090000Z
2011-03-03 17:44:03+1100 [-] [mailgateway] ATTENDEE;[email protected];CUTYPE=INDIVIDUAL;PARTSTAT=DECLINED;RO
2011-03-03 17:44:03+1100 [-] [mailgateway] LE=REQ-PARTICIPANT;X-NUM-GUESTS=0:mailto:[email protected]
2011-03-03 17:44:03+1100 [-] [mailgateway] CREATED:20110303T062518Z
2011-03-03 17:44:03+1100 [-] [mailgateway] DESCRIPTION:
2011-03-03 17:44:03+1100 [-] [mailgateway] DTSTAMP:20110303T064335Z
2011-03-03 17:44:03+1100 [-] [mailgateway] LAST-MODIFIED:20110303T064335Z
2011-03-03 17:44:03+1100 [-] [mailgateway] LOCATION:
2011-03-03 17:44:03+1100 [-] [mailgateway] ORGANIZER;CN=com.apple.calendarserver+07b1c044-9d98-4cdc-afe3-48139218ee35
2011-03-03 17:44:03+1100 [-] [mailgateway] @mytest.com:urn:uuid:B72794FB-3242-48D7-AC22-A584D279B9F9
2011-03-03 17:44:03+1100 [-] [mailgateway] SEQUENCE:3
2011-03-03 17:44:03+1100 [-] [mailgateway] STATUS:CONFIRMED
2011-03-03 17:44:03+1100 [-] [mailgateway] SUMMARY:one more test
2011-03-03 17:44:03+1100 [-] [mailgateway] TRANSP:OPAQUE
2011-03-03 17:44:03+1100 [-] [mailgateway] END:VEVENT
2011-03-03 17:44:03+1100 [-] [mailgateway] END:VCALENDAR
2011-03-03 17:44:03+1100 [-] [mailgateway]
I have set a rule on our mail server to bypass any spam filtering for all messages sent to the [email protected] address, but this doesn't seem to make any difference.
Does anyone else have this working ? Any ideas ?
Many thanks
Message was edited by: gen_bunty
null

The issue is not "user authorization". The issue is that the 3rd-party service does not accept all incoming relay requests unless there is authentication with a registered account (which we have). This protects the 3rd-party service from becoming the relaying host for the universe's spoofed and anonymous spam. My deduction is that there is no mechanism in UTL_MAIL to designate not only the 3rd-party ip-address:port (by-passing the local sendmail server) but also providing the username:password for the account there for authentication.
Plan A: I have attempted to follow directions for client-side SMTP Authentication for Relaying on the sendmail.org site.
I have not been successful in completing a simple mailx interactive test, much less completing a UTL_MAIL configuration.
I am scouring the user universe for someone who has put all the pieces together successfully and can advise. . . .
Edited by: StevenInTallyFl on Mar 26, 2010 3:50 PM
to clarify that I cannot get from UTL_MAIL to 3rd-party IP directly

Modify SOAP header in ABAP for 3rd party WSDL

Hi SDN,
I want to consume a 3rd party WSDL in ABAP. I have created the proxy through SE80, and created the logical port through LPCONFIG. The WSDL I'm using needs me to include some authentication (developer key, and password) in the header portion of the SOAP message. Example below.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://api.channeladvisor.com/webservices/">
   <soapenv:Header>
      <web:APICredentials>
         <web:DeveloperKey>XXX</web:DeveloperKey>
         <web:Password>XXX</web:Password>
      </web:APICredentials>
   </soapenv:Header>
   <soapenv:Body>
      <web:DoesSkuExist>
         <web:accountID>XXX</web:accountID>
         <web:sku></web:sku>
      </web:DoesSkuExist>
   </soapenv:Body>
</soapenv:Envelope>
How can I edit the SOAP header to include this information so that this WSDL will work when I call it? There must be a better way than hardcoding the SOAP call and using an HTTP client call.
I've looked in google and SDN and haven't been able to find a good answer to this problem.
Thanks guys.

Have a search in SDN for "if_wsprotocol_ws_header" - there are several postings and examples and if you goto SE24 and look at the documentation attached to IF_WSPROTOCOL you can get to the example referred to in some of the SDN postings. I also found "real" examples in SAP e.g. function group FITP_SABRE_WS, and I got it to work OK (eventually) after browsing some of these.
Jonathan

3rd party authentication - PingFederater

Similar Messages

Maybe you are looking for