3rd party LDAP JAZN configuration

Similar Messages

• Error using 10.1.3 Security Provider:3rd party LDAP or Custom Login Module

  Hello all,
  After deploying my JSF/ADF application using Jdeveloper 10.1.3 to Oracle Application Server 10.1.3, I used the Application Server control to change the 'Security Provider' configuration:
  1. Using 3rd Party LDAP Provider (Novell eDirectory)
  I get the following error when restarting the application with the new config.
  06/06/21 16:42:32 Error while configuring security provider MBean for application AccessList
  06/06/21 16:42:32 java.lang.ClassNotFoundException: oracle/security/jazn/jmx/CustomLDAPSecurityProvider
  2. Using Custom Login Module (again programmatically talks to eDirectory and it works in UIX/10.1.2 application)
  I get the following error when restarting the application with the new config.
  06/06/21 14:31:19 Error while configuring security provider MBean for application AccessList
  06/06/21 14:31:19 java.lang.ClassNotFoundException: oracle/security/jazn/jmx/LoginModuleSecurityProviderAlso, I get this error with both the settings..
  06/06/21 14:31:19 WARNING: Application.setConfig Application: AccessList is in failed state as initialization failedjava.lang.
  InstantiationException
  Jun 21, 2006 2:31:19 PM com.evermind.server.Application setConfig
  WARNING: Application: AccessList is in failed state as initialization failedjava.lang.InstantiationException
  06/06/21 14:31:19 java.lang.InstantiationException
  06/06/21 14:31:19       at com.evermind.server.ApplicationStateRunning.initDataSources(ApplicationStateRunning.java:1424)
  06/06/21 14:31:19       at com.evermind.server.ApplicationStateRunning.initializeApplication(ApplicationStateRunning.java:195)
  java.lang.ClassNotFoundException error leads me to believe, I am just missing to include some libraries..
  I have included "bc4j.security" in my web project and I am not sure if that is what is needed!
  Will appreciate your help..
  Thanks,
  Karthik

  The problem i had with my Custom login module was that JDeveloper includes the datasources listed in the connection tab.
  When JDeveloper does that it writes the username and password in the jazn-data.xml. But with the Custom Login module the reference in de data-source declaration cannot find the password. that's why i got the InstantiationException at the initDataSources point.
  In tools>preferences>deployment you can uncheck the option:
  Bundle Default data-sources.xml During Deployment.
  The problem with this is when i specify a datasource in the data-sources.xml i included myself, jdeveloper will also put de datasources under the Connections tab in the data-sources.xml.
  Does anyone knows how to stop jdeveloper putting the datasources automatic in the file, or how to prevent jdeveloper storing the password in jazn-data.xml?

• Map security roles to group within LDAP using external 3rd Party LDAP

  I'm haveing a problem mapping my logical role defined in my web.xml to a role within Active Directory. I'm currently authenticating using Active Directory succsfully, however after the user is authenticated I get a message from the OC4J container that my role can not be found. Can you map a logical role to group within Active Directory? Below are details about my configuration.
  Any help would be greatly appreciated.
  Log.xml log entry that confirms webtA is communicating successfully with AD.
  SG_TEXT>JAAS-LDAPLoginModule: authenticating user wmgraham</MSG_TEXT>
  </PAYLOAD>
  </MESSAGE>
  <MESSAGE>
  <HEADER>
  </CORRELATION_DATA>
  <PAYLOAD>
  <MSG_TEXT>JAAS-LDAPLoginModule: DN for user wmgraham is cn=wmgraham,ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi</MSG_TEXT>
  </PAYLOAD>
  </MESSAGE>
  <MESSAGE>
  <HEADER>
  Error reported in the log
  <MESSAGE>
  <HEADER>
  <TSTZ_ORIGINATING>2008-08-27T11:38:05.991-04:00</TSTZ_ORIGINATING>
  <COMPONENT_ID>j2ee</COMPONENT_ID>
  <MSG_TYPE TYPE="TRACE"></MSG_TYPE>
  <MSG_LEVEL>16</MSG_LEVEL>
  <HOST_ID>F2287032-W</HOST_ID>
  <HOST_NWADDR>30.30.16.14</HOST_NWADDR>
  <MODULE_ID>security</MODULE_ID>
  <THREAD_ID>14</THREAD_ID>
  <USER_ID>wmgraham</USER_ID>
  </HEADER>
  <CORRELATION_DATA>
  <EXEC_CONTEXT_ID><UNIQUE_ID>30.30.16.14:59560:1219851485804:6</UNIQUE_ID><SEQ>0</SEQ></EXEC_CONTEXT_ID>
  </CORRELATION_DATA>
  <PAYLOAD>
  <MSG_TEXT>for group=[JAZNGroupAdaptor: webta] there's no matching role found.</MSG_TEXT>
  </PAYLOAD>
  </MESSAGE>
  Web.xml Logical Role definition
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>allpages</web-resource-name>
  <url-pattern>/servlet/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>WEBTA_J2EE_USER</role-name>
  </auth-constraint>
  </security-constraint>
  <security-role>
  <role-name>WEBTA_J2EE_USER</role-name>
  </security-role>
  Orion-web.xml This file maps the logical role defined in webxml to a group within Active Directory.
  <security-role-mapping name="WEBTA_J2EE_USER">
  <group name="webta"/> <-- Group defined in AD -->
  </security-role-mapping>

  What is the name of the group in AD (provide the DN) that you want to map the j2ee logical role WEBTA_J2EE_USER? What are the group search base and group mapping attribute?
  When wmgraham logs into the app, the 3rd party ldap login module will attempt to query for the groups wmgraham is a member of - this is done using the group search base configuration for the provider.
  In this example, the DN is "cn=wmgraham,ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi" and likely user search base is set to "ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi".
  Assuming group search base is (say) "ou=groups,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi" and and group mapping attr is "cn", then the role mapping you mention should work for group DN "cn=webta,ou=groups,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi"

• Migration of EmbeddedLDAP to 3rd Party LDAP

  Hi,
  Is it possible to migrate the complete authentication process of EmbeddedLDAP
  used by Weblogic 8.1 to any 3rd Party LDAP system ? Even the system user (default
  user : weblogic created during the domain setup) authentication should happen
  on a 3rd Party LDAP system. EmbeddedLDAP can at the most act as a bridge between
  Weblogic 8.1 and 3rd Party LDAP system. Is there any solution to this problem?
  Thanks in advance.
  Mandar

  I do not believe there are any restrictions on removing the default authenticator.
  When you boot the server make sure the user/pass is valid in the 3rd party LDAP
  and they have the proper admin/oper privileges to boot the server.
  You might want to configure the server with two authenticators first to verify
  you can successfully authenticate to the 3rd party LDAP before removing the default
  authenticator.
  -Craig
  "Mandar Jadhav" <[email protected]> wrote:
  >
  Hi,
  Is it possible to migrate the complete authentication process of EmbeddedLDAP
  used by Weblogic 8.1 to any 3rd Party LDAP system ? Even the system user
  (default
  user : weblogic created during the domain setup) authentication should
  happen
  on a 3rd Party LDAP system. EmbeddedLDAP can at the most act as a bridge
  between
  Weblogic 8.1 and 3rd Party LDAP system. Is there any solution to this
  problem?
  Thanks in advance.
  Mandar

• HT4837 3rd Party LDAP users in local groups aren't recognized by wiki

  Having followed the KB article on setting up wiki webauth to allow 3rd party LDAP users to authenticate (http://support.apple.com/kb/HT4837) I have found that while individual users can be given permissions to access certain wikis, but LDAP users placed into local groups cannot.  Is this a bug?
  To be more specific:
  - Directory Access setup to allow authentication from LDAP server (this works fine for all other services like File Sharing)
  - Directions followed in the KB article which basically enables plain text authentication and turns off inline login window (http://support.apple.com/kb/HT4837)
  - Local groups created in Server.app -- Accounts -> Groups
  - LDAP users placed into those local groups
  - Services like file sharing recognize proper permissions based on the groups the LDAP users are in
  - Configure a wiki to allow access from a single LDAP user (Gear Icon -> Wiki Settings...) ... this works fine
  - Configure a wiki to allow access from the local groups containing LDAP users (again, Gear Icon -> Wiki Settings) ... this appears like it is going to work, but it in fact will fail to give permissions to LDAP users of the respective group upon that user's login.  A local user (Server.app -> Accounts -> Users) added to one of these local groups with LDAP people in it works fine and receives proper access to the wiki as expected.
  Any ideas before I submit this as a bug?

  Having followed the KB article on setting up wiki webauth to allow 3rd party LDAP users to authenticate (http://support.apple.com/kb/HT4837) I have found that while individual users can be given permissions to access certain wikis, but LDAP users placed into local groups cannot.  Is this a bug?
  To be more specific:
  - Directory Access setup to allow authentication from LDAP server (this works fine for all other services like File Sharing)
  - Directions followed in the KB article which basically enables plain text authentication and turns off inline login window (http://support.apple.com/kb/HT4837)
  - Local groups created in Server.app -- Accounts -> Groups
  - LDAP users placed into those local groups
  - Services like file sharing recognize proper permissions based on the groups the LDAP users are in
  - Configure a wiki to allow access from a single LDAP user (Gear Icon -> Wiki Settings...) ... this works fine
  - Configure a wiki to allow access from the local groups containing LDAP users (again, Gear Icon -> Wiki Settings) ... this appears like it is going to work, but it in fact will fail to give permissions to LDAP users of the respective group upon that user's login.  A local user (Server.app -> Accounts -> Users) added to one of these local groups with LDAP people in it works fine and receives proper access to the wiki as expected.
  Any ideas before I submit this as a bug?

• 3rd party LDAP security provider problem

  I'm having an issue that when I've deployed my j2ee application to Oracle AS 10g rel3 app server, the security-constraint I've configured in my web.xml file isn't being obeyed, or at least it doesn't appear to be.
  As part of the deployment process I've configured a 3rd party LDAP server as the security provider. As for mapping groups to roles, I've set it such that all users and groups should be mapped to the role AuthorisedUser - my intention is that for any protected url's defined in the web.xml, the user should be redirected to a login page as defined in the web.xml file as well (I'm using FORM based authentication in the login-config) - but after they are logged in they will be assigned the role of AuthorisedUser.
  The following is being written to the orion-application.xml file
  <security-role-mapping name="AuthorisedUser" impliesAll="true" />
  What I'm observing is that users aren't being challenged when they hit a secured url-pattern. Is this as a result of the impliesAll="true" attribute ?

  I found that the <security-role-mapping> element is not functioning correctly for 10.1.3.4 OC4J LDAP authentication. I saw in the log.xml that I was getting authenticated but it wasn't finding the role-group map.
  I changed the role-name in the web.xml to be the exact same thing as the group in LDAP and that fixed that problem.
  I know the original poster has gone past this problem, but for people in the future, I hope this helps.
  Now my problem is the j_security_check... once I'm authenticated, the browser ends up at http://hostname:port/OrderManagement/j_security_check instead of the application page. Any ideas?
  Thanks,
  David

• User can't see some OID entry from 3rd party ldap browser but OAM?

  Hi All,
  after tried to applied access control to some OID entry, user then can't see that entry from 3rd party ldap browster, and this is a expected behavior, but why the same user can see that entry from user management interface of OAM?
  Regards,
  Makson

  Hi Makson,
  OAM's Identity Server binds to OID as a single user* (typically an OID admin, even orcladmin) and applies only those acl's that have been defined within OAM. So when you login to OAM as end-user X, the Identity Server (eg orcladmin) checks to see what rights within OAM have been defined for User X - but in this scenario any rights defined within OID are not applied to user X. By default, OAM end-users have no access to information in ldap (although the OAM Admins have full access by default).
  Regards,
  Colin
  *Depending on how you are accessing OAM, you may see extra binds in the OID logs when the end-users actually login to OAM.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• Integrating standalone OC with existing 3rd party LDAP directory question

  Hello everyone,
  we have a standalone version 9 Oracle Calendar server with internal directory. We also have an existing enterprise wide LDAP directory. We would like to integrate them together, with as few changes to our existing LDAP schema as possible. Has anyone dealt with this issue before? Are there any documents out there describing how to deal with such situation? What if we upgrade to OC version 10 first?
  Thanks

  Migration might be tricky -
  We've been running Calendar since the Netscape era with external LDAP. Basically user's preferences are stored in LDAP, though these can be 'regenerated' on the fly by the client using defaults.
  You will need to modify the schema, but it's simply as loading the supplied schema file.
  Data itself is still maintained in the internal DB. The link between the DB and LDAP is done via the calendar ID number which gets stored in the user's entry in ldap.
  I don't think it would matter on upgrading OC to 10 or not, since the upgrade would not modify anything on the LDAP side (schema has not changed).
  You should set up a test environment and test it out...

• 3rd Party Sales Configuration

  Hi Gurus,
  Please help me with the Standard 3rd Party sales Scenario configuration in SAP
  Conceptually I a mclear with the process, but how do we map it in SAP.
  I tried doing it by manually changing the item category to TAS, and then doing billing, but the log says item category not relevant for billing.
  Should I create a new sales order document type with default Item Category as TAS??
  Is it possible to have  a TAS in std order type 'OR' with other item categories as TAN ?
  Shall appreciate quick help.
  Thanks in advance.
  Thanks
  Raheel

  Understand the Business process to the core then apply that to SAP.
  Thrird party business would be
  1. You have to give a commodity / product to a customer , which you do not manufacture , so you ask one of your vendors to deliver the same to the customer on your behalf and finally you bill the customer and give the mone to vendor.
  Configuration again in the forom if you will search will get through
  material ->item category group: bans
  so item category will be tas in sales order.
  Step1: create the sales order which will automatically generate the PR
  Step 2: Take the PR and create the PO
  Step 3: Go a PO based LIV.
  Step4: Bill the sales order.
  There is no GRN and outbound delivery.
  Thanks !
  A S

• Using Weblogic LDAP JAAS credentials for 3rd party authentication

  Hello to all!
  I'm posting this question because I'm developing a software layer that will connect a weblogic based web application, with LDAP authentication, to a 3rd party application, also with LDAP authentication, and I'm having difficulties in getting a <b><i>javax.security.auth.Subject</i></b> object from the weblogic server.
  I already have a way of doing it, but it requires that a username and a password exist in some sort of storage, in order to work (either hardcoded (which is to be avoided as much as possible) or stored in a file (which is to be avoided if possible, but if nothing better exists...)).
  I'm using a Weblogic 11g server, with LDAP authentication (LDAP provider placed in last at the provider list, with flag SUFFICIENT) and I'm developing the software layer using Oracle's jDeveloper 11g Release 1.
  Now, this 3rd party application requires a <b><i>javax.security.auth.Subject</i></b> object in order to perform authentication.
  How do I get this from the weblogic server ?
  Of the following approaches, can you tell me which are the most correct ones ?
  <ul>
  a)<b>
      LoginContext lc = null;
      try {
          lc = new LoginContext("<JAAS instance name>");
          lc.login();
      } catch (LoginException e) {
          e.printStackTrace();
      javax.security.auth.Subject subject = lc.getSubject();
  </b>
  </ul>
  <ul>
  b)<b>
      LoginContext lc = new LoginContext("<JAAS instance name>"
          new MyClass.CallbackHandler(userid, password));
      lc.login();
      javax.security.auth.Subject subject = lc.getSubject();
      javax.security.auth.Subject.doAs(subject, myClassObject);
  </b>
  </ul>
  <ul>
  c)<b>
      javax.security.auth.Subject subjectA = weblogic.security.Security.getCurrentSubject();
      subjectA.doAs(subjectA, myClassObject);
  </b>
  </ul>
  Thanks in advance,
  Nuno B.

  Here is a document on Monitoring and Reporting Tool Integration into Network Admission Control.
  http://www.cisco.com/en/US/netsol/ns466/networking_solutions_white_paper0900aecd801dee49.shtml

• Screenshots on BOM & 3rd Party Sales configuration

  Hi all,
  Can anyone send me the <b>screenshots on BOM & 3rd Party Sales configuration</b> ?
  My id : [email protected]
  Appreciate your information and will definitely reward points.
  Regards
  Rajarshi

  Hi Rajarshi,
  SD - 3rd party sales order Create Sales Order
  VA01
  Order Type
  Sales org, distr chnl, div
  Enter
  Sold to
  PO #
  Material
  Quantity
  Enter
  Save
  SD - 3rd party sales order View the PR that is created with a third party sales order
  VA01
  Order Number
  Goto Item Overview
  Item ->Schedule Item
  SD - 3rd party sales order View the PR that is created
  ME52N
  Key in the PR number
  Save
  SD - 3rd party sales order Assign the PR to the vendor and create PO
  ME57
  Key in the PR number
  Toggle the "Assigned Purchase Requisition"
  Execute
  Check the box next to the material
  Assign Automatically button
  Click on "Assignments" button
  Click on "Process assignment"
  The "Process Assignment Create PO" box , enter
  Drag the PR and drop in the shopping basket
  Save
  SD - 3rd party sales order Receive Goods
  MIGO_GR
  PO Number
  DN Number
  Batch tab , click on classification
  Serial Numbers tab
  Date of Production
  Flag Item OK
  Check, just in case
  Post
  Save
  SD - 3rd party sales order Create Invoice
  MIRO
  Invoice Date
  Look for the PO , state the vendor and the Material
  Check the box
  Click on "Copy"
  Purchase Order Number (bottom half of the screen)
  Amount
  State the baseline date
  Simulate & Post
  Invoice Number
  *Invoice blocked due to date variance
  SD - 3rd party sales order Create a delivery order
  VL01N
  In the order screen , go to the menu Sales Document , select "Deliver"
  Go to "picking" tab
  State the qty and save
  SD - 3rd party sales order Create a billing document
  VF01
  Ensure that the delivery document is correct in the
  Enter
  Go to edit -> Log
  Save
  Third party order processing is as follows:
  Assume three companies X, Y and Z
  X - The company,
  y - The customer
  Z - Vendor
  When ever X gets a PO from Y to supply some goods, X has an option of either manufacturing those goods or procuring those goods.
  If he is procuring the goods, there are two methods that are generally followed:
  Method 1) After receiving the PO from Y, X creates a sales order against Y.
  Now at the same time he also creates a PO to a vendor Z to produce the goods
  Z produces the goods and supplies to X
  X receives the goods from Z
  Then X delivers the same goods to Y.
  After that X invoices Y and Z invoices X.
  Note : Here there is no direct/ Indirect relation between Z and Y.
  This process is known as Trading Process. and the Material here is created with Material type HAWA.
  The other method is a Third party order processing method:
  Here the glaring difference is that instead of Z supplying the material to X and X in turn supplying the same material to Y.
  X authorizes Z to supply the material to Y on his behalf and notify him once the delivery is complete.
  Now Z supplies the material to Y and acknowledges the same to X.
  Z will send a copy of delivery acknowledgement and invoice to X.
  After receiving the delivery confirmation and invoice from Z, X has to verify the invoice and this process is known as invoice verification and is done in SAP through Tcode MIRO.
  The next step for X is to create an invoice and submit to Y
  Only after the invoice verification document is posted then only X can create an invoice for Y.
  This is the business flow that is followed for third party order configuration.
  There are few steps that have to be configured to enable the system to function as mentioned above.
  Step1)
  If you are always following a third party process for a material then you have to create the material using item category group BANS.
  The procurement type should be marked as External procurement (F) in MRP 2 view of the material master record.
  if you are not always allowing third party order processing then u can create a material master record with item category group as NORM and the procurement type should be marked as ( X) meaning both types of procurement ( in house manufacturing and external procurement).
  Step 2)
  the item category in the order should be manually changed as TAS.
  For that you need to configure the item category determination
  Order type + item cat Group + Usage + High level = Item cat + Manual item cat
  OR + NORM + + = TAN + TAS
  OR + BANS + + = TAS
  Step 3)
  make sure that during the item category configuration for TAS you need to mark relevant for billing indicator as F
  step 4)
  The schedule line category for this type should be CS.
  make sure that you mark subsequent type as NB - purchase requisition in this schedule line category as this will trigger the purchase requisition order immediately after the creation of the sales order and the PO to vendor is created against this purchase requisition
  Hope this will help you alot and Please Reward If Really Helpful,
  Cheers,
  Govind.

• Regarding configuration of 3rd party JMS queues

  Can any one please help me in configuration of 3rd party JMS queues.
  Thanks,
  Bharath

  Does it have a built-in admin web page like most print servers?

• I am attempting to update students' iPads using the Apple Configurator software. However, information for 3rd party apps, like Notability and Explain Everything, is being lost.

  I am attempting to update students' iPads using the Apple Configurator software. However, information for 3rd party apps, like Notability and Explain Everything, is being lost.

  Mike,
  If by "still nothing" you mean they are not showing up in the AU manager after reinstalling them....
  Im guessing the AU Cache itself is now corrupted so.....
  Quit LPX
  Open Finder
  Press the option key and click "Go" in Finder's menu and select "Library". (This is the User Library and not the System Library and is normally hidden which is why you have to hold down the option key when clicking on Go.... to reveal it in the drop down menu that will appear)
  Go to "Caches" dir and remove "AudioUnitCache" dir.
  Now Restart your Mac.....
  and then Launch LPX and let it rescan your plugins and see if that fixes things....
  Fingers crossed...
  Nigel

• Does 3rd party Simulation test run generates schema or configuration errors

  Hi all,
  Does 3rd party pay simulation (USA) run generates any kind of schema or configuration error messages.
  In my case when I did the test (no update) run no errors were generated but when we did the same thing thru update log (evaluation run) we identified errors.
  From my understanding I was assuming that test run will also verify the configuration and generates any errors found.
  Could some one clear my doubt?
  Appreciate your input in advance.
  Thank you.

  Hi,
  we are implementing new tax type 85 and we have existing tax type 01 and 10. IN ZPTX rule we have
           D   VWTCL 72
  1        Z   GCY ZTAU
  2        Z   GCY ZTAU
  do i have to write a new rule ZTAU for 85 or can i just update in the existing ZTAU my new tax type 85 :
  85                D UWTIFA
  Do we have to define new rule ZTAU (3   Z  GCY ZTAU)
  for each new tax type or can we just proceed withthe changes to the existing rule.
  Appreciate any kind of helpfull information.
  Thank you.

• Best practice / configuring SAP for hosting 3rd party users

  We're trying to understand what the best approach is for supporting a 3rd party using our SAP instance.
  Our company has always operated with the expectation we're the only users using and putting data into the system.
  Now we're required to support (consider it to be application hosting) another organization's use of SAP.
  The two options we've been considering are:
  1. Separating the data via role assignment / authorization objects
  or
  2. Creating a separate SAP client to support the 3rd party.
  Is there a best / recommended practice to accomplish this goal? We have some of our team in each camp and don't want to re-invent the wheel as others must have already crossed this bridge.
  We're in a 4.7 environment.

  We're trying to understand what the best approach is for supporting a 3rd party using our SAP instance.
  Our company has always operated with the expectation we're the only users using and putting data into the system.
  Now we're required to support (consider it to be application hosting) another organization's use of SAP.
  The two options we've been considering are:
  1. Separating the data via role assignment / authorization objects
  or
  2. Creating a separate SAP client to support the 3rd party.
  Is there a best / recommended practice to accomplish this goal? We have some of our team in each camp and don't want to re-invent the wheel as others must have already crossed this bridge.
  We're in a 4.7 environment.