ACE redirection of users to specific Brokers via AD authentication for VMWare View
Hi
I'm currently looking at a requirement we have to direct users to a particular VMWare broker dependent up AD credentials. An overview is that we have 2 data centers, each with a specific brokers and set of VDIs. Users are mapped to a particular data centre where their VDI exists. When they are sent to a particular DC I want the ACE to check credential against AD and determine if they should be going to the local broker or redirected to the other DC.
I've had a look at the F5 LTM with the APM installed and this supports this functionality. However I can't see anything on the ACE that provides a handoff to AD for user credential checking to make decisions on which broker to send the user to. Does anybody know if the ACE supports this type of feature?
Thanks
Malcolm
Hi Malcolm,
You may need to talk to your Cisco SE engineer to do a Product Enhancement Request to analyze and eventually add it in future releases
Jorge
Similar Messages
-
SSO via Windows authentication for a BSP application
Hi,
is it possible to configure/implement a bsp-application, so that the user of the application is authenticated in the SAP system through the windows user (without entering the user or password). I search for a mechanism, that is like the SSO mechanism in the SAP EP. We don't have SAP EP, neither we have a java stack installation.
Exists a way to implement this scenario?
My idea was it, to use the same functionality, like in the SAP GUI, when configuring SSO. Unfortunately I don't find any hints about this topic.
Regards,
ThomasOne best way is to embed the BSP page in the iview of the EP. As your are telling EP is not available i think there is no other way around.
-
When users log on and try to open Firefox 23.0.1, users are prompted with Iprism Authentication. We made changes to the firefox about:config values "network.automatic-ntlm-auth.allow.-non-fqdn" and "Network.negotiate-auth.allow-non-fqdn" to true and it works, but only works on a per user basis. How can we set this up for all users?
I would think the about:config entries discussed are ex-factory set to values each user has to change individually, after the installation has run its course. The solution could be to have patched files ready to install post factum:
[https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/A_brief_guide_to_Mozilla_preferences A Brief Guide to Mozilla Preferences - MDN] -
Redirect all users on signon (Tools 8.48)
How do you redirect users to another page before presenting the main PIA page? I need to display a specific message for different users immediately after login but prior to loading the PIA navigation. I've been able to write an IScript that displays a page with the required message and has an ok button. I have code behind the button which, when pressed, will transfer the user to the main PIA page but I can't determine where I need to intercept the delivered code in order to call my IScript.
I know that GetPortalHomepageURL() on WEBLIB_PORTAL.PORTAL_HEADER is the first function that is called. But where is the call made?
Any help would be greatly appreciated!
Regards,
Imtiaz
P.S. I actually replied to an answered thread and wasn't sure if it would get any attention so I thought I would repost. Apologies if I should not have created a new thread.Oracle support has a note with a few suggested methods...
How to Redirect a User To Specific Component Page at Login? [ID 649958.1]
...none of the methods are officially supported, of course, but they should work.
Regards,
Bob -
Can't start managed server - Authentication for user denied
Greetings,
I have a WebLogic 10.3.6 based domain. The admin server works correctly. Using the admin console, I created a managed server. It is not associated to any machine and I don't use node manager. The managed server listens on localhost:7101 while the admin listens on localhost:7001. Starting the managed server asks for an user/password authentication. Using the same as the one used for the admin console says:
<7 dÚc. 2012 13 h 55 CET> <Critical> <Security> <BEA-090403> <Authentication for
user nicolas denied>
<7 dÚc. 2012 13 h 55 CET> <Critical> <WebLogicServer> <BEA-000386> <Server subsy
stem failed. Reason: weblogic.security.SecurityInitializationException: Authenti
cation for user nicolas denied
weblogic.security.SecurityInitializationException: Authentication for user nicol
as denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.do
BootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:966)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.in
itialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Auth
entication Failed: User nicolas weblogic.security.providers.authentication.LDAPA
tnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.log
in(LDAPAtnLoginModuleImpl.java:251)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(Log
inModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(Log
inModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Truncated. see log file for complete stacktrace
>
<7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
hanged to FAILED>
<7 dÚc. 2012 13 h 55 CET> <Error> <WebLogicServer> <BEA-000383> <A critical serv
ice failed. The server will shut itself down>
<7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
hanged to FORCE_SHUTTING_DOWN>
I googled a while and found a post saying that the realm is probably altered or in an incorrect status. I reset the the admin's credentials using weblogic.security.utils.AdminAccount but this disn't change anything. Of course, upon the managed server creation, I initialized the fierlds user and password in the server starting tab of the admin console.
Many thanks for any help.
NicolasHi,
Have you configured LDAP Authenticator on the server?
If yes, afther the change did you restart both the servers - admin and managed? -
Authentication for user weblogic denied
I am unable to start node managerd server from command prompt.
I installed WebLogic Server Version: 12.1.2.0.0 on Windows 2008 R2 EN Sp1
I started Administration Server succesfully.
C:\Weblogic\Oracle\config\domains\wl_server\bin\startWebLogic.cmd
I created ihale Managed server but I couldn't start Managed Server.
C:\Weblogic\Oracle\config\domains\wl_server\bin
startManagedWebLogic.cmd ihale http://192.168.1.29:7431
I'm getting following error.
####<Dec 25, 2013 12:51:13 AM PST> <Critical> <WebLogicServer> <umman> <ihale> <main> <<WLS Kernel>> <> <> <1387961473813> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:257)
I am able to login administration console same username and password. Username: weblogic Password:xxxxx
I changed the weblogic user password and I tried again. It was unseccesfull.
I created boot.properties file in C:\Weblogic\Oracle\config\domains\wl_server\servers\ihale\security folder.
I put username and password.
After I tried to start ihale managed server, boot.properties file didn't encrypted and managed server also didn't started.
I deleted cache, data, tmp folders except logs folder in \\192.168.1.29\c$\Weblogic\Oracle\config\domains\wl_server\servers\ihale and I tried again. It was unseccesfull.
I found something on https://community.oracle.com/message/10653470
Ganesh says:
Did you restart AdminServer after deleting the LDAP Authentication provider?
I think your managed server is still trying to authenticate user through ldap authentication provider.
Torrado answers:
I found that there was a definition in Security Policy of osb_server1 for an user that belonged to deleted LDAP authenticator.
I deleted it and server started.
Thanks.
How can I delete definition in Security Policy of ihale for an user that belonged to deleted LDAP authenticator?
Could you please help to solve this problem?
Best Regards.Hi,
You can rename the ldap folder in following directory structure.
%Domain_Name% / servers / <servername> / data/
You will find ldap folder try to rename that folder and then please restart the server again.
If you are try to start through nodemanager then rename the nodemanager under following directory.
%Domain_Name% / servers / <servername> / data/.
Try to rename these two folder and restart the nodemanager and start the server again.
It will work for you.
Regards,
Kal -
Authentication for user weblogic denied problem when starting managed serve
Hi All,
I have a strange situation here. I installed WLS and SOA and BAM servers. Initially I could start both WLS and SOA.
Later I changed some files (possibly startManagedWebLogic.sh or deleted soa_server1/data/ldap/ or AdminServer/security/boot.properties), but later I remember I changed them back. I am now seeing that my WLS is starting up fine, but SOA is not. I am always getting the error:
<Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:251)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
>
I tried to go to admin console to change/verify the password for weblogic user, and then put plaintext password in AdminServer/security/boot.properties, then restart Adminserver. But I still cannot start SOA server.
Could you please let me know how to resolve this issue? I do want to save my environment at this point. Many thanks.Hi,
My understanding is admin user server is coming up fine but when you try to bring the soa_server1(managed instance) is not coming up due the below mentioned exception.
If not please correct me.
I have a few query, please give me comment on this.
1) Admin and managed instances are running on the same box or different
2) Did you try to reset the password from console or using weblogic.security command
3) Did you cleared the soa_server1 temp directory(server/soa_server1/*)
Solution-1 (If Domain running on different box)
=============================
1) Copy the DefaultAuthenticatorInit.ldift file from Domain_dir/Security/ to Remote machine - Domain_dir/Security/
Note- Remote machine - take a backup of DefaultAuthenticatorInit file.
2) Remote machine- rename or take a backup of ldap directory and boot.properties file
/servers/soa_server1/ldap
/servers/soa_server1/security/boot.properties.
3) Now try to brought up the soa_server1.It will prompt you the username and password.
Please let me know.
Thanks,
Rajkumar -
Creating automated email reminders to users every 2 weeks via Workflow 2010 Out of Box approach only
Hi,
I have been asked to automate the email reminders to users (every two weeks) from the SharePoint2010 solution.
I am trying to achieve this via workflow ,but am unable to get the results.
Req :
Twice a month the users should get an automated email reminder for a specific task.
1. On 14th (or last working day in mid month -1) of the month. ( a field "mid month end" captures the date as 15th of the month)
2. On last working day - 1 of the month. ( a field "month end" captures the date as last day of the month)
Please let me know how i can achieve this via Out of box functionality. I donot have exp with workflows so a detailed steps guidlines will be very helpfull.
Regards,
GuruAlthough you can start a workflow and then pause it for a number of days, I'd feel uncomfortable with that. If the farm crashes, who guarantees that the paused workflows will pick up where they were left off?
SharePoint does no offer to run a workflow on all items in a list/library -- which I feel is a big draw back.
The good news is that there is a free 3rd party tool that can run a workflow on all (or specific) items in a list or library. It's called the
HarePoint Workflow Scheduler and I love it.
You can create a view that shows the items that you want to run the workflow on.
Or, if you know how to write CAML, you can feed the CAML Query right into the HarePoint Workflow Scheduler task.
At my company we have several sites in production that use the HarePoint Workflow Scheduler with a view.
So, first, create a SharePoint Designer workflow and define it to run manually.
Then use the HarePoint workflow scheduler to define a schedule.
You can define a schedule for the HarePoint tool, like every day, month, week, etc., by just clicking a few boxes.
Since this functionality does not come out of the box with SharePoint 2010, this free tool is a real gem.
cheers, teylyn -
Open PDF document to a specific page via a
I know if you can open a PDF to a specific page by using the PAGE parameter when you open via ACROBAT. I want to be able to do the same thing via the anchor tag <a>. How can you do it?
For example, I have html in my region source:
Refer to the <b><a href="javascript:popUp2('#APP_IMAGES#FD User Guide.pdf')">System User Guide</a></b> on how to use all the features ...I also have it in URL target of a list region:
javascript:popUp2('#APP_IMAGES#FD User Guide.pdf')The customer wants to be able the user to go automatically to page 53, for example.
Can someone please help ASAP?
Robert
http://apexjscss.blogspot.comAll,
I found my answer. You just need to append "page=+page_number+* to the filename.
Robert
http://apexjscss.blogspot.com -
We have a ACE redirect configured on 3 physically seperate ACE modules with the following config. It works on one ACE Module and not on the other 2.
Capture on the ACE and sniffer gives this error.R [bad tcp cksum 2d41!] ACE sends resets to the client. Anyone run into this issue?
The software version is system: Version A2(1.0a) [build 3.0(0)A2(1.0a)
rserver redirect Test
webhost-redirection http://www.test.com
inservice
serverfarm redirect Test
rserver Test
inservice
class-map match-any Test
2 match virtual-address 192.168.10.10 tcp eq www
policy-map type loadbalance first-match Test
class class-default
serverfarm Test
class Test
loadbalance vip inservice
loadbalance policy Test
loadbalance vip icmp-reply activeSorry maybe I didn't explain what I was getting at good enough...
I guess I'm basically asking if there's potential for asymmetry at the site that's not working.
For example.
Say I have a load balanced server. It has two interfaces a "front end" and a "back end". I manage the server on the backend from my laptop, for which the server has a route. Now if I try to hit the public VIP of the LB, traffic is routed to the VIP, then to the server, but because the server already has a route to my laptop via the backend, it bypasses the load balancer on the return and replies directly to me, thus putting the flow out of sync and never completing the connection...
Not saying that's it, but I've had so many asymmetry issues that are tough to figure out that It's usually one of the first things I rule out...
It's possible if the site that's not working is local to you and the others aren't, this may be a potential issue?? -
Hello,
Just a few questions on a HA lab to track the user interface. If i configure the primary ACE in the admin-context like this:
ft interface vlan 402 ---->>> FT VLAN
ip address <primary_ip>
peer ip address <secondary_ip>
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 402
ft group 4 --->> group associated to user-context Juniper
peer 1
priority 200 --->>> primary is 200 and secondary is 100
associate-context Juniper
inservice
and in the user-context of the primary ACE:
ft track interface vlan202 ---->>> VLAN 202 is where VIPs are configured in the Juniper user-context
track-interface vlan 202
peer track-interface vlan 202
priority 110
peer priority 100
1.- the command "peer-track interface" is useful in case the primary ACE and secondary ACE are not connected on vlan 202 via the same single switch? i guess without this command the secondary wouldnt track the user interface 202.
2.- Do i need to specify "peer priority 100" in the user context for the secondary ACE? Is it used to set the priority of the secondary once the primary becomes standby? Default is 100 for secondary so i think its not useful.
3.- Can i configure preempt delay in ACE?
Thanks,
Giulio.Hi Giulio
Could you please check 'ft group 4' configuration on your standby ACE?
Probably, you configure 'priority 105' on standby too. If so, please change configuration
from 'priority 105' to 'peer priority 105' on standby ACE.
# active admin context
ft group 4
peer 1
priority 105
associate-context Juniper
inservice
# standby admin context
ft group 4
peer 1
peer priority 105 <<==
associate-context Juniper
inservice
I checked your configuration and found you configured ft group for Juniper context only.
This means Admin context is not sync'ed. (I was misled into thinking that your admin
context is also sync'ed.)
If ft group for admin context is configured, you configure 'priority 105' on active admin context
only since 'priority 105' configuration is automatically converted to 'peer priority 105' and set
to standby ACE.
However, if ft group for admin context is not configured, your should configure both active and
standby ACE manually. Furthermore, you have to convert them by hand.
Since admin context of my ACE appliance is synced as below, I only configured 'ft group 4'
on active ACE. (Standby ACE was automatically set 'peer priority 105'.)
This behavior is same with module and appliance.
# my ace appliance configuration
ACE4710a/Admin# sh run ft | b group
Generating configuration....
ft group 1
peer 1
priority 105
associate-context Admin
inservice
ft group 4
peer 1
priority 105
associate-context test
inservice
ACE4710a/Admin# sh ft gr sum
FT Group : 1
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
My Config Priority : 105
My Net Priority : 105
My Preempt : Enabled
Peer State : FSM_FT_STATE_STANDBY_HOT
Peer Config Priority : 100
Peer Net Priority : 100
Peer Preempt : Enabled
Peer Id : 1
No. of Contexts : 1
FT Group : 4
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
My Config Priority : 105
My Net Priority : 105
My Preempt : Enabled
Peer State : FSM_FT_STATE_STANDBY_HOT
Peer Config Priority : 100
Peer Net Priority : 100
Peer Preempt : Enabled
Peer Id : 1
No. of Contexts : 1
ACE4710a/Admin#
Regards,
Yuji -
Hi All,
I am looking at an Technical solution for Restricting the direct access some specific tables in my data base to all the users(Except admins and few Service accounts). However views created on top of these tables would be exposed to all Users.
Could any one help me with the best solution.
Thanks in advance,
Regards,
Raja SuriHello,
You can try to create a new role "Client_User" in the database and deny access to the new role on the specify tables. And then add all user which you want to restricting the direct access the specific tables to the database role.
For example:
Use Database
CREATE ROLE [Client_User] AUTHORIZATION db_securityadmin;
DENY SELECT ON OBJECT::schema.table TO [Client_User] ;
EXEC sp_addrolemember 'Client_User', 'username';
Regards,
Fanny Liu
Fanny Liu
TechNet Community Support -
HFM - log that shows if a user has loaded data via web form or excel load.
I can see any data loads that are coming from FDM, but is there a log that shows any data entered into HFM via web forms or submitted through an excel file? Any input is appreciated.
ThanksYou could enable Data Audit to capture data changes made by users, though this will not capture which method users chose to change the data. That is, HFM can show that data changed, and who changed it, but cannot tell whether the data was changed through a form, grid, smart view, or FDM. If you want to prevent users from changing data through forms, grids, or smart view, you can secure those input methods, but you cannot capture which one is used.
--Chris -
How to track user visit my page via search engine(google)
hi there,
is it possible to track that an user visited my page via search engine ( i.e google) using servlet?
what will request.getHeader("user-agent"); return if an user comes via search engine. will it return as "google" or just the browser name. is there any other possible way to distinguish that my page visited via google or user visited my page directly. kindly post your view on this. it will be helpful for most of the projects.
Regards,
A.Check the referrer. This is the URL where the request is coming from.
String referrer = request.getHeader("referer"); // Yes, with the legendaric misspelling.If the user used Google, this will come from the Google domain.
Keep in mind that the client has full control over what it sends along the request, so it could also spoof the referrer value. But at least this solution will cover the majority of the users anyway. -
How do you redirect the user to a custom page after the "Save" button is clicked?
In SharePoint 2010, I could add the following code to a save button to redirect the user to a custom page.
<input type="button" value="Submit" class="btnStyle" name="btnSave" onclick="javascript: {ddwrt:GenFireServerEvent('__commit;__redirect={/SitePages/Thankyou.aspx}')}" />
However, how do you do this for a save button in SharePoint Online? The code of a save button in SharePoint Online looks like
<input type="button" value="Save" name="ctl00$ctl33$g_175de2e0_43c1_4005_bac5_0ab02439686f$ctl00$toolBarTbl$RightRptControls$ctl00$ctl00$diidIOSaveItem" onclick="if (!PreSaveItem()) return false;if (SPClientForms.ClientFormManager.SubmitClientForm('WPQ1')) return false;WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("ctl00$ctl33$g_175de2e0_43c1_4005_bac5_0ab02439686f$ctl00$toolBarTbl$RightRptControls$ctl00$ctl00$diidIOSaveItem", "", true, "", "", false, true;javascript: {ddwrt:GenFireServerEvent('__commit;__redirect={/SitePages/Thankyou.aspx}')}))" id="ctl00_ctl33_g_175de2e0_43c1_4005_bac5_0ab02439686f_ctl00_toolBarTbl_RightRptControls_ctl00_ctl00_diidIOSaveItem" accesskey="O" class="ms-ButtonHeightWidth" target="_self">Not exactly what you are asking for, but if you are creating the link then you could add "?Source=" to the URL.
http://yourServer/sites/yourSite/Lists/TestList/NewForm.aspx?Source=/SitePages/Thankyou.aspx
Mike Smith TechTrainingNotes.blogspot.com
Books:
SharePoint 2007 2010 Customization for the Site Owner,
SharePoint 2010 Security for the Site Owner
Maybe you are looking for
-
I am having issues with my new Audigy 4 pro emitting static. Sometimes it's really loud, and other times a low static hum. I have disabled the on board sound, changed the pci slot, where the internal card sits, uninstalled all of the software, and re
-
I just sent a friend a gift movie. The recipient only has an iPad. He received an email about my gift via the email address linked to his iTunes account. When he pressed the button in that email to get the movie, however, iTunes opened. He found a R
-
F110 - Exchange rate different from the proposal
When does the execution of a payment is taken the rate of execution of the proposed payment, there is some way to take the exchange rate of the date on which the payment is executed??? and not the proposal.
-
Desktop background displays path in middle of image
Regardless of the background image I choose, the path displays in large white text across the image. How can this be fixed?
-
I finished a project that is 2hrs:19:00 min and when I export to QT file( not self contained) and try to burn with iDVD it states that file is too large...How can I split the movie in 2 parts and still keep my chapter markers or should I try to copmp