ACL failure with RDBMSRealm removed user session
When using RDBMSRealm, the user's session gets invalidated when the user do
not have access to certain pages. When I try this behaviour without enabling
the realm and setting the user groups and password in weblogic.properties, I
don't have this problem. Is this a bug?
Basically, what we need is a way so that we can differentiate a user who
hasn't logged in and one who does not have access rights to the resource -
without the realm, we were able to get the remoteUser to check whether there
is a remote user and if yes, then the login page will show a "No access"
message rather than the login form.
I am using sp5 and form-based authentication in a web-app.
When using RDBMSRealm, the user's session gets invalidated when the user do
not have access to certain pages. When I try this behaviour without enabling
the realm and setting the user groups and password in weblogic.properties, I
don't have this problem. Is this a bug?
Basically, what we need is a way so that we can differentiate a user who
hasn't logged in and one who does not have access rights to the resource -
without the realm, we were able to get the remoteUser to check whether there
is a remote user and if yes, then the login page will show a "No access"
message rather than the login form.
I am using sp5 and form-based authentication in a web-app.
Similar Messages
-
Help with Stock Removal User Exit
Hello All
To control the storage bin selection, I am using the user exit MWMTO004. When I use the transaction LT03 to create a transfer order the system selects the storage bin selected by me. However, when I create a transfer order through L_TO_CREATE_INT it doesnt select the storage bin chosen by me. After debugging the code in LT03, I found out that SAP locks the bin with lock object ELLQUAX and ELLQUAY and thus prevents it from re-selecting the same bin. Is there a way in the user exit, through which I can prevent selecting the same bin. I would be thankful for your inputs in this regard.
Thanks in Advance.Oh God, such a relief I solved it. SAP provides a FM, L_TO_CREATE_GET_INFO, which updates the quantity that has already been picked. The following is what I am doing to select a bin in the user exit:
1) Clear the internal table sent to the user exit (t_qmat).
2) Call the FM L_TO_CREATE_GET_INFO to check the quantity left in each bin.
3) Select a bin and insert that bin as the first record of the internal table.
Thanks
Sunil Achyut -
License vanishes with the removed user
Hi folks,
I have a typical problem.
I created 10 users.
Then I allotted all 10 licenses I had to all the 10 users.
No one did any transaction.
Due to some reason I deleted the 10th user and created 11th user.
But the 10th license allocated to the 10th user vanished along with the user.
Now I have 10 users visible in the Licence Administration window but only 9 allocated with licenses to them.
Kindly advice.
Take Care,
JimmyHi Jimmy,
You may check this thread:
Delete License assignments - Deleted DB
Thanks,
Gordon -
New user session from an existing logged in user browser window
Hi,
I have a requirement that says, a new browser window should be popped up with a new user session from the current "logged in user" browser window when he clicks a button event.
What I have with me is the "UserID" of that new user. Is it possible in portal?
Let me know.
Thanks,
Megha.Megha,
I know that you can manually click CTL-N to open a new browser window and the user is still authenticated.
So I would think that you could code a similar function into the button event.
Hope it helps.
Regards,
Keith -
Hi Experts
Hi,
I tried to create the a user on SAP, the system throws that he already exists, it turns out the user was removed from SBO some time ago. When I run a query on OUSR sure enough the user is there, the only difference is they fall under a table called Group 99. On the normal user window the user is not available.
How can I restore this user or recreate them in the system?
Regards,
LeboCheck with the following SAP Notes which deals with Deleted/ Removed Users
869326 Cannot add user code even if previously deleted
[https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/smb_searchnotes/display.htm?note_langu=E¬e_numm=869326]
827232 Recreation of deleted users
[https://websmp130.sap-ag.de/saphttps://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/smb_searchnotes/display.htm?note_langu=E¬e_numm=827232] -
We have a Windows service that monitors for process start events and sends notifications to client applications.
We have discovered that the delay between when a process starts and when our EventArrivedEventHandler is called gets excessively long when the number of user sessions on the Windows server gets to about 80.
The delay gets worse as the number of user sessions gets higher.
The delays are not consistent. Even with 100 sessions some observed delays are short but most are too long and the maximum observed delay grows with the number of sessions.
Here is one example of the delay we are seeing.
A client application wrote its first log record to its log file at 11:05:34.076. Our EventArrivedEventHandler did not get notified of the process start event for the client application until 18 seconds later (at 11:05:52.188 ).
We need the delay to be less than 5 seconds to be tolerable and would like the delay to be less than 3 seconds if possible.
Is there something we can do to reduce the delay? Below are the details of our use of WMI.
We are using an instance of class WqlEventQuery to represent a WMI event query in WQL format.
We are constructing an instance of ManagementEventWatcher to consume events asynchronously.
Below is how we are instantiating and running the query. Variable m_PollingIntervalInMilliseconds is set to 1000 by default.
WqlEventQuery query = new WqlEventQuery("__InstanceCreationEvent", new TimeSpan(0, 0, 0, 0, m_PollingIntervalInMilliseconds), "TargetInstance isa \"Win32_Process\"");
m_ManagementEventWatcher = new ManagementEventWatcher(query);
m_ManagementEventWatcher.EventArrived += new EventArrivedEventHandler(managementEventWatcher_EventArrived);
m_ManagementEventWatcher.Start();
Our Windows service is not the only user of WMI services on the server. I do not know if there is contention with other users of WMI services or if there is something about the way we are consuming WMI services that is inefficient.Hello RossAtWFMC,
It seems that the services are working with a complex environment, and currently, we do not have such an environment which could reproduce this issue you described. Anyway, I would like to share whatever I found and some suggestions about this issue:
>> called gets excessively long when the number of user sessions on the Windows server gets to about 80.
The delay gets worse as the number of user sessions gets higher.
This seems to show that the issue is related with the number of user sessions, it may be that when with lots of user sessions, there are something additional delay the event to be fired. As you mentions, there are other services on that server machine, if
possible, you could make a test to run your WIM service only to see if it is still delayed.
>> Is there something we can do to reduce the delay?
I suggest that you could check this blog below which provide a way to debug with the .NET course code:
http://blogs.msdn.com/b/dotnet/archive/2014/02/24/a-new-look-for-net-reference-source.aspx
So that you could know which method inside costs most time.
From your provided code, it is not very clear if you use multi threads in your service, if not and your event handler is short, you could have a try with it, and there is a discussion about this topic:
https://social.msdn.microsoft.com/Forums/en-US/13f30e33-7f61-498e-a91a-ef982a63453c/event-handling-in-multithreaded-apps?forum=netfxbcl
Regards.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
I have purchased an item from within the app PocketBible on my iPad. However when I try to download it I am asked for my app User Name and Password and then my Apple ID and password. I give both of these. I then get a message which says Regrant failure - Please log in with the same user that has bought the app. That is then followed by Pocket Bible Alert - cannot connect to iTunes Store.
Anybody got any ideas, both what the 1st alert means and how I get round the problem please.I had the same problem. My wife had the PocketBible on her Ipad 2 and she transferred ownership to me. I had to delete the app and reinstall it from the App store(logged in with my apple ID) and its working without a problem. I do not get those error messages when I attempt to Buy/Upgrade or Add/Remove books.
-
Flex connect with a per user ACL with APs locally switched
Hi all,
Does flex connect allow a per user ACL to be downloaded to the session with local switched, central authentication? We are using ISE for the central policy engine and have setup dACL for wired but am about to embark on WLAN. The controller is a 5508 and the. APs are 3700's.
Second question- if the flex connect APs don't do any form of per user ACL, the other option is to have the units in regular mode where they are both centrally switched and centrally authenticated which I understand to support a per user ACL. Our WAN links are between 10mbps - 30mbps and the most latency would be around 40ms. Will this cause issues at all with the size WAN links and latency?
Thanks
Sent from Cisco Technical Support iPad AppWell you are running v7.6 so FlexConnect per user radius ACL's are supported per this doc since v7.5.
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112042-technote-product-00.html#anc9
As far as WAN latency, 200ms is good, but it depends in your WAN utilization now and how many AP's you plan on installing and the increase in wireless traffic across your WAN. There is a minimum requirement, but it's up to you in the end to make sure you have enough bandwidth or else you will need to QoS the capwap traffic to ensure the APs don't bounce from connected to stand alone.
Sent from Cisco Technical Support iPhone App -
Lil' help with systemd user session units
I'm using systemd 207. i would like to change my desktop-session on the fly. in this suituation form razor to openbox. these are my configs located in ~/.config/systemd/user/
razor.config
[Unit]
Description=Razor Qt Desktop
Before=mystuff.target
After=xorg.target
After=environment.target
Requires=dbus.socket
[Service]
ExecStart=/usr/bin/startrazor
#Restart=on-failure
Environment=DISPLAY=:0
KillMode=process
[Install]
WantedBy=de.target
de.target
[Unit]
Description=Desktop Enviroments
Wants=xorg.target
Wants=mystuff.target
Requires=dbus.socket
AllowIsolate=true
[Install]
Alias=default.target
openbox.service
[Unit]
Description=The Openbox Window Manager
After=xorg.target
Requires=dbus.socket
[Service]
ExecStart=/usr/bin/openbox
Restart=on-failure
[Install]
WantedBy=openbox.target
openbox.target
[Unit]
Description=Openbox
Wants=xorg.target
Wants=mystuff.target
Requires=dbus.socket
AllowIsolate=true
mystuff.target
[Unit]
Description=Xinitrc Stuff
After=environment.target
Wants=razor.target
Wants=environment.target
[Install]
Alias=default.target
now...
systemctl --user isolate razor.target
...doesen't close razor-qt desktop to make place for a new wm session
what shall we do whith the system units....
what shall we do whith the system units....
what shall we do whith the system units....
early in the morning
Last edited by kriz (2013-09-25 12:25:43)I have this problem too. I had not seen this thread you linked to above before... but in my one reboot test (which shoud be taken with a bucket of salt since my machine sometimes shuts down okay) it worked great. It would seem that 65kid's workaround is effective. I'm going to reboot again to see if this is consistent. I'll udpate if it hangs.
Edit: So it didn't hang, but it looked like it was going to. Often the session will seem to start to exit, but the root window will remain (the background). It did just this, and then after a second, continued to the printing of the shutdown messages. Success!
Edit2: I guess I should note the actual fix so that others don't have to follow that link. As putting the workaround in more than one place is probably optimal. So you need to add "TimeoutStopSec=2" to the [Service] section of the [email protected]. This can be done either by the .include function of unit files, or by the drop-in replacement functionality via /etc/systemd/system/user-session@<youruser>.d/<added-config>.conf. I would imagine that you could play around with the value of the timeout. Systemd's time capabilities are pretty extensive, so I imagine that you could actually configure it down to the ms here.
Last edited by WonderWoofy (2013-06-04 23:17:41) -
Hi,
Any help on this?
Thanks
srabonHi srabon,
For giving unique access for a specific file in a library, you can go to the library, and select the file , and click FILES->Shared With->ADVANCED, under PERMISSION ribbon, click ‘Stop Inheriting Permissions’, then the file will have unique permissions.
For removing the shared users for a file, firstly, like the above steps, select the file , and click FILES->Shared With->ADVANCED , make sure the file has unique access, then select the users that you want to remove, and click Remove User Persmissions
under PERMISSIONS ribbon.
I hope this helps.
Thanks,
Wendy
Wendy Li
TechNet Community Support -
Problem with transfered user sessions from a 10.4 system
On my new MacBook pro with ML, I tranfered the user sessions of my previous mac (power book G4 working with OS 10.4).
With these "old" users accounts, part of the trackpad features (like scroling up and down with 2 fingers) does not work, whereas it is working with new users.
Any idea on how to solve this?
Thanks in advanceThat was a good idea, I tried to delete the com.apple.finder.plist and the com.apple.systempreferences.plist but that did not work.
Eventually to solve the problem, I transferred all the files I needed to a session created with the new system. I'm waiting a week or two just to see if I have not forgotten something important and then I will delete the "old session".
Thanks anyway for your help. -
Can't create a new user session with KDE
Hi,
when I select "Switch user" in KDE, and try to start a new user session, I get dropped to a lockscreen of the currently logged-in user. I first thought this was a KDM issue, but this still persists with SDDM. I'd post any relevant logs, but I'm not even sure where to look for the source of the problem now.
Thanks in advance!I have the exact same problem.
Using:
kde-meta-* 14.12.1 -
Implementing max user sessions settings for TACACS with ACS 5.3
I'm a little confused about the configuration of max user sessions for device administration with TACACS.
When I've changed the configutration of unlimited sessions for a value in Access Policies > Max User Session Policy > Max Session User Settings
I think this value could limit the maximum number of sessions for each user, but instead this value limit in a global meaning all of my sessions.
For example: I need to limit the session for my users in 2.
user1 = Max 2 sessions
user2 = Max 2 sessions
user3 = Max 2 sessions
Whe i Put the value of 2 in Max Session User Settings
user1 + user2 + user3 = Max 2 sessions
This is a limitation of ACS 5.3 or my configuration needs something aditional.Luis,
Are you saying that when you authenticate with user1 and user 2 that user3 isnt able to get access?
Do you have tacacs accounting enabled on the network access device?
Also what do you have configured for the group settings? If there is a maximum group setting and all the users are a member of the same group then the lesser of the two will be enforced. So if the group max sessions is set to 1 then the all users in that group will have a max session of 1.
Here is some reference material.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/access_policies.html#wp1162177
Thanks,
Tarik Admani -
Java API Failed to authenticate the user session with LDAP
I have created a Java class that uses the MDM Java Api's it works fine on our Development environment where the MDM server uses its own built in authentication, but when I moved it to our QA environment where MDM use LDAP for authentication its failed with a 'Failed to authenticate the user session'. Has anyone seen this before?
hi Dan,
The java class which u have created that suppose to works fine on MDM server because to execute that program there are no requirement of such protocols, the problem u will face while exporting those program to an client machine
LDAP(Lightweight Directory Access protocol) connector communicates with the SAP system using RFC and with the directory server using these standard communication protocol.
so try to select the protocol such that it should help in making connection between the server,direcotryserver and the client machine through which u can execute u r java class using java Api's.
i hope this will give u an idea to through ur problem.
regards,
swapnil -
How to Remove User from Built in Administrators group With Group Policy Enabled
Hi,
I want to remove user from Administrator group which is in restricted group. So I cannot remove him through Active Directory what is the way to remove user from Administrator restricted group.
Thanks
Jibran Ishtiaq> Disable Group policy
"Edit", not "Disable"
> Under Domain click Delegation and went to the restricted group account.
> Remove User from group.
Why "Delegation"? Simply edit the GP object where the "Restricted
Groups" setting is in place...
> Also we have two DNS but one from where I remove account is the primary.
How is DNS related to group policy?
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))
Maybe you are looking for
-
MacBook Pro keeps waking from sleep on its own
My MacBook Pro keeps waking itself from sleep for no reason. I had the battery changed for free by Apple (apparently it's one symptom of a problem with the original battery) but it hasn't abated. (Occasionally it won't wake up from sleep too, but tha
-
We have redeployment project from 4.6c to ECC6.0, the client wants to migrate the work orders both open and closed to new system. I understand that as a normal process we migrate the Open work orders. Has any one migrated the closed work orders?
-
Dear experts, I know that IE messages are stored in table SXMSPMAST can u pl let me know in which table are the AE messages stored ? OR is it that AE messages are not stored in ABAP stack tables ? pl help
-
I presently have pc's with Windows Vista, XP, and 7. #1) With the Vista and XP, when I click and drag a photo from one folder to another, a black line appears, indicating where the photo will be dropped. I don't seem to have this handy feature on my
-
PZ02 ESS Service Change button is disabled.
Hi, In the standard service PZ02, if we select the emergency address as address type, "Change" button is disabled. Why is this button disabled for emergency address only where as it is enabled for permenent residence and work address. If we want to m