ACS TACACS Custom Attributes

Similar Messages

• Multiple instance of custom attributes ACS 5.x

  Hello,
  is there a way to have multiple instances of user custom attributes and
  insert those as multiple instances of the A/V Pair in the authorisation profile in ACS 5.2/5.3 ?
  Background:
  We have to migrate a ACS 4.2 to 5.3.
  In ACS 4.2 our client used the multiline attribute
  Number
  Name
  Description
  Type of Value
  Inbound/Outbound
  Multiple
  22
  Framed-Route
  Routing  information to configure for the user on this AAA client. The RADIUS  RFC (Request for Comments) format (net/bits [router [metric]]) and the  old style dotted mask (net mask [router [metric]]) are supported. If the  router field is omitted or zero (0), the peer IP address is used.  Metrics are ignored.
  String
  Outbound
  Yes
  to specify multiple routes to various networks in the RADIUS reply spcific for every single PPP username of routers dialing in.
  Using the internal user database, extended by a string attribute and using that attribute as source of a dynamic value
  in the access-policy works basically.
  But as I have only ONE single line instance of the attribute for every user, I can only return ONE framed-route.
  We have lots of cases where multiple routes have to be assigned to one router.
  I 'd like to avoid defining a seperate access profile for every remote RAS router for external PPP Dial-In...
  I Think Jack here https://supportforums.cisco.com/thread/2032506 has a simmilar issue...
  Any idea?
  Thanks, Frank

  I had to do this once and I created several custom attributes
  -Route1   (String)
  -Route2 (String)
  -Route3 (String)
  etc ...
  And in the authorization profile you return all those custom attributes as Framed-route. I was actually sending up to 10 Framed-Routes contained in 10 different attributes.

• ACS 5 search in custom attributes

  Hi there
  on ACS 5 we have the possibility to add custom attributes under System Administration > Configuration > Dictionaries > Identity > Internal xxx.
  At the moment there seems no way to search for a value of a custom attribute or even display a column with the custom attribute under Internal Users or Internal Hosts. Does Cisco have plans to implement this in the future?
  Thanks and best regards
  Dominic

  Good question, I'd like to know this as well for the netscreens. For junos, this is how I tried to do it (you would drop the "netscreen" from yours, but not sure if you would add both as mandatory)
  Acs4.x setup
  junos-exec
    local-user-name=readonly
  acs5.2 setup
  attribute -  local-user-name
  value - readonly
  mandatory
  # junos config
      login {
          class admin {
              idle-timeout 30;
              permissions all;
          class read-only {
              idle-timeout 30;
              permissions [ view view-configuration ];
          user admin {                                 
              class admin;                 
          user readonly {                                 
              class read-only;  
  The problem I have though, is this fixes my login to work to my JunOS devices, but it breaks the authentication to my Cisco IOS devices. The AAA logs show that the authentication succeeded, but the router says "authorization failed". Once I remove either the attribute from my shell profile, or make it optional then the Cisco router works for auth, but the JunOS device stops working (The username it tries to use is "remote" instead of the user I am trying to authenticate with).

• Custom attributes not available in ACS version 4.1

  We're trying to enable "authorization" on some new Cisco ACE devices. We're running ACS for Windows 4.1 and don't have a "custom attributes" checkbox to check. Is this not a feature in version 4.1.1?
  Thanks,

  I think it is present in the ACS 4.1.1. The limitation on the custom attributes (of 31,000 as CSAdmin indicates) is that in the T+ Settings per User Group Configuration page, which is accessed from the Interface Configuration page, if you add the 1201st entry in the custom attribute field, the browser crashes.The custom attribute field is currently limited to 31KB (approximately 1,200 attributes.

• Config the TACACS+ Accounting attributes

  hi,
  the ACS4.1 as AAA server using TACACS+ ,the customer wants to record the command they used when they loggined the AAA client ,how to config the TACACS+ Accounting attributes ?

  These commands will perform accounting records whenever a level 0,1,15 command is used
  This is logged to the
  "Reports and Activities" -> "TACACS+ Administration"
  aaa accounting commands 0 default start-stop group tacacs+
  aaa accounting commands 1 default start-stop group tacacs+
  aaa accounting commands 15 default start-stop group tacacs+

• Issue with Sorting by Custom Attributes

  In our custom SES query application, I am trying to implement sorting at the custom attribute level. I am having difficulty in understanding exactly how to set the options on doOracleOrganizedSearch() to achieve the desired result.
  We have a table based content source and allow a user to search via custom search attribute. We are also going to allow them to sort by custom attribute.
  For example, say we have a Project content source and one of the attributes is "Client Name". Users are going to be able to sort by client name (A-Z and Z-A). I have a prototype working but it only seems to work if I set topN to a very high number.
  I want to bring back the first 10 documents sorted by Client Name A - Z and allowing paging to the next set of sorted results. My prototype works if I set topN to 1000 (more than the # of results) but does not work if I set it to 10 (# of results I want to display per page).
  Below if my code. Note I am not setting the group attribute or the cluster list. Perhaps this is the issue?
  Many thanks in advance!
  OracleResultContainer results = service.doOracleOrganizedSearch
  (this.m_query, // query
  this.m_docsRequested, // topN
  this.m_startIndex, // startIndex
  new Integer(10), // docsRequested
  this.m_dupRemoved, // dupRemoved
  this.m_dupMarked, // dupMarked
  this.m_searchDataGroup, // groups
  this.m_queryLang, // queryLang
  this.m_docLang, // docLang
  this.m_returnCount, // returnCount
  this.m_filterConnector, // filterConnector
  filters, // filters
  this.m_fetchAttributeNames, // fetchAttributeNames
  null, // searchControls
  null, // groupAttr
  this.m_sortAttributes, // sortAttrList
  null); // clusterList

  Hi Nikola,
  in 9.0.1 even if you rewrite the web interface you can't sort files by custom attributes setting a SortSpecification to a Folder. You can only sort by base attributes with getItems(). To get item sorted on custom attributes you must perform a search (a lot more codelines).
  Regards, Alessandro

• Limitation on number of custom attributes visible

  Hi,
  I am using OIM 11g.
  All the custom attributes are visible on the create user form. I am able to see only 8 custom attributes on the modify user form.
  The visible property of all the attributes is set to true. I cannot modify the attribute once its created at the user creation.
  Can someone please help me out?
  Thanks...

  I got it resolved.
  Permissions in the access policies were not enabled for the remaining attributes.

• Encrypt custom attribute

  Tar: 7340338.994
  OID Version: 10.1.2.0.2
  We are trying to encrypt the custom attribute ( ssn, answer ). How do we encrypt the custom attribute ? This is security requirement.
  I find nothing in the admin guide and I am not even sure we can do this. Does anyone know how to encrypt a custom attribute?
  I am thinking at best this is an Enhancement Request.

  Several ways:
  1. Write a plugin: http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14082/plugin_intr.htm#i120282
  2. Put OVD in front of OID, point the application to OVD and write a plugin for OVD: http://download.oracle.com/docs/html/E12283_01/java_plug_ins.htm#CIHBDHHE
  3. If you can find the attribute in ODS schema, try encryption at the database level with TDE or VPD. Actually I am not sure it will carry over to LDAP interface..probably not but it's worth a try
  4. Have the application do it?

• Problem with setting custom attribute and it being searchable

  I'm having an issue with setting a custom attribute and having it be searchable using Portal 10.1.4. The situation that we have is that we initially added a bunch of files to Oracle Portal using webdrive. Later on, we decided that we needed another custom attribute called "Pinned Item" that will be used for searching (boolean value) and gave it a default value of false. The attribute was then added to the "File" item type in the "Shared Objects" group.
  It appears that since this attribute wasn't initially available on the file object, we couldn't search on it so we decided to set it programatically. First, I tried using wwsbr.set_attribute but it errored out seemingly because the value wasn't set in the first place. If I set a value first by using the web front end, I could then use the set_attribute procedure.
  So, I moved on to using wwsbr_api.modify_item and it appears to set it (although everything is being set to false until I changed it to "text" instead of "boolean" which is OK because that's what I wanted anyway... see metalink bug 390618.1). I'm using the method outlined in metalink doc 413079.1. When I do set it to a "1", and edit the item the check box is checked indicating that it is set correctly. And if I just click "OK" to save the attributes after I open it everything works like it should.
  However, the advanced search (and custom search portlet) and the search APIs are not picking it up. I'm not sure if I'm hitting Metalink bug ID 5592472 or not as that's using the "set_attribute" procedure instead of the modify_item procedure. And their "workaround" of setting the attribute in the UI isn't really feasible for a couple thousand files.
  So far I've tried the following things to get it working:
  1. I am calling wwpro_api_invalidation.execute_cache_invalidation
  2. I have executed wwv_context.sync
  3. I cleared the page group cache
  4. I invalidated all of the web cache
  Does anyone else have any other suggestions?

  I'm having an issue with setting a custom attribute and having it be searchable using Portal 10.1.4. The situation that we have is that we initially added a bunch of files to Oracle Portal using webdrive. Later on, we decided that we needed another custom attribute called "Pinned Item" that will be used for searching (boolean value) and gave it a default value of false. The attribute was then added to the "File" item type in the "Shared Objects" group.
  It appears that since this attribute wasn't initially available on the file object, we couldn't search on it so we decided to set it programatically. First, I tried using wwsbr.set_attribute but it errored out seemingly because the value wasn't set in the first place. If I set a value first by using the web front end, I could then use the set_attribute procedure.
  So, I moved on to using wwsbr_api.modify_item and it appears to set it (although everything is being set to false until I changed it to "text" instead of "boolean" which is OK because that's what I wanted anyway... see metalink bug 390618.1). I'm using the method outlined in metalink doc 413079.1. When I do set it to a "1", and edit the item the check box is checked indicating that it is set correctly. And if I just click "OK" to save the attributes after I open it everything works like it should.
  However, the advanced search (and custom search portlet) and the search APIs are not picking it up. I'm not sure if I'm hitting Metalink bug ID 5592472 or not as that's using the "set_attribute" procedure instead of the modify_item procedure. And their "workaround" of setting the attribute in the UI isn't really feasible for a couple thousand files.
  So far I've tried the following things to get it working:
  1. I am calling wwpro_api_invalidation.execute_cache_invalidation
  2. I have executed wwv_context.sync
  3. I cleared the page group cache
  4. I invalidated all of the web cache
  Does anyone else have any other suggestions?

• Custom Attributes in Target Group Email Campaign Not Refreshed

  We have a campaign sending emails to a target group of BPs.  To fill our custom attributes with values  we have implemented our code in badi CRM_IM_ADD_DATA_BADI method CRM_IM_BPSELE.  We tested our code using the Test Send feature from the email form and all worked fine.
  But when we ran the campaign in the background for a Target Group with multiple BPs it would not work correctly, our attribute values were incorrect. 
  We discovered while debugging the job, that the badi gets run once for each BP, but the attribute values from the previous BP do NOT get refreshed.  In fact there are 2 entire sets of attribute records in the CT_ATT_VALUES table parameter.  Each time through it multiplies by another set of our attributes.
  I have put code in the badi as a workaround that deletes the previously filled attributes for the previous BP, but I'd like to figure out what is causing this problem.
  Any help would be appreciated.
  thanks,
  Lee

  Hi Lee,
  Is this issue resolved for you now??
  I am facing the similar problem.
  Though the BADi is not used for these two mails (it is used in some other mail forms), it is actually called in 'CRM_ERMS_MAIL_COMPOSE' Function Module and the process is same as u said. There are 2 sets of values.
  I am using a Mail Alert functionality where in a 'Mail Alert ON' is sent to field engineers (FE) and then upon FE accepting the work we will send a 'Mail Alert OFF' to FEs.
  Problem is, we get one or two fields data incorrectly sometimes. I am not able to find out the root cause yet.
  Please let me know if you have had any resolution to this!
  Thanks in advance.
  Chaitanya

• How to Add custom Attribute in XML

  How to add Custom attribute recusrivly. With sequence order.
  //Before xml:-
  var myxml:XML=
  <root>
  <leval0 >
  <leval1 >
  <leval2></leval2>
  <leval2></leval2>
  </leval1>
  <leval1 >
  <leval2></leval2>
  <leval2></leval2>
  </leval1>
  </leval0>
  </root>
  ////After xml:
  var myxml:XML=
  <root>
  <leval0 levalid="0" >
  <leval1 levalid="0_0" >
  <leval2 levalid="0_0_0"></leval2>
  <leval2 levalid="0_0_1"></leval2>
  </leval1>
  <leval1 levalid="0_1" >
  <leval2 levalid="0_1_0"></leval2>
  <leval2 levalid="0_1_1"></leval2>
  </leval1>
  </leval0>
  </root>

  //call this method
              trace(addAttribute(myxml));
  //method
              private function addAttribute(node:XML, depth:String = ""):XML
                  if (node.hasComplexContent())
                      var count:int = 0;
                      var prefix:String = 0 < depth.length ? depth + "_" : "";
                      var currentAtt:String;
                      for each (var nodeItem:XML in node.children())
                          currentAtt = prefix + count;
                          nodeItem.@levalid = currentAtt;
                          addAttribute(nodeItem,currentAtt);
                          count++;
                  return node;

• How can i add custom attributes to a new Class Object using the API ?

  Hello everyone,
  Here is my problem. I just created a subclass of Document using the API (not XML), by creating a ClassObjectDefinition and a ClassObject. Here is the code :
  // doc is an instance of Document
  ClassObject co = doc.getClassObject();
  ClassObjectDefinition cod = new ClassObjectDefinition(ifsSession);
  cod.setSuperclass(co);
  cod.setSuperclassName(co.getName());
  cod.setName("MYDocument");
  ClassObject c = (ClassObject)ifsSession.createSchemaObject(cod);
  Everything seems to be OK since i can see the new class when i use ifsmgr. But my question is : how can i add custom attributes to this new class ? Here is what i tried :
  AttributeDefinition value = new AttributeDefinition(ifsSession);
  value.setAttribute("FOO", AttributeValue.newAttributeValue("bar"));
  c.addAttribute(value);
  But i got the following error message :
  oracle.ifs.common.IfsException: IFS-30002: Unable to create new LibraryObject
  java.sql.SQLException: ORA-01400: impossible d'insirer NULL dans ("IFSSYS"."ODM_ATTRIBUTE"."DATATYPE")
  oracle.ifs.server.S_LibraryObjectData oracle.ifs.beans.LibrarySession.DMNewSchemaObject(oracle.ifs.server.S_LibraryObjectDefinition)
  oracle.ifs.beans.SchemaObject oracle.ifs.beans.LibrarySession.NewSchemaObject(oracle.ifs.beans.SchemaObjectDefinition)
  oracle.ifs.beans.SchemaObject oracle.ifs.beans.LibrarySession.createSchemaObject(oracle.ifs.beans.SchemaObjectDefinition)
  void fr.sword.ifs.GestionDocument.IFSDocument.createDocument(java.lang.String)
  void fr.sword.ifs.GestionDocument.IFSDocument.main(java.lang.String[])
  So, what am i doing wrong ?
  More generally, are we restricted in the types of the attributes ? (for example, would it be possible to add an attribute that would be an inputStream ? Or an object that i have already created ?).
  Any help would be appreciated. Thanks in advance.
  Guillaume
  PS : i'm using Oracle iFS 1.1.9 on NT4 SP6 and Oracle 8.1.7
  null

  Hi Guillaume,
  you're welcome. Don't know exactly, but assume that ATTRIBUTEDATATYPE_UNKNOWN
  is used to check for erronous cases only
  and it shouldn't be used otherwise.
  Creating your own objects could be simply done via
  ClassObject ifsClassObject;
  DocumentDefinition ifsDocDef = new DocumentDefinition(ifsSession);
  // get class object for my very own document
  ifsClassObject = ClassObject.getClassObjectFromLabel(ifsSession, "MYDOCUMENT");
  // set the class for the document i'd like to create
  ifsDocDef.setClassObject(ifsClassObject);
  // set attributes and content for the document...
  ifsDocDef.setAttribute("MYFOO_ATTRIBUTE",....);
  ifsDocDef.setContent("This is the content of my document");
  // create the document...
  PublicObject doc = ifsSession.createPublicObject(ifsDocDef);
  null

• How to add a custom attributes in Oracle HTML Quotes page?

  Hi,
  Could someone advice on the best way to add a custom attribute in Oracle HTML Sales Quoting page.
  As this page is not an OA page, we are not able to use the concept of View Objects using AK Developer.
  Thanks,
  Arathi

  I have a requirement from our end users that all of them requires a shortcut button in toolbar for submitting a request instead of going the normal way in order to submit a single request.
  please can any one help me out in solving this query.Any reason you want to use a shortcut rather than using (Requests > Submit) window?
  You can use "FND_REQUEST.SUBMIT_REQUEST" API -- https://forums.oracle.com/forums/search.jspa?threadID=&q=FND_REQUEST.SUBMIT_REQUEST&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  How To Submit A Concurrent Request Set Using Fnd_Request.Submit_Request [ID 382791.1]
  How To Set ORG_ID When Submitting A Concurrent Request Using FND_REQUEST.SUBMIT_REQUEST in Release 12 [ID 1383266.1]
  Thanks,
  Hussein

• Creation of Custom Attributes in org structure

  Hi All,
  I was creating custom attributes that could be displayed in PPOMA_BBP. I tried to create it in table T77omattr, but it doesnot show up in the org plan.
  Can somebody provide insight on this and let me know what i need to exactly do in order to create a custom attribute and allow for changes in the org plan?
  Thanks
  Sunny

  Hi SRM guru,
  I am also having a same requirment ...
  We have a requirement to create the custom attributes in T770mattr for EG employee number.
  I have to specify a field name to for entries to be made in table TT77oMATTR. where do i create the field name?
  We have a requirement to match the custom attributes to a custom field developed on the shopping cart screen.
  if u suggest me how u have achevied the same, then i can also follow the same.
  Please help me asap.
  my mail id is [email protected]
  Thanks and redards,
  Mani

• Custom Attribute not available in Available Fields section of Configuration

  Hi Experts,
  My requirement is to add a custom search field in contact search screen. For that i tried various options
  Option1
  Added a model attribute in component/view  BP_CONT SEARCH/Search. The attribute got successfully added. But when i opened the Configuration tab, i could not see the attribute in the available fields.
  Option 2
  In the view CRMVC_SDESIGN, i created a new entry for my attribute in object type: BP_CONTACT and design object . But doing so, i got an error and was not able to add my attribute
  Option3
  Since the View context node 'Search' is bound to the Component Controller Context node 'Search'. I created my custom attribute in compoennt controller also. But this also did not help.
  Option 4
  I deleted the enhancement of the view and created a new enhancement. I created a value node in Search context node. But still the attribute is not available in the Availble Fields in the Configuration of component/view BP_CONT_SEARCH/SEARCH.
  Kindly provide your valuable suggestions to resolve this issue.
  Regards,
  Radhika
  Edited by: Radhika Chuttani on Jan 6, 2012 7:28 AM

  Hi Radhika,
  You need to enhance the search query structure as well in order to get the field in the configuration.
  You can find the BOL structure for the corresponding context node bol model.
  In your case, the BOL model is the search object 'BuilContactAdvancedSearch'.
  The corresponding structure can be found at the BOL Model Browser, under Dynamic Query Objects
  for the search object 'BuilContactAdvancedSearch'. The corresponding structure 'CRMT_BUPA_IL_CONP_SEARCH'
  has to be enhanced with the new custom attribute. Only then, this field would be available in the configuration
  when the following htm code gets executed when you open the configuration tab.
  <thtmlb:advancedSearch id                = "advs0"
                                   fieldMetadata     = "<%= controller->GET_DQUERY_DEFINITIONS( ) %>"
                                   header            = "<%= SEARCH->get_param_struct_name( ) %>"
                                   fieldNames        = "<%= controller->GET_POSSIBLE_FIELDS( ) %>"
                                   values            = "//SEARCH/PARAMETERS"
                                   maxHits           = "//SEARCH/MAX_HITS"
                                   ajaxDeltaHandling = "false"
                                   onEnter           = "search" />
  Here you can see that, it reads the parameter structure using the method SEARCH->get_param_struct_name( ) of
  the context node.This is used for configuration as well.
  Also if you have an F4 help for your custom attribute, you have to add it in the GET_DQUERY_DEFINITIONS( )  of the
  view controller. These additional information will help you to understand better.
  Regards
  Leon
  [SAP Community Network Forums on mobile|https://cw.sdn.sap.com/cw/ideas/7910]