ADF security logout not working

Similar Messages

• ADF and SiteMinder not working

  Hi,
  I'm working on a project where the CA SiteMinder Authenticator and IdentityAsserter have been configured in a clustered environment alongside the Default Authenticator and IdentityAsserter. An ADF app using a combination basic J2EE security (isUserInGroup/Role type calls to show/hide tabs depending on user's role) and ADF Security roles and policies (used to lock down task flows to specific roles/groups/users).
  The J2EE security call works fine, proving that SiteMinder has populated the security Subject with the correct Principals and authorised correctly.
  However, ADF Security does not work at all, even though I can see the groups that originated in the SiteMinder Authenticator in the Enterprise Manager security config screens.
  I have mapped the ADF Application Roles to J2EE groups successfully, but when I access the application having successfully logged in as a user who is a member of that group, the taskflows don't show up...
  When I run this in a non-clustered WLS environment with only DefaultAuthenticator/IdentityAsserter, all is well, TaskFlows show/hide as expected.
  This falls neatly between Oracle and CA in terms of problem solving, can't get much help from either at the moment.
  Any thoughts or possible lines of enquiry are welcome.
  Edited by: 893022 on 27-Oct-2011 04:23

  Hi Frank,
  I'm just trying that now - reducing the variables seems like a good plan.
  A couple of things we're unsure of:
  1. Does ADF support Siteminder R12? My feeling is that the two are probably not related as ADF accesses the security realm via OPSS and the SiteMinder app server agent is an implementation of the WLS SSPIs, which would never be directly accessed from ADF (as far as I can tell).
  2. I've seen an example on redstack where an ADF application is deployed into an environment that is configured to use an Acitive Directory provider. There is a step includes that involves editing jps-config.xml on the server to include username.attr and user.login.attr properties to the idstore.ldap service instance. Is there similar any FMW-level config I'd need to do for SiteMinder?
  3. When JDeveloper builds the ADF app, it changes the class uses Groups and Users from:
  oracle.seurity.jps.internal.core.principals.JpsXmlEnterpriseroleImpl
  to:
  weblogic.security.principal.WLSUserImpl
  We did some debugging on on our app and saw that the SiteMinder 'Groups' that are fed into WLS by the SSPI are actually of a different class althoghether:
  com.netegrity.siteminder.weblogic.sspi.auth.SmWLSGroupImpl
  I'm building my ADF app with Maven so have used XMLTask to make this change to jazn-data.xml on deploy, but still no joy. ADF just doesn't appear to be able to 'see' the users and groups that have come from SiteMinder providers.

• Dimension security is not working if user have two roles in SSAS while connecting from Excel

  Hello Genius,
  I am facing the issue when user trying to connect the cube from excel if user have more than one role in ssas db.
  Role 1: Countryuser, I have implemented the dimension security with country
  dimension and  countrycode attribute.
  Role 2: CityUser,   I have implemented the dimension security with
  city dimension and  citycode attribute.
  If user is mapped to any one of above role dimension security is working perfectly according to the logic but mapped to both role, cube is exposing all the data in this case dimension security is not working.
  Please give me the solution to fix this issue or incase I am wrong kindly advice.
  Thanks
  Ganesh

  This is the expected behaviour as allowed sets in roles are unioned together.
  This is not a problem when your roles are restricting across a single attribute.
  eg.
  US_role = {[Geography].[Country].[USA]
  France_role = {[Geography].[Country].[France] }
  as someone in both roles ends up seeing {[Geography].[Country].[USA], [Geography].[Country].[France] }
  But when you have different attributes:
  NY_role = {[Geography].[City].[New York] }
  France_role = {[Geography].[Country].[France] }
  The first role is unrestricted on countries and the second is unrestriced on cities which is effectively:
  NY_role = {[Geography].[Country].AllMembers , [Geography].[City].[New York]  }
  France_role = {[Geography].[Country].[France], [Geography].[City].AllMembers }
  And when you union those two sets together you end up with:
  {[Geography].[Country].AllMembers , [Geography].[City].AllMembers }
  Which means that someone in both roles can see everything.
  So if you want to restrict someone to City = New York and Country = France you have to create a
  single role where both attributes are restricted. So if you have a lot of these combinations you will either have to create a lot of "combination" roles or look at dynamic security.
  The other thing that might work is make sure that you only give some users access to certain cities and others access to certain countries. It's the mixing of the two for a single person that causes the issues.
  http://darren.gosbell.com - please mark correct answers

• ADF bindings are not working with inheritance heirarchy.

  ADF bindings are not working with inheritance heirarchy. I am using embedded OC4J in JDeveloper 10.1.3.2.
  For the data model I have the following objects\attributes.
  1) User (abstract EJB 3.0 POJO)
  - Id
  - userId
  - userName
  2) Employee -> extends User (EJB 3.0 POJO)
  - enabled
  - password
  3) Manager -> extends Employee (EJB 3.0 POJO)
  - numOfEmployees
  4) UserSessionBean (Stateless Session Bean)
  - public User findUserByUserId(String userId)
  - public List<User> queryUserFindAll()
  - Object mergeEntity(Object entity)
  I created 2 JSF pages using ADF.
  1) ListUsers.jspx - Lists all the users of type Employee and Manager in a table. You can select an user and chose to modify the user details using a modify button.
  2) ModifyUser.jspx - Modify the selected user and persist the modified user details.
  I implemented ListUsers.jspx by dragging and dropping queryUserFindAll() method from the ADF datacontrol on to the JSF page and selected ADF Table format with selection enabled.
  Similarly for the ModifyUser.jspx page I dragged and dropped the User object returned by findUserByUserId(String userId) and selected ADF Form format. I selected OutputText field types for userId and userName.
  I then created a navigation case from ListUsers.jspx to ModifyUser.jspx and pass the selected user.
  Now when I try to run the web application, ListUsers.jspx correctly displays all the users. Then I select a user of type Employee and click on the modify button. This brings up the ModifyUser.jspx page. However, the UserId text field displays the value for "Id" field rather than "userId".
  Question that I have is:
  - Why is ADF framework not able to retrieve the appropriate user attribute value for a Employee based on the binding information in case of inheritance ?
  Thanks,
  Piyush

  Hi,
  tried with JDeveloper 10.1.3.3 and this works for me. Try JDeveloper 10.1.3.3 - if it doesn't work, have a closer look at your sessionFacade
  Frank

• Command Link in ADF table is not working/ PPR event not getting fired

  Hi All,
  I am having ADF Table, in that one column is with command link if click on command link, it is not navigating to corresponding page or method of a bean. If i give same command link out of the table it working fine, this issue i am facing is in IE9.
  if i use IE in compatibility mode the links works fine, even in IE8 version also.
  Browser: IE 9
  Jdev version: 11.1.1.5.0
  I tried all possible things, but nothing workout for me.
  showPopupBehavior not working in IE9 for af:table buttons (jdev11.1.1.5.0)
  Partial page rendering not working in ie9
  Command Link in ADF table is not working
  Thnks

  Hi,
  please file a bug if you have a customer support contract and provide a testcase
  Frank

• Secure boot not working with MSI Z77a-G45 And system reserve not showing

  Ok so i re did my windows after i did a zero fill on my hard drive as it was showing a corrupted sector on my disk that seemed to fix it for now, until it comes back if it does crossing my fingers it gone for good. But now i can't seem to get Secure boot to work i mean i did not have it before as i just slapped the motherboard in with a existing windows, that was to be expected but this is a clean install of windows 8.1 and i even have secure boot on but its not working and reports as off in windows.  Is it because i have my bios set to legacy+UEFI??? would that make secure boot not work??. i even went as far as turning it off and back on again the secure boot setting nothing made a difference.  I mean its not a big deal bit would be nice to know why its not working, also another wired thing and i will post pictures of it, as i cant see my system reserved partition in disk management but diskpart says it there, i will post those pictures any ideas??. 

  fixed it is my legacy+uefi another forum got back to me.

• Error during ADF Security logout in 12c

  Hello,
  I'm in the process of migrating my application from 11.1.2.4 to 12.1.2.0, and one thing I've noticed is the following error message in the weblogic logs when logging out of ADF Security:
  <Error> <oracle.adf.share.http.HttpSessionScopeAdapter> <BEA-000000> <HttpSessionScopeAdapter:  Request is in an invalid state.  Could not access the request session.>
  The logout still seems to work fine however. Currently I'm logging out with the following code (from here):
  ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
  ectx.redirect(ectx.getRequestContextPath() + "/adfAuthentication?logout=true&end_url=/faces/home");
  FacesContext.getCurrentInstance().responseComplete();
  Every time I press logout, the above error happens 5 times in the logs.
  I've also tried using the logout code from the 12c documentation and that produces the same error, but interestingly only produces that error 4 times.
  Is there something extra or different that is supposed to be done to log out of ADF security in 12c? I can't imagine that getting an error repeatedly is what should be expected.
  Thanks!

  Hello,
  I gave that idea a try, and it was the same result as the very similar manual logout code given in the documentation I tried earlier: http://docs.oracle.com/middleware/1212/adf/ADFFD/adding_security.htm#ADFFD21669
  The logout happens successfully, but that error message shows up in the logs at least once. Whenever I do a logout without going through the authentication servlet, the error is always logged exactly 1 time fewer. In my application I migrated from 11gR2 to 12c, the error would happen 4 times (5 through the servlet), and in the fresh sample 12c app I made earlier this week, it happens 1 time (2 through the servlet).
  I should also add that all of this testing has just been done in the integrated weblogic 12c server that comes with JDeveloper 12c.

• ADF security logout problem in adfAuthentication?logout =true

  Hi,
  I've configured ADF security and implementing logout as in http://blogs.oracle.com/jdevotnharvest/entry/how-to_logout_from_adf_security
  Also I have configured OID in the standalone WL server and when deployed this to the standalone wl, the login works fine. But when I click the logout the page redirects saying 10.4.4 403 Forbidden. and the redirected url is
  /adfAuthentication?logout=true & end_url=/faces/AppLogin.jspx Please help, why the logout is forbidden?
  ver. 11.1.1.4
  my web.xml entries
  <security-constraint>
      <web-resource-collection>
        <web-resource-name>adfAuthentication</web-resource-name>
        <url-pattern>/adfAuthentication</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>valid-users</role-name>
      </auth-constraint>
    </security-constraint>
    <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
        <form-login-page>/faces/AppLogin.jspx</form-login-page>
        <form-error-page>/faces/error.jspx</form-error-page>
      </form-login-config>
    </login-config>
    <security-role>
      <role-name>valid-users</role-name>
    </security-role>and weblogic.xml
  <security-role-assignment>
      <role-name>valid-users</role-name>
      <principal-name>users</principal-name>
    </security-role-assignment>

  What I get is a Error 403--Forbidden and not 404 - not found. The two links provided above talks about 404 error and similar.
  What I have is I can login successfully, but when I use the logout procedure it gives me a 403 --Forbidden error. Any other suggestion?                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• ADF Security -- permissions dont work as documented in Jdev Article

  Hello
  i read the article Introduction to ADF Security in Jdev 10.1.3.2, Feb 2007. I followed the steps and authentication worked fine. However, Authorization did not work until i defined permission at All Level start with PageDef itself down to Iterator, until the attribute level. The documentation does not state that the attribute level is also required. An extract is
  "The application developer defines authorization declaratively for iterator bindings, action bindings, and method bindings defined in the ADF page definition (pageDef.xml) file and, alternatively, for the entire page definition itself"
  I found the document more appealing as i dont believe that it feels right to visit each and every attribute for each iterator in the application when i want all the attributes to inherit their premission from the iterator (Select and Update). If i dont do that, the page appears but no rows are shown (expect the total no of row indicator, which is probably working due to the iterator Read Permission)
  I read in other posts that the attributes need to be handled, is there multiselect option, that i can use to do group attribute permission setting
  rgds
  Ammar Sajdi
  REALSOFT
  Amman - Jordan

  Hi,
  you are correct that attribute bindings too need to be authorized. In 10.1.3 ADF Security is an all or nothing approach, which means that you either have authorization or you don't.
  This is an administration overhead that we eliminate for JDeveloper 11. In JDeveloper 11 we treat all bindings as publicly accessible unless there is a permission defined for it. This makes security administration easier.
  Frank

• Command link in adf table is not working..

  Hi All,
  I am having ADF Table, in that one column is with command link and,if click on commnad link it is not going to coorsponding action or actionListener methods of bean. If i give same command link out side of the table it working fine.But i have to pass some perameters on click of button.
  I am getting same problem in many places , if i delete the page and page-def files again if i create some times it is working but some times not working. Is there any specific reason for this.Following is the code snippet...
  <af:column sortProperty="GlobalDealId" sortable="false"
  headerText="#{bindings.DsaDealsResultsVO1.hints.GlobalDealId.label}"
  id="c8">
  <af:commandLink text="#{row.GlobalDealId}" id="cl1" action="#{pageFlowScope.editProfileCompleteness.sample}" immediate="true" partialSubmit="true">
  <af:setActionListener from='"#{row.GlobalDealId}"'
  to='"#{pageFlowScope.globalDealId}"'/>
  <af:setActionListener from='"#{row.CustName}"'
  to='"#{pageFlowScope.custName}"'/>
  <af:setActionListener from='"#{row.IsSaDeal}"'
  to='"#{pageFlowScope.isSaDeal}"'/>
  </af:commandLink>
  </af:column>
  Even i tried with out immediate="true" partialSubmit="true" also.
  And i set ChangeventPolicy = ppr for Iterator in page defnation file.
  Awaiting for ur reply.

  Hi,
  the real problem of the original poster seems to be <af:commandLink text="#{row.GlobalDealId}" id="cl1" action="createMDM" immediate="true" partialSubmit="true"> having immediate set to true in which case the request goes from restore view to render response. You usually use immediate=true on a command item to cancel an action (bypassing all the other JSF lifecycle steps).
  Peter551059,
  you don't give us much information about your case. So if the problem is IE9 and you verified IE9 is supported for the version of JDeveloper you use, then - in case you have a support contract - my best advise is to file a service request and have support looking at it just in case you hit a defect that should be filed as a bug
  Frank

• The pdf security is not working in Flash Paper

  Is anyone facing a similar problem.
  The pdf security if applied with a passsword to select the
  text & graphics, printing, etc does not work. It selects any
  and every text in flash paper and pdf. Does anyone know how can one
  prevent to copy any text or graphics ...

  I have the same issue. My phone says the files are corrupt and they stay corrupt if I forward then from my phone. It like the phone checks for something in the PDF, when it never did before.

• ADF : valueChangeListener is not working on checkbox

  Hi All,
  I am using the following piece of code in ADF and valueChangeListener() associated to my check box is not working.
  Here is the piece of code :
  <af:selectBooleanCheckbox
  label="Budgetary Calendar" id="sbc1"
  selected="false"
  valueChangeListener="#{pageFlowScope.CalendarUtilBean.onBudgetCheckboxChange}"
  autoSubmit="true"/>
  Any help would be greatly appreciated.
  Thanks,
  Srikanth.

  I implemented the same
  valueChangeEvent.getComponent().processUpdates(FacesContext.getCurrentInstance()); for my value change listener on select many choice..
  It's working fine !!!
  Thanks
  Kanika

• USB security key not working with Mac

  Hello! I have a windows compatible medical program that I am trying to run on parallels on my mac. The program uses a USB security key to work. Mac nor parallels (i have win XP running on it) is detecting my security key. The key is recognized on a different windows XP PC though. any thought??? greatly appreciated!

  Hi OGELTHORPE,
  My USB stick was originally formatted as MS-DOS (FAT) as default and out of the box. As I understand this is the same as FAT32 on Win (?)
  MS-DOS (FAT) configuration was however what led to all of my problems stated above.
  That is why I'm confused.
  Before writing to the discussion board, I reconfigured the stick to ExFat, based on some similar research, but an article discussion advised the ExFat not to be a stable nor reliable configuration. I do not know why this issue was mentioned, but several users logged this as an issue of the ExFat.
  If you have a USB stick meant for Mac use only, not cross-platform, do you alter configuration from MS-DOS (FAT)?
  (Primary use is for Mac backup only, I'm willing to give up the cross-platform requirement)
  I also don't understand why my Mac didn't detect a second USB stick, prior used on a different Mac.
  Thanks!

• Flash Global Security & Links Not Working?

  Hi all,
  I am absolutely near some sort of breakdown with my Flash website....I really hope someone can help!
  I am building my portfolio website; I'm using Dreamweaver CS3 (on Mac) and inserting Flash animations in the centre of a table in each Dreamweaver page. All was working fine until I built the Contact page animation on Flash last night. I linked in some external websites to my Blog, Flickr and Twitter and also need a button to launch the user's default mail client.
  When I tested the animation (CMD+ENTR) in Flash the links appeared to be working, if after a few clicks. I then inserted the Contact animation into the Contact.html page on Dreamweaver and tested it in Safari. A dialogue box came up regarding something about security settings and Flash 8 (makes no sense as I am using Flash 9); and I ended up on the Global Security Setttings panel page on the Adobe website. I selected the entire folder the website is in on my hard drive under "Trust Files in these Locations". Now the ENTIRE website's flash animations are not working. There are links to internal pages of the site (i.e. a link to the "Contact" page in the animaiton on the Home page) which are now not working either. No error messages come up when I test the movie in CS3 either. I have refreshed Safari, restarted the Mac and redone the folder on the Global Security Settings panel. Also loaded the entire website onto a PC this morning, all links not working either.
  Actionscript 3 on the Contact page looks like this:
  import flash.events.MouseEvent;
  //---Blog Button---\\
  var getBlog: URLRequest = new URLRequest("http://www.myblogsdomain.com");
  Blg_Btn.addEventListener(MouseEvent.CLICK, eClick);
  function eClick(event:MouseEvent):void{
  navigateToURL(getBlog, "_self");
  //---Twitter Button---\\
  var getTwitter: URLRequest = new URLRequest("http://www.twitter.com/mydomain");
  Twt_Btn.addEventListener(MouseEvent.CLICK, eClick1);
  function eClick1(event:MouseEvent):void{
  navigateToURL(getTwitter, "_self");
  //---Flickr Button---\\
  var getFlickr: URLRequest = new URLRequest("http://www.flickr.com/photos/mydomain");
  Flkr_Btn.addEventListener(MouseEvent.CLICK, eClick2);
  function eClick2(event:MouseEvent):void{
  navigateToURL(getFlickr, "_self");
  //---Email Button---\\
  var getMail: URLRequest = new URLRequest("mailto:[email protected]");
  Eml_Btn.addEventListener(MouseEvent.CLICK, eClick3);
  function eClick3(event:MouseEvent):void{
  navigateToURL(getMail, "_self");
  I'm not 100% sure if the e-mail AS3 I set up is correct, but as none of the links are working I can't test it. I cannot provide a link to the website as it isn't uploaded yet, and I don't really want to upload it not working properly.
  Any help at all would be gratefully received, I'm really, really on the brink of some sort of breakdown. Thanks.

  Thanks Samuel.Wong and Ned Murphy for the information.
  I'm not actually sure what happened but my website suddenly started working again today, I think possibly by selecting "Always Allow" on the Global Security Page as well as inserting every individual file as well as the folder under "Trusted Locations" has also done the trick.
  The external links appear to work when I test the movie in Flash CS3, but the same warning comes up once the movie is inserted into a Dreamweaver html page and tested in Safari. However I think when the links (all except the email ) appear to be working in Flash then it should be just fine once uploaded onto the server. Many thanks for your advice once again.
  Maxx

• Adfs/ls does not work while adfs/ls/idpinitiatedsignon works | There are no registered protocol handlers on path /adfs/ls/ to process the incoming request

  Hello Experts
  I am trying to configure ADFS 3.0 with Sharepoint 2013 and facing an issue with ADFS 3.0 url
  When I try to access url https://<ADFS.domain.com>/adfs/ls - I face following error 
  Encountered error during federation passive request. 
  Additional Data 
  Protocol Name: 
  Relying Party: 
  Exception details: 
  Microsoft.IdentityServer.RequestFailedException: MSIS7065: There are no registered protocol handlers on path /adfs/ls/ to process the incoming request.
     at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
  But When I try to access ADFS url - https://<ADFS.domain.com>/adfs/ls/idpinitiatedsignon 
  It works.. 
  Is it normal behavior or something wrong here.
  Please suggest.
  Thanks

  /adfs/ls/ is the endpoint for all "passive" protocols. a Plain GET to /adfs/ls wil complain (correctly) that the plain GET is not a correct SAML or WS-Fed message. You should only send correct messages to that EndPoint........
  Paul Lemmers