ADFS - Authentication logs
We have multiple ADFS and proxy servers in a PDC and the same in Azure. We will soon be moving ISP connections so will be pointing users to both Azure and on-premise proxy servers during this time. How can I tell from logs whether a proxy server is being
used to authenticate a user or not?
Hi Ally,
How can I tell from logs whether a proxy server is being used to authenticate a user or not?
As far as I know, ADFS proxy server doesn’t authenticate accounts directly, it is a service that brokers a connection between external users and your internal AD FS server.
The reason why we need ADFS proxy server is that if we have external users and the ADFS server is located in private network, we will need to set up an ADFS proxy server on the external network so that the ADFS server wouldn’t be exposed.
Please refer to this blog below for more detailed information about ADFS proxy server:
Understanding the AD FS 2.0 Proxy
http://blogs.technet.com/b/askds/archive/2012/01/05/understanding-the-ad-fs-2-0-proxy.aspx
If you want to enable logging on ADFS/ ADFS proxy servers, here are some references below for you:
Enable Debug Tracing
http://technet.microsoft.com/en-us/library/adfs2-help-how-to-enable-debug-tracing(v=WS.10).aspx
Configure event logging on a federation server proxy
http://technet.microsoft.com/en-us/library/cc756046(v=WS.10).aspx
How to Enable Debug Logging for Active Directory Federation Services 2.0 (AD FS 2.0)
http://social.technet.microsoft.com/wiki/contents/articles/1407.how-to-enable-debug-logging-for-active-directory-federation-services-2-0-ad-fs-2-0.aspx
In addition, here is a dedicated ADFS forum where you can refer to if you encounter any specific ADFS issue:
Claims based access platform (CBA), code-named Geneva Forum
http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Similar Messages
-
How to get ADF authentication and authorization working on server
I am having an issue with deployment & ADF authentication and authorization.
From the below testing results, you can see that I am unable to log in when I have deployed my app to my standalone server with both ADF security authentication and authorization turned on. I have included web.xml, jazn-data.xml and the page/server error I am receiving.
When making an attempt to log in I get the following results:
Running Locally with ADF Authentication: Works Fine
Running Locally with ADF Authentication & Authorization: Works Fine
Deployed to server with ADF Authentication: Works Fine
Deployed to server with ADF Authentication & Authorization: Doesn’t Work
What I have already tried: Removed all anonymous grants, using the same database credentials as the app user, deploying app twice (on the redeploy not including the login credentials & app policies at the application properties). Various modifications to web.xml e.g. welcomefilelist etc
JDeveloper Version: 11.1.2.4
Server Web Logic: 10.3.6
Server ADF: 11.1.1.16
Page Error when trying to log in:
Error 401--Unauthorized
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized
The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.
Server error when trying to log in:
Servlet failed with Exception oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'wpd.mobility.view.pageDefs.homePagePageDef' 'VIEW'.
at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:182)
at oracle.adf.controller.internal.security.AuthorizationEnforcer.internalCheckPermission(AuthorizationEnforcer.java:162)
at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:116)
at oracle.adfinternal.controller.state.ControllerState.checkPermission(ControllerState.java:663)
at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:700)
at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:531)
at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:59)
at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:530)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:120)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:168)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:131)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:74)
at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:447)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:202)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:508)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:125)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:293)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:199)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Web.xml
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
<param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Security precaution to prevent clickjacking: bust frames if the ancestor window domain(protocol, host, and port) and the frame domain are different. Another options for this parameter are always and never.</description>
<param-name>org.apache.myfaces.trinidad.security.FRAME_BUSTING</param-name>
<param-value>differentOrigin</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_SKIP_XML_INSTRUCTIONS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_DECORATORS</param-name>
<param-value>oracle.adfinternal.view.faces.facelets.rich.AdfTagDecorator</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_RESOURCE_RESOLVER</param-name>
<param-value>oracle.adfinternal.view.faces.facelets.rich.AdfFaceletsResourceResolver</param-value>
</context-param>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
</filter>
<filter>
<filter-name>trinidad</filter-name>
<filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>adfAuthentication</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.bc4j.mbean.BC4JConfigLifeCycleCallBack</listener-class>
</listener>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.GraphServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BIGAUGESERVLET</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.GaugeServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>MapProxyServlet</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.MapProxyServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/Pages/homePage.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<url-pattern>/servlet/GraphServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BIGAUGESERVLET</servlet-name>
<url-pattern>/servlet/GaugeServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MapProxyServlet</servlet-name>
<url-pattern>/mapproxy/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/bi/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>swf</extension>
<mime-type>application/x-shockwave-flash</mime-type>
</mime-mapping>
<mime-mapping>
<extension>amf</extension>
<mime-type>application/x-amf</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/faces/pages/*.</url-pattern>
<url-pattern>/faces/*.</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
</web-app>
Jazn-data.xml
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data.xsd">
<jazn-realm default="jazn.com">
<realm>
<name>jazn.com</name>
<users>
<user>
<name>*****</name>
<display-name>*******</display-name>
<description>******</description>
<credentials>********<credentials>
</user>
</users>
<roles>
<role>
<name>support</name>
<display-name>support</display-name>
<members>
<member>
<type>user</type>
<name>mobile</name>
</member>
</members>
</role>
</roles>
</realm>
</jazn-realm>
<policy-store>
<applications>
<application>
<name> myapp </name>
<app-roles>
<app-role>
<name>mob_mobile_support</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<display-name>mob_mobile_support</display-name>
<description>support role</description>
<members>
<member>
<name>mobile</name>
<class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
</member>
</members>
</app-role>
</app-roles>
<jazn-policy>
<grant>
<grantee>
<principals>
<principal>
<name>SUPPORT</name>
<class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name> myapp.view.pageDefs.*</name>
<actions>view</actions>
</permission>
</permissions>
</grant>
<grant>
<grantee>
<principals>
<principal>
<name>mob_mobile_support</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name> myapp.view.pageDefs.addapplicationPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>Pages.addappmsgtypPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>Pages.addoperationPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name> myapp.view.pageDefs.homePagePageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name> myapp.view.pageDefs.loggingSearchPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>myapp.view.pageDefs.workHistoryPageDef</name>
<actions>view</actions>
</permission>
</permissions>
</grant>
</jazn-policy>
</application>
</applications>
</policy-store>
</jazn-data>Read Frank's article http://www.oracle.com/technetwork/issue-archive/2012/12-jan/o12adf-1364748.html
Then you have to check if the user use use to login are defined in the stand alone server. If you server is running in production mode there is no automatic user or role migration. You have to to this by yourself.
Once you have check that the users are present, you have to check if the enterprise roles are mapped to the corresponding application roles.
Timo -
Questions about ADF Authentication
hello guys, first of all.. am wondering, is it possible to connect the adf authentication system with the database, to be able to add users programmatic ?? , the second question is, can i make the authentication on 2 levels??, in my case am having more that company uses our application and each company has many users.. i want the client to log in into the company account, then to his account.. is it possible using the ADF Authentication system ? am using Jdev 12.c thanks in advanced
Hi,
first of all.. am wondering, is it possible to connect the adf authentication system with the database, to be able to add users programmatic ?? ,
something like this. ADF security for dynamic users.
user can able to do two level of authentication :
1.configure username and password(encrypted) db. that is DB Authentication.
2.ADF-security Authentication.
thanks. -
Hi all,
We have two IronPort Email Security Appliances and one Management Security Appliance. I just took a look at the authentication log on one of my ESAs and I saw that the user "smaduser" was connecting from the MSA every few seconds. This makes sense - the MSA has to check for message tracking information, etc. - but it makes the signal/noise ratio in the log extremely high. Is there any way to keep the ESA from logging this normal activity or would we have to filter it out after FTP'ing the log from the device?
Thanks,
- SteveHi Steve,
you can try changing the log level of the authentication log by running the command logconfig on the CLI. Select EDIT and the authentication log file. The log level will be most likely 3 Information. You can try chaning it to 2 Warning and see if that helps.
Log level:
1. Critical
2. Warning
3. Information
4. Debug
5. Trace
Otherwise you will need to filter it out once downloaded from the appliance.
Regards,
Enrico -
Hi
I am trying to export my passed/failed authentication log to MS-EXCEL . Since my log in acs is huge MS-EXCEL has a restriction on the number of rows and columns. How do i delete the old logs and have the logs between specified dates.
Or is there any other mechanism so that i can open this log file in .csv format without truncating the content of the log file.
Any help is appreciated
Thanks in advanceThere are utilities about that allow you to split a file into a series of files but only containing N lines.
Alternativly have you looked at AAA Reports from Extraxi, that allows you to do a whole host of reports and handles all the issues of archiving and management of the data. -
Passed Authentication Logs on ACS 4113 SE appliance
I need to get a copy of all Passed Authentication logs from our appliance. Is there a way that I can ftp all those files to another device? Or is there another way that I can retrieve those files?
Thanks
DwaneDwane,
Yes, you can send logs to another system on the network using remote agent.
Remote Logging for ACS SE with ACS Remote Agents
The Remote Logging feature enables ACS to send data to one or more ACS Remote Agents. The remote agent runs on a computer on your network. It writes the data that ACS sends to it into CSV files. You can configure many ACS Solution Engines to point to a single remote agent, thus making the computer that runs the remote agent a central logging server.
For more information about installing and configuring an ACS Remote Agent, see Installation and Configuration Guide for Cisco Secure ACS Remote Agents Release 4.1
Regards,
~JG
Do rate helpful posts -
Cisco ACS Appliance and Passed Authentication Logs
I'm seeing something on our ACS appliance logs that looks kind of odd (but it is working fine).
When I look at the "Passed Authentication" logs, the users seem to show up about 3 time a minute (each). Maybe I am missing something, but this seems like some type of over-reporting.
Any ideas why this would be happening? I'm probably missing something obvious, but since I'm new to this I can't find the problem.
Thanks for any suggestions!What version of CSACS are you running? Has this just started happening, or was the problem just identified? It could be a performance issue if in fact everything was reauthenticating every 20 sec. Are all your devices showing up, or just wired or wireless? It could be a slight misconfiguration that could be hard to find. If you have the capability, you might want to capture the traffic going to your CSACS server to see if the authentications are actually happening, or like you mentioned...just reporting issues. I ope this helps.
-
Hi all,
I want to enable /var/adm/auth_log authentication logging on a solaris 10.
Coudl you please help me for this step?
Thanks,
e.Did you create /var/adm/auth_log first? That might be required.
Also, to test if the problem is in syslog or in your application you can test the syslog entry by running logger:
logger -p auth.info test
the above command should, echo the word "test" into your auth_log file.
I normally use auth.notice rather than auth.info, out of old habit, which works for me.
Also, for sshd there is a config attribute which specify which facility to use; SyslogFacility. You can always scan your sshd_config to see if its set to something else on your system.
.7/M. -
Hi,
We have implemented ADF security and using form based authentication. The problem we are facing is during logout, in IE we see a NullPointerException, before the login page is displayed. Please note that this functionality works fine in Firefox and Chrome. Also this happens only in standalone weblogic server. It works perfectly fine in a cluster. The logout link is command link which goes to logout.jspx. The implementation in logout.jspx is as follows
<?xml version='1.0' encoding='windows-1252'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1">
<jsp:directive.page contentType="text/html;charset=windows-1252"/>
<jsp:forward page="/adfAuthentication">
<jsp:param name="logout" value="true"/>
<jsp:param name="end_url" value="#{initParam.loginURL}"/>
</jsp:forward>
</jsp:root>
the loginURL is configured in web.xml as */faces/login.jspx.*
The exception stack trace is .
<Dec 10, 2012 7:44:44 AM UTC> <Notice> <WebLogicServer> <BEA-000360> <Server
started in RUNNING mode>
<Dec 10, 2012 7:45:51 AM UTC> <Warning> <oracle.adf.share.ADFContext>
<BEA-000000> <Automatically initializing a DefaultContext for getCurrent.
Caller should ensure that a DefaultContext is proper for this use.
Memory leaks and/or unexpected behaviour may occur if the automatic
initialization is performed improperly.
This message may be avoided by performing initADFContext before using
getCurrent().
For more information please enable logging for oracle.adf.share.ADFContext at
FINEST level.>
<Dec 10, 2012 7:45:51 AM UTC> <Error>
<oracle.adf.controller.internal.binding.TaskFlowRegionModel> <BEA-000000>
<1i9kmqwku_121>
<Dec 10, 2012 7:45:51 AM UTC> <Warning>
<oracle.adf.view.rich.component.fragment.UIXRegion> <ADF_FACES-00009> <Error
processing viewId: /InventoryUIShell URI:
/oracle/communications/inventory/ui/framework/templates/InventoryUIShell.jspx
actual-URI: /oracle/communications/platform/cui/fragments/mainArea.jsff.
oracle.adf.controller.internal.InvalidViewPortIdException: ADFC-14000: View
port ID '1i9kmqwku_33' is invalid.
at
oracle.adfinternal.controller.state.ControllerState.setCurrentViewPort(Control
lerState.java:1319)
at
oracle.adfinternal.controller.ControllerContextImpl.setCurrentViewPort(Control
lerContextImpl.java:135)
at
oracle.adfinternal.controller.ControllerContextImpl.setCurrentViewPort(Control
lerContextImpl.java:52)
at
oracle.adf.controller.internal.binding.TaskFlowRegionModel.doProcessEndRegion(
TaskFlowRegionModel.java:320)
at
oracle.adf.controller.internal.binding.TaskFlowRegionModel.processEndRegion(Ta
skFlowRegionModel.java:237)
at
oracle.adf.view.rich.component.fragment.UIXRegion$RegionContextChange.undoChan
geImpl(UIXRegion.java:1209)
at
oracle.adf.view.rich.context.DoableContextChange.suspend(DoableContextChange.j
ava:49)
at
oracle.adf.view.rich.context.DoableContextChange.undoChange(DoableContextChang
e.java:103)
at
oracle.adf.view.rich.component.fragment.UIXRegion._endInterruptibleRegion(UIXR
egion.java:726)
at
oracle.adf.view.rich.component.fragment.UIXRegion.decodeChildrenImpl(UIXRegion
.java:576)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXSwitcher.processDecodes(UIXSwitcher.j
ava:88)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXSwitcher.processDecodes(UIXSwitcher.j
ava:88)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
oracle.adf.view.rich.component.fragment.UIXRegion.decodeChildrenImpl(UIXRegion
.java:565)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.processDecodes(UIXCompo
nentBase.java:797)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildrenImpl(UIXC
omponentBase.java:986)
at
org.apache.myfaces.trinidad.component.UIXComponentBase.decodeChildren(UIXCompo
nentBase.java:972)
Any pointers to resolve this would be helpful.
Thanks,Hi,
Check these
http://tompeez.wordpress.com/2010/07/26/logout-with-confirmation-dialog/
http://www.oracle.com/technetwork/developer-tools/adf/learnmore/jan2011-otn-harvest-300940.pdf -
Hi
How to use ADFLogger in ADF 11g?
Thanks in advanceIt's up to you how you want to do it, but I think common practices are to create a logger per class or per functional grouping of classes. It's all down to your choice, but the more granular you create the loggers, the more control you can have in turning on or off pieces of logging.
John -
Logging Standards and ADF Application Log File on Standalone WLS
Hi Experts,
I am using JDev - 11.1.1.5.0 and WLS - 10.3
Is ADF Logger the standard logger to be used in an ADF Application? If Yes, how to configure it?
During development I simply used "System.out.println" for log messages and I was able to see the log messages in the Integrated WLS Console in JDeveloper. Now, I am moving to deployment on Standalone WLS. Please let me know how to configure the logger to log these messages to some log file to be accessed from standalone WLS.
Thanks
RathnamStart with this 5 part series http://blogs.oracle.com/groundside/entry/adventures_in_adf_logging_part
http://blogs.oracle.com/groundside/entry/adventures_in_adf_logging_part1
http://blogs.oracle.com/groundside/entry/adventures_in_adf_logging_part2
http://blogs.oracle.com/groundside/entry/adventures_in_adf_logging_part3
http://blogs.oracle.com/groundside/entry/adventures_in_adf_logging_part4
For the UI
http://blogs.oracle.com/jdevotnharvest/entry/using_adf_logger_with_groovy
and For some more advanced usage
http://tompeez.wordpress.com/2011/09/23/adflogger-using-a-custom-formatter-class-to-print-log-messages/
Timo -
People/Group column in Datasheet View with ADFS Authentication.
Greetings,
We use ADFS & NTLM Authentication on our web application, but NTLM is only used to allow search to crawl the farm. So all users login and use their ADFS account when accessing the farm. When users are editing a list in Quick Edit/Datasheet
view when they try to edit a People/Group column they get "The user does not exist or is not unique." unless they enter in the full claim. e.g. "i:e0.t|adfs|[email protected]". The user will then resolve properly.
Has anyone else run across this or know how to solve this problem?
Thanks.Hi ,
For this issue, I'm trying to involve someone familiar with this topic to further look at it.
Thanks,
Eric
Eric Tao
TechNet Community Support -
Hi,
We are building an ADF Application and created our logger, which is a wrapper around the ADFLogger. As expected logging etc works just fine for the ADF applications deployed in weblogic. However there are parts of the application which could be a standalone (pure java) based components deployed independently, which are leveraging this wrapper logger too. For these applications we added the ADF dependent libraries needed for the ADFLogger. Still these apps are not able to log anything, and I think the main reason being it is not able to get a handle to the logging.xml fine which defines the ODL handler. All other runtime parameters like
"-Djbo.debugoutput=adflogger -Djbo.adflogger.level=FINEST" are passed.
There is no error etc, however the logs are not coming.
Is there a way where we can specify the logging.xml to the ADFLogger, so that it doesn't looks for the default location under - '+/<domain>/config/fmwconfig/servers/DefaultServer+'?
In general also (for pure ADF based applications), is there a way we can define the path of our logging.xml file, instead of using the default one?
Would appreciate any help.
Thanks
SachinHi,
While I appreciate your response, however the question I have is - 'can we have our own logging.xml?' If yes how do we pass the information of our logging.xml to ADFLogger, instead of using the default logging.xml.
I know we can have our own logger handler defined within the logging.xml, but that is not what we are looking for. The ask is to have the option of having the path of logging.xml defined for ADFLogger.
Thanks
Sachin -
Where can I find User authentication log?
Hi,
I am trying to find the log that has User authentication details such as login failed, invalid, success so on.
I looked at SharedServices_security log. It has fail/success message but it doesn't have User name. It is just saying Anonymous ID.
Do I have to enable anything on server or is there any other way to pull this kind of info from front-end.
By the way, we are using EPM 11.1.2.1
Thanks in advance,
PMYou could find the authenrication service log in the format "server_messages_OriginatorType.log"
which will be under the EPM_ORACLE_INSTANCE/diagnostics/logs/ReportingAnalysis folder.
You could refer this document for other log details : http://docs.oracle.com/cd/E17236_01/epm.1112/epm_install_troubleshooting_11121.pdf
Note:You may need to put the log level to trace to get more information. -
MVC Applications and ADFS authentication
Hello,
I have a requirement to create a MVC.NET application that uses ADFS for authentication. I already have created the project and it works with our ADFS server (On-Premise). Now, the next requirement is that we have an existing application (App1) that has
a link to the application that I'm working on (App2). The requirement is that once the user is authenticated for App1 and they click the link to go to App2 they shouldn't have to re-enter their credentials. How should I configure App2 to
meet this requirement?
Your help is much appreciated.
Masoud SharifiHello Masoud Sharifi,
MVC application as the WEB application should be asked on ASP.NET forum:
http://forums.asp.net/
Best regards,
Barry
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.
Maybe you are looking for
-
I can't activate iTunes-Error Code 600
When I try to activate iTunes, the message on my screen mentions Error Code 600. I'm sure the problem was caused because I tried to import too many songs (200+) for a 1GB iPod Nano. While iTunes was converting the last song to the AAC format, it sudd
-
Accidentally Deleted Quick Time
I was recently removing unused programs to open more space on my hard drive, and I accidentally deleted Quick Time. Now everytime I try to open my iTunes, I get an error and I cannot open it. Is there any way I can reinstall Quick Time?
-
REEXACRCARRYFORWARD Accrual carry forward for RE-FX Module
Hi, I have the RE-FX accruals engine set up and running successfully, however am uncertain what the transaction REEXACRCARRYFORWARD transaction does. I do note that in the SAP service market place SAP note 896879 makes mention that this transaction "
-
URLConnection.read(..) not reading
Hi all, I'm not sure if this is the right place to post this question.. When i connect to a server (specifically Darwin Streaming Server) with a URLConnection to set up my GET connection, i get nothing back (it blocks) when i try to read from the inp
-
XML Transformation - Migration from JDK 1.4 to JDK 1.6
Hi all, I am switching from JDK 1.4 to JDK 1.6 but my XSLT transformations are outputting different XML (although structurally sound). JDK 1.6 outputs the namespaces for each element rather than placing them at the top level node. I've included the s