ADFS Prompt in IE

We have an internal website that uses an ADFS 3.0 instance. The problem we're seeing is that even though Chrome works just fine (with forms-based authentication), IE fails. For IE - even if the ADFS' URL is listed as an Intranet site, and "Automatic
Logon with currnet username and password" is set - a password prompt is still presented, and even with correct credentials, an HTTP 400 is given back to the client.
Any idea what could generate this behavior ?

Hi Albert,
Here are some similar threads below I suggest you refer to:
2012 R2 Web Application Proxy Returns HTTP 400 Bad Request for ADFS Pre-Authentication with Kerberos
http://social.technet.microsoft.com/Forums/windowsserver/en-US/a740813d-7ed8-475e-8405-e2df8c3b348f/2012-r2-web-application-proxy-returns-http-400-bad-request-for-adfs-preauthentication-with-kerberos?forum=winserverNIS
2012 R2 Web Application Proxy returns 400 (Bad Request) for Kerberos IIS App
http://social.technet.microsoft.com/Forums/windowsserver/en-US/a9125e2b-425b-4d71-8698-422c0ba79f13/2012-r2-web-application-proxy-returns-400-bad-request-for-kerberos-iis-app?forum=winserverNIS
AD FS Windows Authentication Throws 400 Bad Request
http://social.msdn.microsoft.com/Forums/vstudio/en-US/ee0368b0-6d34-4545-b6df-cfbdc7191393/ad-fs-windows-authentication-throws-400-bad-request?forum=Geneva
If methods from above threads couldn’t help you solve this issue, I suggest you refer to this forum below to get professional support:
Claims based access platform (CBA), code-named Geneva Forum
http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
Best Regards,
Amy

Similar Messages

ADF panel does not prompt for variable defined in ADF view object.

I have created an ADF Panel, which allows the user to run a few simple queries against an Oracle database done using ADF view objects and ADF view links and ADF application module.
One of these queries lookup detail information about a given database object (Table, view or whatever) from dba_objects. The SQL uses a parameter (:P_OBJ_NAME) that has a default value of “Departments”. If I run the ADF application module by itself outside of the ADF panel, all works fine, it prompts me to provide a value for the parameter :P_OBJ_NAME.
As I said the panel contains the different ADF view links including the one that should prompt the user to provide a value for :P_OBJ_NAME. When I run the panel it does not prompt me for :P_OBJ_NAME, it just uses the default defined value “departments”.
I hope I described my problem for every one to understand. The question obviously is how do I get the ADF panel to prompt the user to provide a value for parameter :P_OBJ_NAME, my expectation was that since the sql in the view object and the application module both are designed to prompt for a value for this parameter then the panel should do just that but it does not.
You expert input would be most appreciated.
Thanks.
Bobby A.
Edited by: Babak Akbari on Aug 13, 2009 8:34 AM
Edited by: Babak Akbari on Aug 13, 2009 11:12 AM

The prompting for a parameter is a feature we built into the ADF Tester - it is not a default behavior you get in your application when you just place a VO on your page.
To get something like this expend the operations node under the VO in the data control palette, and drag the "Execute with parameters" operation to your page to drop it as a parameter form.
This will provide your user a place to fill out the parameter and press a button to execute the query.

ADF security - prompt for user id and password again on page forward

Hi,
I am working with ADF using JDeveloper 10.1.3 with Business Components and ADF Faces.
I have a Search page and a List page.
Both pages are based on the same view within the same application module.
The Search page is using the default Find and Execute Operations.
The Execute button has an action that navigate to the List screen.
faces-config.xml
<navigation-rule>
<from-view-id>/jspx/search.jspx</from-view-id>
<navigation-case>
<from-outcome>search</from-outcome>
<to-view-id>/jspx/list.jspx</to-view-id>
<redirect/>
</navigation-case>
</navigation-rule>
<navigation-rule>
<from-view-id>/jspx/list.jspx</from-view-id>
<navigation-case>
<from-outcome>find</from-outcome>
<to-view-id>/jspx/search.jspx</to-view-id>
<redirect/>
</navigation-case>
</navigation-rule>
Security (Roles and Users) is based on the jazn-data.xml and web.xml
URL Patterns for the pages have assigned to the role.
Login Configuration is HTTP Digest Authentication
<web-resource-collection>
<web-resource-name>APP_SUPPORT</web-resource-name>
<url-pattern>faces/jspx/search.jspx</url-pattern>
<url-pattern>faces/jspx/list.jspx</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>APP_SUPPORT</role-name>
</auth-constraint>
<login-config>
<auth-method>DIGEST</auth-method>
</login-config>
Everything is fine when running the application from JDeveloper,
but when the application is deployed to the server (OC4J),
After logging into the system, the Search page prompt for user id and password again
on click of the Execute button.
Have anyone experience this problem before?
Thanks for any help.
Jim

Hi,
does the same thing happen if you change your protected resource from:
<web-resource-collection>
<web-resource-name>APP_SUPPORT</web-resource-name>
<url-pattern>faces/jspx/search.jspx</url-pattern>
<url-pattern>faces/jspx/list.jspx</url-pattern>
</web-resource-collection>to:
<web-resource-collection>
<web-resource-name>APP_SUPPORT</web-resource-name>
<url-pattern>/faces/jspx/*</url-pattern>
</web-resource-collection>Brenden

ADF Faces + BC 10.1.3: prompting to save changes after any navigation

Hello all,
Working on an application that uses ADF Faces + Business Components. We're using the PanelPage component and using a menu tree model bean specified in faces-config.xml for the menu1, menu2, and menu3 facets of the PanelPage.
What we'd like to be able to do is, regardless of what page the user is on, be able to check if the user is trying to navigate via the menu without having saved changes and then prompt them "do you want to save your changes" with a Dialog.
Creating the dialog is the part I know how to do, but how could I, in a generic way:
a). Have some code execute during the navigation. I assume this is a custom ADFPhaseListener/FacesPageLifecycle class, but not sure.
b).Detect whether the model has uncommitted changes. I assume this is something on the Application Module, but could not figure this out.
Has anyone done something like this before?
Thanks for any insight into this.
Regards,
John

OK, gang, here's an update:
I wanted to try to, in a generic way, capture changes that have happened to the data without having to go through a change listener on each field. Since my pages are all based upon BC View Objects with underlying Entity Objects, I have cobbled together some code (with lots of stuff hard-coded for now) that is able to tell me whether the data has been modified or not. The way I have the code right now, it works if the page is based upon one view object that has one underlying entity. Extending this to a view object that has multiple entities should be relatively straightforward (just loop through all of the entities and look for modifed status, instead of looking at only the first one).
    System.out.println("Starting the test");
    FacesContext ctx = FacesContext.getCurrentInstance();
    Application app = ctx.getApplication();
    ValueBinding bind = app.createValueBinding("#{data.AppModuleDataControl.dataProvider}");
    AppModuleImpl svc = (AppModuleImpl) bind.getValue(ctx);
    ViewObject v = svc.findViewObject("InputSheetView1");
    ViewRowImpl vri = ((ViewRowImpl)vo.getCurrentRow());
    EntityImpl ei = vri.getEntity(0);
    int i = (int) ei.getEntityState();
    System.out.println(Entity.STATUS_NEW);
    System.out.println(Entity.STATUS_UNMODIFIED);
    System.out.println(Entity.STATUS_MODIFIED);
    System.out.println(Entity.STATUS_DELETED);
    System.out.println(Entity.STATUS_DEAD);
    System.out.println(Entity.STATUS_INITIALIZED);
    System.out.println("The answer is");
    System.out.println(i);
    System.out.println("Finishing the test");Now, how to make this generic. How could I, from the page's backing bean:
1). Determine the name of the data control(s) used on the page? Alternatively, how to determine the name of the application modules used by the page? I know this information is in DataBindings.cpx, but how to find it programatically?
2). How to determine which View Objects from the AM's are used on the page? I know this is in the PageDef, but again, how to do this programatically?
Thanks for any ideas?
Regards,
John

Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

I would love some help with this issue. I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0 I have a test account set up with lab.acme.com to use the ACS.
When I log into my site using Windows Auth, everything is great. However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
to use to log in and after 3-5 second
and return me the logon page with error message “Authentication failed”
I base my setup on the technet article
http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
I validated than all my certificate are valid and able to retrieve the crl
I got in eventlog id 300
The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Additional Data
Exception details:
Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
serializationContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
trustNamespace, AsyncCallback callback, Object state)
System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
thx
Stef71

This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
on my case was :
PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ad0001.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
Certificate : [Subject]
CN=domain.AD0001CA, DC=domain, DC=com
[Issuer]
CN=domain.AD0001CA, DC=portal, DC=com
[Serial Number]
blablabla
[Not Before]
22/07/2014 11:32:05
[Not After]
22/07/2024 11:42:00
[Thumbprint]
blablabla
Name : domain.ad0001
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : domain.ad0001
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17164
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ADFS_Signing.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
Certificate : [Subject]
CN=ADFS Signing - adfs.domain
[Issuer]
CN=ADFS Signing - adfs.domain
[Serial Number]
blablabla
[Not Before]
23/07/2014 07:14:03
[Not After]
23/07/2015 07:14:03
[Thumbprint]
blablabla
Name : Token Signing Cert
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : Token Signing Cert
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17184
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.PORTAL>

HP LaserJet MFP M476dw paper size mismatch when copying or scanning from ADF

We have HP Color LaserJet MFP M476dw that has an issue when copying or scanning from the ADF.
Put a single A4 sheet in the ADF and choose copy, with all settings correct & no resizing, and the output copy is moved down the page (increased top marging by a couple of inches).
My initial thoughts were a paper size issue (e.g. treating A4 as Letter or vice versa) but all settings look correct. I have even done a reset and started over and the problem remains.
If I take the original and place it on the flatbed and copy from there with all the same settings then it works fine.
There is a similar issue when scanning from the ADF. Again, scanning from the flatbed works fine.
I've tried all I can think of. Does anyone have any further suggestions? Could it be a fault in the ADF?
Here's the full device settings info:
Device Configuration
[Shop for Supplies][Support]
Product Information
Product Name:
HP Color LaserJet MFP M476dw
Formatter Number:
YF10C9X
Serial Number:
CNB7G2H6T9
Service ID:
24113
Firmware Datecode:
20131122
Disable Fax:
No
Telecom Version:
05-031-001
Location:
UK
ADF Installed:
Yes
Max Monochrome Print Quality:
600x8
Max Color Print Quality:
ImageREt 3600
Controller Number:
72
Duplexer Version:
0
Device Description:
HP Color LaserJet MFP M476dw
Language:
English
Default Settings:
Self-managed
Asset Number:
Your Company Name:
Contact Person:
Device Location:
Geo Location:
Product Security:
Off
Wired HW Address:
fc:15:b4:78:28:46
Wireless HW Address:
54:35:30:2f:d7:fc
Network In Use:
Wired
Host Name:
NPI782846
IPv4 Address:
192.168.9.18
IPv6 Address:
FE80::FE15:B4FF:FE78:2846
Total Memory:
256 MBytes
Available Memory:
117.7 MBytes
Installed Personalities and Options
PCL6
(20040201)
AirPrint
PCL
(20040201)
PDF
(20040201)
PS
(20040201)
USB Flash Drive:
Empty
Impressions
Total Impressions:
10684
Monochrome Impressions:
4799
Color Impressions:
5885
Total Equivalent Impressions (A4/Letter):
10684.0
Monochrome Equivalent Impressions (A4/Letter):
4799.0
Color Equivalent Impressions (A4/Letter):
5885.0
Duplex Sheets:
1223
Jam Events:
0
Mispick Events:
4
Photo Color Impressions:
0
Photo Monochrome Impressions:
0
USB Flash Drive Insertions:
0
Images Scanned to USB Flash Drive:
0
Copy Flatbed Images Scanned:
373
Copy ADF Images Scanned:
409
Copy Monochrome Impressions:
1122
Copy Color Impressions:
102
ADF Images Scanned to Host:
0
Flatbed Images Scanned to Host:
0
Images Scanned to E-mail:
0
Images Scanned to Network Folder:
0
Fax ADF Images Scanned:
23
Fax Flatbed Images Scanned:
1
Fax Impressions:
18
Images Sent from PC:
0
ADF Images Scanned:
1149
Flatbed Images Scanned:
779
Scanner Jam Events:
8
Paper Settings
Default Paper Size:
A4
Default Paper Type:
Plain
Tray 1 Size:
A4
Tray 1 Type:
Letterhead
Tray 2 Size:
A4
Tray 2 Type:
Plain
Paper Out Action:
Wait Forever
Manual Feed:
Off
Duplex:
Off
Bind:
Long Edge
Print
Auto Continue:
Off
Number of Copies:
1
Courier Font:
Regular
Orientation:
Portrait
Monochrome RET:
On
Wide A4:
No
Monochrome Resolution:
600
Monochrome Bits per Pixel:
8
Color Resolution:
600
Color Bits per Pixel:
32
IO Timeout:
120 Seconds
Jam Recovery:
Auto
Personality:
Auto
Print PS Errors:
Off
USB Flash Drive
Print Documents:
Number of Copies:
1
Paper Size:
A4
Paper Type:
Plain
Fit to Page:
On
Collation:
Off
Output Color:
Color
Print Photos:
Image Size:
10 x 15 cm
Paper Size:
A4
Paper Type:
Plain
Lighter/Darker:
<-----*----->
Number of Copies:
1
Output Color:
Color
Scan Settings:
Scan Resolution:
150
Scan File Type:
PDF
Scan Paper Size:
A4
Flatbed Scanner:
Single Page
Document Feeder:
1-Sided
File Name Prefix:
scan
Output Color:
Color
Copy
Optimize:
Auto Select
Lighter/Darker:
<-----*----->
Paper Size:
A4
Paper Type:
Plain
Collation:
On
Number of Copies:
1
Reduce/Enlarge:
Original=100%
Draft Mode:
Off
Tray Select:
Auto Select
Two-Sided:
1-Sided to 1-Sided
Multi-Page Copy:
Off
Fax
Your Company Name:
HP Fax
Answer Mode:
Automatic
Rings to Answer:
2
Distinctive Ring:
All Rings
Dial Prefix:
Off
Fax Resolution:
Fine
Lighter/Darker:
<-----*----->
Fit to Page:
On
Glass Size:
A4
Dialing Mode:
Tone
Redial if Busy:
On
Redial if No Answer:
Off
Redial if Comm. Error:
On
Detect Dial Tone:
Off
Billing Codes:
Off
Extension Phone:
On
Stamp Faxes:
Off
Private Receive:
Off
Confirm Fax Number:
Off
Allow Fax Reprint:
Yes
Print Duplex:
Off
Fax/Tel Ring Time:
20
Fax Speed:
Fast (V.34)
Error Correction:
On
Forward Fax:
Off
Block Junk Faxes:
Off
Phone Line Volume:
Medium
Alarm Volume:
Medium
Ring Volume:
Medium
Key-Press Volume:
Medium
Fax Confirmation:
Never
Fax Error Report:
Never
Include First Page:
On
Auto Log Print:
On
Print T.30 Trace:
Never
Paper Types
Plain:
Normal
HP Matte 90g:
Normal2
HP Matte 105g:
Heavy
HP Matte 120g:
Card stock
HP Matte 150g:
Extra Heavy
HP Matte 200g:
Extra Heavy
HP Glossy 120g:
Glossy
HP Glossy 150g:
Glossy
HP Tri Glossy 150g:
Glossy
HP Glossy 200g:
Heavy Glossy
Light 60-74g:
Light
HP EcoSMART Lite:
Extra Light
Intermediate:
Normal2
Mid-Weight 96-110g:
Heavy
Heavy 111-130g:
Card stock
Extra Heavy 131-175g:
Extra Heavy
Hvy Glossy 111-130g:
Light Glossy
X-Hvy Glossy 131-175g:
Glossy
Card Glossy 176-220g:
Heavy Glossy
Color Transparency:
Transparency
Labels:
Label
Letterhead:
Normal
Envelope:
Envelope
Heavy Envelope:
Heavy Envelope
Preprinted:
Normal
Prepunched:
Normal
Colored:
Normal
Bond:
Heavy
Recycled:
Normal
Rough:
Heavy
Heavy Rough:
Heavy
HP Tough Paper:
Tough Paper
Opaque Film:
Tough Paper
Energy Settings
Sleep/Auto Off After:
30 Minutes
Wake on These Events
USB Job
Yes
LAN Job
Yes
Wireless Job
Yes
Control Panel
Yes
Fax Ring
Yes
Shut Down After:
Never
LaserJet Updates Settings
Check Automatically
Yes
Prompt Before Install
Yes
Allow Downgrade
Yes
Allow Updates
Yes
Miscellaneous
Extended print modes modified:
No
Very Low Setting (Black Cartridge):
Prompt
Very Low Setting (Color Cartridges):
Prompt
Low Threshold (Black Cartridge):
5%
Low Threshold (Cyan Cartridge):
3%
Low Threshold (Magenta Cartridge):
3%
Low Threshold (Yellow Cartridge):
3%
Store Usage Data&colon;
On Supplies
USB Connection:
No
Font Source:
I (Internal)
Font Number:
23
Font Pitch:
10.00
Font Point Size:
12.00
Symbol Set:
PC-8
Form Length:
64 Lines
Append CR to LF:
No

To get your issue more exposure I would suggest posting it in the commercial forums since this is a commercial product. You can do this at Commercial Forums.
I hope this helps!
R a i n b o w 7000I work on behalf of HP
Click the “Kudos Thumbs Up" at the bottom of this post to say
“Thanks” for helping!
Click “Accept as Solution” if you feel my post solved your issue, it will help others find the solution!

Unable to set the selected value for a ADF LOV

Hi,
I am developing an application using jdeveloper 10.1.3 and Struts.
I have created a ADF LOV on my JSP Page as given below:
<html:select property="lob" onchange="javascript:selectLOB(this.form)">
<html:optionsCollection label="prompt" value="index" property="lob.displayData"/>
</html:select>
When i submit the form, i am able to get the value of the selected Value in the List.
JUCtrlListBinding listBinding = (JUCtrlListBinding) formBean.get("Lob");
Row r = (Row) listBinding.getSelectedValue();
String SoLob = (String) r.getAttribute("LobLob");
But i am unable to set the selected value back in the list when i return to the form again.
I tried the following:
int x = listBinding.getSelectedIndex();
listBinding.setSelectedIndex(x);
It would be really helpful if some one could let me know what needs to be done.
Thanks,
Subashini

Gyan,
I tried with the code you suggest , its trying to set the value of a field, but my requirement is to change the property for
"Rendered" on the field so that based on search parameters we can hide result table column.
After searching online, I modified the controller code as follows
1.Created a new transient attribute (Testrender) with type "Boolean" and always updateable.
2.changed the "Rendered" property value on the field I want to hide as ${oa.PoSearchVO1.Testrender}.
3. Modified the controller code as follows :
        OAApplicationModule am = pageContext.getApplicationModule(webBean);
        OAViewObject testvo = (OAViewObject)am.findViewObject("PoSearchVO1");
        OADBTransaction txn = am.getOADBTransaction();
        if (testvo != null)
          OARow row = (OARow)testvo.first();
            if (a.equalsIgnoreCase("Approved"))
                 row.setAttribute("Testrender", Boolean.FALSE);
            else
                 row.setAttribute("Testrender", Boolean.TRUE);
        } But now when i run the page and populate the search field and click "Go" its hiding the field but throwing the following error and the search results are also bad.
Its using only the value of one search parameter but not the second one .
The search cannot be executed because the table has pending changes that would be lost. I think the vo is getting dirty when I update the transient attribute value. So I used txn.rollback ,then search is working fine but its not hiding the field.
So can you please let me know how to proceed from here ?

ADFS 3.0 - Web Application Proxy configuration Issue

Hi All,
We are in the process of implementing ADFS 3.0 published to the internet for o365 Federation purposes.
The setup consists of the following
- 2 x windows 2012 R2 running ADFS 3.0 ( only one server presently installed and configured though)
- 2 x Windows 2012 R2 Running Web Application Proxy ( only one server presently installed and configured though ).
There is an F5 Big-IP load-balancer for both internal and external interfaces and it has been configured after a lot of issues with the SNI part on the F5.
So, in short the setup is now a single server hosting ADFS 3.0 using SQL and a single WAP server, however the traffic to these servers are still going through the LB.
Now the issue is that i cannot complete the installation/configuration of the Web Application Proxy server. There is a firewall in between our DMZ and the internal network. I can reach the internal services via the following url and telnet on port 443
to the federation service as well. (ports for 443 and 80) are opened to internal network on the load balancer ip . I can reach https://fs.domain.com/adfs/ls/idpinitiatedsignon.aspx and federationmetadata/2007-06/federationmetadata.xml location as well
from the Web APplication proxy server without any issues or certificate prompts at all.
When i do the configuration for WAP, i use the same account which was used as a service account for the ADFS service internally. If i use a local admin account, it errors out with another message stating the connection was closed.
The certificate on the internal server along with its private key was exported and has been imported on the WAP server . This is not internal CA, instead we are using DIGICERT SSL with SAN Names for enterprise registration and work folders. Hence the CA Chain
issue is ruled out and also this is not a wild card certificate.
When the wizard starts configuring, it does establish the trust with the federation service which is shown up in the event viewer with EventID 391 within 15 seconds i get another event id 422 which states that it cannot retrieve the proxy configuration
and eventid 276 on the Federation server which states the authentication failure. this continues until the servers stops to try configuring the wizard.
I have read all the available threads on the 3.0 WAP installation /configuraiton problem and tried all the steps possible but i am still stuck with this issue.
There is one more part that i noticed on the ADFS server, that the self signed services for the token-encrypting and token decrypting are self-signed certificates. Also, in the certificates it was showing up as not trusted. and i installed them to the TRUSTED
ROOT CERTIFICATION STORE after wich i cannot see any private key showing up when viewing the certificate which means i cannot get the MANAGE PRIVATE keys option when right clicking on the cert to assign read permissions for the ADFS service account.
Should i assign the same SSL sertificate (SAN based for enterpriseregistration & Workfolders) to the token-encrypting and token-decrypting services in ADFS console or should i leave them as self signed ? I did read that self-signed is not recommended for
production environment ? If not the same certificate what are the requirements for the certificate ?
I am not sure what I am missing in the configuration that is causing this issue. The WAP servers are not part of the domain and have also ensured the time synchronization between the domain machine as well.
The service name is fs.domain.com on both the internal and external DNS ( we have domain.com as a zone in DNS internally as well ). I am able to Authenticate inside and from the WAP server when accessing the link.
Could it be a Load Balancer Configuration ? [i will try eliminating this from the configuration]
Let me know if there are any options that i can try to resolve this and get the configuration working.
Cheers,

Does the load balancer pass the certificate session through to the ADFS server or are you offloading SSL. SSL offload does not work with WAP/ADFS integration (at least at the time of writing it does not).
Can you try through the load balancer with SSL pass through turned off please.
Also as ADFS 3.0 (Server 2012 R2) uses Server Name Indication (SNI) then any health checks that run on the load balancer must support this, so if they do not then you need to use TCP 443 checks for a listening port, as doing a standard HTTPS check will fail,
and if the load balancer fails its checks whilst you are configuring ADFS that might be a reason why it has gone offline for you (error 442 is to do with failure to swap client certificates between WAP and ADFS).
Finally, check the June update to Server 2012 R2 (http://support.microsoft.com/kb/2964735) as that has fixed some certificate issues with multiple servers for WAP and ADFS when you don't have the
2012 R2 AD schema in place.
Brian Reid
Exchange MVP and Exchange and Office 365 Certified Master
www.c7solutions.com
Brian Reid C7 Solutions Ltd (www.c7solutions.com)

ADFS 3.0 Windows Authentication not working

I recently upgraded from ADFS 2.1 and TMG 2010 as the reverse proxy to ADFS 3.0 and Web Application Proxy as the reverse proxy. I have upgraded to ADFS 3.0 successfully and it is working without anything changing to the end users. This is still
using TMG 2010 as the reverse proxy.
When I make the changes to use WAP as the reverse proxy, I get prompted with a forms based authentication page instead of the usual windows authentication screen. This poses a problem since this creates an extra step for people when logging on to our
sites that use SSO since there's no "save password" box. I can move the traffic back to TMG and it's back to working like it should but we are looking to remove TMG very soon.
When I am on the "inside" network connecting to ADFS without the reverse proxy, it works just fine. However, ALL of our users are "outside" of the network will be using the reverse proxy. None of the computers are domain joined.
The issue seems to only be when using Web Application Proxy server to service ADFS SSO requests.....TMG servicing these requests does not have this issue.
What's the difference? How can I get this functionality back with WAP?

Hi Eric,
Based on my research, when publishing applications that use Integrated Windows authentication, the Web Application Proxy server uses Kerberos constrained delegation to authenticate users
to the published application.
To use Integrated Windows authentication, the Web Application Proxy server must be joined to an AD DS domain.
More information for you:
Web Application Proxy: Some applications are configured to perform backend authentication using Integrated Windows authentication but the server is not joined to a domain
http://technet.microsoft.com/en-us/library/dn464299.aspx
Best Regards,
Amy

ADFS 3.0 Issue - Caching Bad Passwords

We have come across a slightly odd problem with ADFS.
For over a year now we have been running ADFS 2.0 for our Office 365 Enterprise Mail, the solution was set up as default ( with the obvious exception of Certs and passwords it was plain next, next next and take all the defaults ) and this has been perfect
all this time.
We just used the same method for a nice default install of ADFS 3.0 and we have switched one of our smaller domains to use it as a test, however we have come across a very annoying issue.
If a user opens Outlook, they get a password prompt as usual, if they put in the password all is perfectly fine, if however they accidentally typo and put in the wrong password, when the password prompt finally comes up a second time, it dosent seem to care
if they put the right one in, it sends the first password again, and keeps going no matter what you do until the account is locked out, the only way to fix it is to close and reopen outlook.
I'm sure many people will not read or understand this correctly and just say it's a setting or some other issue with Outlook etc. but bear in mind I can even switch this domain back to our ADFS 2.0 setup and do the same test with the same user and the same
machine, and everything works as you'd expect, and typing the correct password the second time leads to authentication. This must therefore be an issue or difference between ADFS 2.0 and 3.0, or perhaps its just a plain old bug, who knows, all I do know is
that it's an issue that causes some very annoyed users, and we cant complete our update to ADFS 3.0 until this is fixed.
I have read a few ADFS 3.0 articles that suggest that using a GMSA account ( the default ) may be to blame so I am investigating using a normal account as the service account, but that does unfortunately seems to entail a reinstall of ADFS to accomplish
so will take a little time to switch.
Any help or ideas would be appreciated.

Hi David,
I just tested this on Outlook 2013, after input a wrong password, the password prompt popped out without any error message, and the wrong password was cached (displayed as ********), if I click on OK, the password prompt will popped
back with wrong password again.
Is this the issue which you were referring to?
If that’s the case, then it is a normal behavior, by design at least. To avoid account lockout, every time the password prompt pops out after a failed logon attempt, we need to clear the password, then input a correct one manually.
Best Regards,
Amy

ADFS SSO and SharePoint 2013 on-premise Hybrid outbound search results from SharePoint Online - does it work?

Hi,
I want to setup an outpund hybrid search for SharePoint 2013 on-premise to SharePoint Online.
But I'm not shure if this works with ADFS SSO.
Has somebody experience with this setup?
Here's my guide which I'm going to use for this installation:
Introduction
In this post I'll show you how to get search results from your SharePoint Online in your SharePoint 2013 on-premise search center.
Requirements
User synchronisation ActiveDirectory to Office 365 with DirSync
DirSync password sync or ADFS SSO
SharePoint Online
SharePoint 2013 on-premise
Enterprise Search service
SharePoint Online Management Shell
Instructions
All configuration will be done either in the Search Administration of the Central Administration or in the PowerShell console of your on-premise SharePoint 2013 server.
Set up Sever to Server Trust
Export certificates
To create a server to server trust we need two certificates.
[certificate name].pfx: In order to replace the STS certificate, the certificate is needed in Personal Information Exchange (PFX) format including the private key.
[certificate name].cer: In order to set up a trust with Office 365 and Windows Azure ACS, the certificate is needed in CER Base64 format.
First launch the Internet Information Services (IIS) Manager
Select your SharePoint web server and double-click Server Certificates
In the Actions pane, click Create Self-Signed Certificate
Enter a name for the certificate and save it with OK
To export the new certificate in the Pfx format select it and click Export in the Actions pane
Fill the fields and click OK Export to: C:\[certificate
name].pfx Password: [password]
Also we need to export the certificate in the CER Base64 format. For that purpose make a right-click on the certificate select it and click on View...
Click the Details tab and then click Copy to File
On the Welcome to the Certificate Export Wizard page, click Next
On the Export Private Key page, click Next
On the Export File Format page, click Base-64 encoded X.509 (.CER), and then click Next.
As file name enter C:\[certificate
name].cer and then click Next
Finish the export
Import the new STS (SharePoint Token Service) certificate
Let's update the certificate on the STS. Configure and run the PowerShell script below on your SharePoint server.
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
$X64CertPath = "c:\[certificate name].cer"
# get the encrypted pfx certificate object
$PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# import it
Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $PfxCert
Type Yes when prompted with the following message.
You are about to change the signing certificate for the Security Token Service. Changing the certificate to an invalid, inaccessible or non-existent certificate will cause your SharePoint installation to stop functioning. Refer
to the following article for instructions on how to change this certificate: http://go.microsoft.com/fwlink/?LinkID=178475. Are you
sure, you want to continue?
Restart IIS so STS picks up the new certificate.
& iisreset
& net stop SPTimerV4
& net start SPTimerV4
Now validate the certificate replacement by running several PowerShell commands and compare their outputs.
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
# get the encrypted pfx certificate object
New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# compare the output above with this output
(Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
[/code]
## Establish the server to server trust
[code lang="ps"]
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
Import-Module MSOnline
Import-Module MSOnlineExtended
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
$X64CertPath = "c:\[certificate name].cer"
# set the onpremise domain that you added to Office 365
$SPCN = "sharepoint.domain.com"
# your onpremise SharePoint site url
$SPSite="http://sharepoint"
# don't change this value
$SPOAppID="00000003-0000-0ff1-ce00-000000000000"
# get the encrypted pfx certificate object
$PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# get the raw data
$PfxCertBin = $PfxCert.GetRawCertData()
# create a new certificate object
$X64Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
# import the base 64 encoded certificate
$X64Cert.Import($X64CertPath)
# get the raw data
$X64CertBin = $X64Cert.GetRawCertData()
# save base 64 string in variable
$CredValue = [System.Convert]::ToBase64String($X64CertBin)
# connect to office 3656
Connect-MsolService
# register the on-premise STS as service principal in Office 365
# add a new service principal
New-MsolServicePrincipalCredential -AppPrincipalId $SPOAppID -Type asymmetric -Usage Verify -Value $CredValue
$MsolServicePrincipal = Get-MsolServicePrincipal -AppPrincipalId $SPOAppID
$SPServicePrincipalNames = $MsolServicePrincipal.ServicePrincipalNames
$SPServicePrincipalNames.Add("$SPOAppID/$SPCN")
Set-MsolServicePrincipal -AppPrincipalId $SPOAppID -ServicePrincipalNames $SPServicePrincipalNames
# get the online name identifier
$MsolCompanyInformationID = (Get-MsolCompanyInformation).ObjectID
$MsolServicePrincipalID = (Get-MsolServicePrincipal -ServicePrincipalName $SPOAppID).ObjectID
$MsolNameIdentifier = "$MsolServicePrincipalID@$MsolCompanyInformationID"
# establish the trust from on-premise with ACS (Azure Control Service)
# add a new authenticatio realm
$SPSite = Get-SPSite $SPSite
$SPAppPrincipal = Register-SPAppPrincipal -site $SPSite.rootweb -nameIdentifier $MsolNameIdentifier -displayName "SharePoint Online"
Set-SPAuthenticationRealm -realm $MsolServicePrincipalID
# register the ACS application proxy and token issuer
New-SPAzureAccessControlServiceApplicationProxy -Name "ACS" -MetadataServiceEndpointUri "https://accounts.accesscontrol.windows.net/metadata/json/1/" -DefaultProxyGroup
New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://accounts.accesscontrol.windows.net/metadata/json/1/" -IsTrustBroker -Name "ACS"
Add a new result source
To get search results from SharePoint Online we have to add a new result source. Run the following script in a PowerShell ISE session on your SharePoint 2013 on-premise server. Don't forget to update the settings region
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
# region settings
$RemoteSharePointUrl = "http://[example].sharepoint.com"
$ResultSourceName = "SharePoint Online"
$QueryTransform = "{searchTerms}"
$Provier = "SharePoint-Remoteanbieter"
# region settings end
$SPEnterpriseSearchServiceApplication = Get-SPEnterpriseSearchServiceApplication
$FederationManager = New-Object Microsoft.Office.Server.Search.Administration.Query.FederationManager($SPEnterpriseSearchServiceApplication)
$SPEnterpriseSearchOwner = Get-SPEnterpriseSearchOwner -Level Ssa
$ResultSource = $FederationManager.GetSourceByName($ResultSourceName, $SPEnterpriseSearchOwner)
if(!$ResultSource){
Write-Host "Result source does not exist. Creating..."
$ResultSource = $FederationManager.CreateSource($SPEnterpriseSearchOwner)
$ResultSource.Name = $ResultSourceName
$ResultSource.ProviderId = $FederationManager.ListProviders()[$Provier].Id
$ResultSource.ConnectionUrlTemplate = $RemoteSharePointUrl
$ResultSource.CreateQueryTransform($QueryTransform)
$ResultSource.Commit()
Add a new query rule
In the Search Administration click on Query Rules
Select Local SharePoint as Result Source
Click New Query Rule
Enter a Rule name f.g. Search results from SharePoint Online
Expand the Context section
Under Query is performed on these sources click on Add Source
Select your SharePoint Online result source
In the Query Conditions section click on Remove Condition
In the Actions section click on Add Result Block
As title enter Results for "{subjectTerms}" from SharePoint Online
In the Search this Source dropdown select your SharePoint Online result source
Select 3 in the Items dropdown
Expand the Settings section and select "More" link goes to the following URL
In the box below enter this Url https://[example].sharepoint.com/search/pages/results.aspx?k={subjectTerms}
Select This block is always shown above core results and click the OK button
Save the new query rule

Hi Janik,
According to your description, my understanding is that you want to display hybrid search results in SharePoint Server 2013.
For achieving your demand, please have a look at the article:
http://technet.microsoft.com/en-us/library/dn197173(v=office.15).aspx
If you are using single sign-on (SSO) authentication, it is important to test hybrid Search functionality by using federated user accounts. Native Office 365 user accounts and Active Directory Domain Services
(AD DS) accounts that are not federated are not recognized by both directory services. Therefore, they cannot authenticate using SSO, and cannot be granted permissions to resources in both deployments. For more information, see Accounts
needed for hybrid configuration and testing.
Best Regards,
Eric
Eric Tao
TechNet Community Support

MyFaces not rendering, ADF faces IS rendering

I'm installing my app on the websphere application server, Version 6.1 After having issues of both adf and myfaces not working, I came accross this link which helped me somewhat. http://wiki.apache.org/myfaces/Websphere_Installation .
By "not working" I mean that my jsp would have <h:commandLink>'s and <af:commandButton/> however the html was never actually generated. (You could view the pages source and the resulting html page was blank).
After following those instructions, ADF components are correctly rendered, and the html works. However, I can not use any <h:> or <h:> components.
Keep in mind, every single part of this used to work while using Tomcat (I think it was 5.5, not 6).
faces-config-app.xml (our replacement for faces-config).
<?xml version="1.0"?>
<!DOCTYPE faces-config PUBLIC "-//Sun Microsystems, Inc.//DTD JavaServer Faces Config 1.0//EN"
"http://java.sun.com/dtd/web-facesconfig_1_0.dtd">
<faces-config>
     
     <application>
          
          <variable-resolver>org.springframework.web.jsf.DelegatingVariableResolver</variable-resolver>
          
          <locale-config>
               <default-locale>en</default-locale>
               <supported-locale>en</supported-locale>
          </locale-config>
          
          <message-bundle>messages</message-bundle>
          
          <default-render-kit-id>oracle.adf.core</default-render-kit-id>
     </application>
     <lifecycle>
          <phase-listener id="responseHeaderController">com.unyric.cias.cm.web.util.HttpResponseHeaderController</phase-listener>
     </lifecycle>
</faces-config>web.xml (Yes there is a lot of extra things in there such as application context params, but I wanted to paste the whole thing. Please bear with me).
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
     <display-name>CIAS Case Management Web</display-name>
     <context-param>
          <description>JSF state setting: Keep state of views on client</description>
         <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
         <param-value>client</param-value>
     </context-param>
     <context-param>
          <description>JSF configuration files</description>
         <param-name>javax.faces.CONFIG_FILES</param-name>
         
         <param-value>/WEB-INF/faces-config-app.xml,/WEB-INF/faces-config-nav.xml,/WEB-INF/faces-config-beans.xml</param-value>
     </context-param>
     <context-param>
          <description>Spring configuration files</description>
          <param-name>contextConfigLocation</param-name>
          
          <param-value>/WEB-INF/presentationContext.xml classpath*:spring/applicationContext.xml classpath*:spring/validationContext.xml classpath*:spring/securityContext.xml classpath*:spring/hibernate.cfg.xml</param-value>
     </context-param>
     <context-param>
          <description>Validates JSF configuration files on startup</description>
         <param-name>org.apache.myfaces.validate</param-name>
         <param-value>true</param-value>
        </context-param>
     <context-param>
          <description>Timmer Setting for Case Queue screen</description>
             <param-name>pollingTimer</param-name>
             
             <param-value>60000</param-value>
     </context-param>
     <context-param>
          <description>Maximum number of rows shown in tables.</description>
             <param-name>tableRowsPerPage</param-name>
             <param-value>25</param-value>
     </context-param>
     <servlet>
          <description>JSF controller</description>
             <servlet-name>FacesServlet</servlet-name>
             <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
             <load-on-startup>1</load-on-startup>
     </servlet>
     
     <servlet-mapping>
           <servlet-name>FacesServlet</servlet-name>
          <url-pattern>*.do</url-pattern>
     </servlet-mapping>
     <servlet>
          <description>Serves up ADF Faces resources</description>
            <servlet-name>AdfResourceServlet</servlet-name>
          <servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
     </servlet>
     <servlet-mapping>
         <servlet-name>AdfResourceServlet</servlet-name>
         <url-pattern>/adf/*</url-pattern>
     </servlet-mapping>
     <listener>
          <description>Initializes Spring on application startup.</description>
          <display-name>Spring context loader</display-name>
          <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
     </listener>
     <filter>
          <description>Enables Acegi Security framework integration. Acegi is used to secure services.
          Standard J2EE is used to secure web requests.</description>
          <filter-name>AcegiFilterChainProxy</filter-name>
          <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
          <init-param>
               <param-name>targetClass</param-name>
               <param-value>org.acegisecurity.util.FilterChainProxy</param-value>
          </init-param>
     </filter>
     <filter-mapping>
          <filter-name>AcegiFilterChainProxy</filter-name>
          <servlet-name>FacesServlet</servlet-name>
     </filter-mapping>
     <filter>
          <description>Pre-processes requests to enable MyFaces extensions</description>
          <filter-name>MyFacesExtensionsFilter</filter-name>
          <filter-class>org.apache.myfaces.webapp.filter.ExtensionsFilter</filter-class>
         <init-param>
         
               <param-name>uploadMaxFileSize</param-name>
                <param-value>6m</param-value>
         </init-param>
         <init-param>
               <param-name>uploadThresholdSize</param-name>
                <param-value>100k</param-value>
         </init-param>
     </filter>
     
     <filter-mapping>
          <filter-name>MyFacesExtensionsFilter</filter-name>
         <servlet-name>FacesServlet</servlet-name>
     </filter-mapping>
     
     <filter-mapping>
         <filter-name>MyFacesExtensionsFilter</filter-name>
         <url-pattern>/faces/myFacesExtensionResource/*</url-pattern>
     </filter-mapping>
     <filter>
          <description>Pre-processes requests to enable ADF Faces functionality</description>
          <filter-name>AdfFacesFilter</filter-name>
          <filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
     </filter>
     <filter-mapping>
          <filter-name>AdfFacesFilter</filter-name>
         <servlet-name>FacesServlet</servlet-name>
     </filter-mapping>
     
     <filter>
          <filter-name>sitemesh</filter-name>
          <filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
     </filter>
     <filter-mapping>
          <filter-name>sitemesh</filter-name>
          <url-pattern>/*</url-pattern>
     </filter-mapping>
     
     <filter>
          <filter-name>OpenSessionInViewFilter</filter-name>
          <filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
          <init-param>
               <param-name>sessionFactoryBeanName</param-name>
               <param-value>ciasSessionFactory</param-value>
          </init-param>
          <init-param>
               <param-name>singleSession</param-name>
               <param-value>false</param-value>
          </init-param>
     </filter>
     <filter-mapping>
          <filter-name>OpenSessionInViewFilter</filter-name>
          <servlet-name>FacesServlet</servlet-name>
     </filter-mapping>
     
     <filter>
          <filter-name>SessionTimeout Filter</filter-name>
          <filter-class>com.unyric.cias.cm.web.filter.SessionTimeoutFilter</filter-class>
          <init-param>
               
               <param-name>redirectUrl</param-name>
               <param-value>timeOut.jsp</param-value>
          </init-param>
          <init-param>
               <param-name>sessionTimeout</param-name>
               
               <param-value>20</param-value>
          </init-param>
     </filter>
     <filter-mapping>
          <filter-name>SessionTimeout Filter</filter-name>
          <url-pattern>/secure/*</url-pattern>
     </filter-mapping>
     
     <session-config>
          <session-timeout>99</session-timeout>
     </session-config>
     
     <security-constraint>
          <web-resource-collection>
               <web-resource-name>FacesServlet security</web-resource-name>
               <url-pattern>*.do</url-pattern>
               
          </web-resource-collection>
          <web-resource-collection>
               <web-resource-name>View security</web-resource-name>
               <url-pattern>/secure/*</url-pattern>
               
          </web-resource-collection>
          <auth-constraint>
               <description>Allow any authenticated user</description>
               <role-name>*</role-name>
          </auth-constraint>
      </security-constraint>
     <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>CIAS-CM</realm-name>
     </login-config>
     <security-role>
          
          
             <role-name>case</role-name>
     </security-role>
     <welcome-file-list>
          <welcome-file>index.jsp</welcome-file>
     </welcome-file-list>
     
     <resource-ref>
          <res-ref-name>jdbc/cias</res-ref-name>
            <res-type>javax.sql.DataSource</res-type>
            <res-auth>Container</res-auth>
            <res-sharing-scope>Shareable</res-sharing-scope>
        </resource-ref>
     
     <error-page>
             <error-code>500</error-code>
             <location>/secure/errorPage.jsp</location>
     </error-page>
     <error-page>
          <exception-type>javax.faces.FacesException</exception-type>
          <location>/secure/errorPage.jsp</location>
     </error-page>
</web-app>Does anyone have any suggestions? Telling websphere to load the web-inf\lib directory before the AppServer\lib directory seems to have somewhat worked, but not completely.
On a side note, if I have a page such as (ignoring the extra h, f and t declarations)
<%@ taglib prefix="h"uri="http://java.sun.com/jsf/html" %>
<%@ taglib prefix="f" uri="http://java.sun.com/jsf/core" %>
<%@ taglib prefix="t" uri="http://myfaces.apache.org/tomahawk" %>
<%@ taglib prefix="af" uri="http://xmlns.oracle.com/adf/faces" %>
<f:view>
     <af:document>
          <af:form>
               <af:outputText value="hello2"/>
               <af:commandLink id="button" action="#{exploreCaseListAction.promptPersonalQueue}" text="Login"/>
          </af:form>
     </af:document>
</f:view>When I click on the commandLink button, I receive an error that states
java.lang.ClassCastException: org.apache.xalan.processor.TransformerFactoryImpl incompatible with javax.xml.transform.TransformerFactory
at javax.xml.transform.TransformerFactory.newInstance(Unknown Source)
at com.ibm.ws.jsp.translator.visitor.validator.PageDataImpl._getInputStream(PageDataImpl.java:125)
at com.ibm.ws.jsp.translator.visitor.validator.PageDataImpl.getInputStream(PageDataImpl.java:117)
at org.apache.taglibs.standard.tlv.JstlBaseTLV.validate(JstlBaseTLV.java:156)
at org.apache.taglibs.standard.tlv.JstlCoreTLV.validate(JstlCoreTLV.java:96)
at com.ibm.ws.jsp.translator.visitor.validator.ValidateVisitor.validateTagLib(ValidateVisitor.java:988)
at com.ibm.ws.jsp.translator.visitor.validator.ValidateVisitor.visitJspRootStart(ValidateVisitor.java:467)
at com.ibm.ws.jsp.translator.visitor.JspVisitor.processJspElement(JspVisitor.java:138)
at com.ibm.ws.jsp.translator.visitor.JspVisitor.visit(JspVisitor.java:121)
at com.ibm.ws.jsp.translator.JspTranslator.processVisitors(JspTranslator.java:121)
at com.ibm.ws.jsp.translator.utils.JspTranslatorUtil.translateJsp(JspTranslatorUtil.java:181)
at com.ibm.ws.jsp.translator.utils.JspTranslatorUtil.translateJspAndCompile(JspTranslatorUtil.java:83)
at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper.translateJsp(AbstractJSPExtensionServletWrapper.java:349)
at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper._checkForTranslation(AbstractJSPExtensionServletWrapper.java:317)
at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper.checkForTranslation(AbstractJSPExtensionServletWrapper.java:226)
at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper.handleRequest(AbstractJSPExtensionServletWrapper.java:131)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:308)
at org.apache.myfaces.context.servlet.ServletExternalContextImpl.dispatch(ServletExternalContextImpl.java:416)
at org.apache.myfaces.application.jsp.JspViewHandlerImpl.renderView(JspViewHandlerImpl.java:234)
at oracle.adfinternal.view.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:157)
at org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:384)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:138)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:966)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:907)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)
at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:174)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:77)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl._invokeDoFilter(AdfFacesFilterImpl.java:367)
at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl._doFilterImpl(AdfFacesFilterImpl.java:336)
at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl.doFilter(AdfFacesFilterImpl.java:196)
at oracle.adf.view.faces.webapp.AdfFacesFilter.doFilter(AdfFacesFilter.java:87)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:144)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:264)
at com.unyric.cias.cm.web.filter.ThreadContextSessionIntegrationFilter.doFilter(ThreadContextSessionIntegrationFilter.java:46)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:107)
at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:72)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:81)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
at com.unyric.cias.cm.web.filter.CiasIntegrationFilter.doFilter(CiasIntegrationFilter.java:112)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:193)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:148)
at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)I believe they are related, though I can't 100% say for sure. Any thoughts?

I'm having the same problem, did you get any luck with this ?
Thanks

Right way to manage ADF Library Dependencies

Hi,
I am working on an application where we are trying to components in individual Libraries for re-usability and logical grouping.
These jar files are then imported into parent projects which can result in different levels of dependency hierarchies.
From what I have seen there are different ways of importing components / libraries onto a project.
1. We can directly drag a component like Data control (from Data Control palette) from one project to a page on another (for example from a model project to a ui project)
2. Deploy the model project as a ADF library jar, go to the resource palette, create a connection, right click on the library and do an add to project.
3. From the resource palette, expand the library structure, locate the Data control and drag it onto the page of the parent project
My question is:
a> What is the difference between these three ways of importing components from one project to the other.
b> Which is the best way for deployment and future maintenance.
thanks
Edited by: user595592 on Aug 12, 2011 5:18 AM

1. We can directly drag a component like Data control (from Data Control palette) from one project to a page on another (for example from a model project to a ui project)This will be applicable if you have a dependiency.. ro you have an adf library reference for your project..
datacontrol - Business components referenced in bc4j.cfg
other datacontrlols will be defined in DataBindings.cpx file
2. Deploy the model project as a ADF library jar, go to the resource palette, create a connection, right click on the library and do an add to project.This is through file connection.. This is the most prompt way of adding libraries.. to the project.. so that there wont be an absolute references..
3. From the resource palette, expand the library structure, locate the Data control and drag it onto the page of the parent projectagain same as poiint 2.. but for datacontrol..
a> What is the difference between these three ways of importing components from one project to the other. point 1 say dependecies.. in a single applicatioon between different project.. absoultely fine..
point 2.. will alway go with relative path.. and have an advantage of not having absolute path..
point 3. si same as 2
b> Which is the best way for deployment and future maintenanceI will suggest you to go for 2.. as its the standard way of adding libraries..

Unable to open OAF page oracle.adf.mds.MetadataDefException:

I am unable to open a OAF OAF page. The error message that i am getting is
oracle.adf.mds.MetadataDefException: Unable to find component with absolute reference = /bob/oracle/apps/ak/pmrtest/webui/PMRTestPG-ROHR-MRA=36105=3014=Y=Y, XML Path = null. Please verify that the reference is valid and the definition of the component exists either on the File System or in the MDS Repository.
I tried running the below
begin
jdr_utils.printdocument(<PageName>);
end;
It throws and error "Could not find document <Pagename>"
Can anyone pls help resolve this issue
Thanks

Hi Gyan,
When I printdocument for that region, I see the xxpositionname1 as the messagestyledtext item.
<insert before="ManagerColumn">
<oa:column id="xxPositionName" adminCustomizable="true" bandingShade="none" cellNoWrapFormat="false" columnDataFormat="textFormat" displayGrid="true" rendered="true" scope="." totalValue="false" userCustomizable="false"
xmlns:oa="http://xmlns.oracle.com/oa">
<ui:columnHeader xmlns:ui="http://xmlns.oracle.com/uix/ui">
<oa:sortableHeader id="xxPositionNameSH" adminCustomizable="true" cellNoWrapFormat="false" initSortSeq="none" prompt="Position" rendered="true" required="no" scope="." sortState="yes" userCustomizable="false"/>
</ui:columnHeader>
<ui:contents xmlns:ui="http://xmlns.oracle.com/uix/ui">
<oa:messageStyledText id="xxPositionName1" adminCustomizable="true" cellNoWrapFormat="false" dataType="VARCHAR2" initSortSeq="none" prompt="Position" queryable="false" rendered="true" required="no" scope="."
selectiveSearchCriteria="false" serverUnvalidated="false" sortState="no" tipType="none" totalValue="false" userCustomizable="false" vAlign="middle" viewAttr="Name1" viewName="IrcOfferSearchVO" warnAboutChanges="true"/>
</ui:contents>
</oa:column>
</insert>
Thanks,
HC

Problem opening documents no SSO with rich client integration ( ADFS 3.0 + WAP + SharePoint 2013 )

At our customer we deployed, ADFS 3.0 and the web application proxy, to provide external users access to SharePoint 2013.
we went with this solution as UAG is pretty much gone now.
Every time a editor opens up a office document he/she is prompted for password.
I have checked that the URLs is in the intranet Zone, and that the webclient is configured for passing on credentials.
We are using kerberos and Non-claim-aware relying parties.
Please advise, we really really rally need a SSO experience as we had when using UAG.
Best regards
Michael Thøgersen
Best regards Michael Thøgersen

Hi,
Check your browser definitions:
on IE go to tools -> internet options -> security -> custom level -> User Athuntication.
Set it on "Automatic user name and password" (the third radio button)

ADFS Prompt in IE

Similar Messages

Maybe you are looking for