Apache 2.2.0  authentication through DS 5.2p4

Similar Messages

• How to capture userinfo after a partner application is authenticated through SSOSDK?

  I have successfully installed and deployed the Partner application for Portal using SSOSDK. My question is, once the user is authenticated through SSOPartnerServlet.java and gets thrown back to the partner app(PAPP), how do we get the user info(i.e. username) from the PAPP?
  Is there an API?
  I have already asked this question from oracle tech and they told me to post it
  Thanks,
  Hamid

  Pass the name of a subrotine to handle your user commands to the fm parameter.
  I_CALLBACK_USER_COMMAND = 'USER_COMMAND'.
  Then code for the user command function,
  form user_command using r_ucomm type sy-ucomm.
  case r_ucomm.
  when '<FCODE of your button>'.
  Code your logic....
  endcase.
  endform.
  To add your button using your own pf-status, you should copy a standard gui status and modify it.
  To trigger this pf-status you should pass routine name to I_CALLBACK_PF_STATUS_SET.(I_CALLBACK_PF_STATUS_SET = 'SET_PF_STATUS..)
  form set_pf_status.
  set pf-status 'ZSTAT'.  "THis ZSTAT must be created by copying a STANDARD pf-status of say some std program like SAPLKKBL. and then modifying it.
  endform.

• Cannot use SASL Authentication Through GSSAPI on DS 6.3

  I try to kerberized DS 6.3. I do step by step instruction from "Sun Java System Directory Server Enterprise Edition 6.3" and it doesn't work.
  When I try to configure the Directory Server to Enable GSSAPI I get an error:
  modifying entry cn=SASL,cn=security,cn=config
  ldap_modify: DSA is unwilling to perform
  ldap_modify: additional info: Modification not allowed on attribute dsSaslPluginsPath
  After all when I try to authenticate to the Directory Server i get response:
  ldap_sasl_interactive_bind_s: Authentication method not supported
  ldap_sasl_interactive_bind_s: additional info: sasl mechanism not supported
  Logs file:
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=-1 msgId=-1 - fd=22 slot=22 LDAP connection from 10.3.233.4:33054 to 10.3.233.4+
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=0 msgId=1 - BIND dn="" method=sasl version=3 mech=GSSAPI+
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=0 msgId=1 - RESULT err=7 tag=97 nentries=0 etime=0, sasl mechanism not supported+
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=1 msgId=2 - UNBIND+
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=1 msgId=-1 - closing from 10.3.233.4:33054 - U1 - Connection closed by unbind client -+
  +[22/Sep/2008:10:28:12 +0200] conn=2 op=-1 msgId=-1 - closed.+
  system specyfication:
  Solaris 10 x86 64-bit
  DS 6.3 B2008.0311.0212 NAT

  See http://forums.sun.com/thread.jspa?forumID=761&threadID=5202246 for a description of the problem and a workaround.
  If you have a Sun support contract, you can request an escalation of CR 6637404.
  Also, note that it looks like part of the documentation went missing. In DS5.2 the docs included an additional step
  Chapter 11 Implementing Security
  Configuring Client Authentication
  SASL Authentication Through GSSAPI (Solaris Only)
  http://docs.sun.com/source/816-6698-10/ssl.html#18500
  ldapmodify -D 'cn=directory manager'
  dn: cn=SASL,cn=security,cn=config
  changetype: modify
  add: dsSaslPluginsEnable
  dsSaslPluginsEnable: GSSAPI
  replace: dsSaslPluginsPath
  dsSaslPluginsPath: /usr/lib/mps/sasl2/libsasl.so
  modifying entry cn=SASL,cn=security,cn=config
  ldap_modify: DSA is unwilling to perform
  ldap_modify: additional info: Adding attributes is not allowed
  -------------------------------------------------------------

• PL SQL Web Service Authentication through LDAP

  I have created one PL SQL Web Service and I would like to provide token security through LDAP.
  I have configured LDAP for deployed webservice in oracle IAS 10.1.3 Service.
  Problem Description: <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://dbconnection1/MobileWebService.wsdl/types/"><env:Body><env:Fault><faultcode>env:MustUnderstand</faultcode><faultstring>SOAP must understand error: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security</faultstring></env:Fault></env:Body></env:Envelope>
  I have provided LDAP authentication through oracle iAS Setup.
  Please help

  Hi I am looking out for a good friend of mine, Rajeev Dave from Vijaywada, if your the one, please email me [email protected]
  thanks,

• How to do .1x port based network access authentication through ACS

  How to do .1x port based network access authentication through ACS.

  Hi,
  802.1x can authenticate hosts either through the username/password or either via the MAC address of the clients (PC's, Printers etc.). This process is called Agentless Network Access which can be done through Mac Auth Bypass.
  In this process the 802.1x switchport would send the MAC address of the connected PC to the radius server for authentication. If the radius server has the MAC address in it's database, the authentication would be successful and the PC would be granted network access.
  To check the configuration on the ACS 4.x, you can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/configuration/guide/noagent.html
  To check the configuration on an ACS 5.x, you can go to http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/common_scenarios.html#wp1053005
  Regards,
  Kush

• OBIEE 11.1.1.6.2 BP1 authentication through Shared Services EPM 11.1.2 .2

  Hi,
  Any idea how to get the authentication in OBIEE through Shared Services to work?
  We use Native Directory and MSAD in SS, hence we need to get the authentication through Shared Services.
  We were able to run this on EPM 11.1.1.3 through LDAP server of Shared services port 28089, surely not working now.
  I've tried both of the following but still no luck:
  http://gerdpee.wordpress.com/2011/06/17/oracle-weblogic-and-hyperion-shared-services-11-1-1-3/
  http://gerdpee.wordpress.com/2011/06/17/integration-sort-of-of-obiee-11-1-1-5-and-hyperion-shared-services-11-1-1-3/
  Please help. Many thanks!!!
  Cheers,
  Steve

  Hi Steve,
  I have not been through this, but hope this helps you though. While we run the System configurator Wizard (EPM 11.1.1.2), we are now having an option to integrate EPM with OBIEE. Have you given it a shot?
  I am just thinking, if we could had it configure for us, we could directly access the Subject Areas from OBIEE, just like what Mark had mentioned here : http://www.rittmanmead.com/2009/01/epm-workspace-111-and-obiee-10134-updated/
  You could further look into the "SSO using CSS Token" field in the connection pool, too.
  Hope this helps and I will let you know, if I have any other information.
  Thank you,
  Dhar

• ACS user authenticating through Windows Database

  Hello,
  Please, i need a document/ guideline on how to configure ACS 4.2 user authenticating through Windows Database and the ACS server is running on an appliance.
  Please, help.
  Regards,
  Ethelbert

  Hi,
  If you delete the user in AD, then it would not authenticate the user even if the dynamic mapped user exists in the ACS database, as the password would not be verified from the AD for the user.
  The dynamically mapped user entry would still exist in ACS and would not get deleted if the user is deleted from AD.
  tnx
  somishra

• EDQ authentication through Novell

  We are currently using AD as our authentication platform for EDQ. We need to set up additional configurations for authentication through Novell. Has anybody done this? What is different from the AD configuration?
  Thanks
  Craig

  Hi Craig,
  Apologies for the late response on this. I believe an SR has been logged, and a response will be available on the SR very shortly.
  Some basic notes are as follows. The examples files are missing below (but will be on the SR):
  EDQ does not have out of the box support for Novel eDirectory. However it can be configured easily. To do this, you need to define a ‘realm’ with connection details for the eDirectory server and an associated ‘profile’ defining the LDAP search filters and attributes to use with the eDirectory.
  All this information can be added to the login.properties file but it is sometimes simpler to define the information in separate files. Realm information can be define in files in the realms subdirectory of the security directory and profile information can be stored in the profiles subdirectory.
  These are the steps:
  1. In the login.properties file, add a realm ‘edir’ to the realms list:
  realms = internal,...,edir
  2. Create a directory realms in the security directory and store the attached edir.properties there. Amend the file with:
  •     The LDAP server address. The example file has 10.8.1.182.
  •     The correct LDAP domain information. The example file users the domain o=rde
  •     The DN and password of the user used to connect to LDAP. The example has cn=rde,ou=users,o=rde
  •     The LDAP group used to contain EDQ users. The example has testgroup
  •     If the server has a certificate installed, uncomment the ‘ldap.security’ line to enable SSL connections
  3. Create a directory profiles in the security directory and save the attached novell.properties there. This file is suitable for a standard eDirectory setup and should not need any changes. It assumes:
  •     An objectClass of inetOrgPerson for users
  •     An objectClass of groupOfNames for groups
  •     The unique ID of user and group entries is the GUID attribute
  The profile can be tweaked if these assumptions are not correct.
  Regards,
  Mike

• Centralized authentication through insecure net, ASA

  Hi all,
  I'm looking for some ideas, products e.g. that can help me to achieve the following scenario:
  - We have several customers with Cisco ASA
  - We want to provide our IT-Engineer staff a remote vpn access to each customer site
  - We need a centraliced AAA for the enginer vpn-authentication (TACAC+, RADIUS e.g.)
  - The centralized authentication server should be on our site. So each ASA (customer site) has to do the authentication
     through the insecure internet to our AAA server
  - Site-to-site is not an option (several customer sites have the same IP-range)
  Any ideas?
  Thanks a lot,
  Norbert

  Norbert
  I would look at using certificates for this. So each customer ASA uses your centralised certificate server for authentication.
  You can use something like Microsoft CA server to act as the certificate server.
  There are plenty of docs on Cisco site for using certificates both with the VPN client and the ASA.
  Jon

• WLAN connection: authentication through captive po...

  Access to some Wifi hotspots requires an authentication through captive portal (ID and password must be entered on a special web page). Everything works on my E65 except that I did not find the method to avoid to retype my ID and password every time I try to connect. Any idea ?

  Hello,
  I've a e61i and I experience a similar problem. My phone work very well on WiFi network with no encryption as well as 64-bit wep.
  At home I've 2 wireless routers, both encrypted at 128 bits, one with WEP and the other with WPA. On both of them I can correctly obtain an IP thru DHCP, but the traffic do not go thru.
  By using IfInfo I think I discovered the reason of the problem (unless IfInfo is not working properly...) and it seems a bug related to the netmask, broadcast and gateway settings. The router is 192.168.15.1 and this is what I get:
  1) DHCP case -- I get two IP adresses: the 169.254.x.x and the one assigned to the router. DNS is also set properly, but both gateway, broadcast and netmask are set to 0.0.0.0 for both IPs.
  IP Addr: 169.254.162.106
  Netmask: 0.0.0.0
  Broadcast: 0.0.0.0
  Gateway: 0.0.0.0
  DNS1: 192.168.15.1
  IP Addr: 192.168.15.100
  Netmask: 0.0.0.0
  Broadcast: 0.0.0.0
  Gateway: 0.0.0.0
  DNS1: 192.168.15.1
  2) Static IP 192.168.15.64, netmask set to 255.255.255.0 and gateway and DNS set to 192.168.15.1. The 169.254.x.x disappears and I get only one IP which is set to:
  IP Addr: 192.168.15.64
  Netmask: 0.0.0.0
  Broadcast:192.168.15.255
  Gateway: 192.168.15.1
  DNS1: 192.168.15.1
  So in conclusion, it seems that with 128bit encryption, in the DHCP case gateway, broadcast and netmask are not assigned correctly! While in the Static IP case the netmask is still not assigned correctly!!!
  Hope this can help...
  --AP

• Help needed for using BASIC authentication through JDBCRealm

  Help needed.
  Hello,
  I am doing a degree project, so far it works fine in my local machine, I need to try it on my virtual hosting (as it is a live server).
  My project requires JDBCRealm, that is BASIC authentication loading access data from mysql database. Normally this setup can be done in Server.xml file, because my Tomcat hosting is a virtual one, I only have permission to access the web.xml file.
  My question is: is it possible to get it done in an alternative way? In web.xml? Some properties file maybe?
  Thank you very much.

  You can set this up for your context using META-INF/context.xml instead of working with server.xml.
  Make a directory called META-INF under your webapp ( it'll be at the same level as WEB-INF ). Under this, add a context.xml with all your context specific configuration including the realm. A sample is below
  <?xml version="1.0" encoding="UTF-8"?>
  <Context path="/myApp" reloadable="true">
      <Realm
          className="org.apache.catalina.realm.JDBCRealm"            
          driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"         
          connectionURL="jdbc:microsoft:sqlserver://127.0.0.1:1433;DatabaseName=myDB;SelectMethod=Cursor;"
          connectionName="username" connectionPassword="password"
          digest="MD5" userTable="users" userNameCol="userid" userCredCol="userpassword"
          userRoleTable="user_roles" roleNameCol="rolename"
      />
  </Context>Hope this helps.
  People on the forum help others voluntarily, it's not their job.
  Help them help you.
  Learn how to ask questions first: http://faq.javaranch.com/java/HowToAskQuestionsOnJavaRanch
  ----------------------------------------------------------------

• Remote Access VPN authentication through RADIUS

  Hi,
  I have configured remote access VPN (IPsec) in my Cisco ASA . Before there was only single username & password to for VPN client. Now I am planning to give access through RADIUS server. I have configured RADIUS server in WIN 2003 server.
  Server configuration:
  1) Administrative Tools > Internet Authentication Service and right-click on RADIUS Client to add a new RADIUS client with ip address of CISCO ASA (inside interface).
  2) Remote Access Policies, right-click on Connections to Other Access Servers, and select Properties.
  3) check Grant Remote Access Permissions is selected.Click Edit Profile and check these settings:On the Authentication tab, check Unencrypted authentication (PAP, SPAP), MS-CHAP,and MS-CHAP-v2.On the Encryption tab, ensure that the option for No Encryption is selected.Click OK when you are finished.
  4.Select Administrative Tools > Computer Management > System Tools > Local Users and Groups, right-click on Users and select New Users to add a user into the local computer account.Add a user and check this profile information:On the General tab, ensure that the option for Password Never Expired is selected instead ofthe option for User Must Change Password.
  On the Dial-in tab, select the option for Allow access
  ASA configuration:
  aaa-server vpn protocol radius
  aaa-server vpn host 10.155.20.25 (RADIUS server IP )
  key cisco321
  tunnel-group vpnacc type ipsec-ra
  tunnel-group vpnacc general-attributes
  authentication-server-group vpn
  but it is not working. Please guide to resolve this issue.
  Regards,
  som

  Also, take a look at your logs on the windows server, and try debugging the asa. Try running wireshark or network monitor on the windows server to see if the requests are coming in. You should be able to figure out pretty quickly what is going on by debugging aaa on the asa and/or checking the logs on the server. Make sure the service is running on the windows box. Make sure that something stupid like windows firewall isnt blocking the connection. You can turn on debugging by typing "debug aaa" and type "logging console debugging" and "term mon". You can test aaa by typing "test aaa-server authentication vpn host x.x.x.x username someusername password somepassword"
  Hopefully this will lead you in the right direction. Oh, one more thing, when you are done, don't forget to turn off the debug by typing "undebug all". Another word of warning, running debugs on a production firewall should be done at your own risk, it is very easy to overwhelm a device to the point it stops responding by running debugs.

• Connect to FTP site with Apache commons net FTP client through Proxy

  Hello,
  I am trying to run this simple code to connect to FTP site through a proxy.
  import org.apache.commons.net.ftp.FTP;
  import org.apache.commons.net.ftp.FTPClient;
  public class MyTest {
  public static void main(String[] args) {
  String ftpHostName = "ftp.xxx.com";
  int ftpPort = 21;
  String ftpUserName = "myUserName";
  String ftpPassword = "myPassword";
  System.setProperty("socksProxyHost" ,"10.148.0.131");
  System.setProperty("socksProxyPort", "1080");
  FTPClient ftpClient = new FTPClient();
  try {
  System.out.println("connecting");
  ftpClient.connect(ftpHostName, ftpPort);
  System.out.println("connected");
  System.out.println("loging in");
  boolean successLogin = ftpClient.login(ftpUserName, ftpPassword);
  if(successLogin)
  System.out.println("success login");
  else
  System.out.println("fail login");
  catch (Exception e) {
  e.printStackTrace();
  finally {
  try {
  System.out.println("loging out");
  ftpClient.logout();
  System.out.println("disconecting");
  ftpClient.disconnect();
  catch (Exception e) {
  e.printStackTrace();
  I am getting the following error:
  C:\temp\ftp\test>java.exe -cp ./commons-net-ftp-2.0.jar;. MyTest connecting
  java.net.SocketException: Malformed reply from SOCKS server
  at java.net.SocksSocketImpl.readSocksReply(SocksSocketImpl.java:87)
  at java.net.SocksSocketImpl.connectV4(SocksSocketImpl.java:265)
  at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:437)
  at java.net.Socket.connect(Socket.java:519)
  at org.apache.commons.net.SocketClient.connect(SocketClient.java:176)
  at MyTest.main(MyTest.java:23)
  loging out
  java.lang.NullPointerException
  at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:471<ftp://FTP.java:471>)
  at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:534<ftp://FTP.java:534>)
  at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:583<ftp://FTP.java:583>)
  at org.apache.commons.net.ftp.FTP.quit(FTP.java:794<ftp://FTP.java:794>)
  at org.apache.commons.net.ftp.FTPClient.logout(FTPClient.java:697)
  at MyTest.main(MyTest.java:39)
  I am able to do this using a different FTP client library, ftp4j-1.5.1<ftp://ftp4j-1.5.1> using the following code:
  import it.sauronsoftware.ftp4j.FTPClient;
  import it.sauronsoftware.ftp4j.connectors.SOCKS4Connector;
  public class MyTestFtp4J {
  public static void main(String[] args) {
  String ftpHostName = "ftp.xxx.com";
  int ftpPort = 21;
  String ftpUserName = "myUserName";
  String ftpPassword = "myPassword";
  FTPClient ftpClient = new FTPClient();
  ftpClient.setConnector(new SOCKS4Connector("10.148.0.131", 1080));
  try {
  System.out.println("connecting");
  ftpClient.connect(ftpHostName, ftpPort);
  System.out.println("connected");
  System.out.println("loging in");
  ftpClient.login(ftpUserName, ftpPassword);
  System.out.println("success login");
  catch (Exception e) {
  e.printStackTrace();
  finally {
  try {
  System.out.println("disconecting");
  ftpClient.disconnect(true);
  catch (Exception e) {
  e.printStackTrace();
  So I know the proxy settings are correct.
  The java version I used to compile and run my apps is 1.6.0_06 Does anyone can help figure out what is wrong when I use the Apache commons net FTP client?
  Thank you
  Jon

  Is the old AirPort Extreme base station (AEBS)
  configured so that the option to distribute IP
  addresses is DISABLED? If so, configure the new AEBS
  to act as a bridge.
  Are you suggesting I use a set-up with TWO AEBSs? Set up a bridge (not sure how) and then use the old AEBS to connect to the DSL modem and broadcast to the new Extreme which will then be the router to the other computers on the network?
  Do you have any port mapping or default host enabled
  on the old AEBS?
  I do not understand, not do I see these options in the Base Station utitlity; perhaps they are in the FTP options--but that, I'm sorry to say, is not obvious to my inspection.
  Duane, can you give me a few more basic instructions? Thanks
  iMac 17    

• Solaris 10 onboard Apache 1.3.x authenticating against PAM?

  Hi fellow admins,
  can anyone give me some hints on how to get the Apache 1.3 delivered with Solaris 10 to authenticate against the local unix files (passwd + shadow, via PAM?)
  I've grabbed mod_auth_pam, managed to compile it with some modifications to apxs and the Makefile, and Apache loads the module just fine,
  but no matter how I set up my pam.conf, I always end up with "No account present for user" in my Apache log.
  From googling for this string, I see that other people usually get a user name after "user ", which I don't - suggesting that Apache/mod_auth_pam doesn't pass the user name on to PAM?
  On a side note.. I'm considering to move on to Apache 2.2.x soon anyways - is PAM authentication any easier with that version, or will I face the same problems?
  My main reason for switching from htpasswd to PAM is the automatic account locking after X failed logins - can I get to this goal on a different route without PAM?

  Compiling Apache 1.3 with gcc on linux or unix? If you are using unix, I would be compiling with cc and not gcc. You have gcc set to compile using regular expressions and I believe that has to be specified during SunOS install as posix compliant.

• ACS 5.2 LDAP authentication through groupMembership

  Hi all,
  I've succesfully configured ACS to authenticate users against our Novell DB through LDAP External Identity Store . With this setup all users having Novell account are authenticated.
  There's an extra requirement that only users belong to group "Internet Access Users" can be authenticated. Running debugging on the ACS (5.2), I've been able to see that ACS can extract the user's group properties as bellow:
  LDAP-response-search-entry-attr-value=groupMembership=cn=Internet Access Users\,ou=App Groups\,ou=ZENINTH\,o=Company
  but I unable to create mapping/rules that filter this extra value. What I did is :
  - Under External Identity Stores --> LDAP --> LDAP_Connection --> Directory Attributes, I added Attribute Name = "groupMembership", Type: "String", Policy Condition Name: "LDAP_Connection:groupMembership"
  - Under Access Policies --> Internet Access --> Authorization, I create Rule-1 stated that "LDAP-LDAP_Connection:groupMembership contains cn=Internet Access Users", it will permitAccess. The default rules is denyAccess
  But it seems it didn't work (never hit Rule-1)
  Could anybody shed some lights ?
  Thank you very much,

  Ok All is working, consider this as solved.
  A restart of the ACS service magically fixed whatever was going on.
  Cheers