API to verify a resource Password? Like pass through authentication...
Howdy folks,
OK. I have a requirement to check the old (or current) password of a user at the time that they change there password to something new. I can do this with lighthouse accounts, but.... We don't update Lighthouse accounts. We only update our LDAP account. I know that pass through authentication checks this automatically by attempting to bind as the user with the given password. Does anyone know if I can ask IDM to do that for me? If not I'll write a java class to do it, but since it is already happening in IDM, I thought there MUST be something in place that can do this already....
Does anyone know?
anyone?
Similar Messages
-
Pass-through authentication failing
The enviroment:
Server A: Windows Server 2008 R2 / IIS 7
Server B: Windows Server 2003 R2
Domain Controller: Windows Server 2003 R2
Both server A and B are part of the same domain.
The issue:
We have files stored in server B that are being shared as \\B\Files. We want to have a virtual directory/application in IIS on server A to make those files available on a web browser,
but, we want access to be controlled by NTFS permissions, and access granted to the user accessing the website by pass-through authentication (challenged for user and password by the browser).
We have set up an application pool, and have set the identity of it to a user that has
read NTFS permissions to \\B\Files. We then set up an Application and set its application pool to the one mentioned above, and have pointed it physical location to \\B\Files. In the advanced settings, we set the physical path credentials
to Application user (pass-though authentication).
In the authentication settings for the application, we disabled all but Windows Authentication, and in the providers, we have removed everything but NTLM, which is the one we want.
When we test it (https://serverb.com/Files) however, we are challenged (user/password prompt comes up) as expected, but despite what we put in, the prompt comes back, as if the user/password was wrong, or as if the user did not have enough permissions
to access the files. We checked permissions and that's not it. And we have also checked the domain controller to see if the request is getting there, and it is, which means that it is authenticating properly. We can only assume there is a communication
problem, or restriction somewhere.
We are not sure where else to look, and any ideas would be greatly appreciated.
Thank youOn Wed, 5 Feb 2014 17:48:47 +0000, ucis wrote:
We are not sure where else to look, and any ideas would be greatly appreciated.
Since this is really an IIS question you should post to the official IIS
forums:
http://forums.iis.net
Paul Adare - FIM CM MVP
It used to be said [...] that AIX looks like one space alien discovered
Unix, and described it to another different space alien who then
implemented
AIX. But their universal translators were broken and they'd had to gesture
a lot. -- Paul Tomblin -
Pass through authentication (function_)
I wrote many functions before, but NEVER a function to pass through authentication
Here are some of the specs
In this example, an institution will be accepting tuition and fee payments against bills that are stored in the our system. In addition to the minimum ebill authentication parameters, the institution would like to pass us a full name to display when welcoming the user, control the users primary e-mail address, and restrict the payment method on a per user basis.
URL url This will be issued to you by your project manager. It should be of the form https://pleasepay.com/schoolname/payer.do
User Id user_id The unique identifier for the user within the institution. This is typically a student ID. (in our database)
Full Name full_name Users full name. Example “John Smith”. (in our database)
Email Address email Primary email address. in (our database)
Payment Method paymentMethod Payment methods allowed for this user.
Allowed values:
“none” :no payments accepted
“ach” :ach is the only accepted
“cc” :credit cards only accepted
“ach_cc” :credit card and ach 16
Key key The shared key that is issued to you by your project manager.
Time Zone tz The time zone you are located in. Valid values are:
“E” :Eastern time zone
“C” :Central time zone
“M” :Mountain time zone
“P” :Pacific time zone 1
function get_payment_url_test(
url in varchar2,
user_id in varchar2,
full_name in varchar2,
email in varchar2,
pay_method in varchar2,
key in varchar2,
tz in varchar2
) return varchar2. Here is my questions: I know I need to have cursor to check on the user_id, full name, email (those values are store in our DATABASE. The URL and the key are giving to me. Do I have to hard code the url in the cursor and stored in a variable so I can check that the url coming in (url in varchar2) is equal to the url in my cursor? The same with the key?I saved the url the user_id and the full_name in a custom table, it is workinng, but I would like
to pass a message like
if user_id is null then
raise_application_error(-20101, 'User ID is missing.');
what is doing now if that it checks on the cursor and if any of the paramters if false
it will return the first message in the --- return mesages that is fine the cursor is not retrieving any data, but I want to be more 'friendly' to the user, and if the user
don't enter the id say something like null id or if is wrong wrong id, invalid id etc...
wha
function get_user_url(
url in varchar2,
user_id in varchar2,
full_name in varchar2,
email in varchar2,
pay_method in varchar2,
key in varchar2,
tz in varchar2
) return varchar2
is
Audit Trail:
10/25/2010
T
Change History:
timestamp varchar2(20);
v_pidm saturn_midd.synelck.synelck_pidm%TYPE;
v_user_id saturn_midd.synelck.synelck_id%TYPE;
v_full_name saturn_midd.synelck.synelck_name%TYPE;
v_email saturn_midd.synelck.synelck_email%TYPE;
v_url saturn_midd.synelck.synelck_email%TYPE;
v_key saturn_midd.synelck.synelck_key%TYPE;
v_pay_method varchar2(6);
/* this table saturn_midd.synelck is inserted with all the students (with bills),
the url and the key, in the way the function is going to validate the url, the id
and the key against the values in the table*/
CURSOR pass_the_test_cur is
SELECT
synelck_pidm,
synelck_id,
synelck_name,
synelck_email,
synelck_url,
synelck_key
from
saturn_midd.synelck
where
synelck_url = url
and synelck_id = user_id
and synelck_key = key
AND SUBSTR(synelck_name,1,120) = full_name;
BEGIN
IF pass_the_test_cur%ISOPEN
THEN
CLOSE pass_the_test_cur;
END IF;
OPEN pass_the_test_cur;
FETCH pass_the_test_cur
INTO v_pidm,v_user_id,v_full_name,v_email,v_url,v_key;
if pay_method = 'none' then v_pay_method := 'none';
elsif
pay_method = 'ach' then v_pay_method := 'ach' ;
elsif
pay_method = 'cc' then v_pay_method := 'cc';
elsif
pay_method = 'ach_cc' then v_pay_method := 'ach_cc' ;
end if;
timestamp := get_epoch_timestamp(CURRENT_TIMESTAMP);
If (v_url is not null and v_user_id is not null and v_key is not null
and v_full_name is not null and v_key is not null
and v_email is not null and v_pay_method is not null)
then
return url || '?userId=' || escape(v_user_id, TRUE, character_set) ||
'&' || 'fullName=' || escape(v_full_name, TRUE, character_set) ||
'&' || 'email=' || escape(v_email, TRUE, character_set) ||
'&' || 'paymentMethod=' || escape(v_pay_method, TRUE, character_set) ||
'&' || 'timestamp=' || timestamp ||
'&' || 'hash=' || get_md5_hash_value(v_user_id || v_full_name || v_email || v_pay_method || timestamp || v_key);
end if;
--- return mesages
if v_url is null then
raise_application_error(-20101, 'Inalid log on chek: Id .');
end if;
if v_user_id is null then
raise_application_error(-20101, 'User ID is missing.');
end if;
if key is null then
raise_application_error(-20101, 'Key is missing.');
end if;
if v_full_name is null then
raise_application_error(-20101, 'Name is missing.');
end if;
if v_email is null then
raise_application_error(-20101, 'eMail address is missing.');
end if;
if v_pay_method is null then
raise_application_error(-20101, 'Payment method is missing.');
end if;
end l;Edited by: peace4all on Oct 26, 2010 7:13 AM -
Hi
I imported a big update.xml with pass-through authentication configuration ... Now I can't log in web admin console as configurator. How can I disable the great pass-through?
Big Thanks
JXXEHey JXEE,
This is in case still you haven't solved the passthrough, configurator login problem.
I once faced a similar situation, where when one of our administrators configured passthrough login. What he did was, while creating the "passthrough login module group", he added the "resource Login Module" to the "passthrough login module group" but removed the "Default Lighthouse Login Module" from the group. After that the users can login to IDM using the resource login password but configurator could not login at all as the "Default Lighthouse Login Module" was removed from the Login Module Group.
After trying so many options the only thing that worked for me was, preserving the IDM repository, which in this case MySQL, to preserve already created users, roles, resources etc. and then preserving WPMessages.properties, styles.css and images folder to preserve the customization and then reinstalling Sun IDM. By making the new IDM installation to point to the preserved repository and overwriting the new WPMessages.properties, Styles.css and images folder with the preserved WPMessages.properties, Styles.css and images folder I managed to restore the IDM properly.
Looks like you too have similar problem. Hope this procedure would work for you. One reminder though, you may want to create the problem in a test environment and try this remedy before you try it on your production.
Hope this would help.
Thanks,
SunCrazy -
How is it possible to achieve blending like "Pass Through" on
a group in Photoshop CS2?
For example, if in Flash you have a background image and then
a Sprite object containing two images. The first image has a blend
mode of NORMAL and the second image has a blend mode of ADD. The
second image is partially overlapping the first image. If this
example were setup in Photoshop, it would be the background layer
and a group with two layers, the first with a blend mode of
"Normal" and the second with a blend mode of "Linear Dodge"
(additive). The group's blend mode is "Pass Through".
In Photoshop, the second (additive) layer is properly blended
with the first layer and the background layer. You can adjust the
opacity of the group and all becomes more transparent as expected.
In Flash, however, the two options I know for the Sprite
object are NORMAL and LAYER, but they don't exhibit the same
behavior as Photoshop's "Pass Through" option. With NORMAL, the
contained objects (images) aren't pre-composited, so an alpha of
50% will render the first image on the background, then the second
(additive) image on top of that. With LAYER, the images are
pre-composited, so the alpha applies to the whole, but the additive
image is only properly blended with the first image, but not the
background. (I'm aware this is because the pre-compositing buffer
is initialized to black, and of course 0 + n = n.)
Does anyone know any way to achieve or emulate this "Pass
Through" behavior in Flash?
I am developing for Flash Player 10.These are things that you can do in After Effects. If you want these features in Premiere Pro, please submit a feature request
-
OIM - pass thru authentication?? Possible?
Hi all,
While I am intending to use OIM 9.0.3 for provisioning/de-provisioning. I am thinking of some sort of pass through authentication to the existing AD, thus, my users do not have to remember another set of username/pw.
Is that at all possible? If not, what would be your approach? Having OID running behind (that is not in the plan right now)? Does even OID have pass through type capability like Sun Java DS?Thanks kevinp.
If I understand your suggestion correctly, rather than passing the authentication responsibility to AD, it is indeed staying within OIM. The only difference is that pwd sync just saves the users from remembering two sets of username/pwd. Correct? -
Hi Dudes,
When using the 'Pass Through Authentication' plugin the Directory Server bind requests are redirected to the Directory Server specified as argument(s) in the PTA configuration.
My question is does the PTA also handles group evaluation...?
For example in ACI:
Does NOT function properly.
aci: (targetattr = "*")(version 3.0; acl "Enable Read-Only access for Directory Services Managers Group"; allow (read,search,compare)(groupdn = "ldap:///cn=Administrators,cn=dscc");)
Does function properly.
aci: (targetattr = "*")(version 3.0; acl "Enable Read-Only access for Directory Services Managers Group"; allow (read,search,compare)(userdn = "ldap:///cn=\*,cn=Administrators,cn=dscc");)
Can anybody provide a solide explanation of this behaviour.
Regards,
Bhagt Rajaram
Edited by: gonzales on May 6, 2008 5:10 AMPTA doesn't deal with ACI and group evaluation.
PTA only forward the authentication to a remote server (Bind request).
The ACI that doesn't work because the groupdn is not a local group and the server doesn't know how to compute membership.
Regards,
Ludovic. -
How Transaction Manager work with Resource Manager, like Connection pool?
hi,
I'm using BEA Webloigc8.1 Stateless Session Bean/DAO/Oracle stored proc.
but I'm not quite clear how Transaction Manager work with Resource Manager, like Connection pool.
my understanding is that, in a weblogic transaction, a stateless session bean interact with several DAOs, and for each method of DAO a connection is acquired from connection pool. I've heard that the connection will not return to pool until the transaction commits.
My question is that, does it mean that for a weblogic transaction, multiple connections might be allocated to it? and if multiple connections are allocated, then how many oracle transactions would be started? or multiple connections share the same oracle transaction?
I didn't feel it make sense to start multiple oracle transactions, cause deadlock might be incurred in a single weblogic transaction.
any help appreciated!Xin Zhuang wrote:
hi,
I'm using BEA Webloigc8.1 Stateless Session Bean/DAO/Oracle stored proc.
but I'm not quite clear how Transaction Manager work with Resource Manager, like Connection pool.
my understanding is that, in a weblogic transaction, a stateless session bean interact with several DAOs, and for each method of DAO a connection is acquired from connection pool. I've heard that the connection will not return to pool until the transaction commits.
My question is that, does it mean that for a weblogic transaction, multiple connections might be allocated to it? and if multiple connections are allocated, then how many oracle transactions would be started? or multiple connections share the same oracle transaction?
I didn't feel it make sense to start multiple oracle transactions, cause deadlock might be incurred in a single weblogic transaction.
any help appreciated!Hi. If you configure your WLS DataSource to use keep a connection for
the duration of a tx, it will do that, and in any case there can be
no deadlock however many connections operate for a given XA transaction.
Here is the best coding form for DAOs or any other user-written code
for using WebLogic DataSources. This is important for two reasons:
1 - Thread-safety is maintained as long as the connection is a
method-level object.
2 - It is crucial to notify WebLogic that you are done with a connection
ASAP, by your calling close() on it. We will then put it back in the
pool, or keep it under the covers for your next request if it's in a
transaction etc. The pool is optimized for quick get-use-close scenarios.
public void one_of_my_main_JDBC_Methods()
Connection con=null; // Must be a method level object for thread-safety
// It will be closed by the end of the method.
try {
con = myDataSource.getConnection(); // Get the connection in the try
// block, directly from the WebLogic
// datasource
// do all the JDBC within this try block. You can pass the
// connection to subordinate methods, but not to anywhere
// that thinks it can use the connection later.
rs.close(); // close any result set asap
stmt.close(); // then close any statement asap
// When you're done with JDBC
con.close(); // close the connection asap
con = null; // nullify it so the finally knows it's done
catch (Exception e) {
// do whatever catch stuff you want. You don't
// need a catch block if you don't want one...
finally {
// It is important to close a JDBC connection ASAP when it's not needed.
// without fail, and regardless of exit path. Do everything in your
// finally block in it's own try-catch-ignore so everything is done.
try { if (con != null) con.close();} catch (Exception ignore){}
return ret;
} -
I just recently got an iPod touch 5 and it won't let me download apps. It says they are free but when I install it , it keeps popping up saying before purchasing I must tap continue to verify my purchase something like that. Idk what to do. !!!!!
Yes. You can set the payment method to "None" once you log into iTunes on your PC/Mac. I have it set up this way.
-
I had to restore my iPod because I forgot the password, like how santa forgot about me. And I didn't set up a Backup. SO I sort of lost everything. But I'm wondering if I can somehow get my pictures back from somewhere. PLEASE HELP ME. Thanks
- If you used PhotoStream then try getting some of them from your PhotoStream. See that topic of:
iOS: Importing personal photos and videos from iOS devices to your computer
- Maybe from the restored iPod via
How to perform iPad recovery for photos, videos
Wondershare Dr.Fone for iOS: iPhone Data Recovery - Wondershare Official
http://www.amacsoft.com/ipod-data-recovery.html -
I change my apple ID and password like a week now and after changing all my information and MY apple ID, i noticed that i lost all my picture in my camer roll and my photo stream too ;(.. Can anyone please help me how to bring it back all my photos?
I don't know about your camera roll, but for photostream just do this:
Go into Settings > iCloud > Delete Account and then sign back in using your Apple ID information.
Make sure to do the same thing with your iTunes and App Store options.
Settings > iTunes and App Store > Click Email and sign out, then sign back in. -
HT5085 How do i prevent itunes from asking for password like 15 times a day?
How do i prevent itunes from asking for password like 15 times a day?
Hello reynolae,
The following article contains a number of useful steps for getting iTunes to quiet down, at least with regards to asking for your password.
iTunes repeatedly prompts to authorize computer to play iTunes Store purchases
http://support.apple.com/kb/TS1389
Cheers,
Allen -
Api or command to decode password
Hi,
I am trying to run an ODI Scenario using Java APIs(using the package oracle.odi.sdk.invocation).
I am creating OdiRepositoryConnection object and setting its parameters(odiusername,password,jdbc username,password).
I am able to run the scenario by using the invoke command of odiinvocation class.
But right now i have placed the unencoded password in the java code.
I want to use the encoded password for security reasons. But OdiRepositoryConnection object's setOdiPassword accepts un-encoded password.
Is there any other API method which accepts encoded password so that I can avoid embedding actual password in the code?
or is there some API/command to get the decoded password from encoded string?
Or any other secured approach that I can follow. Please help me.
Thanks!!
Edited by: Kumar Sushant on Nov 13, 2008 11:19 PMHi Kumar...
Take a look my at the last post in the thread
Retriving UNENCODED password for data server
You can use the same technique....
Does it work for you? -
How do I change name and install Password or pass code
How do I change name and install Password or pass code?
You would do this using the AirPort Utility.
To change the Network Name using AirPort Utility v6.x: AirPort Utility > Select your AirPort > Edit > Wireless tab > Wireless Network Name. On the same tab, you can set the wireless security password. -
Registry Error: The user ID and password pair passed in a get_authToken mes
Hello
I am trying to publish web service thruth the UDDI CLINET
I got into
http://sap-xiqas:50000/uddiclient/process/
chose Publish Service Definition
SAP Registry
and tried login with my user which has sap_all
and also with j2ee_admin
and get the following msg
Registry Error: The user ID and password pair passed in a get_authToken message is not known to the Operator Site or is not valid
have some1 managed to solve it ?
thx ShaiHi,
Use should use:
call function 'SUSR_CHECK_LOGON_DATA'
exporting AUTH_METHOD = 'P'
USERID = k_user
PASSWORD = k_senha
exceptions
others = 1.
if sy-subrc = 0.
write 'Ok'.
else.
write 'Not Ok'.
endif.
Best regards,
Leandro Mengue
Maybe you are looking for
-
I couldn't find a sufficient answer for this by searching. I have the 15" Mid Summer 2009 MBP. 2.8ghz with the 512mb graphics card, 4gb ram etc etc. For the past few months, it has been locking up like crazy. Sometimes once a day, today, it locked up
-
How do I move 2 ipods to new computer?
Hello Everyone, I'm sure this has been asked many times before, but I'm not finding the answer when I search for this. I'm an old guy that doesn't use itunes or our ipods much. So I'm not real familiar with all the use, downloading, etc. that goes w
-
I'm having problems with my internet since I have upgraded. I am afraid to upgrade on my Macbook pro now. I don't want the upgrade to slow down my laptops. Any suggestions?
-
File Adapter Query, when PI server restarts polling starts
Hi Experts, I have one problem with File sender adapter if someone can suggest solution or easy way to handle situation. I have a interface with 50 file adapters. I am activating all file adapters with poling interval 24 Hours. And I am activating al
-
Help! Finder is constantly relaunching
Hi everyone I'm having a bit of a disaster at the moment - my G5 Power Mac (running Tiger 10.4.5) seems to have gone crazy, with Finder apparently relaunching itself literally every second. All the open windows, desktop icons and the toolbar at the t