API to verify a resource Password?  Like pass through authentication...

Howdy folks,
OK. I have a requirement to check the old (or current) password of a user at the time that they change there password to something new. I can do this with lighthouse accounts, but.... We don't update Lighthouse accounts. We only update our LDAP account. I know that pass through authentication checks this automatically by attempting to bind as the user with the given password. Does anyone know if I can ask IDM to do that for me? If not I'll write a java class to do it, but since it is already happening in IDM, I thought there MUST be something in place that can do this already....
Does anyone know?

anyone?

Similar Messages

  • Pass-through authentication failing

    The enviroment:
    Server A: Windows Server 2008 R2 / IIS 7
    Server B: Windows Server 2003 R2
    Domain Controller: Windows Server 2003 R2
    Both server A and B are part of the same domain.
    The issue:
    We have files stored in server B that are being shared as \\B\Files. We want to have a virtual directory/application in IIS on server A to make those files available on a web browser,
    but, we want access to be controlled by NTFS permissions, and access granted to the user accessing the website by pass-through authentication (challenged for user and password by the browser).
    We have set up an application pool, and have set the identity of it to a user that has
    read NTFS permissions to \\B\Files. We then set up an Application and set its application pool to the one mentioned above, and have pointed it physical location to \\B\Files. In the advanced settings, we set the physical path credentials
    to Application user (pass-though authentication).
    In the authentication settings for the application, we disabled all but Windows Authentication, and in the providers, we have removed everything but NTLM, which is the one we want.
    When we test it (https://serverb.com/Files) however, we are challenged (user/password prompt comes up) as expected, but despite what we put in, the prompt comes back, as if the user/password was wrong, or as if the user did not have enough permissions
    to access the files. We checked permissions and that's not it. And we have also checked the domain controller to see if the request is getting there, and it is, which means that it is authenticating properly. We can only assume there is a communication
    problem, or restriction somewhere.
    We are not sure where else to look, and any ideas would be greatly appreciated.
    Thank you

    On Wed, 5 Feb 2014 17:48:47 +0000, ucis wrote:
    We are not sure where else to look, and any ideas would be greatly appreciated.
    Since this is really an IIS question you should post to the official IIS
    forums:
    http://forums.iis.net
    Paul Adare - FIM CM MVP
    It used to be said [...] that AIX looks like one space alien discovered
    Unix, and described it to another different space alien who then
    implemented
    AIX. But their universal translators were broken and they'd had to gesture
    a lot. -- Paul Tomblin

  • Pass through authentication (function_)

    I wrote many functions before, but NEVER a function to pass through authentication
    Here are some of the specs
    In this example, an institution will be accepting tuition and fee payments against bills that are stored in the our system. In addition to the minimum ebill authentication parameters, the institution would like to pass us a full name to display when welcoming the user, control the users primary e-mail address, and restrict the payment method on a per user basis.
    URL     url     This will be issued to you by your project manager. It should be of the form https://pleasepay.com/schoolname/payer.do
    User Id     user_id     The unique identifier for the user within the institution. This is typically a student ID. (in our database)     
    Full Name     full_name     Users full name. Example “John Smith”. (in our database)
    Email Address     email     Primary email address.     in (our database)
    Payment Method     paymentMethod     Payment methods allowed for this user.
    Allowed values:
    “none” :no payments accepted
    “ach” :ach is the only accepted
    “cc” :credit cards only accepted
    “ach_cc” :credit card and ach      16
    Key     key     The shared key that is issued to you by your project manager.
    Time Zone     tz     The time zone you are located in. Valid values are:
    “E” :Eastern time zone
    “C” :Central time zone
    “M” :Mountain time zone
    “P” :Pacific time zone     1
    function get_payment_url_test(
            url         in varchar2,
            user_id     in varchar2,
            full_name   in varchar2,
            email       in varchar2,
            pay_method  in varchar2,
            key         in varchar2,
            tz          in varchar2
        ) return varchar2. Here is my questions: I know I need to have cursor to check on the user_id, full name, email (those values are store in our DATABASE. The URL and the key are giving to me. Do I have to hard code the url in the cursor and stored in a variable so I can check that the url coming in (url in varchar2) is equal to the url in my cursor? The same with the key?

    I saved the url the user_id and the full_name in a custom table, it is workinng, but I would like
    to pass a message like
    if user_id is null then
    raise_application_error(-20101, 'User ID is missing.');
    what is doing now if that it checks on the cursor and if any of the paramters if false
    it will return the first message in the --- return mesages that is fine the cursor is not retrieving any data, but I want to be more 'friendly' to the user, and if the user
    don't enter the id say something like null id or if is wrong wrong id, invalid id etc...
    wha
    function get_user_url(
            url         in varchar2,
            user_id     in varchar2,
            full_name   in varchar2,
            email       in varchar2,
            pay_method  in varchar2,
            key         in varchar2,
            tz          in varchar2
        ) return varchar2
        is
    Audit Trail:
    10/25/2010
    T
    Change History:
          timestamp  varchar2(20);
          v_pidm      saturn_midd.synelck.synelck_pidm%TYPE;
          v_user_id   saturn_midd.synelck.synelck_id%TYPE;
          v_full_name saturn_midd.synelck.synelck_name%TYPE;
          v_email     saturn_midd.synelck.synelck_email%TYPE;
          v_url       saturn_midd.synelck.synelck_email%TYPE;
          v_key       saturn_midd.synelck.synelck_key%TYPE;
          v_pay_method  varchar2(6);
        /* this table saturn_midd.synelck is inserted with all the students (with bills),
        the url and the key, in the way the function is going to validate the url, the id
        and the key against the values in the table*/
        CURSOR pass_the_test_cur is   
        SELECT
        synelck_pidm,
        synelck_id,
        synelck_name,
        synelck_email,
        synelck_url,
        synelck_key
        from
        saturn_midd.synelck
        where
        synelck_url = url
        and synelck_id = user_id
        and synelck_key = key 
        AND SUBSTR(synelck_name,1,120) = full_name;
         BEGIN
          IF pass_the_test_cur%ISOPEN
          THEN
              CLOSE pass_the_test_cur;
          END IF;
            OPEN pass_the_test_cur;
                 FETCH pass_the_test_cur
                       INTO v_pidm,v_user_id,v_full_name,v_email,v_url,v_key; 
            if pay_method = 'none' then v_pay_method := 'none';
              elsif
                pay_method = 'ach' then v_pay_method := 'ach' ; 
              elsif
                 pay_method = 'cc' then v_pay_method := 'cc';
              elsif           
                  pay_method = 'ach_cc' then v_pay_method := 'ach_cc' ;
           end if;      
              timestamp := get_epoch_timestamp(CURRENT_TIMESTAMP);
            If (v_url is not null and v_user_id is not null and v_key is not null
                and v_full_name is not null and v_key is not null
                and v_email is not null and v_pay_method is not null)  
            then     
                 return url || '?userId=' || escape(v_user_id, TRUE, character_set) ||
                '&' || 'fullName=' || escape(v_full_name, TRUE, character_set) ||
                '&' || 'email=' || escape(v_email, TRUE, character_set) ||
                '&' || 'paymentMethod=' || escape(v_pay_method, TRUE, character_set) ||
                '&' || 'timestamp=' || timestamp ||
                '&' || 'hash=' || get_md5_hash_value(v_user_id || v_full_name || v_email || v_pay_method || timestamp || v_key);
            end if;   
            --- return mesages     
           if v_url is null then
                raise_application_error(-20101, 'Inalid log on chek: Id .');
            end if;
            if v_user_id is null then
                raise_application_error(-20101, 'User ID is missing.');
            end if;
            if key is null then
                raise_application_error(-20101, 'Key is missing.');
            end if;
            if v_full_name is null then
                raise_application_error(-20101, 'Name is missing.');
            end if;
            if v_email is null then
                raise_application_error(-20101, 'eMail address is missing.');
            end if;
            if v_pay_method is null then
                raise_application_error(-20101, 'Payment method is missing.');
            end if;
        end l;Edited by: peace4all on Oct 26, 2010 7:13 AM

  • Disable Pass-through

    Hi
    I imported a big update.xml with pass-through authentication configuration ... Now I can't log in web admin console as configurator. How can I disable the great pass-through?
    Big Thanks
    JXXE

    Hey JXEE,
    This is in case still you haven't solved the passthrough, configurator login problem.
    I once faced a similar situation, where when one of our administrators configured passthrough login. What he did was, while creating the "passthrough login module group", he added the "resource Login Module" to the "passthrough login module group" but removed the "Default Lighthouse Login Module" from the group. After that the users can login to IDM using the resource login password but configurator could not login at all as the "Default Lighthouse Login Module" was removed from the Login Module Group.
    After trying so many options the only thing that worked for me was, preserving the IDM repository, which in this case MySQL, to preserve already created users, roles, resources etc. and then preserving WPMessages.properties, styles.css and images folder to preserve the customization and then reinstalling Sun IDM. By making the new IDM installation to point to the preserved repository and overwriting the new WPMessages.properties, Styles.css and images folder with the preserved WPMessages.properties, Styles.css and images folder I managed to restore the IDM properly.
    Looks like you too have similar problem. Hope this procedure would work for you. One reminder though, you may want to create the problem in a test environment and try this remedy before you try it on your production.
    Hope this would help.
    Thanks,
    SunCrazy

  • "Pass Through" blending

    How is it possible to achieve blending like "Pass Through" on
    a group in Photoshop CS2?
    For example, if in Flash you have a background image and then
    a Sprite object containing two images. The first image has a blend
    mode of NORMAL and the second image has a blend mode of ADD. The
    second image is partially overlapping the first image. If this
    example were setup in Photoshop, it would be the background layer
    and a group with two layers, the first with a blend mode of
    "Normal" and the second with a blend mode of "Linear Dodge"
    (additive). The group's blend mode is "Pass Through".
    In Photoshop, the second (additive) layer is properly blended
    with the first layer and the background layer. You can adjust the
    opacity of the group and all becomes more transparent as expected.
    In Flash, however, the two options I know for the Sprite
    object are NORMAL and LAYER, but they don't exhibit the same
    behavior as Photoshop's "Pass Through" option. With NORMAL, the
    contained objects (images) aren't pre-composited, so an alpha of
    50% will render the first image on the background, then the second
    (additive) image on top of that. With LAYER, the images are
    pre-composited, so the alpha applies to the whole, but the additive
    image is only properly blended with the first image, but not the
    background. (I'm aware this is because the pre-compositing buffer
    is initialized to black, and of course 0 + n = n.)
    Does anyone know any way to achieve or emulate this "Pass
    Through" behavior in Flash?
    I am developing for Flash Player 10.

    These are things that you can do in After Effects. If you want these features in Premiere Pro, please submit a feature request

  • OIM - pass thru authentication?? Possible?

    Hi all,
    While I am intending to use OIM 9.0.3 for provisioning/de-provisioning. I am thinking of some sort of pass through authentication to the existing AD, thus, my users do not have to remember another set of username/pw.
    Is that at all possible? If not, what would be your approach? Having OID running behind (that is not in the plan right now)? Does even OID have pass through type capability like Sun Java DS?

    Thanks kevinp.
    If I understand your suggestion correctly, rather than passing the authentication responsibility to AD, it is indeed staying within OIM. The only difference is that pwd sync just saves the users from remembering two sets of username/pwd. Correct?

  • Pass Through plugin

    Hi Dudes,
    When using the 'Pass Through Authentication' plugin the Directory Server bind requests are redirected to the Directory Server specified as argument(s) in the PTA configuration.
    My question is does the PTA also handles group evaluation...?
    For example in ACI:
    Does NOT function properly.
    aci: (targetattr = "*")(version 3.0; acl "Enable Read-Only access for Directory Services Managers Group"; allow (read,search,compare)(groupdn = "ldap:///cn=Administrators,cn=dscc");)
    Does function properly.
    aci: (targetattr = "*")(version 3.0; acl "Enable Read-Only access for Directory Services Managers Group"; allow (read,search,compare)(userdn = "ldap:///cn=\*,cn=Administrators,cn=dscc");)
    Can anybody provide a solide explanation of this behaviour.
    Regards,
    Bhagt Rajaram
    Edited by: gonzales on May 6, 2008 5:10 AM

    PTA doesn't deal with ACI and group evaluation.
    PTA only forward the authentication to a remote server (Bind request).
    The ACI that doesn't work because the groupdn is not a local group and the server doesn't know how to compute membership.
    Regards,
    Ludovic.

  • How Transaction Manager work with Resource Manager, like Connection pool?

    hi,
    I'm using BEA Webloigc8.1 Stateless Session Bean/DAO/Oracle stored proc.
    but I'm not quite clear how Transaction Manager work with Resource Manager, like Connection pool.
    my understanding is that, in a weblogic transaction, a stateless session bean interact with several DAOs, and for each method of DAO a connection is acquired from connection pool. I've heard that the connection will not return to pool until the transaction commits.
    My question is that, does it mean that for a weblogic transaction, multiple connections might be allocated to it? and if multiple connections are allocated, then how many oracle transactions would be started? or multiple connections share the same oracle transaction?
    I didn't feel it make sense to start multiple oracle transactions, cause deadlock might be incurred in a single weblogic transaction.
    any help appreciated!

    Xin Zhuang wrote:
    hi,
    I'm using BEA Webloigc8.1 Stateless Session Bean/DAO/Oracle stored proc.
    but I'm not quite clear how Transaction Manager work with Resource Manager, like Connection pool.
    my understanding is that, in a weblogic transaction, a stateless session bean interact with several DAOs, and for each method of DAO a connection is acquired from connection pool. I've heard that the connection will not return to pool until the transaction commits.
    My question is that, does it mean that for a weblogic transaction, multiple connections might be allocated to it? and if multiple connections are allocated, then how many oracle transactions would be started? or multiple connections share the same oracle transaction?
    I didn't feel it make sense to start multiple oracle transactions, cause deadlock might be incurred in a single weblogic transaction.
    any help appreciated!Hi. If you configure your WLS DataSource to use keep a connection for
    the duration of a tx, it will do that, and in any case there can be
    no deadlock however many connections operate for a given XA transaction.
    Here is the best coding form for DAOs or any other user-written code
    for using WebLogic DataSources. This is important for two reasons:
    1 - Thread-safety is maintained as long as the connection is a
    method-level object.
    2 - It is crucial to notify WebLogic that you are done with a connection
    ASAP, by your calling close() on it. We will then put it back in the
    pool, or keep it under the covers for your next request if it's in a
    transaction etc. The pool is optimized for quick get-use-close scenarios.
    public void one_of_my_main_JDBC_Methods()
    Connection con=null; // Must be a method level object for thread-safety
    // It will be closed by the end of the method.
    try {
    con = myDataSource.getConnection(); // Get the connection in the try
    // block, directly from the WebLogic
    // datasource
    // do all the JDBC within this try block. You can pass the
    // connection to subordinate methods, but not to anywhere
    // that thinks it can use the connection later.
    rs.close(); // close any result set asap
    stmt.close(); // then close any statement asap
    // When you're done with JDBC
    con.close(); // close the connection asap
    con = null; // nullify it so the finally knows it's done
    catch (Exception e) {
    // do whatever catch stuff you want. You don't
    // need a catch block if you don't want one...
    finally {
    // It is important to close a JDBC connection ASAP when it's not needed.
    // without fail, and regardless of exit path. Do everything in your
    // finally block in it's own try-catch-ignore so everything is done.
    try { if (con != null) con.close();} catch (Exception ignore){}
    return ret;
    }

  • I just recently got an iPod touch 5 and it won't let me download apps. It says they are free but when I install it , it keeps popping up saying before purchasing I must tap continue to verify my purchase something like that. Idk what to do. !!!!!

    I just recently got an iPod touch 5 and it won't let me download apps. It says they are free but when I install it , it keeps popping up saying before purchasing I must tap continue to verify my purchase something like that. Idk what to do. !!!!!

    Yes. You can set the payment method to "None" once you log into iTunes on your PC/Mac. I have it set up this way.

  • I had to restore my iPod because I forgot the password, like how santa forgot about me. And I didn't set up a Backup. SO I sort of lost everything. But I'm wondering if I can somehow get my pictures back from somewhere. PLEASE HELP ME. Thanks

    I had to restore my iPod because I forgot the password, like how santa forgot about me. And I didn't set up a Backup. SO I sort of lost everything. But I'm wondering if I can somehow get my pictures back from somewhere. PLEASE HELP ME. Thanks

    - If you used PhotoStream then try getting some of them from your PhotoStream. See that topic of:
    iOS: Importing personal photos and videos from iOS devices to your computer
    - Maybe from the restored iPod via
    How to perform iPad recovery for photos, videos
    Wondershare Dr.Fone for iOS: iPhone Data Recovery - Wondershare Official     
    http://www.amacsoft.com/ipod-data-recovery.html

  • I change my apple ID and password like a week now and after changing all my information and MY apple ID, i noticed that i lost all my picture in my camer roll and my photo stream too ;(.. Can anyone please help me how to bring it back all my photos?

    I change my apple ID and password like a week now and after changing all my information and MY apple ID, i noticed that i lost all my picture in my camer roll and my photo stream too ;(.. Can anyone please help me how to bring it back all my photos?

    I don't know about your camera roll, but for photostream just do this:
    Go into Settings > iCloud > Delete Account and then sign back in using your Apple ID information.
    Make sure to do the same thing with your iTunes and App Store options.
    Settings > iTunes and App Store > Click Email and sign out, then sign back in.

  • HT5085 How do i prevent itunes from asking for password like 15 times a day?

    How do i prevent itunes from asking for password like 15 times a day?

    Hello reynolae,
    The following article contains a number of useful steps for getting iTunes to quiet down, at least with regards to asking for your password.
    iTunes repeatedly prompts to authorize computer to play iTunes Store purchases
    http://support.apple.com/kb/TS1389
    Cheers,
    Allen

  • Api or command to decode password

    Hi,
    I am trying to run an ODI Scenario using Java APIs(using the package oracle.odi.sdk.invocation).
    I am creating OdiRepositoryConnection object and setting its parameters(odiusername,password,jdbc username,password).
    I am able to run the scenario by using the invoke command of odiinvocation class.
    But right now i have placed the unencoded password in the java code.
    I want to use the encoded password for security reasons. But OdiRepositoryConnection object's setOdiPassword accepts un-encoded password.
    Is there any other API method which accepts encoded password so that I can avoid embedding actual password in the code?
    or is there some API/command to get the decoded password from encoded string?
    Or any other secured approach that I can follow. Please help me.
    Thanks!!
    Edited by: Kumar Sushant on Nov 13, 2008 11:19 PM

    Hi Kumar...
    Take a look my at the last post in the thread
    Retriving UNENCODED password for data server
    You can use the same technique....
    Does it work for you?

  • How do I change name and install Password or pass code

    How do I change name and install Password or pass code?

    You would do this using the AirPort Utility.
    To change the Network Name using AirPort Utility v6.x: AirPort Utility > Select your AirPort > Edit > Wireless tab > Wireless Network Name. On the same tab, you can set the wireless security password.

  • Registry Error: The user ID and password pair passed in a get_authToken mes

    Hello
    I am trying to publish web service thruth the UDDI CLINET
    I got into
    http://sap-xiqas:50000/uddiclient/process/
    chose Publish Service Definition
    SAP Registry
    and tried login with my user which has sap_all
    and also with j2ee_admin
    and get the following msg
    Registry Error: The user ID and password pair passed in a get_authToken message is not known to the Operator Site or is not valid
    have some1 managed to solve it ?
    thx Shai

    Hi,
    Use should use:
    call function 'SUSR_CHECK_LOGON_DATA'
              exporting AUTH_METHOD = 'P'
                        USERID      = k_user
                        PASSWORD    = k_senha
              exceptions
                   others = 1.
    if sy-subrc = 0.
       write 'Ok'.
    else.
       write 'Not Ok'.
    endif.
    Best regards,
    Leandro Mengue

Maybe you are looking for