Autentication of users

Hello.
I am setting up a test lab where the users will connect to a ASA 8.3 with SSL VPN Anyconnect. I have tested to se that the user can login with with name/password that is in the local database in the ASA, but we need to use one time passowords with RSA hardware tokens and have the users in a Windows AD and I have no ide how to configure that.
Behind the ASA I will have an ACS server that will point to the RSA server and a Windows AD. Do you have any configuration guides on this? It is mostly the config in ASA that I need a guide for, since I never really worked with ASA before. How do I get the Anyconnect to promt for username, password and RSA password?
I have never used Anyconnect before ether.
I am using ASA 5520 8.3 with ASDM 6.3, ACS 4.2, RSA 7.1 (or 6.1) and Windows 2003 enterprise.
/Ph

Thanks that helped abit. Now it works like this:
1. User enters the IP of the ASA and gets promted for username and password, that is located in a Windows AD.
2. The authentication request is forwarded from the ASA to an ACS using TACACS+
3. The ACS checks in the Windows AD if the user is valid
4. If valid then Anyconnect is downloaded fråm the ASA to the users computer and the VPN is working.
Now I want to have this working with RSA SecurID token. How do I enable this in the ASA and the ACS? Do I still use TACACS+ between the ASA and the ACS or should I change it to SDI?
I can't seem to find any good guide on how to configure this. Atleast not with the users in AD.

Similar Messages

Can two EARs bind the same ejb?

Hello,
Is it possible to use the same entity bean from different EARs?
I have an entity ejb for the UUP and I want to use the same uup from two different applications, but when the second application is deploying, throws the next exception:
<BEA-149231> <Unable to set the activation state to true for the application 'secondApplicationEAR'.
weblogic.application.ModuleException: Exception activating module: EJBModule(myUUP.jar)
Unable to deploy EJB: MyUUP from myUUP.jar:
[EJB:011008]Unable to bind EJB Home Interface to the JNDI name: ejb.MyUUPRemoteHome.
javax.naming.NameAlreadyBoundException: Failed to bind remote object (ClusterableRemoteRef(605920552248037872S:AdminServer [605920552248037872S
::AdminServer/301])/301 [uup.MyUUPRemoteHome+javax.ejb.EJBHome+weblogic.ejb20.interfaces.RemoteHome]) to replica aware stub
at MyUUPRemoteHome(ClusterableRemoteRef(605920552248037872S::AdminServer [605920552248037872S::AdminServer/300])/300 [u
up.MyUUPRemoteHome+javax.ejb.EJBHome+weblogic.ejb20.interfaces.RemoteHome]); remaining name 'ejb'
at weblogic.rmi.cluster.ClusterableRemoteObject.onBind(ClusterableRemoteObject.java:201)
at weblogic.jndi.internal.BasicNamingNode.bindHere(BasicNamingNode.java:371)
at weblogic.jndi.internal.ServerNamingNode.bindHere(ServerNamingNode.java:140)
at weblogic.jndi.internal.BasicNamingNode.bind(BasicNamingNode.java:317)
at weblogic.jndi.internal.BasicNamingNode.bind(BasicNamingNode.java:324)
at weblogic.jndi.internal.WLEventContextImpl.bind(WLEventContextImpl.java:277)
at weblogic.jndi.internal.WLContextImpl.bind(WLContextImpl.java:407)
at weblogic.ejb.container.deployer.ClientDrivenBeanInfoImpl.activate(ClientDrivenBeanInfoImpl.java:1249)
at weblogic.ejb.container.deployer.EJBDeployer.activate(EJBDeployer.java:1237)
at weblogic.ejb.container.deployer.EJBModule.activate(EJBModule.java:476)
at weblogic.application.internal.flow.ModuleListenerInvoker.activate(ModuleListenerInvoker.java:107)
at weblogic.application.internal.flow.DeploymentCallbackFlow$2.next(DeploymentCallbackFlow.java:411)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
at weblogic.application.internal.flow.DeploymentCallbackFlow.activate(DeploymentCallbackFlow.java:74)
at weblogic.application.internal.flow.DeploymentCallbackFlow.activate(DeploymentCallbackFlow.java:66)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:635)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:16)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:162)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:196)
at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:233)
at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:173)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:89)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
at weblogic.ejb.container.deployer.EJBModule.activate(EJBModule.java:493)
at weblogic.application.internal.flow.ModuleListenerInvoker.activate(ModuleListenerInvoker.java:107)
at weblogic.application.internal.flow.DeploymentCallbackFlow$2.next(DeploymentCallbackFlow.java:411)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
at weblogic.application.internal.flow.DeploymentCallbackFlow.activate(DeploymentCallbackFlow.java:74)
Truncated. see log file for complete stacktrace
I have the myUUP.jar included in the two applications and I working with Weblogic 10.3.
Could you help me?

Now, they are deployed successfully.
I have written distinct names in the <ejb-jndi> property of p13n-profile-config.xml in both applications and I've deleted the <jndi-name> param in weblogic-ejb-jar.xml into my uup jar. It seem is running correctly.
I had a first application EAR that used an uup. The uup is defined in a Ejb Project. In the firstApplication EAR is defined a dependence on the uup.jar. I'm not an expert in uup (that's obvious) and I need other application, with other content manager and other funcionality, but the same autentication and user properties. This is the reason by I defined a second EAR project with dependencies over the same uup.jar that the first EAR project.
But I don´t know if it's the most correct...
Is there a better option?
Thanks for everything.

Why applications do not work under wifi with proxy?

Hello:
In my village there is a wifi installed that runs under a proxy with autentication: every user has his router at home and connects to the "general" wifi through a proxy with an username and password. I configure the wifi as follows: Wi-Fi --> Select the wifi --> I select Manual Proxy HTTP --> I type the server and port, enable authentication and type the username and password. Now, when I open Safari, I can navigate without problem. However, Safari is the only application that works: I cannot read my mail through the generic Mail application, nor enter in Facebook application, Twitter, Skype and so on. However, I can enter, for example, into Facebook through Safari.
We are some friends with the same problem, some of use have iPhone 3, others have iPhone 4 and I have iPod 2nd generation.
I guess that not all the applications of the device run using the proxy enabled in the Wi-Fi options but the should, shouldn't them? Does anybody know if there is any solution to this problem?
I hope I have explained clearly enough.
Thanks,
Maria

Ah, a wee bit of google later and it seems that iOS 5 has an issue with Http proxes,
in so far as it does not allow https (secure connections) which Facebook app appears to use.
https://discussions.apple.com/thread/3457661?start=0&tstart=0
Some say that iOS5.1 fixes this, or at least prompts for your password when it needs it.

Problem to authenticate MAC address on ISE

Hi guys,
I have a Lab with a ISE ver 1.1.1 installed on VMWARE, a Switch 3750, a WLC 4200 and one AP registered on WLC, the WLC and AP are connected to Switch, we are testing the user authentication using a samsung tablet and it work ok. The authentication procces is using the actual AD. the issue is when I try to authenticate de device using their MAC address. I'm reading many pappers, but no one explain me the steps to do the both autentication: by user and by MAC address using the ISE.
can any one help me about the authenticacion MAC address process on ISE. the final deployment our client want to use user and device authentication.
Thank you for your attention on this matter.

Hi Tarik,
Thanks for your reply,
the port configuration of SW is it:
DEMOSW# sh run int Gi2/0/11
description Access Wireless LAN Controller
switchport trunk encapsulation dot1q
switchport mode trunk
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
spanning-tree portfast
DEMOSW# sh run int Gi2/0/12
description Access Point
switchport access vlan 103
spanning-tree portfast
Our goal is that the MAC address Tablets can be authenticated using the ISE Internal Enpoints Database.
I hope you may help me about it.
Thank you for your attention on this matter.
Regards.

User mapping autentication with different address

hello everybody,
we have a SAP NTW portal version 7.0
address is http://portal.xxx.it/irj
inside we have some url iview with user mapping autentication.
the iview work correctly but we decided to have a second address for portal:
http://portal.yyy.it/irj
when we use this address then iview don't work (not paramenter was passed to autentication).
Configuration is correct (user mapping, system configuration, permission, etc etc)
We have problem only when we use second address
any suggestion?

Hi,
use HTTPWatch or Firebug to find out what the browser / portal submits to the URL.
br,
Tobias

Local user account is trying to autenticating against domain controller

Hi all. I am seeing a weird user logon issue on one of my laptop and on another user's PC. Both of the laptop and the PC is a member of our domain. However, on this particular laptop and PC, we are not login with a domain user account,
rather we've created a local user account, grant it the local admin access, and login with this local user account. Now, on my domain controller, I am seeing a bunch of account login failure message, which happens few times per minute and filling up
the domain controller security log. For the laptop, this is a clean build, with fresh Windows 7 installation, alone with MS Office 2010 and few third party application (eg: Adobe Reader, 7-ZIP, etc). I've checked all group policy to ensure there
are no service or connection that requires domain credential access that have applied to this laptop (or the PC). I am not sure why this local user is trying to authenticating to our domain controller. This user account doesn't exist in our domain.
The only thing I can think of is Microsoft Outlook 2010 might doing back ground authentication against the domain controller by using the current login user account, I just can't confirm this. Did anyone encountered this issue in their environment?
Thank you.
Below is a copy of the event.
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          13/06/2014 8:56:27 AM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      domaincontroller.mydomain.local
Description:
An account failed to log on.
Subject:
   Security ID:       NULL SID
   Account Name:       -
   Account Domain:       -
   Logon ID:       0x0
Logon Type:           3
Account For Which Logon Failed:
   Security ID:       NULL SID
   Account Name:        dummy
   Account Domain:       l-sparet400sc
Failure Information:
   Failure Reason:       Unknown user name or bad password.
   Status:           0xc000006d
   Sub Status:       0xc0000064
Process Information:
   Caller Process ID:   0x0
   Caller Process Name:   -
Network Information:
   Workstation Name:   L-SPARET400SC
   Source Network Address:    192.168.2.181
   Source Port:       60720
Detailed Authentication Information:
   Logon Process:       NtLmSsp
   Authentication Package:   NTLM
   Transited Services:   -
   Package Name (NTLM only):   -
   Key Length:       0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4625</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12544</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2014-06-13T12:56:27.263546000Z" />
    <EventRecordID>299829083</EventRecordID>
    <Correlation />
    <Execution ProcessID="488" ThreadID="640" />
    <Channel>Security</Channel>
    <Computer>domaincontroller.mydomain.local</Computer>
    <Security />
</System>
<EventData>
    <Data Name="SubjectUserSid">S-1-0-0</Data>
    <Data Name="SubjectUserName">-</Data>
    <Data Name="SubjectDomainName">-</Data>
    <Data Name="SubjectLogonId">0x0</Data>
    <Data Name="TargetUserSid">S-1-0-0</Data>
    <Data Name="TargetUserName">dummy</Data>
    <Data Name="TargetDomainName">l-sparet400sc</Data>
    <Data Name="Status">0xc000006d</Data>
    <Data Name="FailureReason">%%2313</Data>
    <Data Name="SubStatus">0xc0000064</Data>
    <Data Name="LogonType">3</Data>
    <Data Name="LogonProcessName">NtLmSsp </Data>
    <Data Name="AuthenticationPackageName">NTLM</Data>
    <Data Name="WorkstationName">L-SPARET400SC</Data>
    <Data Name="TransmittedServices">-</Data>
    <Data Name="LmPackageName">-</Data>
    <Data Name="KeyLength">0</Data>
    <Data Name="ProcessId">0x0</Data>
    <Data Name="ProcessName">-</Data>
    <Data Name="IpAddress">192.168.2.181</Data>
    <Data Name="IpPort">60720</Data>
</EventData>
</Event>

its the service which is using the account info and authenticating against the DC to obtain service ticket and fails
Interesting log section is NULL SID which doesn't corresponds to any account name.
Security ID:       NULL SID
   Account Name:       -
   Account Domain:       -
   Logon ID:       0x0
and the below section explains , the request is made over network, which is most of the times by the service
Detailed Authentication Information:
   Logon Process:       NtLmSsp
   Authentication Package:   NTLM
   Transited Services:   -
   Package Name (NTLM only):   -
   Key Length:       0
The below is assumed to be performed on a client which does not run mission critical production applications which has zero impact when you perform the below actions,
can you disable
a) Server service
b) Workstation service
c) Disable RPC dependent service and services which depend on RPC and test
Question:
What is the level of DC hardening you have in your environment ?

I have tried to log in on a web site and this is what I'm gettig: Alert 530 Autentication failed. I have used the correct password and user's name.

ftp.oxbow.fr This is the file I have log on and I have used the correct password and user's name and this is what comes up:
Alert 530 Authentication Failed!

This is a user to user forum. Apple is not here. Apple does not answer questions here.
iTunes Support -
http://www.apple.com/support/itunes/
Mac App Store Support -
http://www.apple.com/support/mac/app-store/

Autentication problem after importing users in osx.5 server

Hi All, I was able to import users to OSX.5.8 server using passenger from macinmind.com but my users could not authenticate. When I create one user at a time the users are able to authenticate. Help i am pulling my hair out.

Rather than importing in Server.app you could try using Workgroup Manager.

Problem with Afaria and LDAP user authentication in Android device

Hi all,
I have a server with Afaria 7 (SP4, hotfix3) installed. In this Afaria there is a tenant (system) without LDAP/AD integration working correctly. I need to have other tenant with LDAP integration in which the users must be authenticated.
I know that for iOS devices is necessary reinstall the iphoneserver selecting "Afaria Server managed authentication" but at first I want to make run the Android devices. For this reason I don't do this yet.
I follow the next steps:
1-Create a new tenant
2- Configure LDAP integration
3-Create a inventory policy with authentication required
4-Create a static group associated to the inventory policy
5-Create a enrolment policy associated to the static group.
When I launch the Afaria agent on the device, the user/password parameters are required. After fill the user/password parameters, the device connect to the server and then is show the message "user or password incorrects".
I have seen the log and seem the problem is that Afaria can't authenticate this user.
I validate that Afaria can "see" the LDAP users creating a user group that contains this user(JimenM99)
The problem is autentication, because if I remove "autentication required" of the inventory policy, the device enrol correctly.
Could you please help to solve this problem?
Thanks in advance.

Hi all,
I have a server with Afaria 7 (SP4, hotfix3) installed. In this Afaria there is a tenant (system) without LDAP/AD integration working correctly. I need to have other tenant with LDAP integration in which the users must be authenticated.
I know that for iOS devices is necessary reinstall the iphoneserver selecting "Afaria Server managed authentication" but at first I want to make run the Android devices. For this reason I don't do this yet.
I follow the next steps:
1-Create a new tenant
2- Configure LDAP integration
3-Create a inventory policy with authentication required
4-Create a static group associated to the inventory policy
5-Create a enrolment policy associated to the static group.
When I launch the Afaria agent on the device, the user/password parameters are required. After fill the user/password parameters, the device connect to the server and then is show the message "user or password incorrects".
I have seen the log and seem the problem is that Afaria can't authenticate this user.
I validate that Afaria can "see" the LDAP users creating a user group that contains this user(JimenM99)
The problem is autentication, because if I remove "autentication required" of the inventory policy, the device enrol correctly.
Could you please help to solve this problem?
Thanks in advance.

Logon Error for Crystal Report Viewed by User When Not Included In App

I have a Visual Basic 2008 SP1 application and I'm using Crystal Reports 2008 SP0 (with FP1 + 2). I have about 50 reports using integrated security that are all "embeded resources" in the application. When I want to print one of these reports I use code like this:
PrintReports(New MyEmbededReport)
And in my PrintReports routine it just creates a new instance of a form that has the report viewer control on it and passes the report over to it. This works GREAT and I can embed all my reports right into the app and call them when I need them.
Recently however I've had the need to add some custom reports that may change more often then the app changes so I need a way for users to access their reports without a new version of the app being pushed out. So I made a routine that lets me store the actual Report.rpt file into SQL and when a user goes to run it the report is pulled out of the database and saved into their temporary files and then passes it back to my PrintReports routine as a ReportDocument. This also works fine but only on my machine. On the client machines it asks for the login information and no combination will work. I've tried multiple ways of getting around it and have spent hours trying examples found on the internet including assigning the login information before preview, running through and assigning the login information to each table, I've gone through the "Using Integrated and SQL Autentication in .Net Applications" guide, turning on and off integrated security. Nothing seems to work.
What else is there to try? As a very last resort I will have to store the reports into the app like the other ones but I'm really trying not to do this.
-Allan

Just trying to get this working. My PrintReport routine used to just have the single line to assign the passed report to the report viewer.report source property. I've changed it to this:
            Dim crtableLogoninfos As New TableLogOnInfos()
            Dim crtableLogoninfo As New TableLogOnInfo()
            Dim crConnectionInfo As New ConnectionInfo()
            Dim CrDatabase As Database
            Dim CrTables As Tables
            Dim CrTable As Table
            'Set the ConnectionInfo properties for logging on tothe Database
            With crConnectionInfo
                .ServerName = My.Settings.SQLServerName
                .DatabaseName = My.Settings.MainDatabaseName
                .IntegratedSecurity = True
            End With
            'This code works for both user tables and stored procedures.
            'Set the CrTables to the Tables collection of the report
            CrDatabase = myReportFileName.Database
            CrTables = CrDatabase.Tables
            'Loop through each table in the report and apply the LogonInfo information
            For Each CrTable In CrTables
                crtableLogoninfo = CrTable.LogOnInfo
                crtableLogoninfo.ConnectionInfo = crConnectionInfo
                CrTable.ApplyLogOnInfo(crtableLogoninfo)
            Next
            'Set the viewer to the report object to be previewed.
            PrintPreview.CrystalReportViewer.ReportSource = myReportFileName
And I have the exact same issue....my internal reports stored within the app still work fine for everyone but the custom reports made in CR2008 and added as files still do not.
So out of fustration I added one of the "external" reports into VB 2008 and opened it in there, did a verify database, saved it, and then added it to my SQL server but again same issue....it's like when its off of my computer it "loses" the connection information even though it still shows its there. Not sure why the reports that are embedded into the app don't have this issue.
So that gave me another idea. I took one of the reports that was originally created in VB2008 and took that and put it into the SQL then ran that like the others and IT WORKS. It creates the temp file on the client PC and runs it from there with no login issues. Now I'm more confused....any ideas? I guess I'm going to start recreating the reports I created in CR 2008 and remake them in VS 2008 since those seem to work fine but why should I have to....what would be the difference?
-Allan

User Authentication methods

Hi,
I was using basic authentication for use login purposes . But the problem with basic authentication is there is no way for the user to log out except by closing his browser window. The other option is to develop a custom tag to check whether the user has logged in.
But that would mean converting all html files to jsp.
I am keen on implementing an authentication technique based on sessions whereby only a single point of entry and exit is provided which would help me to separate the authentication procedure from the rest of my code.
Any help would be appreciated.
Thanks,
Kushagra

You will have to use 2 servlets one does the autetication and places a bean as an authentication token on the session scope, and the other does the proper redirection, if the aforemetioned bean exists and the user is allowed to view what is requested redirect it to the desired resource, otherwise to the autentication servlet.
Thus avoiding the loop.
Hoping that I've made a point here (If I'm wrong plese let me know)
Greetings
FCo from Argentina
(if something isn't wroking for you I can try a couple of code samples)

Autentication error in Web Service after Login Module

Hi Experts,
I am getting a failed autentication when i try to access a web service. This is my scenario:
I have developed my own login module using JAAS. When i call a web service, the login module is executed, then it validate the credencials and make the authetication true. After that the web service is called. The web Service is mark as user/password authetication. But i always get this error:
Authentication for web service UtilityService, configuration UtilityService using security policy BASIC___ws failed: Login failed.. (See SAP Note 880896 for further info).
Just for you know, the credentials taht i use in login modulo isn't the user of UME. I use user store in another user store. I fthe credential is correct pass to the Principal an user of UME. To login stack is right when pass to login module:
LOGIN.OK
User: tecbmmab
IP Address: 192.168.14.48
Authentication Stack: tridmen.com.br/pegasus~ear*pegasus
Login Module                                                               Flag        Initialize Login      Commit     Abort      Details
1. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   SUFFICIENT ok          false      false
2. br.com.tridmen.login.ERPCEHeaderLoginModule                             REQUISITE   ok          true       true
        #1 Client = 800
        #2 Destination_reference = CUSTOM_DEST
        #3 SysId = DE1
        #4 SysNum = 00
        #5 TargetHost = tecs220
        #6 TrATicket = TRATICKETCTRL
Central Checks                                                                                true
After this, the error mention above, of web service happen.
As my knowledge, when i call the web service i already have the session autenticate with login module. But this is not happen.
Could someone help with this question?
Best regards
Marcos Brandã

Hi,
in what order did you specify your login modules? In that error message it looks like it's in wrong order. Your custom module should be first with SUFFICIENT and then standard user name/password with REQUISITE.
Cheers

User Authentication

Hello Everyone and thank you in advance for taking the time to read my inquiry.
I am have about 80% of a my website built and buttons all mapping where they should go, along with a number of XML driven BANNER ROTATORS/ACCORDIAN MENUS...ect
This site requires users to be signed in, which is done through a site previous to mine. Once they log in, they can click a button which then allows them access to my site.
My site has three "user levels" or "autentication levels" as we have "Managers", "Supervisors" and "Staff" levels.
For testing purposes, we have placed the below actionscript in the first frame of my project. The purpose of this actionscipt is to reference the "authentication level" that the user is using (as they will have already signed in so we are simply looking to obtain their "auth level").
AS 2.0
appname="mikesapp"
loadVariablesNum("http://www.mywebsite.com/test.php", 0, "POST");
//This verifys the users status and forwards them to the portion of the website they are authorized to access.
Auth Level 100 = Regional Access, Auth Level 200 = Franchise Access, Auth Level 300 = Employee Access, Auth Level 400 = Denied Access and Back Button as they do not have the privliges to move forward from there.//
this.onEnterFrame = function () {
    if(_root.checklog == 100){
        _root.gotoAndStop("regional");
    if(_root.checklog == 200){
        _root.gotoAndStop("partner");
    if(_root.checklog == 300){
        _root.gotoAndStop("employee");
    if(_root.checklog == 999){
        _root.gotoAndStop("denied");
The PHP script I'm using is as listed below:
<?php
echo 'checkLog=300';
?>
Therefore, my site hit's the PHP and the PHP tells my site that the user level is 300, therefore they are fowarded to the "employee" section of the SWF
My issue is that this only works when targeting FLASH PLAYER 6 or lower. Wouldn't be a big deal however I have found that all my XML driven menus/components do not work when Flash 6 is targetted.
I assume that it would be easier for me to find out how to complete such a process using Flash 8 or above rather than redoing all my XML driven stuff, so with that being said, HELP!
Additonally, I have attached screenshots of what I'm refering too below.
Flash 6
Flash 8

that's because you have a typo. flash 6 allowed more careless coding than later versions.
fix checkLog. it's not checklog.
and you should terminate your loop after checkLog is defined or, even better, use the loadvars class to call your php script and its onData or onLoad methods to compare the value of checkLog.

EAP-TLS User and machine authentication question

Hello,
i have a question regarding EAP TLS authentication in a wireless environment. We use Cisco AnyConnect NAM client and an ACS 5.1 to do EAP-TLS authentification. The Laptop and the user can be successfully authenticated using a certificate from our internal CA. i can also check the in our corporate AD if the user and machine are member of a certain group and based on the membership a can grant access to the network.
i can see in the ACS when the laptops after a reboot logs on to the network, but i don't see a log when the laptop comes back from hibernate mode, i guess this is normal because the laptop sends only the autentication equest after rebooting.
What i'd like to achive is, when a user logs on the it should always be checked if the machine was authenticated prior the user can get access to the network. Is there a way to do this with EAP-TLS and a LDAP connection to Active Directory.
thanks in advanced
alex

Sounds like you rather want to use PEAP/MSChapV2

How to setup a group with autentication

Hi, Every body,
I am new in this forum, I found Stratus is a so exciting platform, now I need your help.
I want to setup a group with posting autentication, in the group, some one has the posting right, others have not. I found the "groupspecWithAuthentication, groupspecWithoutAuthentication, encodePostingAuthorization，setPostingPassword" etc. but I cant understand how to use them.
I have dived in this forum and the reference of Stratus 2.0 beta( here) for several days, and I have tried the samples posted by Mike, and I have study almost all threads in this forum, but I still cant find the clue.
Please help me out, thanks advanced,

Thank you, Mike, for your timely reply. Forgive me the delay, because now is our most important festival, I just back from a party.
Now I understand, but I still wonder,
1. if a group is in running, and a authorized user has joined. Now he misdoes, I want to withdraw the authentication, how can I? revise the password and recreate the group?
2. How can I setup a group, just authorized users can join? I know I can use secret group name, but if authorized user divulge the group name, others without autentication can join the group too. ( because the swf easy to reverse, hacker can sniff the opaque groupspec string, revise the swf, impersonate authorized user, etc).
3. How can I banishment a misdoer from my group?
Thanks again for your time.

Autentication of users

Similar Messages

Maybe you are looking for