Authenticate Against OID

I am new to jDeveloper and java.
I developed an jsp/adf application using jDeveloper 10.1.2 which runs on Oracle 10g application server.
The application works using the jazn-data.xml to access the db.
I need to modify the application to hang off an Oracle portal and access the db is obtained after the user logs into the portal using the portal login.
The user will access the application from logging into an oracle portal.
I am not the Unix admin, so we assume the OID/SSO is properly configured.
How can I pass the portal authentication to the jsp application to access the db without having to log in again.
Reading the Oracle documentation and looking at the Oracle examples did not provide any clues to how to accomplish this.

Shay
I have not seen the document you are referring.
The document appears to contain information I can utilize.
I will post my progress on authenticating against the OID.
Thanks

Similar Messages

  • Can the Design Console authenticate against the OID?

    Can the Design Console authenticate against the OID?
    In my setup the users authenticate against the OID server when logging to OIM Web Console.
    The OID has a plugin that redirects the authentication request to the Microsoft AD server.
    That way the users can login to OIM Web Console using their Microsoft network password.
    A small problem is that I have a handful of users that need to use the Design Console, and when they attempt to login it almost always fails at first.
    It fails because they forget that the password they have to type on the Design Console login screen actually resides within the OIM Server and as time goes by the password becomes different then the one used to login to the Microsoft network.
    So i wondered if it is somehow possible to configure the Design Console to authenticate against my OID server, then it would redirect the authentication request to the Microsoft AD Server and they would not have to bother about what is/was the password stored within the OIM.
    Thanks for any thought on the matter.
    Adriano.

    Design Console always authenticate against the OIM user credentials. I suppose this is due to the factor that this does not behave as an http request over web, so its almost impossible to redirect the login request to some other server(AD/OID etc).
    I also did not find this in the Oracle documentation, so I suppose its not possible. The AD Pass Syncwould work but just installing the AD Pass Sync for a handful of users (accessing design console) would not be recommended as it requires an agent to be installed on AD side. You might need to handle the OIM passwords for such users manually.

  • Authentication failing for APEX against OID when uppercase used in password

    We are using Application Express 3.1. I am authenticating against OID 10.1.2.2 and noticed some users were having problems
    logging into APEX. They are getting "Invalid Login Credentials". I eventually workout it was when they were authenticating using a password
    having a uppercase character ... "Blackhawk" is one example. We authenticate discoverer using OID and do not have the same problem.
    Has anyone else encounter this problem please ?
    Cheers Rod
    The Function I use is shown below:
    DECLARE
    V_TEST BOOLEAN;
    V_EXIST NUMBER ;
    BEGIN
    SELECT COUNT(*) INTO V_EXIST FROM BE_MANAGERS
    WHERE MANAGER_CSO_CODE = :APP_USER
    AND FINANCIAL_YEAR_ID = BE_BUDGETS_APEX_PKG.CURRENT_FINANCIAL_YEAR ;
    IF V_EXIST = 0 THEN
    HTMLDB_APPLICATION.G_UNRECOVERABLE_ERROR := TRUE;
    OWA_UTIL.REDIRECT_URL('f?p=' || v('APP_ID') || ':101:' || v('APP_SESSION') );
    END IF ;
    V_TEST := HTMLDB_LDAP.IS_MEMBER
    ( p_username => :APP_USER, p_pass => NULL
    , p_auth_base => 'cn=Users,dc=planforlife'
    , p_host => 'oraapp01'
    , p_port => '389'
    , p_group => 'OID-PilotUsers'
    , p_group_base => 'cn=vaultgroups,cn=Groups,dc=planforlife');
    IF V_TEST = FALSE THEN
    HTMLDB_APPLICATION.G_UNRECOVERABLE_ERROR := TRUE;
    OWA_UTIL.REDIRECT_URL('f?p=' || v('APP_ID') || ':101:' || v('APP_SESSION') );
    END IF;
    EXCEPTION
    WHEN OTHERS THEN
    HTMLDB_APPLICATION.G_UNRECOVERABLE_ERROR := TRUE;
    OWA_UTIL.REDIRECT_URL('f?p=' || v('APP_ID') || ':101:' || v('APP_SESSION') );
    END;

    Rod:
    Are you sure it is not the 'username' which is causing the issue ? If it is the username then to preserve the case in which the username is entered you will need to set the ' p_preserve_case' parameter to true in the call to APEX_CUSTOM_AUTH.LOGIN . This API is invoked in the application's login page as an after-submit page process.
    Varad

  • Assigning a login module to a single WebDynpro to authenticate against LDAP

    Hi there,
    we are running the J2EE Engine 7.0 within XI on SAP NetWeaver 2004s / Linux x86_64.
    Basically, i want to Authenticate a Java WebDynpro against an LDAP (Active Directory). With the XI Usage installed, I can not customize the UME to authenticate against an LDAP (not supported and not possible).
    Thus, I want to use a custom login module or, if suitable, a standard login module to authenticate against LDAP. I know that all WebDynpro Apps use the default authentication scheme that in turn references the authentication template "ticket".
    1) Can I use a predefined Login Module to authenticate against Active Directory LDAP or do I have to write a custom login module?
    2) Is it possible to assign a login module to a single WebDynpro and how can I do this?
    Thanks a lot in advance,
    Oliver Kalkofen

    > Thus, I want to use a custom login module or, if
    > suitable, a standard login module to authenticate
    > against LDAP.
    We have developed a custom login module which does this. It looks to the user like the BasicPasswordLoginModule provided with SAP, but the userid and password entered has to be a valid accountpassword from the Active Director domain. We use the Kerberos protocol to perform this useridpassword validation, not LDAP. The userid can be just a name, in which case the default domain (realm in Kerberos terminology) or it can be specified as user@REALM in which case a non-default realm can be used to authenticate. Once the authentication is complete, we look in USRACL table to map this Kerberos principal name onto a SAP userid so we can then create an SSO2 ticket.
    If you interested to evaluate, or get a quote for purchasing this, please contact me offline. Of course, you can develop your own if you are happy to do so. I just thought you might be interested to know of an alternative.
    Thanks,
    Tim

  • How do you get OS X Lion to authenticate against LDAP?

    Need help getting OpenLDAP to authenticate against LDAP on  Linux server....please help!

    Go to the Users & Groups system preferences, click "Login Options:" and then click "Edit" next to "Network Account Server." Then click the plus button and add your LDAP authentication server. You can also click the Directory Utility button to further refine the settings for your server and the LDAP service.

  • Messaging Server authenticate against directory server

    Just wonder how to make messaging server authenticate against directory server? Basically I created users on the directroy server, and would like to let these users to access messaging server?
    Thanks for advice!

    I'm sorry, your question doesn't really make any sense.
    Messaging Server always authenticates to users in a Directory.
    How did you "create users"? That may be the problem. If you don't create the users with the provisioning tools provided with Messaging, then the users don't have the correct object classes and attributes to function as Messaging users.

  • Make netatalk on FreeBSD authenticate against OD?

    Hello!
    I recently set up a ZFS file server running FreeBSD. I'm sharing the pool with netatalk, and it works just fine. What I really want to get working, though, is authentication against our central Xserve G5 running Leopard server. All of our services requiring authentication, goes through OD, so it would have been really nice to get this working on the file server too.
    I tried to follow this howto in the FreeBSD handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/ldap-auth/article.html#CLIEN T However, I really do not know very much about LDAP, and I can't seem to get it working. When running ldapsearch, I get this in response:
    # ldapsearch
    # extended LDIF
    # LDAPv3
    # base <dc=kreativsone,dc=no> (default) with scope subtree
    # filter: (objectclass=*)
    # requesting: ALL
    # search result
    search: 2
    result: 32 No such object
    # numResponses: 1
    - What does this mean? Do I have to use SSL or TLS or something? Any help is appreciated! If you need some output or something, please ask!

    Thanks, but unfortunately this does not help. In order to get netatalk to authenticate against OD, I need to get FreeBSD authenticating against OD. That is my main problem.

  • Authenticate against AD then Internal Store with same username?

    I know this sounds easy at first glance but I am having a nightmare of a time finding a way to get this to work.  Our engineers were used to OUR old ACS 3.2 method where an account was either authenticated against the internal user store or Wwindows AD and would like to duplicate this functionality with the our new ACS 5.3 setup.  I fully realize that the two models are not even close to being similar between those two versions but I am being asked anyway.
    Here is the crux of the issue.  If you have a jsmith account in the internal user store with one password, and also a jsmith in AD with a different password then the system cannot seem to handle different accounts with same name when it comes to passwords.
    I have an internal store sequence setup to authenticate against AD then the local data store.  The problem is that if the user puts the password of the internal store user the ACS server sees that the user exists in AD but that password was incorrect and authentication fails.
    Bottom line is that I need some kind of logic that says try to authenticate against AD first with this username and password, and if that fails instead of ending there try to authenticate to the internal store using the given username and password.
    Appreciate any help on this.

    Jagdeep,
    I thought ACS 5.3 allowed you to use the internal database but point the password authentication to AD? However if the user isnt found then we can point to AD by using a identity sequence store?

  • Pgina - authenticate windows against oid

    Hi All,
    Just thought I would let you know about pgina, if you don't already...
    http://pgina.xpasystems.com/
    It is a GINA (Graphical Identification aNd Authentication) that replaces the windows local or domain authenication, so you can authenicate against any plugin that you want. The LDAPAuth plugin works very smoothly with OID, very helpful if you are running the collaboration suite or just want to authenicate against oracle.
    Here are the settings I used for my system...
    LDAP Method: Map Mode
    Server: your server's name
    Port: 4032 (by default for OCS, 389 for some products)
    prepend: cn=
    append: cn=users,dc=xxx-domainname-xxx,dc=com
    This works great for me...I have it setup so I can change my password through it and it maps network drives(Since i'm using oracle ifs). If you have any questions, I check the forums often or just email me at kbbdb --- marist --- edu.
    --Bill                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

    are you talking about OID ext. auth. plugin (which version?) or "pgina" mentioned above?
    regards
    --Olaf                                                                                                                                                                                                                   

  • Authenticating 10g databases against OID 11g

    Hi.
    Our client currently uses OID 10g to authenticate users on their 10g databases. They intend to begin an upgrade to 11g beginning with the OID upgrade. Some applications though are likely to remain on 10g databases for the foreseeable future.
    Will it remain possible to authenticate existing 10g database installations against the new OID 11g setup?
    If so, will this happen automatically as part of the OID 10g->11g upgrade steps?
    Many thanks.
    Edited by: 893987 on 31-Oct-2011 08:49

    Hi Sridhar
    Did you come right with the Oracle case insensitive connection? I am at a client site and they are asking if I can create an Oracle case insensitive connection and need to know how to do this.
    I have come right now. I have added the following into the parameters in the universe:
    NTS_COMP = LINGUISTIC
    NTS_SORT = BINARY_CI
    When running a query the selection does not have to be case sensitive. eg. In the database it shows as "SOFTWARE" and if I run a query looking for "software" it returns the correct data.
    Thanks
    Sharon

  • New HTMLDB User - Want to authenticate against a database user

    Greetings... I would like to authenticate a user sign-in/logon screen against database users setup in the database. It appears to me that DAD might do this, but I'm a bit fuzzy on how to make it work. I looked in some of the FAQ's here and can't seem to find something that tells me how to do this. I'd be thankful for any help you can give this old DBA who's stepping into HTMLDB Development.
    (Love the product so far by the way!)
    Robert

    Robert - It depends on what your aim is, but one way to do it is to create a new DAD without a username or password in the connect info. This will require users to respond to the basic authentication challenge allowing those who have database accounts to authenticate to your application.
    Regardless of which database account is used to authenticate, keep in mind that all SQL and PL/SQL in the application executes as the schema designated as the application's "owner" or parsing schema, so the identity of the authenticated user with respect to database roles and privileges plays no part unless you actively use the session's USER value in VPD/RLS, for example.
    Scott

  • Authenticate against external windowsdb member server

    I would like to know if anyone has been able to get the ACS appliance version to authenticate users against a Windows Member Server not a DC (no AD).

    My bad, sorry.
    When using the appliance you need to use the Remote Agent for Windows, the appliance will then talk to this agent to authenticate users in its SAM or AD database. You need this since the Appliance is not part of any domain, so it needs to pass off the usernames/passwords to a Windows server that can authenticate users.
    You can read about it here:
    http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm
    Basically install it on the member server and you should be good to go, it will automatically use the local SAM database to check for usernames/passwords. This is actually easier to set up than if you were trying to authenticate to a domain, since there's really nothing for you to do other than install the agent.

  • WebService Proxy fails to Authenticate against ICF

    Hi, I have build application using WS proxy to talk to R/3 (Webservice. Let's call this R/3  system  Q73.
    The proxies are run in an authenticated portal session. The portal Users datasource is ABAP (pointing to Q73).  Let call this portal  P73.
    When I logon to P73 I also should have access to Q73. How come when the proxy execute I get  Unauthorize access error from ICF? Any idea on how to fix this?
    BTW, when I supplied the userid/password, it will work.
    Thanks in advance.

    Use Java API for OID.
    Although dbms_LDAP package provides same results, it is better to use Java API and set Connection Pooling...
    Follow these steps..
    - Create Context
    - Create Subscriber by passing in above context and other values
    - Create User Object by passing the same context together with subscriber and other values
    -use authenticateUser method of user object to authenticate..
    Java documentation has good examples..
    Good luck. Any one let me know if there in any easy way?

  • Cannot get iLOM to authenticate against Active Directory

    I'm hoping it is some sort of configuration mistake, I'll happily take the fall for misconfiguration, if it solves my issue.
    We have a number of different Sun systems we just purchased, and LOVE the iLOM capabilities. Unfortunately, we have not been able to configure the Active Directory authentication properly. We've gotten the RADIUS auth to work, but since it doesn't have any extensible groups, there's no way to cleanly divide folks up. Have read the User's Guide extensively, and tried multiple variations on the LDAP configuration of the Active Directory AdminGroup settings, with no luck.
    I have verified the iLOM unit is reaching the AD server, I have captured communications, but sine it's encrypted, I can't see where the fault lies. The clocks are certainly within 5 minutes of each other, so it's not a kerberos time issue. The 'Trace' level of logging doesn't seem to include much info to me, but here is what is captured:
    2008-07-29 14:26:14     Local0.Warning     10.40.5.7     logmgr: ID = 1366 : Tue Jul 29 14:27:42 2008 : ActDir : Log : minor : (ActDir) module loaded, MOD-VER:Tue Jun 3 07:53:02 CST 2008
    2008-07-29 14:26:14     Local0.Critical     10.40.5.7     logmgr: ID = 1367 : Tue Jul 29 14:27:42 2008 : ActDir : Log : critical : (ActDir) _BindAUser: bind error. -1:-1, Can't contact LDAP server. Check cert-file, network connectivity, local date/time
    2008-07-29 14:26:14     Local0.Critical     10.40.5.7     logmgr: ID = 1368 : Tue Jul 29 14:27:42 2008 : ActDir : Log : critical : (ActDir) _BindAUser: bind error. -1:-1, Can't contact LDAP server. Check cert-file, network connectivity, local date/time
    2008-07-29 14:26:14     Local0.Error     10.40.5.7     logmgr: ID = 1369 : Tue Jul 29 14:27:42 2008 : ActDir : Log : major : (ActDir) ServerUserAuth - Error 0, error binding user to ActiveDirectory server
    2008-07-29 14:26:15     Local0.Error     10.40.5.7     logmgr: ID = 1370 : Tue Jul 29 14:27:42 2008 : ActDir : Log : major : (ActDir) server-authenticate: auth-error idx 0 server x.x.x.x
    2008-07-29 14:26:15     Local0.Critical     10.40.5.7     logmgr: ID = 1371 : Tue Jul 29 14:27:42 2008 : ActDir : Log : critical : (ActDir) authentication status: auth-ERROR
    2008-07-29 14:26:17     Local0.Warning     10.40.5.7     logmgr: ID = 1372 : Tue Jul 29 14:27:45 2008 : Audit : Log : minor : cleverlyc : Open Session : object = /session/type : value = www : error
    We have no certificates, and do not plan on using any (for quite some time). I cannot find any errors, notifications, or other data on the AD server, showing any sort of error/misrepresented credentials etc.
    Any ideas/help?
    Thanks!!

    Looks like this seems to be a common issue as I am having the same issue using current iLOM release.
    SP Firmware Version 2.0.2.10
    SP Firmware Build Number 35249
    SP Firmware Date Wed Jul 23 22:40:58 PDT 2008
    SP Filesystem Version 0.1.14
    Addition information I can provide is when reviewing the security logs on the DC I see no attempt at of any creds being used.
    Edited by: evil_bobster on Sep 22, 2008 10:50 AM

  • How to authenticate against AD?

    Hi,
    Today our SAP-systems are set up to use local useraccounts/passwords. I would like to set up the systems to use ActiveDirectory for authentication. Our company has 2 different locations with 2 separate AD-domains, but with a common SAP-installation. This means that the systems have to be set up to check username/password against 2 AD-domains (If the first one fails, try the next domain)
    Is this configuration complex? Any good documentation on this topic?

    Hi,
    What are you talking about ?
    SAP systems : which ones ? ECC? Portal ? CRM ? SRM ?...  Which releases ? which OS ?
    Which user authentication ? sapgui connection ? web connection ? SSO ? user/password ?
    SAP installation : local or domain installation ? If domain installation, one of the 2 for users ?
    Regards,
    Olivier

Maybe you are looking for

  • SLD Error in IE:Error while reading ID of own business system from the SLD

    Dear Champs, Scenario : JDBC to Proxy(APO system) We are getting below error in MONI UAT Box. All other interface are working fine but we are facing issue for a particular Bussiness System also logical system are maintained properly.the same interfac

  • Constantly updating in CS4

    Photoshop and all the other CS4 programs in my production premium package are constantly updating. Every time I go to check for update, it says that the same stupid updates are available even though I already installed them. I don't know if they even

  • Accounting fixed price and ressource related billing in the same project

    Hello community, I am using the hierarchical accounting with PS and would like to have a project with two phases. The first phase could be something like an concept with a fixed priced. The other phase is ressource related. How would you do this in c

  • Computer Has No IP Address

    I go to: System Preferences/Network/Show Tab Built in Ethernet/TCP/IP, and type in the configuration, and click the Apply buttonbut when I change the Show Tab to Network Status, it reports: "The cable for Built-in Ethernet is connected, but your comp

  • Reset of Web Services

    I have a Photosmart Premium model C410a and can not reset my Web Services so I can ePrint? Help.