Authenticating external users - suggestions
All,
I have a in house windows forms app that connects to oracle database. So for users within our intranet, we have created users within oracle.
However, now there is a need to implement a subset of the features (also with some additional modules) for outside users through a web app.
Whats the best way to authenticate/store their credentials in oracle database??
Is storing their username/password a good idea in a database table (in encrypted mode ofcourse) ?? What would be the other alternatives??
Thanks.
Web based applications normally run from a web server using an application user ID rather than Oracle username's for each real end user.
So one of the first decisions you need to make is if you want the applications to run as an application user or as an end user.
Using Oracle externally authenicated users where the users can log on remotely is a security risk.
HTH -- Mark D Powell --
Similar Messages
-
INTERNAL and EXTERNAL users authentication via OAM
Hi ,
We have a scenario where in a resource is protected by OAM and we want the internal users in the system to access the resource w/o and authentication , However at the same time we want the external users should be challenged by OAM for credentials .
How to implement such a scenario ?
Any ideas would be helpful ..
Thanks
SidMore details (architecture etc) would be needed to suggest any kind of solution.
Also content served is static or dynamic ? If content is dynamic then backend component (app) would expect identity to be propagated to it. This could be potential issue if internal user wont authenticate.
If it is static content then you can make use of rewrite rules / rewrite conditions to filter ip address (internal users should have some ip address range). Although you may have to do multiple url rewrite at apache level to by pass authentication.
One another solution is to implement zero sign on experience via WNA for internal users. WNA would take advantage of user's login to desktop. Hope this helps. -
Sharepoint 2013 online/office 365.
I am creating site collection programmatically using sharepoint Auto hosted app.
Now i want to set "Allow external users who accept sharing invitations and sign in as authenticated users" programmatically after site collection creation.
Is it possible through code? If yes please let me know how to do it?
Najitha SidhikFor SharePoint 2013 Online, check below links:
http://office.microsoft.com/en-us/office365-sharepoint-online-small-business-help/manage-sharing-with-external-users-HA102849862.aspx
http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/manage-external-sharing-for-your-sharepoint-online-environment-HA102849864.aspx
https://www.nothingbutsharepoint.com/sites/eusp/Pages/SharePoint-Online-2013-Sharing-with-External-Users.aspx
http://blogs.office.com/2013/11/21/sharepoint-online-improves-external-sharing/
Please ensure that you mark a question as Answered once you receive a satisfactory response. -
Need help with external user authentication
Hello,
I need some help to set up an external user authentication in Oracle DB 10g. Using the documentation at
http://www.oracle-base.com/articles/misc/OsAuthentication.php
I added the user alex to my linux system and checked the parameter os_authent_prefix:
SQL> show parameter os_authent_prefix
NAME TYPE VALUE
os_authent_prefix string ops$
SQL>
I created the oracle user alex using
CREATE USER alex IDENTIFIED EXTERNALLY;
as well as
CREATE USER ops$alex IDENTIFIED EXTERNALLY;
The parameters in the sqlnet.ora are set to
NAMES.DIRECTORY_PATH = (TNSNAMES, HOSTNAME, EZCONNECT)
SQLNET.AUTHENTICATION_SERVICES = (ALL)
Being the local user alex on the linux server I can login:
$ sqlplus /
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Aug 30 08:56:26 2011
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Release 10.2.0.1.0 - 64bit Production
SQL>
Now using a Windows Client:
C:\>sqlplus alex@<netservicename>
SQL*Plus: Release 10.2.0.1.0 - Production on Di Aug 30 10:31:37 2011
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Kennwort eingeben:
ERROR:
ORA-01017: invalid username/password; logon denied
- So, what's wrong?
- Do I always have to create oracle users with the prefix "ops$" to the local username? How do these users login - with or without the prefix 'ops$'?
- I read that kerberos authentication is only available through oracle advanced security addon. What about authentication through ldap?Obviously it doesn't work from any remote system.
For this to happen the parameter remote_os_authent would have been set to true.
Warning: this poses a security risk.
As far as I know you should have been logged in as alex on the client, and using sqlplus /
However, from 10g onwards Oracle comes with Oracle Wallet, which stores the password encrypted outside the database in a file, called wallet, and which is accessible from anywhere.
You would better use that.
Sybrand Bakker
Senior Oracle DBA -
How to create external users in SAP EP as authenticated users
I am able to create portal users . I would like to know how to acccess automatically login as external users (stored in Cutomized table in CRM).
Rakesh,
acccess automatically login as external users (stored in Cutomized table in CRM).
Firstly, your question is a little unclear.
Where is your UME pointing to?
Go to http://<FQDN>:<Port>/irj/useradmin/index.jsp, click on configuration and check the datasource.
1. If it is for external users you could use anonymous logon
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/cd/1aad4abcb98c4597f9e395a6b62f43/frameset.htm
2. If you want to use the users exisiting in the CRM system to logon to the portal, then you might have to point your UME to it.
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/7e/a2d475e5384335a2b1b2d80e1a3a20/content.htm
3. If you intend to use the users exisitng in a custom table in the CRM system, then I guess you would have to customize the UME Data Source .
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/b7/14d43f2dd44821e10000000a1550b0/content.htm
Hope this helps.
Cheers!
Sandeep Tudumu -
Hi TechNet,
I have an MS SharePoint Online (SharePoint Plan 2) team site, quite simple, one document library etc.
I have successfully added all users (E3) within the organisation to groups, and permissioned correctly.
I have added myself (separate organisation, also Office 365 E3) as an External User, and have access to the website without any problems by authenticating with my Organization account e-mail address.
I have a single user (separate organisation, also Office 365 E3), who's setup is identical to mine (Also Office 365 E3).
However, when this user is added as an External User, they are unable to login, and get "Sign In is not complete":
That didn't work
We're sorry, but [email protected] can't be found in the CLIENT1.sharepoint.com directory. Please try again later, while we try to automatically fix this for you.
Correlation ID: dc1f7f9c-092b-20b8-7b35-89348ba22f71
Date and Time: 3/20/2014 7:06:55 AM
URL: https://CLIENT1.sharepoint.com/
User: [email protected]
Issue Type: Partner User Invalid.
I then remove the user using the Site Collection, and using the PRofile Manager, and using Remove-SPOUser, and using Remove-SPOExternalUser. Which is great, he's gone. However when I go to add him back to a group, as soon as I type his e-mail address, it
'Resolves' into his full name! If I have completely(?) removed him form the site, how is he being resolved? And therefore me trying to remove him to re-add him to try and solve the user/directory/auth issue is not working.
Furthermore, upon clicking on said client's username inside SharePoint (after I've 'added him back' of course), his ID, in format: i:0#.f|membership|live.com#[email protected] has an entirely different e-mail address, his Microsoft Account!
I'm assuming he must have been already signed into his Microsoft Account when he clicked on the External User e-mail invite? If so, I clearly do not want this, how can I remove lal traces of his Microsoft Account, given that I have gone to the lengths as
detailed above?
I have already completed these steps: http://community.office365.com/en-us/forums/148/p/228263/709905.aspx
Some possible further reading regarding Microsoft ID's and Organization ID's:
http://sergeluca.wordpress.com/2013/09/23/sharepoint-online-and-external-users-this-invitation-has-already-been-accepted-with-another-account-bug-or-feature/
Please let me know if you need any more information regarding this issue, and thanks in advance to anyone who can shed some light on this situation for me and anyone whom encounters it in the future.
Regards,
Evanly.Hi Scott,
Thank you so much for taking the time to read and respond to my issue.
Certainly, it makes sense that regardless of where the invitation it sent, the user would authenticate with their Microsoft ID.
In my case, I want the user to authenticate using their Microsoft Organisation ID, that they use for their seperate Office 365 account.
This is the way I was able to log in, and worked great. With my client, they are unable to access Sharepoint because once they sign in with their Microsoft Organisation / Office 365 ID, they are told they are not in the directory, because their Microsoft
ID is in the directory and it doesn't match up.
I am simultaneously trying to 1) Remove all traces of this users Microsoft ID, which so far using the above steps, has been unsuccessful; and 2) Invite the user using his Microsoft Organisation ID, and have him authenticate with that (which is proved to
work, as my account uses this).
Looking forward to any more suggestions. Thanks in advance! -
Lyncdiscover reports HTTP 500 Internal Server Error for external users
Hello,
I have a problem providing lyncdiscover information for external Lync users. The same address works internal (prompts for file download) so I believe the problem is UAG/TMG providing the site which is not my cup of tea. I have a working external lyncdiscover
for other domain in the same Lync + UAG/TMG server environment. I have also checked the public DNS records few times and everything should be fine. Firewall also shouldn't be an issue since it reports the internal server error, right? Any suggestions what
should I check?more information based on Lync Autodiscover Web Service Remote Connectivity Test.
Testing HTTP authentication methods for URL https://lyncdiscover.domain1.com/Autodiscover/AutodiscoverService.svc/root/user.
HTTP authentication methods successful.
Additional Details
Testing HTTP content for URL https://lyncdiscover.domain1.comi/?sipuri=[email protected] has
token="User".
HTTP content isn't verified.
<label for="testSelectWizard_ctl12_ctl06_ctl00_ctl04_tmmArrow">Tell
me more about this issue and how to resolve it</label>
Additional Details
HTTP 200 status received from server, but no token="User".
Elapsed Time: 203 ms.
The same result goes for the other domain that provides the lyncdiscover information correctly for external users. It doesn't seem to solve the root cause but might help to understand
the problem. -
Project Online External User Access
Hello,
I'm testing the Project Online Preview and I would like to share the deliverables list on a project site with an external user (a client for example); so I configured the site collection with Project Web App to the "Allow
external users who accept sharing invitations and sign in as authenticated users" option. Then I tried to share the list with an external e-mail with a Microsoft account, but the invitation email was not sent.
External Sharing on SharePoint admin Center is configured on "Allow both external users who accept sharing invitations and anonymous guest links"
and my PWA site works in S"harePoint Permission Mode".
The same procedure on a classic SharePoint site collection work perfectly.
Any suggestions, please?
MatteoHello,
I got some of the external users to work. I am still trying to sort it out, but thought I will give you what I found.
The external user that I got work was another user in another domain, but the account was separate domain in a Office365. I have not been successful so far with an external account, that was not part of the Office
365.
Here is what I did to get it to work.
1) Login into an Office 365 account. Let's call it OFFICE999.
2) Then paste the link from my PWA site into browser.
3) Access was denied, but page provide me a link to Request Access
4) Then jump to my Office 365 account with PWA. Went to the PWA site and click on Settings icon and then site settings.
5) click on "Access request and Invitation"
6) under the Pending request, approved user and put the user as "Project Web APp Visitor"
7) Jump back to the Office999 and read my email, click on the link.
8) I got access denied again
9) When back to Office 365 PWA Admin account and added user to PWA users
10) went back to Office999 account, refreshed the screen and get access to PWA site,
11) BUT it says account doesn't have a LICENSE. So I am at that point trying to find out how to give an external user a license.
Cheers!
Michael Wharton, MVP, MBA, PMP, MCT, MCTS, MCSD, MCSE+I, MCDBA
Website http://www.WhartonComputer.com
Blog http://MyProjectExpert.com contains my field notes and SQL queries -
TWO_TASK parameters prevents OS authenticated DB user
Hi All,
I am facing problem while connecting an OS authenticated database user.
I am installing an application which first sets TWO_TASK parameter to the database name (e.g. TWO_TASK=DMDB .Here DMDB is also ORACLE_SID) and then tries to connect to database with a user (say appuser) which is externally authenticated by OS.
But the connection fails with an error:
ERROR:
ORA-01017: invalid username/password; logon denied
SP2-0751: Unable to connect to Oracle. Exiting SQL*Plus
I am working on SunOS and Oracle db is 9iR2.
Also note that database authenticated users are still able to connect.
This user(appuser) is created by the application itself as external user and hence cannot be modified.And in this scenario TWO_TASK variable cannot be unset.
Please help. Thanks in advance...
Also suggest whether I need to configure sqlnet.ora( I haven't done yet) ??
remote_login_passwordfile=EXCLUSIVE
Regards,
Saket BansalHi hemant,
remote_os_authent = FALSE
But hemant ,do I need to bother for this parameter when I am connecting through server itself.
I would like to bring into ur notice that problem is relatde to TWO_TASK.
Please view the below commands and their responses.
root@chbdat4 # su - appuser
Sun Microsystems Inc. SunOS 5.9 Generic May 2002
You have new mail.
$ sqlplus /
SQL*Plus: Release 9.2.0.5.0 - Production on Fri Jun 12 12:14:02 2009
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.5.0 - 64bit Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.5.0 - Production
SQL> exit
Disconnected from Oracle9i Enterprise Edition Release 9.2.0.5.0 - 64bit Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.5.0 - Production
$
$
$ TWO_TASK=DMDB
$ export TWO_TASK
$ echo $TWO_TASK
DMDB
$ sqlplus /
SQL*Plus: Release 9.2.0.5.0 - Production on Fri Jun 12 12:14:38 2009
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
This shows that connection is not made when TWO_TASK is set.
Setting of this variable cannot be avoided since it is set by the application itself.
Please suggest a solution for this.
Regards, -
External Users not able to login to Essbase Admin Services.
Hi,
We are facing strange problem in one of our Essbase 9x environments. In this environment, we installed Shared Services, Essbase Admin Services in one server and Essbase in another server.
We configured MSAD and provisioned some users. Now, these users are able to login to Essbase, Shared Services without any issues but not to EAS. Whats more strange is, Native users are not facing any issue while logging to EAS, Essbase. Just externally authenticated users are having this problem.
We checked the logs, but nothing to deduct from them. The EAS screen is just hanging as soon as credentials are entered. We did lot of troubleshooting and even Oracle Support is working
and is of the opinion that the issue is because we installed EAS Console on Virtual Machine which is out of their policy.
Any suggestions are welcome!!
Thanks,
PMGuys,
I found something that may help or you may have seen this and rectified it already.
When i started the services in foreground, External users are able to login.
This is what i got in the cmd prompt.
INFO: Installing web application at context path /hbrlauncher from URL jar:file:
F:\Hyperion\AnalyticAdministrationServices\deployments\Tomcat\5.0.28\webapps\hbr
launcher.war!/
Jan 6, 2012 11:17:29 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-10080
Jan 6, 2012 11:17:29 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-10090
Jan 6, 2012 11:17:29 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 18952 ms
!!!Setting HBR appname to : HBR:XYZSERVER
2012-01-06 11:19:39,843 WARN http-10080-Processor23 com.hyperion.hbr.core.Access
ControlManagerServer - Error authenticating user in UserServerManager.
2012-01-06 11:19:39,843 WARN http-10080-Processor23 com.hyperion.hbr.core.UserMa
nagerServer - Error authenticating user in UserServerManager.
PM -
Office 365 + Sharepoint Login page Branding + external user
Hi,
I have found, way to branding login page in Office-365 on this link
http://technet.microsoft.com/en-us/library/dn532270.aspx
Is branding is possible to log-in in office 365 share point of Organization accounts and as well as external user also log-in through custom branding log-in page?
i have required custom branding for office 365 login page for external user??
please suggest me to full fill my requirement.
Thanks in advance
anujHi,
According to your post, my understanding is that you want that external user log-in through custom branding log-in page.
You don’t need to custom branding for office 365 login page for external user.
You can custom solution to capture user credentials and pass them to master login page.
Please refer to the official article related, hope you could find something useful from it:
Remote Authentication in SharePoint Online Using Claims-Based Authentication
Remote Authentication in SharePoint Online Using the Client Object Model
Authentication with
SharePoint Online and the Client Side Object Model
Regarding Office 365, for quick and accurate answers to your questions, it is recommended that you initial a new thread in Office 365 forum.
Office 365 forum
http://community.office365.com/en-us/forums/default.aspx
Best Regards,
Linda Li
Linda Li
TechNet Community Support -
Public SharePoint Online Site with External User Portal
Hello Everyone,<o:p></o:p>
My company switched over to Office 365 a few months ago, and now would like to start using our Public SharePoint site to share information (documents
pertaining to their orders/drawings/etc.) with our customers (external users).<o:p></o:p>
<o:p> </o:p>
I have seen documentation on how to share documents with individual users, but we were looking to do something a little bit different. We would ultimately
like to have a public site with generic company information (like hours, about us,directions etc.) that anyone can see.
We would also like to use SharePoint as almost an "FTP type" service where we could post documents and share them with individual
external
users. HOWEVER, instead of sharing individual documents, we were wondering if there was a way that an external user (that we have granted
access) could sign into the public SharePoint site, and then see information that ONLY pertains to them.
I have been doing some research on this, and I haven't seen that anyone else has tried this. Has anyone had any luck? Or would you have suggestions on how to make
this work? I had originally posted this question on the Office 365 SharePoint forum, and they suggested posting this question here. Any help would be appreciated. Thanks!Hi,
did you finally manage to get what you requested here above ? Indeed, I am also struggling to set up the same (public website with individual content sharing with external authentified user).
For external user, I am quite sure that we need to go through MS ID creation (I have created some test users using https://login.live.com).
Our public website is done and (almost) working. I have then created a sub-site for the same, this one to manage permission based on authentified user
But I am stuck when trying to assign a document library with relavant permission.
Would be great to share our feedback and I have searched a lto on the web and did not find any satisfying answer to this design (If there is any... here is my doubt...)
Thanks in advance
stef -
SharePoint 2013 CAL and External users
Hi,
We are setting up an extranet site(SharePoint 2013 standard version) on Rackspace, Both employee and non-employee will use this site. Employee will use company existing SAML 2.0 based authentication and non-employee will use FBA to login to
the portal.
I would like to know if we need to buy CAL for external users(non-employee)? What is the definition of external users?
Thanks,
PatCheck out this post and this should answer all you questions.
http://social.technet.microsoft.com/forums/sharepoint/en-US/0756aaa7-b307-4793-b019-bc58d4ace8b2/sharepoint-foundation-fba-on-internet-licensing
Thanks, Danny Hickman IT Support Specialist -
Hello all, first of all thank you for reading this post. Please bare with me, I am new with this environnement. I have had several problems in past week trying to configure a local sharepoint server 2013, most of it went well but now I am stuck and I badly
need help! I intend to make sharepoint available through the Ethernet connection in my office.
Here is my config:
Sharepoint 2013 (local)
Microsoft SQL 2012
Microsoft Server 2012
I am able to access the sub-site I created in the Sharepoint Central Administration Web Application.
My first problem is, I created another Web Application with the following URL config http://intranet.[domain].com but I am not able to access it through my browser. It seems to point to bad IP I probably configured accidentally a CNAME on my hosting Cpanel
with the IP 192.168.1.199. So, When I ping the URL I do not get any connection. Just that it couldn't connect to 192.168.1.199. Now I added a CNAME on my CPANEL for the URL http://intranet.[domain].com --> 127.0.0.1. Is this the correct way to do it?
More information: The DNS manager has been configured following this tutorial:
Create SharePoint 2013 Web Application
http://www.youtube.com/watch?v=yW7LT99eUMs
I am not too sure of the proper configuration for the IIS Manager.
Anomymous Authentication is enabled
Windows Authentication is enabled
Everything else is disabled.
My second problem is that I cannot invite any user to the site. Even the one that have the email corresponding to our domain. Will I be able to invite parent domain users if the Web Apllication is properly configured with the CNAME on the Cpanel?
I tried to activate the External user invitation feature from Site Collection Features but it's not in the list. I am logged in as an administrator but next to the wrench it says "System Account" (with an arrow pointing down) so I guess this is
the "logged in user as..."? Am I missing something here?
Any advices would be greatly welcomed. I've run out of ideas.
Much appreciated,
HerbHello Ramu, thank you for your fast reply.
Quote Ramu: "You have to create A record called intranet.your-domain.com points to your SharePoint Server
IP and also loop back ip address in the host file entry on the SharePoint server(127.0.0.1 intranet.SharePoint.com)"
Is this a record on our corporate website Cpanel? What should I put in the "Address" field of
the Record (we do not have static IP)?
For the loop back, is this on the DNS Manager of our local Sharepoint 2013 server?
Quote Ramu: "3.
if you want to publish this externally, then your site needs to publish in your Network and it should points to your public static IP in your public domain control panel(Cpanel)."
In the first scenario where I only want intranet access, should everything be OK with the above mentionedconfiguration a DNS Record:
Which address should it be for the record?
Should I assign a fix IP to our server like 192.168.1.55?
What if another desktop computer gets an IP conflict with the server
fix IP, or what if we have to shut down the server everyday will the server IP change ?
General question: From what I understand, it is possible to put a DNS Record on the public Cpanel from our corporate website with a local IP that will only be resolved
if accessed through the local network? Ex.: Name: intranet.[our-corporate-public-domain].com, Address: 192.168.1.55 ?
Much appreciated RAMU.
Regards,
Herb -
All external users are missing in Shared services.
Hi All,
We are on Hyperion System 11.1.2.. Today all of a sudden in production users are not able to log in. So logged in as admin (native user) to see whats going on. Surprised to see that all the groups are empty and all the users are removed from all groups. So when tried to add back its unable to find the external users.
So some thing is wrong with external users.
Any suggestions on how to fix or any one experienced similar issues?Got this same error in Shared Services 11.1.1.3 Was due to an Active Directory Domain Controller being decommissioned Here is a fix you might try, It basically refreshes your user database connection
Log into Shared Services
Click on “Administration” on the “Shared Services” toolbar
Click “Configure User Directories
Check the Radio button next to “Active Directory” (or the db your are experiencing the error) and then click “Edit”
The next screen displays the connection info for “Active Directory”(or the db your are experiencing the error), nothing to change here, just click “Finish” and the connection refresh should start
Re-start All Services
Verify that you can now look up an external user without error
Maybe you are looking for
-
New Development - Leave Application (HR)
I am working on a project where my client need a new development on leave where both some attendance types and absence types should be request from same screen. so please help me in this issue.
-
I use my Itunes for all my audiobooks. Right now I may have a book that has 28 Cd's. having many books with many cds in the library makes the library list long and ugly. I would like to consolidate the 28 cd files into one large one. but not screw up
-
How to create / populate new table in MaxDB?
Dear All, I'm a newbies in using MaxDB and still learning on it. I've installed MaxDB Database Manager 7.6 I need help from all the experts here on the following "dumb" questions from me. 1) I can't create, modify or delete any table / data with Data
-
Desktop mp3 icons blinking when using external monitor
I am using a macbook pro retina with osx 10.8.2. I attached to the DELL U2312Hm monitor using a DVI cable into my HDMI port (using an adapter). The monitor connects well, except when I move the mouse across my macbook pro desktop, or move it across t
-
4.2.1 killed the Keyboard Clicks on my iPad
Keyboard Clicks worked right up to the point that I installed 4.2.1. Now they don't work at all. Or almost at all. They will work on the initial password screen. They also work on the Settings->General->Sounds page. But no where else. I've turned all