Authenticating user in JSF from PHP portal (Joomla)

Similar Messages

• Custom DB authentication to an application from Oracle Portal not working.

  Hi All,
  We have a Portal customized and integrated to LDAP for SSO.
  From the portal, we have a link that takes to another custom application that requires another level of authentication. We have implemented this authentication as custom Database based authentication.
  When user login to the portal and access this link, he will be directed for authentication again. This custom application has been installed on a different OC4J instance while Oracle Portal is running in a different OC4J instance.
  Issue is though user details are being propagated to the custom application page, we are receiving an error saying authentication failed.
  In the OC4J instance specific for this custom application, we have configured jazn.xml to use custom authentication.
  Below is the code:
  <?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
  <!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn-9_04.dtd">
  <jazn provider="XML" location="./jazn-data.xml" default-realm="jazn.com">
  <property name="role.mapping.dynamic" value="true"/>
  <property name="custom.loginmodule.provider" value="true"/>
  </jazn>
  and in jazn-data.xml, we gave the role mapping.
  But the problem is when the link to the custom application is accessed, it seems like the custom autentication mechanism is not working.
  Can anyone throw light on this?
  Do we need to give the same configuration in the j2ee/home/config directory files also?
  Can we use both LDAP and custom DB authentication with in the same OAS setup. Remember as of now, Portal and custom application are running in different OC4J instances but within the same OAS.
  Any help in this regard will be highely appreciated.
  Thanks,
  Sasi Bhushan

  Hi All,
  We have a Portal customized and integrated to LDAP for SSO.
  From the portal, we have a link that takes to another custom application that requires another level of authentication. We have implemented this authentication as custom Database based authentication.
  When user login to the portal and access this link, he will be directed for authentication again. This custom application has been installed on a different OC4J instance while Oracle Portal is running in a different OC4J instance.
  Issue is though user details are being propagated to the custom application page, we are receiving an error saying authentication failed.
  In the OC4J instance specific for this custom application, we have configured jazn.xml to use custom authentication.
  Below is the code:
  <?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
  <!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn-9_04.dtd">
  <jazn provider="XML" location="./jazn-data.xml" default-realm="jazn.com">
  <property name="role.mapping.dynamic" value="true"/>
  <property name="custom.loginmodule.provider" value="true"/>
  </jazn>
  and in jazn-data.xml, we gave the role mapping.
  But the problem is when the link to the custom application is accessed, it seems like the custom autentication mechanism is not working.
  Can anyone throw light on this?
  Do we need to give the same configuration in the j2ee/home/config directory files also?
  Can we use both LDAP and custom DB authentication with in the same OAS setup. Remember as of now, Portal and custom application are running in different OC4J instances but within the same OAS.
  Any help in this regard will be highely appreciated.
  Thanks,
  Sasi Bhushan

• Only one authenticated user at time in Enterprise Portals

  Hi,
  The standard installation of SAP Enterprise Portals lets to enter the same user to the portal in more than one session. If the user is already logged in the portal, when it login again, a message appears telling the user that he´s already logged in.
  It´s posible configure the portal for only acepting one session per user? If one user tries to login again, the portal don´t should enter to the portal.
  Thanks for your help!
  Luis Jorge Castro

  Luis,
  This could be difficult since HTTP is stateless and a user only has to close the browser and the portal does not know that the user has done this and basically logged off.
  You would probably have to custom write a hidden component that would sit in the header and trap a user closing the browser or choosing logoff. Then on the login side do a similar component that stops users from logging in if they already have a session.
  Nothing standard that I know of I'm afraid.
  BRgds,
  Simon
  P.s. if this helps you in any way please award some points.

• LSO External Users booking courses from Learning Portal !!!

  Hi Gurus,
  We want external user book a course using LSO. In order to do that, we have created the same user in Portal and R3 (using SSO). This user has related an External Person object "H" using infotype  1032, subtype 0001. The problem comes when this user booked from R3, and thru Portal we are not able to see any course at all..... If the user books from portal, R3 is booked as "US" object instead of "H" object. My questions are:
  1. Is this configuration OK ? What else I am missing ?
  2. Can results from courses be saved for external user in R3 (H object) ?
  3. How can we save final results for external user using Portal ?

  Hi Chandra,
  Thank you for your information, but is showing courses in portal. The problem comes with external user from portal, when users book a course from Portal, is register (R3) with the object "US" instead of "H" External Person. If we book the user from R3 with object "H" (External user) it does not showing any course in Portal. I believe it has something to do with the BADI (Assignment User ID to Learner)
  "In this IMG activity you make the settings required for deriving the learner from the user ID. In the standard system, the user ID is used to find the person, who in turn represents the learner. If the SAP system cannot determine a related person, the user ID is used as the learner. For example, you can determine a business partner or an external person as learners with the help of the user ID and use these in the Learning Portal "
  Any ideas???
  Regards
  David Corté

• Printing user validation errors from .php file back onto a form

  Hey all. I have written a simple contact form with the extention .php. It includes the php validation and the form inputs on one page. If the input does not validate, a warning in red is printed at the top of the form after the user pushes submit. When I cut and paste the php validation code into a seperate file, the validation errors print on a blank screen. What I want is to have the same results with a seperate php file as I do when I include the php code on the form. (print errors from the seperate php validation file back onto the form).  Thanks for taking a look
  <h1><span class="bodyheader1">Contact </span><span class="bodyheader2">Us</span></h1>
      <p class="subheading">Tell us what's on your mind:</p>
      <?php
      if(isset($_POST['send_comment']))
          //Validating the comment field
          //checking if a first_name field has been entered
          if($_POST['first_name'] != "")
              //Saitizing first_name with a filter
              $_POST['first_name'] = filter_var($_POST['first_name'], FILTER_SANITIZE_STRING);
              //Checking for no input
              if($_POST['first_name'] == "")
                  //If no input, return error message
                  $errors .='Please enter a valid first name.<br/>';
          else
              //Error message
              $errors .='Please enter your first name.<br/>';
          //Validating the last_name field
          //checking if last_name has been entered
          if($_POST['last_name'] != "")
              //Saitizing last_name with a filter
              $_POST['last_name'] = filter_var($_POST['last_name'], FILTER_SANITIZE_STRING);
              //Checking for no input
              if($_POST['last_name'] == "")
                  //If no input, return error message
                  $errors .='Please enter a valid last name.<br/>';
          else
              //Error message
              $errors .='Please enter your last name.<br/>';
          if($_POST['email'] != "")
              $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
              if (!filter_var($email, FILTER_VALIDATE_EMAIL))
                  $errors .= "$email is not a valid email address.<br/>";
          else
              $errors .= 'Please enter your email address.<br/>';
          //Validating the comment field
          //checking if a comment has been entered
          if($_POST['comment'] != "")
              //Saitizing comment with a filter
              $_POST['comment'] = filter_var($_POST['comment'], FILTER_SANITIZE_STRING);
              //Checking for no input
              if($_POST['comment'] == "")
                  //If no input, return error message
                  $errors .='Please enter a comment.<br/>';
          else
              //Error message
              $errors .='Please enter a comment.<br/>';
          if(!$errors)
              $mail_to = '[email protected]';
              $subject = 'Contact form ' . $_POST['first_name'];
              $message = 'First Name: ' . $_POST['first_name'] . "\n";
              $message .= 'Last Name: ' . $_POST['last_name'] . "\n";
              $message .= 'Email: ' . $_POST['email'] . "\n";
              $message .= 'Comment: ' . $_POST['comment'] . "\n\n";
              mail($mail_to, $subject, $message);
              echo "<script>document.location.href='thankyou.html'</script>";
          else
              echo '<div style="color: red">' . $errors . '<br/></div>';
  ?>
  *All fields are required<br />
  <br />
      <form name="contact" method="post" action="contact.php">
          <p>First Name: <br />
            <input name="first_name" type="text" value="<?php echo $_POST['first_name']; ?>" size="30" maxlength="50" /><br />
            <br />
            Last Name: <br />
            <input name="last_name" type="text" value="<?php echo $_POST['last_name']; ?>" size="30" maxlength="50" /><br />
            <br />
            E-mail: <br />
            <input name="email" type="text" value="<?php echo $_POST['email']; ?>" size="40" maxlength="200" /><br />
            <br />
            Comment: <br />
            <textarea name="comment" rows="5" cols="50"><?php echo $_POST['comment'];?></textarea>
            <br />
           </p>
        <p><input type="submit" name="send_comment" />
        </p>
      </form>

  You want the form to submit its results to a separate file which processes the data.  If this separate file finds errors, you want it to return control to the form page which would a) display the error messages, and b) populate the fields with the data entered?
  If that's the case, then the processing file would have to send the errors and the data back to the form page either as a) URL variables, b) a cookie, or c) entries in a database.
  Does that help?

• User not found when selecting user in SO from the Portal

  I have SCSM 2012 R2, and have setup some Service Offerings, Request offerings.
  This one is a "generic" Software request,
  1. Select user (query)
  2. Select software (list)
  3. Write in software if not in the list (text)
  I have two users so far that are not showing up when you search name in question #1.  Though I do find the user account in the CMDB.  Also found in AD, and the AD connector seems to be finishing successfully.  I checked the configure
  prompts section of the RO, and see that is selects all users where lastname is not Null.  I checked the CMDB, and both of these users have first, last, and displaynames... SOoOoO not sure whats going on here.
  Any ideas?
  Joshua Fuente

  I have it set to 5000, and should only have about 3500 AD users. But I have 19k users in the CMDB due to the fact that it creates a new user CI from external sources. (When they email in a ticket).
  Also, the RO configuration for the query is set to only search user CIs that have a "lastname".  So when I search, so far I am not finding any of the external contacts I believe due to the fact that they only have a username set in the CMDB.
  Joshua Fuente

• Hot to retrieve an authenticated user for JCA in a repository service?

  Hi,
  I implemented a repository service wich calls an ABAP Functionmodule via JCA and RFC. This connection has to be build up with the current logged in user.
  But how can I get an authenticated ep6-user in the repository service received-event? Or is it possible to do this with an ep5-user?
  I don't want to use username/password.
  String sapsystem = "R3SYSTEM";
  IConnectorGatewayService cgService = (IConnectorGatewayService)PortalRuntime.getRuntimeResources().getService(IConnectorService.KEY);
  ConnectionProperties connProps = new ConnectionProperties(locale, (IPrincipal)user);
  IConnection connection = cgService.getConnection(sapsystem, connProps);
  In the last line I got the error message:
  com.sapportals.connector.connection.ConnectionFailedException: Connection Failed: Nested Exception. Failed to get connection. Please contact your admin.
  Any ideas?
  Thanks.

  Peter, the autheticated user is available from the portal request object. Get that one in your application and read from the UME all the properties you wanna get and build your web service call with it. It looks for me straight forward, what exactly is your problem?
  cheers

• How can I stop authenticated users from getting other user's information?

  We recently discovered that it is possible for authenticated users, via KMu2019s details view, to view details about the other users that have access to the same resource as you.  Our portal (7.0 sp15) is used for an external facing web site.  We have secured it against anonymous users but the problem still remains for authenticated users.  Here is an example:
  The KM folder documents\Public Documents has been assigned read permissions for the group Everyone.  An authenticated user can open the URL https://<host>/irj/go/km/navigation/documents/Public%20Documents and a list of folders are shown.  The user can then select the Details from the menu for one of the folders and the Details iview is displayed.  They then select the menu item Settings > Permissions and the users/groups/roles assigned to this folder are shown.  The user can then select a user and view that users name and email address or the user could select a group and view for each member of the group the user id, name, and email address which could then be used to help attack the site.
  So I thought it would be easy enough to disable the details view for all users but content managers or administrators but I seem to running into difficulty. 
  I tried disabling the Details KM command with limited success.  Even with it disabled, if you know the URL for the details component you can still access it.  So it seems the better option is to take away access to the details component.  It seems that the users are getting access to the Details iView from the standard eu_role.  If I remove the iView from this role then all user have no access to the Details in KM.  I tried to add the iView to another role that content managers would have but when logged in with a user that had that other role I still was not able to access the Details iView. 
  This SAP Help document [http://help.sap.com/saphelp_nw70/helpdata/en/47/f0f7415e639c39e10000000a155106/frameset.htm |http://help.sap.com/saphelp_nw70/helpdata/en/47/f0f7415e639c39e10000000a155106/frameset.htm ]discusses the eu_role(Standard User role) and it states that
  By default, the Everyone group is assigned to the Standard User role. If you choose to use the other every user roles instead, you need to remove these assignments from the Standard User role and apply them to the Every User Core and Control Center User roles.
    But, when I look at what groups the role is assigned to or what roles are assigned to the Everyone group they donu2019t appear to be linked contrary to what the documentation says.  So, what Iu2019m thinking here is that I can create a copy of this role and remove the Details iView from the original and then assign the copy to the content managers and administrators.  Doing this causes all users to lose access, even the content managers.
  I thought Iu2019d give the Security Zones a try to see if this could help me but when I take away rights from here it still allows access.
  Iu2019m stumped.  Iu2019m sure there is some key piece that eludes me.  What can I do to allow users read only access to some KM folders and files while preventing them from viewing the permission/user details?

  The only 3d party apps are Hazel...
  And that's your problem!
  From the Hazel site's description:
  Hazel watches whatever folders you tell it to, automatically organizing your files according to the rules you create.
  Hazel, is a prefPane so you must have some rule (or it supplied the rule as a default) to put pictures (jpg's) from your Desktop (folder) into your Pictures folder.
  Open your System Preferences and Hazel in there and either turn off Hazel or change or delete the appropriate rule covering this situation.

• IsUserInRole from WC Portal to consumed JSF Portlet

  Hi experts,
  I'm trying to retrieve, the J2EE Roles [ Enterprise Roles a.k.a  Security Realm "Groups" of a logged in user ]
  from from consumer Webcenter Portal Application into a Producer JSF Portlet.I have seen there were many posts mentioning that this isUserInRole method always return false. I'm also facing the same problem.
  My configurations are following -
  Portlet Producer App
  web.xml
  <security-role>
  <description>RelationManager</description>
  <role-name>RM</role-name>
  </security-role>
  <security-role>
  <description>Team Leader</description>
  <role-name>TL</role-name>
  </security-role>
  portlet.xml
  <security-role-ref>
  <role-name>RM</role-name>
  <role-link>RM</role-link>
  </security-role-ref>
  weblogic.xml /* Have tried with & without creating this descriptor, but no luck */
  <security-role-assignment>
  <role-name>RM</role-name>
  <principal-name>RM</principal-name> /* I have defined a weblogic group by the name "RM" within defaultAuthenticator and assigned testUser to it. */
  </security-role-assignment>
  WC Consumer PortalApp
  web.xml
  <security-role>
  <role-name>RM</role-name>
  </security-role>
  weblogic.xml
  <security-role-assignment>
  <role-name>RM</role-name>
  <principal-name>RM</principal-name> /* Since its the same WLS Server the same group as above will hold good */
  </security-role-assignment>
  + I have done the mapping of UserGroups of the Portlets to J2EE Roles of Webcenter Portal consumer during Portlet Registration process.
  I have a requestScoped managedBean within my JSFPortlet where I'm retrieving the user Principal and Roles -
  public String getLoggedInUser() {
  FacesContext facesContext = FacesContext.
  getCurrentInstance();
  ExternalContext ectx = facesContext.getExternalContext();
  PortletRequest portletRequest = (PortletRequest)ectx.getRequest();
  return ( portletRequest.getUserPrincipal().getName());
  public String getPortletUserRole(){
  FacesContext facesContext = FacesContext. getCurrentInstance();
  ExternalContext externalContext = facesContext.getExternalContext();
  PortletRequest portletRequest = (PortletRequest)externalContext.getRequest();
  if ( portletRequest.isUserInRole ("RM") == true ) return "RM" ;
  else return "";
  Results :
  The getLoggedInUser returns ""
  And so does the getPortletUserRole method.
  What am I missing and whether this is the correct approach to get the userRoles from PortalApp to Portlet.
  Env: JDEV 11.1.1.5 , Integrated WLS
  Note: I haven't done any configuration related to WS-Security between Portal App and Portlet App,_ since both are deployed to the same integrated Server.
  -Reju

  If you haven't already you have to perform user category mapping between the portal roles to portlet roles.
  This can be achieved using WLST scripts.
  Thanks.
  Micah C.

• Error while creating user in LDAP (MS ADS) from SAP Portal 7.0

  Hi,
  Is it obliged to use SSL connection to create new user in LDAP (MS ADS) from SAP Portal 7.0 ?
  I've configured the UME with ldap server adress and port 389. And use configuration file "dataSourceConfiguration_ads_writeable_db.xml"
  I succeed to view users existing in LDAP but when I try to create new user I've the following error message:
  LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0)
  Thanks and regards

  check this link
  http://help.sap.com/saphelp_nw70/helpdata/EN/37/cfd93f130f9115e10000000a155106/frameset.htm
  and at the end of the page there is a qoute "We strongly recommend that you configure SSL between the UME and the LDAP directory. Some LDAP directories, such as Microsoft Active Directory Server, require an SSL connection if you want to create users on the LDAP directory"
  hence follow this link to configure SSL
  http://help.sap.com/saphelp_nw70/helpdata/EN/7d/77fa735e5f47a2a50b5336fd1b5a61/frameset.htm
  hope this helps..
  [Rahul|http://rahulursportal.blogspot.com/]

• Operations on Users in Prod portal from QA Portal

  Hi All,
  We are planning to develop a User Management tool which will be running from QA Portal.
  For this we are planning to develop a WD Java application from which admin can create. modify users, lock and unlock group of users, add roles or modify roles.
  But client wants to run this application from QA portal and he should be able to do above operations in Dev and Prod portals also.
  Is this scenario possible? If yes, please tell me how to implement this.
  Regards,
  Satish

  Dear Satish,
  I think as per your requirement, you can only do if you are not using UME database for user. Suppose you UME datasource using LDAP or ABAP etc.
  Then you may connect same LDAP from dev, qa or prod and. COnnect to LDAP server from UME Datasource form QA and Prod. then you can do from QA  UME activites and it will also refelect to Prod because changes will done in LDAP server which is connected to Prod.
  Hope it will helps.
  Best Regards
  Arun Jaiswal

• Cannot prevent authenticated users from creating a blog on "My Page"

  I have a brand new Snow Leopard (10.6.1) 2.26 Ghz quad core Xserve with 12Gb RAM that will be used for web collaboration services. I've currently set up Wiki and Blog services with a group membership to allow creating wikis/blogs. The reason for this is for staff development purposes with the plan to add people into the group as they are trained. The process to set it all up was very simple, however, I'm having an issue preventing authenticated users from creating a personal blog. Although I can prevent the creation of wiki's to members of a group easily, any authenticated user on the server can log into "My Page" and will be able to create a blog. I've gone to server admin>choose the server>choose the "access" icon and set the column "for selected services below" (blog) to "allow only users and groups below" (the group) and it still doesn't prevent them from making a blog page. In WGM for the group on the "Basic" tab, the "enable the following services for this group" has only the choice of "none" and therefore since the site isn't showing as a choice, the Wiki, Blog, Calendar and Mailing List is grayed out. I've seen another thread that states in 10.6 that option for setting the service acl in the group settings of WGM is unavailable. Does anyone know a fix for my problem of security access for a "My Page" blog or is it a possible bug in Snow Leopard? Right now my only workaround is to remove the users access and enable it as they are trained. This isn't an ideal fix, however, because we have some users who want to limit their wiki or blog to authenticated users only, not public access. Any help will be greatly appreciated.
  Message was edited by: dstrollo.il

  Ran into this same issue.... Talked with a field engineer who confirmed the behavior. The question now is this a defect or "feature that does not work as as the audience desires". As I far can tell, the security setting for blogs in server admin does nothing at all. This has the potential to cause a few issues as you cannot limit who can have a blog.
  Message was edited by: jlindler

• 10.6.1 Server - cannot prevent authenticated users from creating a blog

  I have a brand new Snow Leopard (10.6.1) 2.26 Ghz quad core Xserve with 12Gb RAM that will be used for web collaboration services. I've currently set up Wiki and Blog services with a group membership to allow creating wikis/blogs. The reason for this is for staff development purposes with the plan to add people into the group as they are trained. The process to set it all up was very simple, however, I'm having an issue preventing authenticated users from creating a personal blog. Although I can prevent the creation of wiki's to members of a group easily, any authenticated user on the server can log into "My Page" and will be able to create a blog. I've gone to server admin>choose the server>choose the "access" icon and set the column "for selected services below" (blog) to "allow only users and groups below" (the group) and it still doesn't prevent them from making a blog page. In WGM for the group on the "Basic" tab, the "enable the following services for this group" has only the choice of "none" and therefore since the site isn't showing as a choice, the Wiki, Blog, Calendar and Mailing List is grayed out. I've seen another thread that states in 10.6 that option for setting the service acl in the group settings of WGM is unavailable. Does anyone know a fix for my problem of security access for a "My Page" blog or is it a possible bug in Snow Leopard? Right now my only workaround is to remove the users access and enable it as they are trained. This isn't an ideal fix, however, because we have some users who want to limit their wiki or blog to authenticated users only, not public access. Any help will be greatly appreciated.

  Thanks for the suggestion, but that would prevent all users from creating personal blogs. I was hoping to be able to have a group of users that can create a personal blog outside of the blog attached to a wiki.

• User id passed from Portal report?

  How do I capture the user id of the OID user that is running a portal report?
  I would like to pass this userid to a backend procedure.
  Thanks in advance for any help offered!

  You can use it either in a sql query (in a column in a select statement or where clause) or in plsql (Additional PLSQL tab in the report wizard.) Here are a few simple examples:
  select * from yourtable y where UPPER(y.username) = portal.wwctx_api.get_user
  select sysdate todays_date, portal.wwctx_api.get_user user_name from dual
  DECLARE
  v_userid NUMBER;
  BEGIN
  v_userid := portal.wwctx_api.get_user_id;
  htp.p(v_userid);
  END;

• Authenticated Users & Users missing from Root

  Hello,
  Environment: MDT 2013, 2008 R2, Windows 7 x86.  MDT is located on Windows 7 x86 and is not integrated with SCCM or WDS.
  Process: Separate build, capture, and deployment task sequences.
  Problem:  After deployment the Authenticated Users and local Users are missing from the root (e.g., c:).  The only security permissions assigned to the root are SYSTEM, domain account, Local Administrator.
  This causes problems once joined to a domain due to the fact Authenticated Users have no permissions forcing a given user to have a temporary account.  So far, only a partial workaround is identified and is undesirable in the long-run.  The workaround
  is to manually add Authenticated Users as well as the Local Users to the root and delete the domain account but the system will only allow partial inheritance through the file structure.  Delete all entries for a particular user in the registry (e.g.,
  PolicyGUID, ProfileGUID, ProfileList).  Afterwards, log in to the machine with an account within the domain administrator group.
  Additional information shows the registry Profilelist entries for a user maintains partial access with a value of 204; this includes the user and a domain account within the administrator group.  The domain account present after deployment has a value
  of 0.  Two accounts have the expected value of 256 and they are the local and domain administrator account.
  Also, if the same image is deployed using the PE environment the accounts are as they should be.  The groups added are: Authenticated Users, Localmachine\Users, SYSTEM, Localmachine\Administrators.
  The questions are: why would the Authenticated Users and Local Users accounts be missing?  Why is the account used to deploy added?
  Help is very appreciated, and thank you.

  Hello, Nicholas the sysprep and capture is completed by a default template from MDT LTI sequence.  The answer file used is the default provided by MDT.  No attempt is made to capture from winpe because this simply negates the point of the MDT process. 
  However, applying the same image from winpe there are no permission issues and all the appropriate groups are assigned to the root.
  With returning to the office this fine morning, I ran icacls on a machine:
  C:\Users\Administrator>icacls c:\
  c:\ No mapping between account names and security IDs was done.
  (I)(OI)(CI)(F)
  BUILTIN\Administrators:(I)(OI)(CI)(F)
  NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
  Mandatory Label\High Mandatory Level:(OI)(NP)(IO)(NW)
  Successfully processed 1 files; Failed processing 0 files
  Thank you for the continued effort, Nicholas.  With the additional icacls information I will delve into the general error provided.