Authentication Exception

Similar Messages

• "Authentication Exception due to incorrect handler" error

  I install Java Enterprise Platform 2003Q4
  In current time i have problem in PS 6.2 with creating multiple organisation on single portal server.
  I make procedures two times, from http://docs.sun.com/source/816-6748-10/dsameadm.html#wp27088
  - chapter "Creating a New Portal Organization Quick Start " and i have strange message:
  "Authentication Exception due to incorrect handler." on URL http://server:port/amserver/UI/login?org=neworg.
  But, PS normally log in to user's area on newly created organisation from Identity server console;

  Hi all,
  I also had a same problem when i was testing Following SSO scenario.
  I had deployed my two web application on physically separate machines named A, B.
  My Sun Access Manager (IDP) was on Machine say C.
  while accessing any page of web Application A from machine B. According to SSO mechanism he asks for SAM login.
  Hence Login page of SAM was not rendered properly.After Giving Credentials SAM thrown above error.
  I Just inserted the SAM URL. i.e http:///SAMidp in the Trusted sites of Browser.
  And It worked fine..
  Thanks
  Manohar

• Handling LDAP Authentication exceptions

  I am looking for any documentation or advise on how to handle authentication exceptions from an LDAP source. More specifically, I need to be able to notify users when their passwords are expired or wrong and then redirect them to a self-service password page. I have the sel-service page, I just have no idea where and how to intercept the authentication response.
  Nigel

  Hi Nigel,
  In it is not currently possible for the portal to differentiate between different reasons for the login to fail. For example, it cannot tell you that a user login failed since the remote authentication source is down vs. the user used the wrong password. Internally, the LDAP Native Auth Provider candifferenetiate, and this prevents users from getting locked out when the remote LDAP server is down or the connection to it is being flaky vs. someone trying the wrong password 3 times in a row. Unfortunately, this is not currently exposed via our event interface.
  I'd recommend you check out the following "events" via PEI (Plumtree Event Interfaces):
  OnBeforeLoginOnAfterLoginOnFailedLoginOnBeforeLogin
  The third one (highlighted above) is probably what you want to hook into and redirect to your self-service password page. On this page, you should tell the user that they were unable to login and that this could be for any of many reasons, and help them diagnose the problem.
  You can read more about PEIs in Chapter 7 of the 5.0.2 UI Customization guide. G'luck!
  -aki-

• "Peer Not Authenticated" exception.

  I am trying to connect to a SSL enabled Lotus Domino Mail Server, using JSSE.
  At the client side this is the exception encountered:
  javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
       at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain([DashoPro-V1.2-120198])
       at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java, Compiled Code)
       at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java, Compiled Code)
       at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2459)
       at HTTPClient.HTTPConnection.Get(HTTPConnection.java:812)
       at com.tibco.portal.transformation.APHTTPCache.getHTTPResponse(Unknown Source)
       at com.tibco.portal.transformation.APHTTPCache.getSingleResponse(Unknown Source)
       at com.tibco.portal.transformation.APHTTPCache.getContent(Unknown Source)
       at com.tibco.portal.transformation.APHttpSourceInstance.getContentObject(Unknown Source)
       at com.tibco.portal.transformation.APHttpSourceInstance.getUnstructuredContent(Unknown Source)
  And at the Lotus Domino server end this is the error logged:
  [25/Jul/2001:10:05:02 +0800] [PUT NOT ALLOWED] [host: 10.96.68.234] SSL Handshake failed
  I already have the correct certificate imported.
  Any help is appreciated.
  -Asha

  Hi Asha,
  Try by setting setNeedClientAuth(true) on the SSLSocketFactory .
  Netscape 4.51 works fine.It works fine. IE 5.0 apparently doesn't like to do client authentication over an HTTPS SSL socket which has already been handshaked. If the server instead requests client authentication for the initial handshake on the HTTPS socket then everything works fine with IE. The SSLPeerNotAuthenticated exception correct reflects the fact that IE has chosen to not client authenticate.
  Hope this will help you.
  Regards,
  Anil.
  Techncial Support Engineer.

• Peer not authenticated exception on every SSL request

  I'm using VeriSign-issued SSL certificates and WebLogic appears to be working fine with them.  No browser issues, no server errors -- unless I enable SSL debugging.  We were investigating an earlier issue (See: Extremely slow Apache 2.2-WebLogic 12c proxy behavior when using SSL) and we noticed that with every SSL request, we see the following error in the weblogic-server.log:
  ####<Nov 18, 2013 3:46:52 PM CST> <Debug> <SecuritySSL> <zlxv8131.vci.att.com> <CASWEBAdminServer> <ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1384811212294> <BEA-000000> <Exception processing certificates: peer not authenticated
  javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
          at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
          at weblogic.servlet.provider.WlsSecurityProvider.getSSLAttributes(WlsSecurityProvider.java:203)
          at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:163)
          at weblogic.servlet.internal.VirtualConnection.init(VirtualConnection.java:74)
          at weblogic.servlet.internal.ServletRequestImpl.initFromRequestParser(ServletRequestImpl.java:300)
          at weblogic.servlet.internal.HttpConnectionHandler.dispatch(HttpConnectionHandler.java:558)
  We continue to see this for every HTTPS request -- every initial GET for the page, and all GETs for associated scripts, images, stylesheets, etc. 
  This is WebLogic 12.1.1.0 on Red Hat Enterprise Linux 6.  I have the following startup options set:
  -Dweblogic.StdoutDebugEnabled=true
  -Dssl.debug=true
  -Dweblogic.security.SSL.nojce=true
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  -Dweblogic.security.SSL.enforceConstraints=off
  Is this actually a concern, given that we only see it when extended SSL debugging is enabled?  When I Google (or search the Oracle forums) for this error, I find only my earlier posting, or folks dealing with self-signed certificates.  Surely this is a more common issue.  We are experiencing it on several different WebLogic installations on different servers.  Exact same error on every SSL request, yet the page renders fine and there are no processing errors or delays -- just the debugging error above.
  Any assistance would be much appreciated!
  --sam

  I using WebLogic 12.1.2 and having the same problem.
  <Dec 5, 2013 3:13:01 PM SGT> <Debug> <SecuritySSL> <BEA-000000> <Exception processing certificates: peer not authenticated
  javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
          at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
          at weblogic.servlet.provider.WlsSecurityProvider.getSSLAttributes(WlsSecurityProvider.java:222)
          at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:165)
          at weblogic.servlet.internal.VirtualConnection.init(VirtualConnection.java:75)
          at weblogic.servlet.internal.ServletRequestImpl.initFromRequestParser(ServletRequestImpl.java:303)
          at weblogic.servlet.internal.HttpConnectionHandler.dispatch(HttpConnectionHandler.java:570)
          at weblogic.servlet.internal.MuxableSocketHTTP.dispatch(MuxableSocketHTTP.java:119)
          at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:216)
          at weblogic.socket.MuxableSocketDiscriminator.dispatch(MuxableSocketDiscriminator.java:186)
          at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:216)
          at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:996)
          at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:928)
          at weblogic.socket.NIOSocketMuxer.process(NIOSocketMuxer.java:507)
          at weblogic.socket.NIOSocketMuxer.processSockets(NIOSocketMuxer.java:473
          at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:30)
          at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:
  43)
          at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:147)
          at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:119)
  >
  The page renders fine but when I use t3s connection (for ssl) as following:
  Context oContext ;
  Hashtable <String,String> oHashtable = new Hashtable<String,String>();
  oHashtable.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
  oHashtable.put(Context.PROVIDER_URL,  "t3s://localhost:7002");
  oContext = new InitialContext(oHashtable);
  I will get the following error:
  <Dec 5, 2013 3:19:09 PM SGT> <Debug> <SecuritySSL> <BEA-000000> <[Thread[Execute
  Thread: '0' for queue: 'weblogic.socket.Muxer',5,Thread Group for Queue: 'weblogic.socket.Muxer']]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.unwrap(ByteBuffer,ByteBuffer[]).
  javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
          at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
          at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
          at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
          at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
          at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
          at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
          at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
  Please help on this. Thanks.

• Catching authentication exception in form-based authentication

  Hi.
  I have a custom UserManager that implements a simple authentication of username/password.
  The web-application is secured using a form-based login-config in web.xml with a form-login-page and a form-error-page. Both these resources points to the same page (login.jsp).
  I want to present a relevant error message when the user fails to log-in (providing wrong username or password, or there is an exception in the UserManager). As far as I can tell there is no way to handle this in a straight-forward manner: When I throw an exception in the UserManager this exception is swallowed by OC4J and never propagates to the form-error-page specified in web.xml. All I can do is to provide a "default" message on the error-page saying "Failed to login". There is no way to tell if the login failed due to invalid username/password or if the login failed due to an unexpected exception in the UserManager implementation (i.e. SQLException).
  I can go around this by storing the relevant error message in a ThreadLocal variable from the UserManager and retrieve this message from the error jsp page. But this is ugly :)
  Shouldn't the form-error-page receive a Throwable in the exception-object? Or is the behavior in OC4J the "standard" way to handle these issues?
  Best Regards //Anders

  Since no one is replying I'm refreshing the thread with some more info..
  Cut from the Servlet 2.3 Specification (in SRV.12.5.3, Form Based Authentication):
  When a user attempts to access a protected web resource, the container checks the user s authentication.
  If the user is authenticated and possesses authority to access the resource, the requested web resource is activated and a reference to it is returned.
  If the user is not authenticated, all of the following steps occur:
  1. The login form associated with the security constraint is sent to the client and the URL path triggering the authentication is stored by the container.
  2. The user is asked to fill out the form, including the username and password fields.
  3. The client posts the form back to the server.
  4. The container attempts to authenticate the user using the information from the form.
  5. If authentication fails, the error page is returned using either a forward or a redirect, and the status code of the response is set to 401.
  6. If authentication succeeds, the authenticated user s principal is checked to see if it is in an authorized role for accessing the resource.
  7. If the user is authorized, the client is redirected to the resource using the stored URL path.
  The error page sent to a user that is not authenticated contains information about the failure.
  The last sentence could be interpreted as "The container should provide the error page with a valid exception object".
  How is this implemented in other servlet containers - JBoss, Websphere, Weblogic, Orion?
  //Anders

• In WAS Form Based Authentication : Exception Servlet Not Found: FormLoginSe

  Hi,
  I am using form bases athentivation in WebSpahe Application Server.
  When I am send the login.jsp then this exception is comming
  com.ibm.ws.webcontainer.servlet.exception.ServletNotFoundException: Servlet Not Found: FormLoginServlet
  with regards
  Siddharth
  ([email protected])

  Hi,
  I am using form bases athentivation in WebSpahe Application Server.
  When I am send the login.jsp then this exception is comming
  com.ibm.ws.webcontainer.servlet.exception.ServletNotFoundException: Servlet Not Found: FormLoginServlet
  with regards
  Siddharth
  ([email protected])

• User authentication Exception

  Sir,
  THis problem i have faced during when i trying run Ecperf Benchmark .
  for this purpose a driver.bat file the contents of driver.bat is such as....
  start %JAVA_HOME%\bin\rmiregistry
  Pause
  start %JAVA_HOME%\bin\java -Djava.security.policy=%DRIVER_POLICY% %DRIVER_PACKAGE%.ControllerImpl
  Pause
  start %JAVA_HOME%\bin\java -Djava.naming.factory.initial=%JNDI_CLASS% -Djava.naming.provider.url=%NAMING_PROVIDER% -Djava.security.policy=%DRIVER_POLICY% -Dorg.omg.CORBA.ORBInitialHost=%SUT_MACHINE% -Djava.naming.security.principal=admin -Djava.naming.security.credentials=welcome %DRIVER_PACKAGE%.MfgAgent %CONFIG_DIR%/agent.properties M1 %DRIVER_MACHINE%
  start %JAVA_HOME%\bin\java -Djava.naming.factory.initial=%JNDI_CLASS% -Djava.naming.provider.url=%NAMING_PROVIDER% -Djava.security.policy=%DRIVER_POLICY% -Dorg.omg.CORBA.ORBInitialHost=%SUT_MACHINE% -Djava.naming.security.principal=admin -Djava.naming.security.credentials=welcome %DRIVER_PACKAGE%.LargeOLAgent %CONFIG_DIR%/agent.properties L1 %DRIVER_MACHINE%
  start %JAVA_HOME%\bin\java -Djava.naming.factory.initial=%JNDI_CLASS% -Djava.naming.provider.url=%NAMING_PROVIDER% -Djava.security.policy=%DRIVER_POLICY% -Dorg.omg.CORBA.ORBInitialHost=%SUT_MACHINE% -Djava.naming.security.principal=admin -Djava.naming.security.credentials=welcome %DRIVER_PACKAGE%.OrdersAgent %CONFIG_DIR%/agent.properties O1 %DRIVER_MACHINE%
  Pause
  %JAVA_HOME%\bin\java -Djava.naming.factory.initial=%JNDI_CLASS% -Djava.naming.provider.url=%NAMING_PROVIDER% %DRIVER_PACKAGE%.Driver %CONFIG_DIR%/run.properties
  After proper setting when i try to run ecperf Benchmark , i have to faced this Exception.
  O1 started ...
  OrdersAgent O1, Thread 0 started
  ohome = OrderSes
  javax.naming.NamingException: Lookup error: javax.naming.AuthenticationException: Invalid username/password for default (); nested exception is:
  javax.naming.AuthenticationException: Invalid username/password for default ()
  at com.evermind.server.rmi.RMIContext.lookup(RMIContext.java:134)
  at javax.naming.InitialContext.lookup(InitialContext.java:350)
  at com.sun.ecperf.driver.OrderEntry.getReady(OrderEntry.java:278)
  at com.sun.ecperf.driver.OrderEntry.run(OrderEntry.java:107)OrdersAgent O1, Thread 1 started
  ohome = OrderSes
  javax.naming.NamingException: Lookup error: javax.naming.AuthenticationException: Invalid username/password for default (); nested exception is:
  javax.naming.AuthenticationException: Invalid username/password for default ()
  at com.evermind.server.rmi.RMIContext.lookup(RMIContext.java:134)
  at javax.naming.InitialContext.lookup(InitialContext.java:350)
  at com.sun.ecperf.driver.OrderEntry.getReady(OrderEntry.java:278)
  at com.sun.ecperf.driver.OrderEntry.run(OrderEntry.java:107)
  OrdersAgent O1, Thread 2 started
  ohome = OrderSes
  javax.naming.NamingException: Lookup error: javax.naming.AuthenticationException: Invalid username/password for default (); nested exception is:
  javax.naming.AuthenticationException: Invalid username/password for default ()
  at com.evermind.server.rmi.RMIContext.lookup(RMIContext.java:134)
  at javax.naming.InitialContext.lookup(InitialContext.java:350)
  at com.sun.ecperf.driver.OrderEntry.getReady(OrderEntry.java:278)
  at com.sun.ecperf.driver.OrderEntry.run(OrderEntry.java:107)
  OrdersAgent O1, Thread 3 started
  ohome = OrderSes
  javax.naming.NamingException: Lookup error: javax.naming.AuthenticationException: Invalid username/password for default (); nested exception is:
  javax.naming.AuthenticationException: Invalid username/password for default ()
  at com.evermind.server.rmi.RMIContext.lookup(RMIContext.java:134)
  at javax.naming.InitialContext.lookup(InitialContext.java:350)
  at com.sun.ecperf.driver.OrderEntry.getReady(OrderEntry.java:278)
  at com.sun.ecperf.driver.OrderEntry.run(OrderEntry.java:107)
  OrdersAgent O1, Thread 4 started
  ohome = OrderSes
  javax.naming.NamingException: Lookup error: javax.naming.AuthenticationException: Invalid username/password for default (); nested exception is:
  javax.naming.AuthenticationException: Invalid username/password for default ()
  at com.evermind.server.rmi.RMIContext.lookup(RMIContext.java:134)
  at javax.naming.InitialContext.lookup(InitialContext.java:350)
  at com.sun.ecperf.driver.OrderEntry.getReady(OrderEntry.java:278)
  at com.sun.ecperf.driver.OrderEntry.run(OrderEntry.java:107)
  How i am able to solve this problem .
  thanks in advance
  avaneesh

  If you use Oracle AS:
  Set the security username and password for OC4J access:
  http://localhost:18100/ -> j2eeApplications -> your_web_app -> Security
  Be sure to grant RMI access to the user group.
  !!You need to restart server for changes to take effect!!
  http://localhost:18100/ -> "Restart all"

• Setting Authentication and SSL Settings by folder/file in ColdFusion 10

  Am attempting to upgrade to ColdFusion 10 (patched to current level) on our development network.  We are running Windows Server 2008 R2.  On both of the below instances it worked fine with ColdFusion 8 and 9.
  On the first instance the entire site is SSL with the exception of one directory.  The entire site is set to Anonymous Authentication Disabled and Windows Authentication Enabled for the entire site except for the one directory that is not SSL.  On ColdFusion 10, that one directory that is not supposed to be SSL and have anonymous authentication will not allow access unless you hit it with an https: and authenticate.  It ignores the settings for that directory and uses the overall site settings.
  On another instance the entire site is set to Anonymous Authentication except one file (login.cfm) is set to Windows Authentication.  When you enter that site it hits the login.cfm, if you authenticate it gives you more options.  If you don't you still get in but without the extra options.  The system ignores the Windows Authentication and defaults to the overall site's setting of Anonymous Authentication.  I have tried setting the authentication at the site level to both Anonymous and Windows then going through individual directories and changing them to what they should be, but the settings are ignored and it uses the overall site settings.
  Is Tomcat somehow overriding the page/folder specific SSL and or Authentication settings?

  Charlie, I appreciate you helping rule out the possible discrepancies in the installation.  As far as server configuration, all testing is being done on two virtual Windows Sever 2008 R2 64 bit boxes running IIS 7.5  One of the boxes was upgraded from ColdFusion 9.01 and one that is a new install on a new virtual machine.  The CF9.01 box has been processing both the SSL and non-SSL properly. The only changes I made to the CF9.01 I upgraded was to turn on CGI in the IIS settings.  Both servers show the same problems so I kind of ruled out the new server vice upgrade issue.  I checked the inheritance and all of the files have the same windows user's permissions.  I have imported the SSL certificates into the JRE\security\lib\certs.  I am guessing those are imported correctly otherwise it would not allow the SSL to work at all. All SSL/windows authentication has been set up through IIS, I have not tried to modify any Tomcat settings.
  I created a .htm file and put it in both a directory that is SSL protected and one (ScheduledTasks) that is not SSL protected.  It worked fine. That is if it was in a directory that should have been protected by SSL it prompted me for my CAC and pin.  When I put it in the ScheduledTasks directory and tried opening it with a stander http:// it worked fine.  I then tried to open a .cfm in the same directory and I got the standard 403-Forbidden: Access is denied.  You do not have permission to view this directory or page using the credentials that you supplied.

• Random Peer Not Authenticated

  We've encountered a rather delicious problem that we believe might be a bug in JSSE. We have a URL with valid Verisign certificate. We have a Java client that uses Inovention's HTTPClient library which in turn is set to use Sun's JSSE for HTTPS. We can run for days with no problems and then all of sudden the client refuses to validate the server certificate, throwing a Peer Not Authenticated Exception. We turned on the -Djavax.net.debug=all flag and found that both the "good" and "bad" handshakes had completely identical request/response packets -- up until the point when somewhere deep Sun's JSSE code an ArrayIndexOutOfBounds exception was thrown causing JSSE to think the certificate was not go (hence a Peer Not Authenticated Exception). We decomplied/recompiled JSSE with a few lines of debugging to print out a stack trace of the ArrayIndexOutOfBounds exception, but it didn't really tell us much.
  Here is the unencrypted SSL handshake dump (plus extra debugging). We are completely baffled at this one and are thinking about trying a different SSL implementation.
  chain [0] = [
  Version: V3
  Subject: CN=GETADNDATA.ACXIOM.COM, OU=ADNPLPWEB1, O=ACXIOM, L=Conway, ST=Arkansas, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@9b72a131
  Validity: [From: Tue Feb 19 19:00:00 EST 2002,
                 To: Mon Mar 03 18:59:59 EST 2003]
  Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
  SerialNumber: [    7d6e3ded edac9ca1 6eace72a 1c3659e2 ]
  Certificate Extensions: 7
  [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
  0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
  0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
  [2]: ObjectId: 2.16.840.1.113733.1.6.15 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 0B 16 09 31 37 36 33 39 31 39 34 34 ....176391944
  [3]: ObjectId: 2.5.29.32 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 3D 30 3B 30 39 06 0B 60 86 48 01 86 F8 45 01 .=0;09..`.H...E.
  0010: 07 17 03 30 2A 30 28 06 08 2B 06 01 05 05 07 02 ...0*0(..+......
  0020: 01 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 ...https://www.v
  0030: 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 erisign.com/rpa
  [4]: ObjectId: 2.5.29.31 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 35 30 33 30 31 A0 2F A0 2D 86 2B 68 74 74 70 .50301./.-.+http
  0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
  0020: 63 6F 6D 2F 52 53 41 53 65 63 75 72 65 53 65 72 com/RSASecureSer
  0030: 76 65 72 2E 63 72 6C ver.crl
  [5]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
  DigitalSignature
  Key_Encipherment
  [6]: ObjectId: 2.5.29.37 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 16 30 14 06 08 2B 06 01 05 05 07 03 01 06 08 ..0...+.........
  0010: 2B 06 01 05 05 07 03 02 +.......
  [7]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  Algorithm: [MD5withRSA]
  Signature:
  0000: 09 83 38 05 2D 9B 5B A7 17 4F 48 AB 3D 52 34 13 ..8.-.[..OH.=R4.
  0010: 1E B8 28 B3 3F A9 EB 02 27 37 35 0B A6 5A AB DF ..(.?...'75..Z..
  0020: B2 E2 35 FE 59 F7 33 2A 67 C5 B6 BC 1D 3C 0C BF ..5.Y.3*g....<..
  0030: FD 71 90 9F 5F 15 A6 F7 A5 8E 88 CF A6 64 A0 56 .q.._........d.V
  0040: 73 33 2D 3A 9E 9E 1D 1D 03 3B 76 C9 E6 05 08 0E s3-:.....;v.....
  0050: 14 8C 19 28 EB 00 D6 44 F1 06 42 AB C6 50 9A 05 ...(...D..B..P..
  0060: 2F 42 06 A1 9D DA 40 22 FA EF 21 27 43 C6 8A 05 /B....@"..!'C...
  0070: 6D 33 08 0A 31 89 3F 05 32 78 57 F4 85 m3..1.?.2xW..
  chain [1] = [
  Version: V1
  Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
  Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@afd22131
  Validity: [From: Tue Nov 08 19:00:00 EST 1994,
                 To: Thu Jan 07 18:59:59 EST 2010]
  Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
  SerialNumber: [    02ad667e 4e45fe5e 576f3c98 195eddc0 ]
  Algorithm: [MD2withRSA]
  Signature:
  0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
  0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
  0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
  0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
  0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
  0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
  0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
  0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
  Entering method b(X509Certificate[])
  Got a PublicKey: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@afd22131
  java.lang.ArrayIndexOutOfBoundsException: 0
       at COM.rsa.jsafe.dd.a([DashoPro-V1.2-120198])
       at COM.rsa.jsafe.ak.b([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.JS_Signature.engineVerify([DashoPro-V1.2-120198])
       at java.security.Signature$Delegate.engineVerify(Signature.java:652)
       at java.security.Signature.verify(Signature.java:385)
       at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:288)
       at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:252)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.b(X509TrustManagerImpl.java:289)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.isServerTrusted(X509TrustManagerImpl.java:236)
       at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.isServerTrusted([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
       at java.io.OutputStream.write(OutputStream.java:66)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.getSession([DashoPro-V1.2-120198])
       at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java)
       at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java)
       at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java)
       at HTTPClient.HTTPConnection.Post(HTTPConnection.java)
       at HTTPClient.HTTPConnection.Post(HTTPConnection.java)
       at com.mbusa.trillium.AbiliTecRequest.postRequest(AbiliTecRequest.java)
       at com.mbusa.trillium.AbiliTecRequest.execute(AbiliTecRequest.java)
       at com.mbusa.trillium.AppendLinkRequest.fillAbiliTecID(AppendLinkRequest.java)
       at com.mbusa.trillium.TrilliumAPIHandler.basicGetAbiliTecID(TrilliumAPIHandler.java)
       at com.mbusa.trillium.TrilliumAPIHandler.matchClient(TrilliumAPIHandler.java)
       at com.mbusa.trillium.TrilliumAPIHandler.matchClient(TrilliumAPIHandler.java)
       at java.lang.reflect.Method.invoke(Native Method)
       at com.mbusa.lang.DynamicObject.perform(DynamicObject.java)
       at com.mbusa.lang.DynamicObject.perform(DynamicObject.java)
       at com.mbusa.service.RemoteMethodHandler.selfPerform(RemoteMethodHandler.java)
       at com.mbusa.service.RemoteMethodHandler.performCommand(RemoteMethodHandler.java)
       at com.mbusa.service.RemoteMethodHandler.handle(RemoteMethodHandler.java)
       at com.mbusa.net.CommAdapter.run(CommAdapter.java)
       at java.lang.Thread.run(Thread.java:481)
  verify failed: [
  Version: V3
  Subject: CN=GETADNDATA.ACXIOM.COM, OU=ADNPLPWEB1, O=ACXIOM, L=Conway, ST=Arkansas, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@9b72a131
  Validity: [From: Tue Feb 19 19:00:00 EST 2002,
                 To: Mon Mar 03 18:59:59 EST 2003]
  Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
  SerialNumber: [    7d6e3ded edac9ca1 6eace72a 1c3659e2 ]
  Certificate Extensions: 7
  [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
  0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
  0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
  [2]: ObjectId: 2.16.840.1.113733.1.6.15 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 0B 16 09 31 37 36 33 39 31 39 34 34 ....176391944
  [3]: ObjectId: 2.5.29.32 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 3D 30 3B 30 39 06 0B 60 86 48 01 86 F8 45 01 .=0;09..`.H...E.
  0010: 07 17 03 30 2A 30 28 06 08 2B 06 01 05 05 07 02 ...0*0(..+......
  0020: 01 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 ...https://www.v
  0030: 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 erisign.com/rpa
  [4]: ObjectId: 2.5.29.31 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 35 30 33 30 31 A0 2F A0 2D 86 2B 68 74 74 70 .50301./.-.+http
  0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
  0020: 63 6F 6D 2F 52 53 41 53 65 63 75 72 65 53 65 72 com/RSASecureSer
  0030: 76 65 72 2E 63 72 6C ver.crl
  [5]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
  DigitalSignature
  Key_Encipherment
  [6]: ObjectId: 2.5.29.37 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 16 30 14 06 08 2B 06 01 05 05 07 03 01 06 08 ..0...+.........
  0010: 2B 06 01 05 05 07 03 02 +.......
  [7]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  Algorithm: [MD5withRSA]
  Signature:
  0000: 09 83 38 05 2D 9B 5B A7 17 4F 48 AB 3D 52 34 13 ..8.-.[..OH.=R4.
  0010: 1E B8 28 B3 3F A9 EB 02 27 37 35 0B A6 5A AB DF ..(.?...'75..Z..
  0020: B2 E2 35 FE 59 F7 33 2A 67 C5 B6 BC 1D 3C 0C BF ..5.Y.3*g....<..
  0030: FD 71 90 9F 5F 15 A6 F7 A5 8E 88 CF A6 64 A0 56 .q.._........d.V
  0040: 73 33 2D 3A 9E 9E 1D 1D 03 3B 76 C9 E6 05 08 0E s3-:.....;v.....
  0050: 14 8C 19 28 EB 00 D6 44 F1 06 42 AB C6 50 9A 05 ...(...D..B..P..
  0060: 2F 42 06 A1 9D DA 40 22 FA EF 21 27 43 C6 8A 05 /B....@"..!'C...
  0070: 6D 33 08 0A 31 89 3F 05 32 78 57 F4 85 m3..1.?.2xW..
  verify exception was: java.lang.ArrayIndexOutOfBoundsException: 0
  Thread-99, SEND SSL v3.1 ALERT: fatal, description = certificate_unknown
  Thread-99, WRITE: SSL v3.1 Alert, length = 2
  javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
       at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain([DashoPro-V1.2-120198])
       at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java)
       at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java)
       at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java)
       at HTTPClient.HTTPConnection.Post(HTTPConnection.java)
       at HTTPClient.HTTPConnection.Post(HTTPConnection.java)
       at com.mbusa.trillium.AbiliTecRequest.postRequest(AbiliTecRequest.java)
       at com.mbusa.trillium.AbiliTecRequest.execute(AbiliTecRequest.java)
       at com.mbusa.trillium.AppendLinkRequest.fillAbiliTecID(AppendLinkRequest.java)
       at com.mbusa.trillium.TrilliumAPIHandler.basicGetAbiliTecID(TrilliumAPIHandler.java)
       at com.mbusa.trillium.TrilliumAPIHandler.matchClient(TrilliumAPIHandler.java)
       at com.mbusa.trillium.TrilliumAPIHandler.matchClient(TrilliumAPIHandler.java)
       at java.lang.reflect.Method.invoke(Native Method)
       at com.mbusa.lang.DynamicObject.perform(DynamicObject.java)
       at com.mbusa.lang.DynamicObject.perform(DynamicObject.java)
       at com.mbusa.service.RemoteMethodHandler.selfPerform(RemoteMethodHandler.java)
       at com.mbusa.service.RemoteMethodHandler.performCommand(RemoteMethodHandler.java)
       at com.mbusa.service.RemoteMethodHandler.handle(RemoteMethodHandler.java)
       at com.mbusa.net.CommAdapter.run(CommAdapter.java)
       at java.lang.Thread.run(Thread.java:481)
  %% Client cached [Session-11, SSL_RSA_WITH_RC4_128_MD5]
  %% Try resuming [Session-11, SSL_RSA_WITH_RC4_128_MD5] from port 37667
  *** ClientHello, v3.1
  RandomCookie: GMT: 998650415 bytes = { 250, 15, 76, 81, 166, 214, 100, 36, 42, 123, 172, 48, 87, 224, 204, 87, 104, 13, 13, 252, 139, 7, 6, 69, 80, 241, 187, 253 }
  Session ID: {0, 0, 235, 228, 46, 58, 167, 168, 42, 79, 80, 97, 137, 186, 26, 43, 4, 5, 187, 20, 122, 144, 61, 98, 248, 133, 29, 131, 119, 169, 179, 28}
  Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
  Compression Methods: { 0 }
  [write] MD5 and SHA1 hashes: len = 91
  0000: 01 00 00 57 03 01 3C 86 32 2F FA 0F 4C 51 A6 D6 ...W..<.2/..LQ..
  0010: 64 24 2A 7B AC 30 57 E0 CC 57 68 0D 0D FC 8B 07 d$*..0W..Wh.....
  0020: 06 45 50 F1 BB FD 20 00 00 EB E4 2E 3A A7 A8 2A .EP... .....:..*
  0030: 4F 50 61 89 BA 1A 2B 04 05 BB 14 7A 90 3D 62 F8 OPa...+....z.=b.
  0040: 85 1D 83 77 A9 B3 1C 00 10 00 05 00 04 00 09 00 ...w............
  0050: 0A 00 12 00 13 00 03 00 11 01 00 ...........
  Thread-67, WRITE: SSL v3.1 Handshake, length = 91
  Thread-67, READ: SSL v3.1 Handshake, length = 1536
  *** ServerHello, v3.1
  RandomCookie: GMT: 30987 bytes = { 105, 65, 51, 210, 246, 7, 94, 128, 115, 207, 84, 178, 116, 120, 61, 85, 225, 208, 70, 111, 239, 140, 160, 95, 126, 6, 74, 20 }
  Session ID: {0, 0, 229, 0, 57, 140, 255, 11, 220, 44, 246, 19, 150, 78, 207, 18, 103, 155, 161, 60, 76, 244, 15, 184, 185, 137, 56, 9, 167, 236, 245, 181}
  Cipher Suite: { 0, 4 }
  Compression Method: 0
  %% Created: [Session-24, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  [read] MD5 and SHA1 hashes: len = 74
  0000: 02 00 00 46 03 01 00 00 79 0B 69 41 33 D2 F6 07 ...F....y.iA3...
  0010: 5E 80 73 CF 54 B2 74 78 3D 55 E1 D0 46 6F EF 8C ^.s.T.tx=U..Fo..
  0020: A0 5F 7E 06 4A 14 20 00 00 E5 00 39 8C FF 0B DC ._..J. ....9....
  0030: 2C F6 13 96 4E CF 12 67 9B A1 3C 4C F4 0F B8 B9 ,...N..g..<L....
  0040: 89 38 09 A7 EC F5 B5 00 04 00 .8........
  *** Certificate chain

  After much trial and error, it seems to have turned out that the JDK version was to blame. The code was running on an AIX box with the IBM JDK 1.2. After upgrading to the IBM JDK 1.3.1 (and still using Sun's JSSE 1.0.2), the problem went away.
  Unfortunately, after 4 months of no problems, the problem has mysteriously come back after server's machine was rebuilt (and hence received a new certificate).

• LDAP AUTHENTICATION- PLEASE HELP

  My client wants me use LDAP for authentication. I new to this: I have written a Authentication bean. As follows.
  //Used to authenticate user from LDAP directry.
  import javax.naming.*;
  import javax.naming.directory.*;
  import java.util.*;
  import java.lang.*;
  public class AuthBean {
       private boolean attempted;
       private String userName;
       private String password;
       public AuthBean() {
            attempted = false;
            userName = "";
            password = "";
       //Getter methods.
       public String getUserName() {
            return this.userName;
       public String getPassword() {
            return this.password;
       //Setter methods.
       public void setUserName (String userName) {
            this.userName = userName;
            if (!this.userName.equals("") && !this.password.equals(""))
            attempted = true;
       else
                 attempted = false;
       public void setPassword(String password) {
            this.password = password;
            if (!this.userName.equals("") && !this.password.equals(""))
                 attempted = true;
            else
                 attempted = false;
       //Checks to see if attempted.
       public boolean isAttempted() {
            return this.attempted;
       * Given a username and password, authenticates to the directory
       * Takes a String for username, String for password.
       * Calls getDn for the method.
       public boolean ldapAuthenticate (String username, String pass) {
            if ( username == null || pass == null ) {
                 System.out.println(" im here in the method");
                 System.out.println(" user" + username);
                 System.out.println(" pass" + pass);
                 return false;
            String dn = getDN(username);
                 System.out.println(" dn" + dn);
                 if ( dn == null)
                 return false;
                 dn = dn + ",o=hcfhe";
                 //dn = dn + ",o=mu";
                 System.out.println(dn);
                 String ldap_url = "ldap://10.1.1.199:389/ou=it,o=hcfhe";
                 //set variables for context
                 Hashtable env = new Hashtable();
                 env.put("com.sun.naming.ldap.trace.ber", System.err);
                 env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                 env.put(Context.PROVIDER_URL, ldap_url);
                 env.put(Context.SECURITY_AUTHENTICATION, "simple");
                 env.put(Context.SECURITY_PRINCIPAL, dn);
                 env.put(Context.SECURITY_CREDENTIALS, pass);
                 DirContext ctx;
                 //make connection, catch errors thrown
                 try {
                      ctx = new InitialDirContext(env);
                 } catch (AuthenticationException e) {
                           System.out.println("Authentication Exception");
                           return false;
                 } catch (NamingException e) {
                      e.printStackTrace();
                      return false;
            //close connection
            try {
                 ctx.close();
            } catch (NamingException ne) {
                      System.out.println(ne);
            return true;
       * This methods cheks for the username from the LDAP directory.
       * Takes a String.
       public String getDN(String username) {
            String dn = "";
            String ldap_url = "ldap://10.1.1.199:389/ou=it,o=hcfhe";
            Hashtable env = new Hashtable();
            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL, ldap_url);
            DirContext ctx;
            try {
                 ctx = new InitialDirContext(env);
                 SearchControls ctls = new SearchControls();
                 ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
                 String filter = "(uid=" + username + ")"; // Search for objects with these matching attributes
                 NamingEnumeration results = ctx.search("",filter,ctls);
                 if ( results != null && results.hasMoreElements()) {
                      SearchResult sr = (SearchResult)results.nextElement();
                      dn = sr.getName();
                 } else dn = null;
                           ctx.close();
            } catch (AuthenticationException e) {
                      System.out.println("Authentication Exception");
                      return null;
            } catch (NamingException e) {
                      e.printStackTrace();
                      return null;
                 return dn;
  I also done a validate. jsp as follows.
  <%@page import="register.AuthBean"%>
  <jsp:useBean id ="AuthBean" class="register.AuthBean" scope="session"/>
  <%
            //boolean valid = false;
            String username = request.getParameter("user");
            //System.out.println("The username" + username);
            String password = request.getParameter("password");
            //System.out.println("The username" +password);
  %>
       <jsp:setProperty name="AuthBean" property="userName" param="user" />
       <jsp:setProperty name="AuthBean" property="password" param= "password" />
  <%
                 //boolean validate = false;
                 String nn = AuthBean.getUserName();
                 System.out.println(nn);     
                 String dn = AuthBean.getDN(username);
                 System.out.println(dn);
                 boolean validate = AuthBean.ldapAuthenticate(username, password);
                 if(validate) {
                      response.sendRedirect("../admin/Adminindex.jsp");
                 } else {
                      response.sendRedirect("Login.html");
  %>
  At current I keep getting 'false' for validate. But there are no errors. I m using tomcat and apache, do I need to configure any of these to LDAP. If so can you show me some examples.
  Many thanks.

  Hi Irene,
  I am posting my LDAP Authentication code for you to look at. If you have any more questions, please respond to this posting. I have just three days ago implemented this for my client. It works on Web Sphere against Microsoft Active Directory.
  =====================================================================
  import javax.naming.directory.*;
  import javax.naming.ldap.*;
  import javax.naming.*;
  import java.util.*;
  import java.io.*;
  import java.lang.*;
  import java.math.*;
  * Insert the type's description here.
  * Creation date:
  * @author: Sajjad Alam
  public final class LDAPConn {
       public static java.lang.Object Conn;
  * LDAPConn constructor comment.
  public LDAPConn() {
       super();
  * Insert the method's description here.
  * @return java.lang.Object
  public static DirContext getConn() throws Exception {
       //Declarations of variables
       Hashtable env = new Hashtable(11);
       InitialLdapContext ctx = null;
       //==============LDAP Authentication of a given user stored in Active Directory=============
       System.out.println("Entered constructor for Ldap Context");
       //Initialize the Context Factory.
       env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
       env.put(Context.PROVIDER_URL, "ldap://XXX.XXX.XX.XXX:389/dc=domainURL1,dc=domainURL2,dc=com");
       try {
            The following syntax is a standard way of authenticating users stores in LDAP
            when JNDI api is used.
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
            env.put(Context.SECURITY_CREDENTIALS, "password");
            System.out.println("Issuing request to authenticate the user and create an LDAP context");
            ctx = new InitialLdapContext(env, null);
            System.out.println("Got handle on Ldap Context");
            //==============Completed Authentication of user=============
            //==============Retrieving attribute data about a user stored in Active Directory==========
            //Here we will retrieve attributes of one of the users in LDAP ("cn=");
            //Declarations of variables
            String userInfo = "cn=someUserName ,ou=Users,ou=something,ou=something";
            Attributes userAttr = ctx.getAttributes(userInfo);
            Attribute orgUnitAttr = null;
            //Looping through the enumeration to obtain attribute data
            for (NamingEnumeration ae = userAttr.getAll(); ae.hasMore();) {
                 Attribute attr = (Attribute) ae.next();
                 if (attr.getID().equals("distinguishedName"))
                      orgUnitAttr = attr;
                 System.out.print(" Attribute: " + attr.getID());
                 //Print each value
                 for (NamingEnumeration e = attr.getAll(); e.hasMore();) {
                      System.out.println(" Value: " + e.next());
            //============== Done retrieving attribute data about user==========
            //==============To find which organizational unit a user belongs provided we pass the user==========
            //This section of code uses the value from the "distinguishedName" attribute
            System.out.println("");
            Object parseOutOrgUnit = (Object) orgUnitAttr;
            System.out.println("We can obtain the organizational unit (Role) from the " + parseOutOrgUnit.toString());
            //======================================Done=============================
            // Close the context when we're done or you can close the connection where you are using this object.
            String grInfo = "CN=Sales-Administrator,OU=Java Application Accounts,OU=something,OU=something";
            Attributes grAttr = ctx.getAttributes(grInfo);
            //Looping through the enumeration to obtain attribute data
            for (NamingEnumeration ae = grAttr.getAll(); ae.hasMore();) {
                 Attribute attr = (Attribute) ae.next();
                 System.out.print(" Attribute: " + attr.getID());
                 //Print each value
                 for (NamingEnumeration e = attr.getAll(); e.hasMore();) {
                      System.out.println(" Value: " + e.next());
            //============== Done retrieving attribute data about user==========
            //==============To find which organizational unit a user belongs provided we pass the user==========
            //This section of code uses the value from the "distinguishedName" attribute
            System.out.println("");
            //======================================Done=============================
            ctx.close();
       catch (Exception e) {
            System.out.println(e.getLocalizedMessage());
       return ctx;

• Can't get the proxy authentication work over SSL from weblogic 8.1

  I'm trying to make a HTTPS connection through proxy server, and I get a 407 proxy authentication exception. I can succesfully connect from a stand-alone program, but I can't do it from a web application deployed on weblogic 8.1.
  I implemented weblogic.common.ProxyAuthenticator, and here's my implementation methods-
  public void init(String host, int port, String auth,
  String loginPrompt) {
  public String[] getLoginAndPassword() {
  String[] login = new String[2];
  login[0] = "test";
  login[1] = "test123";
  return login;
  And, in my code where I make the connection, I'm setting the following-
  System.setProperty(
  "weblogic.net.proxyAuthenticatorClassName",
  "test.client.MyProxyAuthenticator");
  Can anyone help, what the problem could be? I provided dummy implementation for init() method and I'm not sure what to provide there.
  Thanks in advance<pre></pre>

  I moved the system property setting into startWeblogic.sh (using -D...) and it works.

• My concern about ise authentication types

  Hi,
  Is it possible to bind a certificate to a computer, so that it should be identity of one device only like a mac address?
  If it is not possible then can anyone tell wat is diff between a user or certificate based authentication except the encryption capability. Because some one can export his computer certificate and install it onto anyother computer and can then plug that pc into network even if that pc is not authorized. So where is the security?
  My other point is  when a staff owns a sigle user-id but he can access using that single user id to access the network from multiple devices simulitanously, my question is why cisco ise allows this?  i must have had atleast  this capability not to allow multiple simulitanous connections using a single id
  Any comments

  We do not recommend exporting the private key associated with a  certificate because its value may be exposed. If you must export a  private key, specify an encryption password for the private key. You  will need to specify this password while importing this certificate into  another Cisco ISE server to decrypt the private key.
  Cisco ISE allows for a wide range of variables within authorization policies to ensure that only
  authorized users can access the appropriate resources when they access the network. The initial release
  of Cisco ISE supports only RADIUS-governed access to the internal network and its resources.
  So, I hope both the points are restrictiable by ISE.

• Invalid DistinguishedName throwing incorrect Exception

  Hi ,
  I am using Oracle Directory Server Enterprise Edition 11g. For an Incorrect DistinguishedName, the DirectoryContext should throw NameNotFoundException but instead it throws an incorrect Exception ie. Authentication Exception . The Exception code is 32 which is actually NameNotFoundException error code .
  Can you tell me if it is an observed behaviour .
  Thanks

  32 occurs in some cases where the operation is assuming an entry exists that does not. For instance, if you try to add a subordinate entry under a container that doesn't exist.
  Or are you saying that you are seeing err 49 when it should be err 32?

• Open Wireless authentication concept.

  Folks,
  We have been asked to explore the possibilities of getting an open wireless setup going for guests. This essentially means that guests coming in should get Internet access without having to feed in a username/password. Connecting to this SSID should take them to a portal page which mentions some policies about internet access. On accepting that the users must get Internet access.
  Can this be achieved on the Cisco Wireless controllers? Has anyone heard about the industry using such Wireless authentication? Is there any know setup that uses this kind of configuration?
  Thanks,
  N.

  Web Passthrough on Wireless LAN Controllers
  Web passthrough is a solution that is typically used for guest access. The process of web passthrough is similiar to that of web authentication, except that no authentication credentials are required for web passthrough.
  In web passthrough, wireless users are redirected to the usage policy page when they try to use the Internet for the first time. Once the users accept the policy, they can browse the Internet. This redirection to the policy page is handled by the WLC.
  In this example, a VLAN interface is created on a separate subnet on the WLC. Then, a separate Wireless LAN (WLAN)/Service Set Identifier (SSID) is created and configured with web passthrough, and it is mapped to this VLAN interface.
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116879-configure-wlc-00.html