Authentication methods

Similar Messages

• Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

  I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
  When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
  to use to log in   and after 3-5 second
   and return me the logon page with error message “Authentication failed” 
  I base my setup on the technet article
  http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
  I validated than all my certificate are valid and able to retrieve the crl
  I got in eventlog id 300
  The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
  Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
  Additional Data
  Exception details:
  Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
  ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
  correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  --- End of inner exception stack trace ---
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
  serializationContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
  trustNamespace, AsyncCallback callback, Object state)
  System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
  failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  thx
  Stef71

  This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
  on my case was :
  PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ad0001.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
  Certificate                 : [Subject]
                                  CN=domain.AD0001CA, DC=domain, DC=com
                                [Issuer]
                                  CN=domain.AD0001CA, DC=portal, DC=com
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  22/07/2014 11:32:05
                                [Not After]
                                  22/07/2024 11:42:00
                                [Thumbprint]
                                  blablabla
  Name                        : domain.ad0001
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : domain.ad0001
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17164
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ADFS_Signing.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
  Certificate                 : [Subject]
                                  CN=ADFS Signing - adfs.domain
                                [Issuer]
                                  CN=ADFS Signing - adfs.domain
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  23/07/2014 07:14:03
                                [Not After]
                                  23/07/2015 07:14:03
                                [Thumbprint]
                                  blablabla
  Name                        : Token Signing Cert
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : Token Signing Cert
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17184
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.PORTAL>

• Authentication failed because Outlook doesn't support any of the available authentication methods.

  When attempting to check and send email from my Mac via iCloud, I keep getting the error "Authentication failed because Outlook doesn't support any of the available authentication methods." I have change just about everything I can see available, but continue to get this message.
  I am able to send email via iCloud using my .Me and .Mac adresses, and that tells me that it is not able to store "sent emails" on iCluud and will store them loaclly on my computer. I can handle this, but whem going to iCloud Web page haave nothing withing the "sent" mailbox.
  Using OS 10.7.2, and Outlook 2011 version 14.1.3
  Thanks in advance......

  I got the following from the microsoft Web site. Also, the SMPT port must be overwriten. Use port 587
  This article contains information about the compatibility of Microsoft Outlook for Mac 2011 and Apple iCloud. Outlook for Mac 2011 does not support Apple iCloud calendar (CalDAV) and contact (CardDAV) synchronization.  Outlook for Mac 2011 does support iCloud Mail. For steps on how to configure your iCloud email account in Outlook for Mac 2011, go to the "More Information" section of this article. 
  To configure your Apple iCloud email account in Microsoft Outlook for Mac 2011, follow these steps:
  Start Outlook 2011.
  On the Tools menu, click Accounts.
  Click the plus sign in the lower-left corner, and then select E-mail.
  Enter your E-mail Address and Password, and then click Add Account.
  Note: The new account will appear in the left navigation pane of the Accounts dialog box.
  Enter one of the following in the Incoming server box:
  mail.me.com (for me.com mail addresses)
  mail.mac.com (for mac.com mail addresses)
  Click to select Use SSL to connect (recommended) under the Incoming server box.
  Enter one of the following in the Outgoing server box:
  smtp.me.com (for me.com mail addresses)
  smtp.mac.com (for mac.com mail addresses)
  Click to select Use SSL to connect (recommended) under the Outgoing server box.
  After you have entered the incoming and outgoing server information, Outlook 2011 will start to receive your email messages. 
  Note: You can click Advanced to enter additional settings, such as leaving a copy of each message on the server. 

• Authentication method for JCo connection in XSS installation

  Hi All,
  I have a query which perplexes me.  I am implementing XSS (ESS/MSS) on SAP Portal EP6 SR1 with an ECC5 backend for prototype purposes.
  When I follow SAP's help steps to setup JCo connections, it states that for the metadata connection you should use a security authentication method of 'User/Password', but for the application data connection you should use a security authentication method of 'Ticket'.
  Does anyone know why the difference in methods here?  Is it possible to use 'User/Password' for both?  Any thoughts would be appreciated.

  Hi john,
  User -ID /Pwd method can be used to access the backend for both types of Data as per your scenario.
  User -ID /Pwd method and logon tickets both can be used to access data in backend.
  The difference lies in the scenario with which you are accessing the back-end.
  If all your portal users are same as backend users then you can select Logon ticket methods.
  If they are going to be different then you need User-ID /Pwd method .
  Check the following link to get a clear picture:
  <a href="http://help.sap.com/saphelp_ep50sp2/helpdata/en/4d/dd9b9ce80311d5995500508b6b8b11/frameset.htm">Scenario to use type of SSO</a>
  Hope it helps.
  Regards,
  Vivekanandan

• NPS Authentication Methods - EAP Types

  We are moving from IAS to NPS and are configuring the policy like it was in IAS.  When we click on the Constraints tab > Authentication Methods > and then highlight Microsoft: Protected EAP (PEAP) and click Edit we get an error "The data is
  invalid".  How do we fix this error?  There are no errors in the event viewer for NPS.

  Hi MarkNDOR,
  Thanks for posting here.
  We’d suggest to smoothly migrate IAS to NPS with following the guide in the link below without manually recreate all polices, it was also included the
  Iasmigreader.exe utility which will help to transfer the IAS policies to NPS compatible file type:
  NPS Migration Guide
  http://technet.microsoft.com/en-us/library/ee791849(WS.10).aspx
  Thanks.
  Tiger Li
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Cisco ISE multiple EAP authentication methods question

  With Cisco ISE can you have various clients each using different EAP methods, such as PEAP for Windows machines, MD5 for legacy and TLS for others?
  My current efforts seem to fail as if a device gets a request from the ISE for an EAP method it doesnt understand it just times out.
  Thanks in advance.

  Multiple EAP Methods work fine. If your Clients are being crap you could try forcing then to use a specific set of Allowed Authentication Method by creating more specific Authentication rules.
  Sent from Cisco Technical Support iPad App

• User Authentication Method not found?

  I'm using OSX but a co-worker is running 9.2.2 and is having trouble accessing a server on the corporate Microsoft network.
  I can get to the server using OSX but when she selects the server (which does show up in the Chooser list) she gets an error message saying that "the User Authentication Method could not be found" and she should check the AppleTalk folder in her extensions folder. AppleTalk folder? Check it for what?
  What must we do to get access to the new server?
  Thanks.

  For OS 9 to talk to an MS server requires that the server has Client Services for Macintosh fired up and yes, sometimes also that the client Mac has a Microsoft User Authentication Module installed and configured.
  Microsoft says that without the MS UAM, she should still be able to
  Log on to the special Microsoft UAM Volume on the computer running Windows 2000 Server to access the MS UAM file.
  If she can't get that far and there are no other symptoms, the network administrator needs adjust the security settings on the server, or reinstall Client Services for Macintosh…
  Then drag the MS UAM file to your AppleShare(c) Folder in your System Folder. Instructions follow. (Users outside North America, see the "International Concerns" section later in the Release Notes before proceeding.)
  To gain access to the Microsoft Authentication files on the computer running Windows 2000 Server
  1. On the Macintosh Apple menu, click Chooser.
  2. Double-click the AppleShare icon, and then click the AppleTalk(c) zone in which the computer running Windows 2000 Server, with Services for Macintosh, resides. (Ask your system administrator if you're not sure of the zone.)
  3. From the list of file servers, select the Windows 2000 Server computer, and then click OK.
  4. Click the Registered User or Guest option, as appropriate, and then click OK.
  5. Click the Microsoft UAM Volume, and then click OK.
  6. Close the Chooser dialog box.
  To install the authentication files on the Macintosh workstation
  1. On the Macintosh Desktop, double-click the Microsoft UAM Volume.
  2. Locate the "MS UAM Installer" file on the Microsoft UAM Volume, then double-click it.
  3. Click Continue in the installer welcome screen.
  The installer will report whether the installation succeeded.
  If the installation has succeeded, when Macintosh users of this workstation connect to the Windows 2000 Server computer, they will be offered Microsoft Authentication.

• ASA to ACS: how to distinguish different authentication methods?

  I have SSL VPN Clients connecting to an ASA 5520 using RADIUS to a backend Cisco ACS. I want to support two authentication options for the clients. The first is a certificate combined with an Active Directory username & password. The second is a token-name & one-time-password.
  Setting these two authentication methods up on the ASA is no problem ... I can configure user selectable connection profiles that have the wanted authentication settings. The ACS can handle both the AD and token credentials.
  Here's the problem. I need to be able to distinguish on the ACS if a connection request was certificate authenticated or not. I don't want users choosing to do a token/OTP connection and then entering in their AD credentials instead. the ACS won't know that this AD authentication request wasn't properly combined with a certificate.
  I've used NAR settings in the past to control what user databases an AAA client can authentication against, however, if the two authentication methods are coming from the same AAA client (the ASA), what can I do?

  I guess this should be possible with a feature called NAP,( network access profiles). Here you can define which database to use for any specific request. We can filter request on the basis of attributes sent in the authentication request.
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/NAPs.html
  Regards,
  ~JG

• OAM - Authorization based on the authentication method

  We are using OAM 10g for a customer to protect a large number of web application. In order to access those applications a user can chose from several authentication methods (e.g. client certificate, SecureId and mobile TAN). All applications use the same cookie domain and OAM provides SSO to the user. The customer now wants to define access rules for each of the applications based on the chosen authentication method.
  In other words, he wants to have the flexibility to define rules such as the following:
  Application A: Only accessible with client certificates
  Application B: Only accessible with mobile TAN
  Application D: Only accessible with SecureId or mobile TAN
  Application E: Accessible with any authentication method
  In order to implement this with OAM we would have assign each authentication method a different authentication level and define authorization rules that depend on those authentication levels (maybe using a custom authorization plug-in). According to the OAM documentation it doesn't seem possible to reference the authentication level in a authorization rule.
  Does anyone know a way to implement these requirements.
  Any help is appreciated.
  Best regards,
  Donat

  This is how I think we can do this.
  Write Authentication plug-in which adds which authentication scheme was used to login to the application in one of the multivalued attribute in OID. Write Authorization plug-in also which checks this value and makes authentication decision.
  One more approach is, Create as many attributes in OID as number of authentication schemes you have. Each of them is a flag representing whether user is logged in with the authentication scheme or not. When user authenticates using an authentication scheme, turn on that flag. Also flush access server user profiles cache. In the authorization rule, use this flag to make authorization decisions. Using this approach, you do not have to write authorization plugin but this may not be scalable approach as you might have to create a new attribute in OID when new authentication scheme is added.
  You can also keep this information somewhere in database or flat file and use that information in authentication and authorization plugin.
  I hope one of this solutions will help you.
  Thanks
  Kiran Thakkar

• Wireless Security & Authentication methods

  Hi,
  I've some experience on WLAN Networks, but I would like to have your opinion around Wireless Security implemenations.
  We have several sites where we have some Cisco Access points running IOS. We are currently doing WEP 128b, with Mac-Authentication against a central ACS Server.
  But having fixed WEP, and mac registrations is not very practical.
  Do you know about any method to have authentication against Active Directory (passing through the Cisco ACS), and Dynamic WEP Keys ?
  Any recommendation is welcome.
  Of course with this we would like to bring up our level of security.
  Thanks a lot for all,
  Best Regards,
  Jorge

  802.1x/EAP authentication is the most popular authentication method in wireless. The following documents explain how to configure EAP authentication.
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801bd035.shtml
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c0912.shtml
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00805e7a13.shtml

• None of the available endpoints supports authentication methods user/pass

  Dear All
  i  create a destination in the ce7.1.but when i  test the destination in the ws navigator  ,but it cant not run ,  the error is:
  The destination [YHSendMessage02] supports the following authentication methods [User Name/Password (Basic)], but none of the available endpoints supports them. The supported authentication types are [None]. Either the destination has to be updated or a new endpoint should be used
  i test the ws in the navigator  dont used the destination ,it work well, so i think maybe some wrong in my ce  about the destination 'configuration.
  best regards

  The following message returned from SAP:
  Root of the problem is found. The problem occurs as PI WSDLs doesn't contain security settings. Lack of security settings breaks consumption of those services. I'm working on providing a fix to enable consumption of such services.
  Looking at a WSDL generated by PI (example):
  <wsp:Policy wsu:Id="OP_si_servicename"/>
  The policy contains no transportbinding or authentication methods at all.
  Looking at a WDSL generated by ECC (example):
  <wsp:Policy wsu:Id="BN_BN_si_ManageCustomizingCustomerService_binding">
        <saptrnbnd:OptimizedXMLTransfer uri="http://xml.sap.com/2006/11/esi/esp/binxml" wsp:Optional="true" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"/>
        <saptrnbnd:OptimizedXMLTransfer uri="http://www.w3.org/2004/08/soap/features/http-optimization" wsp:Optional="true" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"/>
        <wsp:ExactlyOne xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
           <wsp:All>
              <sp:TransportBinding>
                 <wsp:Policy>
                    <sp:TransportToken>
                       <wsp:Policy>
                          <sp:HttpsToken>
                             <wsp:Policy>
                                <sp:HttpBasicAuthentication/>
                             </wsp:Policy>
                          </sp:HttpsToken>
                       </wsp:Policy>
                    </sp:TransportToken>
                    <sp:AlgorithmSuite>
                       <wsp:Policy>
                          <sp:TripleDesRsa15/>
                       </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                       <wsp:Policy>
                          <sp:Strict/>
                       </wsp:Policy>
                    </sp:Layout>
                 </wsp:Policy>
              </sp:TransportBinding>
           </wsp:All>
        </wsp:ExactlyOne>
     </wsp:Policy>
  At the moment SAP is working on a fix to solve this problem.

• None of the authentication methods supported by this client are supported by your server.

  Dear Exchange Admin
  We have implemented exchange server .
  MAPI profile configuration in outlook is working fine.but when we try to configure POP3 in outlook ,without SMTP authentication it is fine.
  But when we enable SMTP authentication ,it is getting the following error
  "None of the authentication methods supported by this client are supported by your server.
  Kindly help
  Ashraf

  This worked for me today, as I had the same issue.
  I had to set encryption to TLS to get it to work, and the server names as yahoo.co.uk...
  In Outlook 2013, click File | Add Account.
  Select Manual setup or additional server types.
  Click Next.
  Select POP.
  Click Next.
  On the “Account Settings” page, enter your account settings:
  Your Name: The name you want to show when you send email.
  Email address: Your full Yahoo email address.
  Account Type: POP3
  Incoming Mail Server: pop.mail.yahoo.com
  Outgoing Mail Server: smtp.mail.yahoo.com
  User Name: Your Yahoo ID.
  Password: Your Yahoo account password.
  Leave the “Require logon using Secure Password Authentication” option unchecked.
  Click More Settings.
  Click the Outgoing Server tab.
  Select the My outgoing server (SMTP) requires authentication box.
  Click Use same settings as my incoming mail server.
  Click the Advanced tab. Enter advanced information:
  Incoming server (POP3) port: 995
  Select This server requires an encrypted connection (SSL).
  Outgoing server (SMTP) port: 465, 587, or 25
  Set the encryption type to SSL or TLS
  Set your desired server timeout and delivery options.
  - We recommend leaving a copy of messages on the server.
  Click OK.
  Restart Outlook.
  Click Send/Receive All Folders.
  You can now retrieve emails from your Yahoo Mail account in Outlook 2013.

• No option to change "Incoming server authentication method" to None on iPhone 6?

  I just upgraded to an iPhone 6 and did a restore from my 5......   Problem is my pop e-mail account won't connect....  It still connects on both my iPad and iPhone 5, both of which are iOS 8.  The only setting that differs between the two that work and my new iPhone is under the "Incoming server authentication method" setting.  On the working devices, nothing has a check mark.  On the new iPhone, "Password" is checked, and I can't find a way to uncheck it (there is no "none" option). 
  Surely I should be able to work around this?

  Hello 83preston,
  After reviewing your post, I have located an article that can help troubleshoot email issues. It contains a number of troubleshooting steps and helpful advice for the issue you are experiencing:
  Get help with Mail on iPhone, iPad, and iPod touch
  "Username or password is incorrect" with POP3 account
  Before you check your email on your iOS device, close any other email programs and close any webmail sites you may have open on another computer.
  To see if your account is a POP3 account, use the Mail Settings Lookup tool or follow these steps:
  Go to Settings > Mail, Contacts, Calendars and tap the account.
  Look for the label POP ACCOUNT INFORMATION.
  If your email provider offers IMAP, remove the POP3 account, then add the account with your provider's IMAP settings. POP3 communicates with one mail client at a time. If more than one mail client tries to connect, you might see a username or password error.
  Thank you for contributing to Apple Support Communities.
  Cheers,
  BobbyD

• NK5 AAA multiple authentication methods??

  It looks Nexus support only one type of authentication at same time
  aaa authentication login default group radius
  Doest it mean we  cannot chain various types authentication like
  aaa authentication login default group radius group tacasc+ none
  Is there any way how to do this??
  It would be bit strange not having this feature
  M.

  Hi,
  I've tried this before, but the ssh connection should go through one by one. line vty 0 -> 1 -> 2 -> 3 -> 4. If no one make the ssh connection before, the connection should on line vty 0. How to make the ssh conenction to specific line vty for particular authentication method? As mentioned before, the router can provide the solution to assiocate the line vty to rotary with different ssh listening ports. As similar solution or other approach for the switch to provide the same kind of services.
  Thanks.
  TL

• 2011 outlook gives the following error: "Authentication failed because Outlook doesn't support any of the available authentication methods."

  Upgraded my computer to 10.9.2 Mavericks and now my 2011 outlook gives the following error: "Authentication failed because Outlook doesn't support any of the available authentication methods."  Anybody know how to fix it?  Thank you.

  I got the following from the microsoft Web site. Also, the SMPT port must be overwriten. Use port 587
  This article contains information about the compatibility of Microsoft Outlook for Mac 2011 and Apple iCloud. Outlook for Mac 2011 does not support Apple iCloud calendar (CalDAV) and contact (CardDAV) synchronization.  Outlook for Mac 2011 does support iCloud Mail. For steps on how to configure your iCloud email account in Outlook for Mac 2011, go to the "More Information" section of this article. 
  To configure your Apple iCloud email account in Microsoft Outlook for Mac 2011, follow these steps:
  Start Outlook 2011.
  On the Tools menu, click Accounts.
  Click the plus sign in the lower-left corner, and then select E-mail.
  Enter your E-mail Address and Password, and then click Add Account.
  Note: The new account will appear in the left navigation pane of the Accounts dialog box.
  Enter one of the following in the Incoming server box:
  mail.me.com (for me.com mail addresses)
  mail.mac.com (for mac.com mail addresses)
  Click to select Use SSL to connect (recommended) under the Incoming server box.
  Enter one of the following in the Outgoing server box:
  smtp.me.com (for me.com mail addresses)
  smtp.mac.com (for mac.com mail addresses)
  Click to select Use SSL to connect (recommended) under the Outgoing server box.
  After you have entered the incoming and outgoing server information, Outlook 2011 will start to receive your email messages. 
  Note: You can click Advanced to enter additional settings, such as leaving a copy of each message on the server. 

• Custom authentication methods

  During the deployment of web application, you use the deployment descriptor to "tell" the browser how to retrieve user information. Therefor the <auth-method> is specified. Normally you use something like BASIC or FORM authentication.
  Is there a way to provide an own implementation of such an authentication method?
  Lets say you would like to create some kind of advanced authentication method called ADV_FORM to perform something like form authentication but with additional or other parameters on the logon web page...
  Can this be done without being some kind of god like Sun Microsystems core development team?
  Does anyone know some references for this matter?
  Any suggestion would be appreciated.
  Kurt

  Large static groups have always been a performance issue. While there is some [tuning |http://blogs.sun.com/DirectoryManager/entry/the_truth_about_nsslapd_search] that was introduced for DS 5.x to help with some specific search related problems, I can't guarantee that this will resolve the issue entirely.