Authentication on Forms

How does the whole authentication on Oracle Forms work?
DB: *10gR2*
FORMS: On AS10g; so I presume that's the version of Forms.
I can see the properties in FORMSWEB.CFG+
[htmlconfig]
userid=%H_Username%/%H_Password%@%H_DBalias%
When the Oracle Developer Forms Runtime launched, it automatically signs in the users with a pre-populated username, password and database. The username and password are in the database USERS tablespace.
But, I'm not sure how to set up the Forms to pre-populate to the Forms Runtime.
Any information is greatly appreciated.
thanks.
-andy-

The users are logging in using their own usernames and passwords. The users have different usernames; but with all the same passwords.
The current set up is able to recognize the users (either from AD login or something) and it pre-populate the usernames and passwords to the fields and login them in when the users double click Oracle Forms IE shortcut.
The question is how do I set up a new environment with exact same setup?

Similar Messages

  • Using Kerberos authentication on Forms and Reports version 11.1.2

    Hi
    I have configured Kerberos authentication for Forms on the server and it works fine, but I cannot get it to work for Reports.
    When I access the database for Forms I use a connect string that looks like this: /@tns_name The Forms server is running using a domain user and the database user is externally identified. It just works.
    I have tried the same for Reports but it is not accepted. In the URL I have written userid=/@tns_name and the Reports server then asks for user id and password with a pre filled tns_name. I have tried to put the userid parameter in cgicmd.dat but the result is the same. Even enabled SSO in rwservlet.properties using singlesignon>yes</singlesignon> but it just do not work.
    I have bounced the server every time I have made a change to be absolutely that the changes had taken effect.
    The question is: How do I tell the Reports server that I do not want to apply user id and password but just the tns_name, like /@tns_name
    I know Kerberos authentication is not an area that is well known and I have spent hours over the years to find out how to make the configuration work.

    Questions regarding version compabilities come up quite often, yet the answer is still the same: have a look at the certification matrix http://www.oracle.com/technetwork/developer-tools/forms/oracle-forms-11gr2certmatrix-519680.xls
    for installation instructions on your chosen platform have a look at the installation manual: http://docs.oracle.com/cd/E24269_01/doc.11120/e23960/toc.htm
    What do you plan to do with SOA suite? This isn't needed for forms&reports.
    cheers

  • Pb with 2nd Authentication using form.jsp (authentication example)

    Hi,
    I am using the example form.jsp to log on to my application. The first
    page (testsecurity.jsp) can be accessed by "everyone" and until this step everything
    goes fine, I manage to log on. From the testsecurity.jsp page there is a link
    to a jsp which can only
    be accessed by some users (I defined that in the policy file).
    Avan if I have identified myself through the form.jsp, before the 2nd page is
    displayed, I must log on again. When I give
    the same login and password as I gave for the first identification
    I can see the proper page.
    Do you have any idea about why I have to log on twice?
    Thanks
    Odile
    PS: I checked that, in the session, the attribute "javax.naming.InitialContext"
    is still present, if this has anything to do with the authentication..

    Hi,
    I am using the example form.jsp to log on to my application. The first
    page (testsecurity.jsp) can be accessed by "everyone" and until this step everything
    goes fine, I manage to log on. From the testsecurity.jsp page there is a link
    to a jsp which can only
    be accessed by some users (I defined that in the policy file).
    Avan if I have identified myself through the form.jsp, before the 2nd page is
    displayed, I must log on again. When I give
    the same login and password as I gave for the first identification
    I can see the proper page.
    Do you have any idea about why I have to log on twice?
    Thanks
    Odile
    PS: I checked that, in the session, the attribute "javax.naming.InitialContext"
    is still present, if this has anything to do with the authentication..

  • Can you enable both Windows Based Authentication and Forms Based Authenication for the same web application?

    Hello Community
        In WS2012 and SharePoint 2013 Server is it possible when creating a
    web application to enable both Windows Based Authentication/Negotiate
    (Kerberos) and enable Forms Based Authentication or does the web application
    use either one or the other?
        Thank you
        Shabeaut 

    Yes , you can use dual authentication on same web application. You can use same web application , at OOB login page you will have option to use windows or form login.
    Or you can extend your web application to a new web app and configure extended web application to use Form Based Authentication(Note extended web application will also show same content database , so the content will same only url will be different)
    http://blogs.technet.com/b/ptsblog/archive/2013/09/20/configuring-sharepoint-2013-forms-based-authentication-with-sqlmembershipprovider.aspx
    http://gj80blogtech.blogspot.in/2013/11/forms-based-authentication-fba-in.html
    Thanks
    Ganesh Jat [My Blog |
    LinkedIn | Twitter ]
    Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful.

  • MOBI SSO with trusted authentication and form based authentication

    Dear All,
    I am trying to configure Trusted authentication based SSO FOR MOBI, here are the details:
    - SAP BI 4.1 SP04
    - Trusted authentication with HTTP header configurred for BI Launchpad and working fine.
    Now to have SSO from Mobile, I plan to leverage the existing configuration of BI Launchpad and at Mobile level, I want to use authentication type as TRUSTED_AUTH_FORM, instead of TRUSTED_AUTH_BASIC, with the approach: Trusted authentication with HTTP header.
    And
    Provide our app users their X502 certs.
    1. Will the above approach work ??
    2. As per SAP NOTE: 2038165 - SSO using form based trusted auth gives with the SAP BI app for iOS gives error MOB00920 this does not work and is still under investigation from July last year ? So for any community member, has this been found working ??
    I would appreciate your valuable inputs.
    Regards,
    Sarvjot Singh

    Hi,
    According to your post, my understanding is that you want to know the difference of the SharePoint three type user authentications.
    Windows claims-based authentication uses your existing Windows authentication provider (Active Directory Domain Services [AD DS]) to validate the credentials of connecting clients. Use this authentication to allow AD DS-based accounts access to SharePoint
    resources. Authentication methods include NTLM, Kerberos, and Basic.
    Forms-based authentication can be used against credentials that are stored in an authentication provider that is available through the ASP.NET interface
    SAML token-based authentication in SharePoint 2013 requires coordination with administrators of a claims-based environment, whether it is your own internal environment or a partner environment.
    There is a good article contains all the SharePoint Authentications, including how they work and how to configure.
    http://sp77.blogspot.com/2014/02/authentication-in-sharepoint-2013_5.html#.VFcyQ_mUfkJ
    Thanks & Regards,
    Jason
    Jason Guo
    TechNet Community Support

  • Need Help -- Authentication without form

    Hi,
    I would connect to SGD by typing an url like what i do to connect to an application for example http://server/sgd/launcher.jsp?u=root&p=xxxxxxx&o=gnome-edit , but i didnt find a solution
    So can you help me?
    Thanks

    I have some questions about the java file .
    C:\\MyTCC C:\\MyTCC\\file.prt \???
    <TCC Location>: what is it? how can i find it????
    <Port File> same question
    Also i tryied to only authenticate via java code but i had many exceptions, the script was:
            IServiceLocator locator = new ServiceLocator("http://xxx.yyyy.com/");
            SessionBean session = new SessionBean(locator);
            try
                // Authenticate the session.
                session.authenticate("root", "xxxxxxx", "qwe", "en");
           }and the exception:
    Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/axis/encoding/SerializerFactory
            at com.tarantella.tta.webservices.client.apis.apache.ServiceLocator.getWebtopSession(ServiceLocator.java:347)
            at com.tarantella.tta.webservices.client.apis.apache.ServiceLocator.getWebtopSession(ServiceLocator.java:334)
            at com.tarantella.tta.webservices.client.views.SessionBean.authenticate(SessionBean.java:201)
            at javaapplication4.test.main(test.java:37)
    Caused by: java.lang.ClassNotFoundException: org.apache.axis.encoding.SerializerFactory
            at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
            at java.security.AccessController.doPrivileged(Native Method)
            at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
            at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
            ... 4 more
    Java Result: 1Edited by: Ben_midou on Jun 2, 2010 2:56 AM

  • Site is not configured for Claims Forms Authentication

    Hi All
    I have one custom login page for my Sharepoint 2013 site where i am trying to use
    SPClaimsUtility.AuthenticateFormsUser(uri, strUserName, strPwd);
    But i am getting this exception ---> Site is not configured for Claims Forms Authentication
    I checked ULS long and there it is --> Not in claims forms auth for url 'https://domain/sitecollection/'.
    Web.config enteries are 
    <authentication mode="Forms">
          <forms loginUrl="/_layouts/TarsForwardLogin.aspx" />
        </authentication>
    <membership defaultProvider="i">
          <providers>
            <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
            <add name="membership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" connectionUsername="cn=sharepointadmin,ou=GSP,ou=Applications,o=TOYOTA"
    connectionPassword="spad1n2" server="10.100.5.119" port="389" useSSL="false" userDNAttribute="entryDN" userNameAttribute="cn" userContainer="o=toyota" userObjectClass="Inetorgperson"
    userFilter="(ObjectClass=Inetorgperson)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn,fullname,language,mail" enablePasswordReset="false" enablePasswordRetrieval="false" passwordFormat="Clear"
    requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
          </providers>
        </membership>
        <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
          <providers>
            <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
     <add name="rolemanager" connectionUsername="cn=sharepointadmin,ou=GSP,ou=Applications,o=TOYOTA" connectionPassword="spad1n2" type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=15.0.0.0,
    Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="10.100.5.119" port="389" useSSL="false" groupContainer="ou=groups,ou=GSP,ou=Applications,o=toyota" groupNameAttribute="cn" groupMemberAttribute="member"
    userContainer="o=toyota" userNameAttribute="cn" userDNAttribute="entryDN" dnAttribute="entryDN" groupFilter="(ObjectClass=groupOfNames)" userFilter="(ObjectClass=Inetorgperson)" scope="Subtree"
    />     
    </providers>
        </roleManager>
    Can
    someone please help/Guide
    Manoj Gangwar | Sharepoint MCPD | Sharepoint MCTS |

    Hi All
    I tried like this and it worked...
    SPIisSettings iisSettings = SPContext.Current.Site.WebApplication.IisSettings[SPUrlZone.Internet];
    SPFormsAuthenticationProvider formsClaimsAuthenticationProvider = iisSettings.FormsClaimsAuthenticationProvider;
    SecurityToken token = SPSecurityContext.SecurityTokenForFormsAuthentication(new Uri(SPContext.Current.Web.Url),
    formsClaimsAuthenticationProvider.MembershipProvider, formsClaimsAuthenticationProvider.RoleProvider, strUserName, "", SPFormsAuthenticationOption.PersistentSignInRequest);
    if (null != token)
    base.EstablishSessionWithToken(token, SPSessionTokenWriteType.WriteSessionCookie);
    base.RedirectToSuccessUrl();
    Manoj Gangwar | Sharepoint MCPD | Sharepoint MCTS |

  • FORM based Authentication issue on Sun ONE AS7

    I am trying to use FORM based authentication for a web module I created, and can not get it to work. I have registered the roles through the admin console of the server, and adjusted the web.xml. When I try to use BASIC authentication, I get a 'Authentication refused for []' message before I even log in, and another one after I do. When I use FORM authentication, the URL points to my login.jsp page (no matter what I put in the path, which is what is supposed to happen), however my default servlet (hello.java) is actually run, and the login.jsp page never comes up. I created my jsps and servlet in the mounted [ejb]_WebModule. Please let me know if something seems incorrect here, or if you can think of something I should check...I can't find anything out there to help me.
    Here is my web.xml:
    <web-app>
    <display-name>DiningGuideManager_TestApp</display-name>
    <servlet>
    <servlet-name>front</servlet-name>
    <servlet-class>data.DiningGuideManager_WebModule.hello</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>myPage</servlet-name>
    <jsp-file>/myPage.jsp</jsp-file>
    </servlet>
    <servlet-mapping>
    <servlet-name>front</servlet-name>
    <url-pattern>/*</url-pattern>
    </servlet-mapping>
    <session-config>
    <session-timeout>30</session-timeout>
    </session-config>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Security</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>Me</role-name>
    <role-name>EveryoneElse</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>default</realm-name>
    </login-config>
    <security-role>
    <role-name>Me</role-name>
    </security-role>
    <security-role>
    <role-name>EveryoneElse</role-name>
    </security-role>
    <ejb-ref>
    <ejb-ref-name>ejb/TestedEJB</ejb-ref-name>
    <ejb-ref-type>Session</ejb-ref-type>
    <home>data.DiningGuideManagerHome</home>
    <remote>data.DiningGuideManager</remote>
    <ejb-link>DiningGuideManager</ejb-link>
    </ejb-ref>
    </web-app>
    for FORM authentication I have this:
    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>default</realm-name>
    <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
    </login-config>
    Thanks,
    Michelle

    Yes there's a default generated index.jsp page that I'm having trouble overriding with one of my own. Have you used Form Based Authentication before? To do so you have edit the WEB-INF/web.xml file by adding:
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Secure Area</web-resource-name>
    <url-pattern>/test/secure/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>admin</role-name>
    </auth-constraint>      
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/test/secure/loginpage.jsp</form-login-page>
    <form-error-page>/test/secure/errorpage.jsp</form-error-page>
    </form-login-config>
    </login-config>
    When you attempt to first go to any page in my /test/secure/ directory you get redirected to the /test/secure/loginpage.jsp where you have to login as a tomcat user, when succesfully logged on you get redirected to an index.jsp page which is NOT the one I created in test/secure/index.jsp. Even when I type in the url to go to my own test/secure/index.jsp I still don't get my own one that exists there, but instead get the default one that's generated that displays:
    "Authentication Mechanism FORM".
    Hope that makes more sense.
    I've tried restarting tomcat but it makes no difference.

  • Error in form based authentication

    Hi all,
    i want 2 implement form based authentication to a dummy resource in iis.
    first i created authentication as
    Challenge Method Form
    Challenge Parameter passthrough: no
    creds: usernamevar passwordvar
    action: /access/oblix/apps/webgate/bin/webgate.dll
    form: /public/login.html
    SSL Required No
    Challenge Redirect
    Enabled Yes
    and configured a policy domain for a dummy resource test.html with form authentication schema. i kept that in a folder 'access' which was placed in iis. i mentioned the action attribute to '/access/test.html' in login.html through which i want to do authentication.
    but when i am accessing http://*...*/test.html
    i am getting http 404 error.
    can anyone help me.
    Thank you

    Hi,
    thanks for ur response. i make some changes to my configuration which was given in previous post. now i configured as follows:
    i kept my test.html and login.html in the iis root folder. and i defined my policy as follows:
    Name : form (policy name)
    Enabled : Yes
    Resource Resource Type :http
    URL Prefix : /test.html
    Description
    Authorization Rules Name ---- Form authorization
    Description ---
    Enabled --- Yes
    Allow takes precedence ----Yes
    Allow Access Role---- Any one
    Default Rules
    Authentication Rule
    name of the authentication: policy form authentication
    Authentication Scheme : Form authentication -----------------which was created in Access system console
    Authorization Expression
    Expression : Form authorization
    Duplicate Actions: No policy defined for this Authorization Expression. The Access System level default policy for dealing with duplicate action headers will be employed.
    Audit Rule
    There is no Audit Rule defined.
    Policy Name : form policy
    Description :
    Resource Type: http
    Resource Operation(s) : POST
    GET
    Resource : all
    Authentication Rule
    policy auth. rule
    Authentication Scheme Form authentication
    Authorization Expression
    There is no Authorization Expression defined.
    Audit Rule
    There is no Audit Rule defined.
    Delegated Access Admins Delegate Rights
    People Administrator
    Grant Rights
    There are no Delegated Access Admins with this right.
    Basic Rights
    There are no Delegated Access Admins with this right.
    and i also created login.html with a method 'post' and pointed out the action to '/access/oblix/apps/webgate/bin/webgate.dll' . i placed it in IIS root folder.
    now my auth. schema is as follows.
    form: /login.html action:/access/oblix/apps/webgate/bin/webgate.dll passthrough: no creds: usernamevar passwordvar (which are names of fields in login.html)
    and the plugin mapping is as follows:
    credential_mapping:obMappingBase="cn=users,dc=orademo,dc=com", obMappingFilter="(&(&(objectclass=User)(sAMAccountName=%usernamevar%) )(|(!(obuseraccountcontrol=*))(obuseraccountcontrol=ACTIVATED)) )"
    validate_password: obCredentialPassword="passwordvar"
    so when i am accessing http://<hostname>/test.html
    it is giving popup window like basic auth. schema. i am not getting my login page. and in that even i am logging as admin . it is saying unauthorized user.
    please help me how to configure it.
    Edited by: new2idm on Feb 17, 2010 9:19 PM
    Edited by: new2idm on Feb 17, 2010 9:19 PM

  • Federated authentication application that also reads Forms cookie

    At our company we are planning to move our IIS applications from forms based authentication to federated authentication. We want to move one application first (big bang is difficult). All applications currently share a forms cookie (in the same domain,
    same IIS server). I am looking for a way to move one application to federated authentication while still supporting users that are logged in with forms authentication.
    I am thinking about the following scenario's:
    IIS application 'A' has federated authentication configured (ADFS)
    IIS application 'B' has forms authentication.
    User request page in iis app 'A'   -> authentication mechanism checks if a forms cookie from app 'B' exists. (form cookie exists because user has already logged in via username/password webform in app 'B')
    If yes, the info in this cookie is used to build a valid claim (custom code), federated cookie is set with  this claim.  User session can start 
    If no, claim is obtained via ADFS server, federated cookie is set with claim. User can start session.
    In this way, users that are authenticated via Forms authenticated are supported in an application that is configured for ADFS claims. That gives us the possibility to gradually move all users from our custom security system (based on .net forms) to AD.
    How can this be done?
    Bert-Jan

    The legacy forms logon (non-federated) with the cookie is independent of the federated logon process. You can always stand-up a separate IIS website (federated) to point to your application in a side-by-side capacity, thereby meeting the requirement for
    federated logon (assuming the application supports that) and legacy forms, but crossing trust boundaries between the legacy and federated logon for SSO purposes is not possible OOTB. If you want AD FS to issue claims from the "classic" forms logon
    alternate, then that forms logon provider would need to also be a trusted claims provider and possess its own Security Token Service. In general I try, and emphasis on the word try ;-), to shy away from customizing AD FS logon screens, primarily because it
    can come back and bite you. While AD FS 2.0 provided some latitude for these sorts of practices, AD FS 3.0 (and beyond) does not ...
    http://blog.auth360.net

  • Form Based Authentication on Tomcat with custom index.jsp page...

    Hi there ppl,
    I've got Form Based Authentication working correctly on my Tomcat server but I want to override the default generated index.jsp after successfully logging on. I've tried placing my own index.jsp in the directory that's restricted, but its only overridden by the default one when successfully logged on which displays:
    "Authentication Mechanism FORM"
    This means having to navigate by typing the url in the address bar to another page which is gets really annoying afterawhile.
    Any help on this would be much appreciated,
    thanks already

    Yes there's a default generated index.jsp page that I'm having trouble overriding with one of my own. Have you used Form Based Authentication before? To do so you have edit the WEB-INF/web.xml file by adding:
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Secure Area</web-resource-name>
    <url-pattern>/test/secure/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>admin</role-name>
    </auth-constraint>      
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/test/secure/loginpage.jsp</form-login-page>
    <form-error-page>/test/secure/errorpage.jsp</form-error-page>
    </form-login-config>
    </login-config>
    When you attempt to first go to any page in my /test/secure/ directory you get redirected to the /test/secure/loginpage.jsp where you have to login as a tomcat user, when succesfully logged on you get redirected to an index.jsp page which is NOT the one I created in test/secure/index.jsp. Even when I type in the url to go to my own test/secure/index.jsp I still don't get my own one that exists there, but instead get the default one that's generated that displays:
    "Authentication Mechanism FORM".
    Hope that makes more sense.
    I've tried restarting tomcat but it makes no difference.

  • SharePoint 2010 with LDAP authentication, using NOVELL eDirectory

    One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
    Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
    I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
    In the Membership provider name text box I entered "LdapMember"
    In the Role provider name  text box I entered "LdapRole"
    In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="((ObjectClass=group)"
    userFilter="((ObjectClass=person)"
    scope="Subtree" />
    </providers>
    </roleManager>
    I modified the SecurityTokenServiceApplication web.config with these details
    <system.web>
    <membership>
    <providers>
    <add name="LdapMemebr"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true">
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    </system.web>
    I modified the web.config of the test application I created with these details
    <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
    <providers>
    <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="cn"
    dnAttribute="dn"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    <membership defaultProvider="i">
    <providers>
    <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    useDNAttribute="true"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
    The server could not sign you in. Make sure your user name and password are correct, and then try again.
    I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
    8306 - SharePoint Foundation - The security token username and password could not be validated.
    in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
    then this:
    Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
    at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
    I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
    The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
    The LDAP server tells the SharePoint server it is ready to communicate
    the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
    The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
    The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
    The SharePoint server acknowledges the connection is closing
    ... and then nothing happens, except the error on SharePoint
    What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
    specified in the web.config). That part does not seem to be happening.
    I am at a standstill on this and any help would be greatly appreciated.

    OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
    is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
    for enabling Forms Based Authentication:
    "ASP.NET Membership provider name"
    "ASP.NET Role manager name"
    We entered a name for Membership provider, and left Role manager blank.
    In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword="validpassword"
    useDNAttribute="false"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager>
    <providers>
    </providers>
    </roleManager>
    useDNAttribute="false" turned out to be important as well.
    So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
    leave anything related to the role provider blank
    configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
    Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
    Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
    a non-existent role manager.

  • How to remove login form for iView in portal

    Hi,
    I have created a workset in portal which provides links for various BI reports. In the properties of each page for report I set the property to lunch it in headerless window.
    When I login with test user and click on link for report its asking for userID password again. Once I login, it opens the report and it doesnt ask for other reports. If I logoff and close the browser and open in new browser its again ask's for user ID password when I open the report for first time.
    Could any one let me know the solution how to avaoid the login form  on clicking the link for BI report configured in workset.
    It is working fine for me in Dev and QA system, recently we did transport to Trainign system and I am facing this issue only in training system.
    Regards,
    Ravi.

    Hi,
    I dont want that login page to appear again. evan for the first time.
    The login page should apper only once that too while loging into portal. once I enter into workset and click on link for report which is launched in new window should not ask for login again.
    Its happening in my training system, which is not used to be in my dev and QA system.
    I need solution to show the report directly with out asking for authentication(login form) once again on clickig the link for report in workset.
    Regards,
    Ravi.

  • REST call from PDf form returns error

    I have created a very simple process that allows a user to enter data into a PDF form and submit the form for archiving.  In the process I have used LC Output to flatten the PDF and I am using the Sharepoint connector to create and archive the document. 
    When I do this from the LC Workspace it works no problem.  I can go out the SharePoint and see that archive document and all of the data is there.  I now want to be able to host the form in another location and have the same functionality.  To do this I have change the submit button on the form so that it makes a REST call to the LC server in order to call the correct process.  To be sure that I had the right URL for the REST call I took it right out of the Adminui.
    I have tested the URL in a browser and the process kicks off no problems.  The issue is when I place the URL in a submit button and try to submit the form I get a message box back stating that there was an invalid server response and nothing happens.  I am not sure but I do not think that it is even getting to the LC server.
    I am using LC ES2 and opening the form in Acrobat 9.5.1.  As mentioned it is a very simple process as I am just trying to prove out that a LC process can be invoked using a REST call from a PDF.

    Hey Amr,
    thanks for your feedback. Let me write down some more facts about my environment so we might be able to track down what's going wrong:
    - Virtual PC using Windows Server 2012
    - SharePoint 2013 with September CU
    - Compatibility Level 15 Webapplication using Default "Claims Based Authentication" with form based authentication activated
    - Visual Studio 2013 Console Application .NET 4.5 x64 Build Target
    Writing down what my base configuration is seems to have brought light into the dark. As soon as I deactivated FBA authentication I was able to execute the request without any problems. So now I know what I have to look for. Thank you!
    Regards Andreas MCPD SharePoint 2010. Please remember to mark your question as "answered"/"Vote helpful" if this solves/helps your problem.

  • Usage Tracking - Access problem when Authentication Mode = Windows

    Hi Everyone,
    I´m working on UPK Usage Tracking configuration, in order to provide the finished training material.
    1) In Server01 (on Window Server 2003) the UPK Usage Tracking is installed
    2) In Server02 (also on Windows Server 2003) the Usage Tracking database is installed
    3) By accessing the configuration file (http://Server01/ODSTrack/configuration/setup.aspx) on Server01,I setup the Authentication Mode = Forms
    Note: The rest of the configurations were done.
    4) Once the configuration from step 3 is done, I execute the traning material (on Server01) from another node of the windows network
    and as a result I´m able to perform it.
    5) I access the Statistc data on Server01 by accessing the file (http://Server01/ODSTrack/admin/default.aspx)and I´m also able to see the results.
    6) When I execute the step 3 but with Authentication Mode = Windows, and including the GROUP name (windows group specially created for this goal where my user is included),
    - I still have access to the training material (step 4)
    - I have NO aceess to the statistics data any more (step 5) and the following message is display
    "You do not have permission to access this page. Please contact your Usage Tracking Server Administrator to update your permissions. "
    I don´t know what else I can do, and I wonder if some other configurations need to be done at windows network and/or explorer lever or any other.
    Any help would be appreciated.
    Best Regards//
    Rubén Zamudio

    Hi All,
    This problem was solved by reconfiguring Usage Tracking in the authentication method (was anonymous and the solution was Windows integrated).
    It is important to count on people from your organization working on Networks with some knowledge in IIS.
    Best Regards
    Ruben

Maybe you are looking for