Authentification

How I manage the Authentification on jdeveloper ADF BC not web application
Message was edited by: weld balha
user570712
Message was edited by:
user570712

http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
and
http://www.oracle.com/technology/products/jdev/howtos/1013/oc4jjaas/oc4j_jaas_login_module.htm

Similar Messages

SSO (trusted authentification?) not working after update SAP BO 4.0 to SAP BO 4.1

Dear experts,
After update SAP BO 4.0 SP05 to SAP BO 4.1 SP04 we have the problem with SSO to http://<boserver>/BOE/BI.
Our environment:
SAP BO 4.1 running on AIX 6.1, integrated Tomcat7, one server (no cluster)
In fact, tomcat is able to communicate with AD, in debug mode I see
[DEBUG] Mon Aug 04 14:57:23 CEST 2014 jcsi.kerberos: ** credentials obtained .. ** messages.
BUT after starting http://bodev.vse.sk/BOE/BI logon page to BI launchpad is comming, no SSO action.
Our custom properties files:
global.properties
sso.enabled=true
trusted.auth.user.retrieval=REMOTE_USER
siteminder.enabled=false
vintela.enabled=true
idm.realm=AD.VSE.SK
idm.princ=krbbod
idm.allowS4U=true
idm.allowUnsecured=true
idm.allowNTLM=false
idm.logger.name=simple
idm.logger.props=error-log.properties
idm.keytab=/home/bodadm/keytab/krbbod.keytab
BIlaunchpad.properties
authentication.visible=true
cms.visible=true
sso.types.and.order=vintela
(last line I added after reading some discussions, but it didn't solve the problem)
After update I've generated the new TrustedPrincipal.conf and saved it into /usr/sap/sap_bobj/enterprise_xi40/aix_rs6000 (also using -Dbobj.trustedauth.home=/usr/sap/sap_bobj/enterprise_xi40/aix_rs6000 in JAVA_OPTS), but it didn't help.
Before update to 4.1, SSO was working without problems.
Can you help me?
How can I be sure, that tomcat is passing the correct username and using the shared secret from TrustedPrincipal.conf when logging to CMS? Is it possible to debug it?
Best regards,
Slavomir Kysel

Hello Raunak,
QUERY_STRING was working fine, so I saw that trusted authentification and TrustedPrincipal.conf are OK.
I activated trace log for BI launch pad and checked what's going on during SSO logging.
After some playing with parameters and reading discussions to similar problems I came to the conclusion and finally I've solved my SSO problem. Magic word is trustedVintela.
Here is my new properties files:
global.properties
#sso.enabled=true
#trusted.auth.user.retrieval=REMOTE_USER
#siteminder.enabled=false
#vintela.enabled=true
idm.realm=AD.VSE.SK
idm.princ=krbbod
idm.allowS4U=true
idm.allowUnsecured=true
idm.allowNTLM=false
idm.logger.name=simple
idm.logger.props=error-log.properties
idm.keytab=/home/bodadm/keytab/krbbod.keytab
BIlaunchpad.properties
authentication.visible=true
authentication.default=secLDAP
sso.types.and.order=trustedVintela
Legacy SSO settings in global.properties are not any more needed when using new parameter sso.types.and.order=trustedVintela in BIlaunchpad.properties.
This is working SSO configuration on our installation: SAP BO 4.1 SP04 Patch1 on AIX, authentication secLDAP, trusted authentication is enabled.
Best regards,
Slavomir Kysel

How do I turn off authentification on a brand new Mac Book Pro

How do I turn off authentification on a brand new Mac Book Pro?

Every time my husband does something like change the name of a file, he has to put in an authentification password.

Authentification does not appear

Dear all,
have set up the trial version of flash access 2.0. But at the ent I run into a problem: The media I stream into the player does not have an authentification mask. First of all the facts:
1.) I set up the the REferencimplementation of the license Server - works fine and http://ip.adress.com/flashaccess/license/v1 says License Server is setup correctly
2.) I created a file test_pol according to the document "protect Content.pdf"
3.) I packaged a file (xyz.f4v) file with the command line packager.
4) Now I trying to stream the packaged version (xyz_pack.f4v ) via our web application and the OSMF-Player.
5.) It is buffering ... and buffering ... and buffering - noithing else happens, but the file is only 5 seconds, so that can't be it.
6.) The only indication that I have is, that it says in the AdobeFlashAccess.log that the Packager Thread is not started because it doesn't find the *.pfx file.
- Fisrt of all I do not understand that,cause the path it is looking at the file is there!
- second I thought the license server is fine since it gaves the right message (according to 1.)
7.) The setup is based on an earlier trial setup with an older certificate. I needed to reactivate the certificate because it wasn't valid anymore and actually just rebuild the certificates and changed them.
Is there any log file I need to have a look to. What else could be the reason for that?
Thans for any help!!
A

Dear Wang,
thanks a lot for your input!
Here my answers to your questions:
- Have you ever played any encrypted content on your computer?
=> Yes I did with the older certificates
If not, please try to play the default content in http://drmtest.adobe.com/SVP/SampleVideoPlayer_FP.html and see what happens. Please remember to check the "show DRM events" check box.
=> I tried that. It didn't play and it said in the messagebox for the events:
What does that mean?
BTW, are you using Flash Player? If yes, what is the version number of it?
=> Yes I am using Flashplayer, I have version 10,1,53,64
I am looking forward to your help!
Thanks
Alex

Windows authentification while consuming web service from ABAP

Hi All,
We are consuming web service from ABAP, we have created client proxy in SE80 and configured logical port in LPCONFIG.
This one was working fine. Now we have added windows user authentification to access this service.
Now when I'm trying to regenerate this proxy in R/3 it is asking for user and password. When I enter these details this one is not working.
If I access this service direcly from internet explorer and I enter same user and password then I would able to access this service.
Could you please let me know how to handle this.
Regards
Vikram

The dialog that is produced by HTTP Destination object of the logical port is designed only for use within Classic Dynpro applications. There is no prompt produced when running in Web Dynpro. If possible assign a generic user within the logical port definition and this will be used automatically by all users.

Web session and authentification session pb with wl6.0

Hi,
I am evaluating weblogic 6.0 on windows 2000.
I have a little web application, with some URL (html, servlet...), I want to protect.
So I defined a <security-constraint> element in my web.xml
file, and I binded the logical roles with real participant in
weblogic.xml
It works very well at startup. I launch a browser, request a protected URL and the
authentification window popup. I enter valid info and I can access my URL.
Perfect.
Now I want to give the possibility to my user to terminate a session, to disconmect,
so I had a button, (disconnect) which invoque a servlet which get the current session
and invalidate it.
I checked, the session is destroyed and a new one is defined (new ID, new counter...),
but my user are still connected. It means that if I want to acces a protected URL,
I still can do it.
more strange. In both a secured and unsecured page I print the User Principal. When
I connect, the two pages print the same and right value.
But if I disconnect, the unsecured page print null(no connection for this session)
and the secured page print the principal I used to connect in the previous message.
I know this message is a little bit long, but I tried to give the cleares context.
Has anyone ancountered that kind of problem? Is there a solution.
I pass the test with netscape 4.76, netscape 6.01, Internet Explorer 5.50. I got
the same behavior each time...
Thanks
Nicolas

If you use a Form to authenticate then the browser is unaware of the
username and password. The PetStore demonstrates how it's done in
..\samples\petStore\source\com\bea\estore\util\WLSecurityAdapter.java
"Nicolas GANDRIAU" <[email protected]> wrote in message
news:[email protected]...
>
Hi John,
thank you for your answer. It confirmed my first guess, that the
browser keep the secret info and send them back to the server.
The server does not make any attachment with the current session.
But you talk about a "ServletAuthentication" example which presents theway to bind
the login info in the session. I have not found this servlet, in weblogic6.0 distribution
or J2EE API.
Can you give me the exact reference of this servlet.
Thank you for your help.
Nicolas
"John Lindwall" <[email protected]> wrote:
Nicolas,
It is my understanding that the authentication information for this
scenario
(ie HTTP BASIC authentication) is not contained in the session -- it is
maintained by the browser and resent with every request. That is why
invalidating the session makes no difference. If you have a HTTPsnooping
utility you will see the "Authorization" information (albeit encodedusing
BASE64) present in the requests from your browser to the server.
FYI: I've noticed that by using the ServletAuthentication class tomanually
perform authentication, it DOES in fact store the authentication info in
the
session. There is a "done()" method in this class which removes thisinfo
from the session (ie performs a logout).
If this link reproduces properly, check it out -- it's a good simple
explanation of what's going on:
http://www.support.lotus.com/sims2.nsf/852561c1006719a98525614100588964/877
a
0ac029a78f8a8525645f0069a34d?OpenDocument
For tons of detail on BASIC authentication see
ftp://ftp.isi.edu/in-notes/rfc2617.txt
John
Nicolas GANDRIAU <[email protected]> wrote in message
news:[email protected]...
Hi,
I am evaluating weblogic 6.0 on windows 2000.
I have a little web application, with some URL (html, servlet...), I
want
to protect.
So I defined a <security-constraint> element in my web.xml
file, and I binded the logical roles with real participant in
weblogic.xml
It works very well at startup. I launch a browser, request a protectedURL
and the
authentification window popup. I enter valid info and I can access myURL.
Perfect.
Now I want to give the possibility to my user to terminate a session,to
disconmect,
so I had a button, (disconnect) which invoque a servlet which get thecurrent session
and invalidate it.
I checked, the session is destroyed and a new one is defined (new ID,new
counter...),
but my user are still connected. It means that if I want to acces aprotected URL,
I still can do it.
more strange. In both a secured and unsecured page I print the UserPrincipal. When
I connect, the two pages print the same and right value.
But if I disconnect, the unsecured page print null(no connection for
this
session)
and the secured page print the principal I used to connect in the
previous
message.
I know this message is a little bit long, but I tried to give the
cleares
context.
Has anyone ancountered that kind of problem? Is there a solution.
I pass the test with netscape 4.76, netscape 6.01, Internet Explorer
5.50.
I got
the same behavior each time...
Thanks
Nicolas

I need a mail server without SMTP authentification. Which is the right one? Or how to configure OSX Lions Mailserver?

Hello folks,
our HP Scanner with email delivery is one the most used pieces of hardware in our office. Just scan and get delivered to your inbox. That works easy and perfect.
Unfortunately we had to change our standard mail server and now a prerequsisite is the smtp authentification. But the HP admin interface on the scanner does not allow to enter smtp auth credentials. It only supports smtp delivery without username/password. Now I have a serious problem. I cannot find any external provider that supports smtp mail delivery without smtp authentification (against spam of course, I understand that).
I have a OSX Lion Server running as a file server in our network. But I have no clue if there's a way to use it's mailserver without smtp auth.
Is there anyone who can help me out?
Cheers,
Joo-Chen

I have a OSX Lion Server running as a file server in our network. But I have no clue if there's a way to use it's mailserver without smtp auth.
Sure. Turn it on.
The default mode is to not require authentication. You have to turn on authentication if you want it.
Changing authentication on/off is a matter of clicking a radio button.

How to use a Socks5 Proxy with authentification only on specified sites? Any Addons?

Hey, I want to use a Socks5 proxy that requires authentification but only on specified sites.
Unfortunately, Foxyproxy does not support such proxies.
Is there an addon or some hidden Firefox feature that allows this?

Thanks for the suggestion but I'm looking for a convenient way to avoid blocked content on YouTube and co. I figured this would be superior to all those unblocker extensions since I have access to a fast proxy anyway.

Slim authentification

Slim authentification doesn't work for me. After entering the password,
it goes back and prompts me for the username again. This happens for
the right username/password combination, as well as for wrong passwords
and/or users.
I start slim in deamon mode. X itself works, when i start it with startx.
Another issue: when i try to preview the slim themes as suggested in the
wiki with
$ slim -p /usr/share/slim/themes/<theme name>
i get the following error:
slim: could not open display ':0.0'
No X server is running at this point.

There we go.
.xinitrc:
#!/bin/sh
# ~/.xinitrc
# Executed by startx (run your window manager from here)
# exec gnome-session
# exec startkde
# exec startxfce4
# ...or the Window Manager of your choice
exec awesome
and slim.conf:
# Path, X server and arguments (if needed)
# Note: -xauth $authfile is automatically appended
default_path ./:/bin:/usr/bin:/usr/local/bin
default_xserver /usr/bin/X
xserver_arguments -nolisten tcp vt07
# Commands for halt, login, etc.
halt_cmd /sbin/shutdown -h now
reboot_cmd /sbin/shutdown -r now
console_cmd /usr/bin/xterm -C -fg white -bg black +sb -T "Console login" -e /bin/sh -c "/bin/cat /etc/issue; exec /bin/login"
#suspend_cmd /usr/sbin/suspend
# Full path to the xauth binary
xauth_path /usr/bin/xauth
# Xauth file for server
authfile /var/run/slim.auth
# Activate numlock when slim starts. Valid values: on|off
# numlock on
# Hide the mouse cursor (note: does not work with some WMs).
# Valid values: true|false
# hidecursor false
# This command is executed after a succesful login.
# you can place the %session and %theme variables
# to handle launching of specific commands in .xinitrc
# depending of chosen session and slim theme
# NOTE: if your system does not have bash you need
# to adjust the command according to your preferred shell,
# i.e. for freebsd use:
# login_cmd exec /bin/sh - ~/.xinitrc %session
login_cmd exec /bin/bash -login ~/.xinitrc %session
# Commands executed when starting and exiting a session.
# They can be used for registering a X11 session with
# sessreg. You can use the %user variable
# sessionstart_cmd some command
# sessionstop_cmd some command
# Start in daemon mode. Valid values: yes | no
# Note that this can be overriden by the command line
# options "-d" and "-nodaemon"
# daemon yes
# Available sessions (first one is the default).
# The current chosen session name is replaced in the login_cmd
# above, so your login command can handle different sessions.
# see the xinitrc.sample file shipped with slim sources
sessions awesome
# Executed when pressing F11 (requires imagemagick)
screenshot_cmd import -window root /slim.png
# welcome message. Available variables: %host, %domain
welcome_msg Welcome to %host
# Session message. Prepended to the session name when pressing F1
# session_msg Session:
# shutdown / reboot messages
shutdown_msg The system is halting...
reboot_msg The system is rebooting...
# default user, leave blank or remove this line
# for avoid pre-loading the username.
#default_user simone
# Focus the password field on start when default_user is set
# Set to "yes" to enable this feature
#focus_password no
# Automatically login the default user (without entering
# the password. Set to "yes" to enable this feature
#auto_login no
# current theme, use comma separated list to specify a set to
# randomly choose from
current_theme archlinux-simplyblack
# Lock file
lockfile /var/lock/slim.lock
# Log file
logfile /var/log/slim.log

RMI with SSL server authentification

Hello,
It is possible to implement a RMI over SSL client /server with only server authentification ?
I'have got currently a RMI SSL client/server with mutual authentification. It includes that client must have a keystore but i don't want that.
If anybody has an idea, its welcome.
tjm

Indeed i 'm working to implement a keustorespi for the keystore and i would like
In fact I'm working to implement myself a keystorespi for the keystore and I would like that only server use it and client have no keystore.
It is possible

SocketException in client authentification

Hello,
I try to establish a connection to a Apache SSLServer using client authentification. Apache is configured right as I can authentificate my client cert with InternetExplorer.
When I try to connect from a java client I always get a
java.net.SocketException: Cannot send after socket shutdown: JVM_recv in socket input stream read.
Does anybody know a solution? As I can see in the trace and in Apache's log the client doesn't send his client although there's a cert chain in my keystore.
Any suggestions??
Regards,
Schlunz

I use the ClientWithAuth - example from Sun. I only created a keystore containing my ca and client cert and referenced that keystore with its password.That code runs in ServerAuthMode without problems (on my machine)....
Regards,
Schlunz

After disabling Autolock and trying to disable Passcode Authentification, iPad continues to ask for a passcode, but old passcode not accepted

I wanted to turn off Autolock and Passcode Authentification.
I set Autolock to "never."
Then, I set Autolock after Replacing Smart Cover to "off."
Finally, I tried to turn off Passcode Authentification. My iPad asked for my passcode. I entered it, but my iPad wouln't take it and asked me to re-enter it; perhaps my finger had slipped. So I entered my passcode again -- and this time correctly, I'm nearly certain. Still my iPad wouldn't take it and asked me to re-enter it.
Not thinking I could have changed my passcode (and how could I have if, according my iPad, I never entered my old one correctly?), I let my iPad go into Sleep mode and returned to work on something else.
And now I can't unlock my iPad. I put in my passcode, and the thing won't take it. Disabled for 60 minutes at this point.

Hmm, I did receive an email saying that the thread was deleted, but did not explain why for some reason. It sounds like the Level 7 guy caused this. I will call Apple tomorrow to find out who is responsible. And see if I can lodge a complaint against that user. Maybe it was because of what the Level 7 guy was saying.
There was useful information posted in that threat that addressed the issue that I am experiencing. I will try to reiterate from the apple website, it says.
Recovery mode
If you've never synced your device with iTunes, or haven't set up Find My iPhone, you'll need to put your device in recovery mode. Then you'll restore your device as new or from a backup.
This will erase the device and its passcode.
Disconnect all cables from your device.
Hold down the Sleep/Wake button, then "slide to power off" to turn off your device.
Press and hold the Home button and plug the device into your computer. If your device doesn't turn on automatically, turn it on. Don't release the Home button.
Continue holding the Home button until you see the Connect to iTunes screen.
If iTunes doesn't open automatically, open it. iTunes will alert you that it has detected a device in recovery mode.
Click OK. Then restore the device.
If your device doesn't go into recovery mode, try steps 1–4 again.
They suggested that I try this over again until it works. It did not work for me the first time.

Authentification with Java, PHP, .htaccess

Hi there,
I am thinking about creating a Java project that requires some authentification routines.
Users (which are given a unique user ID) are employing a client software (Java) that retrieves specific data from a webserver (available ressources HTML, SSI, PHP, .htaccess).
A user should be able to use any client to get his data from the webserver, so unique client IDs are a non-option. Probably two users might even use two instances of the same client on the same machine (means, same IP).
I want this to be reasonably secure, so no plaintext protocol. I thought about something like a challenge - response architecture, BUT...
...how can I do this with only PHP (server) and Java (client) as options?
I don�t need a polished, smooth, perfect solution - a rough idea will do. Are there any secret / public key architectures with ready-to-use PHP modules that are also implemented in Java? Or has anybody a completely different idea I haven�t thought about yet?

Have a look on RFC 2617 from IETF (www.ietf.org). This RFC specifies two mechanisms for authenticated access to HTTP resources. .htaccess is based on these mechanisms. Unfurtonately, they are not secure enough. The first protocol, BASIC, sends clear text username/password. The second, DIGEST, sends digests of the username/password using a challenge-response scheme. The disadvantage of DIGEST is that the username/password needs to be stored in clear on the server-side.
What you could do, which is something I am currently working on myself, is to implement your own protocol, based on this RFC. This is possible because you are in control of both the clients and the server. It wouldn't be possible if standard browsers where used as clients.
Good luck!
/Christer

Authentification ldap,pam.d on solaris 11

Hi,
I tested ldap authentification on Solaris 11 and I didn't succeed in ssh connection.
I succeed in viewing ldap users (getent passwd) and i modified /etc/pam.d/login other and passwd
with "auth required pam_ldap

Hi,
Try to change the following two files: /etc/pam.d/login and /etc/pam.d/other
Change the line that states:
auth required
pam_unix_auth.so.1
to
auth binding
pam_unix_auth.so.1 server_policy
auth required
pam_ldap.so.1
Did you also checked the attributemapping for the LDAP client?
svccfg -s network/ldap/client setprop config/attribute_map= astring: '("shadow:homeDirectory=unixHomeDirectory" "shadow:description=distinguishedName" "shadow:uid=samaccountname" "shadow:gidnumber=primaryGroupID" "shadow:uidnumber=uidNumber" "shadow:gecos=displayName" "passwd:homeDirectory=unixHomeDirectory" "passwd:description=distinguishedName" "passwd:uid=samaccountname" "passwd:gidnumber=primaryGroupID" "passwd:uidnumber=uidNumber" "passwd:gecos=displayName")'
svccfg -s network/ldap/client setprop config/objectclass_map= astring: '("group:posixGroup=group" "shadow:shadowAccount=person" "shadow:posixAccount=user" "passwd:shadowAccount=person" "passwd:posixAccount=user")'
what does getent passwd username say? Does it return all the necessary fields (uid, gid etc.)?
While configuring the LDAP client to point to our Microsoft AD I use the AD property uidNumber which I manually set to the last part of the objectSID property to keep it unique within the domain.
Kind regards,
Lambert

Hyperion Performance Suite : Authentification

Hi,I would like to know if there a way (or a workaround) to bypass Hyperion Performance Suite authentification.Under Linux, I would like to use a PAM module (through Samba and NT network) to authentificate my Hyperion users.Is it possible to develop an program Hyperion can use to authentificate instead of accessing the database data ?I would like to define my users in Hyperion but to authentificate them externally.Best regards,Benjamin

I thought Hyperion Releaseed Impact Manager in the last release of 8.5.
You might check your documentation.
If you are good with VBA and your BQYs are stored on a mapped drive accessible from a Windows machine you could write a Script to rip through a target directory and interogate all the files in it and write out a table useage list. It will take a lot poking around the Object Library. The BrioQuery Type Library can be loaded up into VBA Editor.
In VBA References
Browse for Type Library brioqry.tlb
shows as Intelligence Object Library
Object Browser (BrioQry)

Reporting Services authorisation, authentification

I would like to use Reporting Services in our business application. I'm new with it and I'm not sure can we do it or not. We are using SQL Server authentification and our stored procedure retrives different information for different users (users have
pseudopriveleges on tables rows), so our report server should go the same way. I've read some information about custom authentification and want to ask - If I login to SSRS with custom username and password how this credentials could
be used in Report DataSources? What type of authentification should I select in Data Source? Does SSRS automaticaly send user credentials to datasources?
Thanks for reading :-)

I see.
Those constraints were not clear from your original question.
Thank you for clarifying.
A bit more clarification is required, though:
Do you plan to use SSRS embedded in your application (by using the Reporting Services API)?
If so, you might find it easier to simply deliver an additional parameter to your reports which would serve as a sort of "User Token" (like "UserID" for example), so that your reporting queries would know which user is querying them;
and the "User Token" will be delivered by your application code - hidden away from the user. Based on this "User Token", you might want to use
impersonation for your existing procedures to work properly.
Please note that you'd might want to use SSL in order to encrypt your traffic over the network in such a case.
Also note that I'm only suggesting these convoluted suggestions because you mentioned that it must be SQL Authentication. If you'd accept Windows Authentication, you'd be able to use the built-in Windows NT authentication mechanism which would be much easier
for you to implement in your reports.
Eitan Blumin; SQL Server Consultant - Madeira Data Solutions;

Authentification

Similar Messages

Maybe you are looking for