Authorization without authentication

Similar Messages

• Security Athorization without authentication - wiill this work? Attn Frank

  Hi Frank:
  Fun never stops and never know what is coming.
  Just when I have my nice tables set up for authentication and authorization,
  now I hear that I have to test a scenario where authentication is going to be provided by an external utilty (An LDAP Server behind which PeopleSoft tables have username/pw) info. My questions are:
  (1) Is it possible to turn off authentication via J2EE Container but keep Authorization on? I want the ability to use page related security roles! And, yes, there will be a table with usernames and roles as well (which is working).
  Change: However, the table with usernames and passwords will be in a PeopleSoft table behind LDAP. (The authentication does work with a few tweaks in web.xml. So, can't complaint there)
  (2) Is there a better solution (given the external authentication utility is a given)?
  (3) Is there a way to fool JAAS to say, ok don't show the login screen but you are authorized? I now wonder what the DBTableLoginModule do? Can we tell it, "forget authentication, just get the roles?"
  I really don't want to lose the authorization provided by JAAS and, not to mention, permissions (which I have not gotten to work but more about that on another post).
  Thanks

  Hi,
  1) as said, nothing prevents you from building a JAAS LoginModule that does what you need - e.g. authenticate a user against LDAP, then connect to the database and query for his/her user roles. You can't have container managed authorization without authentication though.
  There will be a change in API in JDeveloper 11 (and most likely in JDeveloper 10.1.3.4 - upcoming) that allows you to set a Subject into the OC4J context, in which case you don't need container managed autehntication. However, I don't have it tested yet and can't tell to what extend this would be useful
  3) Sure, you can build a JAAS LoginModule that doesn't care for authentication. However, this doesn't work with container managed security. As far as I am aware, the only option to not show a login dialog is to use certificates. And certificates are not yet to use with custom LoginModules. So the above mentioned API - that is available as a backported patch for 10.1.3.1 - might do the trick
  Frank

• Creating/Mapping security roles without authentication

  Hello all, I am new to WebLogic 9.1, and I appreciate your help in advance.
  I have an HTTP header pre-populated with the roles a logged-in user has (these roles are defined outside websphere), and the user has already been authenticated.
  I want to map each role from my header to a URI configured in weblogic, so it can authorize/deny access to that page within the container, based on the role in the header.
  What would be a good approach to doing this? I have been looking through the security documentation, and I am a bit overwhelmed, I'm not sure where to begin.
  Thanks

  Hi,
  1) as said, nothing prevents you from building a JAAS LoginModule that does what you need - e.g. authenticate a user against LDAP, then connect to the database and query for his/her user roles. You can't have container managed authorization without authentication though.
  There will be a change in API in JDeveloper 11 (and most likely in JDeveloper 10.1.3.4 - upcoming) that allows you to set a Subject into the OC4J context, in which case you don't need container managed autehntication. However, I don't have it tested yet and can't tell to what extend this would be useful
  3) Sure, you can build a JAAS LoginModule that doesn't care for authentication. However, this doesn't work with container managed security. As far as I am aware, the only option to not show a login dialog is to use certificates. And certificates are not yet to use with custom LoginModules. So the above mentioned API - that is available as a backported patch for 10.1.3.1 - might do the trick
  Frank

• Macbook Pro won't let me move files to HD without authentication. Also when I try to move files from the HD to the desk it just copies them.

  My 2013 Macbook Pro running Mavericks 10.9.5 won't let me move files to the HD without authentication. So I have to keep putting my password in. Also when I try to move files from the HD to the desk it just copies them. This just suddenly happened last night. Anyone have any ideas what it could be? Thanks

  See http://support.apple.com/kb/HT1229?viewlocale=en_US - I doubt that it will solve your problem, though. You may want to post on the iPhoto forum - that's where all of the iPhoto experts hang out.
  Good luck,
  Clinton

• How to send an email without authentication

  when I use javamail to send an email ,give authentication information seems
  a must ,but I need to send it without authentication.Any method that can
  implement it?

  you can set null for authenticator object.......
  look code below, it works......
  Properties prop = new Properties()
  Session ses = Session.getDefaultInstance(prop,null);

• Accessing PI WSDL without authentication

  Hi,
  Is there a setting  / configuration that would allow access to a WSDL URL(obtained from Sender Agreement -> Display WSDL) and pull down the WSDL file without authentication?
  Thanks & Regards,
  Renjith John Andrews

  Hello Renjith,
  Did you find any way to get SOAP wsdls without authenticaion? Now, I'm looking for the way how to get wsdl without authentication.
  Thanks&Regards
  Volkan

• Send a mail via smtp without authentication

  Hello,
  I'm developping a web application that reports errors or 'strange situations' to the application'a admin with an e-mail message to the address entered in a sort of wizard. I've read some tutorials and actually I'm able to send mail via smtp only with authentication, withouth i get this error: "530, Address requires authentication". How can i send mails without authentication?

  Normally the administrator of those forums is also the administrator of the SMTP server they use, so they configure the server to accept requests from the forum software without authentication.
  If you are running your own SMTP server you can do that too. If you are using somebody else's server you will have to follow their rules. You could always contact the administrator and ask whether you could be made exempt from authentication...

• Configure SMTP without authentication to share photo by email

  I'm not able to share photo by email using a SMTP server without authentication.
  Can anyone tell me how to configure an account without authentification?
  Regards,
  Frederic

  Is your Outlook version compatible with Mountain Lion? To be used from other Applications as Mailer it nneds to sandboxed, see this thread.
  Re: since update I can not send pitures via outlook or apple mail please help
  I do not think, there is a version of Outlook right now, that can be used to mail from Aperture. Use "Mail.app" instead.
  I do not know, what may be wrong with Facebook upload. The update to 3.4.1 should have fixed the Facebook access problems.
  Regards
  Léonie

• Can't modify folders without authenticating myself. I am admin. Any ideas?

  I can't create a new folder, save a file or move anything to a folder I have in my documents without authenticating it.
  I am the only user and am logged in as admin.
  Any ideas?
  I feel like I am using Windows.

  Hi G, and welcome to Apple Discussions.
  Run Repair Permissions: Applications>Utilities>Disk Utility>select HD in panel at left>click on Repair Permissions at bottom of main window and allow process to finish before quitting DU.

• OAM (authorization and authentication)

  Does OAM offer any cape Web Services for the authorization and authentication?
  Thanks in Advance, Awaiting sooner response.
  Edited by: Odemail on 05-abr-2012 8:31

  For this you can check with Oracle Support
  Thanks
  kumar

• Spro full authorization without sap_all and sap_new

  Hi Friends,
  Can u suggest me how to give spro full authorization without sap_all and sap_new profile.
  Thanks & Regards,
  Tarun

  Hi Gowrinadh,
  This is an interesting discussion. I don't mean to take shots at your concept, but I have some concerns about it as a solution.
  > I have prepared a role 8 months back, we passed 2 patch upgrade cycles and I can confirm that this role will work even after the next version of ECC upgrade.
  Sometimes the symptoms only make themselves visible later, and we don't know what is coming in the next version of ECC. Of course it should be largely compatable, but there will be new stuff. You can be sure of that.
  > If there are any modules or new functionalities required, then customer has to request for it in addition.
  My understand is that the customer requests a full and working SPRO role for each release. They will not find the tcodes for you and do not want to play ping-pong via support tickets either with it.
  So each time you bill your customer for the 20 or 40 hours work for maintaining these tcodes manually in ranges? Appart from being error-prone, this solution is not scalable for when SAP might introduce another 20000 tcodes into the SPRO. Or someone convinces SAP to introduce an S_TCODE check for every line of code the whole system... (this is something which some people seem to believe in...), which would introduce several billion new tcodes for you...
  > For which we can build separate role.
  That is different. The question here (and certainly your solution) is to have them in the same role without duplicates but still including all SPRO access.
  If you build them as seperate roles, then you can merge them as projects into one composite and live with the duplicates while checking for any known objects which should not be included.
  I would agree with you. That is in my opinion a better solution, but it is not what you have been describing earlier.
  > We can plan for authorizations and build roles based on the inputs for today and tomorrow received from customer.
  That is the whole point in having maintainable roles and scalable processes. Manually maintaining 20k tcodes is incompatable with such requirements.
  > By the way, the max no of consultants and business process owners having this role is not more than 40.
  I don't think that assigning the role to less people will make it more usefull, nor that assigning it to more people will bring down it's per user cost of maintenance.
  There is some old code posted here already which does what you have described in less than 1 minute. You can find it via the tables I have mentioned above, and will recognize it (and it's age)  by the header lines it uses for internal tables. But it still works, since about release 3 point something...
  Cheers,
  Julius

• Authorization without internet?

  I live in Denmark, and most of Denmark is provided with a stable boradband connection. Unfortunately, there are still 2% of the population that cant get broadband due to several issues.
  I purchased 2 albums from my laptop computer on my school. And offcorse they could get their authorization without any problems. But my stationary computer at home is not connected, and now I can't play either of those albums, and it is really getting to annoy me.
  Is there anything that can be done?
  You can also respond to: [email protected]

  Sorry, but it's not possible to authorize a system to the iTunes Music Store without the system being able to connect to the Internet, at least temporarily. If you absolutely cannot connect your home computer to the Internet, then all you can do is burn the albums to audio CD on your laptop and play/import those on your home computer.

• Installed Java Runtime and Perian without authentication prompt

  OSX LION 10.7.3 MacBook Pro 2.2 GHz i7 Late 2011
  It was my understanding (and experience thus far) that any changes to the operating system, including the addition of new applications, would prompt admin authorization and require a password.  I recently installed Jave Runtime Environment and Perian without the required authentication.
  I restarted my machine and downloaded and installed Chrome as well.
  Any ideas?

  MAC ATTACKED wrote:
  It was my understanding (and experience thus far) that any changes to the operating system, including the addition of new applications, would prompt admin authorization and require a password.
  Only if you weren't logged in as an admin user. Very few require authentication.

• Creating a service without Authentication

  Dear,
  We created the following scenario for use with our Adobe Interactive Forms.
  The flow is synchronous, starts with a service, goes over PI for logging and minor mapping, call a Proxy on an ERP system, fills in the data, and sends it back with several rows of data. In the configuration with Communication Channels :
  SOAP Sender CC -> PI -> Proxy Receiver CC
  Up until recently we always used the normal authentication for our services, now however, we need to create a service that has no authentication. Is this possible? It can't be HTTPS either. The reason is that Adobe Interactive Forms (in SAP) supports neither of these (logon & https) yet.
  I'm open to any/all suggestions. Another option would be to create the service directly on the ERP system, and expose it as an Enterprise Service, using the ESR. Can I do this without using a logon/https?
  Thanks in advance,
  Frederik-Jan

  Frederik-Jan,
  I am sitting with the same issue. Did you find a solution to this problem? Please can you be of assistance the resolution or point me in the write direction.
  Much appreciated.
  Regards
  Willie Hugo

• Document in KM not opened without authentication when SSO is enabled.

  Hi,
  I am trying to open the document (with full url of the document in new window) in new window but the popup is displaying for authentication.
  SSO is enabled and I am able to access the portal without giving credentials. But in new window if I try to open the document with full url then it is asking for authentication.
  Please let me know what cofigurations should I do to achieve this.
  Thanks

  Hi,
  Post the URL with which you are opening the document in new window.
  The key here is to set proper AuthScheme for the Iview.
  http://help.sap.com/saphelp_nw70/helpdata/EN/44/42c2ed81ce2152e10000000a114a6b/frameset.htm
  So if you are calling IView using path: http://<server>:<port>/irj/servlet/prt/portal/prtroot/<pcd address>
  Then check the IView's AuthScheme property and choose appropriate one:
  http://help.sap.com/saphelp_nw70/helpdata/EN/66/1700fd44385c44afc0f781b6f90e0f/frameset.htm
  http://help.sap.com/saphelp_nw70/helpdata/EN/54/a334ed5bbfd5488b8cdd67b2c594a9/frameset.htm
  https://forums.sdn.sap.com/thread.jspa?threadID=338537
  Regards,
  Praveen Gudapati