Avoiding relog-in when accessing protected resource

Similar Messages

• OAM11g - How to perform direct login without accessing protected resource?

  Hi,
  I think this should be a common requirement as website needs to provide a direct login page.
  The OAM Documentation seems focus on the flow of starting from accessing protected resource then redirect to login page.
  How can we perform direct login?
  I tried from my custom login page directly, but it always gives me *"PolicyEvaluationException: OAMSSA-06191: The runtime request contains no resource"* once the login form submitted.
  Anyone can advise? Thanks in advance.

  Thanks for the reply.
  We need to cater for both the scenarios:
  Scenario 1: User tries to access a protected page. He/she will be redirected to the login page. Once it is authenticated, he/she will be redirected back to the previously requested protected page
  Scenario 2: User clicks the "Login" link on the homepage where the homepage is definitely unprotected. He/she will be redirected to the login page. Once it is authenticated, he/she will be redirected back to homepage.
  I have tried to the "Success URL" parameter of the Authentication Policy. However, once "Success URL" is defined, Scenario 1 will NOT work...
  Yes. There are some work around solution I can think about.
  Example: use a intermediate page 'rediret.jsp' which is defined as the protected resource.
  The flow is: clicks the "Login" link on the homepage -> a intermediate page 'rediret.jsp' -> login page -> redirect back to 'rediret.jsp' -> 'rediret.jsp' will redirect user to the Homepage...
  But I think Scenario 2 should be very common and it should be a right solution for it. Please advise. Thanks

• How to avoid screen flash when access many cells in matrix?

  Hi,
  I need to do some automation in the matrix, I need access some cells one by one and assign value to some cells too. When this action only touch 1-2 cells, then the screen flash is acceptable, but if too many cells touched like more than 5, then the matrix flashing become pretty ugly. My question is can this flash be avoided?
  Thanks!
  Lan

  Hi ZHANGLAN     
  Use form.freeze()
  form.freeze(true)
  'your code
  form.freeze(false)
  Hope this will help you
  Regards
  Arun

• 404 error when accessing json resources

  I have a node.js Web App in Azure,
  the site loads the index.html, the css, images, etc. but the JS search functionality doesn't initialize, I did an F12 inspection in Chrome and saw this error
  [domain].azurewebsites.net/data/policies.json Failed to load resource: the server responded with a status of 404 (Not Found)
  in the Azure console I can see the file list
  > cd public
  D:\home\site\wwwroot\public
  > cd data
  D:\home\site\wwwroot\public\data
  > ls
  D:\home\site\wwwroot\public\data
  policies.json
  according to the folder/file structure (everything is in the /public folder) I have made a configuration change as follows
  / = "site/webroot/public"
  the folders are laid out like this
  /public/index.html
  /public/data
  /public/js
  /public/css
  etc
  Without the config setting the website doesn't see /public as the root folder, so it doesn't find the index.html and nothing loads.
  So the site loads, which is great, the images and css load, which is great
  but it says it can't find the .json file in the data folder? (and using the console I can see the file is definitely there!)

  what was the solution, I have having the same issue. Pix 515 v.7.0
  thanks,
  Mike

• How to avoid login prompt when viewing reports

  Hello,
  I am trying to access a report that I have put in the shared reports folder
  I have copied the URL, see below, from the copy shortcut link.
  However I am being prompted for a User name and password
  http://server:port/OracleBAM/12345/reportserver/default.jsp?Event=viewReport&ReportDef=6&Buttons=False&ReportParameters=()
  Can you please advise
  a) If I can bypass or default a username and password in the URL
  b) If the above is not achievable then do I need to set up each person, viewing the report, with a username and password and somehow pass these credentials in with the URL.
  Thanks in advance,
  Kevin

  Hi Kevin,
  I am sure its too late to post a reply for this question but it will be useful for others.
  Yes, you can bypass the login prompt by implementing SSO to the BAM with a default username/password.
  You can write a simple java code to simulate the process of submitting a login form, thus allowing users to access weblogic protected resources, like BAM report URL, without re-entering the username and password in the login page.
  You can use HTTP client API to simulate Form Based HTTP Authentication. It will have to first post HTTP request to authenticate default user 'weblogic' and then from HTTP response get the cookie and pass it to the subsequent HTTP request (with the report URL) to access protected resource.
  I had the same requirement and it worked for me :).
  Thanks
  Jahangir Pasha
  Edited by: Jahangir Pasha on Mar 28, 2013 12:40 AM

• HTTP 403 when trying to access a protected resource

  I'm setting up a very simple enviornment to test the basic functionalities of Access Manager 7.1 but I keep on getting an "HTTP 403 forbidden" error when trying to access a protected resouce. I think I've set the required policies, rules, etc., but still, I may have missed a step. Any ideas / advice will be greatly appreciated. Thanks.
  Here's my setup and steps I took.
  iamsys05.iamtest.com ¡V policy server, Access Manager 7.1 Update 1
  iamsys06.iamtest.com ¡V protected resource, Apache 2.2.8 web server
  On Policy Server (iamsys05):
  1.     Created ¡§Apache Policy 1¡¨ on top-level realm.
  2.     Under Apache Policy 1, created rule ¡§apache root¡¨ with service type = URL Policy agent and resource name: http://iamsys06.iamtest.com:8080/*
  3.     Under Apache Policy 1, created subjects ¡§all users¡¨ with type=Acess Manager Identity Subject and selected all users under the realm. One of these users is amAdmin.
  4.     Created agent profile user ¡§webagent¡¨ on top-level realm (amserver) [amserver „³ Subjects „³ Agent ].
  5.     Created user ¡§webagent¡¨ on top-level realm [amserver „³ Subjects „³ User].
  6.     Created role ¡§webagentrole¡¨ on top-level realm [amserver „³ Subjects „³ Role].
  7.     Assigned user ¡§webagent¡¨ to role ¡§webagentrole¡¨.
  8.     Set the privileges for webagentrole to ¡§Read and write access to all realm and policy properties¡¨
  9.     Added the webagent user account to com.sun.identity.authentication.special.users in AMConfig.properties file.
  com.sun.identity.authentication.special.users=
  cn=dsameuser,ou=DSAME Users,dc=sun, dc=com|cn=amService-UrlAccessAgent,ou=DSAME Users,dc=sun,dc=com |uid=dmgr,ou=people,dc=sun,dc=com|uid=webagent,ou=People,dc=amserver,dc=com
  10.     Restarted amserver application.
  On Protected Resource (iamsys06):
  1.     Installed Apache 2.2.8 web server and set listening port to 8080. Tested by opening http://iamsys06.iamtest.com:8080. Home page displayed (It works!)
  2.     Installed Policy Agent for Apache 2.2.
  3.     Restarted apache 2.2 web server
  4.     Opened http://iamsys06.iamtest.com:8080.
  5.     Browser redirected to http://iamsys05:9080/amserver/UI/Login?goto=http%3A%2F%2Fiamsys06.iamtest.com%3A8080%2F
  6.     Access Manager login page displayed
  7.     Entered a valid ID and password (amadmin). This is the Access manager admin account I use to login to the AM Admin console so I know the id and password are valid. Hit Login.
  8.     After about 30 seconds, browser is redirected to http://iamsys05:9080/amserver/UI/Login?AMAuthCookie=AQIC5wM2LY4SfcyNiM%2B36w9DDhY5NmKc2PF6%2Fx4x2%2FUJ18M%3D%40AAJTSQACMDE%3D%23. Brwser displays "HTTP 403 Forbidden. This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage." I get this with IE6.
  9.     Using Firefox, I get a ¡§Redirect Loop¡¨ error message ¡§Firefox has detected that the server is redirecting the request for this address in a way that will never complete.¡¨
  Thanks
  -Armand

  Installed tamper data and from what I can tell, the requests go back and forth between AM server and protected resource. Here's the Request Graph output.
  http://iamsys06.iamtest.com:8080/ 302 103
  http://iamsys05.iamtest.com:9080/.../Login?goto=http%3A%2... 302 16
  http://iamsys05:9080/.../Login?goto=http%3A%2F%2Fiams... 200 16
  http://iamsys05:9080/favicon.ico 404 50
  http://iamsys05:9080/.../Login?AMAuthCookie=AQIC5wM2LY4Sfcz... 302 183
  http://iamsys06.iamtest.com:8080/ 302 30
  http://iamsys05.iamtest.com:9080/.../Login?goto=http%3A%2... 302 17
  http://iamsys05:9080/.../Login?goto=http%3A%2F%2Fiams... 302 10711
  http://iamsys06.iamtest.com:8080/ 302 23
  http://iamsys05.iamtest.com:9080/.../Login?goto=http%3A%2... 302 15
  http://iamsys05:9080/.../Login?goto=http%3A%2F%2Fiams... 302 16
  http://iamsys06.iamtest.com:8080/ 302 18
  http://iamsys05.iamtest.com:9080/.../Login?goto=http%3A%2... 302 17
  http://iamsys05:9080/.../Login?goto=http%3A%2F%2Fiams... 302 13
  http://iamsys06.iamtest.com:8080/ 302 13
  http://iamsys05.iamtest.com:9080/.../Login?goto=http%3A%2... 302 10
  http://iamsys05:9080/.../Login?goto=http%3A%2F%2Fiams... 302 10
  http://iamsys06.iamtest.com:8080/ 302 16
  http://iamsys05.iamtest.com:9080/.../Login?goto=http%3A%2... 302 11
  http://iamsys05:9080/.../Login?goto=http%3A%2F%2Fiams... 302 12
  http://iamsys06.iamtest.com:8080/ 302 12
  http://iamsys05.iamtest.com:9080/.../Login?goto=http%3A%2... 302 10
  http://iamsys05:9080/.../Login?goto=http%3A%2F%2Fiams... 302 12
  http://iamsys06.iamtest.com:8080/ 302 12
  http://iamsys05.iamtest.com:9080/.../Login?goto=http%3A%2... 302 10
  | | | | |
  URI Status Duration 20:59:52.542 20:59:56.512 21:00:00.482 21:00:04.451 21:00:08.421

• Access to a protected resource was denied.

  Hi Experts
  I need some help with this error.
  I created a small button on a html page and when i click on that button i am calling the url from smartcut.When i click on it, it runs ok and the output is there but it is also displaying a error.
  error is on a small internet explorer window,
  "Failed to run job.
  access to a protected resource was denied.
  Detailed Message: NoContentPublisherRole.
  Recommended Action: Logoff and logon again. If problem persists contact your local security administrator."
  I know the user that i loggedin has publishing access and i also tried log in and log off. didnt work.
  hyperion workspace version is 9.3.1
  hyperion ui version is 9.3.1
  hyperion server version is 9.3.1
  Thank you in advance
  Kumar

  Hi Florent,
  1.  For the first error "The name has already been shared":
  I recommend you can use the the cmdlet "Get-SMBShare" to list all share folders firstly before creating a new share, and check if there is share named "$unit" on remote server.
  2.  For the second error "The requested object could not be found":
  According to your script, you want to creat a new share on remote computer, then add this share folder to the new created namespace on file server, please try the script below:
  New-DfsnRoot -Type DomainV2 -TargetPath "\\$newDestServer\$unit" -Path "\\$RootNameSpace\$unit" -EnableSiteCosting $true
  New-DfsnFolder -Path "\\$RootNameSpace\$unit\$site" -TargetPath "\\$newDestServer\$unit"
  If there is anything else regarding this issue, please feel free to post back.
  If you have any feedback on our support, please click here.
  Best Regards,
  Anna Wang
  TechNet Community Support

• Missing version field in response from server when accessing resource

  HY
  I have a problem to use the version option of the webstart. All files are included into a war file (created with jar cvf xx.war *). This file is in the webapps folder of the Tomcat 5. The jar files from the dev. kit (jnlp-servlet.jar, jaxp.jar, parser.jar are in the WEB-INF/lib folder).
  Every time I get the same message:
  Category: Download Error
  Missing version field in response from server when accessing resource: (http://localhost:8080/version/ademo.jar, 1.1)
  Do I need a aditional file or must Iwrite a servlet???
  Whats wrong
  my JNLP file
  <?xml version="1.0" encoding="utf-8"?>
  <!-- JNLP File fuer HJP3 WebStart Demo-Applikation -->
  <jnlp codebase="http://localhost:8080/version/" href="wstest.jnlp">
  <information>
  <title>HJP3 WebStart Demo Application</title>
  <vendor>Guido Krueger</vendor>
  <homepage href="http://www.javabuch.de"/>
  <description>HJP3 WebStart Demo Application</description>
  <icon href="wstest.gif"/>
  <offline-allowed/>
  </information>
  <information locale="de">
  <description>HJP3 WebStart Demo-Applikation</description>
  <offline-allowed/>
  </information>
  <security>
  <!-- <all-permissions/> //-->
  </security>
  <resources>
  <j2se version="1.4+"/>
  <jar href="ademo.jar" version="1.1"/>
  </resources>
  <application-desc main-class="Listing3813"/>
  </jnlp>
  my version.xml file
  <jnlp-versions>
  <resource>
  <pattern>
  <name>ademo.jar</name>
  <version-id>1.1</version-id>
  </pattern>
  <file>application.jar</file>
  </resource>
  </jnlp-versions>
  my web.xml file
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
  <web-app>
       <servlet>
            <servlet-name>JnlpDownloadServlet</servlet-name>
            <servlet-class>com.sun.javaws.servlet.JnlpDownloadServlet</servlet-class>
       </servlet>
       <servlet-mapping>
            <servlet-name>JnlpDownloadServlet</servlet-name>
            <url-pattern>*.jnlp</url-pattern>
       </servlet-mapping>
  </web-app>

  The log file (jnlpdownloadservlet.log) would show the calls for the jar files if the servlet is called for the jar files (did you correct the url mapping ?). Here are a few lines from a log file
  JnlpDownloadServlet(4): Initializing
  JnlpDownloadServlet(3): Request: /maportal/wfe/wfeguiv.jnlp
  JnlpDownloadServlet(3): User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8
  JnlpDownloadServlet(4): DownloadRequest[path=/wfe/wfeguiv.jnlp isPlatformRequest=false]
  JnlpDownloadServlet(4): Basic Protocol lookup
  JnlpDownloadServlet(4): JnlpResource: JnlpResource[WAR Path: /wfe/wfeguiv.jnlp lastModified=Tue Mar 23 17:06:56 CET 2004]]
  JnlpDownloadServlet(3): Resource returned: /wfe/wfeguiv.jnlp
  JnlpDownloadServlet(4): lastModified: 1080058016000 Tue Mar 23 17:06:56 CET 2004
  JnlpDownloadServlet(3): Request: /maportal/wfe/wfegui.gif
  JnlpDownloadServlet(3): User-Agent: JNLP/1.0.1 javaws/1.4.2_03 (b02) J2SE/1.4.2_03
  JnlpDownloadServlet(4): DownloadRequest[path=/wfe/wfegui.gif isPlatformRequest=false]
  JnlpDownloadServlet(3): Request: /maportal/wfe/wfegui.jar
  JnlpDownloadServlet(3): User-Agent: JNLP/1.0.1 javaws/1.4.2_03 (b02) J2SE/1.4.2_03
  JnlpDownloadServlet(4): DownloadRequest[path=/wfe/wfegui.jar isPlatformRequest=false]
  JnlpDownloadServlet(4): Basic Protocol lookup
  JnlpDownloadServlet(4): JnlpResource: JnlpResource[WAR Path: /wfe/wfegui.jar lastModified=Tue Mar 23 17:06:30 CET 2004]]
  JnlpDownloadServlet(3): Resource returned: /wfe/wfegui.jarYou should see all the resources (including jar files) being requested, and whether a specific version was requested or not (in above sample, not).
  I put my problems down to my application server (Orion) as other people seem to have this working. The deployment in Orion keeps the original timestamps of the jars, so I explicitly set the timestamps in my build so that the unchanged jars do not have to be downloaded all the time. This is not really a good solution, so maybe someone else can give further advice.
  Brendan

• Missing version filed in response from server when accessing resource

  Hello all,
  I am getting the following error when trying to do jar version download in webstart.
  Missing version field in response from server when accessing resource(http://lo alhost:8080/jdc/jnlp/new/SimpleGUI.jar,1.0)
  I am using Tomcat 5.5.
  My web.xml looks like this,
  <web-app>
  <display-name>Tomcat Examples</display-name>
  <description>
  Tomcat Example servlets and JSP pages.
  </description>
  <servlet>
  <servlet-name>
  JnlpDownloadServlet
  </servlet-name>
  <servlet-class>
  jnlp.sample.servlet.JnlpDownloadServlet
  </servlet-class>
  <init-param>
  <param-name>
  logLevel
  </param-name>
  <param-value>
  DEBUG
  </param-value>
  </init-param>
  <init-param>
  <param-name>
  logPath
  </param-name>
  <param-value>
  c:\logs\jnlpdownloadservlet.log
  </param-value>
  </init-param>
  </servlet>
  <servlet-mapping>
  <servlet-name>JnlpDownloadServlet</servlet-name>
  <url-pattern>/jdc/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>JnlpDownloadServlet</servlet-name>
  <url-pattern>*.jnlp</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>JnlpDownloadServlet</servlet-name>
  <url-pattern>*.jar</url-pattern>
  </servlet-mapping>
  </web-app>
  My version.xml file.
  <jnlp-versions>
  <resource>
  <pattern>
  <name>SimpleGUI_v1.0.jar</name>
  <version-id>1.0</version-id>
  <locale>en_US</locale>
  <locale>en</locale>
  </pattern>
  <file>SimpleGUI_v1.0.jar</file>
  </resource>
  <resource>
  <pattern>
  <name>SimpleGUI_v2.0.jar</name>
  <version-id>2.0</version-id>
  <locale>en_US</locale>
  <locale>en</locale>
  </pattern>
  <file>SimpleGUI_v2.0.jar</file>
  </resource>
  </jnlp-versions>
  My jnlp file is as follows,
  <?xml version="1.0" encoding="UTF-8"?>
  <jnlp spec="1.0+" codebase="http://localhost:8080/jdc/jnlp/new" href="SimpleGUI.jnlp">
  <information>
  <title>SimpleGUI</title>
  <vendor>Java Developer Connection</vendor>
  <homepage href="/jdc/jnlp/new/index.html" />
  <description>Demonstration of JNLP</description>
  </information>
  <offline-allowed/>
  <resources>
  <j2se href="http://java.sun.com/products/autodl/j2se" version="1.5+ " />
  <jar href="SimpleGUI_v1.0.jar" version="1.0"/>
  <jar href="AddLogic_v1.0.jar"/>
  <jar href="SimpleGUI_v2.0.jar" version="2.0"/>
  <jar href="AddLogic_v2.0.jar"/>
  </resources>
  <application-desc main-class="com.logic.SimpleGUI" />
  </jnlp>
  For the codebase if I use $$codebase then it reports an error showing,
  The field <jnlp> codebase has an invalid value:$$codebase
  I think the JnlpDpwnloadServlet is not getting invoked. I cant figure out my mistake. I am tired searching in forums and there is no proper answer to this problem. Any help is appreciated.
  Thanks in advance.
  Regards,
  robi

  Thanks for including all your code. I've ran into version download problems before also. In the jar reference don't include the actual __V.jar file name, just include all pre __V.jar. <jar href="AddLogic_v1.0.jar"/> would become <jar href="AddLogic.jar"/>. Now I haven't done it with the version.xml before I just did it with making file named *__V.jar.
  I just re-read all that you did, if you title your files with the __V.jar notation you don't need a version.xml file.
  <jar href="SimpleGUI_v1.0.jar" version="1.0"/>
  Should become
  <jar href="SimpleGUI.jar" version="1.0"/>
  And you would have SimpleGUI_v1.0.jar on your server. Also might need it to be a capital "V" not sure.
  Message was edited by:
  javaunixsolaris

• Getting 401 Unauthorized error when accessing Resource History in OIM11gR2

  Hi,
  I am receiving the following error (In the Resource Histroy Popup window) when I tried to access the Resource History for completing a User provisioning (DB Resource using Oracle DB connector).
  I have setup OIM 11g R2 on Windows 2008 Server Enterprise R2 with Oracle DB 11g R2
  Error 401--Unauthorized
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.2 401 Unauthorized
  The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.
  I have read in other forum links that we need to configure the Authorization policies from OES APM console.
  I have setup the APM console, but I am not sure how to configure this related to my scenario
  I couldn't figure out what policies to be configured for my requirement under Application---->OIM----->oimdomain----->Authorization policies in APM console.
  I request experts to help on this as I am completely stuck here.
  Thanks,
  Madhu

  Hi user9212679,
  I am able to resolve the issue by reconfiguring the Domain properly with my FQDN of my VM.
  Earlier I was using my IP Address instead of FQDN and but the OIM is taking the FQDN of the machine and throwing 401 Unauthorized error.
  But I appreciate you help as it gave me clue of what could be wrong.
  Thanks,
  Madhu

• When accessing shared folder - 'You might not have permission to use this network resource" .. A device attached to the system is not functioning

  On a Windows 2008 R2 server that had been working fine, all of a sudden some shared folders became inaccessible.  Clicking on them returned the following: "<Folder> is not accessible.  You might not have permission to use this network
  resource.  A device attached to the system is not functioning."
  If I create another share with a different name for that same folder, it works fine.  If I delete the original share then recreate it with the same name, I get the same error.  However, if I right click on the problematic share and select 'map
  network drive' that works.  So this would not appear to be a permission issue.
  I discovered this problem because the path for mapping the home folder as a property of their AD account stopped working.
  I have tried most of the common things found on the internet.  I've tried accessing via IP, same issue.  While I only have a couple 2003 servers, those can access this resource.
  At this point, I'm pretty much out of ideas.  Any help would be appreciated.  I also have some reports of potential issues with some printer mappings too which I will have to investigate in the morning.
  If anyone has a solution to this I would be extremely grateful.  Thank you.

  Hi,
  Can you access the shard folder locally? Is a specific server cannot access the shared folder? Please try to Boot your server in Clean Mode to check if some third-party software cause the issue.
  How to perform a clean boot in Windows
  http://support.microsoft.com/kb/929135
  Best Regards,
  Mandy
  If you have any feedback on our support, please click
  here .
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Need help in reporting of protected resources in web application

  Hi,
  I am using form based authentication for viewing protected resources of my web application. By j_security_check, it authenticates the user and if authentication is successful, then user can view protected resources of the site.
  Now I want to generate a report of which protected resources are accessed by which user along with its timestamp.
  Now my question is can I generate this report by j_security_check. I am not sure how should I call my ReportingDAO from web tier as with j_security_check the whole authentication is done by container itself.
  Thanks

  This is what I have done for form based authentication...
  <security-constraint>
        <display-name>Example Security Constraint</display-name>
        <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
        <!-- Define the context-relative URL(s) to be protected -->
        <url-pattern>/pdfs/*</url-pattern>
        <!-- If you list http methods, only those methods are protected -->
        <http-method>DELETE</http-method>
           <http-method>GET</http-method>
           <http-method>POST</http-method>
        <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
           <!-- Anyone with one of the listed roles may access this area -->
           <role-name>manager</role-name>
           <role-name>user</role-name>        
        <role-name>admin</role-name>
        </auth-constraint>
      </security-constraint>
      <!-- Default login configuration uses form-based authentication -->
      <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>Example Form-Based Authentication Area</realm-name>
        <form-login-config>
          <form-login-page>/registration/login.jsp</form-login-page>
          <form-error-page>/registration/login_error.jsp</form-error-page>
        </form-login-config>
      </login-config>Now, if user is not authenticated, login page opens. In login.jsp, I have a form whose action I have set to j_security_check. Form fields are j_user_name and j_password.
  <filter>
      <filter-name>LoginFilter</filter-name>
      <filter-class>com.filters.LoginFilter</filter-class>
      </filter>
  <filter-mapping>
      <filter-name>LoginFilter</filter-name>
      <url-pattern>/j_security_check</url-pattern>
      <dispatcher>REQUEST</dispatcher>
      <dispatcher>FORWARD</dispatcher>
    </filter-mapping>I mapped a login filter with the url pattern /j_security_check. So from login.jsp, when user submits the login page, Login filter should be called.
  I don't know why my LoginFilter is not called? Filter gets called only when I change url-pattern of LoginFilter to /pdfs/* (i.e., same as the url patter n of the protected resource)
  Can anyone please help me in this regard
  I am deploying my web application on tomcat. Is it a bug of tomcat?
  Thanks

• Hybrid Remote App Unable to Access this resource

  I am having a difficult time getting my Hybrid remote app to authenticate properly. Configuration is as follows:
  Hybrid Remote App collection with S2S VPN between remote app VNet and Azure VNet following the guide:
  http://blogs.msdn.com/b/rds/archive/2014/07/21/how-to-link-azure-remoteapp-to-an-existing-vnet.aspx
  Client Server model Application with the Client installed on custom remote app image and server side on azure Vnet along with a cloud DC
  DC Syncing with Azure AD using AAD Sync Services and utilizing the mail attribute for AAD Login ID
  Remote App deploys successfully and joins to the domain (I can see the computer objects in the specified OU). I am able to publish my apps an assign user access. I am also able login through the azure remote app application and see my published apps. 
  However once I try to launch the remote app it prompts me once again to login, which I do, then it hangs for a while before erroring out with the following message
  "An error occurred while remote desktop connection was accessing this resource. Retry the connection or contact your system administrator."
  Since this is a hybrid deployment I am able to login to the session host OS.  Whenever I do I am logged in with a temporary profile (I am not sure if this is normal or not).  I see very little in the event logs on the session host, nor the DC.
  I have verified connectivity between the remote app and the DC through ping both ways. The S2S VPN is up and functioning properly.  The session host and the DC have access to other domain resources and the web.  I have also seen documentation
  on a "'Known Issue" with this error related to large profile disks but this does not apply as I have never been able to successfully launch the app.  Any assistance with be greatly appreciated I am at my wits end. Please let me know
  if I can add any additional information that would help solve the issue.

  Hi,
  Do you have the User Principal Name (UPN) suffix that you are using configured in your Active Directory?  For example, say you use
  [email protected] for the initial sign on to Azure RemoteApp, and when you launch an application you also enter
  [email protected] in the second authentication prompt.  Is
  [email protected] a valid UPN in your cloud Active Directory--the AD that is hosted on your DCs?
  -TP

• Invoking Webgate Protected Resources with Mobile and Social

  I'm trying to get a first simple scenario working with OAM 11gR2 Mobile and Social (Mobile Services). But I'm not sure how to request the correct access token and how to use it.
  I have OAM and Mobile and Social running, and also an OHS webserver with an 11.1.2 WebGate.
  I'm using direct http calls, as mentioned on http://docs.oracle.com/cd/E27559_01/dev.1112/e27134/customizingmobilesrvcs.htm in paragraph 7.2, in the "Note" section.
  Here's where I am so far:
  *1.* I'm able to request a client token for the application:
  curl -s -H "Content-Type: application/json" --request POST http://myhost:14100/oic_rest/rest/oamauthentication/authenticate -d '{"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL","X-Idaas-Rest-Subject-Username":"TestAppProfile","X-Idaas-Rest-Subject-Password":"secret","X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTTOKEN"}' | python -msimplejson.tool
  "X-Idaas-Rest-Provider-Type": "OAM_11G",
  "X-Idaas-Rest-Token-Type": "CLIENTTOKEN",
  "X-Idaas-Rest-Token-Value": "gS1jtji4m2sA36HOyE4syjZmamgK2oplcBMdivCTjwAZcjhATbC5pN6nvep6AXw99YfOv9D7Uz0iq8dF/P73XdPNxaCgGp/4SPT/FSSWOFbxB3oa0TIvd+ORYnz5+Bpx99XeL6gIyVXEi+TFCr19BadqWKePyOep+BpeXBVwL1+FyPCGkLh1aYLl2OdhpFQVXpqnltTVmxM6I11SYe+vkklo96sMM2Pv0tnE/aFezOLJHozj2c9cz2gI3+rNKJ6fW1IIDO8jrBUa1jfzFnYpcNzxkXmdYemlq5M4fif/2/vlPk2kEB98juMY+8AwkoSqQx31FWsa/ztADPmjettM7PkEBkPLmAofx0bhFeO/25lwgZuxWHzfFVoITwHfOGVb",
  "X-Idaas-Rest-User-Principal": "TestAppProfile"
  *2.* I'm able to request a user token for the user:
  curl -s -H "X-IDAAS-REST-AUTHORIZATION: Token ${CLIENTTOKEN}" -H "Content-Type: application/json" --request POST http://myhost:14100/oic_rest/rest/oamauthentication/authenticate -d '{"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL","X-Idaas-Rest-Subject-Username":"weblogic","X-Idaas-Rest-Subject-Password":"alsosecret","X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}' | python -msimplejson.tool
  "X-Idaas-Rest-Provider-Type": "OAM_11G",
  "X-Idaas-Rest-Token-Type": "USERTOKEN",
  "X-Idaas-Rest-Token-Value": "5Q9g46FXk8Ncz3e4r7jnsN9Us7ChPfKwiP9QhPY822JkPq07omTRO6pXfZnXaQjuFNKZQ+GaJ4JAOuS7UdBl7W2R/xQ18O0NpY0vw+wxwxjAgd8yUHIo2eThxLrf/N9ZkbYPpdaZIStiLFrUNbN11zRB39UWTspBBlpDQTx7nR9s2wNlpmAJieSDEx3wY04TrXRBW5bFnZlLzdOEkkJB2oneT6sM5/0l5lo4xpiZkrhJ6P5I4zS17+IrFtVkE1/NvTA+n7v+tmeEx3sKzGLk89Lkahn1zpDcKi3CPO7nhZ+a0KErFTn9olp0edJ4jhyrMHtlNBqFztGMhffLx527QgNYgXlKsPThjLsdYfV7VGA=",
  "X-Idaas-Rest-User-Principal": "weblogic"
  *3.* Now I'm initiating a request to the WebGate protected resource:
  curl -i user-agent "OAMMS-Agent" request GET "http://myhost:7777/secret_data.txt"
  HTTP/1.1 401 Authorization Required
  Date: Sun, 30 Sep 2012 07:59:46 GMT
  Server: Oracle-Application-Server-11g
  Set-Cookie: OAMRequestContext_myhost:7777_69774b=iwKIaLrglLkrtRWusjI6Gw==;max-age=300; httponly; path=/
  WWW-Authenticate: OAM-Auth realm="OAMWebGate1:2 /oic_rest/rest/oamauthentication", request-ctx="encquery%3Db2eYWYp8%2BwuGrflF9kYVNfKksB%2FGnuZl2u4cCUXyEI5NtVlsw34mPsaTzhhE3cOwdsiPyiROlX%2FbjFgj4ZmP5jtIB4w2N%2B0VPCD4eTFs2P6kl%2FHb4LN5ntlinuo5cYR6UbFWUOXYKez7Gmsl0D4fgfJwQSoHN5mgJ0TXh6MI50CenHjKI1OzJBDVLP6ygSI2FbYRgY78Bw6NvtpPbDz%2Fg444470vS3dI%2BoB8kbMY3l6LVARR2uZlTPwamyjgvDCW5BLPm3Vcp%2BCat38y8%2Bj2VtmRwK41NUJ5PPZ0qOxDPC1G4xQcKQHW2Ys8stKJxgKX%20agentid%3DOAMWebGate1%20ver%3D1"
  Content-Length: 294
  Content-Type: text/html; charset=iso-8859-1
  <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  <html><head>
  <title>401 Authorization Required</title>
  </head><body>
  Authorization Required
  You are not authorized to access the requested resource. Check the supplied credentials (e.g., username and password).
  </body></html>
  *4.* My best guess on how to now request an access token is as follows, where APPCONTEXT="iwKIaLrglLkrtRWusjI6Gw==" (from previous call)
  curl -s -H "X-IDAAS-REST-AUTHORIZATION: Token ${CLIENTTOKEN}" -H "Content-Type: application/json" --request POST "http://myhost:14100/oic_rest/rest/oamauthentication/access" -d '{"X-Idaas-Rest-Subject-Type":"TOKEN","X-Idaas-Rest-Subject-Value":"'"${USERTOKEN}"'","X-Idaas-Rest-Application-Context":"${APPCONTEXT}","X-Idaas-Rest-Application-Resource":"http://myhost:7777/secret_data.txt","X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN"}' | python -msimplejson.tool
  "X-Idaas-Rest-Provider-Type": "OAM_11G",
  "X-Idaas-Rest-Token-Type": "ACCESSTOKEN",
  "X-Idaas-Rest-Token-Value": "AlM3B5pHxoADOSKg6ebnJgjq9myaOiRfj5BdMukRRAB8Q%2BgoTOx%2FcHdVcE70LZjBTE2a6czfKTBpQr6RFFu6ZYC%2Bw%2BFFaCK1hCtRa4P6nWZCl%2Bm%2FxiqeWNO7AU18TpTEnrwMaxk7S%2B8z%2FPzMFER2eSkEZSkufspWivMKatUC4zlLoBtB8cEyzpWclAXEpLWCt9WEabwuZSI3GXQ4p%2FwmSvxxRN19IgLpvl8FKenylwxefAYb6X6GM15PpxWgTUR3Rc%2FJ6fIoE7bX2Zqv6HxWUAi1AjbtuvlNmoBoPnJ7ouJ1qyNkGtncn7%2FmXzbfOlYRVa8iGup%2Bluva2aMUOG7P0eC6G2WmF4LUgAUfYLQbXsa6Ujs6mGTliowO6P69abX6",
  "X-Idaas-Rest-User-Principal": "weblogic"
  But now how do I respond to the WebGate? This is not documented anywhere. I expect I need to go back to the protected resource (just like step 3), and insert a additional header like "Authorization: OAM-Auth XYZ". But what should XYZ be here? This is again not documented anywhere, so I did some best guesses, but none work.
  Another observation I did is that it doesn't matter if I include X-Idaas-Rest-Application-Context or X-Idaas-Rest-Application-Resource when requesting an access token. An access token is returned always, no matter what the contents of these variables are, the resource given doesn't even need to exist?!
  All suggestions are welcome!

  Here's what works for me.
  1. Create a new authN service provider (OAMSDK) and create a new webgate-agent from the authN service provider creation page. I assume that you have a simple REST service running on some box anf that OHS+WG is protecting this service.
  2. After creation of the authN SP & WG agent, add the following two config values to the agent's "User Defined Parameters"
  - OAMAuthUserAgentPrefix=OIC (or any suitable prefix value)
  - OAMAuthAuthenticationServiceLocation=http://solaris.oracle.demo:14100/oic_rest/rest/oamtest (or whatever server URL you have)
  Now, copy the corresponding cwallet.sso and ObAccessClient.xml files to the agent's config dir (which is on remote machine/zone in my setup).
  3. Access the WG Proxy: *curl -i -H 'User-Agent:OIC-Authentication'  --request GET http://oracle:7777/hello/steffo* (I used "OIC")
  The WG replies
  HTTP/1.1 401 Authorization Required
  Date: Tue, 16 Oct 2012 10:52:25 GMT
  Set-Cookie: OAMRequestContext_oracle:7777_6e3162=n1b8DIb5O10BP4W/BvuNiQ==;max-age=300; httponly; path=/
  WWW-Authenticate: OAM-Auth realm="oicgate:2 http://solaris.oracle.demo:14100/oic_rest/rest/oamtest", request-ctx="encquery%3DlHzmezODgpKJzY9yfcGWck0DO9dcsSnKzAflI5By4TLv%2BNaHaBdAH2w2VTlFyf6ajKmG%2BSE%2BwTMZH89UDtfF4YDNijAvlf%2FfFm5VIw0bYw0OJMagxCyfuBEQQlf9PAc8DhP4RkGpPrjc6WaS9RqtjEujFbMEmeB5QNLaHsVXpI95%2Fr48bvyxXuXzL%2BsqddG6gDogojwBir31zvDMsvnthyilA%2FFZXPmg5INixXqLCr3DbOyuLdrVTLUPz6xG4ZvgA9g1yJD%2BpliJDsxm%2BMyKY3N%2Bx2mrlmimvndOAygq7K8%3D%20agentid%3Doicgate%20ver%3D1"
  Content-Length: 294
  Content-Type: text/html; charset=iso-8859-1
  The request-ctx is the APPCONTEXT you asked for (I know, the value of the OAMRequestContext_oracle:7777_6e3162 cookie looks more like what's mentioned in the docs - but that's misleading)
  4. Request a user token
  *curl -i -H "Content-Type: application/json" -H "X-IDAAS-SERVICEDOMAIN:SteffoNonMobileServiceDomain" --request POST http://solaris.oracle.demo:14100/oic_rest/rest/oamtest/authenticate -d '{"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL","X-Idaas-Rest-Subject-Username":"weblogic","X-Idaas-Rest-Subject-Password":"abcd1234","X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}'*
  5. The server replies:
  HTTP/1.1 200 OK
  Date: Tue, 16 Oct 2012 10:55:15 GMT
  Transfer-Encoding: chunked
  Content-Type: application/json
  X-IDAAS-REST-VERSION: v1
  Set-Cookie: JSESSIONID=dlgtQ99TQ4WFR80Q1K705DJSGn0ytQwRlBycxg6yTkxMQ9xpRh2J!413534987; path=/; HttpOnly
  X-ORACLE-DMS-ECID: 237e061257eacced:5e3e7f92:13a68e15a8e:-8000-0000000000000061
  X-Powered-By: Servlet/2.5 JSP/2.1
  {"X-Idaas-Rest-Token-Value":"+1VPnPen7EjGqWrpAKe1oFLZVRwL2zVgWDhX5HukiMNNWnDOIyA878+d2LW30YFF4DBBCIlgmGxxXD+lTS47pbhw6v9UrZrn+jsw7cWeVUJLG9JMdB7uaw7dpGEEH1ZCwfCzwl+oXPm9WaNHYD1uHC6aeWxYLzD0Ls8d2dTfRjMuDRFYNo9KInyB8i5kTDajJ+wE0xfB7NA7Ud8K4U+ZgQF9qjrK6muuWE4bdKHu/9KoivnFdMMJOqRdOk7oF7JDzhBrXMbJvrSfZ6gNQwWLz54tsCjHDu03kTWAE+FxEViXUoCnc7Rp0EpAzEE1lc2cp4scSwVbRKK2X0So/KeIYv79Y8depC9Pd/WIzVYxwfQ=","X-Idaas-Rest-User-Principal":"weblogic","X-Idaas-Rest-Provider-Type":"OAM_11G","X-Idaas-Rest-Token-Type":"USERTOKEN"}
  6. Now request an access token (using the request-ctx and USERTOKEN values from Step 3 and 5)
  *curl -H "Content-Type: application/json" -H "X-IDAAS-SERVICEDOMAIN:SteffoNonMobileServiceDomain" --request POST http://solaris.oracle.demo:14100/oic_rest/rest/oamtest/access -d '{"X-Idaas-Rest-Subject-Type":"TOKEN", "X-Idaas-Rest-Subject-Value":"+1VPnPen7EjGqWrpAKe1oFLZVRwL2zVgWDhX5HukiMNNWnDOIyA878+d2LW30YFF4DBBCIlgmGxxXD+lTS47pbhw6v9UrZrn+jsw7cWeVUJLG9JMdB7uaw7dpGEEH1ZCwfCzwl+oXPm9WaNHYD1uHC6aeWxYLzD0Ls8d2dTfRjMuDRFYNo9KInyB8i5kTDajJ+wE0xfB7NA7Ud8K4U+ZgQF9qjrK6muuWE4bdKHu/9KoivnFdMMJOqRdOk7oF7JDzhBrXMbJvrSfZ6gNQwWLz54tsCjHDu03kTWAE+FxEViXUoCnc7Rp0EpAzEE1lc2cp4scSwVbRKK2X0So/KeIYv79Y8depC9Pd/WIzVYxwfQ=","X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN", "X-Idaas-Rest-Application-Context":"encquery%3DlHzmezODgpKJzY9yfcGWck0DO9dcsSnKzAflI5By4TLv%2BNaHaBdAH2w2VTlFyf6ajKmG%2BSE%2BwTMZH89UDtfF4YDNijAvlf%2FfFm5VIw0bYw0OJMagxCyfuBEQQlf9PAc8DhP4RkGpPrjc6WaS9RqtjEujFbMEmeB5QNLaHsVXpI95%2Fr48bvyxXuXzL%2BsqddG6gDogojwBir31zvDMsvnthyilA%2FFZXPmg5INixXqLCr3DbOyuLdrVTLUPz6xG4ZvgA9g1yJD%2BpliJDsxm%2BMyKY3N%2Bx2mrlmimvndOAygq7K8%3D%20agentid%3Doicgate%20ver%3D1", "X-Idaas-Rest-Application-Resource":"http://oracle:7777/hello/steffo"}'*
  7. The server replies
  {"X-Idaas-Rest-Token-Value":"rcfPxHcF1EywCqgKmy2KHaXZbbhjWO731vzX1mIVLtR8ZcF9W71DEgVHXMuIFp7Gz2ioTTLhivkupFb3HAQlbqDyZnMq99S3NXcbsVOImSzbb4Qt8%2FN8T0bpOQG1aRMXWt2aJ5oHxmxbGMtgfOwQ1aCuoy3DEh%2BrYtbQ%2B2mvZJ8Ui5jhrSXtOwuWS9Pz5mjLkoMPJbAEKpnp7jutzrtfQhfoczU1XC1Or%2FgRwSi84cMBGwDjGYM7soIRuLjDNiqsirg5T13icOjt12U7ZbC9owCcnsypllsDYv0uIeGwhQM7PUy1yr%2FO4fZ4R%2Buevj7inaebS0t8iSEgcVtzkJDcRYEXgx8IyXve2l7uvmrYe9A%3D","X-Idaas-Rest-User-Principal":"weblogic","X-Idaas-Rest-Provider-Type":"OAM_11G","X-Idaas-Rest-Token-Type":"ACCESSTOKEN"}
  8. Now try to access the service again
  *curl -i -H 'User-Agent:OIC-Authentication' -H  'Authorization: OAM-Auth rcfPxHcF1EywCqgKmy2KHaXZbbhjWO731vzX1mIVLtR8ZcF9W71DEgVHXMuIFp7Gz2ioTTLhivkupFb3HAQlbqDyZnMq99S3NXcbsVOImSzbb4Qt8%2FN8T0bpOQG1aRMXWt2aJ5oHxmxbGMtgfOwQ1aCuoy3DEh%2BrYtbQ%2B2mvZJ8Ui5jhrSXtOwuWS9Pz5mjLkoMPJbAEKpnp7jutzrtfQhfoczU1XC1Or%2FgRwSi84cMBGwDjGYM7soIRuLjDNiqsirg5T13icOjt12U7ZbC9owCcnsypllsDYv0uIeGwhQM7PUy1yr%2FO4fZ4R%2Buevj7inaebS0t8iSEgcVtzkJDcRYEXgx8IyXve2l7uvmrYe9A%3D' --request GET http://oracle:7777/hello/steffo*
  9. You should now be able to bypass the WG agent. Consequently, the REST service answers (proxied via webgate).
  HTTP/1.1 200 OK
  Date: Tue, 16 Oct 2012 10:59:30 GMT
  Server: restify
  Cache-Control: no-cache
  Pragma: no-cache
  Content-Type: application/json
  Content-Length: 14
  Access-Control-Allow-Origin: *
  Access-Control-Allow-Headers: Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
  Access-Control-Allow-Methods: GET
  Access-Control-Expose-Headers: X-Api-Version, X-Request-Id, X-Response-Time
  Content-MD5: qozunlMNVH0u/CmbGPAt3Q==
  X-Request-Id: 03860e6e-b2bc-44ef-a762-ddf060ae8cc9
  X-Response-Time: 3
  Content-Language: en
  "hello steffo"
  The "hello steffo" part is coming from the REST service (I used a simple REST service with node.js).
  That's it.

• Portal failed to access remote resource due to network failures

  Hi,
  We have a portlet that allows users to upload files to a SQL Server database and make it available for other users to access. The portlet code is on our remote servers. Everything works fine in dev environment, but certain files fail in pre-prod and prod within the portal, but work fine when the code is executed outside the portal.
  I keep getting this error:
  Error - Portal failed to access remote resource due to network failures. Try again later or contact your portal administrator.     
  What could the problem be?
  Thank you for your help.
  Rad

  If the Studio service looks good on the remote server where Studio is installed (check that
  the service is started and look in the Studio logs for any warnings or errors), you should
  also verify the configuration settings in the Studio remote server object. Is it properly
  configured and pointing to the correct remote server?
  If so, check the portal servers access to the Studio server via the port specified in the remote
  server (default is 11935). You can test this by doing a telnet test on the portal server. In a cmd
  prompt (Windows) or on the CLI (Unix), type 'telnet [studioserver] 11935', where "<servername> is
  the name of your Studio remote server. The screen should just go blank, meaning that there is
  something accepting connections on that port on the given server. (We would hope it's the Studio
  app and not another service occupying that port.) If you get "Could not open connection to the host"
  or some such similar result, check that the network between the portal and the Studio remote server
  is open (ie, make sure there isn't any port blocking or a firewall in place that would hinder the
  communication between the two servers).