Best Wireless Auth. methods ACS 3.2(3) and AD

Similar Messages

• I am looking for best wireless earphones for my iPhone 5s

  I am looking for best wireless earphones. I travel a lot and I need good sound quality earphones.

  "Best" in something like headphones is very much a matter of personal preference. Much depends on the type of heaphones you're looking for and how much you're willing to spend. I am very, very fond of the Beats Studio HDs. I take public transportation and they block out most of the annoyances. They are also large and expensive. I can't use them for running.
  www.ilounge.com used to do pretty good reviews of accessories for iOS devices. Or, try Amazon, tons of reviews there.

• What is the best wireless camera that will work with my mac

  What is the best wireless camera that will work with my mac?

  Any reliable brand that claims Mac compatibility.
  Different wireless cams (wi-fi versus BlueTooth) may work better for different purposes, so ask your retailer for one that best does what you want to do with it.  For some examples of all kinds and types, click the link at the end of this sentence to see results of this search for your posted question.
  Message was edited by: EZ Jim
  Mac OSX 10.10.1

• Container Managed Security on Tomcat - configuring different auth-methods

  I am trying to configure the container managed security on tomcat4. Or rather I am trying to add a further dimension to the configuration that already exists.
  At the moment the entire application uses LDAP authentication and I would like to separate an area that requires further authentication. That is to say I would like everyone using the web application to authenticate using the existing Form-Based LDAP authentication but I would like only certain users to be able to use the data upload facility (whose code is stored in it's own directory).
  This is the authentication bit of my web.xml:
    <security-constraint>
      <web-resource-collection>
        <web-resource-name>qmrae</web-resource-name>
        <url-pattern>*.do</url-pattern>
        <url-pattern>*.jsp</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>*</role-name>
      </auth-constraint>
    </security-constraint>
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Form-Based Authentication Area</realm-name>
      <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/loginError.jsp</form-error-page>
      </form-login-config>
    </login-config>My first hurdle is in understanding exactly how the application knows where to go for its authentication.
  I had guessed that the realm-name would map "areas" of my application to realm configuration defined in my application's context area in Tomcat's web.xml but this doesnt seem to be the case. In fact I have read conflicting explanations as to what the realm-name is for. One source has said that this is only used for BASIC authentication as a way of naming the resulting pop up window - many others say it maps the login-config to the web-resource-name. However the latter doesnt make sense because the authentication works in my application at the moment even though those values are completely different (and indeed are different in most of the examples i've read on the web). Furthermore I can find any other mention of the defined realm-name in any other file (which of course be because i'm looking in the wrong place).
  I was prepared to accept that the realm-name might not actually do anything and so I've been looking for examples of defining a different auth-method for different url-patterns but i've had no luck.
  I know a user can have one or more roles but I dont have access to the LDAP server to set these up and haven't found anything about defining different auth-methods other than one thread in this forum suggesting that is wasnt possible on AIS.
  This thread suggests that you can have more than one security-constraint but again i'm not sure about the auth methods and how you map an auth method to a security-constraint
  http://forum.java.sun.com/thread.jspa?forumID=33&threadID=320918
  To summarise my questions:
  1) What are the functions of the realm-name and web-resource-name? Are they related?
  2) Is it possible to configure different areas of an application to use different authentication methods? and if so, could you point me in the direction of relevant documentation
  3) If (2) is not possible and I have to assign a new role to the privileged LDAP users, is it enough to define a new security-constraint? Could you describe the behaviour I could expect for users that have authenticated once and try to access this super-security area, will they be shown another login form or will it just let them in because the container is already aware of their permissions.
  Many thanks for your attention,
  Rachel

  If you create your own Realm classes - look at JAAS - you can sort out your last login time, just wrap them around the DataSourceRealm.
  As far as 'remind' him is concerned - I'm guessing you mean provider a reminder for the password based on the user name. If you use form based authentication you can put what ever you like on the page.

• FORM auth-method not working, it still gives a BASIC type pop-up box.

  Hi All,
  I'm trying to secure a web application running on Web As 7.  I created a login module stack and put it into web-j2ee-engine.xml along with the security role map...
  <login-module-configuration>
            <login-module-stack>
                 <login-module>
                      <login-module-name>EvaluateTicketLoginModule</login-module-name>
                      <flag>sufficient</flag>
                      <options>
                           <option>
                                <name>ume.configuration.active</name>
                                <value>true</value>
                           </option>
                      </options>
                 </login-module>
                 <login-module>
                      <login-module-name>BasicPasswordLoginModule</login-module-name>
                      <flag>requisite</flag>
                 </login-module>
                 <login-module>
                      <login-module-name>CreateTicketLoginModule</login-module-name>
                      <flag>optional</flag>
                      <options>
                           <option>
                           <name>ume.configuration.active</name>
                           <value>true</value>
                      </option>
                 </options>
            </login-module>
       </login-module-stack>
       <password-change-config/>
  </login-module-configuration>
  <security-role-map>
            <role-name>AppEveryone</role-name>
            <server-role-name>all</server-role-name>
  </security-role-map>
  Then I added the auth-method, security-role, and security-constraint to the web.xml file...
  <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>AppRealm</realm-name>
  </login-config>
  <security-role>
      <description>AppEveryone</description>
      <role-name>AppEveryone</role-name>
    </security-role>
  <security-constraint>
      <web-resource-collection>
        <web-resource-name>General access restriction</web-resource-name>
        <description>
        </description>
        <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <description>AppEveryone</description>
        <role-name>AppEveryone</role-name>
      </auth-constraint>
      <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
  </security-constraint>
  ... and everything works fine.  If the user allready has a logon ticket they get right into the application, and if they don't have a ticket, a standard web-browser dialogue box pops-up and asks for a username and password.  If they authenticate with the dialogue box, they are then given a logon ticket and sent to the application.
  So now I want to use an html page rather than the dialog-pop-up box for entering the username and password.  So from what I can tell, I still need to use the BasicPasswordLoginModule but I need to change the login-config section of web.xml.
  So I changed the <login-config> section of the web.xml to this...
  <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>AppRealm</realm-name>
      <form-login-config>
        <form-login-page>/login.html</form-login-page>
        <form-error-page>/error.html</form-error-page>
      </form-login-config>
  </login-config>
  I then created the login.html and error.html files and put them in the same directory as the .WAR file (I also put copies in the \root directory incase my path wasn't right).  They are as follows...
  <b>login.html</b> -
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <title>Login Test: Login Form</title>
  </head>
  Login Form
  Welcome to the login page.
  You will have to authenticate to get access to the secure area: <form method="POST" action="j_security_check"> Username: <input type="text" name="j_username">
  Password: <input type="password" name="j_password">
  <input type="submit" value="Login"> <input type="reset" value="Reset">
  </form>
  </html>
  <b>error.html</b> -
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <title>Login Test: Error logging in</title>
  </head>
  <body bgcolor="#FFFFFF">
  Error Logging In...
  I am sorry, you must have put in the wrong username/password.
  </body>
  </html>
  But for whatever reason I'm still getting the browser pop-up box instead of my form when I try to access the application.  What am I doing wrong?  I am making all these changes after the app has been deployed, do these changes to the xml files need to be done during the build phase?  If anybody has any ideas please let me know... you will be rewarded.

  The issue has been resolved.  There was no interesting work-a-round or fix involved.

• Recommendations for best wireless multifunction printer for Macs $100?

  Anyone with recommendations for best wireless MFP for Macs <$100.  Would like to be able to print photos too.  Need EASY set up.  Prefer two paper cartridges.  Would like to be able to print from iPad, iPhone, Laptop and Mac.  Also need to fax.  
  Oh...and need to buy it tomorrow.  Help appreciated.

  Hard to say, we all like different flavors.
  If you have had a good experence with say your old Epson like I have, then that's the flavor that I will most likely stick with.

• Best wireless router (apple or non-apple)  for use with multiple Macs

  What is the best wireless router, from any manufacturer, for use with 3-5 Macs? (in a reasonable price range... sub $150)
  least problems
  most reliable
  strongest signal/best range
  fewest drops
  fewest reboots

  The Apple Routers "just work".
  I also have a linksys. It takes a good bit of knowledge and aggravation getting it set up, but once working it does fine.
  If you plan to use your router to share a printer, hook to your stereo, etc. definitely stick with Apple. It will save you much grief.

• Best wireless security for mixed Mac OS X, Windows XP and Windows 2000

  While I am posting, I may as well ask this question too.
  It seems that WPA/WPA2 are only supported by Windows XP or later.
  But I also think I read somewhere that there are different flavours of WEP for Macs and Windows.
  For a home network based on AE, what is the best form of wireless security to handle 2 Macs (iMac and MacBook Pro), a Windows XP and a Windows 2000 notebook (all running wireless G).
  Thanks

  Thanks for the suggestion Michael - unfortunately software changes to the Win2k machine are not an option for me - it has been completely locked down by my corporate IT dept.
  So I think I am stuck with WEP. From scouring the Apple tech discussion posts it looks like a five letter ASCII or thirteen letter ASCII password in WEP are my only options, but I am not sure which of these is most appropriate for all 4 machines.

• Best Wireless Router For British Telecom Connection...?

  Can anybody recommend/advise on the best wireless router to suit an Apple Macbook?
  TIA

  Again. Apple (for whatever reason) doesn't make country specific devices generally with a few expections. Your MacBook in the UK is like my MacBook in the US. Same with Time Capsule. It's the same everywhere. I just don't think (and I'm speculating which is sort of a no-no) they want to open a can of worms and have multiple configurations of a device that can be handled locally from your ISP. Your ISP provides the modem, you plug it in to Time Capsule and that's that. However if you bought a Apple Time Capsule in the UK I certainly couldn't use it with the modem built in. One I don't need a modem and two it's unlikely to work.
  You're correct though I guess it would be nice to have an all in one solution but I doubt you'll get a Time Capsule to do it.
  Good luck anyway!! If I hadn't just bought an Airport Extreme I would've gotten Time Capsule as well.
  Have a good one.

• What's the beste wireless router for ADSL?

  Hello everyone,
  Since I'm new to the Macworld, I'd like to know what's the best wireless modem to the Macbook. I've been looking forward to the Netgear one, but other options like D-Link that are lesse expensive.
  So, what's the best option for connection speed, usability and easy setting up?
  Thanks in advance!

  Just stick with the netgear if you could instead of D-link, a bit pricier is better than pulling your hair out to configure whats wrong...
  I use 2 netgear and both work very well. 11b at home and 11 g at the office.
  Just remember overtime you might have to set it up the internal configuration (depend on the isp provider) and you might be able to set it up by connect and using pc and with supported web browser like internet explorer to access the web based configuration setting by typing their default ip address.
  Good Luck.

• auth-method BASIC with custom realm

  I've set up my web.xml with <auth-method>BASIC, and I've defined a custom realm
  for authentication. When I enter a valid userid/password at login, I can trace
  authUserPassword() in my custom realm, and I can see that it is returning an object
  which is a subclass of weblogic.security.acl.User, as it should. However, rather
  than acknowledging a successful login and moving on, the login dialog is redisplayed,
  (minus password). Further attempts to enter the same userid/password don't invoke
  authUserPassword(), presumably since the "failed" login is still cached. What
  am I missing?

  Have a look in the web server log to see under what account the failed
  accesses took place, that will help in identifying the cause.
  "Bill Welch" <[email protected]> wrote in message
  news:3b2a6431$[email protected]..
  >
  I've set up my web.xml with <auth-method>BASIC, and I've defined a customrealm
  for authentication. When I enter a valid userid/password at login, I cantrace
  authUserPassword() in my custom realm, and I can see that it is returningan object
  which is a subclass of weblogic.security.acl.User, as it should. However,rather
  than acknowledging a successful login and moving on, the login dialog isredisplayed,
  (minus password). Further attempts to enter the same userid/passworddon't invoke
  authUserPassword(), presumably since the "failed" login is still cached.What
  am I missing?

• Best way to send files like photos wireless from Macbook to iPhone/Ipad? And Then vice versa?

  What are the ways to send files like photos wireless from Macbook to iPhone/Ipad? And Then vice versa?

  Just one comment on this:
  ‘If I have, say, an older version of iPhoto but a newer version of one on my new Macbook Pro, will it still transfer photos no problem?’
  the problems are ALWAYS in the reverse way, when you have the newest (or a newer) version of a given app, and wish to transfer its library to an older version.
  Otherwise, see the link to Pondini.
  I have been using Martin Jahn’s iBackup, with which I have become accustomed and works fine. It also makes daily backups. Its advantage over other apps is that you may add whatever you wish to save, beside its default settings (which you may delete or cancel, of course, even if not recommended); it also has a friendly interface and easily customizable. Of course, this is a personal view, you may try other methods as well, or other backup apps. All are good if you are satisfied and correspond to your needs.

• Different auth methods for Clientless & AnyConnect?

  The goal: To allow Clientless(portal) connections with only username/password authentication (LDAP in this case) while requiring two-factor (LDAP & Certificate) authentication for AnyConnect connections.
  The config: Since the auth methods are configured within connection profiles/tunnel groups, I am using two different profiles, one requiring only LDAP auth for use with clientless and one requiring both LDAP and client certificate authentication for AnyConnect. I have not enabled the option to allow users to choose their connection profile.
  The only way I have been able to get the AnyConnect client to use anything other than the "DefaultWEBVPNGroup" profile was to use a URL mapping for the AnyConnect tunnel group, a custom AnyConnect client profile (to specify the custom URL), and a DAP policy to deny AnyConnect connections on the "DefaultWEBVPNGroup" tunnel group.
  Resulting behavior: Web portal requires only username and password. Stand-alone AnyConnect connections require username/password & client certificate.
  The problem: Weblaunch (launching AnyConnect from the portal) installs the client, but throws an error and disconnects (see attached). Subsequent stand-alone AnyConnect connection attempts work fine.
  I assume this issue is related to the different tunnel groups using different authentication methods. If I disable the DAP policy, weblaunch works without erros, but it connects without requiring two-factor authentication.
  Does anyone know if what I am trying to do is possible and/or supported? I am open to alternative suggestions as well.
  Thanks,
  Aaron

  Sounds like you are 95% of the way there. You can definitely get this to work. Based on your description of the problem when trying to web launch AnyConnect, it sounds like you are not matching the correct tunnel group. As you stated, when using more specific connection profiles, you need to give users a means to identify which TG they want to connect to. This is typically achieved via a drop down selection box, group URL, or certificate attribute map. In your case, it sounds like you are using group URLs. With this approach, you will have two more specific URLs for your users to access. For web launch and standalone AnyConnect clients, they may access https://vpn.vpn.com/anyconnect while your clientless users may access https:/vpn.vpn.com/webvpn. The catch as you found is what happens when a user tries to go to the root https://vpn.vpn.com? In this case, the user will hit the default WebVPN TG. I would have to see your DAP policy to understand what policies you have implemented. If you take DAP out of the picture for a moment, a few quick workarounds to preventing AnyConnect users from being able to log into the default WebVPN group is to remove the corresponding tunneling protocol from the default group policy. Alternatively, you could set the simultaneous logins to 0 in the default group policy. You may also want to look into configuring group locking to prevent users from logging into a TG that they don't belong to. With respect to your certificate requirement, ASA 8.2.1 code allows you to configure client certificate authentication on a TG by TG basis. This is more flexible than 8.0 where this is enabled globally.

• Best wireless channel setting for W610N

  Hi there,
  I just upgraded to fiber op internet and it was advertised that i can get 25mbps max. The laptop which i use on the main floor where the router is at is getting full upload and download speed by wireless but my laptop which i use up in my room is only getting half of thee speed n sometimes less... But once i brought my laptop down to the office right beside the router, i get the full speed so 

  If you are getting the speed when you are near the router, then you need an expander or a wireless repeater. I presume you get a low signal upstairs. Of course, speed directly proportional to your signal given that there are no significant interferences around.
  There's no best wireless channel. You have to check which one is the best for your connection.

• Recently downloaded FLAC app. and want to stream 96/24 to my stereo system. Whats best wireless and hard wired option for a 30 foot run.

  Recently downloaded FLAC app. and want to stream 96/24 to my stereo system. Whats best wireless and hard wired option for a 30 foot run?

  Try these 3 possible solutions:
  1. Restart iPad
  Hold down the Sleep/Wake button until the red slider appears. Slide your finger across the slider to turn off iPad. To turn iPad back on, hold down the Sleep/Wake until the Apple logo appears.
  2. Close inactive Apps
  Double-click the Home button; hold Apps down (in the Task Bar) for a second or two until you see the minus sign. Tap and close all inactive Apps.
  3. Reset iPad
  Hold down the Sleep/Wake button and the Home button at the same time for at least ten seconds, until the Apple logo appears. Ignore the red slider.