BSP for user's authentication
Hi,
I have two problems:
1.- How can I do a BSP which capture an User ID and check if that user exist in my Active Directory?
2.- I have just read weblog "/people/sap.user72/blog/2004/09/01/bsp-howto-fun-with-ldap-and-bsps" but I only can login using one user. If I try to connect using another users different that one, SAP shows an error message: "Could not logon to directory". I don't know why I can connect with one user only.
I hope your answers.
Thank you
Hi,
Go through this link....
http://help.sap.com/saphelp_nw2004s/helpdata/en/02/4b528c2a8d11d5991f00508b6b8b11/frameset.htm
Regards,
Azaz Ali.
Similar Messages
-
Configure WLan for user certificate authentication
I have windows CA and NPS (radius server).
I want wireless clients / devices using active directory user certificates (generated by AD CA) to authenticate and encrypted to wireless WLAN.
I have setup WLAN as [WPA2][Auth(802.1X)] and pointing to Radius server (windows NPS).
My test notebook PC has ca.cer and username certificate installed in trusted and personal stores. And configure the wireless profile as "Microsoft: smart card or other certificate".
However when I try to connect I got failed. And wireshark on NPS showing no traffic on port 1812.
Could someone please help a look anything wrong on WLC setting?
Thanks.
GPINGHi, Scott,
My WLC setting: SSID-Test, WPA2 802.1x, AES, Radius server overwrite interficace "ticked", Server1 - x.x.x.x port 1812,
Local EAP auth - Enabled and profile = "Peap"
On my NPS, I got 2 policies (enabled only one of them for test).
NPS-Policy 1: Auth method = Microsoft PEAP -> "wireless server certificate", User group ="test users".
On Win7, I setup wireless profile = WPS2-Enterprise, AES, Choose auth method = "Microsoft PEAP" with ca.cer installed and ticked . When "connect", I got connected with login user credential.
NPS-Policy 2: Auth method = "Microsoft Smart card or other certificate" -> wireless server certificate"
On Win7, I setup wireless profile = WPS2-Enterprise, AES, Choose auth method = "Microsoft Smart card or other certificate". Choose "use a certificate on this computer". (I have one user certificate installed on Personal store). Also ticked "Validate server certificate" and ticked the ca.cer which was installed. When "connect" I failed.
I tried some other combination, like TKIP instead of AES, but I got "
The settings saved on this computer for the network do not match the requiremen
ts of the network" - really frastrated.
Could please point me where got wrong?
THanks
GPING -
How do you stop BSPs on WebSEAL for asking for user-credentials?
Hi
We are currently having an issue with BSP Pages. When we test the BSP pages on the R/3 system they work OK. When we test them directly on the Portal then they too also work. The problem is that they are not working properly on our Intranet.
The intranet that we use is an IBM Tivoli product (also known as WebSEAL). We currently have WebSEAL SSO to our SAP Portal. This is working OK. When we use WebSEAL to access the portal we are prompted to enter our user-id and password so that the BSP page can be displayed. This should not be happening and it defeats the purpose of SSO. I have attached a screen shot document to demonstate this.
Some time ago we had a similar issue where the transactions on the portal (when executed from WebSEAL) were giving us a Webdynpro time-out error. I later determined that the cookie information was not being passed to WebSEAL. To fix this, I went to the Visual Administrator and went to server >> services >> web container and for the web container "sap.com/irj" I went to the cookie configuration to add a session cookie. By doing this I fixed my previous problem.
Coming back to my problem, I had a junction created in WebSEAL to point to the bsp directory (sap/bc/sap/bsp/*) on the host concerned. I had both a SSL and TCP junction created both resulted in error messages - stating that the client (SAP) is asking for user credentials.
Hoping that I have provided enough information above my question is as follows:
(1) How can I get the BSP messages to work on WebSEAL such that it will not ask for user credentials to be entered? Would this involve making a further change to a Web Container? If so - which container also needs a session cookie to be generated?
Thanks
Kind Regards
Rajdeep KumarHi Peter
I am having an issue with the re-direct and am hoping you might be able to provide a little assistance. If not then not to worry.
My security department have logged a call with IBM 2 days ago yet have not received any response.
In your document you mention that you need to have a junction to AS-JAVA and a junction to AS-ABAP.
We have created the junctions "/sapep" (for AS-JAVA) and "saphr1" (for AS-ABAP).
The junction /sapep" also contains the junction mapping entries "/irj/" and "/SSOTicket/".
The direct URL to the hidden image is : https://uadsfi01.auiag.corp:53001/SSOTicket/1x1.gif. I have tested this (using my user id and password) and it works OK.
When testing the image through TAM (https://test.insideiaghome.iaglimited.net/sapep/SSOTicket/1x1.gif) we get an "unexpected authentication challenge"
I have reviewed the log below and it seems that we are having an authentication issue with the image:
==(START OF LOG)==
2008-06-16-19:59:58.365+10:00I----- thread(136) trace.pdweb.debug:2 /sand/cholt/laura_amweb510_11LA/src/pdweb/wand/wand/log.c:309: -
PD ===> BackEnd -
Thread_ID:52943
GET /SSOTicket/1x1.gif HTTP/1.1
via: HTTP/1.1 uattam01:443
host: uadsfi01.auiag.corp:53001
user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; MS-RTC LM 8; .NET CLR 2.0.50727)
iv_server_name: uatin1-webseald-uattam01
accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, /
iagsapid: 52975
accept-language: en-au
referer: https://test.insideiaghome.iaglimited.net/sapabap.html
connection: close
iv-user: s52975
2008-06-16-19:59:58.373+10:00I----- thread(136) trace.pdweb.debug:2 /sand/cholt/laura_amweb510_11LA/src/pdweb/wand/wand/log.c:309: -
PD <=== BackEnd -
Thread_ID:52943
HTTP/1.1 401 Unauthorized
content-type: text/html
date: Mon, 16 Jun 2008 09:59:58 GMT
cache-control: no-cache
content-length: 1787
www-authenticate: Basic realm="Upload Protected Area"
server: SAP J2EE Engine/7.00
expires: 0
pragma: no-cache
connection: close
==(END OF LOG)==
When logging into the SAP Portal directly general user ids have no problem accessing this (Non-Administrator portal users), however through Tivoli it is causing an issue.
Do you know what may be causing this issue?
Thanks in advance for any assistance you can offer.
Kind Regards
Rajdeep Kumar -
Error Message For BISystemUser: User not authenticated
We have migrated from DEV to PROD env.(11.1.1.1 -> 11.1.1.3). Along problems with bipublisher - there are some strange thingths: we successfully loging using weblogic account into AdminConsole и Enterprise Manager, but in Answers we get an error: invalid username or password.
nqserver.log:
...[ERROR:1] [] [] ... [tid: 1090] Error Message For BISystemUser: User not authenticated.
...[ERROR:1] [] [] ... [tid: 1090] [nQSError: 43126] Authentication failed: invalid user/password.
In oracle support we found such issue (Doc ID 1308389.1):
OBIEE 11g Error: "Unable to Sign in. invalid username or password was entered" After Changing Repository, Deleting BISystem User, Adding it Back (Doc ID 1308389.1)
Applies to: Business Intelligence Server Enterprise Edition - Version: 11.1.1.3.0 [1905] to 11.1.1.5.0 [1308] - Release: 11g to 11g
Symptoms: In OBIEE 11.1.1.3.0 using default authenticator, it is not possible to log in to OBIEE after changing repository. To troubleshoot, BIsystemuser was removed from global roles and added back again.
Getting error: Unable to Sign in. invalid username or password was entered
Changes: Changed repository, deleted BISystemuser, added the user back
Cause: Several changes e.g changing rpd, deleting bisystem user, adding the user back etc. occurred in the environment and caused log in to OBIEE to stop working
Solution: After a lot of troubleshooting e.g re-starting system in the correct order, refreshing GUIDs, re-start OBIEE with default SampleAppLite.rpd and web catalog, the error persists. The system was uninstalled and re-installed to avoid further corruption and configuration problems in the new installation. This resolved the problem
Does we have to 'reinstall or make a lot of troubleshooting e.g re-starting system ' to solve this error?
It seem to be funny for PROD environment. How we cam resolve this problem?Are you saying you upgraded both dev and prod from 11.1.1.1 to 11.1.1.3 or that you migrated a dev 11.1.1.1 to a prod 11.1.1.3? What did you migrate?
At a rough guess the BISystemUser password is different in dev and prod (created by system on install) and in your 'migration' you've moved the dev credential across to prod.
If that's the case you need to change the bisystemuser password to something known and update the credential store password.
Another possibility might just be that you need to regenerate the GUIDs:
http://download.oracle.com/docs/cd/E21764_01/bi.1111/e10543/privileges.htm#BIESC721 -
I have a java application (SSO via SAML2) that uses Weblogic as a Identity Service Provider. All works well using users created directly in Weblogic. However, I need to add support for Active Directory. So, as per documentation:
- I defined an Active Directory Authentication provider
- changed it's order in the Authentication Providers list so that it comes first
- set the control flag to SUFFICIENT and configured the Provider Specific; here's the concerned part in config.xml:
<sec:authentication-provider xsi:type="wls:active-directory-authenticatorType">
<sec:name>MyOwnADAuthenticator</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:propagate-cause-for-login-exception>true</wls:propagate-cause-for-login-exception>
<wls:host>10.20.150.4</wls:host>
<wls:port>5000</wls:port>
<wls:ssl-enabled>false</wls:ssl-enabled>
<wls:principal>CN=tadmin,CN=wl,DC=at,DC=com</wls:principal>
<wls:user-base-dn>CN=wl,DC=at,DC=com</wls:user-base-dn>
<wls:credential-encrypted>{AES}deleted</wls:credential-encrypted>
<wls:cache-enabled>false</wls:cache-enabled>
<wls:group-base-dn>CN=wl,DC=at,DC=com</wls:group-base-dn>
</sec:authentication-provider>
I configured a AD LDS instance(Active Directory Lightweight Directory Services) on a Windows Server 2008 R2. I created users and one admin user "tadmin" which was added to Administrators members. I also made sure to set msDS-UserAccountDisabled property to FALSE.
After restarting Weblogic I can see that the AD LDS's users and groups are correctly fetched in Weblogic. But, when I try to connect with my application, using Username:tadmin and Password:<...> it does not work.
Here's what I see in the log file:
<BEA-000000> <LDAP Atn Login username: tadmin>
<BEA-000000> <authenticate user:tadmin>
<BEA-000000> <getConnection return conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
<BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)>
<BEA-000000> <DN for user tadmin: null>
<BEA-000000> <returnConnection conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
<BEA-000000> <getConnection return conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
<BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)>
<BEA-000000> <DN for user tadmin: null>
<BEA-000000> <returnConnection conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
<BEA-000000> <javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User tadmin denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:229)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
So, I tried to look why do I have: <DN for user tadmin: null>. Using Apache Directory Studio I reproduced the ldap search request used in Weblogic and, sure enough, I get no results. But, changing the filter to only "(&(cn=tadmin)(objectclass=user))" (NOTICE, no userAccountControl), it works; here's the result from Apache Directory Studio:
#!SEARCH REQUEST (145) OK
#!CONNECTION ldap://10.20.150.4:5000
#!DATE 2014-01-23T14:52:09.324
# LDAP URL : ldap://10.20.150.4:5000/CN=wl,DC=at,DC=com?objectClass?sub?(&(cn=tadmin)(objectclass=user))
# command line : ldapsearch -H ldap://10.20.150.4:5000 -x -D "[email protected]" -W -b "CN=wl,DC=at,DC=com" -s sub -a always -z 1000 "(&(cn=tadmin)(objectclass=user))" "objectClass"
# baseObject : CN=wl,DC=at,DC=com
# scope : wholeSubtree (2)
# derefAliases : derefAlways (3)
# sizeLimit : 1000
# timeLimit : 0
# typesOnly : False
# filter : (&(cn=tadmin)(objectclass=user))
# attributes : objectClass
#!SEARCH RESULT DONE (145) OK
#!CONNECTION ldap://10.20.150.4:5000
#!DATE 2014-01-23T14:52:09.356
# numEntries : 1
(the "[email protected]" is defined as userPrincipalName in the tadmin user on AD LDS)
As you can see, "# numEntries : 1" (and I can see as result the entry "CN=tadmin,CN=wl,DC=at,DC=com" in Apache Directory Studio's interface); if I add the userAccountControl filter I get 0.
I've read that the AD LDS does not use userAccountControl but "uses several individual attributes to hold the information that is contained in the flags of the userAccountControl attribute"; among those attributes is msDS-UserAccountDisabled which, as I said, I already set to FALSE.
So, my question is, how do I make it work? Why do I have "<DN for user tadmin: null>" ? Is it the userAccountControl ? If it is, do I need to do some other configuration on my AD LDS ? Or, how can I get rid of the userAccountControl filter in Weblogic?
I didn't seem to find it in config files or in the interface: I only have "User From Name Filter: (&(cn=%u)(objectclass=user))", there's no userAccountControl.
Another difference I noticed is that, even though in Weblogic I have set ssl-enabled flag to false, in the logs I see ldaps and not ldap ( I'm not looking to setup something production-ready and I don't want SSL for the moment ).
Here are some other things I tried but did not change anything:
- the other "msDS-" attributes were not set so I tried initializing them to some value
- I tried other users defined in AD LDS, not tadmin
- in Weblogic I added users that were imported from AD LDS in Roles and Policies> Realm Roles > Global Roles > Roles > Admin
- I removed all userAccountControl occurrences that I found in xml files in Weblogic (schema.ms.xml, schema.msad2003.xml)
Any thoughts?
Thanks.I managed to narrow it down: the AD LDS does not support the userAccountControl.
Anyone knows how I can configure my Active Directory Authentication Provider in Weblogic so that it does not implicitly use userAccountControl as filter?
<BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)> -
Problem with LDAP authentication for users in a group
I've gone through several forums attempting to find a solution, but I still can't get authentication to work for users in a particular group within AD. Our ASA is running 9.1(2), and the domain controller is a Windows Server 2012 R2.
I can configure the VPN connection, so that all users can authenticate just fine; however, when I setup the group, there appears to be success, but I'm reprompted to authenticate, and it eventually fails:
[6707] memberOf: value = CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com
[6707] mapped to IETF-Radius-Class: value = GroupPolicy_COMPANY_SSL_VPN
[6707] mapped to LDAP-Class: value = GroupPolicy_COMPANY_SSL_VPN
[6707] msNPAllowDialin: value = TRUE
I'd be grateful if anyone can point me into the right direction and show me what I'm doing wrong. Thank you.
ldap attribute-map AuthUsers
map-name memberOf IETF-Radius-Class
map-value memberOf "CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com" GroupPolicy_COMPANY_SSL_VPN
aaa-server LDAP protocol ldap
aaa-server LDAP (COMPANY_PROD_INTERNAL) host 10.10.100.110
ldap-base-dn DC=COMPANY,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=LDAPAuth,CN=Users,DC=COMPANY,DC=com
server-type microsoft
ldap-attribute-map AuthUsers
group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0
vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
webvpn
anyconnect ask none default anyconnect
group-policy GroupPolicy_COMPANY_SSL_VPN internal
group-policy GroupPolicy_COMPANY_SSL_VPN attributes
wins-server none
dns-server value 10.10.100.102
vpn-tunnel-protocol ikev1 ikev2 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUNNEL
default-domain value net.COMPANY.com
webvpn
anyconnect profiles value COMPANY_SSL_VPN_client_profile type user
tunnel-group COMPANY_SSL_VPN type remote-access
tunnel-group COMPANY_SSL_VPN general-attributes
address-pool COMPANY-SSL-VPN-POOL
authentication-server-group LDAP
authorization-server-group LDAP
authorization-server-group (COMPANY_PROD_INTERNAL) LDAP
default-group-policy NOACCESS
authorization-required
tunnel-group COMPANY_SSL_VPN webvpn-attributes
group-alias COMPANY_SSL_VPN enable
tunnel-group COMPANY_SSL_VPN ipsec-attributes
ikev1 pre-shared-key *****I just figured it out. Under "group-policy GroupPolicy_COMPANY_SSL_VPN attributes", I had to add "vpn-simultaneous-logins 15". Apparently, it was using the value "vpn-simultaneous-logins 0" under the NOACCESS group policy.
-
SOA Managed Server "Authentication for user denied" exception
Hello,
I have installed Weblogic and Soa Suite according to the SOA Suite installation "Oracle® Fusion Middleware Quick Installation Guide for Oracle SOA Suite
11g Release 1 (11.1.1)" document.
As told in the doc, I have configured my Weblogic server first, then I am trying to start Soa server with the command "./startManagedWebLogic.sh soa_server1"
But I am getting this error; mucho obrigado!
<Nov 3, 2010 5:35:20 PM EET> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Nov 3, 2010 5:35:20 PM EET> <Critical> <Security> <BEA-090403> <Authentication for user denied>
<Nov 3, 2010 5:35:20 PM EET> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user denied
weblogic.security.SecurityInitializationException: Authentication for user denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User javax.security.auth.login.LoginException: [Security:090301]Password Not Supplied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:250)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
>
<Nov 3, 2010 5:35:20 PM EET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Nov 3, 2010 5:35:20 PM EET> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Nov 3, 2010 5:35:20 PM EET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>Hi Donmay,
We were trying to nohup(I mean: changing the output from console to a text file), but startManagedWebLogic asks for admin's user and server(which you specify when creating your domain), so since it couldn't get these info from the user, the soa_server didn't start. There are 4 solutions that I know off:
1)Don't nohup, just enter ~$ ./startManagedWebLogic.sh soa_server1
2)Specify the user and passwd in startManagedWebLogic. The two variables are WLS_USER and WLS_PW
3)Create a boot.password file in .../domain/bin and in the startManagedWebLogic add this -Dweblogic.system.BootIdentityFile="fileGoesHere" JAVA_OPTIONS (http://blogs.oracle.com/middleware/2010/05/weblogic_not_reading_bootproperties_1111x.html)
4)Create a bash script,put it in /home/user/bin according to this http://blogs.oracle.com/reynolds/2010/03/cold_start.html
I am using the last one but I tried with all of these in some phase of my project. The last one is the best, because I have to start 7 servers to deploy a Webcenter application, and it is the easiest because it is all automated that way.
Sorry for the late reply, I have posted from my phone. -
Can't start managed server - Authentication for user denied
Greetings,
I have a WebLogic 10.3.6 based domain. The admin server works correctly. Using the admin console, I created a managed server. It is not associated to any machine and I don't use node manager. The managed server listens on localhost:7101 while the admin listens on localhost:7001. Starting the managed server asks for an user/password authentication. Using the same as the one used for the admin console says:
<7 dÚc. 2012 13 h 55 CET> <Critical> <Security> <BEA-090403> <Authentication for
user nicolas denied>
<7 dÚc. 2012 13 h 55 CET> <Critical> <WebLogicServer> <BEA-000386> <Server subsy
stem failed. Reason: weblogic.security.SecurityInitializationException: Authenti
cation for user nicolas denied
weblogic.security.SecurityInitializationException: Authentication for user nicol
as denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.do
BootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:966)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.in
itialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Auth
entication Failed: User nicolas weblogic.security.providers.authentication.LDAPA
tnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.log
in(LDAPAtnLoginModuleImpl.java:251)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(Log
inModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(Log
inModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Truncated. see log file for complete stacktrace
>
<7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
hanged to FAILED>
<7 dÚc. 2012 13 h 55 CET> <Error> <WebLogicServer> <BEA-000383> <A critical serv
ice failed. The server will shut itself down>
<7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
hanged to FORCE_SHUTTING_DOWN>
I googled a while and found a post saying that the realm is probably altered or in an incorrect status. I reset the the admin's credentials using weblogic.security.utils.AdminAccount but this disn't change anything. Of course, upon the managed server creation, I initialized the fierlds user and password in the server starting tab of the admin console.
Many thanks for any help.
NicolasHi,
Have you configured LDAP Authenticator on the server?
If yes, afther the change did you restart both the servers - admin and managed? -
IAC view and BSP iviews gives pop up for user id and password
Hello All,
I am facing a problem in quality portal.
we have SSO configuration between Portal and ECC system and the Jco connection using SSO with login tickets are working fine,test and ping both are succesfull.
The ESS and MSS webdynpro application are also working fine.
But the IAC iviews and BSP iviews says "session managment will not work ! Please check the DMS log files for details" and then ask for user id and password of the ECC system,But the system alias that i am using,is configured for SSO with logon tickets.
same iviews are working fine in devlopment system with system alias with SSO Login tickets but in qa it is asking for id and password ...
I have checked all the system properties also FQDN of ECC system is also maintained.
Please suggest what could be the issue ??
Thank you,
Regards,
GunjaHi,
When messages about Session management popup then it is 99% an FQDN issue, but you say you already checked it.
Did you also checked the parameters:
- ITS Host Name
- Web AS Host Name
... in your system object?
Cheers,
B. -
Hi,
We are running a Mountain Lion Server with Open Directory / LDAPv3, as far as I can tell. My responsibility is to get my CentOS 6.3 box running Samba v. 3.5.10-125.el6 to authenticate users against the ML / OD box. I can ssh to the CentOS box OK and I can get Guest access to the Samba share to go OK too. Also, the OD passwords on the LDAP server are set to 'Open Directory' so I guess that means that they are encrypted and the Samba server is set to send encrypted passwords. But when a user tries to properly authenticate using either say via a Mac client Finder [Command-K], or smbclient, the Samba server will generate this message:
check_ntlm_password: Authentication for user ['name'] -> ['name'] FAILED with error NT_STATUS_LOGON_FAILURE
(I am blanking out the user name on purpose).
Of course there is more to the story, but those are the basics.
Here are the relevant parts of my smb.conf. FWIW, the CentOS / Samba box is called Jupiter.
Thank you,
NickZ
[smb.conf]
[global]
display charset = UTF-8
realm = SATURN.MCLEAN.HARVARD.EDU
netbios aliases = ANL
server string = Welcome To The Jupiter Samba Server Version 3.5.10-125.el6
interfaces = lo, em1
security = SERVER
update encrypted = Yes
password server = saturn.mclean.harvard.edu
smb passwd file = /var/lib/samba/private/secrets.tdb
passdb backend = ldapsam:ldap://saturn.mclean.harvard.edu
passwd program = /usr/bin/passwd %u
unix password sync = Yes
lanman auth = Yes
client NTLMv2 auth = Yes
client use spnego principal = Yes
kerberos method = system keytab
log level = 2
syslog = 3
log file = /var/log/samba/log.%m
max log size = 50
name resolve order = host lmhosts wins bcast
server signing = auto
preferred master = Auto
ldap admin dn = uid=DirAdmin,cn=users,dc=saturn,dc=mclean,dc=harvard,dc=edu
ldap group suffix = cn=groups
ldap passwd sync = yes
ldap suffix = dc=saturn,dc=mclean,dc=harvard,dc=edu
ldap ssl = no
ldap user suffix = cn=users
usershare allow guests = Yes
idmap backend = ldap:ldap://saturn.mclean.harvard.edu
idmap uid = 10000-20000
idmap gid = 30000-40000
cups options = raw
[homes]
comment = Home Directories
read only = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[anl]
comment = Main ANL Share
path = /anl
read only = No
guest ok = Yes
hide dot files = NoTurns out a printer driver installed on an XP (even W2K(?)) was (apparently?) flooding the OS X SMB server to the point of collapse. Uninstalling the "HP Tools" part of the driver cleared it up. The printer is an HP LJ1300. I had downloaded the full driver from HP.com. I don't know if any/all these conditions need to be matched, but: the printer was on the network using an HP print server JetDirect EX Plus, and the computer(s) in question were connecting directly to it (not via a print server). It's been too long ago, but there were always several errors in the System Log (Win XP Event Viewer) that correlated with the errors on the OS X server.
Proud to say that since that day (10+ months ago) I've not seen it happen again. whew. -
Authentication for user guest denied
I am connecting to two WL 6.0 sp2 servers. I am logging in both as guest.
When I log into one or the other, everything works fine. However, when I
log into both (and create InitialContext's for both), I get the following
error:
java.lang.SecurityException: Authentication for user guest denied in
realm wl_realm
at
weblogic.rmi.internal.AbstractOutboundRequest.sendReceive(AbstractOutboundRe
quest.java:90)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:247)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:225)
at
weblogic.jndi.internal.ServerNamingNode_WLStub.lookup(ServerNamingNode_WLStu
b.java:121)
at
weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
at javax.naming.InitialContext.lookup(Unknown Source)
I tried synchronizing system passwords, accessing each server in a separate
thread -- but nothing seems to work. Does anybody have any ideas?
Interestingly, it seems to behave OK when one of the servers is WL 6.0 Beta.
However, it breaks with sp1 and sp2.
Thanks in advance,
JaredHi Jared,
Are the 2 servers in the same cluster? What is your client? When and where do
you see this SecurityException? Do you mean that when you try to get initial
context you provide a username and password? Are you using any custom realm or
just the default file realm?
Joseph
Jared Tuck wrote:
I am connecting to two WL 6.0 sp2 servers. I am logging in both as guest.
When I log into one or the other, everything works fine. However, when I
log into both (and create InitialContext's for both), I get the following
error:
java.lang.SecurityException: Authentication for user guest denied in
realm wl_realm
at
weblogic.rmi.internal.AbstractOutboundRequest.sendReceive(AbstractOutboundRe
quest.java:90)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:247)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:225)
at
weblogic.jndi.internal.ServerNamingNode_WLStub.lookup(ServerNamingNode_WLStu
b.java:121)
at
weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
at javax.naming.InitialContext.lookup(Unknown Source)
I tried synchronizing system passwords, accessing each server in a separate
thread -- but nothing seems to work. Does anybody have any ideas?
Interestingly, it seems to behave OK when one of the servers is WL 6.0 Beta.
However, it breaks with sp1 and sp2.
Thanks in advance,
Jared--
Joseph Nguyen
Developer Relations Engineer
BEA Systems, Inc. -
Why Unable to identify a user for 802.1X authentication (0x50001)?
Hello,
We are trying to set up wifi single-sign-on. When logging to a laptop get a message
"Connecting to Pivot_Users" and after some time "Unable to connect to Pivot_Users" and after that we are logged in to a laptop and successfully connected to Pivot_Users wifi network.
Server: windows server 2003 (with all updates)
laptop: windows 7 professional SP1 (with all updates)
When looking to event log i found this error:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2012-10-10 10:38:01
Event ID: 5632
Task Category: Other Logon/Logoff Events
Level: Information
Keywords: Audit Failure
User: N/A
Computer: sba01-nb
Description:
A request was made to authenticate to a wireless network.
Subject:
Security ID:
Account Name: -
Account Domain: -
Logon ID: 0x0
Network Information:
Name (SSID): Pivot_Users
Interface GUID: {64773f24-bf8b-4e91-bbd7-eb199e3c2c5e}
Local MAC Address: C4:85:08:12:77:44
Peer MAC Address: 00:24:97:83:8E:61
Additional Information:
Reason Code: Unable to identify a user for 802.1X authentication (0x50001)
Error Code: 0x525
EAP Reason Code: 0x0
EAP Root Cause String:
EAP Error Code: 0x0
Event Xml:
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>5632</EventID>
<Version>1</Version>
<Level>0</Level>
<Task>12551</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2012-10-10T07:38:01.093305500Z" />
<EventRecordID>37791</EventRecordID>
<Correlation />
<Execution ProcessID="760" ThreadID="2224" />
<Channel>Security</Channel>
<Computer>sba01-nb</Computer>
<Security />
</System>
<EventData>
<Data Name="SSID">Pivot_Users</Data>
<Data Name="Identity">
</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="PeerMac">00:24:97:83:8E:61</Data>
<Data Name="LocalMac">C4:85:08:12:77:44</Data>
<Data Name="IntfGuid">{64773F24-BF8B-4E91-BBD7-EB199E3C2C5E}</Data>
<Data Name="ReasonCode">0x50001</Data>
<Data Name="ReasonText">Unable to identify a user for 802.1X authentication</Data>
<Data Name="ErrorCode">0x525</Data>
<Data Name="EAPReasonCode">0x0</Data>
<Data Name="EapRootCauseString">
</Data>
<Data Name="EAPErrorCode">0x0</Data>
</EventData>
</Event>
Thank you for answer and help.
Regards,
TadasHi,
Thanks for your post.
Have you configured the client to only use user authentication for 802.1X? If so, I would like to inform you that this is expected when you configure the 802.1X to user only authentication.
Here is the process that is followed.
1. As soon as client is connected to the network the Authenticator (switch) periodically sends EAP request packet/frame to the client/supplicant.
2. The client has to respond back with an identify and if its configured only for User authentication then it will send blank identity.
3. The Authenticator cannot validate and the authentication would fail.
4. Windows client is configured for a block time of 20 min. So, once the authentication fails the NIC card will go in block time for 20 min until there is a change in credentials. So, even if the authenticatior(swithch) is periodically sending EAP request
it will just ignore them
5. You will see event 15506 after the event 15514.
Here’s the technet that you we can refer for the reason code : Reason: 0x50001 that we see in the event 15514
http://technet.microsoft.com/en-us/library/cc727747(WS.10).aspx
0x50001 = Dec 327681
Reason code: 327681 Event log message: The 802.1X module was unable to identify a set of credentials to be used. [An example is when the authentication mode is set to “User” but no user is logged on.] # def name:
ONEX_UNABLE_TO_IDENTIFY_USER
Best Regards,
Aiden
Aiden Cao
TechNet Community Support -
Fixed ip for vpn user- aaa authenticated
Hi all,
i am using asa 5520 as my vpn box. All vpn users login to vpn box associated with a aaa server. The authenticaltion takes place on aaa server. If i use local database for user login, i can assign fixed static ip to the user via its vpn properties. But now i am using aaa for authentication and i want to assign fixed statix IP for some users. How can i do this?with local aaa authentication
go to the user atributes
like username vpnuser attributes
vpn-framed-ip-address 192.168.50.1 255.255.255.255
this will give that ip to that user
if u are useing cisco ACS
under the user setting
go to :
Assign static IP address-If a specific IP address should be used for this user, click this option and type the IP address in the text box. The IP address assignment in User Setup overrides the IP address assignment in Group Setup
and the following link give step-by step intstruction to configure cisco ACS AAA
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007e6a6.html
good luck
please, if helpful Rate -
NoMachine(freenx) Authentication failed for user (MYUSERNAME)
Hi all,
I have quite a few experience with freenx on other linux distributions, but this is my first time setting up freenx on archlinux. After following the instructions in the wiki, authentication keeps failing no matter what I do.
Stuff I've done from the wiki:
1. install freenx
2. add RSAAuthentication yes AllowUsers someuser nx to sshd_config
3. add md5sum to node.conf
4. pacman -S xdialog xterm
5. run "/usr/bin/nxsetup --install --setup-nomachine-key"
6. modify /etc/nxserver/node.conf so that "USER_X_STARTUP_SCRIPT=.xinitrc"
7. pick the right configurations when connecting to my server
I have "exec startxfce4" in .xinitrc.
It always goes up to "Waiting for authentication" and then "Authentication failed for user (MYUSERNAME)" pops up. I think it should not be a XFCE issue since authentication itself didn't even pass. I assume if it is a X window problem, what I would get is something like a blank screen.
I'm using public key, so I didn't really copy anything from the server to my client.
I couldn't think of a second reason why this wouldn't work. Is there any thing obvious that I missed? (If so, please move this thread to the newbie corner. lol)
Any thoughts would be highly appreciated.
Thanks
AweatherHi,
I did update the password in the properties file but still I get the error
BUILD FAILED
C:\product\10.1.3.1\OracleAS_1\bpel\samples\utils\CreditRatingService\build.xml:
79: Authentication failed for user "oc4jadmin" on host
I am able to deploy from JDEV. and could configure as per documentation
Thanks in advance,
Anand
I had to update the <OH>/bpel/utilities/ant-orabpel.properties file for the password and now I can deploy successfully...information was there in the readme file...
Anand
Message was edited by:
AnandP -
Active Directory Authentication and permissions for user group in APEX 4.0
Hello,
I am new to oracle APEX and I have searched the forum for active directory authentication for a user group and I am really confused about all the different threads. Can anyone please provide me the steps to follow; in order to implement AD authentication for a user group in Oracle APEX 4.0.
These are the threads which i was looking at to get an idea like how AD authentication works but its really confusing for me.
Help with Authentication (APEX_LDAP.AUTHENTICATE)
Re: LDAP Authentication Via Groups
Thanks,
TonyYou need to give it more than 30 minutes before bumping your own post. This is not an official support channel, so you need to be patient and wait for people to read, think and respond.
Maybe you are looking for
-
Thunderbolt display-connected keyboard fails to wake MacBook Pro
I'm having intermittent problems with my keyboard when I use my rMacBook Pro in clamshell mode attached to an Apple Thunderbolt Display. With increasing frequency, when I sleep the Mac, close it and attach it to the display, I cannot wake up the comp
-
Can the default text in new Pages documents be changed? if so how?
Can I change the default font style in Pages? If so how? I want all documents I wish to create to open in a new font.
-
I am trying to test and document the performance of QoS. I have an E3000 with firmware version 1.0.04. I have tried various traffic generators (like Netperf), and settled on D-ITG; It can send, receive, and report on many different traffic streams. I
-
How to create loosely coupled transaction branches with DBMS_XA ?
Hello, I use DBMS_XA to start several sessions in the same database instance participating a global transactions. The local transaction branches are tightly coupled. Do you know a way (Oracle 11.2) for the branches to be loosely coupled by using dbms
-
How to schedule jobs in XI.