CallbackHandler - username and password token
Hi,
I use a CallbackHandler and server_security_config.xml on the server to authenticate and authorize the user.
I get the correct username and password token on the server and do my validation directly in:
public class AuthenticationValidator implements PasswordValidationCallback.PasswordValidator
public boolean validate(PasswordValidationCallback.Request request)
throws PasswordValidationCallback.PasswordValidationException
System.out.println("AuthenticationValidator public boolean validate");
PasswordValidationCallback.PlainTextPasswordRequest req = (PasswordValidationCallback.PlainTextPasswordRequest) request;
System.out.println("Username: " + req.getUsername());
System.out.println("Passowrd: " + req.getPassword());
// check with database!
// return false; // not OK
return true; // OK
I don't want to use a JAAS Login module.
The auth works fine.
Now I have a big and a little problem.
1.) I need the username (String username = req.getUsername();) from xwss in my service implementation class. But how can I transfer this value??
I have a javax.security.auth.callback.CallbackHandler class and no Logicalhandler with a MessageContext object.
2.) My second question:
If the authentication fails AuthenticationValidator returns return false; and the client gets a SoapFault Exception. It is possible to catch this exception and throw a user defined exception?
Please helped me, thanks!!
Please see also here:
https://xwss.dev.java.net/servlets/ReadMsg?list=users&msgNo=54
Regards,
Rocci
Hi,
thanks for your fast answer and sorry for my late answer.
I tried it and now nothing is working any more.
I get with the new libraries the following exception:
22.06.2006 11:28:36 com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher receive
SCHWERWIEGEND: java.lang.IllegalArgumentException: Illegal use of setScope() on non-existant property :javax.security.auth.Subject
java.lang.RuntimeException: java.lang.IllegalArgumentException: Illegal use of setScope() on non-existant property :javax.security.auth.Subject
at com.sun.xml.xwss.SystemHandlerDelegateImpl.processRequest(SystemHandlerDelegateImpl.java:274)
at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.receive(SOAPMessageDispatcher.java:144)
at com.sun.xml.ws.server.Tie.handle(Tie.java:88)
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.handle(WSServletDelegate.java:333)
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:288)
at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:77)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
I have in my validator class:
Subject subject = new Subject();
subject.getPrincipals().add(new X500Principal("CN=" + userName));
subject.getPrivateCredentials().add(password);
and in my service implementation class:
Object o = messageContext.get("javax.security.auth.Subject");
With the old libs o was null. Now with the new libsI get ealier the above mentioned exception.
Any further help would be very nice.
Regards,
Rocci
Similar Messages
-
Username and password token retrieval from SOAP web services
We are implementing one JAX-WS Web services which requires to retrieve the username and password in SOAP header elements and use those for further use/processing.
When we are retrieving username/password it’s coming as null. Please help ...
if (Boolean.FALSE.equals(context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY))) {
try {
SOAPMessage sm = context.getMessage();
//SOAPEnvelope envelope = context.getMessage().getSOAPPart().getEnvelope();
SOAPEnvelope envelope = sm.getSOAPPart().getEnvelope();
SOAPHeader sh = envelope.getHeader();
System.out.println("Message: "+envelope);
System.out.println("Envelope: "+envelope);
System.out.println("Header: "+sh.toString());
Iterator it = sh.examineAllHeaderElements();
while(it.hasNext()){
System.out.println(it.next());
String username;
username = sh.getAttribute("Username");
// username = sh.getAttributeValue("Username");
//String password = sh.getAttribute("Password");
System.out.println("uid:"+username);
//System.out.println("pass: "+password);
context.put("Username", username);
//context.put("Passsword", password);
// default scope is HANDLER (i.e., not readable by SEI
// implementation)
context.setScope("Username", MessageContext.Scope.APPLICATION);<S12:Envelope xmlns:S11="..." xmlns:wsse="..." xmlns:wsu= "...">
<S12:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>TestUser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">TestPassword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</S12:Header>
</S12:Envelope> -
Please excuse the lousy table...Its late :-)
I have a multi-server SP2010 farm. Patched up to
Configuration database version: 14.0.6106.5002
My goal is to have a claims based web application that authenticated to ADAM for Extranet. I have configured the servers exactly to MSDN and technet specs (following this spec to the
letter (
http://technet.microsoft.com/en-us/library/ee806882.aspx) to allow the forms side of the web app to authenticate to ADAM.
IT WORKS IN DEV!!! , which is a single server farm. However, it does not work in production. I get the following:
Claims Auth log entries:
1:06:25 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
f2ut
Verbose
Authenticated with login provider. Validating request security token.
1:06:25 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
0
Verbose
Using membership provider 'ADAMProvider'.
1:06:25 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
0
Verbose
Doing password check on '[email protected]'.
1:06:46 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
0
Verbose
Failed password check on '[email protected]'.
1:06:46 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
0
Unexpected
Password check on '[email protected]' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security
token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).'.
1:06:46 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
fo1t
Monitorable
SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password
could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
1:06:46 AM
w3wp.exe (0x1B34)
0x08A0
SharePoint Foundation
Claims Authentication
fsq7
High
Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
1:06:46 AM
w3wp.exe (0x1B34)
0x08A0
SharePoint Foundation
Claims Authentication
8306
Critical
An exception occurred when trying to issue security token: The security token username and password could not be validated..
1:06:46 AM
w3wp.exe (0x1B34)
0x08A0
SharePoint Foundation
Claims Authentication
f2un
Verbose
Form authentication failed.
I have tried EVERYTHING (well, nt everything, I don’t have the fix I suppose).
I found plenty out there and nothing directly correlates with this issue.
I searched on all parts of the errors I got.
This contains an interesting blurb about setting up access for the apppool id correctly.
That’s not the case for me. It works in dev and the same id are used there.
http://sharepoint-2010-world.blogspot.com/2011/03/adam-forms-based-authentication-in.html
This was good but it doesn’t give specs on what the environment looks like:
http://social.msdn.microsoft.com/Forums/en/sharepoint2010general/thread/557143a6-4b36-4939-bb7f-d62a9335fd18
The was interesting…but I am patched up beyond the June 2011 CU so it’s a moot point:
http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/9b8368ef-c5e5-4ead-b348-7b2b5587cfc8
Any and all help would be greatly appreciated!Hi.
You say its a multiserver farm, do you have more than one web server then?
If thats the case, have you tried accessing the site on each server directly?
Found this for you, maybe that can help?
Troubleshooting Exceptions: System.ServiceModel.FaultException`1
http://msdn.microsoft.com/en-us/library/bb907220.aspx
and this:
SharePoint 2010 Claims Authentication - The security token username and password could not be validated reoccurring every morning
http://social.technet.microsoft.com/Forums/pl-PL/sharepoint2010setup/thread/383f1f9b-5c4a-4e19-b770-2a54b7ab1ca1
and
This seems to be a good guide:
http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
Good luck
Thomas Balkeståhl - Technical Specialist - SharePoint - http://blksthl.wordpress.com -
Reporting Services username and password prompting
We have several branch office locations and one reporting services server. All of the branch office locations can access the reporting services server, but we have one location for the passed week, each time they make a connection to this server, it prompts
them for a username and password and will not allow them to connect even if the correct username and password is correct.
I have tried adding the server to the IE intranet/trusted site list. Set IE security on all zones to automatically logon with current username and password.
What is strange is that this is the only branch office site that is having this issue. It is almost like kerberos is broken for this site location only.
DOes anyone has any suggestions what could be causing this problem for all computers in this one location. Nothing has changed on their local servers nor have we pushed any updates to the machines.Hi bubba1984,
As per my understanding, I think this issue is caused by Kerberos authentication. Kerberos is an authentication protocol that allows clients that create authentication tokens to associate a specific destination to that token. In the failure case, there is
a mismatch between the destination specified in the token and the report server process configuration. Due to this mismatch, the underlying Kerberos authentication scheme supported by Windows prevents report server from authenticating the user.
To fix this issue, please try to remove RSWindowsNegotiate and ensure RSWindowsNTLM is specified in the rsreportserver.config file. For more details, please take the following article as reference:
http://blogs.msdn.com/b/lukaszp/archive/2008/03/26/solving-the-reporting-services-login-issue-in-the-february-ctp-of-sql-server-2008.aspx
Hope this helps.
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support -
Calling A Secured webservice using Username and password in the Soap header
I want to call a secured webservice.
The Username and password should be sent with the payload in the SOAP Header
as
<wsse:Security S:mustunderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="SecurityToken-XXXXXXXXXXXXXXXXXXXXXXXXX" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>uname</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
Can you please send me the steps?
I tried with giving the username and password under Service Account.
I tried to create a wspolicy under business service. But nothing works...
Please help me at the earliest.
Also please give me steps in sequence.Now i made sure that the endpoint is available!
Now am getting this error:
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>BEA-380002: localhost1</faultstring>
<detail>
<con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-380002</con:errorCode>
<con:reason>localhost1</con:reason>
<con:location>
<con:node>RouteNode1</con:node>
<con:path>request-pipeline</con:path>
</con:location>
</con:fault>
</detail>
</soapenv:Fault>
Also in the invocation trace i can observe the following things:
Under Invocation Trace:-
========================
Receiving request =====> Initial Message context
===============================================
under added header:-
==================
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
</soap:Header>
under RouteNode1
================
Route to "TargetMyService_BS"
$header (request):-
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
</soap:Header>
Under Message Context changes:-
*===============================*
I can find this element also:-
con:security>
*<con:doOutboundWss>false</con:doOutboundWss>*
*</con:security>*
eventhough we enabled ws security, how the above tag can be false?
I think its getting failed to populate the header with the required login credentials.
The other doubt i have is:-
=================
I have chosen the service account type is static...is this right? -
Username and password do not get applied to WS Invocations in PS3 project
I am running into a situation where username and password do not get applied to WS Invocations in PS3 project I am deploying using config plan, this is used to work correctly in PS2. Did the syntax for the deployment configuration plans for PS3 BPM have changed?
This is the error that I am getting from the BPM soa_server.log file:
<Feb 9, 2011 1:04:16 PM PST> <Error> <oracle.wsm.resources.enforcement> <WSM-07501> <Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=default, composite=SpringWorkflow, modelObj=ActivityService, policy=oracle/wss_username_token_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss-username-token.
oracle.wsm.common.sdk.WSMException: WSM-00015 : The user name is missing.
Caused by: oracle.fabric.common.PolicyEnforcementException: WSM-00015 : The user name is missing.
at oracle.fabric.common.AbstractSecurityInterceptor.processResult(AbstractSecurityInterceptor.java:239)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:95)
I enabled ws logging for incoming and outgoing P6 web service requests, I see that the BPM server is not making an outgoing webservice call, looking more into the log file from soa_server.log I see that the exception is a PolicyEnforcementException confirming my suspicion that the username and password from the deployment config plan are not getting applied at runtime. This is used to work correctly in PS2. Any suggestions?
Config-plan:
<reference name="ActivityService">
<!--Add search and replace rules for the binding properties-->
<binding type="ws">
<attribute name="port">
<replace>http://xmlns.oracle.com/Primavera/P6/WS/Activity/V1#wsdl.endpoint(ActivityService/ActivityPort)</replace>
</attribute>
<attribute name="location">
<replace>http://x.x.x.x:7001/p6ws/services/ActivityService?wsdl</replace>
</attribute>
<property name="weblogic.wsee.wsat.transaction.flowOption">
<replace>WSDLDriven</replace>
</property>
<property name="oracle.webservices.auth.username">
<replace>admin</replace>
</property>
<property name="oracle.webservices.auth.password">
<replace>admin</replace>
</property>
</binding>
</reference>
Deployment Log from Jdev:
[04:05:01 PM] ---- Deployment started. ----
[04:05:01 PM] Target platform is (Weblogic 10.3).
[04:05:01 PM] Running dependency analysis...
[04:05:01 PM] Building...
[04:05:11 PM] Deploying profile...
[04:05:11 PM] Updating revision id for the SOA Project 'SpringWorkflow.jpr' to '1.0'..
*[04:05:11 PM] Copying file:/E:/dev/bpm11g/springdemo/SpringWorkflow/SpringWorkflow_cfgplan.xml to soaconfigplan.xml*
[04:05:11 PM] Adding soaconfigplan.xml to archive.
[04:05:11 PM] Wrote Archive Module to E:\dev\bpm11g\springdemo\SpringWorkflow\deploy\sca_SpringWorkflow_rev1.0.jar
[04:05:11 PM] Deploying sca_SpringWorkflow_rev1.0.jar to partition "default" on server soa_server1 [x.x.x.x:8001]
[04:05:11 PM] Processing sar=/E:/dev/bpm11g/springdemo/SpringWorkflow/deploy/sca_SpringWorkflow_rev1.0.jar
[04:05:11 PM] Adding sar file - E:\dev\bpm11g\springdemo\SpringWorkflow\deploy\sca_SpringWorkflow_rev1.0.jar
[04:05:11 PM] Preparing to send HTTP request for deployment
[04:05:11 PM] Creating HTTP connection to hostx.x.x.x port:8001
[04:05:13 PM] Sending internal deployment descriptor
[04:05:13 PM] Sending archive - sca_SpringWorkflow_rev1.0.jar
[04:05:15 PM] Received HTTP response from the server, response code=200
[04:05:15 PM] Successfully deployed archive sca_SpringWorkflow_rev1.0.jar to partition "default" on server soa_server1 [x.x.x.x:8001]
[04:05:15 PM] Elapsed time for deployment: 14 seconds
[04:05:15 PM] ---- Deployment finished. ----We should take a look at the log files to see what's really going on but if you haven't done anything with the installation yet then "reinstalling" is very easy.
In the directory where you launched the jar file, you should find a directory named "crx-quickstart". Simply rename this directory to "crx-quickstart.old" and restart the jar file. Your new environment will be ready in a couple of minutes. Keep the old directory and look into the [your directory]\crx-quickstart\logs directory for details on your original problem. -
Extracting username and password from security header
Hey all,
I'm writing a BPEL process that invokes two secured web services. One of them authenticates using Username Token and the other has a authenticate method in which the username and password are supplied as Strings. I have successfully propagated the credentials from the BPEL process to the web service using Username Token by doing the following:
1) I secured my BPEL process
2) I imported oasis-200401-wss-wssecurity-secext-1.0.xsd and from it created a variable of type Security
3) I added the security variable to the Header Variables for the BPEL process input
4) I added the security variable to the Input Header Variables for the web service's invoke operation
This worked fine. However, I need to be able to extract out the username and password and supply them as Strings to the authenticate method of the other web service. How can this be done? If it can't, what are some alternatives?
Environment:
JDeveloper 11.1.1.6.0
Thanks,
BillHi Sri,
If I understand your steps correctly, I think the problem I'm having rests with the second step. I don't know how to get a hold of the username and password to assign to the local variables you mention. The BPEL process itself uses Username Token for authentication. These credentials need to be passed to the web services invoked within the BPEL process. If I assign the security header variable directly to the string output for the BPEL process, the string returned will be the complete XML security header, which includes the username and password. However, the security header variable itself doesn't expose the username and password directly. In other words, I can't expand the security header variable node in the dialog for editing the Assign operation and get to the username and password. I think one solution is to parse out the username and password from the complete XML security header using string operations (substring, index-within-string, etc). Also, regarding step 4, I'm not sure if passing the credentials in the header will work for this web service. I think the web service is expecting the credentials as parameters to its authenticate method.
Thanks,
Bill -
BPM Process As a Web-Service Username and Password
Hi all,
We have exposed a Process as a Web-Service WSDL to another system . We use Username Token Profile to enter the username and password to connect to the Web-Service..
Now what we do is we have a role in our project and we create a dummy Web-Service user and add the role to that user and then use its password and username to call the Web-Service.
Can we change this?
Can we have a dummy username and password not associated with any role in BPM used in our Web-Service?Did you use PAPI code inside your web service or did u just use PAPI Web Services ( like did u just pressed the button Launch PAPI Web Services ) and it created the WSDL for you and u used it to create the client?
I am using the latest version of OBPM..
Oracle 10.3.10
Can you let me know what do u mean by PAPI interface.. Is it the PAPI code of is the PAPI Web Service which is built by BPM automatically and could be used?
Edited by: user8707382 on Sep 10, 2009 9:00 AM -
Single sign-on and different usernames and passwords
Hello,
I am building a Portal with WLPS 3.5 and WLS 6.0. I tried to get
information about the background of single sign-on.
I understand, that I need a Realm (i.e. LDAP Realm) to authenticate the
user for the first login to the portal (with username and password).
Now I would like to integrate my webmail-programm (to get emails from
Lotus Notes via Internet) as a portlet.
For my understanding the user has to authorizate to get access to webmail.
Therefore I create a ACL for webmail and this ACL is assigned to my
security Realm.
I would like the portlet to show after login the number of mails for the
specific user. But where are the username and password for webmail stored
and how are they received and forwarded?
I understand that my ACL included all users that have access to webmail
(i.e. all users). But I only want emails for the specific user.
Does WLS get all usernames and passwords while the first login? Do I have to
implement a algorithmen to get the specific username and password for the
requested resource in my portlet?
Has anyone solved a similar problem or can tell me where I can get more
information. I read the WebLogic Security document but I cant find a
answer to my questions.
Thanks
LydiaLydia,
I'm not an expert in this area, but I can give you a start.
As for single sign-on, there are different levels. For single sign-on across web-apps,
the servlet spec requires this (section 12.6 of th 2.3 spec) and therefore Weblogic
does this.
What you are talking about is single sign-on across back-end applications through
a web-app. BEA has partnered with Securant (just acquired by RSA) to provide this
kind of functionality. Browse to http://www.rsasecurity.com/products/ and look
at the ClearTrust product. BEA has also partnered with Netegrity (www.netegrity.com)
with their SiteMinder product. Neither is included in the Weblogic license. I'm
sure either vendor would be excited to explain how their product will solve your
problem if you give them a call.
As for where the username and passwords are stored, that is up to the realm. If
you are using the default WLPS RDBMSRealm, the username and encrypted password
are stored in the WLCS_USER table. If you are using LDAPRealm, they are stored
in your LDAP server.
Hope this was useful!
PJL
[email protected] wrote:
Hello,
I am using PersonalizationServer 3.5 and WLS 6.0 SP 2.
Now I try to unterstand the functionality of Single sign-on when a user
has different usernames and passwords for different applications.
Can someone explain where the usernames and passwords for a user are
stored (all in the LDAP-realm or a RDBMS-realm?) When a user access the
application how username and passwords are mapped? Or usernames and
passwords for all applications are the same and will be equalized?
Precisely I would like to get access to a mail-account for a specific
user
(webmail from Lotus Notes).
Thanks for any help
Lydia -
How do i send the username and password to yahoo web page through url
how do i send the username and password to yahoo web page through url i.e as Query string so that my account in yahoo will open...
If you don't mind using a library, then download and use the Apache HttpClient library. It takes care of all these details for you.
-
I do not know my apple administrator username and password. How do I find out what it is? I am trying to download IBM Notes and Domino onto my MacBook Pro and I cannot download the software without verifying my apple administrator username and password.
iOS is only for mobile devices, so:
Resetting or changing a password:
For Snow Leopard or earlier: http://support.apple.com/kb/HT1274
For Lion or later: http://support.apple.com/kb/HT6022
For Mavericks users:
http://www.macworld.co.uk/how-to/mac-software/how-change-admin-password-mac-3535 328/
This is also useful:
http://www.macworld.co.uk/ipad-iphone/news/?newsid=3463233&olo=email
If it's running Mac OS X 10.6.8 or earlier, insert a Mac OS X install DVD, restart with the Option key held down, click on it, and use the Reset Password utility.
If it's running Mac OS X 10.7 or newer, restart with the Command and R keys held down, open the Terminal, and use the resetpassword command:
https://discussions.apple.com/docs/DOC-4101 -
I have a iphone 5 and I can login with my apple id to purchase music. However, when I try to login into icloud using the very same username and password that I use in the apple store it does not work to enter icloud, so what what gives???
I could do that, however when I select the icloud button (or whatever the heck it is) I am asked to enter the apple id and password. So if you are suppose to create another one for icloud you'd think it would give you the option at this point which would be logical.
-
I have to log onto my companies wifi by first going thru a log on page that equires a username and password. before i updated to ios 6. it worked fine now it just goes to the login page and when i hit enter it doesnt do anything just stays stuck on that page. however the phone will log onto a regular wifi router that doesnt require any kind of username or password. any ideas on how to fix it. i have tried everything including reseting all network settings.
1. Settings>General>Reset>Reset Network Settings
or
2. Use "Forget This Network" -
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Issue:
Cisco firewalls require only one level of password i.e. the domain username and password are used for both logging in as well as reaching global configuration mode.
Background:
We have multiple Cisco network devices set up which authenticate to our Windows domain controller using NPS (Windows 2008 R2). The switches we have set up all function exactly as we would hope as they require your domain username and password to login to the device. They then require a separate password when you use the enable command, this is stored in Active Directory:
Switches:
Username:domain-username
Password:domain-password
SWITCH>enable
Password:enable-password-in-Active-Directory
SWITCH#
Firewalls (as they currently are):
Username:domain-username
Password:domain-password
FIREWALL>enable
Password:domain-password
FIREWALL #
With the firewalls however, they require your domain username and password first, and then your domain password again when using the enable command. I want the firewalls to use the enable level password that the switches currently use instead of the domain password again. The current configuration look like the following:
Current switch configuration:
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius enable
aaa authorization exec default group radius local
aaa session-id common
radius-server host 192.168.0.1 auth-port 1645 acct-port 1646
radius-server source-ports 1645-1646
radius-server key 7 1234abcd
Current firewall configuration:
aaa-server DC01 protocol radius
aaa-server DC01 (outside) host 192.168.0.1
aaa authentication ssh console DC01 LOCAL
aaa authentication enable console DC01 LOCAL
key 1234abcd
Any help would be great, thanks!Cisco ASA works that way by design. You could remove "aaa authentication enable" and then you could use the "enable password" command to set your enable password.
But if you do that, then ASA would change your username to "enable_15". That would break Authorization and Accounting if you're using them. Let me clarify with an example
Firewalls :
Username:domain-username
Password:domain-password
FIREWALL>show curpriv
Username : domain-username
Current privilege level : 1
Current Mode/s : P_UNPR
FIREWALL>enable
Password:enable-password-from-running-config
FIREWALL #show curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
If you're using Authorization and Accounting it's recommended to stick with your current behavior. -
Server 2003 VPN clients can't verify username and password
Hi,
Hoping someone can help or point me in the right direction. I have a Windows Server 2003 R2 standard SP2 running RRAS. It has Dual NIC's and is configured for PPTP VPN. I am using a BT Business Hub 5 for internet access and using the BT Static IP service.
The BT Hub assigns the static IP address chosen to the Server using DHCP. The firewall is configured to port forward PPTP traffic to the 2003 server. This all works correctly.
The 2003 server is on a domain where the DC is a 2008 R2 server. The DC also acts as the DNS and DHCP for the network.
The default gateway for the domain is pointed towards our WinGate proxy server which also acts as a DNS server.
The 2003 server LAN NIC is configured manually, usually I would not configure a deafult gateway on the LAN NIC as the WAN NIC needs the default gateway for the BT Hub.
The problem I am having is if a default gateway is configured on the LAN NIC, I can connect to the VPN and it will logon to the network. Once connected everything works ok. If the connection drops, when trying to reconnect the client can no longer verify
the user name and password against the domain and the connection is refused.
If I do not have a default gateway configured in the LAN NIC the VPN clients can not verify the username and password for the domain at all and I get RPC failure errors in the event viewer with the source dnsapi.
Once this error occurs the only way I can get the clients to reconnect is to disable the WAN NIC, restart the RRAS service and enable the WAN NIC again.
Any insight will be much appreciated.Hello,
for Networking configuration questions better ask in
http://social.technet.microsoft.com/Forums/windowsserver/en-US/home#forum=winserverNIS&filter=alltypes&sort=lastpostdesc&content=Search
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter:
Maybe you are looking for
-
Windows Live Hotmail: every time I log on to this site for my emails, I have to manually type in my password, instead of Firefox automatically doing it.The tools box for saved passwords shows the right password in the list of saved passwords, so why
-
Hi everyone, i have several questions for some errors that appeared with the last full system upgrade: 1. There is some message i get in the "waiting for udev events to be processed" part of the boot process: SP5100 TCO timer: mmio address [some memo
-
I've been trying to find solutions to convert images/pdf's from RGB to CMYK. I've noticed that it's definitely possible to convert from CMYK to RGB, but haven't been able to do the reverse. Does anyone know of a method or a reference that might help
-
HT3577 How to unlock my phone with voice over
I turned on voice over & now I can't unlock my phone. Please help. Thank you.
-
Error on opening web logic application
any sort of help is welcome............................ Error 500--Internal Server Error java.lang.ClassCastException: Unable to convert "adminUIResources" to type "javax.el.ValueExpression" for attribute "basename" at weblogic.jsp.internal.jsp.utils