Checkbox for authenticated sessions missing in 3.6.3
I am a tech support person for users of Blackboard CE8, an online learning management system. We have told users of earlier Firefox versions to "Clear Private Data" and then check a box for authenticated sessions in order enable certain features of Blackboard. Now, it's "Clear Recent History" which I've done (again and again). There is nothing in 3.6.3 that pertains directly to "authenticated sessions." What, then, is the troubleshooting step in 3.6.3 that is *equivalent* to checking the box for authenticated sessions?
We ran this solution past the user with this problem, and it didn't take. We also tried these steps to ream out Java on the user's computer. (See the list of steps below). It still didn't take.
1. With no programs open, remove all versions of Java: Go to the Start menu, and choose Control Panel.
2. Open Add/Remove Programs (for Windows XP) or Uninstall Program (for Windows VISTA)
3. Remove ALL instances of Java.
4. Close all windows.
5. Install current version of Java: go to http://www.java.com/en/download/manual.jsp
6. Click the link Windows 7/XP/Vista/2000/2003/2008 Online ( http://javadl.sun.com/webapps/download/AutoDL?BundleId=39502 )
7. Choose Run and follow instructions to install Java.
8. After installation, open Firefox and go to your course.
9. Be sure that popups are enabled in your browser or disable your popup blocker.
10. If you receive a Security Alert popup window, choose "Always trust content from this publisher" and then press Run.
11. You can now try to browse your computer to add an attachment, to see if you can see the My Files icon.
We have since advised the user to try using Internet Explorer 8, which is certified for use with Blackboard CE8. This is clearly not a desirable option from Firefox perspective.
Similar Messages
-
When customising toolbar item only stays for current session, missing when Firefox is reopened
I want to add a 'Bookmarks' icon next to the 'Refresh' icon on the tool bar. When I customise and then click 'Done' the icon appears and functions correctly. The icon stays for the open session with Firefox. However after closing and then reloading the icon is not there. Any ideas please.
See this: <br />
https://support.mozilla.com/en-US/kb/Preferences+are+not+saved -
Nnot Get Session Key for Authentication
I found in trace file of my application
(TRACE_LEVEL_CLIENT = SUPPORT in sqlnet.ora):
ORA-28035 Cannot Get Session Key for Authentication
Cause: Client and server cannot negotiate shared secret during logon.
What is the session key and how to obtain it?DISABLE_OOB = ON
NAMES.DEFAULT_DOMAIN = domain
NAMES.DIRECTORY_PATH= (TNSNAMES)
SQLNET.CRYPTO_SEED = P9EBHPQFLEIAJNUFAZHQP8JBNES8EBEEHS895LCWW9UZKO9HR2R2E5GDN7JV15T27QJO97D89BQAWSRF
# SQLNET.CRYPTO_CHECKSUM_SERVER = requested
# SQLNET.CRYPTO_CHECKSUM_CLIENT = requested
# SQLNET.ENCRYPTION_SERVER = requested
# SQLNET.ENCRYPTION_CLIENT = requested
SQLNET.RADIUS_AUTHENTICATION = ad1.domain
# SQLNET.RADIUS_AUTHENTICATION_PORT = (PORT)
SQLNET.RADIUS_AUTHENTICATION_TIMEOUT = 5
SQLNET.RADIUS_AUTHENTICATION_RETRIES = 3
SQLNET.RADIUS_ALTERNATE = ad2.nlmk
# SQLNET.RADIUS_ALTERNATE_PORT = (1645)
SQLNET.RADIUS_ALTERNATE_TIMEOUT = 5
SQLNET.RADIUS_ALTERNATE_RETRIES = 3
SQLNET.RADIUS_SEND_ACCOUNTING = ON
# SQLNET.RADIUS_SECRET=(path/radius.key)
SQLNET.AUTHENTICATION_SERVICES = (NTS, BEQ,RADIUS)
# TRACE_LEVEL_CLIENT = SUPPORT
# TRACE_LEVEL_SERVER = SUPPORT
domain is the name of my windows domain
TNSNAMES.ORA
SERVER.DOMAIN =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = server.domain)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = server.domain)
) -
I'm having some trouble with authentication to guests from my Hyper-V console.
If I try to connect from the Hyper-V Manager to the console of any guest, I get the error:
"A certification authority could not be contacted for authentication. If you are using a Remote Desktop Gateway with a smart card, try connecting to the remote computer using a password. For assistance, contact your system administrator or technical support."
I'm not using an RDG and smart card.
I have 2 virtual networks. The first is Production, the second is Isolated. Production has 2 NICs attached to the Production LAN, the second has 2 NICs in our DMZ. The host is a member server of the production domain. I can use MSTSC from the LAN or the DMZ
to gain access to each Guest and the Host.
The issues start if I try "Connect" from Hyper-V Manager in an attempt to use the console of any Guest. Each attempt fails with the above error. If I use an incorrect password, I get a different error: "The credentials that were used to connect
to {Server FQDN} did not work. Please enter new credentials."
Taking a look at the the event logs, I can see the session successfully authenticating to the Guest (4776 Credential validation and 4624 Logon), and the fact I get a different error if I enter an incorrect password show I get some way along the line. However
if I take a look at the logs on the Host, however I get:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xC000006D
Sub Status: 0xC000005E
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Kerberos
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Which looks to me like a blank authentication request is being sent? (I've not deleted any machine/domain names, they're just not present)
Any suggestions? Do you think I'm barking up the wrong tree?
Thoughts and comments gratefully receivedHi,
What’s your guest system platform, base on my experience that must be the not supported guest system issue, the generation 2 vm only support the Windows 8 or 8.1 platform.
The related KB:
Generation 2 Virtual Machine Overview
http://technet.microsoft.com/en-us/library/dn282285.aspx
Hope this hleps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Java Applet Constantly Asks for Authentication
With have a ADF application on Weblogic 10 that has occasional access to a Java applet. The Java applet is loaded whenever it's needed and not loaded whenever it isn't in a facet. The applet is currently in the public_html/applet folder.
When we set the SSL configuration to requiring a client certificate, when the Java applet loads, it'll constantly ask for a client certificate even though the user already presented the client when hitting the website:
Request Authentication Identification required. Please select certificate to be used for authentication.
This is annoying to users and the Java Applet doesn't need authentication. Is there any way we can disable the authentication or remove the prompt?
Here's the embedded applet code:
<applet height="1" width="1" code="applet.Applet.class"archive="/app/applet/SApplet.jar" /><param name="permissions" value="all-permissions"/></applet>
Things I've already tried:
1) Setting the Applet up on HTTP instead of HTTPS; I get a warning about mixed content and still get the authentication pop-up.
2) Created a minimal applet that only types out "HELLO WORLD" in the console, still get the authentication pop-up
Here's the console window:
Java Plug-in 1.6.0_35
Using JRE version 1.6.0_35-b10 Java HotSpot(TM) Client VM
User home directory = C:\Users\mfan
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
basic: Added progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@1df073d
basic: Plugin2ClassLoader.addURL parent called for https://192.168.130.99/app/applet/HelloWorld.jar
network: Cache entry not found [url: https://192.168.130.99/app/applet/HelloWorld.jar, version: null]
network: Connecting https://192.168.130.99/app/applet/HelloWorld.jar with proxy=DIRECT
network: Connecting http://192.168.130.99:443/ with proxy=DIRECT
security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loading SSL Root CA certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecacerts
security: Loaded SSL Root CA certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecacerts
security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loading Deployment SSL certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecerts
security: Loaded Deployment SSL certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecerts
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Internet Explorer ROOT certificate store
security: Loaded certificates from Internet Explorer ROOT certificate store
security: Checking if certificate is in Deployment denied certificate store
security: Checking if certificate is in Deployment session certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
security: KeyUsage does not allow digital signatures
(and here's where the prompt comes up).Actually, setting the archive to http://URL works fine. No more request authentications come up.
-
Policy agent using https redirect to AM for authentication
We are using Access Manager 6 2005Q1.
Access Manager is running on box A & box B using the Sun Web Server as its front end web server. Box A & B both have a complete install of Sun Web Server, Access Manager, and Directory Server. The Directory servers are set up to replicate changes between each other. Our Policy Agents are running on box C & box D under the Apache web servers.
Users will access applications on box C/D via https. The policy agents on box C/D should redirect the user to box A/B (via a load balancer VIP)for authentication. The redirect will be https. Once authenticated the user should be redirected back to box C/D.
All subsequent communications between the Agents on box C/D to AM on box A/B (via load balancer VIP) are http.
Our load balancer is currently setup as active/failover because it does not support ssl with cookies.
In our AMAgent.properties file if I set 'com.sun.am.policy.am.loginURL = http://<lb-vip>:80/amserver/UI/Login' and access box C/D as https://<webserver>/<url> I am redirected to AM on box A/B for authentication. Once authenticated I am redirected back to box C/D and allowed access to <url>.
However, if I set 'com.sun.am.policy.am.loginURL = https://<lb-vip>:443/amserver/UI/Login' and access box C/D as https://<webserver>/<url> I am NOT redirected to AM and receive 'Forbidden You don't have permission to access /<url> on this server. Also in the agent log file I see:
2006-01-30 12:42:30.792 Debug 28126:203470 PolicyAgent: in_not_enforced_list():enforcing access control for https://<webserver>:443/<url>
2006-01-30 12:42:30.792 Debug 28126:203470 PolicyAgent: am_web_is_access_allowed https://<webserver>:443/<url>S, GET) no sso token, setting status to invalid session.
2006-01-30 12:42:30.792 Debug 28126:203470 PolicyAgent: Policy Agent: am_web_is_access_allowed returned status=invalid session
2006-01-30 12:42:32.800 Warning 28126:203470 PolicyAgent: am_web_get_redirect_url() unable to find active Identity Server Auth server.
2006-01-30 12:42:32.800 Info 28126:203470 PolicyAgent: do_redirect(): Status Code= invalid session.
Interestingly if I set 'com.sun.am.policy.am.loginURL = https://<am-server>:443/amserver/UI/Login' and access box C/D as https://<webserver>/<url> I am redirected to AM on box A/B for authentication. Once authenticated I am redirected back to box C/D and allowed access to <url>. In this scenario the only difference is I am bypassing the load balancer.
Our networking people have monitored the load balancer in front of our AM boxes A/B and see the traffic going to AM in all cases.
From my standpoint it appears the agent is not able to successfully connect to AM via https when going through the load balancer.
Any help with this configuration issue is appreciated.Bernhard,
From our AMAgent.properties... com.sun.am.policy.agents.version=2.1. Is there a way for me to tell if this is truely only 2.1 or 2.1-xx?
Because our LB does not support SSL with cookies we are currently configured as active/failover so all requests are going to the same AM server until it goes down, at which time I know users have to re-authenticate. Also we have set "com.sun.am.loadBalancer_enable = true" in AMAgent.properties.
We understand your point about loginURL. Infact there are two properties dealing with loginURL, com.sun.am.policy.am.loginURL and com.sun.am.policy.am.library.loginURL. Based on the comments in AMAgent.properties my understanding is that com.sun.am.policy.am.loginURL is where the user is redirected for login when no valid SSO token is found and com.sun.am.policy.am.library.loginURL is what the agent uses to authenticate itself "If the previously specified login URL must be exclusively used for redirecting users..." The interesting part is that if we set com.sun.am.policy.am.loginURL to use http everything works just fine, however if we set it to use https the user never gets redirected. Its almost like the agent is trying to connect there first before doing the redirect and can not.
Craig -
ERR-1002 Unable to find item ID for item "SESSION"
Hi All,
We have recently ugpraded from Aoex 3.1 to 3.2 and have now noticed on occasions that i get the following error when logging in...
Unexpected error, unable to find item name at application or page level.
ERR-1002 Unable to find item ID for item "SESSION" in application "2500".
Return to application.I have been making changes to the application but have not changed anything to do with the SESSION item, i thought that was built into APEX so am not sure why it cannot find it.
The error mainly happens if i clear the internet cache and try logging in again on a new session, i click Return to Application and try logging in again but get the error. If i login as a different user it logs in.
Has this happened to anyone else?
Thanks
GrahamScott,
Sorry, typing error, i meant 3.0 to 3.1.
when a user clicks login the following happens...
A Validation runs to determine if the username and pasword is right and if the user has parts to be accepted when logging in....
DECLARE
V_User_Check VARCHAR2(800);
BEGIN
V_User_Check := M_USERS_VALIDATE_LOGIN(
:P101_USERNAME, :P101_PASSWORD, :SESSION, :P101_BENCH, :P101_BENCH_ID);
IF V_User_Check = 'PASSWORD_CHANGE' THEN
:P101_PASSWORD_CHANGE := 'YES';
RETURN 'You password must be changed for security purposes. ' ||
'Please enter and retype a new password, then confirm the ' ||
'change by entering your existing password.';
ELSIF V_User_Check = 'INVALID_USERNAME' THEN
RETURN 'The username has not been recognised, please re-enter.';
ELSIF V_User_Check = 'INVALID_PASSWORD' THEN
RETURN 'The password entered is invalid, please re-enter.';
ELSIF V_User_Check = 'ACCEPT_PARTS' THEN
:P101_PARTS_TO_ACCEPT := 'YES';
RETURN 'There are parts at this bench that need to be accepted/rejected for you to use, please check the quantities carefully.';
ELSIF V_User_Check = 'OK' THEN
RETURN '';
ELSE
RETURN V_User_Check;
END IF;
END;The following function is called from the Authentication Scheme (return authenticate_m_user;)
CREATE OR REPLACE FUNCTION authenticate_m_user(p_username IN VARCHAR2, p_password IN VARCHAR2)RETURN BOOLEAN IS
CURSOR m_cur( username_p VARCHAR,password_p VARCHAR) IS
SELECT COUNT(*) user_count FROM m_users
WHERE UPPER(username) = username_p
AND PASSWORD = password_p AND in_use = 'Y';
result_v BOOLEAN := FALSE;
V_Admin VARCHAR2(1) := 'N';
BEGIN
FOR m_rec IN m_cur(p_username, dbms_obfuscation_toolkit.md5( input_string => p_password))
LOOP
IF m_rec.user_count = 1 THEN
result_v := TRUE;
END IF;
END LOOP;
IF result_v = TRUE THEN
UPDATE m_users
SET logged_in = 'Y', last_login_date = sysdate
WHERE upper(username) = upper(p_username);
COMMIT;
END IF;
RETURN result_v;
END authenticate_m_user;Also when i encounter the error if i keep clicking Login it keeps throwing the error, but if i turn on debug and then click login again it logs in ok.
Hope this helps.
Graham. -
RD Gateway prompts for authentication
Setup:
Deployment Type: 2012 RD Session based deployment
Domain level: 2012
DNS: separate internal and public domain names
Clients: Windows 8.1 ENT
Session Host: Two RDSH Collections
Broker: Single RDSB server
RD WEB: Single RDGW+RDWEB server in DMZ
SSO setup as per M$ and community KBs
Certificates: RDWEB/RDB/RDGW - Public PKI (remote.contoso.com); RDSH - Self-Signed (*.contoso.local)
Form-based authentications has been replaced with Windows Integrated and Clients successfully logon onto the Remote.Contoso.com without credential prompts.
RemoteApp Client gets configured via a GPO without any issues and Feed syncs fine.
Issue:
Upon attempt to launch RemoteApp either via Web or RemoteApp Client client receive a credential prompt from RD Gateway for authentication: *Type your user name and password to connect to Contoso RemoteApps*
Notes:
The Credential Manager shows no saved credentials for the remote.contoso.com, despite the configured RemoteApp Client. If I manually add an entry under Windows Credentials for Remote.Contoso.com with
USER1`s credentials, then there is no prompt and application launches.
Even if the credentials I enter are for USER2, even then the application is launched under the initial
USER1.Hi,
Thanks for your comment. Sorry for late response.
Enabling the setting through the RDP file:
Alternatively, the single credential prompt setting can be manipulated from the RDP file.
1. Open the RDP file in Notepad.exe.
2. To enable the setting, the user can enter "promptcredentialonce:i:1" in the RDP file.
3. If the user wants to disable the setting, then user can enter "promptcredentialonce:i:0" in the RDP file.
More information for reference.
Single credential prompt for TS Gateway Server and Terminal Server
http://blogs.msdn.com/b/rds/archive/2007/05/04/single-credential-prompt-for-ts-gateway-server-and-terminal-server.aspx
In addition, please check the GPO setting whether you have configure the credential delegation policy for SSO. Please go through following article.
Remote Desktop Web Access single sign-on now easier to enable in Windows Server 2012
http://blogs.msdn.com/b/rds/archive/2012/06/25/remote-desktop-web-access-single-sign-on-now-easier-to-enable-in-windows-server-2012.aspx
Hope it helps!
Thanks.
Dharmesh Solanki -
Write code for authentication of username and password using struts
write code for authentication of username and password using session using struts with jdbc connection..
write code for authentication of username and
password using session using struts with jdbc
connection..and please, allow me to spoon feed you! -
IP address unknown "show authentication session interface"
Hi,
I have the following issue:
Several hosts on a specific VLAN cannot reach a VNC server which is located in the same VLAN. All the ports are running 802.1X and hosts are authenticated based on certificate.
The hosts that have the issue are always authenticated with success and a "show authentication session interface <INT-NAME>" shows the following output for a client:
SWl#sh authentication sessions interface g1/0/42
Interface: GigabitEthernet1/0/42
MAC Address: 4437.e668.9896
IP Address: Unknown
Status: Authz Success
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 100
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0000000000000AA09F7A3843
Acct Session ID: 0x00000CD7
Handle: 0x2D000AA0
The server:
SW#sh authentication sessions interface g2/0/43
Interface: GigabitEthernet2/0/43
MAC Address: 4437.e68a.4048
IP Address: 10.10.10.254
Status: Authz Success
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 100
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 00000000000008DC576F3B64
Acct Session ID: 0x000009CB
Handle: 0x200008DC
If I do a "clear authentication sessions interface g1/0/42" on one of the client port then the IP address is not unknown anymore:
SW#sh authentication sessions interface g1/0/42
Interface: GigabitEthernet1/0/42
MAC Address: 4437.e668.9896
IP Address: 10.10.10.20
Status: Authz Success
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 100
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0000000000000E63AA195FED
Acct Session ID: 0x000010A6
Handle: 0x92000E63
Then the client can connect to the server without any issues. Does anyone has a solution to fix this issue?
All port are configured the same (client and server) and DHCP snooping is runing for the authenticated VLAN (100):
interface GigabitEthernet1/0/42
switchport access vlan 999
switchport mode access
switchport nonegotiate
switchport block multicast
switchport block unicast
switchport port-security maximum 4
switchport port-security
switchport port-security violation restrict
ip arp inspection limit rate 50
authentication host-mode multi-domain
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 5
storm-control broadcast level 5.00
storm-control action shutdown
no vtp
ip dhcp snooping limit rate 50
Platform: cisco WS-C3750X-48P
IOS: c3750e-universalk9-mz.122-55.SE3.bin
Authentication Server: Cisco ISE
Best regards,
LaurentHi Tarik,
Is this command used in combination with dot1x? The switch is running DHCP snooping so the MAC/IP/VLAN should already be present in the DHCP snooping database, no?
I would like to understand what is causing the problem and how this command can solve it
Regards,
Laurent -
SAP Authentication Method Missing
Dear Experts, I have been having this problem for sometime. I have redone the whole work again just to make sure I'm not missing anything. Any help is appreciated.
I'm on BO XI R2, with Tomcat 5.0,27, Windows 2003 environment, Java connector 2.1.8,
I'm missing SAP authentication method in the Java InfoView. I have Enterprise, LDAP and WinAD in the list but not SAP authentication. While my Java Infoview for SAP works just fine.
Also with IIS, the .NET InfoView does have SAP authentication and it works fine as well.
Kindly assist me in fixing this.
BTW, which configuration file in tomcat hold this info about authentication methods?8 --> Configured the Kerberos Windows AD Authentication in BOE System (these includes the steps to apply it on IIS and Java Application Servers (Tomcat)) by following the
instructions in BusinessObjects Enterpriseu2122 XI Release 2 Deployment and Configuration Guide, Chapter 13
9 --> Installed Live Office Client 11.5.8.826 (server and client component on the same machine)
a) Enabled Live Office client components (by running the enable_addin.exe utility)
b) Running side-by-side Live Office installations (enable the Live Office Add-In)
10 --> Install Xcelsius 2008, Version 12.1.0.247
11 --> Install BusinessObjects XI Release 2 Integration Kit for SAP SP1
12 --> Install BusinessObjects XI R2 Service Pack 2 for Integration Kits
13 --> Make sure that BOE Sample Reports is imported to the installed BOE system
14 --> Configured and Tested IIS for SAP Authentication with SSO for SAP InfoView in BI system and
SAP Enterprise System to point to the installed BOE system
15 --> Configure Tomcat (Web.config files) to use BOE Cluster Name & SAP Authentication with SSO
enabled for SAP InfoView site when it is used from the SAP Enterprise Portal
16 -->Tested to logon to Live Office with SAP Authentication. SAP Authentication is missing in the Live
Office like Java InfoView
Kindly point out to me where I'm going wrong? -
Disable checkbox for some records in a datasource
Hi,
I am having a datatable which is binded to a datasource. There is a check box for every record in the list. Check on some records and click the submit button. After that i want the records i have already submitted to be disabled(checkbox disabled) when the page is refreshed. Is there any way to do it. plz help. Thanks in advanceI would have a table field to store the submitted items, so that when you open the page you can compare with that field and use <html:checkbox disabled="true"....> for the submitted records. I think it will work out. Is this only just for that session?
-
"Hold for Authentication" printer error
Since upgrading to Mavericks (did a clean install, so not sure if Mavericks is the culprit per se) whenever I attempt to print to a networked printer (I am the lone mac in a Windows environment) I get the error "Hold for Authentication". Any suggestions? Here are some further details
If I have logged into a network drive, when I click the circular arrow on the right of the error message, I am prompted for my user name and password. BOTH my network user name/password or guest/guest will result in successful printing
Each print job requires me to enter user name/pw, regardless of whether I have just entered it for a previous job
If I have NOT logged into a network drive, no combination of my name/pw or guest/guest will result in a successful print - I just keep getting the hold for authentication error
Steps I have tried to take:
Resetting the printing system
deleting the printer and adding it again with a new name
Different comibinations of checking or not checing the "remember this password in my keychain" box
I am totally flummoxed and frustrated. Any ideas?I read many threads before discovering this simple fix:
Go to Settings > Printers & Scanners > Add a Printer (the + symbol)
Do NOT select any printers that you initially see displayed. They never worked for me. Instead, select the Windows tab (off to the right) <--- this is the step I constantly missed
Walk down through Workgroup (at least that's how my network was referred to by the PC) > Name of the PC > Name of the Printer (a short name assigned in Windows)
This FINALLY solved my problem. Oh, and when asked for “Authentication” (name and password), enter the name used to log onto the PC (from the Start menu) and the password used to log onto the PC. Allow this information to be saved in Keychain on the Mac so it won’t have to be entered in the future.
Hope this helps any future frustrated newbies. -
Creating Kerberos Identity for RD Session Host Farms for w 2012 r2
anyone knows how Creating Kerberos Identity for RD Session Host Farms for w 2012 r2.
I tried what they said the post
to w 2008, With
powershell I find the possibility and the
script indicates the error class is not
validHi,
Referring to your comment, here providing you article for Kerberos authentication in server 2012. Please refer to the below article.
What's New in Kerberos Authentication (You can refer for Server 2012 R2)
http://technet.microsoft.com/en-us/library/hh831747.aspx
Hope it helps!
Regards. -
Authentication & Session Management questions
Hi. Apex 2.2.1. I'm going crazy trying to set up authentication for my application. I'd appreciate any pointers. My scenario is
Siteminder intercepts all calls to the application
User authenticates with Siteminder
If authenticated, Siteminder sets HTTP_SM_USER in the header
If not authenticated, then APEX is never called
Pull the user out of the header
Create a session if needed
Log the user in if needed
Redirect the user to the request page
I've followed the example that I've found in the forum and set up a page sentry function to create a session when the user first comes in. After that I try to verify that the session belongs to them. That's not working because wwv_flow_custom_auth_std.get_username never returns a value. I think that's because I'm not logging the user in to APEX. I can't figure out the difference between wwv_flow_custom_auth_std.post_login and wwv_flow_custom_auth_std.login. (it probably doesn't help that I inherited the application from some consultants that left a year ago and there is no documentation on it or even APEX here at my site).
MikeThanks, Scott. The problem is that it seems to keep looping. You can see from the log that it creates the session, then invalidates it, then creates it, etc.
Mike
debug log
384 1000 Enter 604 - 1 user MDHENDER session NOT valid
384 4000 session is NOT valid
384 4100 dn_network_id is acct\mdhender
384 5000 creating a new session
384 5010 created new session
384 6000 setting up follow up url
384 6010 follow up url is 604:1:
384 7000 register new session
384 7010 registered session
384 9000 clean exit
385 1000 Enter 604 - 1 user MDHENDER session valid
385 3000 session is valid 1707655438517376
385 3010 authenticated user MDHENDER cookie
385 3100 marker
385 3200 marker
386 1000 Enter 604 - 1 user MDHENDER session NOT valid
386 4000 session is NOT valid
386 4100 dn_network_id is acct\mdhender
386 5000 creating a new session
386 5010 created new session
386 6000 setting up follow up url
386 6010 follow up url is 604:1:
386 7000 register new session
386 7010 registered session
386 9000 clean exit
387 1000 Enter 604 - 1 user MDHENDER session valid
387 3000 session is valid 2743127946937676
387 3010 authenticated user MDHENDER cookie
387 3100 marker
387 3200 marker
Here is the code
<code>
CREATE OR REPLACE FUNCTION lmf_siteminder_page_sentry RETURN BOOLEAN IS
vAuthenticatedUsername VARCHAR2(512);
vCurrentSessionId NUMBER;
vDeclaredUser VARCHAR2(512);
vLogFlag VARCHAR2(1);
vMaxIdleMinutes NUMBER := 15;
vNextPage VARCHAR2(1024);
vTransNo NUMBER;
PROCEDURE log_msg(vFlag in varchar2,
vTransNo in number,
vSeqNo in number,
vMessage in varchar2) is
pragma autonomous_transaction;
BEGIN
IF vFlag = 'Y' THEN
insert into sm_debug_log
(transno, seqno, msg)
values
(vTransNo, vSeqNo, vMessage);
commit;
END IF;
EXCEPTION
WHEN OTHERS THEN
rollback;
raise;
END;
-- determine if the siteminder user is authorized
FUNCTION CheckAuthorizedUser(vUserName in varchar2) return boolean is
vDeclaredUser VARCHAR2(512);
BEGIN
-- verify that the user is supposed to have access to the application.
-- a quick check of the authorized users table will settle that question
select dn_network_id
into vDeclaredUser
from user_authorization
where UPPER(network_id) = UPPER(vUserName);
return true;
EXCEPTION
WHEN OTHERS THEN
return false;
END;
-- if the session cookie's user matches our authenticated user then
-- return true
FUNCTION CheckCookieUser(vUserName in varchar2) return boolean is
BEGIN
IF vAuthenticatedUsername = wwv_flow_custom_auth_std.get_username THEN
return true;
END IF;
return false;
END;
FUNCTION URLRedirect(vUrl IN varchar2) return boolean is
BEGIN
log_msg(vLogFlag, vTransNo, 9999, 'redirect => ' || vUrl);
owa_util.redirect_url(vUrl, true);
wwv_flow.g_unrecoverable_error := true;
return false;
END;
BEGIN
BEGIN
select debug, sm_seq_no.nextval
into vLogFlag, vTransNo
from sm_settings;
EXCEPTION
WHEN OTHERS THEN
vLogFlag := 'N';
END;
-- get authenticated user from siteminder. APEX may expect it
-- to be upper case
vAuthenticatedUsername := UPPER(lmf_siteminder_user());
IF wwv_flow_custom_auth_std.is_session_valid THEN
log_msg(vLogFlag,
vTransNo,
1000,
'Enter ' || v('APP_ID') || ' - ' || v('APP_PAGE_ID') ||
' user ' || nvl(vAuthenticatedUsername, '*null*') ||
' session valid');
ELSE
log_msg(vLogFlag,
vTransNo,
1000,
'Enter ' || v('APP_ID') || ' - ' || v('APP_PAGE_ID') ||
' user ' || nvl(vAuthenticatedUsername, '*null*') ||
' session NOT valid');
END IF;
-- no surprise here - let anyone view a page flagged as public
IF htmldb_custom_auth.current_page_is_public THEN
log_msg(vLogFlag, vTransNo, 1010, 'current page is public');
return true;
END IF;
-- redirect all unauthorized users to our no-access page
IF not CheckAuthorizedUser(vAuthenticatedUsername) THEN
-- send the user to our unathorized page
log_msg(vLogFlag,
vTransNo,
1100,
'unable to find dn_network_id for authenticated user ' ||
lmf_siteminder_user());
log_msg(vLogFlag,
vTransNo,
1110,
'try a redirect to ' || '/pls/apex/f?p=' || v('APP_ID') ||
':105:' || vCurrentSessionId || ':');
return URLRedirect('/pls/apex/f?p=' || v('APP_ID') || ':105:' ||
vCurrentSessionId || ':');
END IF;
-- use the current session if it is valid and assigned to
-- our authenticated user
IF wwv_flow_custom_auth_std.is_session_valid THEN
vCurrentSessionId := wwv_flow_custom_auth_std.get_session_id_from_cookie;
log_msg(vLogFlag,
vTransNo,
3000,
'session is valid ' || vCurrentSessionId);
log_msg(vLogFlag,
vTransNo,
3010,
'authenticated user ' || vAuthenticatedUsername || ' cookie ' ||
wwv_flow_custom_auth_std.get_username);
-- if the session cookie's user matches our authenticated user then
-- accept it and proceed with displaying the page
IF CheckCookieUser(vAuthenticatedUsername) THEN
wwv_flow_custom_auth.define_user_session(p_user => vAuthenticatedUsername,
p_session_id => vCurrentSessionId);
return true;
END IF;
log_msg(vLogFlag, vTransNo, 3100, 'marker');
-- the names do not match. assume that someone hijacked the session.
-- invalidate it and bump them out
-- Unset the session cookie and redirect back here to take other branch
wwv_flow_custom_auth_std.logout(p_this_flow => v('APP_ID'),
p_next_flow_page_sess => v('APP_ID') || ':' ||
nvl(v('APP_PAGE_ID'),
0) || ':' ||
vCurrentSessionId);
wwv_flow.g_unrecoverable_error := true;
log_msg(vLogFlag, vTransNo, 3200, 'marker');
-- tell APEX that we are not pleased
return false;
END IF;
log_msg(vLogFlag, vTransNo, 4000, 'session is NOT valid');
-- we did not have a valid session so verify that the user is supposed
-- to access our application. a quick check of the authorized users
-- table will settle that question for us
BEGIN
select dn_network_id
into vDeclaredUser
from user_authorization
where UPPER(network_id) = vAuthenticatedUsername;
log_msg(vLogFlag, vTransNo, 4100, 'dn_network_id is ' || vDeclaredUser);
EXCEPTION
WHEN NO_DATA_FOUND THEN
-- send the user to our unathorized page
log_msg(vLogFlag,
vTransNo,
4900,
'unable to find dn_network_id for authenticated user ' ||
vDeclaredUser);
log_msg(vLogFlag,
vTransNo,
4910,
'try a redirect to ' || '/pls/apex/f?p=' || v('APP_ID') ||
':105:' || vCurrentSessionId || ':');
return URLRedirect('/pls/apex/f?p=' || v('APP_ID') || ':105:' ||
vCurrentSessionId || ':');
END;
-- create new session
log_msg(vLogFlag, vTransNo, 5000, 'creating a new session');
wwv_flow_custom_auth.define_user_session(p_user => vAuthenticatedUsername,
p_session_id => wwv_flow_custom_auth.get_next_session_id);
log_msg(vLogFlag, vTransNo, 5010, 'created new session');
wwv_flow.g_unrecoverable_error := true;
-- set cookie
-- set the followup URL to page 1
log_msg(vLogFlag, vTransNo, 6000, 'setting up follow up url');
vNextPage := to_char(wwv_flow.g_flow_id) || ':1:';
log_msg(vLogFlag, vTransNo, 6010, 'follow up url is ' || vNextPage);
--wwv_flow_custom_auth.remember_deep_link(p_url => vNextPage);
--log_msg(vLogFlag, vTransNo, 6020, 'completed follow up url');
--IF owa_util.get_cgi_env('REQUEST_METHOD') = 'GET' THEN
-- wwv_flow_custom_auth.remember_deep_link(p_url => 'f?' ||
-- wwv_flow_utilities.url_decode2(owa_util.get_cgi_env('QUERY_STRING')));
--ELSE
-- wwv_flow_custom_auth.remember_deep_link(p_url => 'f?p=' ||
-- to_char(wwv_flow.g_flow_id) || ':' ||
-- to_char(nvl(wwv_flow.g_flow_step_id,
-- 0)) || ':' ||
-- to_char(wwv_flow.g_instance));
--END IF;
-- register new session with the application
log_msg(vLogFlag, vTransNo, 7000, 'register new session');
if 0 < 1 then
wwv_flow_custom_auth_std.post_login(p_uname => vAuthenticatedUsername,
p_flow_page => vNextPage);
log_msg(vLogFlag, vTransNo, 7010, 'registered session');
else
wwv_flow_custom_auth_std.login(P_UNAME => vAuthenticatedUsername,
P_PASSWORD => 'dummy',
P_SESSION_ID => v('APP_SESSION'),
P_FLOW_PAGE => v('APP_ID') || ':1');
log_msg(vLogFlag, vTransNo, 7011, 'registered session');
end if;
if 0 > 1 then
owa_util.mime_header('text/html', FALSE);
owa_cookie.send(name => 'LOGIN_USERNAME_COOKIE',
value => vAuthenticatedUsername,
expires => null,
path => '/',
secure => 'yes');
owa_cookie.send(name => 'HTMLDB_IDLE_SESSION',
value => to_char(sysdate + (vMaxIdleMinutes / 1440),
'DD-MON-YYYY HH24:MI:SS'),
expires => null,
path => '/',
secure => 'yes');
end if;
log_msg(vLogFlag, vTransNo, 9000, 'clean exit');
-- tell htmldb engine to quit
return false;
EXCEPTION
WHEN OTHERS THEN
return false;
END;
</code>
Maybe you are looking for
-
How does Mavericks handle 2nd monitor differently?
Since I upgraded to Mavericks, I have liked having a 2nd task bar on my 2nd monitor. But I haven't figured out how it decides where to put pop up windows. Sometimes they are on one monitor, other times on the other. How does it decide? And I hav
-
I am using system exe to run a batch file but just wondering how my labview program knows that all the command in the batch file is finished? I want the batch file to end before I do somethings else. thanks
-
My username and password have been saved on my yahoo account and I want to remove them but cant seem to find the way Please help
-
Cannot proceed with payment in Windows Dev Centre
Hey there, I'm facing some issues in verifying my user status. I tried the payment through DreamSpark account: 1. In the Get verified through my school option I can't see name of my school situated in Ghaziabad, India. 2. And how to get a verificati
-
Can't save PDF's in illustator CS4 any more
I just upgraded to windows 7 a few days ago. For a couple days there was not this problem, but now I can't save anything as a PDF file. I un installed Illustrator and just re installed it. I can save in PS so it seems to be isolated to illustrator. I