Checkbox for authenticated sessions missing in 3.6.3

I am a tech support person for users of Blackboard CE8, an online learning management system. We have told users of earlier Firefox versions to "Clear Private Data" and then check a box for authenticated sessions in order enable certain features of Blackboard. Now, it's "Clear Recent History" which I've done (again and again). There is nothing in 3.6.3 that pertains directly to "authenticated sessions." What, then, is the troubleshooting step in 3.6.3 that is *equivalent* to checking the box for authenticated sessions?

We ran this solution past the user with this problem, and it didn't take. We also tried these steps to ream out Java on the user's computer. (See the list of steps below). It still didn't take.
1. With no programs open, remove all versions of Java: Go to the Start menu, and choose Control Panel.
2. Open Add/Remove Programs (for Windows XP) or Uninstall Program (for Windows VISTA)
3. Remove ALL instances of Java.
4. Close all windows.
5. Install current version of Java: go to http://www.java.com/en/download/manual.jsp
6. Click the link Windows 7/XP/Vista/2000/2003/2008 Online ( http://javadl.sun.com/webapps/download/AutoDL?BundleId=39502 )
7. Choose Run and follow instructions to install Java.
8. After installation, open Firefox and go to your course.
9. Be sure that popups are enabled in your browser or disable your popup blocker.
10. If you receive a Security Alert popup window, choose "Always trust content from this publisher" and then press Run.
11. You can now try to browse your computer to add an attachment, to see if you can see the My Files icon.
We have since advised the user to try using Internet Explorer 8, which is certified for use with Blackboard CE8. This is clearly not a desirable option from Firefox perspective.

Similar Messages

  • When customising toolbar item only stays for current session, missing when Firefox is reopened

    I want to add a 'Bookmarks' icon next to the 'Refresh' icon on the tool bar. When I customise and then click 'Done' the icon appears and functions correctly. The icon stays for the open session with Firefox. However after closing and then reloading the icon is not there. Any ideas please.

    See this: <br />
    https://support.mozilla.com/en-US/kb/Preferences+are+not+saved

  • Nnot Get Session Key for Authentication

    I found in trace file of my application
    (TRACE_LEVEL_CLIENT = SUPPORT in sqlnet.ora):
    ORA-28035 Cannot Get Session Key for Authentication
    Cause: Client and server cannot negotiate shared secret during logon.
    What is the session key and how to obtain it?

    DISABLE_OOB = ON
    NAMES.DEFAULT_DOMAIN = domain
    NAMES.DIRECTORY_PATH= (TNSNAMES)
    SQLNET.CRYPTO_SEED = P9EBHPQFLEIAJNUFAZHQP8JBNES8EBEEHS895LCWW9UZKO9HR2R2E5GDN7JV15T27QJO97D89BQAWSRF
    # SQLNET.CRYPTO_CHECKSUM_SERVER = requested
    # SQLNET.CRYPTO_CHECKSUM_CLIENT = requested
    # SQLNET.ENCRYPTION_SERVER = requested
    # SQLNET.ENCRYPTION_CLIENT = requested
    SQLNET.RADIUS_AUTHENTICATION = ad1.domain
    # SQLNET.RADIUS_AUTHENTICATION_PORT = (PORT)
    SQLNET.RADIUS_AUTHENTICATION_TIMEOUT = 5
    SQLNET.RADIUS_AUTHENTICATION_RETRIES = 3
    SQLNET.RADIUS_ALTERNATE = ad2.nlmk
    # SQLNET.RADIUS_ALTERNATE_PORT = (1645)
    SQLNET.RADIUS_ALTERNATE_TIMEOUT = 5
    SQLNET.RADIUS_ALTERNATE_RETRIES = 3
    SQLNET.RADIUS_SEND_ACCOUNTING = ON
    # SQLNET.RADIUS_SECRET=(path/radius.key)
    SQLNET.AUTHENTICATION_SERVICES = (NTS, BEQ,RADIUS)
    # TRACE_LEVEL_CLIENT = SUPPORT
    # TRACE_LEVEL_SERVER = SUPPORT
    domain is the name of my windows domain
    TNSNAMES.ORA
    SERVER.DOMAIN =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = TCP)(HOST = server.domain)(PORT = 1521))
    (CONNECT_DATA =
    (SERVICE_NAME = server.domain)
    )

  • Using Hyper-V 2012 r2, connecting to the console results in: A certification authority could not be contacted for authentication.

    I'm having some trouble with authentication to guests from my Hyper-V console.
    If I try to connect from the Hyper-V Manager to the console of any guest, I get the error:
    "A certification authority could not be contacted for authentication. If you are using a Remote Desktop Gateway with a smart card, try connecting to the remote computer using a password. For assistance, contact your system administrator or technical support."
    I'm not using an RDG and smart card.
    I have 2 virtual networks. The first is Production, the second is Isolated. Production has 2 NICs attached to the Production LAN, the second has 2 NICs in our DMZ. The host is a member server of the production domain. I can use MSTSC from the LAN or the DMZ
    to gain access to each Guest and the Host.
    The issues start if I try "Connect" from Hyper-V Manager in an attempt to use the console of any Guest. Each attempt fails with the above error. If I use an incorrect password, I get a different error: "The credentials that were used to connect
    to {Server FQDN} did not work. Please enter new credentials."
    Taking a look at the the event logs, I can see the session successfully authenticating to the Guest (4776 Credential validation and 4624 Logon), and the fact I get a different error if I enter an incorrect password show I get some way along the line. However
    if I take a look at the logs on the Host, however I get:
    An account failed to log on.
        Subject:
            Security ID:        NULL SID
            Account Name:        -
            Account Domain:        -
            Logon ID:        0x0    
        Logon Type:            3
        Account For Which Logon Failed:
            Security ID:        NULL SID
            Account Name:        
            Account Domain:        
        Failure Information:
            Failure Reason:        An Error occured during Logon.
            Status:            0xC000006D
            Sub Status:        0xC000005E
        Process Information:
            Caller Process ID:    0x0
            Caller Process Name:    -
        Network Information:
            Workstation Name:    -
            Source Network Address:    -
            Source Port:        -
        Detailed Authentication Information:
            Logon Process:        Kerberos
            Authentication Package:    Kerberos
            Transited Services:    -
            Package Name (NTLM only):    -
            Key Length:        0
        This event is generated when a logon request fails. It is generated on the computer where access was attempted.
        The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
        The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
        The Process Information fields indicate which account and process on the system requested the logon.
        The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
        The authentication information fields provide detailed information about this specific logon request.
            - Transited services indicate which intermediate services have participated in this logon request.
            - Package name indicates which sub-protocol was used among the NTLM protocols.
            - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
    Which looks to me like a blank authentication request is being sent? (I've not deleted any machine/domain names, they're just not present)
    Any suggestions? Do you think I'm barking up the wrong tree?
    Thoughts and comments gratefully received

    Hi,
    What’s your guest system platform, base on my experience that must be the not supported guest system issue, the generation 2 vm only support the Windows 8 or 8.1 platform.
    The related KB:
    Generation 2 Virtual Machine Overview
    http://technet.microsoft.com/en-us/library/dn282285.aspx
    Hope this hleps.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Java Applet Constantly Asks for Authentication

    With have a ADF application on Weblogic 10 that has occasional access to a Java applet. The Java applet is loaded whenever it's needed and not loaded whenever it isn't in a facet. The applet is currently in the public_html/applet folder.
    When we set the SSL configuration to requiring a client certificate, when the Java applet loads, it'll constantly ask for a client certificate even though the user already presented the client when hitting the website:
    Request Authentication Identification required. Please select certificate to be used for authentication.
    This is annoying to users and the Java Applet doesn't need authentication. Is there any way we can disable the authentication or remove the prompt?
    Here's the embedded applet code:
    <applet height="1" width="1" code="applet.Applet.class"archive="/app/applet/SApplet.jar" /><param name="permissions" value="all-permissions"/></applet>
    Things I've already tried:
    1) Setting the Applet up on HTTP instead of HTTPS; I get a warning about mixed content and still get the authentication pop-up.
    2) Created a minimal applet that only types out "HELLO WORLD" in the console, still get the authentication pop-up
    Here's the console window:
    Java Plug-in 1.6.0_35
    Using JRE version 1.6.0_35-b10 Java HotSpot(TM) Client VM
    User home directory = C:\Users\mfan
    security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
    security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
    security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
    security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
    security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
    security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
    security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
    security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
    security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
    security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
    security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
    security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
    security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
    security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
    security: property package.definition value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
    security: property package.definition new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
    basic: Added progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@1df073d
    basic: Plugin2ClassLoader.addURL parent called for https://192.168.130.99/app/applet/HelloWorld.jar
    network: Cache entry not found [url: https://192.168.130.99/app/applet/HelloWorld.jar, version: null]
    network: Connecting https://192.168.130.99/app/applet/HelloWorld.jar with proxy=DIRECT
    network: Connecting http://192.168.130.99:443/ with proxy=DIRECT
    security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
    security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
    security: Loading SSL Root CA certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecacerts
    security: Loaded SSL Root CA certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecacerts
    security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
    security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
    security: Loading Deployment SSL certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecerts
    security: Loaded Deployment SSL certificates from C:\Users\mfan\AppData\LocalLow\Sun\Java\Deployment\security\trusted.jssecerts
    security: Loading certificates from Deployment session certificate store
    security: Loaded certificates from Deployment session certificate store
    security: Loading certificates from Internet Explorer ROOT certificate store
    security: Loaded certificates from Internet Explorer ROOT certificate store
    security: Checking if certificate is in Deployment denied certificate store
    security: Checking if certificate is in Deployment session certificate store
    security: Checking if SSL certificate is in Deployment permanent certificate store
    security: KeyUsage does not allow digital signatures
    (and here's where the prompt comes up).

    Actually, setting the archive to http://URL works fine. No more request authentications come up.

  • Policy agent using https redirect to AM for authentication

    We are using Access Manager 6 2005Q1.
    Access Manager is running on box A & box B using the Sun Web Server as its front end web server. Box A & B both have a complete install of Sun Web Server, Access Manager, and Directory Server. The Directory servers are set up to replicate changes between each other. Our Policy Agents are running on box C & box D under the Apache web servers.
    Users will access applications on box C/D via https. The policy agents on box C/D should redirect the user to box A/B (via a load balancer VIP)for authentication. The redirect will be https. Once authenticated the user should be redirected back to box C/D.
    All subsequent communications between the Agents on box C/D to AM on box A/B (via load balancer VIP) are http.
    Our load balancer is currently setup as active/failover because it does not support ssl with cookies.
    In our AMAgent.properties file if I set 'com.sun.am.policy.am.loginURL = http://<lb-vip>:80/amserver/UI/Login' and access box C/D as https://<webserver>/<url> I am redirected to AM on box A/B for authentication. Once authenticated I am redirected back to box C/D and allowed access to <url>.
    However, if I set 'com.sun.am.policy.am.loginURL = https://<lb-vip>:443/amserver/UI/Login' and access box C/D as https://<webserver>/<url> I am NOT redirected to AM and receive 'Forbidden You don't have permission to access /<url> on this server. Also in the agent log file I see:
         2006-01-30 12:42:30.792 Debug 28126:203470 PolicyAgent: in_not_enforced_list():enforcing access control for https://<webserver>:443/<url>
         2006-01-30 12:42:30.792 Debug 28126:203470 PolicyAgent: am_web_is_access_allowed https://<webserver>:443/<url>S, GET) no sso token, setting status to invalid session.
         2006-01-30 12:42:30.792 Debug 28126:203470 PolicyAgent: Policy Agent: am_web_is_access_allowed returned status=invalid session
         2006-01-30 12:42:32.800 Warning 28126:203470 PolicyAgent: am_web_get_redirect_url() unable to find active Identity Server Auth server.
         2006-01-30 12:42:32.800 Info 28126:203470 PolicyAgent: do_redirect(): Status Code= invalid session.
    Interestingly if I set 'com.sun.am.policy.am.loginURL = https://<am-server>:443/amserver/UI/Login' and access box C/D as https://<webserver>/<url> I am redirected to AM on box A/B for authentication. Once authenticated I am redirected back to box C/D and allowed access to <url>. In this scenario the only difference is I am bypassing the load balancer.
    Our networking people have monitored the load balancer in front of our AM boxes A/B and see the traffic going to AM in all cases.
    From my standpoint it appears the agent is not able to successfully connect to AM via https when going through the load balancer.
    Any help with this configuration issue is appreciated.

    Bernhard,
    From our AMAgent.properties... com.sun.am.policy.agents.version=2.1. Is there a way for me to tell if this is truely only 2.1 or 2.1-xx?
    Because our LB does not support SSL with cookies we are currently configured as active/failover so all requests are going to the same AM server until it goes down, at which time I know users have to re-authenticate. Also we have set "com.sun.am.loadBalancer_enable = true" in AMAgent.properties.
    We understand your point about loginURL. Infact there are two properties dealing with loginURL, com.sun.am.policy.am.loginURL and com.sun.am.policy.am.library.loginURL. Based on the comments in AMAgent.properties my understanding is that com.sun.am.policy.am.loginURL is where the user is redirected for login when no valid SSO token is found and com.sun.am.policy.am.library.loginURL is what the agent uses to authenticate itself "If the previously specified login URL must be exclusively used for redirecting users..." The interesting part is that if we set com.sun.am.policy.am.loginURL to use http everything works just fine, however if we set it to use https the user never gets redirected. Its almost like the agent is trying to connect there first before doing the redirect and can not.
    Craig

  • ERR-1002 Unable to find item ID for item "SESSION"

    Hi All,
    We have recently ugpraded from Aoex 3.1 to 3.2 and have now noticed on occasions that i get the following error when logging in...
    Unexpected error, unable to find item name at application or page level.
    ERR-1002 Unable to find item ID for item "SESSION" in application "2500".
    Return to application.I have been making changes to the application but have not changed anything to do with the SESSION item, i thought that was built into APEX so am not sure why it cannot find it.
    The error mainly happens if i clear the internet cache and try logging in again on a new session, i click Return to Application and try logging in again but get the error. If i login as a different user it logs in.
    Has this happened to anyone else?
    Thanks
    Graham

    Scott,
    Sorry, typing error, i meant 3.0 to 3.1.
    when a user clicks login the following happens...
    A Validation runs to determine if the username and pasword is right and if the user has parts to be accepted when logging in....
    DECLARE
      V_User_Check     VARCHAR2(800);
    BEGIN
        V_User_Check := M_USERS_VALIDATE_LOGIN(
           :P101_USERNAME, :P101_PASSWORD, :SESSION, :P101_BENCH, :P101_BENCH_ID);
        IF V_User_Check = 'PASSWORD_CHANGE' THEN
          :P101_PASSWORD_CHANGE := 'YES';
          RETURN 'You password must be changed for security purposes.  ' ||
                 'Please enter and retype a new password, then confirm the ' ||
                 'change by entering your existing password.';
        ELSIF V_User_Check = 'INVALID_USERNAME' THEN
          RETURN 'The username has not been recognised, please re-enter.';
        ELSIF V_User_Check = 'INVALID_PASSWORD' THEN
          RETURN 'The password entered is invalid, please re-enter.';
        ELSIF V_User_Check = 'ACCEPT_PARTS' THEN
          :P101_PARTS_TO_ACCEPT := 'YES';
          RETURN 'There are parts at this bench that need to be accepted/rejected for you to use, please check the quantities carefully.';
        ELSIF V_User_Check = 'OK' THEN
          RETURN '';
        ELSE
          RETURN V_User_Check;
        END IF;
    END;The following function is called from the Authentication Scheme (return authenticate_m_user;)
    CREATE OR REPLACE FUNCTION authenticate_m_user(p_username IN VARCHAR2, p_password IN VARCHAR2)RETURN BOOLEAN IS
      CURSOR m_cur( username_p VARCHAR,password_p VARCHAR) IS
        SELECT COUNT(*) user_count FROM m_users
        WHERE UPPER(username) = username_p
        AND PASSWORD = password_p AND in_use = 'Y';
      result_v                BOOLEAN := FALSE;
      V_Admin                 VARCHAR2(1) :=  'N';
    BEGIN
      FOR m_rec IN m_cur(p_username, dbms_obfuscation_toolkit.md5( input_string => p_password))
      LOOP
        IF m_rec.user_count = 1 THEN
          result_v    := TRUE;
        END IF;
      END LOOP;
      IF result_v = TRUE THEN
          UPDATE m_users
            SET logged_in = 'Y', last_login_date = sysdate
            WHERE upper(username) = upper(p_username);
          COMMIT;
      END IF;
      RETURN result_v;
    END authenticate_m_user;Also when i encounter the error if i keep clicking Login it keeps throwing the error, but if i turn on debug and then click login again it logs in ok.
    Hope this helps.
    Graham.

  • RD Gateway prompts for authentication

    Setup:
    Deployment Type: 2012 RD Session based deployment
    Domain level: 2012
    DNS: separate internal and public domain names
    Clients: Windows 8.1 ENT
    Session Host: Two RDSH Collections
    Broker: Single RDSB server
    RD WEB: Single RDGW+RDWEB server in DMZ
    SSO setup as per M$ and community KBs
    Certificates: RDWEB/RDB/RDGW - Public PKI (remote.contoso.com); RDSH - Self-Signed (*.contoso.local)
    Form-based authentications has been replaced with Windows Integrated and Clients successfully logon onto the Remote.Contoso.com without credential prompts.
    RemoteApp Client gets configured via a GPO without any issues and Feed syncs fine.
    Issue:
    Upon attempt to launch RemoteApp either via Web or RemoteApp Client client receive a credential prompt from RD Gateway for authentication: *Type your user name and password to connect to Contoso RemoteApps*
    Notes:
    The Credential Manager shows no saved credentials for the remote.contoso.com, despite the configured RemoteApp Client. If I manually add an entry under Windows Credentials for Remote.Contoso.com with
    USER1`s credentials, then there is no prompt and application launches.
    Even if the credentials I enter are for USER2, even then the application is launched under the initial
    USER1.

    Hi,
    Thanks for your comment. Sorry for late response.
    Enabling the setting through the RDP file:
    Alternatively, the single credential prompt setting can be manipulated from the RDP file.
    1. Open the RDP file in Notepad.exe.
    2. To enable the setting, the user can enter "promptcredentialonce:i:1" in the RDP file.
    3. If the user wants to disable the setting, then user can enter "promptcredentialonce:i:0" in the RDP file.
    More information for reference.
    Single credential prompt for TS Gateway Server and Terminal Server
    http://blogs.msdn.com/b/rds/archive/2007/05/04/single-credential-prompt-for-ts-gateway-server-and-terminal-server.aspx
    In addition, please check the GPO setting whether you have configure the credential delegation policy for SSO. Please go through following article.
    Remote Desktop Web Access single sign-on now easier to enable in Windows Server 2012
    http://blogs.msdn.com/b/rds/archive/2012/06/25/remote-desktop-web-access-single-sign-on-now-easier-to-enable-in-windows-server-2012.aspx
    Hope it helps!
    Thanks.
    Dharmesh Solanki

  • Write code for authentication of username and password using struts

    write code for authentication of username and password using session using struts with jdbc connection..

    write code for authentication of username and
    password using session using struts with jdbc
    connection..and please, allow me to spoon feed you!

  • IP address unknown "show authentication session interface"

    Hi,
    I have the following issue:
    Several hosts on a specific VLAN cannot reach a VNC server which is located in the same VLAN. All the ports are running 802.1X and hosts are authenticated based on certificate.
    The hosts that have the issue are always authenticated with success and a "show authentication session interface <INT-NAME>" shows the following output for a client:
    SWl#sh authentication sessions interface g1/0/42
                Interface:  GigabitEthernet1/0/42
              MAC Address:  4437.e668.9896
               IP Address:  Unknown
                   Status:  Authz Success
                   Domain:  DATA
           Oper host mode:  multi-domain
         Oper control dir:  both
            Authorized By:  Authentication Server
              Vlan Policy:  100
          Session timeout:  N/A
             Idle timeout:  N/A
        Common Session ID:  0000000000000AA09F7A3843
          Acct Session ID:  0x00000CD7
                   Handle:  0x2D000AA0
    The server:
    SW#sh authentication sessions interface g2/0/43   
                Interface:  GigabitEthernet2/0/43
              MAC Address:  4437.e68a.4048
               IP Address:  10.10.10.254
                      Status:  Authz Success
                   Domain:  DATA
           Oper host mode:  multi-domain
         Oper control dir:  both
            Authorized By:  Authentication Server
              Vlan Policy:  100
          Session timeout:  N/A
             Idle timeout:  N/A
        Common Session ID:  00000000000008DC576F3B64
          Acct Session ID:  0x000009CB
                   Handle:  0x200008DC
    If I do a "clear authentication sessions interface g1/0/42" on one of the client port then the IP address is not unknown anymore:
    SW#sh authentication sessions interface g1/0/42
                Interface:  GigabitEthernet1/0/42
              MAC Address:  4437.e668.9896
               IP Address:  10.10.10.20
                  Status:  Authz Success
                   Domain:  DATA
           Oper host mode:  multi-domain
         Oper control dir:  both
            Authorized By:  Authentication Server
              Vlan Policy:  100
          Session timeout:  N/A
             Idle timeout:  N/A
        Common Session ID:  0000000000000E63AA195FED
          Acct Session ID:  0x000010A6
                   Handle:  0x92000E63
    Then the client can connect to the server without any issues. Does anyone has a solution to fix this issue?
    All port are configured the same (client and server) and DHCP snooping is runing for the authenticated VLAN (100):
    interface GigabitEthernet1/0/42
    switchport access vlan 999
    switchport mode access
    switchport nonegotiate
    switchport block multicast
    switchport block unicast
    switchport port-security maximum 4
    switchport port-security
    switchport port-security violation restrict
    ip arp inspection limit rate 50
    authentication host-mode multi-domain
    authentication port-control auto
    mab
    dot1x pae authenticator
    dot1x timeout tx-period 5
    storm-control broadcast level 5.00
    storm-control action shutdown
    no vtp
    ip dhcp snooping limit rate 50
    Platform: cisco WS-C3750X-48P
    IOS: c3750e-universalk9-mz.122-55.SE3.bin
    Authentication Server: Cisco ISE
    Best regards,
    Laurent

    Hi Tarik,
    Is this command used in combination with dot1x? The switch is running DHCP snooping so the MAC/IP/VLAN should already be present in the DHCP snooping database, no?
    I would like to understand what is causing the problem and how this command can solve it
    Regards,
    Laurent

  • SAP Authentication Method Missing

    Dear Experts, I have been having this problem for sometime. I have redone the whole work again just to make sure I'm not missing anything. Any help is appreciated.
    I'm on BO XI R2, with Tomcat 5.0,27, Windows 2003 environment, Java connector 2.1.8,
    I'm missing SAP authentication method in the Java InfoView. I have Enterprise, LDAP and WinAD in the list but not SAP authentication. While my Java Infoview for SAP works just fine.
    Also with IIS, the .NET InfoView does have SAP authentication and it works fine as well.
    Kindly assist me in fixing this.
    BTW, which configuration file in tomcat hold this info about authentication methods?

    8 --> Configured the Kerberos Windows AD Authentication in BOE System (these includes the steps to apply it on IIS and Java Application Servers (Tomcat)) by following the
             instructions in BusinessObjects Enterpriseu2122 XI Release 2 Deployment and Configuration Guide, Chapter 13
    9 --> Installed Live Office Client 11.5.8.826 (server and client component on the same machine)
           a) Enabled Live Office client components (by running the enable_addin.exe utility)
           b) Running side-by-side Live Office installations (enable the Live Office Add-In)
    10 --> Install Xcelsius 2008, Version 12.1.0.247
    11 --> Install BusinessObjects XI Release 2 Integration Kit for SAP SP1
    12 --> Install BusinessObjects XI R2 Service Pack 2 for Integration Kits
    13 --> Make sure that BOE Sample Reports is imported to the installed BOE system
    14 --> Configured and Tested IIS for SAP Authentication with SSO for SAP InfoView in BI system and
               SAP Enterprise System to point to the installed BOE system
    15 --> Configure Tomcat (Web.config files) to use BOE Cluster Name & SAP Authentication with SSO
              enabled for SAP InfoView site when it is used from the SAP Enterprise Portal
    16 -->Tested to logon to Live Office with SAP Authentication. SAP Authentication is missing in the Live
             Office like Java InfoView
    Kindly point out to me where I'm going wrong?

  • Disable checkbox for some records in a datasource

    Hi,
    I am having a datatable which is binded to a datasource. There is a check box for every record in the list. Check on some records and click the submit button. After that i want the records i have already submitted to be disabled(checkbox disabled) when the page is refreshed. Is there any way to do it. plz help. Thanks in advance

    I would have a table field to store the submitted items, so that when you open the page you can compare with that field and use <html:checkbox disabled="true"....> for the submitted records. I think it will work out. Is this only just for that session?

  • "Hold for Authentication" printer error

    Since upgrading to Mavericks (did a clean install, so not sure if Mavericks is the culprit per se) whenever I attempt to print to a networked printer (I am the lone mac in a Windows environment) I get the error "Hold for Authentication".  Any suggestions?  Here are some further details
    If I have logged into a network drive, when I click the circular arrow on the right of the error message, I am prompted for my user name and password.  BOTH my network user name/password or guest/guest will result in successful printing
    Each print job requires me to enter user name/pw, regardless of whether I have just entered it for a previous job
    If I have NOT logged into a network drive, no combination of my name/pw or guest/guest will result in a successful print - I just keep getting the hold for authentication error
    Steps I have tried to take:
    Resetting the printing system
    deleting the printer and adding it again with a new name
    Different comibinations of checking or not checing the "remember this password in my keychain" box
    I am totally flummoxed and frustrated.  Any ideas?

    I read many threads before discovering this simple fix:
    Go to Settings > Printers & Scanners > Add a Printer (the + symbol)
    Do NOT select any printers that you initially see displayed. They never worked for me. Instead, select the Windows tab (off to the right) <--- this is the step I constantly missed
    Walk down through Workgroup (at least that's how my network was referred to by the PC) > Name of the PC > Name of the Printer (a short name assigned in Windows)
    This FINALLY solved my problem. Oh, and when asked for “Authentication” (name and password), enter the name used to log onto the PC (from the Start menu) and the password used to log onto the PC. Allow this information to be saved in Keychain on the Mac so it won’t have to be entered in the future.
    Hope this helps any future frustrated newbies.

  • Creating Kerberos Identity for RD Session Host Farms for w 2012 r2

    anyone knows how Creating Kerberos Identity for RD Session Host Farms for w 2012 r2.
    I tried what they said the post
    to w 2008, With
    powershell I find the possibility and the
    script indicates the error class is not
    valid

    Hi,
    Referring to your comment, here providing you article for Kerberos authentication in server 2012. Please refer to the below article.
    What's New in Kerberos Authentication (You can refer for Server 2012 R2)
    http://technet.microsoft.com/en-us/library/hh831747.aspx
    Hope it helps!
    Regards.

  • Authentication & Session Management questions

    Hi. Apex 2.2.1. I'm going crazy trying to set up authentication for my application. I'd appreciate any pointers. My scenario is
    Siteminder intercepts all calls to the application
    User authenticates with Siteminder
    If authenticated, Siteminder sets HTTP_SM_USER in the header
    If not authenticated, then APEX is never called
    Pull the user out of the header
    Create a session if needed
    Log the user in if needed
    Redirect the user to the request page
    I've followed the example that I've found in the forum and set up a page sentry function to create a session when the user first comes in. After that I try to verify that the session belongs to them. That's not working because wwv_flow_custom_auth_std.get_username never returns a value. I think that's because I'm not logging the user in to APEX. I can't figure out the difference between wwv_flow_custom_auth_std.post_login and wwv_flow_custom_auth_std.login. (it probably doesn't help that I inherited the application from some consultants that left a year ago and there is no documentation on it or even APEX here at my site).
    Mike

    Thanks, Scott. The problem is that it seems to keep looping. You can see from the log that it creates the session, then invalidates it, then creates it, etc.
    Mike
    debug log
         384     1000     Enter 604 - 1 user MDHENDER session NOT valid
         384     4000     session is NOT valid
         384     4100     dn_network_id is acct\mdhender
         384     5000     creating a new session
         384     5010     created new session
         384     6000     setting up follow up url
         384     6010     follow up url is 604:1:
         384     7000     register new session
         384     7010     registered session
         384     9000     clean exit
         385     1000     Enter 604 - 1 user MDHENDER session valid
         385     3000     session is valid 1707655438517376
         385     3010     authenticated user MDHENDER cookie
         385     3100     marker
         385     3200     marker
         386     1000     Enter 604 - 1 user MDHENDER session NOT valid
         386     4000     session is NOT valid
         386     4100     dn_network_id is acct\mdhender
         386     5000     creating a new session
         386     5010     created new session
         386     6000     setting up follow up url
         386     6010     follow up url is 604:1:
         386     7000     register new session
         386     7010     registered session
         386     9000     clean exit
         387     1000     Enter 604 - 1 user MDHENDER session valid
         387     3000     session is valid 2743127946937676
         387     3010     authenticated user MDHENDER cookie
         387     3100     marker
         387     3200     marker
    Here is the code
    <code>
    CREATE OR REPLACE FUNCTION lmf_siteminder_page_sentry RETURN BOOLEAN IS
    vAuthenticatedUsername VARCHAR2(512);
    vCurrentSessionId NUMBER;
    vDeclaredUser VARCHAR2(512);
    vLogFlag VARCHAR2(1);
    vMaxIdleMinutes NUMBER := 15;
    vNextPage VARCHAR2(1024);
    vTransNo NUMBER;
    PROCEDURE log_msg(vFlag in varchar2,
    vTransNo in number,
    vSeqNo in number,
    vMessage in varchar2) is
    pragma autonomous_transaction;
    BEGIN
    IF vFlag = 'Y' THEN
    insert into sm_debug_log
    (transno, seqno, msg)
    values
    (vTransNo, vSeqNo, vMessage);
    commit;
    END IF;
    EXCEPTION
    WHEN OTHERS THEN
    rollback;
    raise;
    END;
    -- determine if the siteminder user is authorized
    FUNCTION CheckAuthorizedUser(vUserName in varchar2) return boolean is
    vDeclaredUser VARCHAR2(512);
    BEGIN
    -- verify that the user is supposed to have access to the application.
    -- a quick check of the authorized users table will settle that question
    select dn_network_id
    into vDeclaredUser
    from user_authorization
    where UPPER(network_id) = UPPER(vUserName);
    return true;
    EXCEPTION
    WHEN OTHERS THEN
    return false;
    END;
    -- if the session cookie's user matches our authenticated user then
    -- return true
    FUNCTION CheckCookieUser(vUserName in varchar2) return boolean is
    BEGIN
    IF vAuthenticatedUsername = wwv_flow_custom_auth_std.get_username THEN
    return true;
    END IF;
    return false;
    END;
    FUNCTION URLRedirect(vUrl IN varchar2) return boolean is
    BEGIN
    log_msg(vLogFlag, vTransNo, 9999, 'redirect => ' || vUrl);
    owa_util.redirect_url(vUrl, true);
    wwv_flow.g_unrecoverable_error := true;
    return false;
    END;
    BEGIN
    BEGIN
    select debug, sm_seq_no.nextval
    into vLogFlag, vTransNo
    from sm_settings;
    EXCEPTION
    WHEN OTHERS THEN
    vLogFlag := 'N';
    END;
    -- get authenticated user from siteminder. APEX may expect it
    -- to be upper case
    vAuthenticatedUsername := UPPER(lmf_siteminder_user());
    IF wwv_flow_custom_auth_std.is_session_valid THEN
    log_msg(vLogFlag,
    vTransNo,
    1000,
    'Enter ' || v('APP_ID') || ' - ' || v('APP_PAGE_ID') ||
    ' user ' || nvl(vAuthenticatedUsername, '*null*') ||
    ' session valid');
    ELSE
    log_msg(vLogFlag,
    vTransNo,
    1000,
    'Enter ' || v('APP_ID') || ' - ' || v('APP_PAGE_ID') ||
    ' user ' || nvl(vAuthenticatedUsername, '*null*') ||
    ' session NOT valid');
    END IF;
    -- no surprise here - let anyone view a page flagged as public
    IF htmldb_custom_auth.current_page_is_public THEN
    log_msg(vLogFlag, vTransNo, 1010, 'current page is public');
    return true;
    END IF;
    -- redirect all unauthorized users to our no-access page
    IF not CheckAuthorizedUser(vAuthenticatedUsername) THEN
    -- send the user to our unathorized page
    log_msg(vLogFlag,
    vTransNo,
    1100,
    'unable to find dn_network_id for authenticated user ' ||
    lmf_siteminder_user());
    log_msg(vLogFlag,
    vTransNo,
    1110,
    'try a redirect to ' || '/pls/apex/f?p=' || v('APP_ID') ||
    ':105:' || vCurrentSessionId || ':');
    return URLRedirect('/pls/apex/f?p=' || v('APP_ID') || ':105:' ||
    vCurrentSessionId || ':');
    END IF;
    -- use the current session if it is valid and assigned to
    -- our authenticated user
    IF wwv_flow_custom_auth_std.is_session_valid THEN
    vCurrentSessionId := wwv_flow_custom_auth_std.get_session_id_from_cookie;
    log_msg(vLogFlag,
    vTransNo,
    3000,
    'session is valid ' || vCurrentSessionId);
    log_msg(vLogFlag,
    vTransNo,
    3010,
    'authenticated user ' || vAuthenticatedUsername || ' cookie ' ||
    wwv_flow_custom_auth_std.get_username);
    -- if the session cookie's user matches our authenticated user then
    -- accept it and proceed with displaying the page
    IF CheckCookieUser(vAuthenticatedUsername) THEN
    wwv_flow_custom_auth.define_user_session(p_user => vAuthenticatedUsername,
    p_session_id => vCurrentSessionId);
    return true;
    END IF;
    log_msg(vLogFlag, vTransNo, 3100, 'marker');
    -- the names do not match. assume that someone hijacked the session.
    -- invalidate it and bump them out
    -- Unset the session cookie and redirect back here to take other branch
    wwv_flow_custom_auth_std.logout(p_this_flow => v('APP_ID'),
    p_next_flow_page_sess => v('APP_ID') || ':' ||
    nvl(v('APP_PAGE_ID'),
    0) || ':' ||
    vCurrentSessionId);
    wwv_flow.g_unrecoverable_error := true;
    log_msg(vLogFlag, vTransNo, 3200, 'marker');
    -- tell APEX that we are not pleased
    return false;
    END IF;
    log_msg(vLogFlag, vTransNo, 4000, 'session is NOT valid');
    -- we did not have a valid session so verify that the user is supposed
    -- to access our application. a quick check of the authorized users
    -- table will settle that question for us
    BEGIN
    select dn_network_id
    into vDeclaredUser
    from user_authorization
    where UPPER(network_id) = vAuthenticatedUsername;
    log_msg(vLogFlag, vTransNo, 4100, 'dn_network_id is ' || vDeclaredUser);
    EXCEPTION
    WHEN NO_DATA_FOUND THEN
    -- send the user to our unathorized page
    log_msg(vLogFlag,
    vTransNo,
    4900,
    'unable to find dn_network_id for authenticated user ' ||
    vDeclaredUser);
    log_msg(vLogFlag,
    vTransNo,
    4910,
    'try a redirect to ' || '/pls/apex/f?p=' || v('APP_ID') ||
    ':105:' || vCurrentSessionId || ':');
    return URLRedirect('/pls/apex/f?p=' || v('APP_ID') || ':105:' ||
    vCurrentSessionId || ':');
    END;
    -- create new session
    log_msg(vLogFlag, vTransNo, 5000, 'creating a new session');
    wwv_flow_custom_auth.define_user_session(p_user => vAuthenticatedUsername,
    p_session_id => wwv_flow_custom_auth.get_next_session_id);
    log_msg(vLogFlag, vTransNo, 5010, 'created new session');
    wwv_flow.g_unrecoverable_error := true;
    -- set cookie
    -- set the followup URL to page 1
    log_msg(vLogFlag, vTransNo, 6000, 'setting up follow up url');
    vNextPage := to_char(wwv_flow.g_flow_id) || ':1:';
    log_msg(vLogFlag, vTransNo, 6010, 'follow up url is ' || vNextPage);
    --wwv_flow_custom_auth.remember_deep_link(p_url => vNextPage);
    --log_msg(vLogFlag, vTransNo, 6020, 'completed follow up url');
    --IF owa_util.get_cgi_env('REQUEST_METHOD') = 'GET' THEN
    -- wwv_flow_custom_auth.remember_deep_link(p_url => 'f?' ||
    -- wwv_flow_utilities.url_decode2(owa_util.get_cgi_env('QUERY_STRING')));
    --ELSE
    -- wwv_flow_custom_auth.remember_deep_link(p_url => 'f?p=' ||
    -- to_char(wwv_flow.g_flow_id) || ':' ||
    -- to_char(nvl(wwv_flow.g_flow_step_id,
    -- 0)) || ':' ||
    -- to_char(wwv_flow.g_instance));
    --END IF;
    -- register new session with the application
    log_msg(vLogFlag, vTransNo, 7000, 'register new session');
    if 0 < 1 then
    wwv_flow_custom_auth_std.post_login(p_uname => vAuthenticatedUsername,
    p_flow_page => vNextPage);
    log_msg(vLogFlag, vTransNo, 7010, 'registered session');
    else
    wwv_flow_custom_auth_std.login(P_UNAME => vAuthenticatedUsername,
    P_PASSWORD => 'dummy',
    P_SESSION_ID => v('APP_SESSION'),
    P_FLOW_PAGE => v('APP_ID') || ':1');
    log_msg(vLogFlag, vTransNo, 7011, 'registered session');
    end if;
    if 0 > 1 then
    owa_util.mime_header('text/html', FALSE);
    owa_cookie.send(name => 'LOGIN_USERNAME_COOKIE',
    value => vAuthenticatedUsername,
    expires => null,
    path => '/',
    secure => 'yes');
    owa_cookie.send(name => 'HTMLDB_IDLE_SESSION',
    value => to_char(sysdate + (vMaxIdleMinutes / 1440),
    'DD-MON-YYYY HH24:MI:SS'),
    expires => null,
    path => '/',
    secure => 'yes');
    end if;
    log_msg(vLogFlag, vTransNo, 9000, 'clean exit');
    -- tell htmldb engine to quit
    return false;
    EXCEPTION
    WHEN OTHERS THEN
    return false;
    END;
    </code>

Maybe you are looking for

  • How does Mavericks handle 2nd monitor differently?

    Since I upgraded to Mavericks, I have liked having a 2nd task bar on my 2nd monitor. But I haven't figured out how it decides where to put pop up windows.    Sometimes they are on one monitor, other times on the other.   How does it decide? And I hav

  • Systemexe.vi

    I am using system exe to run a batch file but just wondering how my labview program knows that all the command in the batch file is finished? I want the batch file to end before I do somethings else. thanks

  • How do I unsave my password from my yahoo sign in. It only started when I started using firefox

    My username and password have been saved on my yahoo account and I want to remove them but cant seem to find the way Please help

  • Cannot proceed with payment in Windows Dev Centre

    Hey there, I'm facing some issues in verifying my user status. I tried the payment through DreamSpark account:  1. In the Get verified through my school option I can't see name of my school situated in Ghaziabad, India. 2. And how to get a verificati

  • Can't save PDF's in illustator CS4 any more

    I just upgraded to windows 7 a few days ago. For a couple days there was not this problem, but now I can't save anything as a PDF file. I un installed Illustrator and just re installed it. I can save in PS so it seems to be isolated to illustrator. I