Client Certificate Mapping authentication using Active Directory across trusted forests
Hi,
We currently have a setup where the on-premises environment and the cloud environment are based on two separate forests linked by a 1-way trust, i.e., the exist in the on-premises AD and the 1-way trust allows them to use their
credentials to login to a cloud domain joined server. This works fine with the Windows authentication.
We are now looking at implementing a 2-Factor authentication using Certificate. The PKI infrastructure exists in the On-Premises Forest. The users are able to successfully login to on-premise servers configured with "AD CLient Certificate
Mapping".
However, we are unable to achieve the same functionality on the cloud domain joined servers. I would like to know
1. Is this possible?
2. If yes, what do we need to do to make this work.
Just to clarify, we are able to authenticate using certificates by enabling anonymous authentication. However, we are unable to do the same after turning on "Client Certificate Mapping authentication using Active Directory"
1. Yes!
2. Before answering this I need to know if your are trying to perform a smart card logon on a desktop/console or if you just want to use certificate based authentication in an application like using a web application with client certificate requirements
and mapping?
/Hasain
We will eventually need it for smartcard logon on to desktop/console. However, at present, I am trying to use this for certificate based authentication on a web application.
To simulate the scenario, I setup up two separate forests and established a trust between them.
I then setup a Windows PKI in one of the forests and issued a client certificate to a user.
I then setup a web server in both the forests and configured them for anonymous authentication with Client SSL requirement configured.
I setup a test ASP page to capture the Login Info on both the servers.
With the client and the server in the same forest, I got the following results
Login Info
LOGON_USER: CORP\ASmith
AUTH_USER: CORP\ASmith
AUTH_TYPE: SSL/PCT
With the client in the domain with the PKI and the server in the other Forest, I got the following response
Login Info
LOGON_USER:
AUTH_USER:
AUTH_TYPE:
I tried the configuration with the Anonymous Authentication turned off and the AD CLient Certificate mapping turned on.
With the client and the server in the same forest, I am able to login to the default page. However, with the server in a trusted forest, I get the following error.
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied
Similar Messages
-
Oracle 9i/10G DB authentication using Active Directory (with out OID)
Hello All,
We want to use a Single-Password authentication scheme using the Active
Directory as the primary source for userId/Password.
We don't want to use the Active Directory and OID bridge.
As we have many databases and would like to configure all Databases to use Active
Directory for Authentication. Our goal is to have single id/password across all
the databases and any user should be able to login from any computer using their
windows id/password, note that we don't want to use the OSAuthentication.
We have read the documents provided by oracle for authentication using Active
Directory, we were able to create Oracle Schema in Active Directory and were
also able to register a DB with Active Directory and then created user as global
user in Oracle Database and provided the DN of the user. When we tried
authenticate with all this setup it comes back and says invalid ID/Password !!!
And with 10G database we get the Oracle Error ORA-03113: end-of-file on communication channel !!
Has any one tried or have information on Integrating Oracle to Auth against Active Directory?
Envoirnment:
Oracle DB Version: 9.2.0 and also tried on 10.0.1 with same results
Operating System: Windows 2000/ Windows 2000 Server
Constraint: We don't want to user OID ( as we don't have license for this
product ! )I have a thread started similar to your request.
OS Authenication on Windows
Somewhere I read this. It works on Oracle 9i on Linux, but I have not tried it with Oracle 9i on Windows.
SHOW PARAMETER OS_AUTHENT_PREFIX;
SHOW PARAMETER REMOTE_OS_AUTHENT;
CREATE USER OPS$SOMEUSER IDENTIFIED EXTERNALLY;
GRANT CREATE SESSION TO OPS$SOMEUSER;
For the username, I wonder if we are supposed to put the Windows Domain name as part of the username? Such as, for a Windows domain user MyDomain\SomeUser
CREATE USER OPS$MYDOMAIN\SOMEUSER IDENTIFIED EXTERNALLY;
I really wish Oracle or somebody created a guide or book on how to do this. -
Portal Authentication using Active Directory
I am trying to set up authentication using Active Directory. Can anyone provide me with instructions on what to do ? I know that I have to go to System Admin - > System Configuration - > UM configuration and change the Data Source. What else do I need to do...How do specify which domain to authenticate against. Do I have to change the XML file. Please help.
It depends on what you wanna do with the AD server. If you want to read/write on the AD then you have to first setup SSL connection between the two boxes.Else if you just want to read from AD server you don't require a SSL connection. Then you have to select the hierarchy type in the System Admin - > System Configuration - > UM configuration. Save.
Next thing you do is to open the config tool and modify your xml file accordingly.
And restsart the server.
Hope this helps.
Regards,
Hassan -
SAP CRM 5.2 user authentication using active directory
hi,
we have a need to authenticate users logging in SAP CRM 5.2 based on active directory user name and password.
scenario is such that users should be able to use their window's logon credentials for logging into SAP CRM 5.2
any ideas or pointers will be appreciated
thank you.RH,
Actually you can do this, but you need a third party product like SECUDE, or other provider to accomplish this without using the portal. I think even with the portal it still might require some type of plugin or work.
You basically have to setup your CRM system to accept SAP logon tickets, and then the authenticating system needs to an issue an SAP Logon ticket.
So yes it can be done, but requires more software than what is delivered with your SAP system.
Take care,
Stephen -
ACS 5.3, EAP-TLS Machine Authentication with Active Directory
I have ACS 5.3. I am testing EAP-TLS Machine Authentication using Active Directory as an external Identity Store. II was testing and everything was going fine until I did some failure testing.
My problem: I deleted my computer account out of Active Directory and tried to authenticate my wireless laptop and it still worked when it should have failed.
Here is some of the output of the ACS log. You can see that the computer could not be found in AD and this was returned to the ACS. However, ACS still went ahead and authenticated the computer successfully.
Evaluating Identity Policy
15006 Matched Default Rule
22037 Authentication Passed
22023 Proceed to attribute retrieval
24433 Looking up machine/host in Active Directory - LAB-PC-PB.VITS.attcst.sbc.com
24437 Machine not found in Active Directory
22016 Identity sequence completed iterating the IDStores
Evaluating Group Mapping Policy
12506 EAP-TLS authentication succeeded
11503 Prepared EAP-Success
Evaluating Exception Authorization Policy
15042 No rule was matched
Evaluating Authorization Policy
15006 Matched Default Rule
15016 Selected Authorization Profile - Permit Access
22065 Max sessions policy passed
22064 New accounting session created in Session cache
11002 Returned RADIUS Access-Accept
I was assuming that if the computer was not found, the Identity Policy would fail, so I did not configure any authorization policy. Do I need an authorization policy to tell the ACS to fail the authentication if the machine cannot be found in AD? If I need an authorization policy, how do I configure it?
Note: In my Identity Store Sequence, I did enable the option:
For Attribute Retrieval only:
If internal user/host not found or disabled then exit sequence and treat as "User Not Found"
but this only seems to work for internal identity stores (at least based on my testing)
Under my Access Policy Identity tab, I configured the following Advanced features:
Advanced Options
If authentication failed
RejectDropContinue
If user not found
RejectDropContinue
If process failed
RejectDropContinue
And that didn't do anything either.
Any ideas? Thanks in advance.Can try the following. Define an attribute to be retrieved from Active Directory and that exists for all objects. When defining the attribute it can be given a default value. Assign a default value which is a value that will never be returned for a real machine entry (eg "DEFAULTVALUE") and give it a "Policy Condition Name"
Then can make a rule in the authorization policy such as
If "Policy Condition Name" equals "DEFAULTVALUE" then "DenyAccess" -
Authentication on Active Directory using JNDI (A Proffessional Appraoch)
I am using following code for getting authenticated on Active Directory by user logon name.
Can any one tell me a more proffessional and fool proof appraoch for authenticating a user on Active Dir through my web interface ???
thanks in advance
* Created on Nov 10, 2004
package auth;
import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
* @author Tushar Agrawal
* Created On Nov 10, 2004
public class UserAuthentication {
public UserAuthentication() {
super();
public NamingEnumeration loginToActiveDirectory(
String logonName,
String password,
String domain) {
boolean success = false;
NamingEnumeration attrs = null;
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.PROVIDER_URL, "ldap://domain:389/dc=SECLORE,dc=com");
env.put(Context.SECURITY_PRINCIPAL, logonName + "@" + domain);
env.put(Context.SECURITY_CREDENTIALS, password);
//env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put("java.naming.ldap.version", "3");
env.put(Context.REFERRAL, "follow");
try {
String base = "";
DirContext ctx = new InitialDirContext(env);
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
controls.setReturningAttributes(
new String[] {
"sAMAccountName",
"userPrincipalName",
"displayName",
"memberOf",
"objectSid",
"title" });
NamingEnumeration e =
ctx.search(base, "sAMAccountName=" + logonName, controls);
if (e.hasMore()) {
SearchResult r = (SearchResult) e.next();
attrs = r.getAttributes().getAll();
/*while (attrs.hasMore()) {
System.out.println(attrs.next());
ctx.close();
} catch (AuthenticationException e) {
System.err.println("Problem getting attribute: " + e);
success = false;
} catch (NamingException e) {
System.err.println("Problem getting attribute: " + e);
success = false;
return attrs;
tushar agrawalYou''l find more info at :
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/catalina/funcspecs/fs-jndi-realm.html
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/realm-howto.html
That's the right way to do it. -
Client certificate based authentication
We have a JAVA web start application that needs to connect to an apache server and use client certificate based authentication. When javaws initiates a connection with apache server, it tries to retrieve the certificate/key from the PKCS12 keystore to present it to the apache server. We have made this work, however, javaws is prompting user to enter the password for accessing the keystore password. We do not want our users to enter this password and are looking into ways to either supply the password as one of the javaws deployment property or create an unprotected keystore. Both of our attempts have been unsuccessfull. We have tried the following
1. we passed the 3 discussed properties (javax.net.ssl.keyStore,
javax.net.ssl.keyStorePassword, javax.net.ssl.keyStoreType) in Java
Control Panel, according to the following procedure: open Control Panel,
select Java tab, click View under Java Applet Runtime Settings, set
values in Java Runtime Parameters table column. This operation added the
properties to the user's deployment file (in a new attribute named
deployment.javapi.jre.1.5.0_09.args, which held all 3 properties as a
value), but there was no effect (password window still popped up).
2. We setup the deployment.property file manually with the 3 attributes
[javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword,
javax.net.ssl.keyStoreType], it didn't have any affect either.
3. When launching java applications you can set system properties as
part of the command line using the follwing format
"-D<property_name>=<property_value>", we failed to find the analogous in
javaws.
Has anyone got any ideas on how to workaround this problem? Really appreciate any help here.Hi, client cert auth is not realy the best way to protect your resources. It needs to install client cert on every workstation to access application. I think it conflict with javaws concept!
I have the same situation (protect resources and avoid password promt on start) and my solution is:
Using tomcat as web server:
Direct structure as follow:
/ApplicationRoot
/WEB-INF
/resources
- private.jar
- private.jnlp
/resources
- icon.png
- public.jarAs you can see there is no direct access to protected resources. All protected resources availiable only thrue ResourceProvider servlet, configured as follow (web.xml):
<servlet-mapping>
<servlet-name>ResourceProvider</servlet-name>
<url-pattern>/resources/secret/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>protected resources awailiable from browser</web-resource-name>
<url-pattern>/resources/secret/browser/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>somerole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>somerole</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name></realm-name>
</login-config>Code your ResourceProvider servlet to grant access only if:
- Connection is secure (ssl).
- URL pattern is "/resources/secret/browser/*" and client has pass realm.
- URL pattern is "/resources/secret/javaws/secretkey/*" (where secretkey is a pin kept both by client and server)
To Install app from browser (access private.jnpl) use "/resources/secret/browser/*" url pattern and basic auth.
To download app resources configure jnlp file as follow:
<jnlp spec="1.0+" codebase="https://host:port/AppRoot/resources/" href="secret/javaws/secretkey/private.jnlp
<information>
<icon href="icon.png"/>
</information>
<resources>
<j2se version="1.6+"/>
<jar href="secret/javaws/secretkey/private.jar" />
<jar href="public.jar" />
</resources>
</jnlp>
{code}
And last you need to do is configure ssl connector on tomcat server as follow:
{code}
<Connector port="port"
scheme="https"
secure="true"
SSLEnabled="true"
clientAuth="false"
sslProtocol="TLS"
/>
{code}
Pay attention to "clientAuth" param. Set it to "false" to avoid javaws splash cert choose dialog on every app update.
Hope it help! -
Hi,
Since we implemented Cisco ISE we receive the following failure on several Notebooks:
Authentication failed : 24408 User authentication against Active Directory failed since user has entered the wrong password
This happens 2 or 3 times per Day. So basically the authentications are working. But when the failure appears, the connection is lost for a short time.
The Clients are using PEAP(EAP-MSCHAPv2) for Authentication. We've got a Cisco Wireless Environment (WLC 5508).
Why is this happening?
Thanks,
MarcThe possible causes of this error message are:
1.] If the end user entered an incorrect username.
2.] The shared sceret between WLC and ISE is mismatched. With this we'll see continous failed authentication.
3.] As long as a PSN not receiving a response from the supplicant within this limit during an EAP conversation, it will throw this error code. In majority of cases it says eap session timed out.
In your cases, the 3rd option seems to be the most closest one.
Jatin Katyal
- Do rate helpful posts - -
Using Active-Directory PW at SAP logon procedure
Hello,
I have the requirement no to use single sign on for some systems with sensitive data, but would like to check during sap logon procedure the from our central active directory password.
is there any best practice configuration or SAP / AD Win Addon solution available to connect SAP NW abap 7.40 at Win2012 sever with our active directory. Nearly all win based applications can handle a PW check from application to AD. Is there any SAP or Partner implementation helpful to expand the SAP client internal User-PW check?
Thanks in advanced for alternatives to the standard client SSO or any idea in the direction using active directory password within sap-logon.
Please give me a short feedback if you need more details.
regards,
Bernhard Mair
Goethe-Institut MünchenThe SAP NetWeaver ABAP app server only accepts SAP user id and password or it can use SNC to authenticate the user when SAP GUI is used on workstation. So, if you want the user to be prompted to enter their Active Directory credentials during a logon using SAP GUI, and you don't want SSO, then you need to purchase a third party product.
Please note, that SAP is not JUST a Windows based application, as it can also be installed on Unix and Linux, so SAP have made it work in same way on all platforms without any 'special' windows authentication capabilities.
Thanks
Tim -
Connected to Domain but can't log in using Actived Directory Credentials
Hey everyone. I've been working on this issue for two weeks now, and I don't know what else to try. I'm connected to my domain but cannot get my Macbooks to log in using Active Directory credenitals both through our wireless network, and hard wired with an ethernet cable. The weird part about it is that it is not uniform all across our network. This only happens to certain Macbooks and as of right now there doesn't seem to be a pattern. I can say that it has happened to all new Macbook Pros that we have ordered lately though.
We use Jamf to manage our Macs on our network, and ever since upgrading to a new version (9.01 and now 9.1) we have had this issue. However I can't connect after manually adding the domain either, so for now it makes me think it is not a Jamf issue. Has anyone dealt with this issue before, that might know of a fix? Thanks!Hi Burnettb1,
I have come across a similar issue as yours. I have included the instructions that I use to bind the Mac at my institution. In regards to wifi, I have not tried binding the Mac over wifi. Should you need to log in to a Mac with domain user credentials I would suggest to bind the Mac over ethernet. Once you get to the:
*Click on triangle to the left of Show Advanced Options to expand"
portion of the instructions click on the Mappings tab and select the checkbox for creating a mobile account at login. This will create a domain user profile on the machine that you can log into when not connected to the domain.
Hope this helps.
BIND iMac:
Login into iMac using administrative credentials
Open System Preferences
*Goto Users & Groups
*Click on lock in lower left-hand corner
*Use same password used to log into iMac
*Click on Login Options
*Click on ‘Join...’ button right of "Network Account Server: "
*Click on ‘Open Directory Utility…’ button
*Click on lock in lower left-hand corner
*use same password used to log into iMac and click on Modify Configuration
*Double-click on Active Directory
Active Directory Domain = domain
Computer ID = name of Mac
*Click on triangle to the left of Show Advanced Options to expand
*Click on Administrative tab
*Check Prefer this domain server
Type domainserver_ipaddr -or- servername.domain in this field
*Click on ‘Bind…’ button
*When prompted for network administrator login
username = [domain admin user]
pwd = [domain user password]
*Click OK (Note: search path will be updating. Until completed the ‘OK’
button will be greyed out
*Click OK
*Click lock to lock and close window
*Click lock to lock and close window
BIND CHECK:
*Search AD for added mac host - it should be there.
Open Terminal app by either:
1)
*Press command+spacebar
*Type Terminal and select app
2)
*Click on desktop
*Press shift+command+A
*Goto Utilities folder located within Application folder (which you should
be in) and open Terminal
*Once Terminal is opened type in id [domain username] and press return key. The output should be
some some network account information
*Close app by pressing command+Q and any other opened windows
*Restart iMac
*Log in -
Problem with client certificate based authentication
Hello.
We are developing an AIR application that uses client
certificates for authentication. We have written a simple test case
to show the problem.
<?xml version="1.0" encoding="utf-8"?>
<mx:WindowedApplication xmlns:mx="
http://www.adobe.com/2006/mxml"
layout="absolute">
<mx:Script>
<![CDATA[
import mx.controls.Alert;
private function responseHandler(): void {
Alert.show("Response received");
]]>
</mx:Script>
<mx:HTTPService id="exampleService"
url="https://www1.aeat.es/pymes1/pacargoi.html"
showBusyCursor="true"
result="responseHandler()">
</mx:HTTPService>
<mx:Button label="Send"
click="exampleService.send()"/>
</mx:WindowedApplication>
When we click on the button, it sends the request to the
protected page and then (if you have CA emitted certificates) the
dialog appears requesting the client certificate. And it works
fine.
But next time we click on the button, the dialog requesting
the client certificate appears again.
Is there a way to stop showing the dialog every time?
Any help would be very appreciated.
Thanks a lot for your support.
Paco.I have just sent a Feature Request/Bug Report with the
following text:
"We are experiencing a problem using AIR with a server that
requires authentication via client certificate.
The dialog for selecting the client certificate appears every
time that the AIR application interacts with the server (not only
the first time).
Steps to reproduce bug:
1. Install Apache HTTP Server with SSL and require client
certificate in order to authenticate.
2. Develop an AIR Application that connects to this server
(HTTPService or RemoteObject have been tested with the same
result).
3. Every time that the AIR application connect to the
server, the dialog appears in order the user to select the client
certificate.
Results: This makes the AIR application unusable.
Expected results: The dialog requesting the client
certificate should appear the first time only."
Thanks,
Paco. -
Hi,
I have a setup ISE 1.1.1. Users are getting authenticate against AD. Everything is working fine except some users report disconnection. I see in the ISE that (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out). Users are using Windows 7 OS.
Error is enclosed & here is the port configuration.
Port Configuration.
interface GigabitEthernet0/2
switchport access vlan 120
switchport mode access
switchport voice vlan 121
authentication event fail action next-method
authentication event server dead action reinitialize vlan 120
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 60
spanning-tree portfast
ip dhcp snooping limit rate 30 interface GigabitEthernet0/2
switchport access vlan 120
switchport mode access
switchport voice vlan 121
authentication event fail action next-method
authentication event server dead action reinitialize vlan 120
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 60
spanning-tree portfast
ip dhcp snooping limit rate 30
Please help.The error message means that Active Directory server Reject the authentication attempt
as for some reasons the user account got locked.I guess, You should ask your AD Team to check in the AD
Event Logs why did the user account got locked.
Under Even Viewers, You can find it out
Regards
Minakshi (Do rate the helpful posts) -
LDAP Using Active Directory failed in BAM
I tried to configure the LDAP Using Active Directory as described in the BAM installation guide 10.1.3.1.0.
In appsetting, i gave the server name, username and password used by us. Then i restarted the active data cache and IIS. Then i tried to access the http:\\server\oraclebam. But it is throwing the following error. What shall i do.
Exception Message The directory service is unavailable
Stack Trace at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at
System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at
System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at
System.DirectoryServices.DirectorySearcher.FindOne() at
Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at
Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at
Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at
Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String
strAssembly, String strApp, String strType, String strMethod, String strParam)
Debugging Information The directory service is unavailable [ErrorSource="System.DirectoryServices"] Debugging information:
System.Runtime.InteropServices.COMException (0x8007200F): The directory service is unavailable at
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at
System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean
findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at
Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at
Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at
Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at
Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String
strAssembly, String strApp, String strType, String strMethod, String strParam)Hi,
We are also facing the issue stated in the first thread. We followed everything specified in the LDAP PDF under TechNotes and still not able to access the BAM console successfully.
The error we get is pasted at the end of this post. The request doesn't even seem to reach our LDAP server (configured in a remote system).
A couple of clarifications required:
1. Does our windows logon need to be the same as BAM console logon?
2. I do not know the LDAP setting for my actual windows logon. But i have retained my same usrId and have configured a user in LDAP with my own organization and other hierarchies. I have configured this userId with the complete hierarchy in BAM login management and have given admin access also to this user. Is this correct?
An error occurred while processing your request
Details...
Exception Message The server is not operational
Stack Trace at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String strAssembly, String strApp, String strType, String strMethod, String strParam) ...
Debugging Information The server is not operational [ErrorSource="System.DirectoryServices"] Debugging information: System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String strAssembly, String strApp, String strType, String strMethod, String strParam) ...
Assembly StartPage
State Oracle.BAM.StartPage.StartUp
Event Initialize
Thanks,
KM -
Time Machine Backup using Active Directory account
I have two macbook pros (running 10.6.4) using Active Directory accounts and I am trying to backup them up to an Active Directory integrated XServe (running 10.6.4) with a shared Time Machine backup point. I open Time Machine preferences, select the disk, entering username and password, and it starts trying to make the backup disk available. However, it quits and gives me the following error - the network backup disk could not be accessed because there was a problem with the network username and password. The username and password are correct. I have tried three different accounts and they all produce this error.
This happened to an issue AFP. I had AFP authentication set to use Kerberos. I changed it to use "Any Method" and it is working properly.
-
Can I configure WS-Sec authentication via Active Directory with OSB or OWSM
Hi
I'm planning a project where I need to add security to a group of proxy services in OSB. I need to authenticate them via WS-Security using Active Directory. Is this possible with OSB or adding OWSM?
Regards,
Néstor BoscánHi.
OSB http://docs.oracle.com/cd/E23943_01/dev.1111/e15866/model.htm#i1088877
OWSM
http://docs.oracle.com/cd/E17904_01/doc.1111/e15866/owsm.htm
and
http://docs.oracle.com/cd/E21764_01/web.1111/e13713/owsm_appendix.htm
hope this helps
best
rolando
Maybe you are looking for
-
First with all due respect to anyone who responds I NEED the correct and accurate answer. secondly I appologize for this long post. I find it neccassary to be as complete as possible.I am using an OFFICEJET D 155. I do NOT have the CD nor can I find
-
Pls Send Some Good Doc's on Business Area and Cost Center
Dear Gurus, <b>Pls Send Some Good Doc's on Business Area and Cost Center. My mail id is [email protected]</b> Its Very Urgents. Regrds Mahesh
-
Calling Transaction Launcher in custom popup window
Hello Experts, I am facing a issue. I have to call transaction launcher in custom popup window. It is working when i am calling transaction launcher in main window. but it is not working when i am trying to call transation launcher in popup window. I
-
http://www.google.com/toolbar/ff/done.html
-
Can I use a WRT546 V8 Wireless Router in combination with Vonage?
Please bear with me if this turns out to be a simple question with a simple answer; I'm challenged when it comes to these things. I use Vonage, with a Motorola VT2442-VD router. That's connected to my desktop but I also have a Dell laptop (with Windo