Custom SPNEGO Authenticator

I'm working on developing a custom spnego authenticator to JBoss. I saw a client example in Advanced JGSS Security Programming. But I haven't found if it's possible to develop a program that accepts a browser's token spnego in the server side. Is it possible in Java 6?
Thanks a lot!!

http://dev2dev.bea.com/utilitiestools/security.html

Similar Messages

Logoff not working after SPNego Authentication

Hi Experts,
Configured SPNego authentication sucessfully.
But after clicking logoff button again logged in back again.
As per some advice, done as follows
Example: Portal SSO URL: http://portal.example.com
Create a URL like http://nonssoportal.example.com (Create the name in the DNS and point it to the IP of your portal server)
Changed the logoff paramter to point to the new URL. After restart once logoff clicks went to new URL but still SSO ticket authenticating.
I need to get the login page again so that i can login with administrator or other test user IDs.
Please post your suggestions.
Regards,
Raja. G

Hi,
Created the alias for that server and made the logoff URL as http://<alias of the server>:<port>/irj/portal.
Now am able to achieve the login page however it is asking for the windows authentication while logging off.
If we click cancel then we can able to achieve the login page.
Any idea to avoid the popup for asking windows credentials?
Regards,
Raja. G

Custom DB authentication to an application from Oracle Portal not working.

Hi All,
We have a Portal customized and integrated to LDAP for SSO.
From the portal, we have a link that takes to another custom application that requires another level of authentication. We have implemented this authentication as custom Database based authentication.
When user login to the portal and access this link, he will be directed for authentication again. This custom application has been installed on a different OC4J instance while Oracle Portal is running in a different OC4J instance.
Issue is though user details are being propagated to the custom application page, we are receiving an error saying authentication failed.
In the OC4J instance specific for this custom application, we have configured jazn.xml to use custom authentication.
Below is the code:
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn-9_04.dtd">
<jazn provider="XML" location="./jazn-data.xml" default-realm="jazn.com">
<property name="role.mapping.dynamic" value="true"/>
<property name="custom.loginmodule.provider" value="true"/>
</jazn>
and in jazn-data.xml, we gave the role mapping.
But the problem is when the link to the custom application is accessed, it seems like the custom autentication mechanism is not working.
Can anyone throw light on this?
Do we need to give the same configuration in the j2ee/home/config directory files also?
Can we use both LDAP and custom DB authentication with in the same OAS setup. Remember as of now, Portal and custom application are running in different OC4J instances but within the same OAS.
Any help in this regard will be highely appreciated.
Thanks,
Sasi Bhushan

Hi All,
We have a Portal customized and integrated to LDAP for SSO.
From the portal, we have a link that takes to another custom application that requires another level of authentication. We have implemented this authentication as custom Database based authentication.
When user login to the portal and access this link, he will be directed for authentication again. This custom application has been installed on a different OC4J instance while Oracle Portal is running in a different OC4J instance.
Issue is though user details are being propagated to the custom application page, we are receiving an error saying authentication failed.
In the OC4J instance specific for this custom application, we have configured jazn.xml to use custom authentication.
Below is the code:
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn-9_04.dtd">
<jazn provider="XML" location="./jazn-data.xml" default-realm="jazn.com">
<property name="role.mapping.dynamic" value="true"/>
<property name="custom.loginmodule.provider" value="true"/>
</jazn>
and in jazn-data.xml, we gave the role mapping.
But the problem is when the link to the custom application is accessed, it seems like the custom autentication mechanism is not working.
Can anyone throw light on this?
Do we need to give the same configuration in the j2ee/home/config directory files also?
Can we use both LDAP and custom DB authentication with in the same OAS setup. Remember as of now, Portal and custom application are running in different OC4J instances but within the same OAS.
Any help in this regard will be highely appreciated.
Thanks,
Sasi Bhushan

How to use a custom database authentication with APEX_AUTHENTICATION??

i have Custom user authentication method.
create or replace function user_check(username varchar2,password varchar2) return boolem
is
check_out integer;
begin
select count(*) into check_out from "user" where USER_EMAIL=username and USER_PASS=password;
if check_out >0 then
return true;
else
return false;
end if;
end;
apex_authentication.login() how to use. And how to make apex_authentication.login() use my method Verify User Login

You can't mix custom authentication and the internal APEX authentication functions.. So either you use the pre-built user authentication in APEX or you can build your own CUSTOM authentication...
Many examples of custom authentication are out there...
Thank you,
Tony Miller
Ruckersville, VA

Example of custom external authentication

Where can I find the example of custom external authentication
which Paul Encarnation has written since most of the links on
the discussion forum mails seem to be outdated.
Thanks

Where can I find the example of custom external authentication
which Paul Encarnation has written since most of the links on
the discussion forum mails seem to be outdated.
Thanks

Custom ldap authenticator to retrieve user bean ldap profile

Hi,
Wondering if we could use a custom ldap authenticator to get the user profile from Ldap and put the data bean into session.
This will allow to use the same connection to Ldap and to benefit from Bea security authentication configuration.
Any input on this ?
Thank you

Increasing the search limit is the only practical solution. Really, ~2000 entries is not that many.

Error in custom OAM authentication plugin

Hi All
I am trying to build a custom OAM authentication plugin using JDeveloper. Here are the version information:
OAM - 11.1.1.5 BP04
WLS - 10.3.5
Issue:
I get the following error in the OAM logs when I try to activate the plugin.
[2012-11-14T09:39:17.996-08:00] [oam_server1] [WARNING] [] [oracle.oam.extensibility.lifecycle] [tid: DistributedCache:DistributionCache:EventDispatcher] [userId: <anonymous>] [ecid: 0000Jfzyiy6EgKI5qrH7iY1GcxMc000002,0] [APP: oam_server] Activation failed due to felix bundle exception while installing and starting the bundle.Unresolved constraint in bundle oamCustomAuthPlugin [2]: Unable to resolve 2.0: missing requirement [2.0] package; (package=oracle.security.am.plugin.ExecutionStatus)[[
org.osgi.framework.BundleException: Unresolved constraint in bundle oamCustomAuthPlugin [2]: Unable to resolve 2.0: missing requirement [2.0] package; (package=oracle.security.am.plugin.ExecutionStatus)
at org.apache.felix.framework.Felix.resolveBundle(Felix.java:3404)
The names of jar file, class file, plugin xml file etc are all same. My plugin code is very generic and I have the following values in the plugin's manifest and xml file
Plugin xml file [oamCustomAuthPlugin.xml]:
<Plugin name="oamCustomAuthPlugin" type="Authentication">
<author>uid</author>
<email>[email protected]</email>
<creationDate>09:32:20, 2011-11-13</creationDate>
<version>4</version>
<description>OAM Custom Authentication plugin</description>
<interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
<implementation>com.company.oam.oamCustomAuthPlugin</implementation>
<configuration>
<AttributeValuePair>
<Attribute type="string" length="20">INPUT_PARAM1</Attribute>
<mandatory>true</mandatory>
<instanceOverride>false</instanceOverride>
<globalUIOverride>true</globalUIOverride>
<value>Param1</value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute type="string" length="20">INPUT_PARAM2</Attribute>
<mandatory>true</mandatory>
<instanceOverride>false</instanceOverride>
<globalUIOverride>true</globalUIOverride>
<value>Param2</value>
</AttributeValuePair>
</configuration>
</Plugin>
Manifest File [MANIFEST.MF]:
Ant-Version: Apache Ant 1.7.1
Bundle-Version: 1.0.0.4
Bundle-Name: oamCustomAuthPlugin
Bundle-Activator: oamCustomAuthPlugin
Bundle-ManifestVersion: 2
Created-By: 17.0-b17 (Sun Microsystems Inc.)
Import-Package: oracle.security.am.plugin,oracle.security.am.plugin.authn
Bundle-SymbolicName: oamCustomAuthPlugin
Bundle-RequiredExecutionEnvironment: JavaSE-1.6
Please let me know if you have faced a sinilar issues in the past. Please help !!

Try with Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api If it doesn't work try with - Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api ,oracle.security.am.plugin.ExecutionStatus

Error in Custom Ldap Authentication

Hi All,
I was trying to use the custom LDAP authentication( [Earlier Post|http://forums.oracle.com/forums/thread.jspa?threadID=2251976&stqc=true] ) but was not successful in making it work with our AD LDAP server. Thats when I came across post [ http://forums.oracle.com/forums/thread.jspa?messageID=916185&#916185|http://forums.oracle.com/forums/thread.jspa?messageID=916185&#916185]
I used the same function
create or replace function authenticate_aduser(
p_username in varchar2,
p_password in varchar2)
return boolean
is
l_user varchar2(256);
l_ldap_server varchar2(256) := '<Hostname>';
l_domain varchar2(256) := '<Domain Name>';
l_ldap_port number := 389;
l_retval pls_integer;
l_session dbms_ldap.session;
l_cnt number;
begin
l_user := p_username||'@'||l_domain;
l_session := dbms_ldap.init( l_ldap_server, l_ldap_port ); -- start session
l_retval := dbms_ldap.simple_bind_s( l_session, l_user, p_password ); -- auth as user
l_retval := dbms_ldap.unbind_s( l_session ); -- unbind
return true;
exception when others then
l_retval := dbms_ldap.unbind_s( l_session );
return false;
end;Test it by giving correct password
SQL> declare
begin
if authenticate_aduser('<username>','<correct password>') then
dbms_output.put_line('Test Successful');
else
dbms_output.put_line('Test Failed');
end if;
end; 2 3 4 5 6 7 8
9 /
Test Successful
PL/SQL procedure successfully completed.Tested it by giving wrong password
SQL> declare
begin
if authenticate_aduser('<user name>','<wrong password>') then
dbms_output.put_line('Test Successful');
else
dbms_output.put_line('Test Failed');
end if;
end; 2 3 4 5 6 7 8
9 /
Test Failed
PL/SQL procedure successfully completed.So the fundtion is working perfectly with LDAP server.
I am trying to create a custom authentication scheme with the above function.
Shared Components -> Authentication Schemes -> create ->From Scratch ->
In Autentication Function -> return authenticate_aduser(:P101_USERNAME,:P101_PASSWORD);
In Logout URL -> wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=4155:PUBLIC_PAGE
Then after setting this as the current authentication scheme. Whenever I try to login with correct credentials it is giving me error
Invalid Login Credentials
Kindly let me know were I am going wrong here.
Thanks & Regards,
Vikas Krishna

I was able to fix this.
I used the same function authenticate_aduser
and then followed blog http://www.talkapex.com/2009/03/custom-authentication-status.html to create a custom authentication. It worked finally.
Thanks to Martin for his wonderful post.
Thanks & Regards,
Vikas Krishna

UI5 and SPNEGO authentication

Hi,
we already use the Netweaver Gateway to provide some OData services.
These services are consumed by some 3rd party software components.
To authenticate the user at the Gateway, these applications are using the SPNEGO authentication mechanism.
Now I wanted to start to develop my first UI5 app. Of course I'd like to consume the OData services from our existing gateway installation.
The main problem that I'm currently facing is, that I don't know how to use Single Sign On (based on Kerberos tickets) to consume the gateway services from an UI5 app. I would like to use SPNEGO but I didn't find any information on how to implement SPNEGO in an UI5 app.
Can you please provide me some information (or even some code snippets) on how to use SPNEGO authentication from an UI5 app!?!?
Thanks in advance
Holger

Hi Michael,
Thanks for that. My opinion of secondary authentication is the same, but hey ho. The client insists. I think the main iview is the payslip iview, so it is on the same server as the portal.
My thinking was that as form based logon uses com.sap.portal.runtime.logon.certlogon and basic authentication uses com.sap.portal.runtime.logon.basicauthentication they could have different priorities set in authschemes.xml and consequently it asks for secondary authentication. However, I see your point that they are both in the ticket logon stack.
Paul

What is SPNego Authentication Scheme?

Could anybody please give me overview of SPNego authentication scheme?
Why its needed??Any docs Available.
Thanks in advance.
Any help will be highly appretiated.
Thanks and Regards
Gaurav Namdeo

Hi Gaurav,
SPNego is Authentication Scheme,And it Ovecomes the limitations of other schems like it works smoothly with Unix And other OS,And many more.
Go through thease links.
spnego
Download ZIP archive from SAP Note 994197
Unzip the archive
Deploy EARs
sap.comtcsecauthjmx~ear.ear
sap.comtcsecauthspnego~wizard.ear
ecurity_example.ear
Active Directory configuration and further more settings have to be done in the Zip file you will get a user guide just refer thet and proceed acording to that.
Regards
Vinit

SPNego authentication to Portal

Hi
Can anyone tell me whether SPNego authentication would work when you call the Portal via a web dispatcher? I can authenticate automatically when calling the Portal directly so I know it's configured and working when called directly.
We have hidden our servers behind a VLAN and allow access only via the web dispatchers.
Thanks
Mark

Thanks Patrick
Have you got this scenario working yourself?
I have the following scenario. False names to protect the innocent!!!
Lets assume Portal server is called - pserver1.sap.somedomain.com
N.B. Sits in subdomain sap of domain somedomain.com
It is fronted by two load balanced web dispatchers in the parent domain somedomain.com
webdisp1.somedomain.com
webdisp2.somedomain.com
load balancer is referred to as webdisp.somedomain.com
To gain access to the portal the dispatcher is running on port 8107 on both web dispatchers
so...
Direct access to portal is
http://pserver1.sap.somedomain.com:50000/irj/portal
Web dispatcher access is
http://webdisp.somedomain.com:8107/irj/portal
Because i'm not sure I have grasped the full implications of Kerberos realms I have set up the following on both domains. It's overkill I know but I wanted to be sure.
service user s-sid-j2ee on DC for sap.somedomain.com
setspn -a HTTP/webdisp.somedomain.com:8107 s-sid-j2ee
setspn -a HTTP/webdisp1.somedomain.com:8107 s-sid-j2ee
setspn -a HTTP/webdisp2.somedomain.com:8107 s-sid-j2ee
setspn -a HTTP/pserver1.sap.somedomain.com s-sid-j2ee
service user s-sid-j2ee on DC for somedomain.com
setspn -a HTTP/webdisp.somedomain.com:8107 s-sid-j2ee
setspn -a HTTP/webdisp1.somedomain.com:8107 s-sid-j2ee
setspn -a HTTP/webdisp2.somedomain.com:8107 s-sid-j2ee
setspn -a HTTP/pserver1.sap.somedomain.com s-sid-j2ee
I configured the SPNEGO wizard with both realms and their respective service users.
result
I get logged in when accessing pserver1
I don't when accessing via web dispatcher load balnced address or each individual web dispatcher.
Any ideas?
Thanks
Mark

SPNEGO Authentication Error

I have a web application monitor that is throwing an odd error. It tells me that the "Response Body Evaluation Result" is in error and when I check the response body, I get:
<html><head><title>SPNEGO authentication is not supported.</title></head><body>SPNEGO authentication is not supported on this client.</body></html>
The odd part is that the monitor is set up woth no authenticatin. So, why am I getting theis error?
Thank
Bert

It sounds like the server asks for negotiation of authentication (windows auth?) and since your client doesn't use it, it gets an error. Maybe you would have to use windows auth with this site, in your synthetic test?

SPNego Authentication

Hi
I am trying to Implement SPNego Authentication
I have Installed kerbTray in my System . I am getting Blank Screen.
The List Tickets dosent Come up anything . Client Pricipal says "No Network Credentials".
please let me know if anything needs to be done.
I have created a service User and SPN for the same.
Thank you
Regards

Hi
I am getting following Error. This analysis is thru Dagtool
please need solution badly
6.com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest
2009/04/08 19:30:30 class com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest
This test tries to authenticate the J2EE service user against the KDC using
the Kerberos configuration of the J2EE engine. It copies the "krb5.conf" and
"keytab" files used by the J2EE engine and generates "jaas.conf" file that
contains "com.sun.security.jgss.accept" policy configuration with
"Krb5LoginModule" login module that has the same options like in the J2EE
engine. The output of the test contains the traces of the Krb5LoginModule.
Debug is true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is null KeyTab is null refreshKrb5Config is false principal is j2ee-dep-depportalMWRD.LOCAL tryFirstPass is false useFirstPass is false storePass is false clearPass is false
>>>KinitOptions cache name is C:\Documents and Settings\depadm\krb5cc_depadm
*Error creating GSS context.*
*[EXCEPTION]*
*GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)*at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
at com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest.createGSSContext(Krb5ServerTest.java:104)
at com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest.execute(Krb5ServerTest.java:75)
at com.sap.engine.config.diagtool.Task.execute(Task.java:55)
at com.sap.engine.config.diagtool.Launcher.run(Launcher.java:334)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sap.engine.config.diagtool.Launcher.main(Launcher.java:385)
Caused by: javax.security.auth.login.LoginException: java.lang.UnsatisfiedLinkError: C:\j2sdk1.4.2_12-x64\jre\bin\w2k_lsa_auth.dll: %1 is not a valid Win32 application
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1586)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1503)
at java.lang.Runtime.loadLibrary0(Runtime.java:788)
at java.lang.System.loadLibrary(System.java:834)
at sun.security.krb5.Credentials$1.run(DashoA12275:585)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.krb5.Credentials.a(DashoA12275:582)
at sun.security.krb5.Credentials.acquireDefaultCreds(DashoA12275:423)
at sun.security.krb5.Credentials.acquireTGTFromCache(DashoA12275:277)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:520)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:475)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
at com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest.createGSSContext(Krb5ServerTest.java:104)
at com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest.execute(Krb5ServerTest.java:75)
at com.sap.engine.config.diagtool.Task.execute(Task.java:55)
at com.sap.engine.config.diagtool.Launcher.run(Launcher.java:334)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sap.engine.config.diagtool.Launcher.main(Launcher.java:385)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:730)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)
... 15 more
*Acquire credential failed for realm MWRD.LOCAL* Thank you
Regards
Krishna kanth
Edited by: siddi siddi on Apr 9, 2009 9:05 PM
Edited by: siddi siddi on Apr 9, 2009 9:05 PM

How do I use my own Custom Auth/Authentication/Entitlement (Token)?

[ Background ]
Adobe Access DRM provides for 3 authentication mechanisms:
Anonymous - Licenses are issued irregardless on if there is/isn't a valid authentication token attached to the license request.
UsernamePassword - Licenses are ONLY issued if the license request has a valid Adobe-Access-Server-Issued authentication token.
Custom - Licenses are ONLY issued if there is a valid cusom authentication token attached to the license request.
Typically, customers already have some authentication scheme in place and choose to re-use that system, instead of leveraging Adobe Access' built-in usernamePassword support. For this to succeed, accomodations must be made during packaging time, on the client device, and at the Adobe Access license server endpoint.
[ More Background ]
Here's a forum thread that prompted this thread: http://forums.adobe.com/message/5085330#5085330
[ Recipe ]
1. Adobe Access DRM Policy is created that specifies a "custom" authentication token. As of Adobe Access 4.0, the tools that ship with the Java SDK cannot create a DRM policy with "custom" authentication out the box; a small Java application will have to be written to do this, which is covered in the thread posted above.
2. Content is packaged using this custom_auth policy.
3. Client device performs authentication via whatever channel already exists for you to perform authentication (e.g. SAML tokens, etc...)
4. Client device sets the authentication token: DRMManager.setAuthenticationToken()
5. Client device attempts to acquire a license for the content created in step #2: DRMManager.loadVoucher();
5a) Because step #4 set the authentication, all license requests going forward will automatically have this custom auth token appended to it
6. License server receives request & extracts custom auth token to parse & perform additional entitlement checks
7. Licnese server generates a license to return to client device.
[ Server Code Snippet (RefImplLicenseReqHandler.java) ]
try {
ServletInputStream in = request.getInputStream();
ServletOutputStream out = response.getOutputStream();
HandlerConfiguration context = super.getHandlerContext();
ServerCredential licenseServerCred = getLicenseParams().getLicenseServerCred();
licenseHandler = new LicenseHandler(context, in, out, licenseServerCred);
licenseHandler.parseRequest();
List<? extends LicenseRequestMessage> requests = licenseHandler.getRequests();
// Multiple request in one message is not supported in FAXS 2.0 or 3.0 client.
for (LicenseRequestMessage licenseReq : requests) {
 try {
// TODO: If custom authentication is specified in the DRM policy, here is where
// you can retrieve the custom authentication token and perform custom parsing to
// determine further business rules and entitlement before issuing a license.
// The "Custom Authentication" will look like:
// 1. Client device obtains auth token using some other channel
// 2. Client device sets auth token by calling DRMManager.setAuthenticationToken()
// 3. Client makes a license request by calling DRMManager.loadVoucher()
// 4. Adobe Access Server receives request and:
// 4a) Determines Custom Auth is required by DRM Policy: licenseReq.getContentInfo().getContentMetadata().getPolicies()[0].getLicenseServerInfo(). getAuthenticationType();
// 4b) Retrieves Custom Auth token for custom parsing/handling: licenseReq.getRawAuthenticationToken()
// 5. If there are no errors when parsing the custom token, Adobe Access Server generates a license.
 V2ContentMetaData metadata = licenseReq.getContentInfo().getContentMetadata();
 ApplicationProperties applicationProperties = null;
 String usageModelString = null;
 if (metadata != null) {
 applicationProperties = metadata.getCustomProperties();
 if (applicationProperties != null) {
 usageModelString = applicationProperties.getSingleValueAsUTF8String(DEMOMODE);
cheers,
/Eric.

Google Search: '''firefox create a persona'''
* '''Personas for Firefox''' | How to Create Personas https://www.getpersonas.com/en-US/demo_create
* '''Personas for Firefox''' | Frequent Questions http://www.getpersonas.com/en-US/faq
* '''Personas for Firefox''' | Getting Started http://www.getpersonas.com/en-US/getting_started
'''I think you'd have a lot more fun with Styles though''', personas tend to hide things on toolbars, styles can be more helpful (or just as bad)
* '''Stylish''' :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/stylish/
* '''Restyle the web with Stylish!''' - userstyles.org http://userstyles.org/
* '''Scrollbar Context Menu''' - Themes and Skins for Browser - userstyles.org http://userstyles.org/styles/54
* '''Scrollbar Menu''' - Themes and Skins for Browser - userstyles.org http://userstyles.org/styles/52
* '''Link Warning''' - Themes and Skins for Mozilla - userstyles.org http://userstyles.org/styles/1301
* '''Tabs, Enlarge list-all-tabs button''' - Themes and Skins for Browser - userstyles.org http://userstyles.org/styles/18553
* '''Tabs Bar Minimal Size''' - Themes and Skins for Browser - userstyles.org http://userstyles.org/styles/9043
* '''Tab Color Underscoring active/read/unread (Fx3.6)''' - Themes and Skins for Browser - userstyles.org http://userstyles.org/styles/24728

Configuring custom database authentication in Weblogic 10

Hi,
For my project I am trying to configure security/login module. It's an ADF based web application(ADF11g) and is deployed on Weblogic10. I have implemented the custom authentication with DB login module, created the jar and placed it inside %WL_HOME%/server/lib/mbeantypes. Now I have created one new Authenticator inside 'myrealm'. But after the successful deployment of the application when I am trying to access any secured page this custom authenticator is not being invoked. Can anyone please tell me the exact steps I have to follow for getting custom authenticator working properly.
Thanks much!

I had some minor implementation faults in code, after fixing those it is working fine

Custom SPNEGO Authenticator

Similar Messages

Maybe you are looking for