DB Authentication Screen

Similar Messages

• Removal of Basic MII authentication screen

  MII 12.1.5.7
  NW EHP ce 7.1
  Currently, when you log into MII using a UME user, such as Administrator, you are presented with an authentication screen that allows you to type in the username and password. Since our client requires SSO enabled url, the user should never see the basic authentication screen. The issue here is if the user is not authenticated through ABAP or LDAP, it will reroute to the basic authentication screen. This is a security risk for my client. We need to remove or replace this screen. How can this be done?

  Hi,
  Maybe note 1538719 could be of help.
  Setting up SPNego with X.509 should allow direct access once the MII URL is typed.
  Regards,
  Srikishan

• Authentication Screen when accessing Web Dynpro Application

  Hi,
  We are encountering a situation wherein when we call the Web dynpro application, it asks for Authentication. The way we do is a bit tricky. We have the following set up;
  1. We access the CRM_IC ( Web Gui) in CRM and from where we try to create orders  in the backend system i.e., ECC6.0 (IS_Utilities).
  2. For creating orders we launch the FOP ( in our case it is DYNPRO) from CRM. So ECC screen is opened through ITS using SSO.
  3. In addition to this we built a web dynpro application to be called from the DYNPRO (step 2).
  4. When the Web dynpro application is accessed it asks for Login details though it has already logged into ECC using SSO.
  PROBLEM: CRM -- using ITS / SSO --> ECC --> Web dynpro ?? Authentication screen.
  Design:
  We are using WDY_EXECUTE_IN_PLACE to open the Web dynpro in SAPGUI. It is working fine when we run the Web dynpro application from SAPGUI, only the problem is when we do the above steps 1 - 4.
  Tried using the following logic as well but the same result.
  CREATE OBJECT viewer EXPORTING parent = empty_container.
  CALL METHOD viewer->enable_sapsso
  CALL METHOD viewer->DETACH_URL_IN_BROWSER
  EXPORTING url = urlc.
  cl_gui_cfw=>flush( ).
  So is it possible to over come the problem. Basically, we don't want the Authentication screen it should use SSO.
  SSO is already set up in the system.
  Any inputs will be highly appreciated.
  Thanks,
  Roopesh

  resolved!!!!
  CRM had wrong url to connect to web dynpro aplication
  Edited by: Aditya Deshpande on Mar 3, 2010 9:59 AM

• How to avoid authentication screen when invoking a process?

  Hello!
  I created a simple webservice in Workbench to generate a sequential ID for PDF forms.
  It's working fine, but the form is open a Windows Security dialog asks for login and password to access the webservice.
  As there are over sixty of these forms to be used by around 4,000 employees, this will be a major problem.
  Question: is there a way of invoking the process and sending the authentication information when the form is opened and thus avoid this dialog entirely?
  Thank you very much for any hints!
  Marcos

  Thank you Nith! 
  But... it did not work...   
  I set it to "No", stopped the service, started it back again. No good.
  When I press the button on the form to invoke the service, the Windows authentication screen comes on.
  What could be wrong?
  Thank you!
  Marcos

• Proxy authentication screen blinks with ios 7

  Have a router that has VPN to my work's network.
  When I want to connect to our company network, I used to get a proxy authentication screen to enter user name and password.
  After I updated my iPad-2 to IOS 7, the authentication screen just blinks and goes away. Then I have a message that says I do not have a network connection.
  Although I can go to the internet, I can not get into my company's network.
  Connection is WPA Enterprise.
  It used to work just fine with the previouse IOS.
  Please advise,
  Thanks
  Tom

  Hello, Harmeet Singh. 
  Thank you for visiting Apple Support Communities.
  Here are the best troubleshooting resources to reference when experiencing this issue.
  iOS: Not responding or does not turn on
  http://support.apple.com/kb/TS3281
  Display has no backlight or dark screen
  Toggle the ringer switch to see if the unit vibrates. If it does, it could be that iPhone is getting power, but is not displaying any image.
  Try turning iPhone off and then on again.
  While connected to the iPhone charger, try to reset the iPhone.
  If the low-battery screen appears, charge the iPhone.
  iPhone: Hardware troubleshooting
  http://support.apple.com/kb/ts2802
  If the issue persists, see the section labeled issue not resolved. 
  Cheers,
  Jason H.

• Webdynpro Authentication Screen

  Dear All,
           I have a webdynpro application which requires authentication into portal before its accessed. I have set the application properties to sap authentication and deployed it.
            The issue I face is when I try to request for the application URL it displays the standard SAP logon screen but not the one which is customized by us (we have a login screen which is customized for the customer).
            Could someone please let me know where I can make the WebDynpro app point to the customized login screen URL rather than the standard one?
  Thanks in advance,
  Chaitanya

  Hi,
  Check the following Thread for Customizing Logon Screen for Standalone Webdynpro Application:
  Re: Custom Login for each WebDynPro App
  Another approach:
  http://help.sap.com/saphelp_nw04/helpdata/en/62/601e1eebf54ca6a97e2873c8c63517/frameset.htm
  Regards
  Siddharth
  Edited by: Siddharth Jain on Oct 9, 2008 8:58 AM

• SAP entitlement system doesnot appear in CMC Authentication Screen

  Hi BO Experts,
  We are unable to Integrate SAP entitlement with BO Edge 3.1 Enterprise
  server because it doesn't appear in CMC console "Authentication TAB".
  BOE Version - 3.1
  Integration Kit For SAP Solution - 3.1 SP2
  Can some body please suggest what could be the exact issue ?
  Regards,
  Jai

  Hi,
  does SAP as an authentication option appear in the CMC when you logon and navigate to the authenticatoin area ?
  ingo

• Security Flaw: Screen Saver Authentication

  Hi,
  I have found a security flaw, it exists in both Panther and Tiger. If a system has 2 accounts, the first account being active and locked through a screen saver. The second account (if administrator) can type their username/password in the authentication screen, and it will unlock the first account. This works if the first account is an administrator or not. Any administrator username/password will authenticate any other account from the screen saver authentication box. I have proven this on 2 machines, a D2.5 G5, and a 1.6 iMac G5.
  Please contact me for further testing.

  it's not a TECHNICAL flaw, it is however a logical flaw, yes.
  Because admins are part of the sudoers files, one admin does have the permission to unlock another admin like that, the same as how when logged in with one account you can use another admin account to authorize the installation of software (why it's not necessary to be logged in with your admin account)
  The behavior I suspect you desire is the behavior Windows uses, where when you use an admin account to unlock a computer, it logs out the user who locked it (assuming the admin isn't the one logged in).
  I suggest you submit a feature request to Apple.

• ADFS 3.0 Windows Authentication not working

  I recently upgraded from ADFS 2.1 and TMG 2010 as the reverse proxy to ADFS 3.0 and Web Application Proxy as the reverse proxy.  I have upgraded to ADFS 3.0 successfully and it is working without anything changing to the end users.  This is still
  using TMG 2010 as the reverse proxy. 
  When I make the changes to use WAP as the reverse proxy, I get prompted with a forms based authentication page instead of the usual windows authentication screen.  This poses a problem since this creates an extra step for people when logging on to our
  sites that use SSO since there's no "save password" box.  I can move the traffic back to TMG and it's back to working like it should but we are looking to remove TMG very soon.
  When I am on the "inside" network connecting to ADFS without the reverse proxy, it works just fine.  However, ALL of our users are "outside" of the network will be using the reverse proxy.  None of the computers are domain joined.
  The issue seems to only be when using Web Application Proxy server to service ADFS SSO requests.....TMG servicing these requests does not have this issue.
  What's the difference?  How can I get this functionality back with WAP?

  Hi Eric,
  Based on my research, when publishing applications that use Integrated Windows authentication, the Web Application Proxy server uses Kerberos constrained delegation to authenticate users
  to the published application.
  To use Integrated Windows authentication, the Web Application Proxy server must be joined to an AD DS domain.
  More information for you:
  Web Application Proxy: Some applications are configured to perform backend authentication using Integrated Windows authentication but the server is not joined to a domain
  http://technet.microsoft.com/en-us/library/dn464299.aspx
  Best Regards,
  Amy

• Authentication with Edge, weinre is not supported for Fiddler

  Environment
  laptop- laptop Windows 7
  mobile- iOS iPad
  I installed Edge, the iOS client, chrome extension, as well as Fiddler and CharlesProxy. We have an app that requires authentication, and the UN/PW cannot be passed via URL params. I configured the iPad to use a proxy, as detailed in  http://blogs.adobe.com/edgeinspect/2012/05/16/shadow-charles-proxy-virtual-hosts-workflow/  Both proxy apps use port 8888 by default.  The site I am trying to hit is external and not a localhost. Here is what I am seeing so far.
  Using Fiddler, I am able to connect remotely, and essentially, what is shown on the iPad is a mirror of my laptop's chrome browser. The problem is that I am unable to initiate remote inspection using weinre, specifically, under the weinre remote button, my device is not listed
  Using Charles Proxy, again, I can connect remotely, but am unable to get past the authentication screen. However, weinre's remote inspection is working and my device is listed under devices. The request looks correct, but when I try to enter a valid UN/PW in the iPad, an error dialog shows with "server returned incorrect response type [200]".
  How is the correct way to authenticate with Charles? Or is there a way to have weinre attach correctly using Fiddler2?
  TIA.

  Hi Christian,
  The error you saw should only occur for a subscription used with a free trial offer type. Please use the below link to open a support ticket.
  http://azure.microsoft.com/en-us/support/options/
  You can check the following links for similar issues.
  The operation is not supported for your subscription offer type
  Could not submit the request to create database
  DBNAME. The operation is not supported for your subscription offer type
  Thanks,
  Lydia Zhang
  If you have any feedback on our support, please click
  here.
  Lydia Zhang
  TechNet Community Support

• SSL - Always Prompted with "Request Authentication"

  Hi,
  We have developed an Applet which works as an Download Manager and we had it signed as it needs to access the file system of the users. We have two deployment environments one over SSL (Entrust) and other Non-SSL. The signed applet works well over Non-SSL, but over SSL, it always keeps prompting with the "Request Authentication" screen.
  The following are the details of our application and JRE does
  not seem to recognize the certificate using which the Applet was signed.
  <ul><li>     Webserver - IIS V6.0
  </li>
  <li>     Website SSL Certificate authority - Entrust
  </li>
  <li>     Code Signed using .pfx {Applet}
  </li>
  <li>     Browser used - IE/Firefox</li>
  <li>JRE version - Latest
  </li>
  </ul>
  Now when I access the application from a browser, whenever I
  invoke the Applet, everytime I get "Request Authentication" pop-up window always.
  "*Please select certificate to be used for authentication*" And
  there is a list box below, which is always empty. This pop-up opens whenever there is an <applet> tag in the window and alos for button clicks within the applet.
  However when I access the same
  portal over non-SSL connection, everytime seems to work fine and a Prompt is
  popped up to accept the certificate from <Issuing authority> and I dont
  get a List box as I used to get before over SSL connection. Has it something to
  do with the SSL connection? or should the Applet be signed differently to work
  over SSL?
  The command line code which i use for Signing is
  *keytool -list -storetype
  pkcs12 -keystore*
  <certificatename.pfx>
  *jarsigner -storetype
  pkcs12 -keystore SLB SDC Software Code Signing Certificate.pfx -storepass
  "*<Password>*" DownloadManager.jar "*3ba9.........2c8*"*

  It was a problem with my IIS settings. It was always expecting Client certificate from browser. I had changed the follwoing setting Change on IIS for m webistes virtual directory and the problem on "Request Authentication" got resolved.
  * Right Click virtual directory on IIS and select Properties.
  * Directory Security (tab) --> Server Communications --> Edit
  * Client certificates --> Ignore Client Certificates + Save
  Regards,
  Amrish

• Double authentication upon wake from long sleep

  Hello - When my MacBook Pro (details below) sleeps for more than 12 hours or so, it goes into some kind of deep sleep. I authenticate, it gives a little progress bar at the bottom of the screen as if it is resuming OS X or something, then I get the same authentication screen again to log into my computer. But the second screen is not active for quite a while, maybe 2 minutes or so (I cannot type, the trackpad does not register any movements, etc.). Then finally I can start using the computer.
  I changed the hibernate settings to traditional sleep mode (suspend to RAM), but that did not do anything that I can tell to solve the problem. Can anyone help me with ideas about how to fix this terrible situation? My older iMac does not exhibit this behavior at all.
  MacBook Pro (13-inch, Mid 2012) 2.9 GHz Intel Core i7 running 10.10.3

  I am really not convinced that this is a "display" problem in and of itself now since I have seen scores of posts throughout the Apple Forums with various Macs and Displays that complain of the same symptom.
  I have been chasing this problem now for 3 months (looks like it started for some people going back to at least September 2009). I have (3) identical SONY 23" CRTs connected to my Mac Pro via two PCI video cards, but I am having trouble with only ONE monitor so far (doing the same thing you describe in previous posts - won't wake up from a long sleep - a few hours).
  • First I purchased a new monitor cable for the monitor in question - no change
  • Next, I purchased a new VGA to DVI Apple Adapter - no change
  • Next, after talking to AppleCare Tech support and trying SMC reset, PRAM reset, etc. they sent me a NEW ATI 2600 video card - installed new card - no change
  • Tried swapping suspect monitor to connection on other card (known good card) - same monitor would not wake up!!!
  • Purchased new GT-120 video card to replace the new ATI-2600 - same problem.
  This leads me to believe that it is either a problem with the OS somehow or perhaps some monitors just need a stronger signal to wake up??? Maybe my 3rd monitor is just getting tired compared to the other two and need a bigger kick to wake up?? Maybe some of these new flat screen LCD/LEDs need that extra kick out of the box?.
  All I know is that I have seen scores of complaints on this issue all over these forums with different Macs, Different types of displays (new and old) and various video cards - the only common denominator I can find is the OS.
  Message was edited by: ChoreoGraphics
  Message was edited by: ChoreoGraphics

• NAC appliance local authentication not working

  Hi,
  i am trying a test scenario for NAC. it is oob virtual gateway
  I get the login page when i try to access the web but when i try to authenticate to the local db i don;t receive an error message and i remain on the authentication screen.
  I listened with tcpdump on both interfaces. on the untrusted side i see traffic but on the trusted side no diffrence in traffic appears(but maybe this is normal)
  can someone please help with the detailed steps the authentication follows
  not just host->nas->nam(localdb)
  or some ideas
  Thank you!

  I doubt this will help, but here goes. I seem to remember a similar issue here, and I went into my browser's proxy settings and turned them off. Then I could authenticate, but not browse the web. So after authenticating I turned them back on and it was fine. There is a tab on the NAC Device Management > Clean Access Servers > >Advanced> Proxy where you can tell clean access about a proxy server, but I don't know if that's relevant.
  I assume you have verified that your local user ID works by testing the auth server with it and that it has a profile that allows you to go someplace.

• Calling portal application via it 's url from R/3 (with authentication)?

  Hello,
  how to call portal application by its url from R/3 (using ABAP)? How to avoid authentication screen?
  Best regards,
  Josef Motl

  <i>What I want is to call portal application on background (not to call browser).</i>
  you can use CL_HTTP_CLIENT class or HTTP_GET or HTTP_POST function modules for the same. (but you need to pass the user id /pwd in the program) (ITS doesnt fit your case)
  check out the demo programs.
  for CL_HTTP_CLIENT
  RSHTTP01
  HTTP_GET/POST
  RSHTTP20  
  RSHTTP70  
  RSHTTP90  
  Regards
  Raja
  Message was edited by: Durairaj Athavan Raja

• ISE 1.3 Disallow authentication to network based on group

  ISE 1.3
  MS AD 2008R2
  Two Groups: All Employees , All Students
  Problem: Students connecting to the employee network
  I have two wireless networks STUDENTS and EMPLOYEES. In ISE I have two authorization policies for these networks. In a prior effort to keep students from connecting to the employee network, I set the authorization policy to:
  Employee: If (Wireless_802.1X AND AD1:ExternalGroups EQUALS mydomain/User Accounts/All Employees AND AD1:ExternalGroups NOT_EQUALS mydomain/Students/All Students) then: Employee_Profile
  Unfortunately this did not work. Students have their own username and password in AD and so does each faculty/staff member. I have verified that the students are using their credentials and connecting to the employee network. Conversely, I can connect to the student network using an employee's credentials. The main issue is that with the students connecting to the employee network, they are using up all of the addresses in the applicable DHCP scope.
  I need to disallow connection to the employee network by students and the student network by employees.
  Any help would be appreciated!
  Kevin

  Hi Kevin-
  A couple of questions/suggestions:
  - Is there a chance that the students are also part of the employee AD group? I know it is a silly question but I must ask :) In fact, when a successful authentication happens, you can open the "detailed authentication screen" for that session and you can see all of the AD groups that the user is member of
  - Have you tested this yourself? For instance, you can create a test account in each group and then try it for yourself
  - Another silly question but can you confirm that each SSID has a unique interface in the WLC, thus going to a different subnet/DHCP scope
  - I would make your authorization rule a bit simpler. I would like you to remove the: 
  "AD1:ExternalGroups NOT_EQUALS mydomain/Students/All Students"
  When it comes to AD groups, ISE would process them in a "top-down" fashion and as soon as a match occurs, ISE would stop looking. I don't think this is the issue in your case but still worth the try. 
  - If the main issue is lack of DHCP addresses then why not address that? :) For instance, you can:
  1. Expand the DHCP scope (From let's say /24 to a /23)
  2. Assign a "secondary IP" address to the L3 interface, thus giving it more subnets
  3. Utilize "Interface Groups" in the WLC, that way you can have multiple subnets tied to the same SSID
  Thank you for rating helpful posts!