De-authenticating users with multiple active sessions

Similar Messages

• Msg #732 - The 'Block authenticated user' rule is active.

  Hi, I'm Viola, from Italy.
  I have a problem with Mail 1.3.11. When I receive some emails (I don't with what criteria), instead receive the right email, I receive the following email:
  From: [email protected]
  Subject: Alert from eSafe: HTML Active Content Msg #732 - The 'Block authenticated user' rule is active.
  Time: 15 Mar 2006 11:58:39
  Scan result: Mail rejected
  Protocol: POP3
  File Name\Mail Subject: imeilconunoggetto
  Source: 217.115.16.5
  Destination: 192.168.1.10
  Mail Sender: [email protected]
  Mail Recipients:
  Details: HTML Active Content: Msg #732 - The 'Block authenticated user' rule is active.
  So, instead receive the email from [email protected], I receive the email from [email protected] without the content sended from [email protected]
  It's not a problem with the provider because if I go on the provider site and I login with my email, I can read emails without problems.
  Can you help me, please?
  Thank you,
  Viola

  Hi Frank,
  thanks for the quick reply. I got the code for how to use FacesContext...but where should i implement the code? do i have to create a backing bean or something? how to use a backing bean if i have to display the same information across every page during a session? where, for example, should i use the following code fragment?
  FacesContext fc = FacesContext.getCurrentInstance();
  ExternalContext ec = fc.getExternalContext();
  userName = ec.getRemoteUser();
  Please explain how to go about it. thanks

• How can I find out if a user has an active session

  How can I find out if a user has an active session or sessionObject in the application Server.
  When a user logs on to my web-application, I want him to be able to see a
  list of all the other users that are also loged on. To do this I need to get a
  list of all the session objects avaliable in the sever at that perticular moment?
  In J2EE 2.1 I found the class "javax.servlet.http.HttpSessionContext" with the method "getIds()"
  that returned all the session Id's. By using the method getSession(java.lang.String sessionId)
  from the same class, you could then retrieve the sessionObject.
  But these methods are depricated (and want to be able to use the
  latest version of J2EE).
  Is there any other way to do this?
  I'm using JBoss application server.

  Check out HttpSessionListener -> http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpSessionListener.html
  Essentially what you have to do is implement this interface. You also have to register the listener in your web.xml, like this:
  <listener>
      <listener-class>
          package.name.YourListener
      </listener-class>
  </listener>sessionCreated() will get called each time the app server creates a session and sessionDestroyed() will get called each time the app server invalidates a session. You could have a Map that contains all the active sessions, and a method for printing a list of all of the active sessions.

• Need MBAM 2.5 Helpdesk and selfservice sites to open for authenticated users with no password prompt

  I Need MBAM 2.5 Helpdesk and self service sites to open for authenticated users with no password prompt. I just cant seem to get this to work. The account used in the application pool has its SPN registered and delegation set. I can use that account to login
  to the sites but am prompted for a password. That said anyone I add into the helpdesk users group cannot negotiate the sites. Only the account I have set in the application pool can. I want domain authenticated users that have been added to the MBAM Help Desk
  Users group to negotiate the site with NO password challenge at all.
  tconners

  This generally means that your SPN is not set up correctly.  Let's say the web server you installed the SSP on is lance.contoso.com and your app pool creds are corp\lance.  You should set an SPN similar to setspn -s http/lance.contoso.com
  corp\lance.  In your browser, you should now be able to access the SSP without prompts.  However, if you still get prompted, generally that means that your local intranet zone in IE does not have an entry for *.contoso.com.  Since you are entering
  an FQDN in your browser, IE interprets the "." to mean "on the internet" which breaks Kerberos authentication.  By adding *.contoso.com to your local intranet zone, you are telling it that lance.contoso.com is on the intranet, so use
  Kerberos.
  I can confirm, that I have exact configuration and I always get the password promt for the very first time. We have 2 server (1xIIS and 1xSQL) infrastructure in production with SPN set like it should and I get the password prompt.

• How to Re-Authenticate an user to an active session

  Hi frns,
  Following is my existing flow.
  Initially the user logs in with valid usename and password. He will do some transactions in the application. Meanwhile if he is idle for more than 15 minutes, the current session will be lost and then if he wants to continue with the application he will be forcefully sent to the login page to get authenticated once again.Now we have to start the transaction freshly.
  Following is my new requirement.
  While doing some transaction,If the user is idle for more than 15 mins,one authentication jsp page should be displayed on the current screen asking the user to enter usename and password once aagain. If the authentication is succeeded then he should get back to the same screen previously he is doing transaction and allow the user to continue the transaction.
  Here two scenarios should be considered.
  1) The Re-Authentication screen should be displayed on the top of the screen in which he is idle for more than 15 mins.
  2) If the Re-Authentication succeeds, then user should be allowed to continue the transaction in which he is idle previously.
  Please help me in this regard. Very urgent...
  Thanks,
  Srinivas.

  The idea is to seperate the session management from the security management.
  We want the user's sessions to last for a long time but there still needs to be an upward limit. So a good limit is four hours. This allows a user to go to a meeting or to lunch and then return and pick up where he left off. So we set the session time on on the server to four hours.
  However if there is fifteen minutes of inactivity we want the user to re-authenticate himself. So if the user goes to lunch we don't want some one to be able to access his session. This is different from expiring the session. We don't expire the sesion but we expire the user access to the session.
  So we create a security module that handles all user authentication. We creat this module as a Servlet Filter so that all requests have to pass through the module. On initial request we redirect the user to a log in page where he provides his username and password. On authenitcation we create a user object that we store in the session. We also store the date/time that the request was made in a hashmap using the session or session id as the key.
  On subsequent requets we can chedk for the existance of this object to see if the user has been authentcated. If the user object exists we retrieve the date/time of the last request and check to see if fifteen minutes has expire between requests. If the time difference is less than fifteen minutes we store the new time in the hasmap. if the time difference is greater that fifteen minutes we redirect the user to a log in page.
  There are certain mantainance actions that wlll need to be done:
  1: Removing expired session entries from the hashmap using HttpSessionListener.
  2: Differenciating a normal request from a re-authorization request
  3: Forwarding the user to request resource after re-authorization

• What is a "logged in user" on the "Active Sessions" report in CF8 Server Monitor?

  I was looking at the Active Sessions Report (The Chart View) and saw I have more "logged in users" than "active sessions".
  I had expected them to be nearly the same.    It's on our Intranet where I log users in (using cflogin and cfloginuser) at the begining of their session and users should be logged when the session ends.
  I couldn't find a detailed explaination of what a "logged in user" means.   There is a chance that the same user is logged into a nested application as well as the Intranet, but I don't think that is what I'm seeing.
  I also don't see a way to get a list of what CF is counting as a logged in user.  I can only see a way to get the total count.
  Any help is appreciated. 
  Thanks,
  Jeff

  Thank you Michael for the reply, but I don't think that is the issue.
  When a user opens their browser on the intranet, a session begins and they are logged in (using the cflogin and cfloginuser).    If they close their browser, the session should hang around for 20 min. (per the server setting).   I am assuming this is still considered an "Active Session" since I can see this behavior in the report.
  At first, the Active Sessions and Logged In Users are exactly the same.   When the sessions start to time out, the active sessions are reduced,  but the Logged In Users remain the same.    Then,  after a while, they start to move together.  So I have more Logged In Users than Active Sessions.
  I left the Server Monitor open last night and for most of the night, I had 0 sessions, but 57  "logged in users".   This morning, as people opened their browsers, the Active Sessions and Logged In Users moved together.   The gap of 57 looks consistent.
  It looks like people are remaining logged in after their session ended.
  I am really looking for a detailed explaination of "active session" and/or "logged in user" as used in the server monitor.  It would be really nice to find a way to list the details about each item counted in the "logged in user" and not just the total count. 
  Thanks Again for your reply.
  jsm

• Remote Access VPN Users with CX Active Authentication.

  I have ASA 5515 with CX for webfiltering , also have enabled remote access vpn . All my inside users are able to get active and passive authentication correctly . But for remote access VPN users , they are redirected to ASA external ip and CX authentication port 9000 but a blank page comes in and there is no prompt for authentication. I wasnt doing split tunneling , but now i have excluded ASA WAN ip from the tunnel and still have the same issue.
  The CX version we have is 9.3.1.1

  Have you excluded the VPN traffic from being NATed when traffic is going between clients?
  Please post a full sanitised configuration of the router so we can check it for configuration issues.
  Please remember to select a correct answer and rate helpful posts

• How do you setup multiple users with multiple devices on itunes?

  I'm trying to find the easiest solution to our family music situation.  4 users, 4 devices (ipods, ipad, imac, pc laptops), and 4 different musical song interests.  I'm sure there are millions of households that have the same exact situation.  I want to be able to pull up only my musical library, not my kid's music, and then easily synch it to my ipod.  Everyone in the family wants to do this same thing.  I have spent alot of time trying to search the forums/internet and there does not seem to be one "most popular" solution.  I did setup iCloud for each family member using a different Apple ID than my main Apple ID, and I'm happy that ALL the music shows up on my ipad.  But between iCloud, MobileMe, Home Sharing it all gets very confusing.  Some say to setup multiple computer login accounts, and others say to setup 1 playlist for each family member and synch from that playlist.
  I would think 1 itunes account allows you to easily share a purchased song with 4 users, instead of buying songs twice.
  So here are a few of my questions-
  1-Is it best to have only 1 itunes account and then synch all devices off of 1 main computer? 
  2-Or since we each have iCloud accounts, will they be able to synch their ipods from their own pc laptop?
  3-And when they synch, what is the easiest way to exclude other users music in itunes? (other than unchecking hundreds of artists)
  4-Or setup 4 separate computer login accounts on the imac and then keep 1 itunes account?  If so, how does this work when they open itunes?
  Again, I'm hoping for a straightforward simple solution.  I don't want to move & create libraries, download 3rd party software, etc. etc.  Please reply if you found something that works for your family.  Thanks in advance.

  Richmaster wrote:
  turingtest, I do have a couple questions. 
  Number one, does everyone in your family only sych their ipods from only 1 computer?  If everyone only uses itunes from 1 computer I can see how that will work.  But what if kids want to use itunes for windows?  Will "Home Sharing" allow all their music purchased on the MAC, to be also displayed on their itunes for windows laptop?  I noticed you have PCs and also an ipad.  How do you manage your family's music on these devices?
  Also, how did you first get everyone's music library into their own library?  Drag & drop?  Is the "grouping field" you mentioned under "view", then "view options"?  What does this do? 
  Thanks.
  Sorry I missed your post earlier. Normally I follow up on any replies. This one must have fallen off the page on a busy day.
  As my kids have left home I have created for them a complete clone of the familiy library, then deleted the tracks from it they don't want. Over time their libraries will divirge, but if needs be they can still update their devices using the library at home. Handy when eldest's kit was stolen.
  Grouping is just another property, useful because it isn't generally overwritten by other software but is stored in the tags, so preserved when you copy files from one place to another. You can make the column visible and edit for multiple tracks in Get Info. Some software calls the same field "mood" or "sub-genre". iTunes has a specialist purpose for it generally used with classical music, but it doesn't seem to work very well for that and I don't use it that way.
  tt2

• How to search data with multiple parameters =SESSION

  Dear Günter Schenk
  Please help
  I have two Tables with many fields
  1.       tbl_users
  2.       tbl_transection
  Now problem is that I want when user login he make search in " tbl_usr_transection " related its own Transactions other then he view all user data
  I have one column about user in transaction table i.e. "fld_transection_by"
  I am using SESSION to filter all transaction its related user and its working fine.
  <?php echo $_SESSION['login_id']; ?>=<?php echo $row_rstbl_transections[' fld_transection_by ']; ?>
  Now how to make search from filter rows in many field
  Please explain in detail
  Thanks in Advance

  Hi, It sounds like you need to carry those variables into your mySQL statement.

• How can I create a portal server authentication user with a batch

  hi,
  I am trying to import users into the portal server emulating the create user procedure as plumtree. What I cannot understand at the moment is which classes are involved in the sequence of creating a user.
  the problem starts from the fact that I have used a synch WS and it works but, being the table a dummy one and the users to be authenticated by the portal server, I couldn't use that synch as a definitive.
  I tryed using plumtree.server.CIPTUser class with no success. could not understand how to actually create the user after setting the parameters to the object.
  Is there any documentation explaining how to create the portal server emulation of create user. this could be usefull for all those cases when there is no central repository of user and passwords.
  thanks
  Mario

  This should get you started.
  IPTUser=IPTSession.GetUsers.Create(iAdminFolderID)
  IPTServerContext=IPTUser.GetInterFaces("IPTServerContext")
  IPTServercontext.Store
  This is a high level implementation. It should get you very close.
  thanks,
  Craig

• User with an active Adobe ID on a paid subscription, tries to open InDesign CC and is prompted with a Login screen for the "trial version".

  The user had the program open earlier today. But now, she can't open the program and gets prompted with the login screen. I don't want her to login as it mentions the "trial version" of the software. We have a paid subscription.
  The application opens successfully on other work stations.
  I am running the Adobe CC Installer update on her machine now.
  Why did her login suddenly become deactivated?

  Chat Now button near the bottom for Activation and Deactivation problems may help
  http://helpx.adobe.com/x-productkb/policy-pricing/activation-deactivation-products.html
  OR
  Asked to sign in after paying may help
  -http://helpx.adobe.com/x-productkb/policy-pricing/activation-network-issues.html
  or
  http://helpx.adobe.com/creative-cloud/kb/license-this-software.html
  Membership and Payments http://helpx.adobe.com/x-productkb/policy-pricing/membership-subscription-troubleshooting- creative-cloud.html

• Users with multiple primary email addresses

  I have some users that have multiple email addresses. I need to keep these email mailboxes completely separate. I do not want proxy email accounts all going into one inbox. So, how can I create multiple mailboxes for the same user ([email protected] and
  [email protected])? I need userA to log into each email account separately. I basically need a way for the system to see these as two different users all together, the problem being the username login only uses the userA
  portion and not the whole address. Any help would be appreciated.               

  User A can have one mailbox associated with his ID.  You can create other "User A" mailboxes with different names and e-mail addresses as shared mailboxes and grant User A full mailbox rights and send as right.  User A can
  then connect to each one of them separately.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Exchange 2010 - Selecting display names for users with multiple mailboxes

   Hi all,
  This isn't so much of a problem, but more of a "What is the best way to handle this" sort of thing.
  I have a client with Exchange 2010 and multiple domains. Because they must be able to send as each domain, I have them setup with individual accounts/mailboxes for each domain. We're at a point that they have three domains which means three accounts per
  user and three listings in the GAL. Their original accounts shows up as Smith, John. The second domain added shows up as First last. I'm at a loss what to use for the third. They want each account to show up in the GAL so that other users can send account
  specific stuff to them if needed, but I'm trying to figure out how to keep this relatively organized and not make the name on outbound emails too convoluted.
  Any suggestions on a format I can use that will make these accounts stand out from each other in the GAL, but not be a hot mess on the recipient end either?

  Smith, John (Company A)
  Smith, John (Company B)
  Smith, John (Company C)
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• How i get user info from ldap using java after authenticating user with SSO

  Hi
  I have one jsp/bean application as a partner application with SSO.
  It works fine.
  Now i need to get other attributes of user from LDAP who has logged into the application through SSO.
  using SSO java APIs i only get username, userDN, subscriber info.
  To get user's other attribute i have to user LDAP APIs for that i have to create on Directory Context, for the same i need userpassword.
  so here i my question, how do i get user password after he has logged in thro SSO.
  regards..
  and thanking u in advance
  samir

  Valentina,
  there's no way to get the password value from the directory (it's one way). Of course you can get the hashed (MD4,MD5,SHA-1) base64 encoded value (i.e. the value you see in OiD) but not the 'password'.
  --Olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• Can anyone please advise me how to set up multiple users, with multiple devices while only sharing one iMac, thanks.

  My partner and I both have iPhones and iPads but share an iMac, as our contacts and calendars go through iCloud, both gets merged when it comes into iCal and contacts. Do we have to set up separate accounts on the iMac to handle this correctly? Thanks

  How to use multiple iPods, iPads, or iPhones with one computer