Deep Linking and NTLM Authentication

Similar Messages

• Http method not recognized and ntlm authentication

  Does anybody know why ips signatures fire on ntlm authentication proxy? In our environment we have ISA 2004 and the ips is complaining about http not in rfc specs and http not recognized. Is it possible that ips does not understand ntlm proxy authentication?

  These signatures are policy enforcement signatures. They are firing because the AIC engine has determined that the NTLM proxy application is running a non-web http based protocol on a web port. That will trigger 12674. 12676 is triggered when there is an HTTP request method being seen that is not in the list of acceptable HTTP request methods (listed in 12676 config). Currently, the method list should be considered static, even though it appears that you can add to this list, there are known issues that make updating it unreliable.
  I'd look at the alarms to see if either the attacker or victim address is constant. I'm not sure how it will fire, but if one side is consistently the ISA system, then you can probably implement an alarm channel filter to keep those two signatures from firing with the ISA as the attacker/victim. Personally, I'd consider disabling the signatures since they are not compatible with your network policy.
  WRT to tuning 12676, the entire AIC engine is being actively worked on to improve its robustness and functionality, though no specific release vehicle has been determined--yet.

• How to open an external link with NTLM authentication

  Hi,
  My customer needs to open a link with parameters, and go directly to a specific page. The problem is the application uses NTLM to get the session first. After silence login, the parameter value is lost. Here is the link look like:
  f?p=200:1:0::::P1_ID:602:
  After authentication, it gets session and becomes:
  f?p=200:1:24365643544345
  Can anybody help me with this?
  Edited by: user8991541 on Apr 20, 2011 5:57 AM

  A UDL is technically a text file, so you could open it with "Read Characters from file", put the result string into a string control, edit it and save it back using the "Write Characters to File".
  UDLs however have their own configuration dialog embedded in the Windows OS. You can use this dialog in your LabVIEW application. The attached VI shows how to create a new UDL. You can edit an existing UDL by switching the method node to PromptEdit and wiring in an open ADO connection reference.
  Attachments:
  ConfigureDatabaseConnection.vi ‏26 KB

• OSB business service and NTLM authentication

  Hi,
  Is there a solution to use OSB business service with http transport and this bs authenticates itself with NTLM
  thanks Edwin

  Hi Manoj,
  We want to connect our production esb to the ERP ( IFS) system and we want to do this with the OSB. The ERP system has a lot http services and they are all running on jboss. On this app server they have enabled ntlm so users can their account to fill in there project hours /administration.
  I got this working with a authenticator in a jdeveloper 11g web service proxy client. ( http://biemond.blogspot.com/2009/04/jax-ws-web-service-proxy-client-and.html )
  thanks Edwin

• Portal Drive Single Sign On and Kerberos Authentication

  Hi,
  We are using NW2004s SP10 Portal and we have successfully configured Kerberos authentication with Windows Active Directory 2003. To access the KM Content in windows explorer format, we are using Portal Drive but Portal Drive still asks for authentication i.e. SSO is not working for Portal Drive. I have understood from the forums and sap help site that SSO from portal drive will work only for NTLM authentication and client certificates. Can you please help regarding below questions.
  1. Can Kerberos and NTLM authentication be configured together.
  2. If yes, what are the steps to configure NTLM authentication for NW2004s SAP Portal and Active Directory 2003.
  3. Any other approach to make Portal Drive SSO work.
  Helpful answers will be rewarded.
  Regards,
  Chandra

  Hi Gregor,
  I did two things:
  first i made a change in the portalapp.xml in the PAR file "com.sap.km.cm.par". In the section authentication scheme for "docs" I changed the authentication scheme to "default" to make sure that documents are opened using the default authentication scheme (SPNego) instead of basic authentication
  second, I used the SPNego wizard to configure SPNego. So I didn't adjust anything in the Visual Admin or the authentication template apart from adding the Template to the Ticket policy configuration.
  Again, this only worked after installing the latest vesion.
  Hope this helps
  Marcel

• Xbox Music API: Deep Link for Xbox Music Pass

  Hi all!
  I am building an app which uses Xbox Music API.
  There's a guide to deep-linking, and there's explanation on how to build the affiliate link for track/album purchase, but I couldn't find how to build affiliate link to buy Xbox Music Pass. Is there any information on how to get it?

  I recommend that you post your question to the XBox forums:
  http://forums.xbox.com/?xr=shellnav
  Matt Small - Microsoft Escalation Engineer - Forum Moderator
  If my reply answers your question, please mark this post as answered.
  NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined
  objects and unknown namespaces.

• Is it possible to get explicit parameterized URL by deep linking?

  Dear All
  i am working on ADF BC and jheadstart. in my app, i want to produce explicit paramterized URL for use to get access to particular record in the database table. i.e. if .../faces/pages/Library.jspx is appended with ?id=5 and put in a browser, user will get the page that shows the record where id=5.
  i studied the 'deep linking' and found out it worked for a link in a page but no explicit URL can be found. can someone point out a solution for me? thanks!
  regards
  Jerry

  Hi Jerry,
  You could change the Enable Deep Linking Expression to also use a request parameter instead of looking at the JSF navigation outcome. You could then deeplink to a page using a url like.../faces/pages/Library.jspx?deepLink=true&id=5.
  For an example see the JHeadstart blog post Fusion Cooking at http://blogs.oracle.com/jheadstart/2007/03/07#a143.
  kind regards,
  Sandra Muller
  JHeadstart Team
  Oracle Consulting

• Deep linking not working in Flex 4

  Deep linking is working in Flex 4 (using Flash Builder) when I debug and run the application, but not when I do an export release build.
  So I tried using the files from the bin-debug directory, and noticed that deep linking only works when the files are in the bin-debug directory. If I move them from there, they don't work.
  And to make things worse, my Flex 3 builder is not generating the HTML wrapper when using the Flex 4 SDK and deep linking. So I am screwed in every way. I really need help to get my app launched. It is finished, but stuck on my computer.
  Is this a know problem? Thanks very much for any help.

  If anyone run into this poblem, I just figured out half the problem. The javascript file (history.js in the history directory) only checks for url with (http://), so if you are testing and in your browser you have file://loc_of_html_file, then it will not work.
  On the other hand, my next problem is still unresolved:
  Flex Builder 3 is not generating the HTML wrapper when using deep linking AND with the Flex 4 SDK.
  Thanks.

• Collaboration Room Deep Linking

  Wonder if anyone has looked at this before ?
  I know you can deep link direct to a collaboration room using a URL such as:
  http://xyz.com/irj/portal?NavigationTarget=CollaborationConnector://portal_content/com.sap.ip.collaboration/Rooms/7068630d-c3dd-2e10-89ba-c179eadcef5a/workset/
  Does anyone know if its possible to drill down further than this whilst at the same time maintaining the portal context .... so down into a folder structure under Documents and Links for example.
  I dont want just a KM URL for the document - which is what happens if you do a "Send To" command on an item.
  Thanks in advance.
  Haydn

  If anyone run into this poblem, I just figured out half the problem. The javascript file (history.js in the history directory) only checks for url with (http://), so if you are testing and in your browser you have file://loc_of_html_file, then it will not work.
  On the other hand, my next problem is still unresolved:
  Flex Builder 3 is not generating the HTML wrapper when using deep linking AND with the Flex 4 SDK.
  Thanks.

• NTLM Authentication in the Outlook Anywhere

  I use Exchange Server 2007 sp1 RollUp 6 installed on Windows Server 2008. I need to use Outlook Anywhere from non-domain computers. I test Outlook Anywhere with Basic and NTLM Authentication and all works fine. But when I use NTLM authentucation, Outlook promt user credential every time when it start, even "remember password" was checked. The login and password are remembered in the network password of user, but Outlook prompt password again and again, when it starts. Exchange published by 443 port directly (without any listeners)!
  When I connect by VPN, and use TCP/IP connection to the server, Outlook remeber password withoun any problems, and did not ask password again.
  get-OutlookAnywhere:
  ServerName                 : SRVEXCH2
  SSLOffloading              : False
  ExternalHostname           : mail.my_domain.ru
  ClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods   : {Ntlm}
  MetabasePath               : IIS://srvexch2.net.local/W3SVC/1/ROOT/Rpc
  Path                       : C:\Windows\System32\RpcProxy
  Server                     : SRVEXCH2
  AdminDisplayName           :
  ExchangeVersion            : 0.1 (8.0.535.0)
  Name                       : srvexch2
  DistinguishedName          : CN=srvexch2,CN=HTTP,CN=Protocols,CN=SRVEXCH2,CN=Servers,CN=Exchange Administrative Group (
                               FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=S
                               ervices,CN=Configuration,DC=net,DC=local
  Identity                   : SRVEXCH2\srvexch2
  Guid                       : 2c24f11b-852c-4948-b236-3f37d071d500
  ObjectCategory             : net.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
  ObjectClass                : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged                : 18.02.2009 14:17:55
  WhenCreated                : 17.02.2009 14:53:36
  OriginatingServer          : dc1.net.local
  IsValid                    : True
  I have tried this cases, but they have not helped for this issue:
  1) Disable kernel mode authentication with this command: %systemroot%\system32\inetsrv\AppCmd.exe set config /section:system.webServer/security/authentication/windowsAuthentication /useKernelMode:false, I  also have unchecked Kernel mode authentication in the properties of Windows Authentication for Default Web site, \Rpc and \Autodiscovery virtual directories.
  2) Modify this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa lmcompatibilitylevel=3 and 2.
  3) Set NTLM instead of Kerberos on the security tab in the properties of Outlook.
  4) Install domain controller and global catalog roles on the Exchange Server.
  Somebody have any solution for this issue? May be Outlook Anywhere and NTLM do not work at all?

  Have you also seen this:
  You must provide Windows account credentials when you connect to Exchange Server 2003 by using the Outlook 2003 RPC over HTTP feature
  http://support.microsoft.com/kb/820281
  1.
  Click
  Start,
  click Run,
  type regedit in the Open
  box, and then press ENTER.
  2.
  Locate
  and then click the following registry subkey:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
  3.
  In
  the right pane, double-click lmcompatibilitylevel.
  4.
  In
  the Value data
  box, type a value of 2 or 3 that is appropriate for your environment, and
  then click OK.
  5.
  Quit
  Registry Editor.
  6.
  Restart
  your computer.
  LmCompatibilityLevel
  settings
  The
  LmCompatibilityLevel registry entry can be configured with the following
  values:
  LmCompatibilityLevel
  value of 0:
  Send LAN Manager (LM) response and NTLM response; never use NTLM version 2
  (NTLMv2) session security. Clients use LM and NTLM authentication, and
  never use NTLMv2 session security; domain controllers accept LM, NTLM, and
  NTLMv2 authentication.
  LmCompatibilityLevel
  value of 1:
  Use NTLMv2 session security, if negotiated. Clients use LM and NTLM
  authentication, and use NTLMv2 session security if the server supports it;
  domain controllers accept LM, NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 2:
  Send NTLM response only. Clients use only NTLM authentication, and use NTLMv2
  session security if the server supports it; domain controllers accept LM,
  NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 3:
  Send NTLMv2 response only. Clients use NTLMv2 authentication, and use NTLMv2
  session security if the server supports it; domain controllers accept LM,
  NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 4:
  (Server Only) - Domain controllers refuse LM responses. Clients use NTLM
  authentication, and use NTLMv2 session security if the server supports it;
  domain controllers refuse LM authentication, and accept NTLM and NTLMv2
  authentication.
  LmCompatibilityLevel
  value of 5:
  (Server Only) - Domain controllers refuse LM and NTLM responses, and accept
  only NTLMv2 responses. Clients use NTLMv2 authentication, use NTLMv2
  session security if the server supports it; domain controllers refuse NTLM
  and LM authentication, and accept only NTLMv2 authentication.
  Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator

• Deep Linking/URLKit for Tree

  Does anyone know if its possible (and if so, how) to use Deep Linking and URLKit to take a user to a particular node in a tree and open that branch item?
  Thanks,
  Dan

  aaaaand? what? nobody knows how to implement urlkit to Tree?
  UPD: oh. sorry. i fix it in my head))
  UPD2:hmm, fix it not enough
  i use this...
  protected function tree_changeHandler(event:ListEvent):void
  blablabla
  stringa =tree.selectedItem.@name;
  +
  <url:UrlValueRule id="Rule" stringValue="{stringa}" sourceValue="tree.selectedIndex" change="stringa = Rule.stringValue" urlFormat="|*" defaultValue="0"/>
  ... for my Tree and its change url, but when i enter my new url in browser its reset url and spit in my face...
  whyyyyyyyyyyy!
  ps:leaving one of stringValue/sourceValue don't make it work.
  maybe this forum have some people who implement urlkit for Tree well?

• External authentication and deep linking

  Can someone explain deep linking to me? All of the information I can find on this seems to come from a time before session info was required in the links. How do I link into an APEX app when I don't know the session info? This app has an "automatic" login based on the headers that are tacked on by the security proxy that handles logins.
  I have a custom page sentry; my Apex app is only accessible via a security proxy that sets a username in the header. So, if you can get to my app, you're authenticated. My page sentry then just checks if that authenticated user is in it's user table, inserts if not, and then sets some application items with some info from the user table. I just modified the mod_nmlt example to do this (and I have noooooo idea what some of that example is doing, so I left it alone as much as possible).
  I can make a link that has a recent sessionid in it, and then a new sessionid gets generated and it works as I hope, but otherwise I get "null sessionid" or "page not found" errors, depending on what I try to stick in for bogus sessionid.
  Here's my page sentry:
  create or replace FUNCTION Custom_Page_Sentry_Func (p_htmldb_user VARCHAR2 DEFAULT 'APEX_PUBLIC_USER' )RETURN BOOLEAN AS
  l_authenticated_username VARCHAR2(256) := nvl(UPPER(OWA_UTIL.GET_CGI_ENV('HTTP_IV_USER')),'NOT_AF_AUTH');
  IS_USER NUMBER := 0;
  L_CURRENT_SID NUMBER;
  v_userid NUMBER;
  v_user_baseid NUMBER;
  v_user_basename VARCHAR2(4000);
  BEGIN
  --The server is behind the login system, so if the ApEx pages are shown, the login has succeeded (and we will find the cookie)
  -- If logged in user is not a app user (doesn't exists in USERS table)
  -- THEN insert into app user table
  SELECT COUNT(*)
  INTO IS_USER
  FROM USERS
  WHERE UPPER(USERNAME) = l_authenticated_username ;
  IF IS_USER = 0 THEN
  INSERT INTO USERS (USERNAME,USERSTUFF) VALUES (l_authenticated_username,'111111111');
  END IF;
  apex_application.g_user := l_authenticated_username;
  SELECT USERID, BASEID, BASENAME INTO v_userid, v_user_baseid, v_user_basename FROM USERS
  LEFT OUTER JOIN CONTACT_PROFILES USING (USERID)
  LEFT OUTER JOIN BASES USING (BASEID)
  WHERE upper(USERNAME) = l_authenticated_username;
  apex_util.set_session_state('F105_USERID', v_userid);
  apex_util.set_session_state('F105_USER_BASEID', v_user_baseid);
  apex_util.set_session_state('F105_USER_BASENAME', v_user_basename);
  L_CURRENT_SID := WWV_FLOW_CUSTOM_AUTH_STD.GET_SESSION_ID_FROM_COOKIE;
  IF WWV_FLOW_CUSTOM_AUTH_STD.IS_SESSION_VALID THEN
  -- session is valid
  WWV_FLOW.G_INSTANCE := L_CURRENT_SID;
  IF l_authenticated_username = WWV_FLOW_CUSTOM_AUTH_STD.GET_USERNAME THEN
  WWV_FLOW_CUSTOM_AUTH.DEFINE_USER_SESSION(P_USER => l_authenticated_username ,
  P_SESSION_ID => L_CURRENT_SID);
  RETURN TRUE;
  ELSE
  -- username mismatch. Unset the session cookie and redirect back here to take other branch
  WWV_FLOW_CUSTOM_AUTH_STD.LOGOUT(P_THIS_FLOW => V('APP_ID'),
  P_NEXT_FLOW_PAGE_SESS => V('APP_ID') || ':' ||
  NVL(V('APP_PAGE_ID'),
  0) || ':' ||
  L_CURRENT_SID);
  WWV_FLOW.G_UNRECOVERABLE_ERROR := TRUE; -- tell htmldb engine to quit
  RETURN FALSE;
  END IF;
  ELSE
  -- application session cookie not valid; we need a new htmldb session
  WWV_FLOW_CUSTOM_AUTH.DEFINE_USER_SESSION(P_USER => l_authenticated_username ,
  P_SESSION_ID => WWV_FLOW_CUSTOM_AUTH.GET_NEXT_SESSION_ID);
  WWV_FLOW.G_UNRECOVERABLE_ERROR := TRUE; -- tell htmldb engine to quit
  IF OWA_UTIL.GET_CGI_ENV('REQUEST_METHOD') = 'GET' THEN
  WWV_FLOW_CUSTOM_AUTH.REMEMBER_DEEP_LINK(P_URL => 'f?'
  || WWV_FLOW_UTILITIES.URL_DECODE2(OWA_UTIL.GET_CGI_ENV('QUERY_STRING')));
  ELSE
  WWV_FLOW_CUSTOM_AUTH.REMEMBER_DEEP_LINK(P_URL => 'f?p=' ||
  TO_CHAR(WWV_FLOW.G_FLOW_ID) || ':' ||
  TO_CHAR(NVL(WWV_FLOW.G_FLOW_STEP_ID,
  0)) || ':' ||
  TO_CHAR(WWV_FLOW.G_INSTANCE));
  END IF;
  WWV_FLOW_CUSTOM_AUTH_STD.POST_LOGIN( -- register session in apex sessions table, set cookie, redirect back
  P_UNAME => l_authenticated_username ,
  P_FLOW_PAGE => WWV_FLOW.G_FLOW_ID || ':' ||
  NVL(WWV_FLOW.G_FLOW_STEP_ID,
  0));
  RETURN FALSE;
  END IF;
  --RETURN TRUE;
  END Custom_Page_Sentry_Func;

  Great, maybe I'm just composing links wrong? So, if I use a link like so:
  https://www.my.host.com/pls/apex/f?p=105:1
  I get:
  ORA-01400: cannot insert NULL into ("FLOWS_030000"."WWV_FLOW_DATA"."FLOW_INSTANCE")
  ERR-1029 Unable to store session info. session= item=2217309821144750
  But, if I use a link like so:
  https://www.my.host.com/pls/apex/f?p=105:1:1529940631702824
  (where that sessionID is one that was recently used)
  Then I get redirected to the page with a new sessionid, like so:
  https://www.my.host.com/pls/apex/f?p=105:1:1992194699278121
  But, if I use a link like so:
  https://www.my.host.com/pls/apex/f?p=105:1:1111111111111111
  (just trying to use a generic bogus sessionid, to hardcode in my link)
  Then I get an http404-file not found (The page cannot be found) error.
  Am I doing something wrong?

• Issue using Flash IDE with Mac OS and Windows Web Service using NTLM authentication?

  I have an existing application that I developed on a Windows machine using CS5.  It uses a local intranet web service written in .NET using NTLM authentication.  The web service does multiple things such as read data from an SQL database, provide the user's username, and test for write/read access to a local company fileshare.  When my company upgraded, I went to a Mac with Flash CC which is great.  However, Mac's don't handle HTTP Authorization Challenge Blocks like Windows machines.  In Safari, Chrome, etc. it will pop up a little username and password box and proceed on without issue.  The issue is in Flash development.  When running the exact same application in Flash testing all script access fails with HTTP Status 401 errors.  I have searched the AS3 documentation, but the only thing built in to handle http challenge requests is in AIR not Flash.  The server admin's and I have tried all method's of cross domain policy files and access changes with no luck at all.  Does anyone have a solution to this issue?

  Did you check Apple Support Boot Camp article?
  iMac displays a black screen during installation of Windows 7
  http://www.apple.com/support/bootcamp/
  Installation Guide
  Instructions for all features and settings.
  Boot Camp FAQGet answers to commonly asked Boot Camp questions.
  Windows 7 FAQAnswers to commonly asked Windows 7 questions.

• What is a deep link? How to get a deep link of a page and get it displayed in another page or iview?

  I  am asked to get the deep link of a particular iview in a page in ESS role and use it in another page so that the users can easily navigate to the deep linked contents..

  Hello Ajeeth,
  maybe you should ask the person who gave you the assignment, what they mean by "deep link".
  Regards,
  Steffi.

• Deep linking with Parsley and Navigation library

  I've gotten the NavigationParsleyTest to finally build, but it's not doing what I expected, which was to provide deep linking through the URL. I'm guessing this might involve some JavaScript. Any pointers?
  Thanks!

  Hello François,
  As adviced, I have posted this feature request to your jira:
  http://bugs.adobe.com/jira/browse/CGM-94
  For the moment, only John Cunliffe from this post:
  http://forums.adobe.com/thread/872180
  ... is capable of providing a working patch.
  Please keep me posted!
  Thank you,
  masu