Determining Users without login page?

Similar Messages

• How to redirect user from login page to "Set Challenge question" page

  How to redirect user from login page to "Set Challenge question" page (NOT custom page) after 3 un successful password attempts?
  Meaning when user types wrong password 3 times they will be redirected to set Challenge question page. If user answers the challenge question then password reset page should be appeared other wise (after remaining 3 un successeful challenge question answers) account should be locked out.
  thanks for your help.

  hi sandeep
  Thanks for your answer. Let me ellaborate more on the requirement here.
  - Password Policy and Lost Password management are set up in the identity system
  - Configure login tries allowed= 5. Verify accout is lock out after 5 unsucessful login.
  This is what need to achieve.
  1) If a user attempts to login 3(not 5) times using an incorrect login credential he/she should be redirected to set challenge question (security question) page.
  2) Then if the user attempts (remaining) 2 times incorrect challenge answer then his/her account should be locked out.
  3) If he/she answers the challenge answer correctly then he/she should be redirected to password reset page.
  Is this possible?

• Redirecting user to login page after session expiry

  Hi,
  Default session expiry implementation in sap EP6.0 doesn't work properly. To overcome this, we have implemented one component where we check the idle time and throw the user back to the login page if the idle time has exceeded the session expiry period. This component has been added to desktop inner page as an iView. Following is the logic put in this component.
  IAuthentication ia = UMFactory.getAuthenticator();
  ia.logout(httpRequest, httpResponse);
  httpResponse.sendRedirect("/irj/portal");
  We are successfully getting the login page after session expiry. Issue is, our portal server is running on 11111 port. We cannot change this to 80 on unix because of unix limitations for the port number. So we have put one apache web server before our portal server. Apache web server is listening on port 80 and forwarding the request to our portal server.
  Now when user is redirected to the login page, url being shown in the browser is http://<host_name>:11111/irj/portal but I am expecting http://<host_name>/irj/portal (without port). I have tried putting the full url in sendRedirect() method but that too doesn't work.
  Any help is highly appreciated.
  Regards,
  Chandra

  Hi Chandra,
  Let the URL be relative in the sendRedirect i.e.
  httpResponse.sendRedirect("/irj/portal");
  However since you have a Reverse proxy in front, the response header for redirect will not contain the address of the reverse proxy in this case, your servername without port. You have to properly configure your reverse proxy so that the HTTP Headers are changed properly before sending the response to the users.
  Check this URL,
  http://httpd.apache.org/docs/1.3/mod/mod_proxy.html#proxypassreverse
  This gives you the details on configuring your apache.
  Hope this helps.
  Ankur
  P.S. If this helps please reward points.

• Session/cookie in an app without login page

  Hi,
  I know there are several threads about setting a cookie, checking session etc. But none seem to address my issue. Here's my problem:
  - I don't have a login page in my apex app. My user logs in from an external program and his userid is captured in the HTTP header variable 'remote_user'.
  - I added some PL/SQL code in the 'page sentry function' to check if this user is in the database(basically check if he is in one of the tables) and if he is not, show him the page without the create/edit/delete buttons. If he is in our database, show the same pages with all types of buttons.
  - Putting this code in page sentry function seems to work, but I am unable to logout since there is no cookie set! If I try to set a cookie in the page sentry function, it is breaking at the redirect line. Also, I don't think page sentry is the right place to set a cookie since it executes at every page.
  - Putting the above code in any other block (session verify function, pre-authentication, authentication, post-authentication etc) does not even execute. I put a simple 'insert' query to see if it executes, but it does not!
  Given this, what is the best way and place to set/check cookie in my app? I tried to enhance Scott's session timeout utility, but my app does not have a login function as I explained above, so I am unable to do that. Any help is appreciated!
  Thanks.
  Shuba

  I tried to do that. If you read my very first post in this thread, specifically "If I try to set a cookie in the page sentry function, it is breaking at the redirect line. Also, I don't think page sentry is the right place to set a cookie since it executes at every page.", I tried to set a cookie but it is throwing an error at the page.
  I think all these complication is because I dont have a login page and I am using a HTTP header variable to validate the user. Given that, where should I set the cookie?
  I also tried to do this:
  - create an appliaction item called 'testuser'
  - create an application computation to run 'before header' which sets the value of this to my HTTP header variable.
  - When I retrieve the app item 'testuser' from a page, it is getting the correct value. But when I use this in the authentication scheme, it is returning null. Any idea why??
  I know I am throwing a lot of questions. That is because I am trying a lot of approaches and each of them is posing a new set of challenges. I am actually looking for alternative ways to do what I am looking to do.
  Thanks.
  Shuba

• Form Based Authentication without login page

  Hi,
  i need to use form based authentication in a web page, but without a dedicated login page. So basicly every page will contain a login form in the upper right corner, so the user can login anytime in his browsing session directly from the page he's reading.
  I am aware of that the form based authentication config needs a login and a error page.
  I need some hints on how this could be implemented so that i dont need them directly. Im quite sure this is possible, if any of you has ideas please share them with me.
  dukes are waiting ...

  sorry - double posted : http://forum.java.sun.com/thread.jspa?threadID=584579&tstart=0

• How to get login page when user clicks on browser's back button

  Hi,
  I am using struts framework.
  I have set property nochache=true in response header of all pages.
  So, browser does not caches my pages.
  Now,when I am clicking on browser's back button, I am getting following message..generated by browser.
  Warning: Page has Expired The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you.
  To resubmit your information and view this Web page, click the Refresh button.
  Instead of that I want to show user a login page, when it clicks on back button.
  Can anyone help me?

  Hi,
  I agree with your suggestion.But my query is,
  If you have seen many credit card or banking websites,generally when user clicks on browser's back button,its redirectly user to login page of it for security reasons.
  I want to implement that kind of functionality.So need help on that point

• How to prevent login page in same browser when user is already authenticated

  Hello,
  I am using Jdev 11.1.1.6 with ADF security implemented in my application.
  I have Login.jspx that redirects the user to Home.jspx on successful authentication. User can either enter Login or Home Page URL.
  Please consider following scenarios:
  a) User is not authenticated in current browser session
    a.1) if user enters Home page URL then Login page is displayed and redirected to Home page on authentication
    a.2) if user enters Login page URL then Login page is displayed and redirected to Home page on authentication
  b) User is already authenticated in current browser session, a new tab is opened and
    b.1) if user enters Home page URL then it directly shows Home page (already authenticated)
    b.2) if user enters Login page URL then Login page is displayed -- this is the issue, it should either directly take user to Home page or invalidate the existing session and let user proceed with new.
  How do I achieve this? Any help is highly appreciated.
  Thanks,
  Jai

  Thanks Frank and everyone for your help.
  I am able to achieve what Frank suggested using phase listener. We don't have a custom phase listener but I created one and instead of configuring at global level, just defined the ControllerClass in the pageDef of my login page.  
  Code from afterPhase is:
      public void afterPhase(PagePhaseEvent pagePhaseEvent) {
          if (pagePhaseEvent.getPhaseId() == Lifecycle.INIT_CONTEXT_ID) {
              FacesContext fctx = FacesContext.getCurrentInstance();
              String viewRootId = fctx.getViewRoot().getViewId();
              if ("/pages/login.jspx".equalsIgnoreCase(viewRootId) &&
                  ADFContext.getCurrent().getSecurityContext().isAuthenticated()) {
                  try {
                      String homeViewId = "pages/home.jspx";
                      ControllerContext controllerCtx = null;
                      controllerCtx = ControllerContext.getInstance();
                      String activityURL =
                          controllerCtx.getGlobalViewActivityURL(homeViewId);
                      fctx.getExternalContext().redirect(activityURL);
                  } catch (IOException ioe) {
                      _logger.logException(ioe);
  My only concern here is that I am hardcoding the login and home page url. Is there a better way to implement this?
  Thanks,
  Jai

• Can  Partner Application  Access to Login Page's  Information ?

  Hi.
  I wanna write a Partner Application to Access User's Information(UserName, subscriberName or Company Name)
  This information represented by user In login Page.
  I am not specialist in Oracle Sigle Sign-On ,for this reason Please Let me have a Sample .
  Thanks.

  Please see the Single Sign-On Application Developer's Guide. If you write a partner application, this information that you mentioned is passed to you in your success URL.

• Can we intercept page redirection after user's login?

            Hi,
            This is problem we are facing and we are not sure whether it's WLS's limitation.
            We can't find a way to let weblogic server direct user back to the same login
            page after session time out.
            For example
            1. Let's say we run a query and display a report (at this stage, user may choose
            to save the results)
            2. wait until the session time out (30 minutes).
            3. try to Save report button (WLS will take you to the login page)
            4. login info in the pop up login dialog
            After that, exception is raised since the server is trying to locate the infomation
            that's expired.
            Exception Details:
            javax.servlet.ServletException: Data is not found, you may be operating on an
            old page that may not be available on server
            So, when a user tries to access a secure resource, WebLogic intercepts and throws
            up the Login page (we use FORM based authentication). After a valid login, the
            requested resource (page) is displayed.
            What we would like to do is force the user to a specific page after login (the
            home page) instead of the resource they were trying to access. Reason being is
            that the same behavior happens after a timeout and when trying to display the
            requested page, all http session information is gone and we're throwing exceptions.
            Any comment is highly appreciated.
            Take care,
            Yicheng
            

  I beleive the Immediate Answer is NO you can't.
            But you can definitely get workarounds.
            If you are using using wls6.1:
            1. You can use ServletFilters.
            Else
            1. Write a Front Controller.
            (http://java.sun.com/j2ee/blueprints/design_patterns/front_controller/index.html). I am
            sure this is not going to be easy solution for an application thats developed and
            tested already.
            2. Modify you code to check session data intermediate pages. I am sure this is also
            not going to be easy solution for an application thats developed and tested already.
            I believe this is a limitation of Servlet Spec.
            You should be able to configure in web.xml says if this URI is hit without user logged
            in this is my target URI.
            Kumar.
            Yicheng Tao wrote:
            > Hi,
            > This is problem we are facing and we are not sure whether it's WLS's limitation.
            > We can't find a way to let weblogic server direct user back to the same login
            > page after session time out.
            > For example
            > 1. Let's say we run a query and display a report (at this stage, user may choose
            > to save the results)
            > 2. wait until the session time out (30 minutes).
            > 3. try to Save report button (WLS will take you to the login page)
            > 4. login info in the pop up login dialog
            > After that, exception is raised since the server is trying to locate the infomation
            > that's expired.
            >
            > Exception Details:
            > javax.servlet.ServletException: Data is not found, you may be operating on an
            > old page that may not be available on server
            >
            > So, when a user tries to access a secure resource, WebLogic intercepts and throws
            > up the Login page (we use FORM based authentication). After a valid login, the
            > requested resource (page) is displayed.
            > What we would like to do is force the user to a specific page after login (the
            > home page) instead of the resource they were trying to access. Reason being is
            > that the same behavior happens after a timeout and when trying to display the
            > requested page, all http session information is gone and we're throwing exceptions.
            >
            > Any comment is highly appreciated.
            >
            > Take care,
            >
            > Yicheng
            

• Jdev 10.1.3.1 "ADF Security": Application without a custom login page?

  Hi,
  We are trying to develop an application using "ADF security", which means we can give permissions to certain roles based on "Binding Container", "Iterator Binding", "Method Action Binding" and "Attribute-level Binding".
  After reading the document -- "Oracle® Containers for J2EE Security Guide 10g (10.1.3.1.0) B28957-01" that Frank pointed out. We have a question:
  Can we develop an ADF application without creating a custom login page? Right now we've followed the security guide and modified the configuration files. But when we run the application, we get the "user null" error message. The reason is clear because we do not have a login page. On the security guide, it says that it is possible to use the oracle default login module. But it does not say how. Does anyone have any idea?
  Thanks,
  Annie

  Brenden,
  Thank you so much for the reply. This is our code in the web.xml:
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>default</realm-name>
  </login-config>
  We are using HTTP basic Authentication. This technique worked for the container-managed security. The browser default login page pops up when the end users try to log into a secured JSP. But here we want to use "ADF security" to set up "Iterator binding" and "Attribute level binding" security. The browser default login page does NOT show up. Instead we get the "user null" error message.
  If you have detailed step on how to select HTTP Basic Authentication, it would be very helpful to us. Or if you know any document has the detail.
  regards,
  Annie

• Login Page coming for Anonymous User

  Hi All,
  we have configured anonymous user for our portal. Created a role for anonymous access - added pages and iViews under that. All the iViews and pages are modified with authentication scheme property to Anonymous.
  Now when we access the portal with the url http://host:port/irj its showing the login box in the top part of the page and in the bottom part its showing the anonymous role which we created.
  Let me tell you what we have done...
  Created role, iViews for Anonymous role, set the authentication property to 'Anonymous'.
  In Visual Admin-> Server-> Services-> UME Provider set the variable ume.login.anonymous_user.mode to 1.
  Variable ume.login.basicauthentication to 1.
  Variable ume.login.guest_user.uniqueids to Guest.
  Then we have updated the index.html file under <drive>:\usr\sap\<SID>\<instance_number>\j2ee\cluster\serverX\apps\sap.com\irj\servlet_jsp\irj\root .. we changed
  <b><body onload="location.replace('portal' + document.location.search)"></body></b>
  to <b><body onload="location.replace('servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.anonymous' + document.location.search)"></body></b>
  But now when a guest user accesses the portal http://host:port/irj it gived the strange screen (logon + content page) as I described earlier.
  Please let us know where are we missing...
  thanks & regards,
  Shubhadip

  Hi,
  1 .  I have created a iView and set the authentication scheme anonymous.
  2.  Also I created a role and added the iview to a role.
  3. The role has only 1 iview.  The entry pt is yes  for the iview
  4.  The role has permissions of end user for anonymous user.
  5 I checked the masthead iview also.. It aslo has authentication scheme anonymous
  When I try accessing the iView  in the form <http/https>://<server>:<port>/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fmyfolder!2fmyiView
  I am able to view it without any login..
  But when the url is accessed <http/https>://<server>:<port>/irj/portal/anonymous
  I see a login page in the Detailed navigation..
  Please help me solve this problem ..
  Thanks,
  Preeti

• Login page keeps going to "Create new user account" on login

  For about 3 weeks, whenever I log in, the next page I get is nearly always the "Create new user account" page. This happens regardless of whether I wait to let AutoFill enter my user name and password or whether I fill in the correct info myself.
  When I click the back button on my browser and finally arrive at the page with the forums list, I'm always registered as logged in. But sometimes I just end up back on the login page with a blank entry box.
  How do I get to the forums page without having to get out of the "new user account" page first? (While this isn't a huge problem, it's time-wasting and kind of annoying, and it didn't used to happen.)

  Hi Turtlewiz!
  Have you tried deleting your browser cache & cookies?
  Good Luck!
  ali b

• Can anyone help regarding the Admin Login page and Normal User Page.

  Hi Friends,
  I have worked on normal login page it has been worked well. But now i have to create the Admin login page. That means, I have written the code in the following way.
  public String userLogin_action() {
          // TODO: Process the button click action. Return value is a navigation
          // case name where null will return to the same page.
          com.sun.sql.rowset.CachedRowSetXImpl crs = new com.sun.sql.rowset.CachedRowSetXImpl();
          String Name =  getUserName().getText().toString();
          String password =  getUserPwd().getText().toString();
           try {
              crs.setDataSourceName("java:comp/env/jdbc/Employee");
              crs.setCommand("SELECT * FROM srni.UserTable");
              crs.setTableName("UserTable");
              crs.execute();
              crs.beforeFirst();
              while(crs.next()){
              info("Cursor is been moving");   
              boolean ok = crs.getBoolean("Admin");
              info("Value of ok:" + ok);
              String Username = (String) crs.getObject("UserName");
              info("Usernames are:" + Username + Name);         
              if(Username.equals(Name)&&(ok)){
              info("Login Successfull");
              java.util.Date Date = new java.util.Date();
              info(" Admin Logged on :" + Date);
              return "toUserPage";
              info("Login Failed or Admin doesn't exist");
          catch (Exception e) {
              error("Login Failed : " + e.getMessage());
          } finally {
              crs.close();
          return null;
      }You can see there that i have used the boolean type of value for verifying wheter the user is admin or not. If the admin type of column in database is true then it must allow the admin to certain page. Otherwise it must not redirect. So i have used this logic. When i am checking it is showing everything true,but it is not redirecting and it is saying that login failed. Please try the above code with a sample database table and verify it. You can see the output like this.
  Cursor is been moving
  Value of ok:true
  Usernames are: srinu srinu //here it must not go to next cursor,because srinu has been identified, but it is not behaving like that.
  Cursor is been moving
  Value of ok:false
  Usernames are: Chandu srinu
  Cursor is been moving
  Value of ok:false
  Usernames are: kirank srinu
  Login Failed or Admin doesn't exist The above output describes that it is moving the cursor from first row to the last row and checking all the usernames i n each row with the given username, and it is also checking wheter it is admin or not. Currently i have three rows so it is moving three times. It is retreiving every value correctly but in comparing it is not comparing. What to do.
  Please help me out from this problem.
  Thanking You in Advance.

  The buttons are all created using the same library object (but MC), except for the code you have in the revised file does not call on that for the con button.
  You have it calling on something with a linkage name of "con", which a quick check tells me doesn't exist--so it is undefined in the code when you try to use it.  I found this by using trace(newConBut._x); after its _x value was assigned, as I mentioned you should try.   So the first thing you want to do is change the following line from...
  var newConBut = _root.attachMovie("con", "conbut", _root.getNextHighestDepth());
  To
  var newConBut = _root.attachMovie("but", "conbut", _root.getNextHighestDepth());
  so that it uses the but MC that serves that purpose in the library.  Then you want to correct the _x assignment of the buttons to what I think you had earlier...
  newConBut._x = 650-newConBut._width;
  newRecBut._x = newConBut._x-newRecBut._width;
  Here is a picture of what those changes do (note, without the XML file I had to finagle things just to work, so the biutton labels aren't what they will be)...

• Pages without Login Credentials

  I crated 101 login pages and I have a plan to crate following pages without user name password.
  Page 102 - FAQ
  Page 103 - Why register
  Page 104 - Why Trust
  I would like to know how to crate for these pages.
  http://apex.oracle.com/pls/otn/f?p=12932:101
  Thanks in advance,
  NY

  Thank Roel,
  Last question!
  How to fill plain text (contents) in these pages.
  EG:
  bold
  italics
  underline
  Superscript: 3 ^rd^
  Subscript: 2 ~n~
  strike
  Heading 1: h1.
  I really appreciate it,NY
  http://apex.oracle.com/pls/otn/f?p=12932:102:5409905203448558:::::

• Web Login Page - User Password Bug  -  11.1.2.1

  This may be covered in one of the thousand readme documents or elsewhere; however, I thought I'd share this here just in case it isn't or you don't want to search various PDF documents.
  We recently had a user complain that he could not login to FDM anymore. He used to be able to login with no issues; however, recently it would not let him in.
  To rule out system issues, we checked the following:
  - Verified others could authenticate FDM with no issue (OK)
  - Verified account unlocked in Active Directory (OK)
  - Tested logging in to FDM on other machines (Fail on all machines ruling out cookies, browsers, etc)
  - Checked Shared Services provisioning (To ensure he was indeed still provisioned for FDM)
  - Attempted logging in through Workbench (Failed, but good fail. Did not state unable to authenticate, but properly noted he was not an Admin and therefore could not use Workbench. Wonder why it "works" here but not web....)
  Since it was obviously not some type of system/account issue, we then checked:
  - What end user changes happened recently? (Password change)
  As the only recent change was the user's password change, I asked the user what the password changed to. The new password was pretty vanilla, though I did notice one potential issue in that it including the & character.
  As many here will note, the & character doubles as a concatenation character in VB/VBscript. As programs should be escaping any strings they attempt to process, this should not matter; however, if FDM isn't properly escaping via the web login page this may be causing the issue. After resetting the user's password without the & character, everything worked fine.
  So the moral of the story here is that apparently the FDM web login code behind doesn't escape the password string. The bad part is that it may prevent someone from logging in. The worse part is that this is a potential security problem since it may lead to code injection attacks.
  If you want to prevent end user issues, you may want to remove the & character from your domain's password policy.

  You may also be interested to know that using special character in the internal administrator id will cause issues on 11.1.2.1 and 11.1.2.2 actually documented the characters you should NOT use. See http://docs.oracle.com/cd/E17236_01/epm.1112/epm_deploy_guide_1112200.pdf
  I have also seen issues with the internal admin password when it was > 25 characters which caused the shared services migration utility to fail.
  The moral of the story is "secure" passwords dont' always play well with software. Which I could see being a problem in the 1980's. With the advent of Unicode and it's ilk it's sad to see that arbitrary text is not properly escaped. I know I"m ranting to the choir though Charles ;).
  Regards and Happy New Year!
  John A. Booth
  http://www.metavero.com