Developing a custom AuthenticationProvider without idstore or credentials

From the thread: How to integrate a SSO based in cookie with ADF Security
==========================================================
At work they asked me to integrate a existing SSO based in cookie with the new ADF + Jdeveloper 11g + WLS. After google for days and read a lot of blogs and official documentation I've made a custom LoginModule. I made it very simple, it's just an "if" inside the login() function with the username, if the username is "john" I put to the Subject some Principals. My steps are:
1- Create a new app based on "Fusion application" template.
2- Make a new ADF Taskflow with only one view inside (the entry point of the taskflow). The jspx only contains a welcome message.
3- Run the ADF Security wizard, all the steps with the default option, I don't change anything.
4- Put some users and some roles in jazn-data.xml, and maping them to an application role. Then I grant permissions to the application role to view the previous task flow.
At this point everything is ok. I run the taskflow and a basic login popup prompts me to write my username and password. Now I try to remove everything useless for me, like idstore, credentials, anonymous, etc. I only want a LoginModule that get the HttpRequest and passes it to an already done class that returns a true/false depending if the cookie is correct or not but, as I said before, my LoginModule is so simple now and even didn't try to do something more complicated than an if. The steps I try are:
in jps-config.xml
5- Remove idstore.xml and credentials.
6- (loginmodule tab) Make a new login module, and put here my class. The class is in the ViewController project and JDeveloper find it navigating through the heriarchy, so I have visibility. I put REQUIRE flag, add all roles and debug mode.
7- In the security context unmark the idstore.loginmodule and mark myLoginModule. Also delete the anonymous security context.
All that I got until now is a 500 error (Internal server error - Authorization Exception). Sometimes (the close i've ever been to do something correct) the browser ask me for user/password but then only recognizes the users that already are in WLS (idstore from previous tests), but NOT the "john" user that is inside my custom LoginModule. Even more, if I run the WLS from JDeveloper 11g in debug mode, the runtime never stops at breakpoints inside my custom login module. It seems that my LoginModule isn't deployed or I made some error maping the roles.
So, my questions are:
- I'm in the good way? If I want an authentication based in cookie/httprequest I have to do a custom LoginModule? My goal is to do a re-usable code, and re-use the code that my co-workers have done. They have a class that with only the HttpRequest determines if a user is logged or not.
- If I'm in the good way... how can I put my custom LoginModule in the WLS? I tried to search something in the Administration Panel (localhost:7101/console) but I did'nt find nothing.
- In case I'd got the custom LoginModule working fine in WLS... how can I get a HttpRequest from a LoginModule and avoid the username/password dialog? I've to make a filter and pass it to the my LoginModule? If it's correct... how?
I don't post my code because is so simple, it's based on DBTableLoginModule but without all the database access code.
Thanks to all!
P.D.: If this message isn't in the correct forum, I'm sorry. Feel free to move it.
P.D.2: Sorry about my english, I'm spanish. I know i've to practise a lot :)
===========================================================
After a week working in the problem I didn't solved it. I managed to write an AuthenticationProvider, a LoginModule and a Principal classes and I've put them into WLS, so "myAuthenticator" shows in the combo box ready to be used. But it doesn't work :( The server always shows me an exception (the last one tells me my class isn't a valid JAAS authenticator, but the MBean maker didn't complain). Is there any way to implement an Authenticator that doesn't use any credentials, idstore or callbacks? For example, can I implement an AuthenticatorProvider that grants me Principals only based in the hour of the day, or based in a boolean returned from a custom class, without any interaction with the user? It's really a must to have the user in the weblogic embedded LDAP or can I read the username from a cookie like in my case? Any advice will be very helpful, or some code would be awesome.
Another question related: Why the ADF Security wizard doesn't deploy well with the embedded WLS? The wizard lets me create a custom LoginModule and add it with the "+" button, but it simply doesn't deploy. Will be fixed in future releases or I'm doing something wrong?
Thanks to all.
Riveck.

So, since the ADF application is just using WLS Authentication, you're on the right path with the Authentication Provider.
What you need though, is an IdentityAsserter. The identity asserter tells the container you want to authenticate, but you don't have a password, you have a token...in your case some HTTP Header foo=john.
The good news is that there is already an identity asserter that you can use to start with...the SimpleSampleIdentityAsserter.
[https://codesamples.samplecode.oracle.com/servlets/tracking?id=S224]
This is the link to the samples.
I think what you want to do, is configure your LoginModule to be called when the IdentityAsserter gets called...this can be done in the getAssertionModuleConfiguration() method. Return an AppConfigurationEntry that references your login module.
Once you've got your identity asserter configured, what should happen is that when you access a protected page in ADF, JEE security will get triggered and the IdentityAsserter should get called, if you configure the login-method in web.xml to CLIENT_CERT.
JB

Similar Messages

  • Separate the defaultAuthentication of a custom AuthenticationProvider

    Hello all,
    First of all I'm sorry about my poor level of english, I'm spanish and I'll try to do my best.
    I've been trying to do a custom AuthenticationProvider with a custom LoginModule in order to make a login process based ONLY in a cookie. Well, after 2 weeks I managed to make it work but now I've a problem, the DefaultAuthentication provider. If I delete it from the list of Authentication providers I cannot login into Console, but if I leave it the browser prompts me the user-password dialog. Whatever I write as user/password my AuthenticationProvider grants me the principals to enter my application if I had a certain cookie but the user/password dialog still appears.
    So my question is: It's possible to maintain both logins but separately? The user/password dialog for ONLY the Console and my custom AuthenticationProvider for ONLY my application? Maybe different ports? I'm using the JDeveloper 11g - Studio Edition Version 11.1.1.0.1 - Build JDEVADF_MAIN.BOXER_GENERIC_081203.1854.5188.
    P.D.: While I was working in this project I've seen that many people have a lot of troubles to developing their custom AuthenticationProviders or LoginModules. In a few days I'll post how I managed to get it working.
    Thanks a lot,
    Ricard.

    Hello Naresh,
    To keep it simple I've made an "app" that it's only a webpage inside a task-flow and I've protected this flow. Also, keeping it simple, I used basic login-method but, as I said, I dont need any "login-method" because my login doesn't need any interaction with the user, just the cookie sent with the HttpServletRequest. I've managed to get the cookies with a ContextHandler and inside my vector of callbacks there is no NameCallback nor PasswordCallback.
    So I guess the browser is prompting me for a user/password because of the DefaultAuthenticator I left in the WLS in order to login as a Weblogic user to acces to console app, not because of my custom LoginModule/AuthenticationProvider. So my question is:
    Is there any method to login as "weblogic" user without the DefaultAuthenticator? Or, how can I force the user to have the mentioned cookie or didn't login, but still maintaining a method to enter the console app for me?
    I someone thinks he could help me but doesn't understand the question I'd try to explain me better.
    Thanks again.
    EDIT: I've seen that my perfect solution will be two active security realms, one for console and the other for my applications. It's supported? I think i've read that it's not really supported and there is only one active security realm.
    Edited by: Ricard Flores on 06-jul-2009 0:27

  • Submitting data through API without exposing DB credentials

    Submitting transaction / master data through API without exposing DB credentials
    I am developing a scenario where I will submit transaction / master data like sales order / master item to Oracle apps (EBS) through MS Excel via API / interface table but like to provide only apps (EBS) user credentials rather then DB credentials so DB password could not expose to normal end user. Please suggest something on same.
    [email protected]
    Thanks & regards,
    Sachin Gupta

    Sachin, you need a valid userid and password to connect to the database.
    Since these APIs are defined under apps, you need apps password to execute them.
    The workaround is that you define a new d/b userid.
    Grant execute on the API (and other objects as necessary) to this user.
    And then you call the api using the new userid and password.
    This way you are not exposing apps password. But since this means you have to grant a number of accesses to this new user.
    If you can use the interface tables, it becomes a little easier.
    All you have to do is grant insert access on a handful of interface to this new userid. And then you schedule a concurrent program that will process the interface records.
    If you absolutely can not expose ANY database password, then you can communicate with EBS using flat files. Your system creates a flat file on the server and a scheduled program in EBS reads the files and calls appropriate api.
    Hope this helps,
    Sandeep Gandhi

  • Need help to develop a custom connector

    I need some help on developing the custom connector to Homegrown application and the version i am using is OIM9.0.3
    First of all what are the steps do we need to care while developing a custom connector.
    I can't able to find the process in google to develop the custom connector.
    If you have any data regarding the development of custom connector, plz share to me....
    What are the thing do we need to take care while developing the connector.
    I referred in OIM9.1 version there was an option to develop the Custom connector by using Genric technology, can we create the custom connector by using the GTC feature in OIM 9.1
    early response will be appreciated

    The docs for the new GTC framework are here: http://download.oracle.com/docs/cd/E10391_01/doc.910/e10360/about.htm#Toc153968019. GTC is useful if you target application exposes standards-based SPML (Service Provisioning Markup Language) user management interfaces, although it sounds like this isn't the case for you.
    You will most likely need to go the traditional route in terms of connector development, which involves building OIM Process Task Adapters to invoke the application API's (I assume they're Java?) and invoking those adapters from within an OIM Provisioning Process.
    Rob

  • How can i view and apply new custom patterns without going to preset manager? i had this facility but have now lost it

    how can i view and apply new custom patterns without going to preset manager? i had this facility but have now lost it.  i design patterns but am fairly new to photoshop. i used to be able to click on the drop down menu in patterns in the 'fill' box but cannot now do this.  have i inadvertently clicked on something to turn this facility off?  i now have to go to 'preset manager' and manually move my new design to the first box and click 'done' so that i can use it.

    Which version of photoshop are you using?
    After you define a custom pattern it should be added to the bottom of whatever patterns are already loaded.
    For example, if you define a custom pattern and then go to Edit>Fill>Pattern, the newly defined pattern should have been added to the existing loaded patterns.

  • Developing application for usb6211 without having device

    Hi
    1.  Is there a way to install the drivers for a usb-6211 without actually connecting one to the bus?  I've just gotten a new computer and installed a copy of LV 8.2.1 on it.  My vi's (that include daqmx code)  do not compile because iLV's looking for daq stuff.  IThe install included installing daqmx8.5.  Is there something else that I have to do?
    2.  Is there a way to simulate a usb-6211 so that I can develop code for one without actually having one connected to the bus?
    3.  Why don't any of the multifunction usb cards have watchdog timer, and how can I make it safer to operate a pump (that is make the pump turn off) when the software or hardware goes south (or even if the program is exited normally)?  I'm looking for a tricky work-around if this is at all possible.
    Thanks
    LV 8.6 on Windoze XP

    Answer for #2:- Yes
    Start MAX
    Right click Devices and Interfaces
    Select Create New
    Double click on NI DAQmx Simulated Devives
    Expand the M Series DAQ tree
    Choose USB-6211
    I do not know what functionality it exposes for the simulated card.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~
    "It’s the questions that drive us.”
    ~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Close of Customer Project without Settlement

    Hi All,
    Is it necessary to have Settlement rules for the Projects that are Subject to Result Analysis.
    We want to Close the Customer Project without settlment, Since the RA has been carried out for this project.
    When we are trying to Close the Project.Error Message.Still WIP Exists for this Project.
    Please suggest what is the best way to close the Project without carrying settlement Run.
    Regards,

    Try this,
    Create a settlement profile as "Not for Settlement", check the radio button for "Not for Settlement" and in the valid receivers maintain the option in the dropdown as Settlement optional or Settlement Not Required. Assign this Settlement profile to the project profile as well as maintain it in the settlement strategy for the respective Object.
    Once you are done with this, run your usual scenario and then try to close the project without running settlement. See what happens and revert with your findings.
    Regards,
    Gokul

  • Customer returns without billing reference

    Dear all,
    What is process for customer returns without billing reference document ?
    Jeyakanthan

    Hello,
    The best process for setting up the process of RETURN without referrence is as follows:
    1. Create a New Sales Order type ZRE with referrence to Order type RE. Please use the same pricing procedure as used for order. And for referrence field, use it as blank. Maintain Delivery type too.
    2. Create Delivery document in VL01N and also ensure to maintain the copying control of this to ensure smooth flowing of data.
    3. Create PGR process for the Delivery document to allow the return of goods in the inventory for Quality inspections and evalution.
    4. Create a Credit memo request which settles material to balance the value of the complaint delivery and atlast create Credit memo.
    Regards,
    Sarthak

  • Developing a custom tooltip

    Is it possible to develop a custom Flex tooltip that will show up instead of the default tooltip when hovering over standard Xcelsius charts?
    Thanks,
    Ori

    no you can not develop a standalone tooltip, but you can develop the whole chart from scratch
    good luck

  • How to find the developer's customer support

    how to find the developer's customer support

    Go to their website. If you don't know its address then search for it on Google.

  • Creation of custom page without using NetWeaver Developer Studio

    Hi Experts,
    In my project, we have not installed NetWeaver Developer Studio. We are using EP 7.0.
    We have to create a custom page for the project. In this page, we have to provide seperate iViews links.
    The page should look like this:
    iView 1 - Link                iView 2 - Link        iView 1 - Link
    Help iView 1-Link        Help iView 1-Link     Help iView1-Link
    I tried to do so by creating a page. In the page, I tried to use 'Three Coloumn Page' layout. The iviews are getting displayed in following way:
    iView 1 (iView is getting displayed .Link not getting displayed)
    Help iView 1 (iView is getting displayed .Link not getting displayed)
    iView 2(iView is getting displayed .Link not getting displayed)
    I can not display link of all six iViews. Further more iViews are getting displayed in one coloumn and 3 rows. I can see the iViews directly. I am not able to display links for iViews.
    I need 3 coloumns and 2 rows layout.
    Can you please let me know how to achieve this?
    Whether I have to create new layout? For this whether we will need NetWeaver Developer Studio?
    Can we do it by creating HTML page. In the HTML page, we will have many links. These links will point to the iViews stored in SAP EP's KM. If so, what be the steps?
    I know that it can be done by creating a PAR file and deploying it. But, we don't have Netweaver Developer Studio.
    Can we acheive above without using NetWeaver Developer Studio?
    Please help me.
    Regards,
    Brian

    Hi Kedar,
    Thanks. My requirement is that six iViews links should be shown in the portal content area.
    The iViews links should be like
    iView 1-Link         iView 2-Link           iView 3-Link
    Help iView 1-Link Help iView 2-Link    Help iView3-Link
    When user will click on any iView link, the relevant iView should be displayed.  The iView can be displayed in seperate new page. So naturally five iView link will not be displayed.
    I am planning to create one HTML page and store it in KM. I will call this page in portal content area.
    There will be hyperlink on this HTML page. The hyper link will be attached to other iView links in  KM.
    Whenever user will click on any Help link or iView link the corresponding iView will be called from  KM.
    So in KM we will store 7 objects. 3 HTMLpages for help. 1 HTML page for main page.
    Other 3 will point to iView-Link1, iView-Link2 and iView-Link3.
    Can I do so? Will it sort out my problem?
    Thanks

  • Custom Authorization Class to set Credentials

    I am basing this off of the 'Access Management Authentication Class
    Extension to Retrieve Password for Single Sign-on | Novell User
    Communities'
    (http://www.novell.com/communities/no...rd-single-sign)
    coolsolution. I have tried the exact class from this coolsolution, and
    I have also tried decompiling the code and making numerous changes to it
    for validation. I have not been able to verify that this coolsolution
    works in 3.1.
    We have two methods on a contract. The first method uses the Kerberos
    class. The second was custom developed, who's purpose is to find the ID
    of the logged in user (the NIDPPrincipal), grab the password from
    Universal Password (using NMAS tools), and set it in the AM credential
    profile for use in policies.
    The status is that Kerberos authenticates successfully, the second
    class runs, successfully grabs the Universal Password, and runs the
    following commands:
    SSSecret localSSSecret = new SSSecret();
    localSSSecret.setName(new SSName("LDAPCredentials"));
    SSSecretEntry localSSSecretEntry = new
    SSSecretEntry("UserPassword", paramString);
    localSSSecret.addSecretEntry(localSSSecretEntry);
    addCredential(WSCQSSToken.SS_SecretEntry_LDAPCrede ntials_UserPassword,
    localSSSecretEntry);
    Where "paramString" is the Universal Password. I have printed this
    password to the log to verify it is the correct Universal Password for
    the user.
    If I do a getCredentials() prior to running the addCredential method, I
    get 0 back. If I run it after, I get 1. This seems OK, however I would
    expect that my username and DN should already be in the credential
    profile, and that I should initially be getting 2 credentials back, not
    0.
    Here is a section of the IDP log that I see directly after the second,
    custom, Authentication class runs. I copied it twice, once in the
    scenario when the custom authentication class follows a Kerberos class
    (so no password provided by the user), and the second when followed by a
    Form-based authentication (password provided by the user). In the first
    case, notice there is no "WSCCacheEntry Found!" entry in the log after
    the final lookup of UserPassword, but it does appear in the Form
    example.
    I have tried doing an addCredentials() in the custom auth class, and
    this adds two more entries into the credential profile (when I run the
    getCredentials() function). However, still the password credential is
    not available after the class is done.
    Set: AuthenticationCredentials, Allowed override: false
    </amLogEntry>
    <amLogEntry> 2009-04-24T16:29:37Z NIDS Trace: Method:
    WSCCachePushedCacheSet.find()
    Thread: http-80-Processor21
    (1 of 6):
    Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    uniqueId:
    NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~40~40~40~40WSCQSST oken~40~40~40~40~2Fcp~3ASecrets~2Fcp~3ASecret~5Bcp ~3AName~3D~22LDAPCredentials~22~5D,
    set: AuthenticationCredentials
    (2 of 6):
    Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    uniqueId:
    NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserName~22~5D,
    set: AuthenticationCredentials
    (3 of 6):
    WSCCacheEntry Found!
    (4 of 6):
    Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    uniqueId:
    NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserDN~22~5D,
    set: AuthenticationCredentials
    (5 of 6):
    WSCCacheEntry Found!
    (6 of 6):
    Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    uniqueId:
    NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserPassword~22~5D,
    set: AuthenticationCredentials
    </amLogEntry>
    When doing in the form auth, I see the following:
    Set: AuthenticationCredentials, Allowed override: false
    </amLogEntry>
    <amLogEntry> 2009-04-24T16:48:32Z NIDS Trace: Method:
    WSCCachePushedCacheSet.find()
    Thread: http-80-Processor25
    (1 of 7):
    Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    uniqueId:
    NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~40~40~40~40WSCQSST oken~40~40~40~40~2Fcp~3ASecrets~2Fcp~3ASecret~5Bcp ~3AName~3D~22LDAPCredentials~22~5D,
    set: AuthenticationCredentials
    (2 of 7):
    Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    uniqueId:
    NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserName~22~5D,
    set: AuthenticationCredentials
    (3 of 7):
    WSCCacheEntry Found!
    (4 of 7):
    Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    uniqueId:
    NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserDN~22~5D,
    set: AuthenticationCredentials
    (5 of 7):
    WSCCacheEntry Found!
    (6 of 7):
    Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    uniqueId:
    NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserPassword~22~5D,
    set: AuthenticationCredentials
    (7 of 7):
    WSCCacheEntry Found!
    </amLogEntry>
    So, somehow it doesn't seem to set the value in the credential cache,
    or whatever that thing is. And since it's not there, it doesn't add it
    to the credential set.
    Any thoughts on whether should be doing what I want it to? This whole
    scenario can be tested by installing the coolsolution package and adding
    it after a Kerberos class.
    Thanks to anyone who can support me on this.
    jessesmith
    jessesmith's Profile: http://forums.novell.com/member.php?userid=10189
    View this thread: http://forums.novell.com/showthread.php?t=371692

    jessesmith;1786627 Wrote:
    > I am basing this off of the 'Access Management Authentication Class
    > Extension to Retrieve Password for Single Sign-on | Novell User
    > Communities'
    > (http://www.novell.com/communities/no...rd-single-sign)
    > coolsolution. I have tried the exact class from this coolsolution, and
    > I have also tried decompiling the code and making numerous changes to it
    > for validation. I have not been able to verify that this coolsolution
    > works in 3.1.
    >
    > We have two methods on a contract. The first method uses the Kerberos
    > class. The second was custom developed, who's purpose is to find the ID
    > of the logged in user (the NIDPPrincipal), grab the password from
    > Universal Password (using NMAS tools), and set it in the AM credential
    > profile for use in policies.
    >
    > The status is that Kerberos authenticates successfully, the second
    > class runs, successfully grabs the Universal Password, and runs the
    > following commands:
    >
    > SSSecret localSSSecret = new SSSecret();
    > localSSSecret.setName(new SSName("LDAPCredentials"));
    > SSSecretEntry localSSSecretEntry = new
    > SSSecretEntry("UserPassword", paramString);
    > localSSSecret.addSecretEntry(localSSSecretEntry);
    >
    > addCredential(WSCQSSToken.SS_SecretEntry_LDAPCrede ntials_UserPassword,
    > localSSSecretEntry);
    >
    > Where "paramString" is the Universal Password. I have printed this
    > password to the log to verify it is the correct Universal Password for
    > the user.
    >
    > If I do a getCredentials() prior to running the addCredential method, I
    > get 0 back. If I run it after, I get 1. This seems OK, however I would
    > expect that my username and DN should already be in the credential
    > profile, and that I should initially be getting 2 credentials back, not
    > 0.
    >
    > Here is a section of the IDP log that I see directly after the second,
    > custom, Authentication class runs. I copied it twice, once in the
    > scenario when the custom authentication class follows a Kerberos class
    > (so no password provided by the user), and the second when followed by a
    > Form-based authentication (password provided by the user). In the first
    > case, notice there is no "WSCCacheEntry Found!" entry in the log after
    > the final lookup of UserPassword, but it does appear in the Form
    > example.
    >
    > I have tried doing an addCredentials() in the custom auth class, and
    > this adds two more entries into the credential profile (when I run the
    > getCredentials() function). However, still the password credential is
    > not available after the class is done.
    >
    > Set: AuthenticationCredentials, Allowed override: false
    > </amLogEntry>
    > <amLogEntry> 2009-04-24T16:29:37Z NIDS Trace: Method:
    > WSCCachePushedCacheSet.find()
    > Thread: http-80-Processor21
    > (1 of 6):
    > Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    > uniqueId:
    > NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~40~40~40~40WSCQSST oken~40~40~40~40~2Fcp~3ASecrets~2Fcp~3ASecret~5Bcp ~3AName~3D~22LDAPCredentials~22~5D,
    > set: AuthenticationCredentials
    > (2 of 6):
    > Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    > uniqueId:
    > NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserName~22~5D,
    > set: AuthenticationCredentials
    > (3 of 6):
    > WSCCacheEntry Found!
    > (4 of 6):
    > Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    > uniqueId:
    > NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserDN~22~5D,
    > set: AuthenticationCredentials
    > (5 of 6):
    > WSCCacheEntry Found!
    > (6 of 6):
    > Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    > uniqueId:
    > NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserPassword~22~5D,
    > set: AuthenticationCredentials
    > </amLogEntry>
    >
    >
    >
    >
    > When doing in the form auth, I see the following:
    >
    > Set: AuthenticationCredentials, Allowed override: false
    > </amLogEntry>
    > <amLogEntry> 2009-04-24T16:48:32Z NIDS Trace: Method:
    > WSCCachePushedCacheSet.find()
    > Thread: http-80-Processor25
    > (1 of 7):
    > Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    > uniqueId:
    > NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~40~40~40~40WSCQSST oken~40~40~40~40~2Fcp~3ASecrets~2Fcp~3ASecret~5Bcp ~3AName~3D~22LDAPCredentials~22~5D,
    > set: AuthenticationCredentials
    > (2 of 7):
    > Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    > uniqueId:
    > NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserName~22~5D,
    > set: AuthenticationCredentials
    > (3 of 7):
    > WSCCacheEntry Found!
    > (4 of 7):
    > Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    > uniqueId:
    > NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserDN~22~5D,
    > set: AuthenticationCredentials
    > (5 of 7):
    > WSCCacheEntry Found!
    > (6 of 7):
    > Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
    > uniqueId:
    > NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserPassword~22~5D,
    > set: AuthenticationCredentials
    > (7 of 7):
    > WSCCacheEntry Found!
    > </amLogEntry>
    >
    >
    >
    >
    > So, somehow it doesn't seem to set the value in the credential cache,
    > or whatever that thing is. And since it's not there, it doesn't add it
    > to the credential set.
    >
    > Any thoughts on whether should be doing what I want it to? This whole
    > scenario can be tested by installing the coolsolution package and adding
    > it after a Kerberos class.
    >
    > Thanks to anyone who can support me on this.
    just updating this one with the solution ... just needed to go to the
    method used and disable the 'identify user' option.
    Here's the online help regarding this option:
    Identifies User: Specifies whether this authentication method should be
    used to identify the user. Usually, you should enable this option. When
    configuring multiple methods for a contract, you might need to disable
    this option for some methods.
    If you enable this option on two or more methods in a contract, these
    methods need to identify the same user in the same user store.
    If you enable this option on just one method in the contract, that
    method identifies the user when the authentication method succeeds. The
    other methods in the contract must succeed, but might not authenticated
    the user. For example, the method that identifies the user could require
    a name and a password for authentication, and the other method in the
    contract could prompt for a certificate that identifies the users
    computer.
    ncashell
    ncashell's Profile: http://forums.novell.com/member.php?userid=7281
    View this thread: http://forums.novell.com/showthread.php?t=371692

  • How can i develop a custom Printer driver in LabVIEW

    I have one application in which when ever user prints a document (He will print only certain type of documents)
    it should get printed using some standard printer but at the same time the data should get communicated to our own custom device which is connected to the PC using serial port.
    how can i do this.
    I think if we can develop a our own driver which will first send data to serial device and then just call the standard printers driver then whole problem can be resolved
    The application will run on windows platform and the data i am expecting is purely a text data.
    Tushar Jambhekar
    [email protected]
    Jambhekar Automation Solutions
    LabVIEW Consultancy, LabVIEW Training
    Rent a LabVIEW Developer, My Blog

    I think i have not explained my problem properly. i am sorry for that.
    the problem is something like this.
    my end user is already having one program which is generating the data (Unfortunately that program do not save data to any file and our requirement is online updatation of data) which i want to give to my serial device. he dont have the source code hence we can not alter that perticular code. the data might be available to us only when he prints the data, where we can select any one of installled printers.
    hence we want to develop an application which will appear as printer driver to windows and when user prints we can capture printed data
    i think problem will be clear now.
    Tushar Jambhekar
    [email protected]
    Jambhekar Automation Solutions
    LabVIEW Consultancy, LabVIEW Training
    Rent a LabVIEW Developer, My Blog

  • Development of custom IDOC's

    Hi All,
    Can we go for approach of developing custom IDOC's? where in our scenarios are getting files from thrid party and updating data in file  into ECC.
    Approach towards Custom IDOC's is for error monitoring and recprocessing.
    Would request your inputs and suggesions in this regard.
    Is that good approach for going to custom idocs? if not why?
    Thanks,
    chandra.

    Hi,
    SAP R/3 systems send out data through IDoc (Intermediate Document), which in internally has segments and fields containing the data. But sometimes, these fields are not sufficient for a specific end-to-end business scenario as far as data transfer is concerned. So in such scenario, either few fields are to be added or subtracted, or completely new structure- IDoc needs to be created.
    At times because of the business scenario we do have to create Custom idocs .
    Regards,
    Bhanu

  • Develop the custom report on payload

    Hi
    I want to develop a report on the basis of payload  in XI for eg  i send some sales order ,
    then sales order no ,time of sending ,receiving at the other end , success  etc
    Regards
    Vijay

    Hi,
    The custom report that you develop will only be able to provide information that is accessible in the Integration Engine. i.e. say there is a message which has passed through IE but failed in the adapter, then as your program will extract the details from IE, you will get a success in the report where as it is actually failed in the AE. Hence i am not sure if there is a way to get the details that you want. However you can get the duration of execution and other details from Performance monitoring in XI. Not sure if this helps but i would suggest you have a look at that and check if it helps in anyway.
    reward if helpful,
    Sarath.

Maybe you are looking for

  • "iTunes was unable to verify your device" error

    Hi, I have a first generation iPad that has been working just fine. I decided to give it away, and so I wiped it and set about restoring it to factory defaults.... except, now I keep getting the error "iTunes was unable to verify your device. Please

  • I cannot understand the answers provided when I ask 'how to change a password for a website' in Firefox Options tab.

    The answers that your website have provided have not done me any good. I use a Master Password for Firefox. Now Firefox is not asking me if I want it to remember a certain password that I have entered for a website. In the 'Options' tab, I have told

  • Ipod making weird noises and not working

    Ok so I recently have been having problems connecting my ipod to my computer. I plug it in to the usb cable, with itunes up. The ipod goes to the do not disconnect screen and itunes freezes. It stays like that and nothing changes. While this is happe

  • Progress bar for chart dataProvider?

    I have a chart which has for dataProvider a link to a php script which processes data and returns XML. The processing takes a little bit of time so from flex the user stares at a blank graph for some time. Is there anyway to link a progress bar to th

  • MAC BOOK PRO 15 - Does this version support Audio 5.1

    Hello, My MBP 15inch is the 1st generation with the INTEL CORE 2 DUO chip. Here's my Hardware Overview: Model Name: MacBook Pro 15", Model Identifier: MacBookPro2,2, Processor Name: Intel Core 2 Duo, Processor Speed: 2.33 GHz, Number Of Processors: 1