Document Access via Custom Authentication Source?

Similar Messages

• Document access via WAN in portal

  Hi,
  I have the following problem. I have installed portal with KM in place A and some users are in place B. Both places are connected via WAN (1Mbit/s). Users in place B have some documents stored in there LAN so they can access them relatively quickly. But they would like to use functionality of KM. When I move their documents to the portal they will access these files over WAN connection. Is there some alternative solution? (users can navigate to the document via portal but than they download them from LAN). Can this be solved by WebDAV or Web repository manager?
  Thanks a lot,
  Zdenek

  Hi Praskah,
  thanks for help but I would like to avoid network traffic between two WAN locations. Imagine that you have 10MB file on network A on some WebDAV server for example that is in network A too. Portal resides in network B which is conntected with network A via 1mbit/s connection. Webdav repository is connected to this portal. I suppose that if you want to download your document from portal you must firstly transfer it from network A to network B (to the portal) and then from network B to network A again (to your desktop).
  My question is: Can I avoid described useless network traffic and download document directly from network A?

• VPN Access via LDAP authentication

  Hello everyone,
  I have setup an OS X server to serve as our department's VPN server. I am attempting to configure it to use an existing linux LDAP server for authentication, so that we don't need to have local accounts on the server. In the Directory Utility I have entered the information to point to our LDAP, and have it configured as RFC 2307 (Unix) for LDAP mappings. Everything in the Directory Utility appears that it considers the LDAP connection to be valid. In fact, from a terminal I can successfully finger users in LDAP.
  In the Server Admin, I have selected the users that I wish to have VPN access (the LDAP users also show up in this list). However, when I try to connect to it, it fails almost immediately. Here is a snippet of the server's VPN log file (I have changed the IP addresses and hostname in the logfile to "*"):
  2010-05-11 20:37:13 EDT Incoming call... Address given to client = **.***.***.**
  Tue May 11 20:37:14 2010 : Directory Services Authentication plugin initialized
  Tue May 11 20:37:14 2010 : Directory Services Authorization plugin initialized
  Tue May 11 20:37:14 2010 : PPTP incoming call in progress from '**.***.***.**'...
  Tue May 11 20:37:14 2010 : PPTP connection established.
  Tue May 11 20:37:14 2010 : using link 0
  Tue May 11 20:37:14 2010 : Using interface ppp0
  Tue May 11 20:37:14 2010 : Connect: ppp0 <--> socket[34:17]
  Tue May 11 20:37:14 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xaef8a1b5> <pcomp> <accomp>]
  Tue May 11 20:37:14 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xaef8a1b5> <pcomp> <accomp>]
  Tue May 11 20:37:17 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xaef8a1b5> <pcomp> <accomp>]
  Tue May 11 20:37:17 2010 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1b8adf3d> <pcomp> <accomp>]
  Tue May 11 20:37:17 2010 : lcp_reqci: returning CONFACK.
  Tue May 11 20:37:17 2010 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x1b8adf3d> <pcomp> <accomp>]
  Tue May 11 20:37:17 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xaef8a1b5> <pcomp> <accomp>]
  Tue May 11 20:37:17 2010 : sent [LCP EchoReq id=0x0 magic=0xaef8a1b5]
  Tue May 11 20:37:17 2010 : sent [CHAP Challenge id=0xc6 <7636b1bad668b175a847d43875397f99>, name = "***.*****.edu"]
  Tue May 11 20:37:17 2010 : rcvd [LCP EchoReq id=0x0 magic=0x1b8adf3d]
  Tue May 11 20:37:17 2010 : sent [LCP EchoRep id=0x0 magic=0xaef8a1b5]
  Tue May 11 20:37:17 2010 : rcvd [LCP EchoRep id=0x0 magic=0x1b8adf3d]
  Tue May 11 20:37:17 2010 : rcvd [CHAP Response id=0xc6 <4a2f0f54d4ce55fe6d1308a8206c4b02000000000000000046f6233c5bb9ea82f6ef2164eb55ed a3355a931a6762101300>, name = "mouck"]
  Tue May 11 20:37:17 2010 : sent [CHAP Failure id=0xc6 "\37777777677:\r\002"]
  Tue May 11 20:37:17 2010 : CHAP peer authentication failed for mouck
  Tue May 11 20:37:17 2010 : sent [LCP TermReq id=0x2 "Authentication failed"]
  Tue May 11 20:37:17 2010 : rcvd [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
  Tue May 11 20:37:17 2010 : sent [LCP TermAck id=0x2]
  Tue May 11 20:37:17 2010 : Connection terminated.
  Tue May 11 20:37:17 2010 : PPTP disconnecting...
  Tue May 11 20:37:17 2010 : PPTP disconnected
  I am unsure why the authentication is not working. In the past, I have tried to configure the Open Directory service to be "Connected to a Directory System" but could never get the service to start. To be honest, I'm not even positive I need to have the Open Directory service running, since the authentication should hopefully be passed to our existing LDAP.
  Any thoughts or suggestions would be greatly appreciated. Thanks very much!

  Hi oleg,
  It's a very common issue and generally happens when you try to connect the VPN client from the same location which has a site to site VPN with the device. For example if you try to connect the VPN client to the ASA and your public Ip is 1.1.1.1 and on the same ASA if you have a Site to Site VPN already connnect with an IP address 1.1.1.1 you will see the following error in the debug:
  "cannot match peerless map when peer found in previous map entry."
  Please check for the same, if thats the case you are hitting the following bug:
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCuc75090
  You needed a Cisco CCO id to check the link.
  Thanks
  Jeet Kumar

• Authentication Source not appearing in login dropdown

  Hi,I've created a custom Authentication Web Service and linked a Authentication Source to this. The Everyone group is given Select rights to both of these objects. I've given the Authentication Source the description "TestAuth".
  However when I refreshed my login page there after, I don't see my newly created Authentication Source. Tried re-starting the application server (Tomcat 4.1) and it didn''t work either. Tried to force a strict ordering of the Authentication Source Prefix using the options in PTConfig.xml, but no luck there either.
  The only useful Plumtree article I managed to find is one that talks about the blank description, which is not the case here.
  Has anyone encountered this before and know how to ensure that the authentication source you create appears always? Need to solve this urgently in preparation for migration from 4.5WS to 5.0.
  Thanks in advance for any advice!
  Weng Kong Lee

  Hi,
  This should just work. As long as the everyone group has read access to the Authentication Source it should show up in the select dropdown. You will need to restart the app server (as you did) to pick up the changes, because the auth source select is cached per language (you could also just change the guest user to a different language).
  Are there any errors or warnings in PTSpy the first time you hit the login page (errors would only show up the first time because the select will be cached after that)? If you turn on Debug logging for the portal common component, you should be able to see more information as the list gets created. If you can post any relevant PTSpy messages, we may be able to help you further.
  Another possibility is that if your Auth Source is set as an Auth Partner for a Sync Auth Source, then they won't be added to the list because the Sync Auth Source will be expected to be added to the list.
  -- Don

• Direct access to document image via webservice - best practice?

  Howdy,
     Rookie "Post-er".... be gentle.  I've searched and I've read... didn't find this.  I've not taken training.  I may be way off base.
  We have multiple manufacturing sites around the world with local Operator Qualification appls that want to access the enterprise SAP DMS mfg document images (stop dual maint - enterprise & local)....  without dependency on SAP ECC being up.  If we can pass them DMS meta-data via near-realtime msgs (including the document image access "key" data); then we would assume they can direclty access KPRO for the document image as needed.
  Would this be considered a "best practice"?   Webservice controlled (access only from known source).
  Is PHIO-ID the only dynamic variable needed (based on info below I found in WIKI)?
  *Alternatively, the url as below can be used to retrieve the documents from the content server[*http://<Server_Name>:<Port_No>/archive.dll?get&pVersion=<Version_No>&contRep=<Content_Rep>&docId=<PHIO_ID|http://<Server_Name>:<Port_No>/archive.dll?get&pVersion=<Version_No>&contRep=<Content_Rep>&docId=<PHIO_ID|\||]>
              <Server_Name> = Content server (IP address or name of content server)
              <Port_No> = Port No. of the server
              <Version_No> = Version No of content server (Transaction OACT)
              <Content_Rep> = content category of the server (Transaction OAC0)
              <PHIO_ID> = PHIO Id derived for each upload method

  Hello,
  This reply posted to help others who may refer this in the future.
  As Amit Maheshwari mentioned, it is possible to give access to a document stored in the Content Server even when the partner system(ECC) is down.
  As per your requirement, you want to access documents when the ECC System is down, but the content server is up and running.
  The following steps can be of help to you:
  1 - Create a program, that will create URL for the documents stored in the content server and send the URL to the external system.(Refer: FM- SDOK_PHIO_GET_URL_FOR_GET)
  The URL refers to the public IP of the Internet Server on which the content server is hosted on.
  2 - With this URL and few configurations on the Content Server (to allow access from external systems) you can fetch the file from the content server to the external system. Access privileges may vary based on your security settings.
  Note: Since the ECC system will be down, creating URL for all the documents can be a bottleneck.
  Probable Solution: While adding a document to the ECC system, the respective URL can be created and transferred to the external system along with the master details and stored there.
  This can be undertaken if it is really important for the business, as it will increase the load for the external system. The solution can be modified based on the business requirement.
  Thank you,
  Regards,
  Tamilnesan G

• New server and/or CA certificate for connection from custom authentication

  We are running Access Manager version 72005Q4 in the Sun ONE Web Server 6.1SP5 B06/23/2005 container with java build 1.5.0_07-b03. I run a custom authentication module which checks sessions against our university single sign on system which is CAS (from Yale/Jasig). The checks are essentially https calls. All this has been working well for us for the last couple of years.
  I would like to migrate the certificate used on the university CAS system from a Verisign certificate to a wildcard certificate issued by the IPS CA in spain -- these are in most browsers but are not in the standard batch of cacerts CA's -- and are free for .edu domains.
  My other java based authentication plugins (Blackboard, custom apps etc) have worked fine once I import the certificate into the cacerts for the java container, but I'm missing something (obvious probably) about importing this certificate so that my amserver custom authentication module can connect to the CAS server once the CAS server is using the new certificate.
  Could anyone provide guidance on where I need to import this server certificate (or preferably the IPS CA) in order to allow the custom authentication module to work properly? I assume this same problem has been solved by people wishing to connect from the amserver to services with self signed certificates. For some reason I'm finding the debugging unexpectedly difficult, I'll outline some of those details below.
  Relevant things I've tried so far:
  Import both the server cert and the IPS CA into the cacerts of the java container identified in the web server server.xml /usr/jdk/entsys-j2se.
  Import the IPS CA into the web server cert8 style db via the web admin server.
  The debugging has surprised me a bit, as I'm not getting an error that is explicitly SSL related error. It almost seems like the URLConnection object ends up using a HttpURLConnection rather than an HttpsURLConnection and never gives me a cert error, rather a connection refused since there is no non SSL service running on CAS. The same code pointed to the server running the verisign cert works as expected.
  Part of the stack:
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: java.net.ConnectException: Connection refused
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.PlainSocketImpl.socketConnect(Native Method)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.Socket.connect(Socket.java:516)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.Socket.connect(Socket.java:466)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.NetworkClient.doConnect(NetworkClient.java:157)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.openServer(HttpClient.java:365)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.openServer(HttpClient.java:477)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.<init>(HttpClient.java:214)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.New(HttpClient.java:287)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.New(HttpClient.java:311)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.protocol.http.HttpURLConnection.setNewClient(HttpURLConnection.java:489)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.protocol.http.HttpURLConnection.setNewClient(HttpURLConnection.java:477)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.protocol.http.HttpURLConnection.writeRequests(HttpURLConnection.java:422)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:937)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at edu.yale.its.tp.cas.util.SecureURL.retrieve(Unknown Source)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(Unknown Source)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at edu.fsu.ucs.authentication.providers.CASAMLoginModule.process(CASAMLoginModule.java:86)
  [28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:729)
  The relevent bit of code from the SecureURL.retrieve looks as follows:
  URL u = new URL(url);
  if (!u.getProtocol().equals("https"))
  throw new IOException("only 'https' URLs are valid for this method");
  URLConnection uc = u.openConnection();
  uc.setRequestProperty("Connection", "close");
  r = new BufferedReader(new InputStreamReader(uc.getInputStream()));
  String line;
  StringBuffer buf = new StringBuffer();
  while ((line = r.readLine()) != null)
  buf.append(line + "\n");
  return buf.toString();
  } finally { ...
  The fact that this same code in other authentication modules running outside the amserver (in other web containers as well, tomcat and resin for example) running java 1.5 works fine with the new CA, as well as with self signed certs that I've imported into the appropriate cacerts file leads me to believe that I'm either importing the certificate into the wrong store, or that there is some additional step needed for the amserver in the Sun Web container.
  Thank you very much for any insights and help,
  Ethan

  I thought since this has had a fair number of views I would give an update.
  I have been able to confirm that the custom authentication module is using the cert8 db defined in the AMConfig property com.iplanet.am.admin.cli.certdb.dir as documented. I do seem to have a problem using the certificate to make outgoing connections, even though the certificate verifies correctly for use as a server certificate. This is likely a question for a different forum, but just to show what I'm looking at:
  root@jbc1 providers#/usr/sfw/bin/certutil -V -n "FSU Wildcard Certificate" -d /opt/SUNWwbsvr/alias -P https-jbc1.ucs.fsu.edu-jbc1- -u V
  certutil: certificate is valid
  root@jbc1 providers#/usr/sfw/bin/certutil -V -n "FSU Wildcard Certificate" -d /opt/SUNWwbsvr/alias -P https-jbc1.ucs.fsu.edu-jbc1- -u C
  certutil: certificate is invalid: Certificate type not approved for application.
  root@jbc1 providers#/usr/sfw/bin/certutil -M -n "FSU Wildcard Certificate" -d /opt/SUNWwbsvr/alias -P https-jbc1.ucs.fsu.edu-jbc1- -t uP,uP,uP
  root@jbc1 providers#/usr/sfw/bin/certutil -V -l -n "FSU Wildcard Certificate" -d /opt/SUNWwbsvr/alias -P https-jbc1.ucs.fsu.edu-jbc1- -u C
  FSU Wildcard Certificate : Certificate type not approved for application.
  So it could be that I don't understand how to use the certutiil to get the permissions I want, or it could be that using the same certificate for both server and client functions is not supported -- though you can see why this would be a common case with wildcard certificates.
  BTW for those interested, it did seem to be the case that when the certificate failure occurred that the attempt was then made by the URLConnection to bind to port 80 in cleartext even though the URL was clearly https. I'm sure this was just an attempt to help out misformed URL, but it seemed that the URLConnection implementation in the amserver would swapped traffic over cleartext if that port had been open on the server I was making the https connection to; that seems dangerous to me, I would not have wanted it to quietly work that way exposing sensitive information to the network.
  This was why I was getting back a connection refused instead of a certificate exception. The URLConnection implementation used by the amserver is defined by java.protocol.handler.pkgs=com.iplanet.services.comm argument passwd to the JVM, and I imagine this is done because the amserver pre-dates the inclusion of the sun.net.www.protocol handlers, but I don't know, there maybe reasons why the amserver wants it own handler. I only noticed that this is what was going on when I as casting the httpsURLConnection objects to other types trying to diagnose the certificate problem. I would be interested in hearing if anyone knows if there is a reason not to use sun.net.www.protocol with the amserver.
  After switching to the sun.net.www.protocol handler I was able to get my certificate errors rather than the "Connection Refused" which is what lead me to the above questions about certutil.

• Office 2013 C2R - Access denied to installation source from workgroup PC (Error Code 5-4 and 17002)

  I have set up Office 2013 Home and Business on a network share using the Office Deployment Tool.
  Domain members can install Office 2013 with no problems using the command line
  \\Server\share\Office2013\setup.exe /configure
  \\Server\share\Office2013\configuration-home-and-biz.xml
  However, if the PC is not a member of the domain I get an Access Denied message, even though "everyone" has full control of the share and NTFS files and subfolders
  The full message is as follows,
  Access denied to installation source
  Sorry, we ran into a problem accessing a required file. Please check that the installation source has correct permissions, the try again.
  Go online for additional help
  Error Code: 5-4
  As soon as I join the PC to the domain the installation works but I would like to pre-install Office as part of an MDT Task Sequence before the PC joins the domain.
  Does anyone know how I can make this work?
  The Office setup log shows a different error code
  03/05/2014 16:23:24.834 SETUP (0xe38) 0xec0  Click-To-Run apx75 Monitorable TryLaunchClient::HandleStateAction: C2R Client returned failing error code 17002
  FYI: My config xml file contains the following
  <Configuration>  <Add SourcePath="\\Server\share\Office2013\" OfficeClientEdition="32" >    <Product ID="HomeBusinessRetail">      <Language ID="en-us" />    </Product>  </Add>  <Updates Enabled="TRUE" UpdatePath="\\Server\share\Office2013\" />  <Display Level="Full" AcceptEULA="TRUE" />        <!--  <Display Level="None" AcceptEULA="TRUE" />  -->  <Logging Name="OfficeSetup-*.txt" Path="%temp%" />  <Property Name="AUTOACTIVATE" Value="0" /></Configuration>
  Thom McKiernan (UK) @thommck | thommck.wordpress.com | MCSA | MCTS

  C2R editions of Office, during the installation routine, will initially commence execution in the security context of the logged in user, but partway through the installation routine the installation transitions into the security context of the local computer
  account. This means that unless the computer account also has network access permissions to the installation source folder/share, the installation routine will fail.
  http://technet.microsoft.com/en-us/library/jj219423(v=office.15).aspx#PrepareDeploy
  Important:
  The computer account for the computer on which you install Click-to-Run for Office 365 products must have read permission to the network share that contains the Office Deployment Tool, the customized Configuration.xml file, and the Click-to-Run for Office
  365 product and language files. If you cannot give read permission to the computer account, you can copy the files down to the computer from the network share, and then run Setup from the computer. After the installation is complete, you can delete those files
  from the computer. 
  To workaround this, your installation script routine can copy the installation source files from the server folder/share to a local folder on the computer, then launch the setup routine from that local source.
  In your example scenario, the workgroup computer (because it is not a member of "DOMAIN\Authenticated Users" does not have access permissions to the server folder/share.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• OAM 11g: Error while importing Custom Authentication Plug-in.

  We are trying to create a sample custom authentication plugin in OAM 11g as per the 11.1.1.5.0 doc.
  But while trying to import the plugin via oamconsole (system configuration->Plugins->Import Plugin) we receive an error "Invalid XML Structure".
  Do we have to embed the XSD (XML Schema Definition) as well ?
  -------------------------SamplePlugin.java-------------------------------------
  import oracle.security.am.plugin.ExecutionStatus;
  import oracle.security.am.plugin.MonitoringData;
  import oracle.security.am.plugin.PluginConfig;
  import oracle.security.am.plugin.authn.AuthenticationContext;
  import oracle.security.am.plugin.authn.AuthenticationException;
  import oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn;
  import java.util.Map;
  import java.util.logging.Level;
  class SamplePlugin extends AbstractAuthenticationPlugIn {
       private static final String CLASS_NAME = "FirstTestClass";
       public ExecutionStatus initialize (PluginConfig config){
            super.initialize(config);
            if(LOGGER.isLoggable(Level.FINE)){
                 LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering initialize");
            return ExecutionStatus.SUCCESS;
       @Override
       public String getDescription() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public Map<String, MonitoringData> getMonitoringData() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public String getPluginName() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public int getRevision() {
            // TODO Auto-generated method stub
            return 0;
       @Override
       public ExecutionStatus process(AuthenticationContext arg0)
                 throws AuthenticationException {
            if(LOGGER.isLoggable(Level.FINE)){
                 LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering process");
            return ExecutionStatus.SUCCESS;
       @Override
       public void setMonitoringStatus(boolean arg0) {
            // TODO Auto-generated method stub
       @Override
       public boolean getMonitoringStatus() {
            // TODO Auto-generated method stub
            return false;
  -------------------------SamplePlugin.java-------------------------------------
  ------------------------SamplePlugin.xml--------------------------------
  <?xml version="1.0" encoding="UTF-8" ?>
  <Plugin name="SamplePlugin" type="Authentication">
  <author>Self</author>
  <email>[email protected]</email>
  <creationDate>09:41:22, 2012-02-05</creationDate>
  <version>1</version>
  <description>SamplePlugin</description>
  <interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
  <implementation>SamplePlugin</implementation>
  </Plugin>
  ------------------------SamplePlugin.xml--------------------------------
  ------------------------MANIFEST.MF--------------------------------
  Manifest-Version: 1.0
  Ant-Version: Apache Ant 1.8.2
  Bundle-Version: 1.0.0.qualifier
  Bundle-Name: SamplePlugin
  Bundle-Activator: SamplePlugin
  Bundle-ManifestVersion: 2
  Created-By: 1.6.0_24-b07 (Sun Microsystems Inc.)
  Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.
  plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api,
  oracle.security.am.common.utilities.principal,oracle.security.idm,jav
  ax.naming,javax.sql,java.management,javax.security.auth
  Bundle-SymbolicName: SamplePlugin
  Bundle-RequiredExecutionEnvironment: JavaSE-1.6
  ------------------------MANIFEST.MF--------------------------------
  Contents of SamplePlugin.jar
  1. SamplePlugin.xml
  2. SamplePlugin.class
  3. META-INF/
  MANIFEST.MF

  I build the Plugin.jar file similarly as above(followed the same steps)..
  But when i log into OAM and trying to import the plugin (System Configuration->Plugins- Import Plugin) the browser goes to hung state and i see below error in logs (domain log and in diag log)
  I see the jar file created in this location (\Middleware\user_projects\domains\IAMdomain\oam\plugins)
  Please let me know if you have any idea..Thanks!
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803273> <BEA-000000> <ADFc: /WEB-INF/adfc-config.xml: >
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803274> <ADFC-52024> <ADFc: Duplicate managed bean definition for 'accessCheck' detected.>
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000402> <1330549803479> <ADF_FACES-60099> <The region component with id: pt1:_lar has detected a page fragment with multiple root components. Fragments with more than one root component may not display correctly in a region and may have a negative impact on performance. It is recommended that you restructure the page fragment to have a single root component.>
  ####<Feb 29, 2012 1:10:33 PM PST> <Error> <javax.enterprise.resource.webcontainer.jsf.application> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833253> <BEA-000000> <java.lang.NullPointerException
  javax.faces.el.EvaluationException: java.lang.NullPointerException
       at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:51)
       at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
       at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190
  ####<Feb 29, 2012 1:10:33 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833316> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase INVOKE_APPLICATION 5
  javax.faces.FacesException: #{FileProcessor.doUpload}: java.lang.NullPointerException
       at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118)
       at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
       at oracle.adf.view.rich.component.rich.RichPopup$BroadcastContextCallback.invokeContextCallback(RichPopup.java:666)
       at org.apache.myfaces.trinidad.component.UIXComponentBase.invokeOnComponent(UIXComponentBa
  >
  ####<Feb 29, 2012 1:10:33 PM PST> <Error> <oracle.oam.admin.console.policy> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833361> <OAM-400016> <Failed to authenticate the user
  javax.servlet.ServletException: java.lang.NullPointerException
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:277)
  ####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adf.view.rich.component.fragment.UIXRegion> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834008> <ADF_FACES-00009> <Error processing viewId: /plugin-taskflow/authplugins URI: /oracle/security/am/taskflows/authplugin.jsff actual-URI: /oracle/security/am/taskflows/authplugin.jsff.
  javax.el.ELException: java.lang.NullPointerException
       at javax.el.BeanELResolver.getValue(BeanELResolver.java:266)
       at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper._encodeAll(PanelCollectionRenderer.java:728)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper.access$500(PanelCollectionRenderer.java:537)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer.encodeAll(PanelCollectionRenderer.java:402)
       at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1396)
       at org.apache.myfaces.trinidad.render.CoreRenderer.encodeEnd(CoreRenderer.java:335)
       at org.apache.myfaces.trinidad.component.UIXComponentBase.encodeEnd(UIXComponentBase.java:767)
       at javax.faces.component.UIComponent.encodeAll(UIComponent.java:937)
  ####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834020> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RENDER_RESPONSE 6
  javax.faces.FacesException: javax.el.ELException: java.lang.NullPointerException
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:804)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:294)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:214)

• No access via webinterface possible

  hey,
  i'm working with oracle 11g for a few weeks now. But now i have a problem and need some help.
  Yesterday, i deleted the database and created a new one. afterwards i configured the listener. during the listener configuration i recieved a port error (standard port is used by another application). i told oracle to go on because i thought the error ocured because of another application in the background, but i was wrong.
  now i am not able to access the oracle webinterface. but i'm able to access via sql developer.
  who can help me to get webaccess again?
  cu and thx
  itchy2

  yes the instance is ccrfinal.
  i will translate it as good as possible:
  C:\Documents and Settings\dufdmz>lsnrctl
  LSNRCTL for 32-bit Windows: Version 11.2.0.1.0 - Production on 01-JUL-2010 16:00
  :48
  Copyright (c) 1991, 2010, Oracle. All rights reserved.
  Willkommen in LSNRCTL. Geben Sie "help" ein, um Information zu erhalten.
  LSNRCTL> status
  Sign in on (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=DEBONWNC6010890.dp-itsol
  utions.de)(PORT=1521)))
  STATUS of the LISTENER
  Alias LISTENER
  Version TNSLSNR for 32-bit Windows: Version 11.2.0.1.0 - Production
  Beginning date 30-JUN-2010 18:57:17
  Uptime 0 Tage 21 Std. 3 Min. 35 Sek.
  Trace-level off
  security ON: Local OS Authentication
  SNMP OFF
  Parameter file of the listener C:\app\team\product\11.2.0\dbhome_2\network\admin\listener.ora
  Log-File of the Listener c:\app\team\diag\tnslsnr\DEBONWNC6010890\listener\alert\log.xml
  Summary/Conlusion of the listening endpoints
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=DEBONWNC6010890.dp-itsolutions.de)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=DEBONWNC6010890.dp-itsolutions.de)(PORT=9090))(Presentation=HTTP)(Session=RAW))
  Service Overview
  Service "CCRfinal" has 2 instances
  Instance "CCRfinal", Status UNKNOWN, has 1 Handler for this service
  Instance "ccrfinal", Status READY, has 1 Handler for this service...
  Service "CCRfinalXDB" has 1 Instance.
  Instance "ccrfinal", Status READY, has 1 Handler for this service...
  Service "CLRExtProc" has 1 Instance.
  Instance "CLRExtProc", Status UNKNOWN, has 1 Handler for this service...
  The command has been executed successfully
  LSNRCTL>
  I tried to change the port of the http listener before to 9090 but there was no possibility to get access to the webinterface.

• WebDynpro Abap MSS: Access via "NULL" object reference not possible

  hi,
  My customer send me the following link to Appraisal Documents (Manager) MSS
  http://server.sap.portal:1810/sap/bc/webdynpro/sap/HAP_START_PAGE_POWL_UI_MSS/
  http://a.imageshack.us/img685/5959/mss3.jpg (logon in Costumer SAP System)
  http://a.imageshack.us/img225/4008/mss4.jpg (Appraisal Documents (Manager) MSS run succesful)
  Link that also run by the SICF in my customer is correct.
  But when I run in my SAP System see the following error
  http://a.imageshack.us/img715/5355/mss1j.jpg (SCIF in my SAP System)
  http://a.imageshack.us/img44/5346/mss2.jpg (SCIF - test service)
  http://a.imageshack.us/img840/1677/mss2b.jpg (Error, without window logon)
  <b> Access via "NULL" object reference not possible</b>
  Other question is:  In what part of MSS is this option? because the ESS is in Career and Jobs / Appraisals Documents
  http://a.imageshack.us/img683/9900/careerjob3.jpg (Employee Self Service / Career and Jobs / Appraisals Documents)
  thanks for your posts and answer
  Ivan

  Hello
  The most important information is (again) missing: which object reference is initial ("NULL")?
  The ABAP dump will tell you.
  Below I show an example how this can happen (and be avoided):
  LOOP AT lt_accountings INTO ls_accounting.
    lo_po_account ?= ls_accounting-accounting.
  ENDLOOP.
  " QUESTION: Are you sure that lo_po_account hold an instance ???
  " If LO_PO_ACCOUNT is empty the following statement will give you the dump.
  ls_mepoaccounting = lo_po_account->get_data( ).
  " And that is how to avoid this (at least the dump. Whether your logic is still ok is another matter...)
  CHECK ( lo_po_account IS BOUND ).
  ls_mepoaccounting = lo_po_account->get_data( ).
  Regards
    Uwe

• SharePoint Custom Authentication

  Hi,
  There is a request from our customer that the SharePoint 2013 site can be accessed via two log in modes by the same user.
  1. Via Custom Web Service which will authenticate and return True, password will not be shared from the web service where as authentication result will be shared. Based on the True status the user should be able to access to the SharePoint site.
  2. Via Active Directory Account - using their AD log in id and password
  For this request, is it possible to associate the same user through two log in modes.
  How this Custom authentication should be set up  ?
  Please advise
  Ready for Action

  Look at the codeplex project in the link below 
  https://spcustomauthwtwitter.codeplex.com
  it's already contains custom authentication providers against DB and twitter, you can use the same solution and add your own custom authentication against the client's webservice
  Hope that helps|Amr Fouad|MCTS,MCPD sharePoint 2010

• OIM with multiple authentication source

  Dear All,
  Can OIM authenticate from Active Directory and Oracle Internet Directory?
  My customer require that :
  1. Permanent Employee will be authenticated using Active Directory.
  2. Non-Permanent Employee will be authenticated using Oracle Internet Directory.
  Can i do this with or without Oracle Access Manager?
  Thank you.

  Hi Kishore,
  We have tried configure OVD as authentication source with OID and OVD as the directory. We found another issue. In the AD, the Username Attribute (equals to OIM's User Login) is sAMAccountName, but in the OID, there is no sAMAccountName. We can use CN, UID, and orclsamaccountname as Username Attribute.
  How can we map the username attribute in the OVD so we can put the username attribute in the OAM configuration?
  Need help, please share your idea and experience.
  Thank you,
  -heri-

• How to make the JMX custom authentication work ?

  I am using the password and access file based authentication on JMX. When building my JMXConnectorServer, i use the property names and it works fine.
      Map<String, String> env = new HashMap<String, String>();
      env.put(ApplicationProperties.JMX_PWD_FILE_PROP, pwdFile);
      env.put(ApplicationProperties.JMX_ACCESS_FILE_PROP, accFile);
      connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceURL, env, mBeanServer);However, now i want to use a custom authenticator and i implemented my own LoginModule to have a encrypted password in the password file. Thus the ideas is to have an encrypted password and plain text user name in the password file.
      public class ABCDJMXLoginModule implements LoginModule {
          private CallbackHandler callbackHandler;
          private Subject subject;
          private String u_username;
          private String u_password;
          private JMXPrincipal user;
          private Properties userCredentials;
          private String passwordFile;
          private String f_username;
          private String f_password;
          private static final Logger logger = LoggerFactory.getLogger(ABCDJMXLoginModule.class);
          public boolean abort() throws LoginException {
              // TODO Auto-generated method stub
              return false;
          public boolean commit() throws LoginException {
              // TODO Auto-generated method stub
              return true;
          public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
                  Map<String, ?> options) {
              this.subject = subject;
              this.callbackHandler = callbackHandler;
          public boolean login() throws LoginException {
              try {
                  attemptLogin();
                  loadPasswordFile();
              } catch (Exception e) {
                  logger.info("Exception, e");
              if (u_username == null || u_password == null) {
                  throw new LoginException("Either no username or no password specified");
              logger.info("Password from user and file : " + u_password + " :: " + f_password);
              if (u_password.equals(f_password)) {
                  return true;
              return false;
          public boolean logout() throws LoginException {
              // TODO Auto-generated method stub
              return true;
          private void attemptLogin() throws LoginException {
              Callback[] callbacks = new Callback[2];
              callbacks[0] = new NameCallback("u_username");
              callbacks[1] = new PasswordCallback("u_password", false);
              try {
                  callbackHandler.handle(callbacks);
              } catch (IOException e) {
                  logger.error("IOException", e);
              } catch (UnsupportedCallbackException e) {
                  logger.error("UnsupportedCallbackException", e);
              u_username = ((NameCallback) callbacks[0]).getName();
              user = new JMXPrincipal(u_username);
              char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
              u_password = tmpPassword.toString();
              logger.info("UserName : " + u_username);
              logger.info("Password : " + u_password);
              System.arraycopy(tmpPassword, 0, u_password, 0, tmpPassword.length);
              ((PasswordCallback) callbacks[1]).clearPassword();
          private void loadPasswordFile() throws IOException {
              FileInputStream fis = null;
              passwordFile = "c:\\abcd.jmx.enc.password.file";
              try {
                  fis = new FileInputStream(passwordFile);
              } catch (SecurityException e) {
                  logger.error("Security Exception", e);
              BufferedInputStream bis = new BufferedInputStream(fis);
              userCredentials = new Properties();
              userCredentials.load(bis);
              bis.close();
              f_username = u_username;
              f_password = (String) userCredentials.get(f_username);
              logger.info("UserName before Decrypt : " + f_username);
              logger.info("Password from file before Decrypt : " + f_password);
              // decrypt the password from file and later compare it with user password from JConsole
              if (f_password != null) f_password = Cryptography.decrypt(f_password);
              logger.info("Password from file after Decrypt : " + f_password);
      }When i use the following code and try to connect via JConsole nothing happens.
      Map<String, String> env = new HashMap<String, String>();
      env.put(ApplicationProperties.JMX_PWD_FILE_PROP, pwdFile);
      env.put(ApplicationProperties.JMX_ACCESS_FILE_PROP, accFile);
      env.put("jmx.remote.x.login.config", "com.splwg.ejb.service.management.ABCDJMXLoginModule");
      connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceURL, env, mBeanServer);Any ideas on why this happens ? For sure, i am also not coming into the ABCDJMXLoginModule class - I have some print statements there and none of them get printed. Any sort of ideas and solutions are appreciated. I tried with the property "com.sun.management.jmxremote.login.config" too. I was expecting that mentioning the property in the environment and passing it to the JMXCOnnectorServer would do all the trick.
  Am i missing something ?

  Hello dcloko_BR,
  I downloaded and installed Lenovo´s The Lenovo Solution Center and now the solution center starts after pressing the blue button. Perhaps give it a try.
  Edit: Upps sorry, only newer models are supported according to the readme.txt.
  Best regards
  Andreas
  Follow @LenovoForums on Twitter! Try the forum search, before first posting: Forum Search Option
  Please insert your type, model (not S/N) number and used OS in your posts.
  I´m a volunteer here using New X1 Carbon, ThinkPad Yoga, Yoga 11s, Yoga 13, T430s,T510, X220t, IdeaCentre B540.
  TIP: If your computer runs satisfactorily now, it may not be necessary to update the system.
   English Community       Deutsche Community       Comunidad en Español

• Web-UI error message "Access via 'NULL' object reference not possible"

  I need some help, I'm not a Basis person but I need to get this connection problem resolve.
  This problem is in our DEV ICWeb system.  After logging in to Web-UI, I got a error message "Access via 'NULL' object reference not possible".  We have 3 clients (100, 220, & 310) in DEV and all 3 clients are giving me the same error message.
  From the help.sap.com, I found this topic http://help.sap.com/saphelp_nwes70/helpdata/en/84/43f0d786304e19a652a8f80909a8ec/content.htm
  but in the document it asked to go to SM59 to check the ESH_APPL_WS_TEMPLATEENGINE destination.  But we don't have that destination setup in all our systems.
  Here is the complete error message:
  Error when processing your request
  What has happened?
  The URL http://crm-dev.staff.copa:8000/sap/bc/bsp/sap/crm_ui_frame/BSPWDApplication.do was not called due to an error.
  Note
  ■The following error text was processed in the system CD1 : Access via 'NULL' object reference not possible.
  ■The error occurred on the application server CRM-DEV_CD1_00 and in the work process 0 .
  ■The termination type was: RABAX_STATE
  ■The ABAP call stack was:
  Method: GET_DATA_LOSS_HANDLER of program CL_CRM_UI_CORE_APPL_CONTROLLERCP
  Method: GET_DATA_LOSS_HANDLER of program CL_CRM_UI_CORE_APPL_CONTROLLERCP
  Method: EH_TRIGGER_NAVIGATION of program CL_CRM_UI_CORE_APPL_CONTROLLERCP
  Method: SET_WORKAREA_CONTENT of program CL_CRM_UI_CORE_APPL_CONTROLLERCP
  Method: PROCESS_NAV_QUEUE of program CL_BSP_WD_VIEW_MANAGER========CP
  Method: DO_INIT of program CL_CRM_UI_FRAME_APP_CONTROLLERCP
  Method: DO_INIT of program CL_BSP_CTRL_ADAPTER===========CP
  Method: GET_PAGE_CONTEXT_CURRENT of program CL_BSP_CONTEXT================CP
  Method: ON_REQUEST_ENTER of program CL_BSP_RUNTIME================CP
  Method: ON_REQUEST of program CL_BSP_RUNTIME================CP
  What can I do?
  ■If the termination type was RABAX_STATE, then you can find more information on the cause of the termination in the system CD1 in transaction ST22.
  ■If the termination type was ABORT_MESSAGE_STATE, then you can find more information on the cause of the termination on the application server CRM-DEV_CD1_00 in transaction SM21.

  Hi Michael,
  Refer to the link below and check the procedure.
  http://help.sap.com/saphelp_nwes70/helpdata/en/84/43f0d786304e19a652a8f80909a8ec/content.htm
  Regards,
  Arjun

• URGENT help required : Custom Authentication Plugin for validation of users

  Hi Experts.
  I'm a newbie and am stuck in middle of nowhere.
  I have been asked to develop a custom authentication plug-in which would validate a user using the attributes such as a userid and a shared-userid.
  shared-userid is just a custom id that would be generated on the basis of some logic.
  Currently I'm using OAM 10.1.4.3.0 on WINDOWS server and as everybody, I'm also not able to find any sample files or sample folder structure.
  As per one of the other threads https://forums.oracle.com/forums/thread.jspa?messageID=3838474, sample code and sample folders are removed from this particular version and were present in some previous version.
  So, can anyone please help me out with the following:
  1. How can I proceed to accomplish this task, i.e. to check whether a user-id and a shared-userid both are validated and a user is granted access.
  2. Are all of these files required to create a custom authentication plug-in or can we proceed only with the ".c" file (i.e. make file, authn.c, and a dll file made using the make file and .c file)
  3. Can anybody provide me with a sample file or a sample code written in "C" wherein the plug-in connects to the LDAP and searches for a particular dn for comparison or something. Also a sample make file for windows to convert the .c file to .dll.
  PLEASEEEE help me ASAP.
  Regards
  Edited by: 805912 on Nov 15, 2011 7:18 PM

  Hi,
  Regarding question 2, you also need the header file is supplied in the Access Server installation directory, under ...access\oblix\sdk\authn_api and is called authn_api.h. you need this to build the dll which must then be placed in the Access Server's ...\access\oblix\lib directory.
  Regarding question 3, if you install an earlier version of the Access Server, ie 10.1.4.2 or less, then you will get a \access\oblix\sdk\authentication\samples\authn_api directory that contains a basic sample authentication plugin. However, there is still documented in the 10.1.4.3 Developer Guide another sample plugin, simplapi.c, in the 10.1.4.3 Developer Guide with instructions on how to use it. It does work, but unfortunately requires a couple of edits to get it working after copy&pasting it (no code changes, just fairly obvious case changes eg changing ObanPlugin* to ObAnPlugin*). I used the following commands to get it to compile into a .so file on unix:
  g++44 -c -fPIC -Wno-deprecated -m32 simpleapi.c
  g++44 -shared -nostdlib -lc -m32 simpleapi.o -o simpleapi.so
  but I really would not know if or how these translate into a Windows environment.
  Regards,
  Colin
  Edited by: ColinPurdon on Nov 15, 2011 2:50 PM