Exchange ActiveSync not working if form based authentication or SSL enabled

Similar Messages

• Microsoft Exchange ActiveSync not working in Mobile Network – Blackberry Z10

  Microsoft Exchange ActiveSync not working in Mobile Network – Blackberry Z10
  I have set-up office email account in Microsoft Exchange ActiveSync this work only over office Wi-Fi not working outside of office Wi-Fi range. When I back to office all new e-mail loaded automatically. I have no problem with yahoo email setup in the same Z10 hand set work in both Wi-Fi and Mobile network. I have data plan with my carrier. Both emails were working in my previous Blackberry hand set Bold 9900. But with this New Z10 this become a problem
  What could a the problem and I need help please

  The URL you provided https://... does require SSL as it has a "s".
  Have you tested the server OMA setup with a notebook or desktop (https://webmail.domain.com/OMA)?
  You should receive a login prompt for username & password following by an Inbox listing of messages.
  We used this step to verify server setup before configuring an iPhone. Lastly, we made certain that connectivity would work from outside or within our company by doing the following:
  1) created A record for webmail.domain.com to a public IP that route through the firewall on 443 to the Exchange server's private IP - this handles external traffice
  2) added an internal DNS record for webmail.domain.com to the private IP of the Exchange server.
  This ensures that webmail.domain.com sync's to exchange from outside or from within the Enterprise.

• SBS 2003 R2 premium (with ISA 2004) Exchange ActiveSync not working

  A client has a SBS 2003 R2 premium (with ISA 2004) and wants to sync iPhones and Android phones.
  When using the Microsoft Remote Connectivity Analyzer and selecting 'Exchange ActiveSync' we get 'The test of the FolderSync command failed. Exchange ActiveSync returned an HTTP
  500 response.'
  We tried every solution we could find on the internet, without success.
  This is what we tried and checked so far:
  - fixed IP, DNS, trusted SSL (comodo) seem all OK
  - Exchange 2003 SP2 and ISA 2004 SP3 installed.
  - RWW and OWA working fine.
  - tests with iPhone and Android -> 'cannot get mail. The connection to the server failed'.
  - event viewer reveals no further clues.
  - ran CEICW several times enabling and disabling most remote options (OWA OMA,...)
  - manually checked all vDir settings in IIS6
  - tested with different accounts, created a testaccount without any administrative privileges in Active Directory.
  - surfing to servername/microsoft-server-activesync from local network and to domain/microsoft-server-ActiveSync from external computer both give: HTTP 501/HTTP 505 error as expected.
  - reset the default virtual directories
  - on ISA a query by dest port (443) shows traffic reaching the ISA server ending in:
  Log   type:
  Web   Proxy (Reverse)
  Status:  
  500   Internal Server Error
  Rule:
  SBS OMA Web Publishing Rule
  Source:
  External ( XX.XX.XX.XX:0)
  Destination:
  ( XX.XX.XX.XX:443)
  Request:
  POST
  Filter information:
  Req ID: 1c6d0bea
  Protocol:  
  https
  User:  
  anonymous
  Could anyone give me any pointers on what I need to do to get this working please?
  Many thanks in advance for your assistance.
  Regards
  Jean-Paul Laffargue
  ARCOM BVBA

  I used to have a SBS2003 on ISA running activesync with no issues so I'll try and give you guidance although it's been a while.  I gather this is the first time use of this feature on this SBS?  If so make sure you follow the instructions here:
  http://technet.microsoft.com/en-us/library/cc182239.aspx
  Also make sure you've enabled all mobile services in exchange features and updated your users with the Mobile User profile (I think they need to be members of the Mobile and Remote Web Workplace groups in Manage Users IIRC).  Anything in the event logs?
   Also, for some phones you need to manually download the certificate if you use a self-signed type.
  Note that in the end it may be time to replace this soon to be unsupported ISA with a separate firewall (or a "free" Untangle box) and go to a one NIC solution.  It simplifies things and you need to do that anyway to transition off SBS2003 when it is
  unsupported next year.
  -- Al

• SBS 2008 - Exchange Activesync not working through cellular broadband connection

  nevermind - issue resolved

  Okay, after further testing, it is something related to the Verizon broadband network.
  something incompatible with router being behind a Star2Star VoIP appliance.
  Hi DondersConsulting,
  Glad to hear that the question has been resolved and thanks for sharing in the forum. Your time and efforts are highly appreciated.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Webgate : problem in Form based authentication

  I have configured a WebGate to protect an web application hosted on Sun WebServer 6.1.
  It works fine, If I use the basic authentication mechanism. If I access the application, it challenges me uid/pwd thru a small pop up window; after successful authentication I am redirected to the requested application.
  However, the same does not work for Form based authentication. The webgate plugin doe not look like picking the userid/ pwd field from the login.html. Also it redirect to the mentioned action "/access/dummy" in the html.
  My login.html for looks like this :
  <html>
  <form name="myloginform" action="/access/dummy" method="post">
       UserID <input type="text" name="userid" size="20">
       Password <input type="password" name="password" size="20">
       <input type="submit" name="submit" value="Login">
  </form>
  </html>
  Pls help me out, I have spent several hours debugging this. surprisingly, I have a different machine with exactly same set up works fine.
  Thanks

  Hi Eric,
  It may be a problem in your web.xml, I missed the "/" slash character
  in the web.xml's in <form-login-page> element. So your web.xml
  must look like

• Form based authentication problem

  Hi people, im new here. Im working on a small application and i have decided to work with Form Based authentication. Theres a index page in the root that redirect to welcome page but when i try to Run the first page im getting this exception.
  javax.servlet.jsp.JspException: Cannot find FacesContext at javax.faces.webapp.UIComponentTag.doStartTag(UIComponentTag.java:427) at com.sun.faces.taglib.jsf_core.ViewTag.doStartTag(ViewTag.java:125) at infrastructure.login._jspService(_login.java:53)
  I have been searching for a while in the web but i couldnt find anything that fix the problem. Can anybody give me a hand with this? The version of Jdeveloper is 10.1.3.2. Here are the web.xml file and index.jsp
  <?xml version = '1.0' encoding = 'windows-1252'?>
  <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee">
  <description>Empty web.xml file for Web Application</description>
  <context-param>
  <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
  <param-value>client</param-value>
  </context-param>
  <context-param>
  <param-name>CpxFileName</param-name>
  <param-value>userinterface.DataBindings</param-value>
  </context-param>
  <filter>
  <filter-name>adfFaces</filter-name>
  <filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
  </filter>
  <filter>
  <filter-name>adfBindings</filter-name>
  <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>adfFaces</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  </filter-mapping>
  <filter-mapping>
  <filter-name>adfBindings</filter-name>
  <url-pattern>*.jsp</url-pattern>
  </filter-mapping>
  <servlet>
  <servlet-name>Faces Servlet</servlet-name>
  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>resources</servlet-name>
  <servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/adf/*</url-pattern>
  </servlet-mapping>
  <session-config>
  <session-timeout>35</session-timeout>
  </session-config>
  <mime-mapping>
  <extension>html</extension>
  <mime-type>text/html</mime-type>
  </mime-mapping>
  <mime-mapping>
  <extension>txt</extension>
  <mime-type>text/plain</mime-type>
  </mime-mapping>
  <welcome-file-list>
  <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>
  <jsp-config/>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>todoLider</web-resource-name>
  <url-pattern>/faces/app/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>lider</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>infrastructure/login.jsp</form-login-page>
  <form-error-page>infrastructure/error.jsp</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <role-name>lider</role-name>
  </security-role>
  <security-role>
  <role-name>auxiliar</role-name>
  </security-role>
  <security-role>
  <role-name>docente</role-name>
  </security-role>
  <security-role>
  <role-name>veedor</role-name>
  </security-role>
  <security-role>
  <role-name>estudiante</role-name>
  </security-role>
  <ejb-local-ref>
  <ejb-ref-name>ejb/local/AsigFacade</ejb-ref-name>
  <ejb-ref-type>Session</ejb-ref-type>
  <local>datamodel.model.AsigFacadeLocal</local>
  <ejb-link>AsigFacade</ejb-link>
  </ejb-local-ref>
  </web-app>
  index.jsp
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
  "http://www.w3.org/TR/html4/loose.dtd">
  <%@ page contentType="text/html;charset=windows-1252"%>
  <html>
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"/>
  <title>index</title>
  </head>
  <body><%response.sendRedirect("faces/app/welcome.jsp");%></body>
  </html>

  Servlet mapping for the Faces Servlet is
  <servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>
  Is the input.jsp run by specifying the url in the browser?
  Run input.jsp with right-click>Run
  The url should include /faces/

• Form Based Authentication not working for my sharepoint site.

  I am using FIM 2010 r2 on Sharepoint -80 . I tried to use forms based authentication instead of default windows based auth. But the site is not even redirecting to the custom login page i am trying to connect .
  Any suggestions ?

  Issue has been resolved.  There was no interesting work-a-round or fix involved.

• Logout Functionality in Form Based Authentication Not Working Properly

  Hi All,
  I am using Form Based Authentication in ADF. In this I followed the following steps:-
  1.Login On Page.
  2.In successful login page ,copy the url
  3.Click on "Logout"
  4.Paste the url in login page and click enter
  5.System taking me back to that page where I can perform all the actions.
  But the Login operation should not happen just by entering the url. Please provide any help how to stop redirecting to my authenticated page just by typing the url. This is a big security constraint.Any Assistance to this is highly appreciated.
  Thanks & Regards
  Lovenish Garg

  Hi BaiG,
  For Login I am using the form based authentication and for logout here is my code:-
  public void logout() {
  ExternalContext ectx =
  FacesContext.getCurrentInstance().getExternalContext();
  HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
  HttpSession session = (HttpSession)ectx.getSession(false);
  session.invalidate();
  response.setHeader("Cache-Control", "no-cache");
  response.setHeader("expires", "0");
  response.setHeader("Pragma", "no-cache");
  try {
  response.sendRedirect("AdminLogin.html");
  } catch (IOException e) {
  logger.severe(e.getMessage());
  //Inform JSF to not take the response in hands
  FacesContext.getCurrentInstance().responseComplete();
  logger.info("session invalidated");
  Thanks,
  Lovenish Garg

• J_security_check in form-based authentication - not checking for blank passwords

  I am using the LDAP Security Realm to authenticate against an iPlanet
  Directory Server. All works as expected when a user-id and password
  are entered for form-based authentication.
  However, when a userid is entered but no password, j_security_check
  logs the user in successfully. Aparently, this is correct LDAP
  behaviour as anonymous login to the LDAP server is permitted. It seems
  that the j_security_check servlet should check for blank passwords
  before trying to authenticate against the LDAP server and fail
  authentication if this is the case.
  Has anyone else experienced this problem?

  Hi Brian,
  I do not believe it is j_security_check's job to check for blank
  passwords.
  In many security realms, it is "legal" for a user to have a blank
  password. j_security_check forwards whatever password was entered so that
  even users with blank passwords can be authenticated by the realm on the
  backend. For this reason I believe that j_security_check is "doing the
  right thing" by just forwarding whatever is presented to it, rather than
  having its own logic. It is best if j_security_check just acts as a very
  dumb middle man.
  If behavior was altered, it is true that your particular problem would be
  solved, but then many other people would have a problem with their users
  with blank passwords authenticating properly...
  Try looking into how to disable anonymous logins on the LDAP end of
  things. Hope this helps.
  Cheers,
  Joe Jerry
  brian wrote:
  I am using the LDAP Security Realm to authenticate against an iPlanet
  Directory Server. All works as expected when a user-id and password
  are entered for form-based authentication.
  However, when a userid is entered but no password, j_security_check
  logs the user in successfully. Aparently, this is correct LDAP
  behaviour as anonymous login to the LDAP server is permitted. It seems
  that the j_security_check servlet should check for blank passwords
  before trying to authenticate against the LDAP server and fail
  authentication if this is the case.
  Has anyone else experienced this problem?

• Faces context not found (Form based authentication)

  <security-constraint>
  <display-name>Example Security Constraint</display-name>
  <web-resource-collection>
  <web-resource-name>Protected Area</web-resource-name>
  <url-pattern>/jsp/WorkingZone.jsp</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>manager</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>Example Form-Based Authentication Area</realm-name>
  <form-login-config>
  <form-login-page>/Login/login.jsp</form-login-page>
  <form-error-page>/Login/error.jsp</form-error-page>
  </form-login-config>
  </login-config>
  when i tried to login with valid user the the url shows
  http://localhost:8080/FormAuth/jsp/WorkingZone.jsp
  how to append faces context automatically.
  I am not finding for this faces context.
  Plz suggest me a solution soon.
  Thanks
  Raghavendra Pattar

  The FacesContext is created by FacesServlet which is
  definied in the web.xml with an url-pattern.
  If you just follow the url-pattern of this
  FacesServlet, usually /faces/ or *.faces, or *.jsf,
  then the FacesContext will be created.Hi balu,
  this is the web.xml that i am using
  <?xml version="1.0" encoding="UTF-8"?>
  <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.4" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
  <context-param>
      <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
      <param-value>server</param-value>
    </context-param>
  <context-param>
      <param-name>javax.faces.CONFIG_FILES</param-name>
      <param-value>/WEB-INF/navigation.xml,/WEB-INF/managed-beans.xml</param-value>
    </context-param>
  <context-param>
      <param-name>com.sun.faces.validateXml</param-name>
      <param-value>true</param-value>
    </context-param>
  <context-param>
      <param-name>com.sun.faces.verifyObjects</param-name>
      <param-value>false</param-value>
    </context-param>
  <filter>
      <filter-name>UploadFilter</filter-name>
      <filter-class>com.sun.rave.web.ui.util.UploadFilter</filter-class>
      <init-param>
        <description>
            The maximum allowed upload size in bytes.  If this is set
            to a negative value, there is no maximum.  The default
            value is 1000000.
          </description>
        <param-name>maxSize</param-name>
        <param-value>1000000</param-value>
      </init-param>
      <init-param>
        <description>
            The size (in bytes) of an uploaded file which, if it is
            exceeded, will cause the file to be written directly to
            disk instead of stored in memory.  Files smaller than or
            equal to this size will be stored in memory.  The default
            value is 4096.
          </description>
        <param-name>sizeThreshold</param-name>
        <param-value>4096</param-value>
      </init-param>
    </filter>
  <filter-mapping>
      <filter-name>UploadFilter</filter-name>
      <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>
  <servlet>
      <servlet-name>Faces Servlet</servlet-name>
      <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
      <load-on-startup>1</load-on-startup>
    </servlet>
  <servlet>
      <servlet-name>ThemeServlet</servlet-name>
      <servlet-class>com.sun.rave.web.ui.theme.ThemeServlet</servlet-class>
    </servlet>
  <servlet-mapping>
      <servlet-name>Faces Servlet</servlet-name>
      <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
  <servlet-mapping>
      <servlet-name>ThemeServlet</servlet-name>
      <url-pattern>/theme/*</url-pattern>
    </servlet-mapping>
  <welcome-file-list>
      <welcome-file></welcome-file>
       </welcome-file-list>
  <jsp-config>
      <jsp-property-group>
        <url-pattern>*.jspf</url-pattern>
        <is-xml>true</is-xml>
      </jsp-property-group>
    </jsp-config>
  <security-constraint>
      <display-name>Example Security Constraint</display-name>
      <web-resource-collection>
        <web-resource-name>Protected Area</web-resource-name>
        <url-pattern>/secure/*</url-pattern>
          <http-method>GET</http-method>
        <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
        <role-name>manager</role-name>
      </auth-constraint>
    </security-constraint>
    <!-- Default a login configuration that uses form-based authentication -->
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Example Form-Based Authentication Area</realm-name>
      <form-login-config>
        <form-login-page>/Login/login.jsp</form-login-page>
        <form-error-page>/Login/error.jsp</form-error-page>
      </form-login-config>
    </login-config>
    <!-- Define a logical role for this application, needs to be mapped to an actual role at deployment time -->
    <security-role>
      <role-name>manager</role-name>
    </security-role>
  </web-app>1)My requirement is Login page should be the first page
  If enter the valid user and password
  then i will get directory structure
  when i click the secured JSF page inside secure
  i got this URL
  http://localhost/secure/WorkingZone.jsp
  obiviously /faces is missing
  and i am getting faces context not found.
  If u need further clarification i will send u..
  Plz reply me...

• Exchange 2013 ActiveSync not working

  Hello everyone,
  We seem to be having problems with our ActiveSync not working anymore. Users with mobile devices can not access their mailboxes. We have checked just about every setting and the IIS logs and can't find an answer to this issue. Microsoft's Remote Connectivity
  Analyzer shows the following error which we can not find an answer for anywhere.
  An ActiveSync session is being attempted with the server.
       Errors were encountered while testing the Exchange ActiveSync session.
      Test Steps
      Attempting to send the OPTIONS command to the server.
       Testing of the OPTIONS command failed. For more information, see Additional Details.
      Additional Details
       A Web exception occurred because an HTTP 400 - BadRequest response was received from IIS7.
  Thanks!

  Hi,
  Did you ever find a solution to your problem?  I have exactly the same problem with a fresh install of exchange 2013.  Can access mailboxes via outlook 2010 and owa but can't connect any mobile device.  I'm stumped...
  a 400 IIS Bad Request error indicates token bloat. Are you proxying to 2010 mailboxes?
  The usual fix is to set the following reg keys on the CAS receiving the requests following the first step described in this article that is similar:
  http://support.microsoft.com/kb/2491354
  Create the following registry keys on all CAS servers (both Exchange Server 2007 CAS servers and Exchange Server 2010 SP1 CAS servers) in the Active Directory site:
  Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
  Name: MaxFieldLength
  Type: DWORD
  Value data: 65534
  Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
  Name: MaxRequestBytes
  Type: DWORD
  Value date: 16777216
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Forcing specific clients or groups to use forms based authentication (FBA) instead of windows based authentication (WIA) with ADFS

  Hi,
  We are have a quite specific issue. The problem is most likely by design in ADFS 3.0 (running on Windows Server 2012 R2) and we are trying to find a "work-around".
  Most users in the organization is using their own personal computer and everything is fine and working as expected, single sign-on (WIA) internally to Office 365 and forms based (FBA) externally (using Citrix NetScaler as reverse proxy and load
  balancing with the correct rewrites to add client-ip, proxy header and URL-transformation).
  The problem occurs for a few (50-100) users where they are sharing the same computer, automatically logged on to the computer using a generic AD-user (same for all of them). This AD-user they are logged on with does not have any access to Office365
  and if they try to access SharePoint Online they receive an error that they can't login (from SharePoint Online, not ADFS).
  We can't change this, they need to have this generic account logged on to these computers. The issue occurs when a user that has access to SharePoint Online tries to access it when logged on with a generic account.
  They are not able to "switch" from the generic account in ADFS / SharePoint Online to their personal account.
  The only way I've found that may work is removing IE as a WIA-capable agent and deploy a User-Agent version string specific to most users but not the generic account.
  My question to you: Is there another way? Maybe when ADFS sees the generic user, it forces forms based authentication or something like that?
  Best regards,
  Simon

  I'd go with your original workaround using the user-agent and publishing a GPO for your normal users that elects to use a user-agent string associated with Integrated Windows Auth.. for the generic accounts, I'd look at using a loopback policy that overwrites
  that user agent setting, so that forms logon is preferred for that subset of users. I don't think the Netscaler here is useful in this capacity as it's a front-end proxy and you need to evaluate the AuthZ rules on the AD FS server after the request has been
  proxied. The error pages in Windows Server 2012 R2 are canned as the previous poster mentioned and difficult to customize (Javascript only)...
  http://blog.auth360.net

• Issue with form based Authentication in three tier sharepoint 2013 environment.

  Hi,
  We are facing issue with form based Authentication in three tier environment.
  We are able to add users to the database and in SharePoint.
  But we are not able to login with created users.
  In single tier everything working fine
  Please help , Its urgent ... Thanks in advance.
  Regards,
  Hari
  Regards, Hari

  if the environments match, then it sounds like a kerberos double-hop issue
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• How to redirect to j_security_check without the form based authentication

  Hi,
  I am trying to integrate my application authentication to a backend system with the ibm websphere form based authentication. Below is the scenario:
  1. when the user clicks on a protected url, the container will redirect the user to the login page.
  2. instead of displaying the login page, i would like to automatically redirect the user to j_security_check action. which means that instead of displaying the login.jsp page, the user will automatically be redirected to j_security_check to perform some user authentication, and if successful, the application pages will be displayed.
  The reason i want to auto redirect the user to j_security_check is because i am implementing some integration work with a backend system. the user will key in the username/password from another system. once the user is authenticated, the user information will be passed to my system. The login page of my system will not be displayed again, and by using the username value, my system will assume that the user has successfully been authenticated (authentication done by the backend system), and therefore automatically gain authorization to login into my application.
  i hope that clarifies my problem.
  anyone out there has any solution to my problem?
  thanks a lot in advance.

  Hi Darren,
  Let me explain the whole authentication environment.
  There are actually 2 systems in this environment. Let;s call it system A and system B.
  System B is actually using the authentication mechanism that i described in my previous message.
  A login page will be presented to the user (within system A). User credential is collected and passed to system A to be authenticated. System A will use its own mechanism to authenticate the user.
  Once the user is authenticated, system A will pass the user ID to system B. At this point, system B will assume that the user is authenticated and grant authorization to access the application. (system B global security is enabled and implements the form based authentication mechanism) Therefore, at this point, the redirect page (so called login page) will not be displayed to the user, instead it will be automatically redirected to the j_security_check action to execute the customer Ldap Registry class. (ps : eventhough authentication is no longer needed, the flow will still go to Ldap Registry class. A check is done in the Ldap Registry class to skip the authentication, if it is not boot strap login. Only first and only time authentication is done for boot strap login).
  In the case a protected url is clicked or invoked by the user directly, the application will redirect the user to the initial login of system A. Otherwise (the url link originates from system A, during the passing of user token to system B), system B will redirect to j_security_check and execute the customer Ldap Registry class.
  Based on the above explained scenario, in your opinion, is there any security loopholes? consider that system B no longer perform authentication but only to grant authorization to the user.
  Appreciate your advice. Thanks in advance
  Anyway, i am using the ibm websphere server. :)

• FORM based Authentication issue on Sun ONE AS7

  I am trying to use FORM based authentication for a web module I created, and can not get it to work. I have registered the roles through the admin console of the server, and adjusted the web.xml. When I try to use BASIC authentication, I get a 'Authentication refused for []' message before I even log in, and another one after I do. When I use FORM authentication, the URL points to my login.jsp page (no matter what I put in the path, which is what is supposed to happen), however my default servlet (hello.java) is actually run, and the login.jsp page never comes up. I created my jsps and servlet in the mounted [ejb]_WebModule. Please let me know if something seems incorrect here, or if you can think of something I should check...I can't find anything out there to help me.
  Here is my web.xml:
  <web-app>
  <display-name>DiningGuideManager_TestApp</display-name>
  <servlet>
  <servlet-name>front</servlet-name>
  <servlet-class>data.DiningGuideManager_WebModule.hello</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>myPage</servlet-name>
  <jsp-file>/myPage.jsp</jsp-file>
  </servlet>
  <servlet-mapping>
  <servlet-name>front</servlet-name>
  <url-pattern>/*</url-pattern>
  </servlet-mapping>
  <session-config>
  <session-timeout>30</session-timeout>
  </session-config>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Security</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>Me</role-name>
  <role-name>EveryoneElse</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>default</realm-name>
  </login-config>
  <security-role>
  <role-name>Me</role-name>
  </security-role>
  <security-role>
  <role-name>EveryoneElse</role-name>
  </security-role>
  <ejb-ref>
  <ejb-ref-name>ejb/TestedEJB</ejb-ref-name>
  <ejb-ref-type>Session</ejb-ref-type>
  <home>data.DiningGuideManagerHome</home>
  <remote>data.DiningGuideManager</remote>
  <ejb-link>DiningGuideManager</ejb-link>
  </ejb-ref>
  </web-app>
  for FORM authentication I have this:
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
  <form-login-page>/login.jsp</form-login-page>
  <form-error-page>/error.jsp</form-error-page>
  </form-login-config>
  </login-config>
  Thanks,
  Michelle

  Yes there's a default generated index.jsp page that I'm having trouble overriding with one of my own. Have you used Form Based Authentication before? To do so you have edit the WEB-INF/web.xml file by adding:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Secure Area</web-resource-name>
  <url-pattern>/test/secure/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>admin</role-name>
  </auth-constraint>      
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/test/secure/loginpage.jsp</form-login-page>
  <form-error-page>/test/secure/errorpage.jsp</form-error-page>
  </form-login-config>
  </login-config>
  When you attempt to first go to any page in my /test/secure/ directory you get redirected to the /test/secure/loginpage.jsp where you have to login as a tomcat user, when succesfully logged on you get redirected to an index.jsp page which is NOT the one I created in test/secure/index.jsp. Even when I type in the url to go to my own test/secure/index.jsp I still don't get my own one that exists there, but instead get the default one that's generated that displays:
  "Authentication Mechanism FORM".
  Hope that makes more sense.
  I've tried restarting tomcat but it makes no difference.