External Authentication 2106 WLC help

Hello,
We have setup a 2160 WLC for external authentication so that we can control the look and feel of the web pages a bit better.
I wanted to better understand how to setup the page to handle errors. I'm trying to determine how the errors get posted back to the external web page.
My understanding is that the form is "POST" to the 1.1.1.1, when it redirects to the external web auth due to an error are the values (error codes, redirect url, etc) appended to the query string?
If they are appeded to the query string...what are the variable names we should be looking for?
Thanks in advance

Josh,
I would recommend reviewing the source within the Web Authentication templates for info on customizable error codes... available on Cisco.com:
Wireless -> WLCs -> Select a model -> Web Authentication Bundle
Best,
Drew
Sent from Cisco Technical Support
iPhone App

Similar Messages

External authentication on Essbase 9.3.1

I am migrating from Essbase 7.3.x on 32-bit Windows to System9 on 64-bit windows. External authentication works on both Shared Services and EAS. I have successfully registered EAS and Essbase with shared services however I do not see Essbase in "User console" of Shared Services as an application. I am able to create native authenticated users in Essbase but unable to externalise the security. I get the following error messages when trying to externalise:
Error: 1051549: Can not convert Analytic Services to Shared Services mode when Analytic Services is not configured with Shared Services or the initialization process has failed
On starting Essbase, I see the following error message when I use the same CSSconfig file as used by shared services:
[Wed Jul 16 10:26:45 2008]Local/ESSBASE0///Error(1051223)
Single Sign On function call [css_init] failed with error [getOSVersion]
[Wed Jul 16 10:26:45 2008]Local/ESSBASE0///Info(1051198)
Single Sign-On Initialization Failed !
If I point to the current CSS file used in production Essbase 7, I get the following message:
[Wed Jul 16 10:33:26 2008]Local/ESSBASE0///Error(1051223)
Single Sign On function call [css_init] failed with error [-1]
[Wed Jul 16 10:33:26 2008]Local/ESSBASE0///Info(1051198)
Single Sign-On Initialization Failed !
In either case everything except External Authentication on System9 for Essbase works.
Both shared services and Essbase are on the same 64-bit Windows box.
Any help in resolving this will be greatly appreciated.
Thanks,
Vikram.

HI:
I recommand following these steps:
1. Go to the box where you have your Essbase installed
2. Pull up the Shared Services Configuration Utility
3. Select COmponent to be registered as Essbase
4. Remeber to stop the essbase - i assume you are getting the error hence essbae would not have loaded.
5. Re-register Essbase with Shared services
6.Start essbase in Foreground
It shuld Start :) good Luck..let me know If this failed..
Thanks,
Sriram

External Authentication won't correctly set USER name or Role

I am using JAVA under Google App Engine for my backend and attempting to log a user into a room using external authentication. I can connect and get into the room just fine my issue is with the user infomation once I am logged in. The user has a null username and ID (possibly generated) and thier role is set to zero (or at least not high enough to publish). If the room is set to auto-Promote then I do have the ability to publish (this is what I would expect) but still I needed the user to have a role of owner (so they can create nodes).
Here is a little of the java on the back end (I removed my shared secret):
public String getRoomToken(String roomID, String userName, String userID, int userRole) {
 try {
 Session session = am.getSession(roomID);
 return session.getAuthenticationToken(..., "Bob", "TestID", 100);
 //return session.getAuthenticationToken(..., userName, userID, userRole);
 } catch (Exception e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 return null;
getAuthenticationToken is hardely changed from what is in the AFCS.java in the examples folder but here it is in any case
/** * get an external authentication token */
public String getAuthenticationToken(String accountSecret, String name, String id, int role) throws Exception
 if (role < UserRole.NONE || role > UserRole.OWNER)
 throw new Error("invalid-role");
 String token = "x:" + name + "::" + this.account
 + ":" + id + ":" + this.room + ":"+ Integer.toString(role);
 String signed = token + ":" + sign(accountSecret, token);
 // unencoded
 //String ext = "ext=" + signed;
 // encoded
 String ext = "exx=" + Utils.base64(signed);
 return ext;
This should work. My Shared secret is removed above but I doubt that is the problem as my app does authenticate just fine it just throws an exception telling me I don't have the required permissions to publish when I try to do anything. while observing from the DevConsole I see a user in the room but they are marked as null. Note that non-external authentication works just fine. If I hardcode my login creds in AdobeHSAuthenticator I can get in just fine with no issue. Also if the room I get an authenticationToken for does not match the roomURL I connect to with ConnectSessionContainer I will fail to login correctly like I would expect. So I know my credentials are getting to the AFCS and being decrypted correctly (as I can only authenticate for the room I send in that credential token) but for some reason it simply won't set my role and username/userid correctly. Any help would be great, this has caused me a great deal of grief for days now...
Thanks guys...
Ves

Well this is wierd I was trying to set this up so that I could get the log output on that run and I ended up changing
<rtc:AdobeHSAuthenticator id="auth" authenticationKey="{Application.application.parameters['token'] as String}"/>
to
<rtc:AdobeHSAuthenticator id="auth" authenticationKey="{token}"/>
and adding a preinitialize function of:
protected function preInit():void
 templateID = Application.application.parameters['room'];
 token = Application.application.parameters['token'];
oddly enough it now works like a charm now. It is still disconcerting that I was able to actually enter the room even though my token was somehow corrupted (that probably isn't intened behavior). If this shows up agian I will try and track down the particulars and send you guys an email as an FYI. thanks for the help....
Ves

External Authentication in 9.0.2

I have an external authentication module with Login Server 3.0.9 and I'm migrating my applications to the new release.
I checked for the ssoauthx.pks package specification and it says that external authentication module is no longer supported with this release. The only way to authenticate my users is to sync with oid.
Is this is the only way to do external authentication?. Are future version of iAS will still depend on OID for authentication?

Hi Nestor,
Even i am looking for similar solution and thinking of giving you some suggetion....
Oracle 9iAS R2 makes it madatory to use OID (or sync with OID) in SSO architecture.
We are trying to implement plug-in procedure (when_compare_replace) in OID to replace the password comparison for SSO requests. we are planning to check for our cookie to authenticate the user.
but i don't know how exactly this will work...
hope this helps
-vijay

External Authentication

Hi,
We need to be able to support external authentication to Oracle 8i. The system we develop is based on a J2EE architecture framework and is being deployed on the BEA Weblogic 8 under SUN Solaris. Currently we are using Oracle Type 4 thin driver. The database is already configured to support OPS$ accounts but we are having problems implementing it in Java. Any suggestions or recommendations? Does somebody have experience implementing it?
Thanks in advance,
Mike

Did you tried copying the dll file to the places where neededand add the path to the dll file in your system environmentvariables. I had these issues and i copied the dll file whereever the errormessage was looking for it and it worked absolutely fine. Hope this helps !

External authentication using Headervariable

Hi SAP Experts
We have configured External authentication for WEM using Headervariable.We are using BI Java 7.0
External authentication is working fine using Headervariable Login module for URL http://<WEb Server hostname>/irj which redirect to http://<J2EE hostname>:<port #>/irj
As you all know that we also use http://<J2EE hostname>:<port #> for Administation point of view where many options available like user management, SLD, Webdynpro, NetWeaver Administation etc.We have not configured this URL for External Authentication and also do not want to configure but when tyring to access any administration option on this, portal prompts default logon page and after entering Portal UserID/Password we get message like " No Loginmodules configured for Header"
I do not know why system display this message
Please help me if anyone has experience to resolve this issue, as we want to use URL http://<J2EE hostname:<port #>, which should prompts Portal Logon screen and after entering Portal userid/password we should access the administration screen without afftecting our External Authentication configuration for URL http://<WEb Server host>/irj
Thanks in Advance
Thanks with Regards
Deelip Kumar

Hi Deelip,
my earlier post referred to an additional authscheme that you may have created. If you have done so, please remove it. If you have checked this, there still is a predelivered authscheme called header, wich references a login stack called header. This login stack template does not exist as a default.
In this case, you may have assigned this authscheme (header) to some component, like an iview. How this works is explained in the docs <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/54/f91fba71ae48309e4267b4a36fa47b/frameset.htm">here</a> and<a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/54/a334ed5bbfd5488b8cdd67b2c594a9/frameset.htm">here</a> for example.
If you have done so, this reference to the authscheme header may trigger the lookup of the login stack template called header, which does not exist and thus leads to the error.
For detailed error analysis, I would recommend to search the security log and the portal logs for indications where the source of this error might be.
Regards,
Patrick

External Authentication with LDAP

Has anyone integrated external authentication of Essbase with LDAP? I've searched discussion groups, websites with no luck, and of course, Essbase documentation doesn't help either. Any additional documentation will help.Thanks in advance!

Thanks for the info. Is this sample code part of the default implementation that comes installed with the product (essldap.dll)? Or is this something completely different.Also, has anyone done anything similar in visual basic? We have a shortage of v c++ skills around here.Thanks again!

Essbase 6.5 External Authentication Issue!! Urgent Please!!

Hi all,
I am great trouble over an external authentication issue in Essbase 6.5. I request you all to please give me your feedback on the same as soon as possible.
I am in a situation where I need to get my Essbase 6.5 external Authentication converted from LDAP to Active Directory services.
I suppose there has been necessary changes done to the .cfg file for the same. However, I think I am getting an error
"User [vikc]'c external authentication protocol [MSEX]'s password check module is not loaded".
Please let me know if you have come across such an issue earlier and can anybody to able to help me with the same.
Its kinda Urgent. so any replies for the same will be appreciated.
Thanks and Regards,
Vikram

Vikram,
Yes you will have to reconfigure the CSS.xml and cfg file for external auth.
Here is the Sample CSS
<spi>
 <provider>
 <msad name="full360">
 <trusted>false</trusted>
 <url>ldap://192.168.1.100:389/DC=full360,DC=com</url>
 <userDN>CN=Ravinder Singh,DC=full360,DC=com</userDN>
 <password>full@360</password>
 <authType>simple</authType>
 <identityAttribute>dn</identityAttribute>
 <maxSize>1000</maxSize>
 <user>
 <loginAttribute>sAMAccountName</loginAttribute>
 <nameAttribute>dn</nameAttribute>
 </user>
 <group>
 <nameAttribute>cn</nameAttribute>
 <objectclass>
 <entry>group?member</entry>
 </objectclass>
 </group>
 </msad>
Download this toll "http://www.ldapbrowser.com/download.htm"
LDAP browser to get the perfact DN information.
Let me know the status
Ravikant

PHP external authentication

Hi:
Has anyone successfully implemented a php based external
authentication using cocomo in an AIR application? I am having a
hard time following the documentation provided with the cocomo SDK.
This is what I have in place:
An AIR application which lets users inside using a login and
password which they registered for. The login/registration system
is a PHP5/MySQL5 backend. I saw the examples section for External
Authentication and couldn't what the hills was going on there.
I know this may sound very "noob" but can anyone walk me
through or provide a step-by-step tutorial. I am working on an
awesome AIR application and will soon release it for free once I
get this social media part integrated into it. Please help me out
guys.
Thank you very much in advance.
Praneet

Hi Nigel:
Thank you very much for replying to my post. Ok, so this is
what I understood from your post and what I am going to do:
1.) send the username to the PHP script using HTTPService
2.) my PHP script will contain the code attached to this post
3.) in my MXML file this is what I have
quote:
private function init():void {
//roomURL = Application.application.parameters["roomURL"];
//authToken =
Application.application.parameters["authToken"];
//cSession.login();
cocomoService.send();
private function cocomoResult():void {
Alert.show(cocomoService.lastResult.authkey.toString());
authToken = cocomoService.lastResult.authkey.toString();
auth.authenticationKey = authToken;
cSession.login();
]]>
</mx:Script>
<mx:HTTPService id="cocomoService" url="
http://localhost/mycocomo.php"
result="cocomoResult()" method="POST">
<mx:request xmlns="">
<user>some user in my database</user>
<role>100</role>
</mx:request>
</mx:HTTPService>
<rtc:AdobeHSAuthenticator id="auth"/>
<session:ConnectSessionContainer
roomURL="
http://connectnow.acrobat.com/myapp/myroom"
id="cSession"
authenticator="{auth}"
autoLogin="false">
4.) and nothing happens. Although the Alert popup shows me
the reply I got back from my localhost which does seem like an
authToken to me...I can paste the authtoken here if it is ok to..
Thanks in advance.
Praneet

External authentication for Essbase 7.1.6.

Hi all,
We are trying to set up external authentication for Essbase 7.1.6. We have a customized version of Essbase which does not use DLL. we do not have a Hyperion Hub or any CSS set up. All we have is an authentication module from the vendor to be used instead of the DLL. As per the documents provided to us all we have to do is change the cfg file to include the AUTHENTICATIONMODULE setting. Does anyone has any experience with this? What all parameters do we need to pass to Active Directory for this to work? Please help.
Thanks.
Vish.

You could create a maxl script that replaces the filters, when you call the maxl script you could pass in a variable such as YR08 and use that variable in the script.
Cheers
John
http://john-goodwin.blogspot.com/

Trouble With External Authentication!

Hello all!
I have been trying to experiment with external authentication with PHP using the samples provided with the LCCS SDK Navigator.
I have changed the "index.php" page to include all my account info. and have double checked it! However, when I upload it to my server, I keep getting the following error(s) whenever I click the submit button on the form:
Warning: fopen() [function.fopen]: URL file-access is disabled in the server configuration in /home/tueslcom/public_html/LoginTest2/lccs.php on line 690
Warning: fopen(https://collaboration.adobelivecycle.com/myusername?mode=xml&accountonly=true&) [function.fopen]: failed to open stream: no suitable wrapper could be found in/home/tueslcom/public_html/LoginTest2/lccs.php on line 690
Fatal error: Uncaught exception 'RTCError' with message 'connection-failed' in /home/tueslcom/public_html/LoginTest2/lccs.php:695 Stack trace: #0 /home/tueslcom/public_html/LoginTest2/lccs.php(587): RTC::http_get('https://collabo...', Array) #1 /home/tueslcom/public_html/LoginTest2/lccs.php(254): RTCAccount->do_initialize() #2 /home/tueslcom/public_html/LoginTest2/index.php(33): RTCAccount->__construct('https://collabo...') #3 {main} thrown in /home/tueslcom/public_html/LoginTest2/lccs.php on line 695
I have a bit of experience with PHP, however, going through lccs.php and trying to reverse engineer everything to find out what`s going on is a little beyond my skill level! Any idea what might be happening/missing here? This seems like it should be a no-brainer!
Thanks in advance for any help anyone can give.
Matt

Raff,
Thanks for your quick reply!
I called phpinfo() and it appears that OpenSSL is working:
OpenSSL Support - enabled
OpenSSL Support - OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Is SSL needed for encrypted communications between the browser and the LCCS server? When it comes to ports, security, and all the headaches that go with it, I am pretty much a NOOB (by choice)!
Also, the forum search doesn`t seem to be working (at least it`s not returning anything for me). Any hints as to what other modules are needed?
btw - Is it "http://connectnow.acrobat.com" or "https://collaboration.adobelivecycle.com"?
And it seems that "lccs.php" had been renamed from "afcs.php" along with "RTCAccount", which used to be "AFCSAccount". The code examples have not been updated to reflect this, and although I fixed this in some of the code, could there still be problems inside "lccs.php"?
Thanks again,
Matt

Essbase security Migration from native mode to external authentication

Hi!!
I want some guidance on setting up security, all the users are currently in Native user mode and Native groups.
Now we want to migrate to external mode, current version of hyperion is 11.1.1.3, any steps to follow in
this direction would be really helpful.
What is the best way of migrating huge user base from native directory to setting up for external authentication,
this is the first time move from native to external authentication, If anyone who has done this will be helpful.
steps to setup , maxl based migration will be helpful or utility based.
Thanks

When you say native mode do you mean that that essbase security is in native mode and you want to convert to shared services security mode,or do you mean you are using shared services securtiy with native users and you want to use an external directory like MSAD.
For your question ::
Yes the first piece is correct, our security is in native mode.
and we want to convert to shared services security mode,
The request involves moving from essbase native mode to Shared services native user mode (moving all the existing users, groups and existing provisioning)
The next stage is moving from Shared services native user mode to external directory. (moving all the existing users, groups and existing provisioning)
Your input will guide me in the direction.
Thanks

Question on External Authentication Plug-in

I have 2 windows domains with no global catalog server. The documentation shows how to setup external authentication plug-in when you have just one domain. Can anyone provide a link on how to setup the plug-in when you have more than one domain? Thanks for your help.

Yes it is possible,
>i want to know if its possible or not in a very easy and efficiant way<
……well I think so, but one could argue about the „easy & efficient” part of it……..
Anyway here are a few possibilities:
https://help.apple.com/logicpro/mac/10/#lgcp215834c2
……don’t know of any trial possibilities………
Cheers!

ACS Server: External Authentication configuration error

Hi ALL
I have installed the ACS server and configure properly and it works fine.
But whenever i restart the machine, following error message appears on the external database configuration wizard.
External Authentication Configuration Error
ACS has encountered a problem while attempting to process your request. This could be due to one of the following:
An incorrect installation or configuration of the third-party DLLs required to support this External Database
A corrupt ACS configuration
So after i found this error, i just restart all the seven services and every things works fine.
I always encountered the same error message after restarting the machine each time.
Can any body recomend the solution or can help me to resolve the issue.
Thanks

Hi,
Please try the following workaround.
1. Go to Start > Programs > Administrative Tools > Services.
2. Stop the following services in the following order.
CSAuth
CSDbSync
CSLog
CSMon
CSRadius
CSTacacs
CSAdmin
3. After stopping the following services, start them all again in the following order.
CSAdmin
CSAuth
CSDbSync
CSLog
CSMon
CSRadius
CSTacacs
Please let me know if this was able to help.
If the above doesn't help, please reinstall the ACS as the dll files that are being used
by the ACS have been corrupted, before uninstalling and reinstalling, do take a
backup of ACS server database from System Configuration > ACS backup > Backup Now.
Also make sure that the ACS is installed on the default drive.
tnx
somishra

OID external authentication - having trouble excuting oidspadi.sh

Hi all,
I am setting up External Authentication for OID, and have trouble with it. My version is Oracle application server infrastructure 10.1.2 (OID 10.1.2) on windows.
hailie@Server1 /cygdrive/e/oracle/OraInfra/ldap/admin
$ export ORACLE_HOME="E:\oracle\OraInfra"
hailie@Server1 /cygdrive/e/oracle/OraInfra/ldap/admin
$ sh oidspadi.sh
oidspadi.sh: line 28: $'\r': command not found
oidspadi.sh: line 38: $'\r': command not found
oidspadi.sh: line 43: $'\r': command not found
oidspadi.sh: line 47: $'\r': command not found
oidspadi.sh: line 51: $'\r': command not found
oidspadi.sh: line 58: $'\r': command not found
oidspadi.sh: line 59: $'\r': command not found
oidspadi.sh: line 60: $'clear\r': command not found
OID Active Directory Plug-in Configuration
Please make sure Database and OID are up and running.
oidspadi.sh: line 67: $'\r': command not found
oidspadi.sh: line 70: $'\r': command not found
oidspadi.sh: line 103: syntax error near unexpected token `fi'
'idspadi.sh: line 103: ` fi
Edited by: Hailie on Jan 16, 2009 8:05 AM
Edited by: Hailie on Jan 16, 2009 8:45 AM
Edited by: Hailie on Jan 16, 2009 11:32 AM

After I removed all the blank lines in oidspadi.sh:
hailie@Server1 /cygdrive/e/oracle/OraInfra/ldap/admin
$ sh oidspadi.sh
oidspadi.sh: line 53: $'clear\r': command not found
OID Active Directory Plug-in Configuration
Please make sure Database and OID are up and running.
oidspadi.sh: line 91: syntax error near unexpected token `fi'
'idspadi.sh: line 91: `fi
Thank you for your help.
Hailie
Edited by: Hailie on Jan 16, 2009 8:43 AM
Edited by: Hailie on Jan 16, 2009 8:46 AM
Edited by: Hailie on Jan 16, 2009 11:36 AM

External Authentication 2106 WLC help

Similar Messages

Maybe you are looking for