External Authentication Half Working
I'm having a strange issue with external authentication and PHP. I've got the PHP code set up correctly (I believe) and I pass the authentication token to the Flex application via flashvars and when the application loads the roster pod shows everyone logged into the room including the user just added. But I can't interact with any other components like the whiteboard and the simplechat.
Has anyone ever seen that? Any idea what might be going on? The AuthenticationSuccess event seems to fire correctly but I still can't interact with anything.
=Ryan
[email protected]
I am having a very similar problem, although I am not authenticating externally first. I am able to authenticate inside a flex 4 b2 app and get a list of people in the chat room, but whenever I post anything, I get null exceptions all over the place in the AFCS rtc package.
On another note, does anyone know if there is an open repo I can pull recent updates from for AFCS?
Similar Messages
-
External authentication using Headervariable
Hi SAP Experts
We have configured External authentication for WEM using Headervariable.We are using BI Java 7.0
External authentication is working fine using Headervariable Login module for URL http://<WEb Server hostname>/irj which redirect to http://<J2EE hostname>:<port #>/irj
As you all know that we also use http://<J2EE hostname>:<port #> for Administation point of view where many options available like user management, SLD, Webdynpro, NetWeaver Administation etc.We have not configured this URL for External Authentication and also do not want to configure but when tyring to access any administration option on this, portal prompts default logon page and after entering Portal UserID/Password we get message like " No Loginmodules configured for Header"
I do not know why system display this message
Please help me if anyone has experience to resolve this issue, as we want to use URL http://<J2EE hostname:<port #>, which should prompts Portal Logon screen and after entering Portal userid/password we should access the administration screen without afftecting our External Authentication configuration for URL http://<WEb Server host>/irj
Thanks in Advance
Thanks with Regards
Deelip KumarHi Deelip,
my earlier post referred to an additional authscheme that you may have created. If you have done so, please remove it. If you have checked this, there still is a predelivered authscheme called header, wich references a login stack called header. This login stack template does not exist as a default.
In this case, you may have assigned this authscheme (header) to some component, like an iview. How this works is explained in the docs <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/54/f91fba71ae48309e4267b4a36fa47b/frameset.htm">here</a> and<a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/54/a334ed5bbfd5488b8cdd67b2c594a9/frameset.htm">here</a> for example.
If you have done so, this reference to the authscheme header may trigger the lookup of the login stack template called header, which does not exist and thus leads to the error.
For detailed error analysis, I would recommend to search the security log and the portal logs for indications where the source of this error might be.
Regards,
Patrick -
External authentication with 9.0.1.0.0
I cannot get external authentication to work over Oracle Net
with 9i …
e.g.,
sqlplus /@s2b …
ERROR:
ORA-01004: default username feature not supported; logon denied
[Cause: An attempt was made to use automatic logon on a system
not supporting this feature.
Action: Provide the complete username and password to log on to
Oracle.
<http://download-
east.oracle.com/otndoc/oracle9i/901_doc/network.901/a90150.pdf>
advanced security guide
This error indicates that the connection was not over SSL. Look
at the tnmsnames.ora file to verify the protocol value of the
net service name that youi are using. The value must be TCPS and
not TCP.]
The error messages imply that I have Advanced Security turned
on, but I do not. .. it's not even part of the installation.
sqlplus username/passwd@s2 does work
as does
sqlplus / [using ORACLE_SID]
REMOTE_OS_AUTHENT is set to TRUE in the init<SID>.ora file.
Does anyone know if this feature has been decremented in 9i? It
definitely does work on our 8.1.7 installations.
Thanks,
Dick WielandYes, I have done that (i.e., edited the initSID.ora file and
done a shutdown then startup). I can use external authentication
when I bypass the tnsnames.ora file by going in directly with
the ORACLE_SID parameter.
Dick -
OID External Authentication issue
Hi..
I have configured synchronization profile to import users from TDS to OID using DIP but it does not work as change log is not enabled on TDS side.
Now i have configured External Authentication Plugin and i craeted same users in in TDS and also in OID but external authenctication does not work.
Can you please point out if i missing some point or is synchronization profile is must for External Authentication.
Find the product version details -
OID 11.1.1.6
Tivoli Directory Server 6.1
Regards
Santosh
Edited by: user601746 on Jan 8, 2013 1:02 AMGot the solution.
I used bootstrap loading to create users from TDS to OID then configure external authentication..works fine... :) -
External authentication with OID
I know that OID 10g is capable of performing external authentication against AD, Sun OneDirectory, Novell eDirectory and openLDAP, but what about something else like Oracle Virtual Directory?
As I understand, there is an out of the box script that will create and external authentication plugin that calls a few procedures from the auth_external package. The auth_external package also an out-of-the-box package with a few procedures (authenticate_user and change_passwd) I've seen so far. I haven't looked in the ODS schema, but I'm assuming this auth_external package is wrapped and not generally viewable.
Anyone out there have any ideas, how this auth_external package works, or better yet... does anyone know if the out-of-the-box solution for external authentication will work with any LDAP directory (in this case a virtual one)?
Thanks.Can someone from Oracle please comment on this? is "AUTH_EXTERNAL" package "out of box" or do we have to write it?
I am following instructions from
http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14082/plugin_cust_ext_auth.htm
LINE/COL ERROR
143/9 PL/SQL: Statement ignored
143/19 PLS-00201: identifier 'AUTH_EXTERNAL.AUTHENTICATE_USER' must be
declared
241/11 PL/SQL: Statement ignored
241/11 PLS-00201: identifier 'AUTH_EXTERNAL.CHANGE_PASSWD' must be
declared
251/11 PL/SQL: Statement ignored
251/11 PLS-00201: identifier 'AUTH_EXTERNAL.RESET_PASSWD' must be
declared
LINE/COL ERROR
-------- ----------------------------------------------------------------- -
External Authentication on Windows
Guys, this is driving me crazy.
I had an external user configured on my Oracle 9.2.0.5 database on a Windows 2003 Server.
It was working, I use it to make dump backups.
Now, without any change on any oracle param or bounce it just stoped working.
I have two instances, for one it's working, for the other it's not.
Both instances are on the same server (so I'm using the same sqlnet.ora file with NTS authentication).
Today I removed and recreate the user on both instances, but I keep getting the same problem.
create user "OPS$DOMAIN\ORABACKUP" identified externally
default tablespace users
temporary tablespace temp
The parameters are the same on both instances:
os_authent_prefix string OPS$
os_roles boolean FALSE
remote_login_passwordfile string EXCLUSIVE
remote_os_authent boolean FALSE
remote_os_roles boolean FALSE
Do you have any ideas of why this could happen??
Is there another parameter related to external authentication that I don't know?
Thanks!Was there ever an answer on this, having problems with setup using same versions
-
AD External Authentication Plug-In verification issue
We are working on a Proof of Concept instance to integrate MS AD with OID for the first time for E-Biz 11i.
1) I completed the bulk load of all the existing users from AD to OID successfully
2) completed enabling the syncrhonization profile
3) Ran the txkrun.pl successfully
4) However i wanted to check the External authentication plug-in and i get the below issue.
How to debug ldapcompare ? Where is the logfile for ldapcompare ?
ldapcompare -h OID_Host -p 389 -D "cn=orcladmin" -w ******* -b "cn=lastname\, firstname,ou=consultants,ou=users,ou=usaeast,dc=adadmin,dc=lps,dc=netsrv,dc=us" -a userPassword -v abcdefgh
The value abcedefgh is not contained in the attribute userPassword in DN cn=lastname\, firstname,ou=consultants,ou=users,ou=usaeast,dc=adadmin,dc=lps,dc=netsrv,dc=us.
An ldapbind on the same AD server is successful, but ldapcompare is failing.I get invalid credentials. Though the network password is correct. I feel its somewhere i messed up the 3rd party plug-in configuration. Is there a method to get debug information for ldapcompare command ?
From metalink NOTE : 277382.1
"When using the above command, ldapcompare binds to OID using the OID admin user (typically "cn=orclAdmin") and password. Then it provides the AD username and requests that the value supplied as AD-USER-PASSWORD be compared to whatever is stored in AD username's userPassword attribute. Because OID does not store a value in its own user entries/userPassword attributes for AD-synchronized entries, this ldapcompare call will cause OID to invoke the plug-in and verify the userPassword value in AD instead.
If the plug-in works, the ldapcompare should return a message saying that the given password is contained in the userpassword attribute, e.g.
" -
External monitor stopped working after 10.6.7 update
I have a MacBook Pro, model identifier MacBookPro6,2 with an NVIDIA GeForce GT 330M.
When I updated last night from 10.6.6 to 10.6.7 I stopped being able to use my Dell S2409W external monitor.
I have tried resetting the pram, resetting the SMC, booting with extensions off.
When I plug in the cable to the external monitor the Mac screen goes blue for about 0.5 second and re-appears but nothing displays on the external monitor; a second monitor is not listed in the Display preferences and the monitor reports that it is not receiving a signal.
I don't see anything in the system.log when I plug or unplug the monitor cable (I'm not sure if I should).
At random intervals while the external monitor cable is plugged in the screen goes blue for a half second and then re-appears.
The screen does not go blue if I wiggle or flex the monitor cable.I see this in the windowserver.log after reboot, login with shift-key, and the external monitor connected.
There might be a clue here but I don't have anything to compare it to since I haven't collected these data when the external monitor was working.
I'd be curious to see the same data from the windowserver.log for somebody else with a MacBook Pro with an external monitor connected that does work.
You can view this log with the console application located: /Applications/Utilities/console.
If you are willing to share these data please reboot, and hold the shift-key down when logging in to disable extensions (thanks). If you look at the time just when the desktop appears when you end up looking at the windowserver.log you'll be able to see the windowserver starting up about 10 seconds prior to this time.
Mar 22 21:31:26 [110] Server is starting up
Mar 22 21:31:27 [110] CGXMappedDisplayStart: Display0 : boot screen
Mar 22 21:31:27 [110] CGXMappedDisplayStart: Display0 : display alias 0x0 valid
Mar 22 21:31:27 [110] CGXMappedDisplayStart: Display1 : no display alias property
Mar 22 21:31:27 [110] CGXMappedDisplayStart: Display2 : display alias 0x0 valid
Mar 22 21:31:27 [110] MPFinalizeInitialization: Display 0x3f003e unit 2 alias mask 0x5
Mar 22 21:31:27 [110] MPFinalizeInitialization: Display 0x4272dc0 unit 0 alias mask 0x5
Mar 22 21:31:27 [110] GLCompositor: GL renderer id 0x01022612, GL mask 0x00000003, accelerator 0x00003137, unit 0, caps 0x00000003, vram 512 MB
Mar 22 21:31:27 [110] GLCompositor: GL renderer id 0x01022612, GL mask 0x00000003, texture units 8, texture max 8192, viewport max {8192, 8192} extensions 0x0000000f
Mar 22 21:31:27 [110] GLCompositor: GL renderer id 0x01024300, GL mask 0x00000004, accelerator 0x00003c0b, unit 2, caps 0x00000003, vram 288 MB
Mar 22 21:31:27 [110] GLCompositor: GL renderer id 0x01024300, GL mask 0x00000004, texture units 8, texture max 8192, viewport max {8192, 8192} extensions 0x0000000f
Mar 22 21:31:27 [110] agc_attach: gMux mode is dynamic
Mar 22 21:31:28 [110] CGXPerformInitialDisplayConfiguration
Mar 22 21:31:28 [110] Display 0x4272dc0: MappedDisplay Unit 0; Vendor 0x610 Model 0x9cb7 S/N 0; online enabled built-in (0,0)[1680 x 1050], Rotation 0, base addr 0x102a00000
Mar 22 21:31:28 [110] Display 0x4272dc2: MappedDisplay Unit 2; Vendor 0x610 Model 0x9cb7 S/N 0; offline enabled built-in (2704,0)[1 x 1], Rotation 0, base addr 0x113800000
Mar 22 21:31:28 [110] Display 0x3f003d: MappedDisplay Unit 1; Vendor 0xffffffff Model 0xffffffff S/N -1; offline enabled (2705,0)[1 x 1], Rotation 0, base addr 0x102a00000
Mar 22 21:31:28 [110] Display 0x4272dc0: MappedDisplay Unit 0; ColorProfile "Color LCD" (MD5 a23cb9c96f2fd096b7a058db0d319259)
Mar 22 21:31:28 [110] kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x2 not owned by caller (PID 202)
Mar 22 21:31:35 [110] kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x2 not owned by caller (PID 206) -
External authentication on Essbase 9.3.1
I am migrating from Essbase 7.3.x on 32-bit Windows to System9 on 64-bit windows. External authentication works on both Shared Services and EAS. I have successfully registered EAS and Essbase with shared services however I do not see Essbase in "User console" of Shared Services as an application. I am able to create native authenticated users in Essbase but unable to externalise the security. I get the following error messages when trying to externalise:
Error: 1051549: Can not convert Analytic Services to Shared Services mode when Analytic Services is not configured with Shared Services or the initialization process has failed
On starting Essbase, I see the following error message when I use the same CSSconfig file as used by shared services:
[Wed Jul 16 10:26:45 2008]Local/ESSBASE0///Error(1051223)
Single Sign On function call [css_init] failed with error [getOSVersion]
[Wed Jul 16 10:26:45 2008]Local/ESSBASE0///Info(1051198)
Single Sign-On Initialization Failed !
If I point to the current CSS file used in production Essbase 7, I get the following message:
[Wed Jul 16 10:33:26 2008]Local/ESSBASE0///Error(1051223)
Single Sign On function call [css_init] failed with error [-1]
[Wed Jul 16 10:33:26 2008]Local/ESSBASE0///Info(1051198)
Single Sign-On Initialization Failed !
In either case everything except External Authentication on System9 for Essbase works.
Both shared services and Essbase are on the same 64-bit Windows box.
Any help in resolving this will be greatly appreciated.
Thanks,
Vikram.HI:
I recommand following these steps:
1. Go to the box where you have your Essbase installed
2. Pull up the Shared Services Configuration Utility
3. Select COmponent to be registered as Essbase
4. Remeber to stop the essbase - i assume you are getting the error hence essbae would not have loaded.
5. Re-register Essbase with Shared services
6.Start essbase in Foreground
It shuld Start :) good Luck..let me know If this failed..
Thanks,
Sriram -
External Authentication won't correctly set USER name or Role
I am using JAVA under Google App Engine for my backend and attempting to log a user into a room using external authentication. I can connect and get into the room just fine my issue is with the user infomation once I am logged in. The user has a null username and ID (possibly generated) and thier role is set to zero (or at least not high enough to publish). If the room is set to auto-Promote then I do have the ability to publish (this is what I would expect) but still I needed the user to have a role of owner (so they can create nodes).
Here is a little of the java on the back end (I removed my shared secret):
public String getRoomToken(String roomID, String userName, String userID, int userRole) {
try {
Session session = am.getSession(roomID);
return session.getAuthenticationToken(..., "Bob", "TestID", 100);
//return session.getAuthenticationToken(..., userName, userID, userRole);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
return null;
getAuthenticationToken is hardely changed from what is in the AFCS.java in the examples folder but here it is in any case
/** * get an external authentication token */
public String getAuthenticationToken(String accountSecret, String name, String id, int role) throws Exception
if (role < UserRole.NONE || role > UserRole.OWNER)
throw new Error("invalid-role");
String token = "x:" + name + "::" + this.account
+ ":" + id + ":" + this.room + ":"+ Integer.toString(role);
String signed = token + ":" + sign(accountSecret, token);
// unencoded
//String ext = "ext=" + signed;
// encoded
String ext = "exx=" + Utils.base64(signed);
return ext;
This should work. My Shared secret is removed above but I doubt that is the problem as my app does authenticate just fine it just throws an exception telling me I don't have the required permissions to publish when I try to do anything. while observing from the DevConsole I see a user in the room but they are marked as null. Note that non-external authentication works just fine. If I hardcode my login creds in AdobeHSAuthenticator I can get in just fine with no issue. Also if the room I get an authenticationToken for does not match the roomURL I connect to with ConnectSessionContainer I will fail to login correctly like I would expect. So I know my credentials are getting to the AFCS and being decrypted correctly (as I can only authenticate for the room I send in that credential token) but for some reason it simply won't set my role and username/userid correctly. Any help would be great, this has caused me a great deal of grief for days now...
Thanks guys...
VesWell this is wierd I was trying to set this up so that I could get the log output on that run and I ended up changing
<rtc:AdobeHSAuthenticator id="auth" authenticationKey="{Application.application.parameters['token'] as String}"/>
to
<rtc:AdobeHSAuthenticator id="auth" authenticationKey="{token}"/>
and adding a preinitialize function of:
protected function preInit():void
templateID = Application.application.parameters['room'];
token = Application.application.parameters['token'];
oddly enough it now works like a charm now. It is still disconcerting that I was able to actually enter the room even though my token was somehow corrupted (that probably isn't intened behavior). If this shows up agian I will try and track down the particulars and send you guys an email as an FYI. thanks for the help....
Ves -
External Authentication in 9.0.2
I have an external authentication module with Login Server 3.0.9 and I'm migrating my applications to the new release.
I checked for the ssoauthx.pks package specification and it says that external authentication module is no longer supported with this release. The only way to authenticate my users is to sync with oid.
Is this is the only way to do external authentication?. Are future version of iAS will still depend on OID for authentication?Hi Nestor,
Even i am looking for similar solution and thinking of giving you some suggetion....
Oracle 9iAS R2 makes it madatory to use OID (or sync with OID) in SSO architecture.
We are trying to implement plug-in procedure (when_compare_replace) in OID to replace the password comparison for SSO requests. we are planning to check for our cookie to authenticate the user.
but i don't know how exactly this will work...
hope this helps
-vijay -
External Authentication in EAS using MSAD
<p>We use MSAD for our external authentication and it works fine ifthe user logon names are set up a certain way in MSAD. However,some of them are set up differently and Essbase won't allow us touse external authentication for them. Is there a setting somewherein Essbase that can be changed to allow more than one user logonname format coming from MSAD?</p>
<p>Hi Krista,</p><p> </p><p>Unfortunately u cannot specify two formats to authenticate. If iunderstand correclty you want to identify a user in MSAD by morethan one feild, as far as i know essbase external authenticationthe xml file cannot use more than one feild.</p><p> </p><p>your most probable solution to this would be to add the feildyou are using in your xml file to all users using essbase inMSAD.</p><p> </p><p>Please use the following link if you need furtherinformation.</p><p> </p><p>http://dev.hyperion.com/techdocs/essbase/essbase_712/Docs/techref/techref.htm#config/security/configure/config.htm</p><p> </p><p>here is the sample active directory format.</p><p> </p><p><msad name="<b><a href="ldapserver.htm">msadServer</a></b>"> <trusted><b><ahref="trust.htm">false</a></b></trusted> <url><b><ahref="provurl.htm">ldap://host<img src="i/expressions/face-icon-small-tongue.gif" border="0">ortNo/DIT</a></b></url><userDN><b>cn=UserName</b></userDN><password><b>UserPassword</b></password> <user><url><b>ou=people</b></url></user> <group> <url><b>ou=Groups</b></url> </group></msad></p>
-
Hi,
We need to be able to support external authentication to Oracle 8i. The system we develop is based on a J2EE architecture framework and is being deployed on the BEA Weblogic 8 under SUN Solaris. Currently we are using Oracle Type 4 thin driver. The database is already configured to support OPS$ accounts but we are having problems implementing it in Java. Any suggestions or recommendations? Does somebody have experience implementing it?
Thanks in advance,
Mike<p>Did you tried copying the dll file to the places where neededand add the path to the dll file in your system environmentvariables.</p><p> </p><p>I had these issues and i copied the dll file whereever the errormessage was looking for it and it worked absolutely fine.</p><p> </p><p>Hope this helps !</p>
-
External Authentication failed via PHP script
I'm not a PHP wiz - in fact I am not a backend coder so I am
somewhat struggeling with the sample scripts - I still hope for a
CF sample...
I'm trying to run and log in to AFCS via the commandline
(Terminal). I'm not sure what I'm doing wrong - here what I am
passing:
php -f /Applications/MAMP/htdocs/afcs.php args --debug
--host=http://connectnow.acrobat.com,fcguru,my_login,my_pass
The username and password I pass are correct. However I get
this response:
Error: exception 'AFCSError' with message '<response
status="error">
<error code="AUTH_FAILED">
<msg>Authorization Failed</msg>
</error>
</response>
' in /Applications/MAMP/htdocs/afcs.php:86
Really struggeling with this. Even once I get this working
from the commandline I do not know how to call this from a script
instead. I use CF on the backend, not PHP.
Regards,
StefanI would say that your command is syntactically correct, but
semantically incorrect :)
Two problems:
- there is no "args" parameter in afcs.php
- when you use php -f file.php you have to append a -- after
the php file to tell the interpreter to stop parsing parameters
because they belong to the script
So, try this:
php -f /Applications/MAMP/htdocs/afcs.php -- --debug
--host=http://connectnow.acrobat.com fcguru my_login my_pass
or this:
php /Applications/MAMP/htdocs/afcs.php --debug
--host=http://connectnow.acrobat.com fcguru my_login my_pass
Also, there is an example of a php web application that uses
external authentication in the examples folder
(ExternalAuthentication/php). Just drop the php folder somewhere in
your webserver and try it out. -
Hyperion Hub external authentication issue
I have Hyperion Hub installed in an Active Directory domain - the users still live in a NT4 domain (we are in the midst of a migration). I have set up trusts between the two domains. We have been utilizing external authentication with Hyperion Reports in this environment for several months. With Hyperion Hub I have setup two authentication providers one for active directory(NTLM) and one for NT4 (NTLM). When adding users in the Hyperion Configuration Console using the provider for NT4, I am only able to pull up users in the "Available Users" list if I have a '*' in the search box. If I try to perform a query of a subset of users (ie. 'g*') it returns nothing. The provider for Active Directory works correctly. Also, with both of the providers I am unable to pull up a full list of available users - even when setting the "Maximum Size" to a large number. Has anyone else come across this???<BR><BR><BR>Greg
I would suggest you set autoLogin="false" on rtc:ConnectSessionContainer and call cSession.login() when you are ready (you got the token and have everything set up).
I suspect the automatic login is getting executed before the AdobeHSAuthenticator has been correctly setup.
Maybe you are looking for
-
MacMini mid-2011/ Yosemite w Samsung Syncmaster monitor
Hello all. I have been happily working with my MacMini mid-2011 (2.3Ghz Intel Core i5, 8GB RAM) with a Samsung Syncmaster B2440 HDMI-connected to it for a long time. Since the upgrade to Mavericks and later to Yosemite, the following problem occurs:
-
I am not where my normal network connection is and I cant get in to put a password in for the network where I am at due to the icloud pop up. what can I do to get it to stop.
-
I'd like a Vision M please... 60 gig
I'd like a Vision M, but now my music collection by itself is over 30 gigs :-\. *sigh*
-
My iphone won't sync with itunes it says that it cannot find a photo file
i tried to sync my iphone 4 with my new sony vaio and when i downloaded itunes to sync my iphone to transfer music to this computer it stopped mid sync and said that the itunes could not sync because it could not find a photo file
-
How to Install Discoverer 10g.
Can some one suggest me how to install Discoverer 10g. What metalink oracle document id that i needs to follow. 1 What are the pre-install step it has. 1.1 Is it required to install oracle database as the part of pre-install. Or Discoverer 10g will a