External Authentication issue
Hi All
In Shared services I have 'Configured User directories' with the SQl server database. I could connect and get all the users from SQl server . I can see that there are items under User Directories 1.Native Directory 2.SQl server . The serach order is also set. I have restared the Shared services. Now how can i make the use of SQl server users ? .
From Console I have done the "Externalize users " for Essbase server. I have refreshed the security from shared services.
Now I should be able to login in console using the SQl server users .. isnt it ? How can I do that ? How can i use the SQl server users to login into EAS and essbase server? . I also provisioned the SQl server user in Shared services and given the Administrator priveleges to Analytic server.
Please help me.
Hi,
1. As you see the newly added "user directory", It must be added properly. But,to re confirm your configuration of SQL server user directory. Do test it ( there is an option to "test" it ,when you go to 'use directory' within shared services.
2. After you have added, you have told that you have restarted shared services. But ,when you configure a new user directory, I would recommend you to restart shared services along with the other application related services ( like essbase, planning).
3. Now, if you want to use the users of newly configured User directory, search the user from the directory and assign the roles/preveleges . Then try to login into systems( shared services , planning or essbase ...etc).
Revert for further clarity.
Sandeep Reddy Enti
HCC
http://hyperionconsultancy.com/
Similar Messages
-
Essbase 6.5 External Authentication Issue!! Urgent Please!!
Hi all,
I am great trouble over an external authentication issue in Essbase 6.5. I request you all to please give me your feedback on the same as soon as possible.
I am in a situation where I need to get my Essbase 6.5 external Authentication converted from LDAP to Active Directory services.
I suppose there has been necessary changes done to the .cfg file for the same. However, I think I am getting an error
"User [vikc]'c external authentication protocol [MSEX]'s password check module is not loaded".
Please let me know if you have come across such an issue earlier and can anybody to able to help me with the same.
Its kinda Urgent. so any replies for the same will be appreciated.
Thanks and Regards,
VikramVikram,
Yes you will have to reconfigure the CSS.xml and cfg file for external auth.
Here is the Sample CSS
<spi>
<provider>
<msad name="full360">
<trusted>false</trusted>
<url>ldap://192.168.1.100:389/DC=full360,DC=com</url>
<userDN>CN=Ravinder Singh,DC=full360,DC=com</userDN>
<password>full@360</password>
<authType>simple</authType>
<identityAttribute>dn</identityAttribute>
<maxSize>1000</maxSize>
<user>
<loginAttribute>sAMAccountName</loginAttribute>
<nameAttribute>dn</nameAttribute>
</user>
<group>
<nameAttribute>cn</nameAttribute>
<objectclass>
<entry>group?member</entry>
</objectclass>
</group>
</msad>
Download this toll "http://www.ldapbrowser.com/download.htm"
LDAP browser to get the perfact DN information.
Let me know the status
Ravikant -
PHP external authentication issue
Trying to login to AFCS connection using external authentication.
PHP file generates a key correctly and everything seems to fine up until i get to using the key inside flex.
at the login stage i get the following error in the console trace from the library login call
As far as i can tell everything is right... how can i tell what is wrong with the authentication key?
AFCS Beta Build # : 1.1
requestInfo https://connectnow.acrobat.com/{roomname}?exx=eDp7dXRmOF9lbmNvZGUoZGFyaXVzKX06OmRtOmFnZW50ZG06aHR0cHM6Ly9jb25uZWN0bm93LmF jcm9iYXQuY29tL2hpaW50ZXJmYWNlL2RtOjEwMDo4N2NmNWUwMjIzZTVhMmFkYzI2MmY4MDVlNWJmMWVlM2Y4OTJlY 2Qx&mode=xml&x=0.2519759591668844
#THROWING ERROR# bad authentication keyThere are a few mistakes in the key. There is some PHP 'code' in it (wrong string expansion ?) and you are using a full URL instead of the room name.
If you want more details send me a private message, but you should check the way you call the get authentication token method. -
Hyperion Hub external authentication issue
I have Hyperion Hub installed in an Active Directory domain - the users still live in a NT4 domain (we are in the midst of a migration). I have set up trusts between the two domains. We have been utilizing external authentication with Hyperion Reports in this environment for several months. With Hyperion Hub I have setup two authentication providers one for active directory(NTLM) and one for NT4 (NTLM). When adding users in the Hyperion Configuration Console using the provider for NT4, I am only able to pull up users in the "Available Users" list if I have a '*' in the search box. If I try to perform a query of a subset of users (ie. 'g*') it returns nothing. The provider for Active Directory works correctly. Also, with both of the providers I am unable to pull up a full list of available users - even when setting the "Maximum Size" to a large number. Has anyone else come across this???<BR><BR><BR>Greg
I would suggest you set autoLogin="false" on rtc:ConnectSessionContainer and call cSession.login() when you are ready (you got the token and have everything set up).
I suspect the automatic login is getting executed before the AdobeHSAuthenticator has been correctly setup. -
OID External Authentication issue
Hi..
I have configured synchronization profile to import users from TDS to OID using DIP but it does not work as change log is not enabled on TDS side.
Now i have configured External Authentication Plugin and i craeted same users in in TDS and also in OID but external authenctication does not work.
Can you please point out if i missing some point or is synchronization profile is must for External Authentication.
Find the product version details -
OID 11.1.1.6
Tivoli Directory Server 6.1
Regards
Santosh
Edited by: user601746 on Jan 8, 2013 1:02 AMGot the solution.
I used bootstrap loading to create users from TDS to OID then configure external authentication..works fine... :) -
AD External Authentication Plug-In verification issue
We are working on a Proof of Concept instance to integrate MS AD with OID for the first time for E-Biz 11i.
1) I completed the bulk load of all the existing users from AD to OID successfully
2) completed enabling the syncrhonization profile
3) Ran the txkrun.pl successfully
4) However i wanted to check the External authentication plug-in and i get the below issue.
How to debug ldapcompare ? Where is the logfile for ldapcompare ?
ldapcompare -h OID_Host -p 389 -D "cn=orcladmin" -w ******* -b "cn=lastname\, firstname,ou=consultants,ou=users,ou=usaeast,dc=adadmin,dc=lps,dc=netsrv,dc=us" -a userPassword -v abcdefgh
The value abcedefgh is not contained in the attribute userPassword in DN cn=lastname\, firstname,ou=consultants,ou=users,ou=usaeast,dc=adadmin,dc=lps,dc=netsrv,dc=us.
An ldapbind on the same AD server is successful, but ldapcompare is failing.I get invalid credentials. Though the network password is correct. I feel its somewhere i messed up the 3rd party plug-in configuration. Is there a method to get debug information for ldapcompare command ?
From metalink NOTE : 277382.1
"When using the above command, ldapcompare binds to OID using the OID admin user (typically "cn=orclAdmin") and password. Then it provides the AD username and requests that the value supplied as AD-USER-PASSWORD be compared to whatever is stored in AD username's userPassword attribute. Because OID does not store a value in its own user entries/userPassword attributes for AD-synchronized entries, this ldapcompare call will cause OID to invoke the plug-in and verify the userPassword value in AD instead.
If the plug-in works, the ldapcompare should return a message saying that the given password is contained in the userpassword attribute, e.g.
" -
User authentication issues when auth by external radius server
We tend to use FF in a corporate environment to manage our networking devices (firewalls/switches/routers etc). Came across a bizarre problem under the following conditions:
ZyXEL Network Switch (GS2200-24) uses external authentication (RADIUS) to allow management and accounting of who makes changes.
When logging into the switch with FF, we get repeated prompts for user authentication. Eventually the user is logged in (and no it's not a typo!). Looking through the dev console in the beta, it seems to get a 401 unauthorised back from the switch once it tries to load another html file.
The browser *should* be presenting the same credentials to each called page within the site, it doesn't seem to :-(
No site added as it's an internal IP address....We tend to use FF in a corporate environment to manage our networking devices (firewalls/switches/routers etc). Came across a bizarre problem under the following conditions:
ZyXEL Network Switch (GS2200-24) uses external authentication (RADIUS) to allow management and accounting of who makes changes.
When logging into the switch with FF, we get repeated prompts for user authentication. Eventually the user is logged in (and no it's not a typo!). Looking through the dev console in the beta, it seems to get a 401 unauthorised back from the switch once it tries to load another html file.
The browser *should* be presenting the same credentials to each called page within the site, it doesn't seem to :-(
No site added as it's an internal IP address.... -
External Authentication won't correctly set USER name or Role
I am using JAVA under Google App Engine for my backend and attempting to log a user into a room using external authentication. I can connect and get into the room just fine my issue is with the user infomation once I am logged in. The user has a null username and ID (possibly generated) and thier role is set to zero (or at least not high enough to publish). If the room is set to auto-Promote then I do have the ability to publish (this is what I would expect) but still I needed the user to have a role of owner (so they can create nodes).
Here is a little of the java on the back end (I removed my shared secret):
public String getRoomToken(String roomID, String userName, String userID, int userRole) {
try {
Session session = am.getSession(roomID);
return session.getAuthenticationToken(..., "Bob", "TestID", 100);
//return session.getAuthenticationToken(..., userName, userID, userRole);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
return null;
getAuthenticationToken is hardely changed from what is in the AFCS.java in the examples folder but here it is in any case
/** * get an external authentication token */
public String getAuthenticationToken(String accountSecret, String name, String id, int role) throws Exception
if (role < UserRole.NONE || role > UserRole.OWNER)
throw new Error("invalid-role");
String token = "x:" + name + "::" + this.account
+ ":" + id + ":" + this.room + ":"+ Integer.toString(role);
String signed = token + ":" + sign(accountSecret, token);
// unencoded
//String ext = "ext=" + signed;
// encoded
String ext = "exx=" + Utils.base64(signed);
return ext;
This should work. My Shared secret is removed above but I doubt that is the problem as my app does authenticate just fine it just throws an exception telling me I don't have the required permissions to publish when I try to do anything. while observing from the DevConsole I see a user in the room but they are marked as null. Note that non-external authentication works just fine. If I hardcode my login creds in AdobeHSAuthenticator I can get in just fine with no issue. Also if the room I get an authenticationToken for does not match the roomURL I connect to with ConnectSessionContainer I will fail to login correctly like I would expect. So I know my credentials are getting to the AFCS and being decrypted correctly (as I can only authenticate for the room I send in that credential token) but for some reason it simply won't set my role and username/userid correctly. Any help would be great, this has caused me a great deal of grief for days now...
Thanks guys...
VesWell this is wierd I was trying to set this up so that I could get the log output on that run and I ended up changing
<rtc:AdobeHSAuthenticator id="auth" authenticationKey="{Application.application.parameters['token'] as String}"/>
to
<rtc:AdobeHSAuthenticator id="auth" authenticationKey="{token}"/>
and adding a preinitialize function of:
protected function preInit():void
templateID = Application.application.parameters['room'];
token = Application.application.parameters['token'];
oddly enough it now works like a charm now. It is still disconcerting that I was able to actually enter the room even though my token was somehow corrupted (that probably isn't intened behavior). If this shows up agian I will try and track down the particulars and send you guys an email as an FYI. thanks for the help....
Ves -
Hi,
We need to be able to support external authentication to Oracle 8i. The system we develop is based on a J2EE architecture framework and is being deployed on the BEA Weblogic 8 under SUN Solaris. Currently we are using Oracle Type 4 thin driver. The database is already configured to support OPS$ accounts but we are having problems implementing it in Java. Any suggestions or recommendations? Does somebody have experience implementing it?
Thanks in advance,
Mike<p>Did you tried copying the dll file to the places where neededand add the path to the dll file in your system environmentvariables.</p><p> </p><p>I had these issues and i copied the dll file whereever the errormessage was looking for it and it worked absolutely fine.</p><p> </p><p>Hope this helps !</p>
-
External authentication using Headervariable
Hi SAP Experts
We have configured External authentication for WEM using Headervariable.We are using BI Java 7.0
External authentication is working fine using Headervariable Login module for URL http://<WEb Server hostname>/irj which redirect to http://<J2EE hostname>:<port #>/irj
As you all know that we also use http://<J2EE hostname>:<port #> for Administation point of view where many options available like user management, SLD, Webdynpro, NetWeaver Administation etc.We have not configured this URL for External Authentication and also do not want to configure but when tyring to access any administration option on this, portal prompts default logon page and after entering Portal UserID/Password we get message like " No Loginmodules configured for Header"
I do not know why system display this message
Please help me if anyone has experience to resolve this issue, as we want to use URL http://<J2EE hostname:<port #>, which should prompts Portal Logon screen and after entering Portal userid/password we should access the administration screen without afftecting our External Authentication configuration for URL http://<WEb Server host>/irj
Thanks in Advance
Thanks with Regards
Deelip KumarHi Deelip,
my earlier post referred to an additional authscheme that you may have created. If you have done so, please remove it. If you have checked this, there still is a predelivered authscheme called header, wich references a login stack called header. This login stack template does not exist as a default.
In this case, you may have assigned this authscheme (header) to some component, like an iview. How this works is explained in the docs <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/54/f91fba71ae48309e4267b4a36fa47b/frameset.htm">here</a> and<a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/54/a334ed5bbfd5488b8cdd67b2c594a9/frameset.htm">here</a> for example.
If you have done so, this reference to the authscheme header may trigger the lookup of the login stack template called header, which does not exist and thus leads to the error.
For detailed error analysis, I would recommend to search the security log and the portal logs for indications where the source of this error might be.
Regards,
Patrick -
External Authentication SASL Iphone
Hi.
I am trying to persuade everyone to support the EXTERNAL AUTHENTICATION mechanism in SASL. I am building a little mail server that uses EXTERNAL AUTHENTICATION. The point at issue is a secure connection from the client to the server without any tunnelling or vpn in the way.
The mail server I'm building can be implemented on a Mac, mine though is on a Network Attached Storage device. It makes sense for symmetry's sake that Apple should support it at the other end as well.
A little tweak of an API here and a little UI change there and you're done. Can Apple can rise to this challenge?
Kind regardsThere is no way to attach an external antenna
-
External Authentication Half Working
I'm having a strange issue with external authentication and PHP. I've got the PHP code set up correctly (I believe) and I pass the authentication token to the Flex application via flashvars and when the application loads the roster pod shows everyone logged into the room including the user just added. But I can't interact with any other components like the whiteboard and the simplechat.
Has anyone ever seen that? Any idea what might be going on? The AuthenticationSuccess event seems to fire correctly but I still can't interact with anything.
=Ryan
[email protected]I am having a very similar problem, although I am not authenticating externally first. I am able to authenticate inside a flex 4 b2 app and get a list of people in the chat room, but whenever I post anything, I get null exceptions all over the place in the AFCS rtc package.
On another note, does anyone know if there is an open repo I can pull recent updates from for AFCS? -
Oracle Virtual Directory vs. Oracle External Authentication Plug-in
I am working in Windows 2003 Server platform and I have Oracle Portal 10g R2 with Oracle Single Sign On 10g R2 setup. I also have Microsoft Active Directory setup. I want to use Microsoft Active Directory users from Oracle Portal and as per my understanding I could use Oracle External Authentication Plug-in or Oracle Virtual Directory for this purpose. I would like to use Oracle Virtual Directory if possible. Could someone please tell me if I could use Oracle Virtual Directory or not?
Thanks.Yeah, I could use Oracle External Authentication Plug-in, but I am having issues with running the oidspadi.sh script on my Windows 2003 server environment. I am running this script using Cygwin's latest software, but for some reason I get the following error message.
: command not found8:
: command not found8:
: command not found3:
: command not found7:
: command not found1:
: command not found8:
: command not found9:
: command not found0: clear
OID Active Directory Plug-in Configuration
Please make sure Database and OID are up and running.
: command not found7:
: command not found0:
oidspadi.sh: line 103: syntax error near unexpected token 'fi'
'idspadi.sh: line 103:' fi
Therefore, I was trying to find an alternative solution, which will be using Virtual Directory. Right now, I have installed Oracle Virtual Directory on my testing system and I have both Active Directory server and OID server part of LDAP Browser. My goal is to using Oracle Portal to log-in and first look for the user in OID if not found then look in Active Directory. Can this be accomplished using Oracle Virtual Directory?
Please let me know. -
OID 10.1.4 and external authentication (AD)
Has anyone gotten this to work with MS Active Directory? We were able to sync the AD users with OID, but have not be able to authenticate them. As long as they have their passwords stored in OID, it works, but we do not want to maintain the password sync'ing between AD and OID. We want to do external authentication.
Anyone who has gotten this to work in 10.1.4 (using the java plugins), please respond with any secrets or methods you have used to get this to work.
Thank you.
ShirleyI got the java plugins working here. The configuration is not a big deal. I still not implemented SSL though, so I didnt had to issue certificates.
Configuration is easier than on version 10.1.2, as all the plugin parameters are available on oidadmin.
I have two problems that remain unfixed.
One is on AD. Since we have several domain controllers, when the user changes his password in Windows the change is done on whatever domain controller that the user connected to when logging on windows, and it sometimes takes a long time for this to be replicated to the domain controller that configured on the plugin. So the user cannot use SSO for a few hours. Sometimes he can logon with the old password, sometimes even with both passwords (the old and the new one). I want to make clear that this is a Microsoft AD problem, that reproduces even with simple tools like ldapbind.
The other is the plugin failover, it is still broken like it was on 10.1.2. Authentication attemps always try it the primary domain controller, and wait for a operating system timeout before trying the secondary. So if the PDC is down, it takes several minutes for the authentication process to complete, which is very annoying, as no user waits on a browser screen for several minutes, and usually keeps trying until all oidldapd backend processes hang. It is a little better than 10.1.2. That version was so dumb that it tried two connections before giving up and going to the secondary, even if you did not setup SSL.
For this last one the recommendation on metalink is to put a loadbalancer in front of the domain controllers and configure the plugin to connect to it.
Regards,
Luis -
Authentication Issue with BPM work space
Hi
I have created a sample BPM process using JDeveloper and deployed as well
but when i tried to login to verify created process in workspace it shows the
"Invalid ID or password. Please try again" , i tried using weblogic user id and password (weblogic/Welcome1)
and also tried using existing users in weblogic (ex:cooper/welcome1) but no luck . so could you please let me know what may be issue
and how to resolve this issue, it will great help if you can help
Regards
NoorHi Noor
By any chance for this SOA/BPM domain, have you configured any other External Authenticator also like LDAP, AD etc. If so, is that the first in the list. And if yes, then your error is valid. You need to do some extra settings. I can give more details, once you confirm above points.
BUT if you just created a BPM domain and created those test users like jcooper/welcome1 etc, then you should not get these errors. I hope you used the demo community seed war file, deploy and run that servlet. And also, make sure that you are using correct username/passwords. So first try weblogic user on your console, em etc. Then try bpm/workspace. You should be able to login, even though you may not see links on left side to create new taks,
Thanks
Hi Ravi Jegga,
Thanks for your reply, i have not configured to any external authenticator and i have not created any test users while creating domains i hope this test users will created automatically , i am able to login both weblogic console and em as well when i try login for work space it shows the Invalid user name or password
I am trying very basic sample process model given by Oracle (http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/obpm/11g/r1/firstProcess/firstprocess_obpm11g.htm)
so could you please let me know if i miss some thing
Thanks & Regards
Noor
Maybe you are looking for
-
Web service appears to be ignoring values for destination and parameters.
I'm on my long trek trying to get a report to export programatically from CRS2008 to a pdf in a folder. The good news is I'm almost done. The bad news is I can't seem to figure out where I'm going wrong. I've cobbled together some code and it work
-
Why do I get an error in iTunes that my internet connection is not good when it is not a problem?
I am trying to use the "Radio" in iTunes and can successfully access all options except the talk shows. When I click on talk shows I get this. My internet connection is OK. This has been happening for over a week.
-
Using a property in *WHEN *ENDWHEN
Dear Experts, I trying to perform a copy in a script logic from some cost centers to another cost centers. To do this, the cost center dimension has a property DESTCC which indicates to which cost center must be copied. For instance, I have de follow
-
To know the list of the Job Orders are involved in making the Out Product
Hello All, Please let me know how do I get the list of the Job Orders are involved in making the Out Product. Thanks in Advance.
-
Chat not working after nokia C3-01 software update...
Chat not working after nokia C3-01 software update from 5.65 to nokia 6.00