External authentication with OID

I know that OID 10g is capable of performing external authentication against AD, Sun OneDirectory, Novell eDirectory and openLDAP, but what about something else like Oracle Virtual Directory?
As I understand, there is an out of the box script that will create and external authentication plugin that calls a few procedures from the auth_external package. The auth_external package also an out-of-the-box package with a few procedures (authenticate_user and change_passwd) I've seen so far. I haven't looked in the ODS schema, but I'm assuming this auth_external package is wrapped and not generally viewable.
Anyone out there have any ideas, how this auth_external package works, or better yet... does anyone know if the out-of-the-box solution for external authentication will work with any LDAP directory (in this case a virtual one)?
Thanks.

Can someone from Oracle please comment on this? is "AUTH_EXTERNAL" package "out of box" or do we have to write it?
I am following instructions from
http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14082/plugin_cust_ext_auth.htm
LINE/COL ERROR
143/9 PL/SQL: Statement ignored
143/19 PLS-00201: identifier 'AUTH_EXTERNAL.AUTHENTICATE_USER' must be
declared
241/11 PL/SQL: Statement ignored
241/11 PLS-00201: identifier 'AUTH_EXTERNAL.CHANGE_PASSWD' must be
declared
251/11 PL/SQL: Statement ignored
251/11 PLS-00201: identifier 'AUTH_EXTERNAL.RESET_PASSWD' must be
declared
LINE/COL ERROR
-------- -----------------------------------------------------------------

Similar Messages

  • External Authentication with Server 2008 R2

    Has anyone had success configuring External Authentication on Windows Server 2008 R2? We are using Hyperion Enterprise 6.5.1.
    Thank you.

    Was there ever an answer on this, having problems with setup using same versions

  • External Authentication with Java Card through HSM

    Hi All,
    How to do External Authentication process in Javacard through HSM (Hardware Security Module). Does any HSM supports this?
    My requirement is to store the Card KMC in HSM and i should authenticate the terminal application with the Java Card through HSM.
    Does anyone have the idea on this. Because i should not expose the Card KMC to outside world.

    Hi,
    Megaa1207 wrote:
    My requirement is to store the Card KMC in HSM and i should authenticate the terminal application with the Java Card through HSM.If you cannot create a functional module for your HSM to perform external authenticate, you can use the PKCS11 libraries (cryptoki) to perform the primitive operations to generate your KDC's and to use them for generating session keys and cryptograms. All the sensitive data will be able to stay secured inside the HSM. You would perform the cryptographic operations on the derivation data and store the result as a key object inside the HSM. There is quite a lot of documentation on the PKCS11 operations on the RSA web site.
    Cheers,
    Shane

  • External Authentication with LDAP

    Has anyone integrated external authentication of Essbase with LDAP? I've searched discussion groups, websites with no luck, and of course, Essbase documentation doesn't help either. Any additional documentation will help.Thanks in advance!

    Thanks for the info. Is this sample code part of the default implementation that comes installed with the product (essldap.dll)? Or is this something completely different.Also, has anyone done anything similar in visual basic? We have a shortage of v c++ skills around here.Thanks again!

  • External authentication with 9.0.1.0.0

    I cannot get external authentication to work over Oracle Net
    with 9i …
    e.g.,
    sqlplus /@s2b …
    ERROR:
    ORA-01004: default username feature not supported; logon denied
    [Cause: An attempt was made to use automatic logon on a system
    not supporting this feature.
    Action: Provide the complete username and password to log on to
    Oracle.
    <http://download-
    east.oracle.com/otndoc/oracle9i/901_doc/network.901/a90150.pdf>
    advanced security guide
    This error indicates that the connection was not over SSL. Look
    at the tnmsnames.ora file to verify the protocol value of the
    net service name that youi are using. The value must be TCPS and
    not TCP.]
    The error messages imply that I have Advanced Security turned
    on, but I do not. .. it's not even part of the installation.
    sqlplus username/passwd@s2 does work
    as does
    sqlplus / [using ORACLE_SID]
    REMOTE_OS_AUTHENT is set to TRUE in the init<SID>.ora file.
    Does anyone know if this feature has been decremented in 9i? It
    definitely does work on our 8.1.7 installations.
    Thanks,
    Dick Wieland

    Yes, I have done that (i.e., edited the initSID.ora file and
    done a shutdown then startup). I can use external authentication
    when I bypass the tnsnames.ora file by going in directly with
    the ORACLE_SID parameter.
    Dick

  • OID external authentication - having trouble excuting oidspadi.sh

    Hi all,
    I am setting up External Authentication for OID, and have trouble with it. My version is Oracle application server infrastructure 10.1.2 (OID 10.1.2) on windows.
    hailie@Server1 /cygdrive/e/oracle/OraInfra/ldap/admin
    $ export ORACLE_HOME="E:\oracle\OraInfra"
    hailie@Server1 /cygdrive/e/oracle/OraInfra/ldap/admin
    $ sh oidspadi.sh
    oidspadi.sh: line 28: $'\r': command not found
    oidspadi.sh: line 38: $'\r': command not found
    oidspadi.sh: line 43: $'\r': command not found
    oidspadi.sh: line 47: $'\r': command not found
    oidspadi.sh: line 51: $'\r': command not found
    oidspadi.sh: line 58: $'\r': command not found
    oidspadi.sh: line 59: $'\r': command not found
    oidspadi.sh: line 60: $'clear\r': command not found
    OID Active Directory Plug-in Configuration
    Please make sure Database and OID are up and running.
    oidspadi.sh: line 67: $'\r': command not found
    oidspadi.sh: line 70: $'\r': command not found
    oidspadi.sh: line 103: syntax error near unexpected token `fi'
    'idspadi.sh: line 103: ` fi
    Edited by: Hailie on Jan 16, 2009 8:05 AM
    Edited by: Hailie on Jan 16, 2009 8:45 AM
    Edited by: Hailie on Jan 16, 2009 11:32 AM

    After I removed all the blank lines in oidspadi.sh:
    hailie@Server1 /cygdrive/e/oracle/OraInfra/ldap/admin
    $ sh oidspadi.sh
    oidspadi.sh: line 53: $'clear\r': command not found
    OID Active Directory Plug-in Configuration
    Please make sure Database and OID are up and running.
    oidspadi.sh: line 91: syntax error near unexpected token `fi'
    'idspadi.sh: line 91: `fi
    Thank you for your help.
    Hailie
    Edited by: Hailie on Jan 16, 2009 8:43 AM
    Edited by: Hailie on Jan 16, 2009 8:46 AM
    Edited by: Hailie on Jan 16, 2009 11:36 AM

  • Trouble With External Authentication!

    Hello all!
    I have been trying to experiment with external authentication with PHP using the samples provided with the LCCS SDK Navigator.
    I have changed the "index.php" page to include all my account info. and have double checked it!  However, when I upload it to my server, I keep getting the following error(s) whenever I click the submit button on the form:
    Warning: fopen() [function.fopen]: URL file-access is disabled in the server configuration in /home/tueslcom/public_html/LoginTest2/lccs.php on line 690
    Warning: fopen(https://collaboration.adobelivecycle.com/myusername?mode=xml&accountonly=true&) [function.fopen]: failed to open stream: no suitable wrapper could be found in/home/tueslcom/public_html/LoginTest2/lccs.php on line 690
    Fatal error: Uncaught exception 'RTCError' with message 'connection-failed' in /home/tueslcom/public_html/LoginTest2/lccs.php:695 Stack trace: #0 /home/tueslcom/public_html/LoginTest2/lccs.php(587): RTC::http_get('https://collabo...', Array) #1 /home/tueslcom/public_html/LoginTest2/lccs.php(254): RTCAccount->do_initialize() #2 /home/tueslcom/public_html/LoginTest2/index.php(33): RTCAccount->__construct('https://collabo...') #3 {main} thrown in /home/tueslcom/public_html/LoginTest2/lccs.php on line 695
    I have a bit of experience with PHP, however, going through lccs.php and trying to reverse engineer everything to find out what`s going on is a little beyond my skill level!  Any idea what might be happening/missing here?  This seems like it should be a no-brainer!
    Thanks in advance for any help anyone can give.
    Matt

    Raff,
    Thanks for your quick reply!
    I called phpinfo() and it appears that OpenSSL is working:
    OpenSSL Support - enabled
    OpenSSL Support - OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
    Is SSL needed for encrypted communications between the browser and the LCCS server?  When it comes to ports, security, and all the headaches that go with it, I am pretty much a NOOB (by choice)!
    Also, the forum search doesn`t seem to be working (at least it`s not returning anything for me).  Any hints as to what other modules are needed?
    btw - Is it "http://connectnow.acrobat.com" or "https://collaboration.adobelivecycle.com"?
    And it seems that "lccs.php" had been renamed from "afcs.php" along with "RTCAccount", which used to be "AFCSAccount".  The code examples have not been updated to reflect this, and although I fixed this in some of the code, could there still be problems inside "lccs.php"?
    Thanks again,
    Matt

  • External Authentication failed with new key

    I have a card using SCP 01 05. There is 1 keyset(3 keys) with version 01. I have added a new keyset(3 keys as well) with version 02.
    I run external authentication with keyset version 01 and it passed. I run external authentication with keyset version 02 immediately but it returned 6982. This mean "Security status not satisfied". Why can't I do authentication with other key?

    Read the INITIAL UPDATE command !!!! What is the P1/P2 ? If you inform it to use the keyset 1, then you can't possibly think that calculating with the keyset 2 will work ?
    The response data contains a bunch of information, including the keyset used to create the card cryptogram. That is the required key for calculating the off-card cryptogram. You would have seen this if you were calculating the card cryptogram properly because you would have been using the wrong key and the cryptograms wouldn't have matched.
    So, Why can't I do authentication with other key? Because you have to INITIALIZE UPDATE with that other key.

  • Issues with OID Installation

    I am trying to configure an OID store to use it for external authentication with ODI. I installed IDM 11.1.1.2 and applied patch IDM11.1.1.3. When I am trying to configure OID, (I am trying to configure without a domain, I get the following error:
    When I run the configuration wizard : $ORACLE_MWHOME/Oracle_IDM1/bin/config.sh, I had the following error:
    Create Oracle Internet Directory
    Error
    Error creating ASComponent oid1.
    Cause:
    An internal operation has failed:
    oracle/security/jps/az/runtime/service/PDPServiceInternal
    Does anyone have an idea on how to solve this ?
    Thanks
    Vidya

    Hi,
    Have you found the solution to your issue?

  • Hyperion Hub external authentication issue

    I have Hyperion Hub installed in an Active Directory domain - the users still live in a NT4 domain (we are in the midst of a migration). I have set up trusts between the two domains. We have been utilizing external authentication with Hyperion Reports in this environment for several months. With Hyperion Hub I have setup two authentication providers one for active directory(NTLM) and one for NT4 (NTLM). When adding users in the Hyperion Configuration Console using the provider for NT4, I am only able to pull up users in the "Available Users" list if I have a '*' in the search box. If I try to perform a query of a subset of users (ie. 'g*') it returns nothing. The provider for Active Directory works correctly. Also, with both of the providers I am unable to pull up a full list of available users - even when setting the "Maximum Size" to a large number. Has anyone else come across this???<BR><BR><BR>Greg

    I would suggest you set autoLogin="false" on rtc:ConnectSessionContainer and call cSession.login() when you are ready (you got the token and have everything set up).
    I suspect the automatic login is getting executed before the AdobeHSAuthenticator has been correctly setup.

  • OID 10.1.4 and external authentication (AD)

    Has anyone gotten this to work with MS Active Directory? We were able to sync the AD users with OID, but have not be able to authenticate them. As long as they have their passwords stored in OID, it works, but we do not want to maintain the password sync'ing between AD and OID. We want to do external authentication.
    Anyone who has gotten this to work in 10.1.4 (using the java plugins), please respond with any secrets or methods you have used to get this to work.
    Thank you.
    Shirley

    I got the java plugins working here. The configuration is not a big deal. I still not implemented SSL though, so I didnt had to issue certificates.
    Configuration is easier than on version 10.1.2, as all the plugin parameters are available on oidadmin.
    I have two problems that remain unfixed.
    One is on AD. Since we have several domain controllers, when the user changes his password in Windows the change is done on whatever domain controller that the user connected to when logging on windows, and it sometimes takes a long time for this to be replicated to the domain controller that configured on the plugin. So the user cannot use SSO for a few hours. Sometimes he can logon with the old password, sometimes even with both passwords (the old and the new one). I want to make clear that this is a Microsoft AD problem, that reproduces even with simple tools like ldapbind.
    The other is the plugin failover, it is still broken like it was on 10.1.2. Authentication attemps always try it the primary domain controller, and wait for a operating system timeout before trying the secondary. So if the PDC is down, it takes several minutes for the authentication process to complete, which is very annoying, as no user waits on a browser screen for several minutes, and usually keeps trying until all oidldapd backend processes hang. It is a little better than 10.1.2. That version was so dumb that it tried two connections before giving up and going to the secondary, even if you did not setup SSL.
    For this last one the recommendation on metalink is to put a loadbalancer in front of the domain controllers and configure the plugin to connect to it.
    Regards,
    Luis

  • OID External Authentication Plugin - Conceptual question

    Hi-
    Does anyone know the answer to this: If I enable the External Authentication Plugin for OID (to AD) does that mean that if I have any accounts in OID which do not exist in AD, they won't be able to authenticate?
    Also, if anyone knows of some conceptual documentation on this, please let me know. All I could find was how to install it, but not how it works. (do I need to match users on CN or uid or what?)
    Thanks

    Hi,
    Once you are done with user accounts synchorinzation successfully using dipassistant tool from edirectory to OID. Inorder to update/flush the user accounts password that which are synchronized to OID, in such case OID eDirectory External Authenctiation plugin will be used (oidspediri.sh file) located under <ORACLE_HOME>ldap/admin. Provide th neccessary eDirectory Details.
    Regards,
    ABP

  • OID External Authentication issue

    Hi..
    I have configured synchronization profile to import users from TDS to OID using DIP but it does not work as change log is not enabled on TDS side.
    Now i have configured External Authentication Plugin and i craeted same users in in TDS and also in OID but external authenctication does not work.
    Can you please point out if i missing some point or is synchronization profile is must for External Authentication.
    Find the product version details -
    OID 11.1.1.6
    Tivoli Directory Server 6.1
    Regards
    Santosh
    Edited by: user601746 on Jan 8, 2013 1:02 AM

    Got the solution.
    I used bootstrap loading to create users from TDS to OID then configure external authentication..works fine... :)

  • Error while Configuring AD external authentication plug in

    Hi
    While configuring Active directory external authentication plug I am getting following error
    OID Active Directory Plug-in Configuration
    Please make sure Database and OID are up and running.
    Please enter Active Directory host name: clmad101.ad.company.com
    Do you want to use SSL to connect to Active Directory? (y/n) n
    Please enter Active Directory port number [389]: 389
    Please enter DB connect string:SQLPLUS sys/manager1 @infradb.ad.company-.com @md61nthiims1.ad.company.com:1521
    Please enter ODS password:
    Please enter confirmed ODS password:
    Please enter OID host name: md61nthiims1.ad.company.com
    Please enter OID port number [389]: 389
    Please enter orcladmin password:
    Please enter confirmed orcladmin password:
    Please enter the subscriber common user search base [orclcommonusersearchbase]:
    CN=Users,dc=ad,dc=company,dc=com
    Please enter the Plug-in Request Group DN:
    Please enter the exception entry property [(!(objectclass=orcladuser))]: (|(!obj
    ectclass=orcladuser))(cn=orcladmin))
    Do you want to setup the backup Active Directory for failover? (y/n) n
    Installing Plug-in Packages ...
    Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
    where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
    <logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
    <start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
    "-H" displays the SQL*Plus version banner and usage syntax
    "-V" displays the SQL*Plus version banner
    "-C" sets SQL*Plus compatibility version <v>
    "-L" attempts log on just once
    "-M <o>" uses HTML markup options <o>
    "-R <n>" uses restricted mode <n>
    "-S" uses silent mode
    Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
    where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
    <logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
    <start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
    "-H" displays the SQL*Plus version banner and usage syntax
    "-V" displays the SQL*Plus version banner
    "-C" sets SQL*Plus compatibility version <v>
    "-L" attempts log on just once
    "-M <o>" uses HTML markup options <o>
    "-R <n>" uses restricted mode <n>
    "-S" uses silent mode
    Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
    where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
    <logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
    <start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
    "-H" displays the SQL*Plus version banner and usage syntax
    "-V" displays the SQL*Plus version banner
    "-C" sets SQL*Plus compatibility version <v>
    "-L" attempts log on just once
    "-M <o>" uses HTML markup options <o>
    "-R <n>" uses restricted mode <n>
    "-S" uses silent mode
    Registering Plug-ins ...
    adding new entry cn=adwhencompare,cn=plugin,cn=subconfigsubentry
    adding new entry cn=adwhenbind,cn=plugin,cn=subconfigsubentry
    Done.
    Is there anythign wrong in the DB connect string??
    Thanks

    Did you check the debug information from the external auth plugin.?
    This is mentioned in metalink note https://metalink.oracle.com/metalink/plsql/showdoc?db=NOT&id=277382.1
    here an excerpt:
    D) Enabled plug in debugging at the database level. Reference documentation: Oracle Internet Directory Administrator's Guide 10g (9.0.4) Chapter 43 Integration with the Microsoft Windows Environment - Troubleshooting Integration with Microsoft Windows Under section "Debugging the Microsoft Active Directory External Authentication Plug-in"
    ...enable the plug-in debugging. To do this, enter:
    > sqlplus ods/odspassword @$ORACLE_HOME/ldap/admin/oidspdon.pls
    To check the plug-in debugging log, enter:
    > sqlplus system/manager
    SQL> select * from ods.plg_debug_log order by id;
    (To delete the plug-in debugging log:
    > sqlplus system/manager
    SQL> truncate table ods.plg_debug_log
    To disable the plug-in debugging:
    > sqlplus ods/ods @$ORACLE_HOME/ldap/admin/oidspdof.pls
    E) Dump the plug-in profile to make sure it is enabled and configured correctly:
    > ldapsearch -h <OID host> -p <OID port> -D "cn=orcladmin" -w <orcladmin password> -b "cn=plugin,cn=subconfigsubentry" -L -s sub "(objectclass=*)" "*"
    please take also a look into the DIPTESTER tool available in
    http://www.oracle.com/technology/sample_code/products/oid/java_diptester.tar
    regards
    --Olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

  • AD External Authentication Plug-In verification issue

    We are working on a Proof of Concept instance to integrate MS AD with OID for the first time for E-Biz 11i.
    1) I completed the bulk load of all the existing users from AD to OID successfully
    2) completed enabling the syncrhonization profile
    3) Ran the txkrun.pl successfully
    4) However i wanted to check the External authentication plug-in and i get the below issue.
    How to debug ldapcompare ? Where is the logfile for ldapcompare ?
    ldapcompare -h OID_Host -p 389 -D "cn=orcladmin" -w ******* -b "cn=lastname\, firstname,ou=consultants,ou=users,ou=usaeast,dc=adadmin,dc=lps,dc=netsrv,dc=us" -a userPassword -v abcdefgh
    The value abcedefgh is not contained in the attribute userPassword in DN cn=lastname\, firstname,ou=consultants,ou=users,ou=usaeast,dc=adadmin,dc=lps,dc=netsrv,dc=us.
    An ldapbind on the same AD server is successful, but ldapcompare is failing.

    I get invalid credentials. Though the network password is correct. I feel its somewhere i messed up the 3rd party plug-in configuration. Is there a method to get debug information for ldapcompare command ?
    From metalink NOTE : 277382.1
    "When using the above command, ldapcompare binds to OID using the OID admin user (typically "cn=orclAdmin") and password. Then it provides the AD username and requests that the value supplied as AD-USER-PASSWORD be compared to whatever is stored in AD username's userPassword attribute. Because OID does not store a value in its own user entries/userPassword attributes for AD-synchronized entries, this ldapcompare call will cause OID to invoke the plug-in and verify the userPassword value in AD instead.
    If the plug-in works, the ldapcompare should return a message saying that the given password is contained in the userpassword attribute, e.g.
    "

Maybe you are looking for

  • How to restore my iTunes when my hard drive has ben stolen?

    All my datas (music and videos) were stored on the external hard drive? This has been stolen.  No back up copies made... How Can I restore the datas which i purchased at iStore? Thank You

  • How can I re-sync icloud?

    How can I re-sync icloud?  I am using iCloud to keep my iPadd2 and iPhone 4S syncronized with Microsoft Outlook 2007 on my Windows7 PC.  It started out working fairly well two days ago but as I use my devices the sync gets worse and worse.  It update

  • HT1926 itunes store

    why can't I access my itunes store through my account

  • Recapture in fcp6. please help.

    I have offline files in my sequence that I have to recapture from tape. If I rightclick on the elements in the timeline and select "capture" it captures ALL the sourcematerial. Not only the material used in the sequence. How can I recapture only what

  • Re: Problems with pulling data from database

    OK, I figured it out I believe. In the second recordset called rsEligibility, I dimmed it, then set rsEligibility_svuserid= "0". and then put in an if statement. In IIS 5 it worked, but not in IIS6. What I had to do was take out the part that set rsE