FORM based authentication in UME

in UME for FORM based authentication we have to specify rsource in terms of <u>html login page or JSP......</u>
my problem is can i use <u>webdynpro screen</u> for a FORM based authentication in UME.
i want to create a dynpro project that will have its own login screen base on UME insted of the default WAS login  screen.

hi snehal kendre,
create dynpro project in that u use UME api
like than u can code
IUserAccount accounts[] = null;
          response.write("<br>*** LOGIN ACCOUNTS:");
          try {
               accounts = user.getUserAccounts();
          } catch (UMException e) {
               response.write("<br>Error getting accounts: "
                    + e.getLocalizedMessage());
          if (accounts != null) {
               response.write("<br>Number of Login Accounts: " + accounts.length);
               for (int i = 0; i < accounts.length; i++) {
                    response.write(
                         "<br>** Login ID #"    + i
                              + ": LogonUID="    + accounts<i>.getLogonUid()
                              + ", AssignedUID=" + accounts<i>.getAssignedUserID());
                    response.write(
                         "<br>Last Login: "
                              + accounts<i>.getLastSuccessfulLogonDate().toString());
                    response.write(
                         "<br># Logins: " + accounts<i>.getSuccessfulLogonCounts());
then u can get login based UME
Jagadish

Similar Messages

  • Forcing specific clients or groups to use forms based authentication (FBA) instead of windows based authentication (WIA) with ADFS

    Hi,
    We are have a quite specific issue. The problem is most likely by design in ADFS 3.0 (running on Windows Server 2012 R2) and we are trying to find a "work-around".
    Most users in the organization is using their own personal computer and everything is fine and working as expected, single sign-on (WIA) internally to Office 365 and forms based (FBA) externally (using Citrix NetScaler as reverse proxy and load
    balancing with the correct rewrites to add client-ip, proxy header and URL-transformation).
    The problem occurs for a few (50-100) users where they are sharing the same computer, automatically logged on to the computer using a generic AD-user (same for all of them). This AD-user they are logged on with does not have any access to Office365
    and if they try to access SharePoint Online they receive an error that they can't login (from SharePoint Online, not ADFS).
    We can't change this, they need to have this generic account logged on to these computers. The issue occurs when a user that has access to SharePoint Online tries to access it when logged on with a generic account.
    They are not able to "switch" from the generic account in ADFS / SharePoint Online to their personal account.
    The only way I've found that may work is removing IE as a WIA-capable agent and deploy a User-Agent version string specific to most users but not the generic account.
    My question to you: Is there another way? Maybe when ADFS sees the generic user, it forces forms based authentication or something like that?
    Best regards,
    Simon

    I'd go with your original workaround using the user-agent and publishing a GPO for your normal users that elects to use a user-agent string associated with Integrated Windows Auth.. for the generic accounts, I'd look at using a loopback policy that overwrites
    that user agent setting, so that forms logon is preferred for that subset of users. I don't think the Netscaler here is useful in this capacity as it's a front-end proxy and you need to evaluate the AuthZ rules on the AD FS server after the request has been
    proxied. The error pages in Windows Server 2012 R2 are canned as the previous poster mentioned and difficult to customize (Javascript only)...
    http://blog.auth360.net

  • Issue with form based Authentication in three tier sharepoint 2013 environment.

    Hi,
    We are facing issue with form based Authentication in three tier environment.
    We are able to add users to the database and in SharePoint.
    But we are not able to login with created users.
    In single tier everything working fine
    Please help , Its urgent ... Thanks in advance.
    Regards,
    Hari
    Regards, Hari

    if the environments match, then it sounds like a kerberos double-hop issue
    Scott Brickey
    MCTS, MCPD, MCITP
    www.sbrickey.com
    Strategic Data Systems - for all your SharePoint needs

  • Error re-logging in after session timeout using form-based authentication

    Hello,
    We have a web app configured for form-based authentication. When the session times out, we're redirected to our login page as expected. However, after re-logging in, we are not redirected to the desired page (e.g., /faces/OurMainPage.jspx) but to /afr/page_lev_idle.gif.
    Do we have to do anything special for session timeouts?
    Thanks,
    Rico

    Some extra information that might help:
    After re-logging in and we're in /afr/page_lev_idle.gif, we hit the browser Back button (showing the login page again) and then hit the browser Refresh/Reload button and voila we're at the page we expect to be.
    Rico

  • How to redirect to j_security_check without the form based authentication

    Hi,
    I am trying to integrate my application authentication to a backend system with the ibm websphere form based authentication. Below is the scenario:
    1. when the user clicks on a protected url, the container will redirect the user to the login page.
    2. instead of displaying the login page, i would like to automatically redirect the user to j_security_check action. which means that instead of displaying the login.jsp page, the user will automatically be redirected to j_security_check to perform some user authentication, and if successful, the application pages will be displayed.
    The reason i want to auto redirect the user to j_security_check is because i am implementing some integration work with a backend system. the user will key in the username/password from another system. once the user is authenticated, the user information will be passed to my system. The login page of my system will not be displayed again, and by using the username value, my system will assume that the user has successfully been authenticated (authentication done by the backend system), and therefore automatically gain authorization to login into my application.
    i hope that clarifies my problem.
    anyone out there has any solution to my problem?
    thanks a lot in advance.

    Hi Darren,
    Let me explain the whole authentication environment.
    There are actually 2 systems in this environment. Let;s call it system A and system B.
    System B is actually using the authentication mechanism that i described in my previous message.
    A login page will be presented to the user (within system A). User credential is collected and passed to system A to be authenticated. System A will use its own mechanism to authenticate the user.
    Once the user is authenticated, system A will pass the user ID to system B. At this point, system B will assume that the user is authenticated and grant authorization to access the application. (system B global security is enabled and implements the form based authentication mechanism) Therefore, at this point, the redirect page (so called login page) will not be displayed to the user, instead it will be automatically redirected to the j_security_check action to execute the customer Ldap Registry class. (ps : eventhough authentication is no longer needed, the flow will still go to Ldap Registry class. A check is done in the Ldap Registry class to skip the authentication, if it is not boot strap login. Only first and only time authentication is done for boot strap login).
    In the case a protected url is clicked or invoked by the user directly, the application will redirect the user to the initial login of system A. Otherwise (the url link originates from system A, during the passing of user token to system B), system B will redirect to j_security_check and execute the customer Ldap Registry class.
    Based on the above explained scenario, in your opinion, is there any security loopholes? consider that system B no longer perform authentication but only to grant authorization to the user.
    Appreciate your advice. Thanks in advance
    Anyway, i am using the ibm websphere server. :)

  • Logout Functionality in Form Based Authentication Not Working Properly

    Hi All,
    I am using Form Based Authentication in ADF. In this I followed the following steps:-
    1.Login On Page.
    2.In successful login page ,copy the url
    3.Click on "Logout"
    4.Paste the url in login page and click enter
    5.System taking me back to that page where I can perform all the actions.
    But the Login operation should not happen just by entering the url. Please provide any help how to stop redirecting to my authenticated page just by typing the url. This is a big security constraint.Any Assistance to this is highly appreciated.
    Thanks & Regards
    Lovenish Garg

    Hi BaiG,
    For Login I am using the form based authentication and for logout here is my code:-
    public void logout() {
    ExternalContext ectx =
    FacesContext.getCurrentInstance().getExternalContext();
    HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
    HttpSession session = (HttpSession)ectx.getSession(false);
    session.invalidate();
    response.setHeader("Cache-Control", "no-cache");
    response.setHeader("expires", "0");
    response.setHeader("Pragma", "no-cache");
    try {
    response.sendRedirect("AdminLogin.html");
    } catch (IOException e) {
    logger.severe(e.getMessage());
    //Inform JSF to not take the response in hands
    FacesContext.getCurrentInstance().responseComplete();
    logger.info("session invalidated");
    Thanks,
    Lovenish Garg

  • Faces context not found (Form based authentication)

    <security-constraint>
    <display-name>Example Security Constraint</display-name>
    <web-resource-collection>
    <web-resource-name>Protected Area</web-resource-name>
    <url-pattern>/jsp/WorkingZone.jsp</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>manager</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Example Form-Based Authentication Area</realm-name>
    <form-login-config>
    <form-login-page>/Login/login.jsp</form-login-page>
    <form-error-page>/Login/error.jsp</form-error-page>
    </form-login-config>
    </login-config>
    when i tried to login with valid user the the url shows
    http://localhost:8080/FormAuth/jsp/WorkingZone.jsp
    how to append faces context automatically.
    I am not finding for this faces context.
    Plz suggest me a solution soon.
    Thanks
    Raghavendra Pattar

    The FacesContext is created by FacesServlet which is
    definied in the web.xml with an url-pattern.
    If you just follow the url-pattern of this
    FacesServlet, usually /faces/ or *.faces, or *.jsf,
    then the FacesContext will be created.Hi balu,
    this is the web.xml that i am using
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.4" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    <context-param>
        <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
        <param-value>server</param-value>
      </context-param>
    <context-param>
        <param-name>javax.faces.CONFIG_FILES</param-name>
        <param-value>/WEB-INF/navigation.xml,/WEB-INF/managed-beans.xml</param-value>
      </context-param>
    <context-param>
        <param-name>com.sun.faces.validateXml</param-name>
        <param-value>true</param-value>
      </context-param>
    <context-param>
        <param-name>com.sun.faces.verifyObjects</param-name>
        <param-value>false</param-value>
      </context-param>
    <filter>
        <filter-name>UploadFilter</filter-name>
        <filter-class>com.sun.rave.web.ui.util.UploadFilter</filter-class>
        <init-param>
          <description>
              The maximum allowed upload size in bytes.  If this is set
              to a negative value, there is no maximum.  The default
              value is 1000000.
            </description>
          <param-name>maxSize</param-name>
          <param-value>1000000</param-value>
        </init-param>
        <init-param>
          <description>
              The size (in bytes) of an uploaded file which, if it is
              exceeded, will cause the file to be written directly to
              disk instead of stored in memory.  Files smaller than or
              equal to this size will be stored in memory.  The default
              value is 4096.
            </description>
          <param-name>sizeThreshold</param-name>
          <param-value>4096</param-value>
        </init-param>
      </filter>
    <filter-mapping>
        <filter-name>UploadFilter</filter-name>
        <servlet-name>Faces Servlet</servlet-name>
      </filter-mapping>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
      </servlet>
    <servlet>
        <servlet-name>ThemeServlet</servlet-name>
        <servlet-class>com.sun.rave.web.ui.theme.ThemeServlet</servlet-class>
      </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
      </servlet-mapping>
    <servlet-mapping>
        <servlet-name>ThemeServlet</servlet-name>
        <url-pattern>/theme/*</url-pattern>
      </servlet-mapping>
    <welcome-file-list>
        <welcome-file></welcome-file>
         </welcome-file-list>
    <jsp-config>
        <jsp-property-group>
          <url-pattern>*.jspf</url-pattern>
          <is-xml>true</is-xml>
        </jsp-property-group>
      </jsp-config>
    <security-constraint>
        <display-name>Example Security Constraint</display-name>
        <web-resource-collection>
          <web-resource-name>Protected Area</web-resource-name>
          <url-pattern>/secure/*</url-pattern>
            <http-method>GET</http-method>
          <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
          <role-name>manager</role-name>
        </auth-constraint>
      </security-constraint>
      <!-- Default a login configuration that uses form-based authentication -->
      <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>Example Form-Based Authentication Area</realm-name>
        <form-login-config>
          <form-login-page>/Login/login.jsp</form-login-page>
          <form-error-page>/Login/error.jsp</form-error-page>
        </form-login-config>
      </login-config>
      <!-- Define a logical role for this application, needs to be mapped to an actual role at deployment time -->
      <security-role>
        <role-name>manager</role-name>
      </security-role>
    </web-app>1)My requirement is Login page should be the first page
    If enter the valid user and password
    then i will get directory structure
    when i click the secured JSF page inside secure
    i got this URL
    http://localhost/secure/WorkingZone.jsp
    obiviously /faces is missing
    and i am getting faces context not found.
    If u need further clarification i will send u..
    Plz reply me...

  • SP4 and Form Based Authentication

    Hi,
    I had just advised a customer to apply SP4 to WLS and
    then plug in the 'source code' patch, he replied that he had
    been informed that SP4 breaks Form Based Authentication for
    war web apps?
    Can anyone confirm/deny this for me please ?
    regards,
         Patrick.

    Hehe Hiya Patrick!, that was Me! seems we use the same hot source of info :)
    Cheers
    Rob :)
    "Patrick Byrne" <[email protected]> wrote in message
    news:[email protected]..
    Hi,
    I had just advised a customer to apply SP4 to WLS and
    then plug in the 'source code' patch, he replied that he had
    been informed that SP4 breaks Form Based Authentication for
    war web apps?
    Can anyone confirm/deny this for me please ?
    regards,
    Patrick.

  • J_security_check in form-based authentication - not checking for blank passwords

    I am using the LDAP Security Realm to authenticate against an iPlanet
    Directory Server. All works as expected when a user-id and password
    are entered for form-based authentication.
    However, when a userid is entered but no password, j_security_check
    logs the user in successfully. Aparently, this is correct LDAP
    behaviour as anonymous login to the LDAP server is permitted. It seems
    that the j_security_check servlet should check for blank passwords
    before trying to authenticate against the LDAP server and fail
    authentication if this is the case.
    Has anyone else experienced this problem?

    Hi Brian,
    I do not believe it is j_security_check's job to check for blank
    passwords.
    In many security realms, it is "legal" for a user to have a blank
    password. j_security_check forwards whatever password was entered so that
    even users with blank passwords can be authenticated by the realm on the
    backend. For this reason I believe that j_security_check is "doing the
    right thing" by just forwarding whatever is presented to it, rather than
    having its own logic. It is best if j_security_check just acts as a very
    dumb middle man.
    If behavior was altered, it is true that your particular problem would be
    solved, but then many other people would have a problem with their users
    with blank passwords authenticating properly...
    Try looking into how to disable anonymous logins on the LDAP end of
    things. Hope this helps.
    Cheers,
    Joe Jerry
    brian wrote:
    I am using the LDAP Security Realm to authenticate against an iPlanet
    Directory Server. All works as expected when a user-id and password
    are entered for form-based authentication.
    However, when a userid is entered but no password, j_security_check
    logs the user in successfully. Aparently, this is correct LDAP
    behaviour as anonymous login to the LDAP server is permitted. It seems
    that the j_security_check servlet should check for blank passwords
    before trying to authenticate against the LDAP server and fail
    authentication if this is the case.
    Has anyone else experienced this problem?

  • Form Based Authentication in SharePoint 2013: Getting The remote server returned an error: (500) Internal Server Error

    Hi
     I configured forms based authentication mode in Sharepoint 2013 site. When i tried to log in with windows authentication prompt it throws the following error
    The remote server returned an error: (500) Internal Server Error
    [WebException: The remote server returned an error: (500) Internal Server Error.] System.Net.HttpWebRequest.GetResponse() +8548300 System.ServiceModel.Channels.HttpChannelRequest.WaitForReply(TimeSpan timeout) +111 [ProtocolException:
    The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (application/soap+msbin1). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first
    1024 bytes of the response were: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    How to fix this issue?
    Regards,
    Siva

    Did you create a new web application or modify an existing web application?
    I would start by checking the ULS logs, maybe there is an incorrect setting within one of the web.config files, or SQL permissions.
    Also, as suggested above, check application pools are running.
    This blog post is a great guide for setting up FBA, check it through to make sure you haven't missed any steps:
    http://blogs.technet.com/b/ptsblog/archive/2013/09/20/configuring-sharepoint-2013-forms-based-authentication-with-sqlmembershipprovider.aspx

  • Big problem :anything is accepted by form-based authentication on Jboss

    Hi there
    I'm new to form-based authentication. I've been stuck on this problem for one and a half day. I set up the form-based authentication(with JDBC realm) on JBoss 3.2/Tomcat 5.0. When I visit the protected area, it did ask me for password. But it accepts whatever I input and forwards the desired page, even when I input nothing and just click on submit, it allows me to go through. No error message at all. I am in desperate need for help.
    Here is my configuration. The web.xml is like this
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
    <web-app>
    <display-name>LoginTest</display-name>
    <security-constraint>
    <display-name>Example Security Constraint</display-name>
    <web-resource-collection>
    <web-resource-name>Protected Area</web-resource-name>
    <url-pattern>/*</url-pattern>
    <http-method>DELETE</http-method>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    <http-method>PUT</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>manager</role-name>
    </auth-constraint>
    <user-data-constraint><transport-guarantee>NONE</transport-guarantee></user-data-constraint>
    </security-constraint>
    <!-- Default login configuration uses form-based authentication -->
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
    </login-config>
    <security-role>
    <description>Manager security role</description>
    <role-name>manager</role-name>
    </security-role>
    </web-app>
    I also add the following JDBC realm definition into the server.xml which is under jboss/server/default/deploy/jbossweb-tomcat50.sar
    <Realm
    className="org.apache.catalina.realm.JDBCRealm" debug="1"
    driverName="org.gjt.mm.mysql.Driver"
    connectionURL="jdbc:mysql://myipdadress:3306/field_bak"
    connectionName="plankton"
    connectionPassword="plankton"
    userTable="users"
    userNameCol="user_name"
    userCredCol="user_pass"
    userRoleTable="user_roles"
    roleNameCol="role_name"
    />
    The JDBC realm is enclosed by the <engine> element. I checked the server log file, when the jboss server is started, it does load the mysql driver correctly and connect to mysql database fine. If I changed the IP of the mysql server to a non-existing one, then when I start jboss server, the server boot process will complain about connection to mysql faiure.
    I guess maybe the server doesn't do the authentication by connecting to mysql and verify it when I submit the log in form. It seems the JDBC realm authentication is bypassed. I notice that even I get rid of the JDBC realm definition from the server.xml file, and test the web application. It behaves exactly the same way. It asks me for password but anything will go through even nothing.
    Can anybody help me about this? I'm really stuck on this.
    Thanks a lot!

    By the way, I did create database"field_bak" and the tables for the JDBC realm verification.
    I also created the users and the roles.
    But it seems like Tomcat container doesn't do the JDBC realm authentication.

  • FORM based Authentication issue on Sun ONE AS7

    I am trying to use FORM based authentication for a web module I created, and can not get it to work. I have registered the roles through the admin console of the server, and adjusted the web.xml. When I try to use BASIC authentication, I get a 'Authentication refused for []' message before I even log in, and another one after I do. When I use FORM authentication, the URL points to my login.jsp page (no matter what I put in the path, which is what is supposed to happen), however my default servlet (hello.java) is actually run, and the login.jsp page never comes up. I created my jsps and servlet in the mounted [ejb]_WebModule. Please let me know if something seems incorrect here, or if you can think of something I should check...I can't find anything out there to help me.
    Here is my web.xml:
    <web-app>
    <display-name>DiningGuideManager_TestApp</display-name>
    <servlet>
    <servlet-name>front</servlet-name>
    <servlet-class>data.DiningGuideManager_WebModule.hello</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>myPage</servlet-name>
    <jsp-file>/myPage.jsp</jsp-file>
    </servlet>
    <servlet-mapping>
    <servlet-name>front</servlet-name>
    <url-pattern>/*</url-pattern>
    </servlet-mapping>
    <session-config>
    <session-timeout>30</session-timeout>
    </session-config>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Security</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>Me</role-name>
    <role-name>EveryoneElse</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>default</realm-name>
    </login-config>
    <security-role>
    <role-name>Me</role-name>
    </security-role>
    <security-role>
    <role-name>EveryoneElse</role-name>
    </security-role>
    <ejb-ref>
    <ejb-ref-name>ejb/TestedEJB</ejb-ref-name>
    <ejb-ref-type>Session</ejb-ref-type>
    <home>data.DiningGuideManagerHome</home>
    <remote>data.DiningGuideManager</remote>
    <ejb-link>DiningGuideManager</ejb-link>
    </ejb-ref>
    </web-app>
    for FORM authentication I have this:
    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>default</realm-name>
    <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
    </login-config>
    Thanks,
    Michelle

    Yes there's a default generated index.jsp page that I'm having trouble overriding with one of my own. Have you used Form Based Authentication before? To do so you have edit the WEB-INF/web.xml file by adding:
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Secure Area</web-resource-name>
    <url-pattern>/test/secure/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>admin</role-name>
    </auth-constraint>      
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/test/secure/loginpage.jsp</form-login-page>
    <form-error-page>/test/secure/errorpage.jsp</form-error-page>
    </form-login-config>
    </login-config>
    When you attempt to first go to any page in my /test/secure/ directory you get redirected to the /test/secure/loginpage.jsp where you have to login as a tomcat user, when succesfully logged on you get redirected to an index.jsp page which is NOT the one I created in test/secure/index.jsp. Even when I type in the url to go to my own test/secure/index.jsp I still don't get my own one that exists there, but instead get the default one that's generated that displays:
    "Authentication Mechanism FORM".
    Hope that makes more sense.
    I've tried restarting tomcat but it makes no difference.

  • Error in form based authentication

    Hi all,
    i want 2 implement form based authentication to a dummy resource in iis.
    first i created authentication as
    Challenge Method Form
    Challenge Parameter passthrough: no
    creds: usernamevar passwordvar
    action: /access/oblix/apps/webgate/bin/webgate.dll
    form: /public/login.html
    SSL Required No
    Challenge Redirect
    Enabled Yes
    and configured a policy domain for a dummy resource test.html with form authentication schema. i kept that in a folder 'access' which was placed in iis. i mentioned the action attribute to '/access/test.html' in login.html through which i want to do authentication.
    but when i am accessing http://*...*/test.html
    i am getting http 404 error.
    can anyone help me.
    Thank you

    Hi,
    thanks for ur response. i make some changes to my configuration which was given in previous post. now i configured as follows:
    i kept my test.html and login.html in the iis root folder. and i defined my policy as follows:
    Name : form (policy name)
    Enabled : Yes
    Resource Resource Type :http
    URL Prefix : /test.html
    Description
    Authorization Rules Name ---- Form authorization
    Description ---
    Enabled --- Yes
    Allow takes precedence ----Yes
    Allow Access Role---- Any one
    Default Rules
    Authentication Rule
    name of the authentication: policy form authentication
    Authentication Scheme : Form authentication -----------------which was created in Access system console
    Authorization Expression
    Expression : Form authorization
    Duplicate Actions: No policy defined for this Authorization Expression. The Access System level default policy for dealing with duplicate action headers will be employed.
    Audit Rule
    There is no Audit Rule defined.
    Policy Name : form policy
    Description :
    Resource Type: http
    Resource Operation(s) : POST
    GET
    Resource : all
    Authentication Rule
    policy auth. rule
    Authentication Scheme Form authentication
    Authorization Expression
    There is no Authorization Expression defined.
    Audit Rule
    There is no Audit Rule defined.
    Delegated Access Admins Delegate Rights
    People Administrator
    Grant Rights
    There are no Delegated Access Admins with this right.
    Basic Rights
    There are no Delegated Access Admins with this right.
    and i also created login.html with a method 'post' and pointed out the action to '/access/oblix/apps/webgate/bin/webgate.dll' . i placed it in IIS root folder.
    now my auth. schema is as follows.
    form: /login.html action:/access/oblix/apps/webgate/bin/webgate.dll passthrough: no creds: usernamevar passwordvar (which are names of fields in login.html)
    and the plugin mapping is as follows:
    credential_mapping:obMappingBase="cn=users,dc=orademo,dc=com", obMappingFilter="(&(&(objectclass=User)(sAMAccountName=%usernamevar%) )(|(!(obuseraccountcontrol=*))(obuseraccountcontrol=ACTIVATED)) )"
    validate_password: obCredentialPassword="passwordvar"
    so when i am accessing http://<hostname>/test.html
    it is giving popup window like basic auth. schema. i am not getting my login page. and in that even i am logging as admin . it is saying unauthorized user.
    please help me how to configure it.
    Edited by: new2idm on Feb 17, 2010 9:19 PM
    Edited by: new2idm on Feb 17, 2010 9:19 PM

  • Form Based Authentication Redirect URL

    I'm using form based authentication in standalone OC4J 10.1.3.1. I have set the system property oc4j.formauth.redirect to true to force OC4J to redirect using 302 any successful authentication to j_security_check.
    The problem is that the redirect URL loses any query parameters. Here's the raw HTTP being posted:
    POST http://localhost:8988/manage/j_security_check HTTP/1.1
    Host: mvakoc-pc.peoplesoft.com:8099
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: keep-alive
    Referer: http://mvakoc-pc.peoplesoft.com:8099/manage/target?instanceName=denlcmlx1_entserver_1&targetType=entserver
    Cookie: JSESSIONID=0a8b7ff6231c049914997fdb4ebb93b4854b0956862b; SignOnDefault=18438; e1AppState=
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 62
    X-Forwarded-For: 10.139.127.246
    j_username=username&j_password=password&url=%2Fmanage%2Fhome
    However the response back drops off the query parameters:
    HTTP/1.1 302 Moved Temporarily
    Date: Fri, 05 Jan 2007 21:59:22 GMT
    Server: Oracle Containers for J2EE
    Content-Length: 231
    Connection: Keep-Alive
    Keep-Alive: timeout=15, max=100
    Location: http://mvakoc-pc.peoplesoft.com:8099/manage/target
    <HTML><HEAD><TITLE>Redirect to http://mvakoc-pc.peoplesoft.com:8099/manage/target</TITLE></HEAD><BODY>http://mvakoc-pc.peoplesoft.com:8099/manage/target</BODY></HTML>
    Any workaround?

    It does not appear to be quite the same issue. That bug indicates that everything works fine in a standalone OC4J environment. This would be true with the use case specified as the original URL (/em/console/ias) does not include any query parameters. In my case the original URL contains query parameters so the ultimate redirected URL should also contain those.

  • Problem in form based authentication

    Hi,
    I am encountering some problem in form based authentication.
    When I try to login for the first time. It reoute me to the image
    directory and not to the request page.
    When I try it for the second time, it shows
    "Form based authentication failed. Could not find session."
    And it always show this message no matter how many time I try.
    I am not sure is it something that I did not set ...
    Thanks for any advice.
    Eric

    Hi Eric,
    It may be a problem in your web.xml, I missed the "/" slash character
    in the web.xml's in <form-login-page> element. So your web.xml
    must look like

Maybe you are looking for

  • Installed 6.0.1 get message "xulrunner Error platform version 6.0 is not compatible with min version = 6.01 max version = 6.0.1

    I did a search and the only instance of that name is with the Tom Tom GPS folder and that is not an exe file

  • What is wrong with as3

    this is not a question about 'how i do X'. is rather a 'discussion' (flame or whatever, but to defend or argue about aspects, not people) about 'what is wrong with as3' and what aspects whould be taken into consideration for updates. right now i am u

  • PI 7.1 CTS+ - IDOC CC is transfered empty

    Hi, We have PI 7.1 SP09 configured with CTS+. Suddenly we get a strange problem, Communication Channels idoc sender type are transfered without "Transport protocol", "Message protocol" & the description. This prevents from the object to be activated

  • Understanding vector art

    If I need to use some vector clip art, but I have to guarantee that's it 100 percent grayscale with no color, I understand that I should open it in Illustrator and change it to grayscale. That's the safest option, right? I work with a designer who ch

  • Old "sent emails" are MISSING

    I've been using me.com since 2008, back then it was a paid service. When the time came, I switched to iCloud, no problem, I enjoy the service. Recently I need to find some sent emails during the period of mid-2011 then I realized that my "Sent" folde