Form Based Authentication not working for my sharepoint site.

Similar Messages

• J_security_check in form-based authentication - not checking for blank passwords

  I am using the LDAP Security Realm to authenticate against an iPlanet
  Directory Server. All works as expected when a user-id and password
  are entered for form-based authentication.
  However, when a userid is entered but no password, j_security_check
  logs the user in successfully. Aparently, this is correct LDAP
  behaviour as anonymous login to the LDAP server is permitted. It seems
  that the j_security_check servlet should check for blank passwords
  before trying to authenticate against the LDAP server and fail
  authentication if this is the case.
  Has anyone else experienced this problem?

  Hi Brian,
  I do not believe it is j_security_check's job to check for blank
  passwords.
  In many security realms, it is "legal" for a user to have a blank
  password. j_security_check forwards whatever password was entered so that
  even users with blank passwords can be authenticated by the realm on the
  backend. For this reason I believe that j_security_check is "doing the
  right thing" by just forwarding whatever is presented to it, rather than
  having its own logic. It is best if j_security_check just acts as a very
  dumb middle man.
  If behavior was altered, it is true that your particular problem would be
  solved, but then many other people would have a problem with their users
  with blank passwords authenticating properly...
  Try looking into how to disable anonymous logins on the LDAP end of
  things. Hope this helps.
  Cheers,
  Joe Jerry
  brian wrote:
  I am using the LDAP Security Realm to authenticate against an iPlanet
  Directory Server. All works as expected when a user-id and password
  are entered for form-based authentication.
  However, when a userid is entered but no password, j_security_check
  logs the user in successfully. Aparently, this is correct LDAP
  behaviour as anonymous login to the LDAP server is permitted. It seems
  that the j_security_check servlet should check for blank passwords
  before trying to authenticate against the LDAP server and fail
  authentication if this is the case.
  Has anyone else experienced this problem?

• Logout Functionality in Form Based Authentication Not Working Properly

  Hi All,
  I am using Form Based Authentication in ADF. In this I followed the following steps:-
  1.Login On Page.
  2.In successful login page ,copy the url
  3.Click on "Logout"
  4.Paste the url in login page and click enter
  5.System taking me back to that page where I can perform all the actions.
  But the Login operation should not happen just by entering the url. Please provide any help how to stop redirecting to my authenticated page just by typing the url. This is a big security constraint.Any Assistance to this is highly appreciated.
  Thanks & Regards
  Lovenish Garg

  Hi BaiG,
  For Login I am using the form based authentication and for logout here is my code:-
  public void logout() {
  ExternalContext ectx =
  FacesContext.getCurrentInstance().getExternalContext();
  HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
  HttpSession session = (HttpSession)ectx.getSession(false);
  session.invalidate();
  response.setHeader("Cache-Control", "no-cache");
  response.setHeader("expires", "0");
  response.setHeader("Pragma", "no-cache");
  try {
  response.sendRedirect("AdminLogin.html");
  } catch (IOException e) {
  logger.severe(e.getMessage());
  //Inform JSF to not take the response in hands
  FacesContext.getCurrentInstance().responseComplete();
  logger.info("session invalidated");
  Thanks,
  Lovenish Garg

• Form Personalization is not working for copied Sales Orders

  Hi All,
  We have a requirement in Sales Order form, if the order type is "Standard" then Ship method field should be mandatory.
  We were able to do this using below form personalization, it is working for new order creation.
  When we did the below testing it is not working
  Inactivated the ship method and try to copy the order with Standard type the field remains mandatory and null but still it is allowing to book the Sales Order.
  Please help to sort out this issue, let me know if it is not clear
  Condition
  Trigger Event : WHEN-NEW-ITEM-INSTANCE
  Trigger Object: ORDER.SOLD_TO
  Condition:
  (:ORDER.ORDER_TYPE not like '%STANDARD%')
  Action
  Type : Property
  Object Type : Item
  Target Object : ORDER.SHIPPING_METHOD
  Property Name: REQUIRED
  Value: True
  Thanks,
  CSK

  Hi CSK,
  try it in well validate item trigger.
  If that order type is list then you may disable the field in WHEN LIST CHANGED  trigger itself.
  Hope it will work,
  Regards,
  Soofi

• Negotiate Authentication Not working for Outlook

  This is a very odd situation so bear with me when explaining this.
  I have several users scattered out in different remote offices that are haveing authentication issues in outlook 2007 when trying to connect to our exchange 2010 public folder servers (CAS).  When the users open outlook it constantly sits at trying
  to connect and eventually locks the machine up until you use the task manager to close outlook.  I have only determined this is a public folder issue because if you hold down the cntrl key and right click on the outlook icon in the taskbar (next to clock) you
  get and option to see connection status.  This shows the server name (one of the CAS) and the type as public folder and the connection status is empty. 
  We opened a microsoft ticket on this and they said it was a client side issue because we have 1700 users connection to the same set of servers with out issues.  Well we have reimaged the users desktop, replaced all cableing from the user to the switch,
  and confirmed the IOS on the routers matches other offices that are working.   Still the same problem.
  Heres the kicker!  This problem does not effect other users in the same office and if this paticular user logs into another machine the same problem happens.  But if she accesses her mailbox from Web Access she has no problems and if I log this
  user on here at our home office on the same LAN as the Exchange system she has no issues.
  But wait theres more.  We have deleted the user's mailbox and LAN account.  Created a new mailbox and LAN account with a similar name not the same one and when I log on to her machine exacte same issue.  I have removed all antivirus software
  from the machine and still have the same problem.  
  Not until we ran wireshark on her machine did I start seeing some ntlm authentication issues to the exchange system. We manually changed outlook from Negotiate Authentication to  Password Authenticatoin (NTLM) and viola her email started syncing??? 
  When i change this setting on the other users they connect also. But why are we not haveing to change this on the other 1700 users?
  Can anyone please offer some insite in to what the hell is causing this and why it seem to follow the user around.  I have been troubleshooting this for weeks and am so frustrated because it just doesnt make any sense. 
  Thankyou to anyone willing to provide any ideas into what could be causing this.  When we opened a Microsoft ticket they were convinced that its client side but I have replaced everything.

  Hello,
  if you using OAW (Outlook AnyWhere) check the authentication method
  get-OutlookAnywhere -Identity "<Servername>xpv00645\RPC (Default Web Site)" | fl *AuthenticationMethod*
  I think it is set of NTLM or Negotiate.
  Outlook 2007 has negotiate
  problems at an OAW connection
  authentication.
  Change the authentication to NTLM for
  the internal and Basic for the extenal method.
  You need to reconfigure the Outlook Exhange settings to anonymous authentication and in the proxy settings to default authentication

• Ldap authentication not working for Solaris 8 host - Help!

  Greetings folks,
  I just recently migrated a host to use LDAP authentication. The only difference between this host and the rest of the hosts in the environment that I've converted to use LDAP is that this one is running Solaris 8.
  Here's the steps I took to migrate it (though, I used the same steps for another Sol8 host in another environment and it works fine):
  ldapclient -P stg -d mydomain.com -D cn=proxyagent,ou=profile,dc=mydomain,dc=com -w secret 192.168.1.69
  My /etc/nsswitch.conf looks like this:
  passwd: files ldap
  group: files ldap
  My /etc/pam.conf looks like this:
  login auth requisite pam_authtok_get.so.1
  login auth required pam_dhkeys.so.1
  login auth sufficient pam_unix_auth.so.1
  login auth required pam_ldap.so.1
  sshd auth requisite pam_authtok_get.so.1
  sshd auth sufficient pam_unix_auth.so.1
  sshd auth required pam_ldap.so.1
  other auth requisite pam_authtok_get.so.1
  other auth required pam_dhkeys.so.1
  other auth sufficient pam_unix_auth.so.1
  other auth required pam_ldap.so.1
  passwd auth sufficient pam_passwd_auth.so.1
  passwd auth required pam_ldap.so.1
  I've also cleared out the local user accounts for my human users, so there aren't any more passwd or shadow entries (yes, I ran pwconv). I also cleaned out the /etc/group entries for the same users. The machine appears to be configured properly, because I can run various DS commands that indicate this:
  hostname# getent passwd user1
  user1::1001:1001:User 1:/opt/home/user1:/bin/bash
  hostname# ldaplist -l passwd user1
  dn: uid=user1,ou=people,dc=mydomain,dc=com
  shadowFlag: 0
  userPassword: {crypt}(removed)
  uid: user1
  objectClass: posixAccount
  objectClass: shadowAccount
  objectClass: account
  objectClass: top
  cn: user1
  uidNumber: 1001
  gidNumber: 1001
  gecos: User 1
  homeDirectory: /opt/home/user1
  loginShell: /bin/bash
  However, in the end, actual logins to this host fail via ssh. Snooping the traffic reveals that all the right info is being handed back to the client, including the crypt'ed password hash, uid, etc. just like I see with other hosts that work.
  Any ideas?
  Thanks!
  Patrick

  I assume you have applied lastest kernel patch and 108993 to this Solaris8 machine, and its nss_ldap.so.1 and pam_ldap.so.1 are the same as the other Solaris8 LDAP clients that are working for ssh via LDAP auth.
  1) Please replace "objectClass: account" with "objectClass: person", I know SUN ONE DS5.2 likes "person".
  2) Did you test and verify telnet/ftp/su working? but SSH not working?
  3) If telnet/ftp/su all worked, and SSH (SUN-SSH or OpenSSH), make sure you have "UsePAM yes" in sshd_config and restart sshd.
  4) It is not a must I think but normally I will add "shadow: files ldap" to /etc/nsswitch.conf, restart nscd after that.
  5) Whenever ldapclient command is run and ldap_cachemgr is restarted, I usually also restart nscd and sshd after that, if not testing result may not be accurate as nscd is still remembering OLD stuffs cached which could be very misleading.
  6) You may use "ssh -v userid@localhost" to watch the SSH communications, on top of your usual "snoop"ing of network packets.
  7) Use the sample pam.conf that is meant for pam_ldap from Solaris 10 system admin guide with all the pam_unix_cred.so.1 lines commented out. This works for me, there is no sshd defintions as it will follow "other".
  http://docs.sun.com/app/docs/doc/816-4556/6maort2te?a=view
  Gary

• Search is not working for only one site collection sharepoint 2010 production environment

   did full crawling but it could not crawled particular this only site collection somehow.
  when i search under Crawl log, it doesnt appear and throws message like
  there are no urls in the system that match your request.
  you can see following screenshot,
  Thanks
  Deepak patel

  Hi Deepak,
  Is this site collection url (e.g. FQDN url, or host named site collection url) different from other site collection?
  If yes, please add the host named site collection in content source.
  If not, and this site collection url are the same type/format with other site collection, please "reset index" if possible, and start a full crawl, let us know your resutls.
  If issue still persists, please perform a query in search box, see if there is any related useful information from ULS log.
  Thanks,
  Daniel Yang
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you
  have feedback for TechNet Subscriber Support, contact [email protected] 
  Daniel Yang
  TechNet Community Support

• "Search this Site" function not working in my sharepoint site

  When I try search a record my on my site using "Search this Site" search bar it seems to not work. Do I have to set it up first or what does the search bar even search?
  Thank you.

  Hi Soupi,
  Go to Central Administration site->click your Search service application->Content source, then click the start a full crawl from a content source dropdown.
  Reference article.
  https://technet.microsoft.com/en-us/library/ee808864%28v=office.14%29.aspx?f=255&MSPPError=-2147217396
  I would temporarily close the case, if you still need any further assistance, please feel free to post.
  Thanks
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Realm authentication not working for usergroups

  Hi...
  I have a server running 10.4.3 (8F46). I'm running one web site, and also some AFP shares. This server is bound to our corporate Active Directory server.
  I'm positive the AD integration works because my AFP shares use AD users and groups for their permissions. All but one AFP share uses an AD group for permissions. AD users are in an AD group, and they can log in to the share. It works.
  Anyways.... I want my one web site to be protected, and I'd like only one AD group to be able to access it. I am familiar with Apache from FreeBSd and OpenBSD. In ServerAdmin, I created a web site, and it works. I then created a realm, and added one AD user to the users pane. From the browser, I can connect to the web site after I authenticate as the AD user (annoyingly, I have to prepend my AD domain and a backslash to my username). My AD user can connect and view the web page.
  When I add an AD group to the groups pane, none of the member users can authenticate properly. If I remove the above user from the user pane, and add a group (containing said user) to the group pane, that user can no longer log in.
  I've consulted the 10.4 server documentation; the WebServices pdf does not get into details with realm authentication, and covers it mostly in conjunction with WebDAV.
  I find it odd that an AD user can connect when specified as a user entry, but not from within a group. It's almost as if authenticating to AD groups is broken in Apple's implementation of Apache.
  Has anyone else set up authentication with websites? Ever done it with Active Directory?
  Thanks
  /eric

  This is not limited to Active Directory as I have been unable to use groups for realm authentication with OpenLDAP either (on 10.3.9).
  I assumed it would be fixed in 10.4 but I see it has not.

• Integrated Authentication not working for firefox 31 and above for NTLMv2

  Users browsing from a Citrix session are being asked to authenticate using Firefox on newer versions (31-35) as they used to pass authentication transparently via NTLMv2 in earlier versions. This does not happen on IE so wondering what to do to get this working again for Firefox users.
  Did release 31 also remove by accident ntlmv2 capability? If so, when and where is a fix to correct it. Fine to remove pre-ntlmv2 versions but dont break ntlmv2

  I would like to bump this and I am wondering if this was ever solved. My only difference is at one point I had it working with http but ended up reinstalling using https. I get access denied but when I type in my username and password and it goes in fine.
  There is a cert on the website
  I have changed NTFS permissions
  Made sure NTLM was on top
  Website is in the local intranet zone
  On the server itself that hosts the webconsole I can get in fine.

• Basic authentication not working for portal application

  HI All,
  i have a portal application where I have a servlet. i want to use basic authentication for this servlet.
  to archive this i have followed http://docs.oracle.com/cd/E14571_01/web.1111/b31974/adding_security.htm
  and configured basic authentication, also add web-resource in web.xml for the url to access the servlet.
  my web.xml look like (copied is only security section from web.xml)
  <security-constraint>
      <web-resource-collection>
        <web-resource-name>adfAuthentication</web-resource-name>
        <url-pattern>/adfAuthentication</url-pattern>
      </web-resource-collection>
      <web-resource-collection>
        <web-resource-name>All</web-resource-name>
        <url-pattern>/faces/Auto-connect</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>valid-users</role-name>
      </auth-constraint>
    </security-constraint>
    <login-config>
      <auth-method>BASIC</auth-method>
    </login-config>
    <security-role>
      <role-name>valid-users</role-name>
    </security-role>
  this works when in run the application in JDeveloper i.e. when i try to access http://localhost:7101/MyApp/faces/Auto-connect it ask for basic authentication (the popup) and when i access http://localhost:7101/MyApp/ it takes me to home page for login , but doesn't work when i deploy the application in weblogic 11g.(deployment done using Enterprise Manager console (EM console) (for both URL no popup).
  i tried Google around it but didn't get any solution please provide your input and guide me.
  thanks
  -somesh

  Hi,
  Before deploying, have you changed:
  Application properties -> Deployment
  Remove the selection from "Auto Generate and Syncronize weblogic-jdc.xml ....."
  Kind Regards

• 11G Modplsql Basic Authentication not working for globally identified database users

  I have a modplsql dad that uses Basic authentication.  When I supply a username and password where the database user is locally defined in the database using the "identified by" syntax the authentication works perfectly and the modplsql app works.  When I try to authenticate a database user that is defined in the database using the "identified globally" syntax authentication fails.  Any idea on how to get modplsql app to work with users identified via OID?
  Thanks,
  Phil

  Hi,
  Before deploying, have you changed:
  Application properties -> Deployment
  Remove the selection from "Auto Generate and Syncronize weblogic-jdc.xml ....."
  Kind Regards

• Search is not working for only one site collection

  Hi All,
  I have one issue where users are searching something on a site collection nothing is coming out.  Search is working on web application level but not in only one site collection.
  I checked the crawl log and found  below error for this site collection

  Hi Aditya,
  From the error message, there might be several reasons:
  Configure search time-out settings (Search Server 2010):
  http://technet.microsoft.com/en-us/library/ee808892.aspx
  Please check the user accounts created under the home group that could push the limit of the ACL, and this error message may be occur:
  http://www.sweendog.net/blogengine/post/2012/02/03/The-Filter-Daemon-has-Timed-Out.aspx & http://sharepoint.stackexchange.com/questions/26755/sharepoint-2010-search-server-not-crawling-content-due-to-filter-daemon-timeout
  Make sure the search service account has access to SearchIndex share:
  http://www.sharepointsecurity.com/sharepoint/sharepoint-development/fixing-the-filter-daemon-did-not-respond-within-the-timeout-limit-error/
  If the links above doesn’t help, please collect more error message in ULS log for troubleshooting.
  Regards,
  Rebecca Tu
  TechNet Community Support

• Enabled cookies, but not working for this specific site...

  I was trying to log in to milwaukeejobs.com, but then it takes me to a page which says, "If you have tried to log in, but are being redirected to this page. It may be because cookies are not enabled on your computer." I made sure my cookies were enabled (I have "accept cookies from sites" and "accept third-party cookies"), but I still can't log in. I tried logging into my milwaukeejobs.com account from another browser (Safari) and that worked so it's not a problem with my account. It is firefox. I didn't have a problem with this until I upgraded to firefox 4. Please help! Thanks so much.

  Had the same problem with a different website. Solved by doing this:
  # Clean browsers cookies and cache
  # Go to the specific login/registration page that didn't work. Make sure it is http://'''www'''.site.com and NOT just http://site.com
  # Login/register

• Forms based authentication in sharepoint 2013 using custom membership provider

  I am developing  FBA  for SP2013 using custom membership provider using the following link 
  http://benredl.wordpress.com/2012/10/03/creating-forms-based-authentication-and-user-profiles-in-sharepoint-2013-using-custom-membership-and-role-providers-and-a-custom-user-profile-synchronization-utility/
  the feature i am trying to develop is that the user is created using a homegrown asp.net  application which uses sql server 
  and then When that user goes to SP2013 he should be able to login with the username and password created using the homegrown asp.net application 
  my questions are following 
  If I follow the article in the link should i be taking the assembly(dll) and deploying it to GAC or will VS2013 automatically do it
  Do I have to implement  FindUserByEmail and FindUserByName methods ?
  if the connectionstring for an asp.net application is in the web.config file  where would the connection for the sqlserver go if this application is for SharePoint 
  TIA

  Hi TIA,
  try this it contains the code for you and it is ready
  http://sharepoint2013fba.codeplex.com/
  Kind Regards, John Naguib Technical Consultant/Architect MCITP, MCPD, MCTS, MCT, TOGAF 9 Foundation