Getting initiating user out of proxy

Similar Messages

• Initial User not getting populated

  Hello
  We have just upgraded from SAP 4.6 to ECC 6.0, there is a task to get Initial User details, in older version we were using binding workflow cont - 'workitem.workitemcreator' to task cont - 'Initialuser', In upgraded version the binding changed itself to workflow cont - 'Intialuser' to task cont - 'Intialuser', which does not populate the 'Intialuser' in task cont.
  If i change workflow cont to 'workitem.workitemcreator' or 'inituser' the task goes in error. What should I do??? to populate 'Initialuser' of task cont.
  Thanks
  Bhavna

  No, it's not a problem of an UI (portal).
  "We also wrote a script that would fetch all the details of the users from the FIM DB and the values are blank there too. so i'm guessing there's no problem with the portal." -
  I hope you know that it is highly not recommended to do any operations on DB directly?
  Ok, you say that you create user programmatically on FIM. Is it via PowerShell or another way? If attrbiutes are blank in Request - it seems that they are not passed to FIMService correctly. Maybe some special characters in those fields in source?
  If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• Kinit: Client not found in Kerberos database while getting initial credentials

  Hi all,
  I am trying to configure application which uses Kerberos authentication.
  Error message: 
  kinit: Client not found in Kerberos database while getting initial credentials
  I use Windows Server 2003 domain controller as LDAP server, Tomcat application (on Linux) and IIS application as client, and apache load balancer.
  There is multidomain environment:  russia.domain.net, europa.domain.net, asia.domain.net;
  Tomcat and IIS servers works behind a proxy server (Apache on Linux). 
  For applications created two DNS  records type A. all DNS use IP address of Apache proxy server:
  application-sandbox.russia.domain.net
  applicationweb-sandbox.russia.domain.net
  To confiure kerberos authentication i have performed the following steps:
  1. Create user account in EUROPA domain and configure delegation for this:
  EUROPE\application_sandbox
  2. Register SPN for this account:
  setspn -A HTTP/application-sandbox.russia.domain.net EUROPE\application_sandbox
  setspn -A HTTP/application-sandbox EUROPE\application_sandbox
  3. After i verified registered SPN for this account:
  setspn.exe -L EUROPE\application_sandbox
  Registered ServicePrincipalNames for CN=kxxb999,OU=Users,DC=europe,DC=domain,DC=net:
          HTTP/application-sandbox
          HTTP/application-sandbox.russia.domain.net
  3. After i generate a keytab file:
  ktpass /princ HTTP/application-sandbox.russia.domain.net:@RUSSIA.DOMAIN.NET /ptype krb5_nt_principal /crypto rc4-hmac-nt /mapuser EUROPE\application_sandbox /out application_sandbox.keytab -kvno 0 /pass Pa$$w0rd
  4. Properties of account looks like the following:
  Get-ADUser -Identity appication_sandbox -Properties CN, ServicePrincipalNames, UserPrincipalName
  CN : kxxb999
  DistinguishedName : CN=kxxb999,OU=Users,DC=europe,DC=domain,DC=net
  Enabled : True
  GivenName :
  Name : kxxb999
  ObjectClass : user
  SamAccountName : application_sandbox
  ServicePrincipalNames : {HTTP/application-sandbox, HTTP/application-sandbox.russia.domain.net}
  Surname : application_sandbox
  UserPrincipalName : HTTP/[email protected]
  4.Note that CN and User logon name are different. SPN registered for DNS record.
  There are no computer in domain with name application-sandbox.russia.domain.net. this is a DNS record for application.
  5. Then i copy keytab file to Linux machine, configure krb5.conf file and trying to get TGT for registered principal name.
  krb5.conf file:
  [libdefaults]
  default_realm = EUROPE.DOMAIN.NET
  dns_lookup_realm = false
  dns_lookup_kdc = false
  default_tkt_enctypes = rc4-hmac
  default_tgs_enctypes = rc4-hmac
  [realms]
  RUSSIA.DOMAIN.NET = {
  kdc = dc01.russia.domain.net
  admin_server = dc01.russia.domain.net
  default_domain = russia.domain.net
  EUROPE.DOMAIN.NET = {
  kdc = dc01.europe.domain.net
  admin_server = dc01.europe.domain.net
  default_domain = europe.domain.net
  [domain_realm]
  europe.domain.net = EUROPE.DOMAIN.NET
  .europe.domain.net = EUROPE.DOMAIN.NET
  russia.domain.net = RUSSIA.DOMAIN.NET
  .russia.domain.net = RUSSIA.DOMAIN.NET
  [appdefaults]
  autologin = true
  forward = true
  forwardable = true
  encrypt = true
  Then i verified created keytab file:
  klist -e -k -t application_sandbox.keytab
  Keytab name: FILE:application_sandbox.keytab
  KVNO Timestamp Principal
  0 01/01/70 01:00:00 HTTP/[email protected] (arcfour-hmac)
  And trying to get TGT ticket:
  kinit -V -k -t application_sandbox.keytab HTTP/[email protected]
  Using default cache: /tmp/krb5cc_0
  Using principal: HTTP/[email protected]
  Using keytab: application_sandbox.keytab
  kinit: Client not found in Kerberos database while getting initial credentials
  But if i use SamAccountName name with kinit commant then i can aquire TGT ticket:
  [root@localhost security]# kinit application_sandbox
  Password for [email protected]:
  [root@localhost security]# klist
  Ticket cache: FILE:/tmp/krb5cc_0
  Default principal: [email protected]
  Valid starting Expires Service principal
  06/30/14 16:37:41 07/01/14 02:37:38 krbtgt/[email protected]
  renew until 07/01/14 16:37:41
  I'm in trouble. can anyone faced this problem?
  Thank you

  Hi all,
  according to Amy answer I thought, how user principal could  not be found in Kerberos database, e.g AD domain.
  My HTTP service works in RUSSIA domain, but user principal created in EUROPE domain.
  Next, i have checked my ktpass command:
  ktpass /princ HTTP/[email protected] /ptype krb5_nt_principal /crypto rc4-hmac-nt /mapuser EUROPE\application_sandbox /out application_sandbox.keytab -kvno 0 /pass
  Pa$$w0rd
  especially  the following parameters:
  /princ HTTP/[email protected]
  /mapuser EUROPE\application_sandbox
  When generating keytab it changes userlogon name to HTTP/application-sandbox.russia.domain.net and set domain domain to RUSSIA.DOMAIN.NET
  But no user principal with name application_sandbox in RUSSIA.DOMAIN.NET domain (e.g. Kerberos realm)
  So solution is change RUSSIA.DOMAIN.NET to EUROPE.DOMAIN.NAME in ktpass command.
  After that i am able to get TGT and authenticate in domain.

• HT1451 Hi All, I have 2 users on my desktop, 1 i-tunes account and log-in but both users have different music contents i.e. one has the full iTunes library and the other only has some songs. How do i get both users to have the same music content?

  I Have 2 users on my computer and both access i-tunes using same password etc. however 1 library has the full content of music but the other one has only partial playlists. How do I get both users to have the same full library?

  The title of my initial post is a bit misleading. I already took a chance deleting one of the iPhones, hoping if I deleted the wrong one, I can still reauthorize it (all with the same Apple ID acct, so not subject to 90-day waiting period, right?) The iTunes database just updated itself, and it says I have 4 "devices" "in the Cloud", but 5 "computers" associated w my account. How can I find out what computers are associated? Isn't there a list I can see? I dont have a clue what computers they might be. If I use the  "Deauthorize All" option, is it a pain to add them all back in. I assume I would have to log in from each computer to reauthorize each one. Would I have to be running the newest OS or version of iTunes to reauthorize? I think I have a PowerBook G4 Titanium with an older OS and iTunes. I'd like to keep that authorized, if possible.

• How do I get all users to show on screen upon startup for login?

  New MacBook Pro with latest IOS. Yosemite10.10
  I got my first MacBook Pro out of the box from the Apple store yesterday...Logged in as an initial admin user...Then I migrated my MacBook Air to it. All three imported users showed. Success!! Then I restarted the MacBook Pro and the startup screen shows only a single login option: The initial admin user login Icon and name that I used on the MacBook Pro just before migrating the other users in from my MacBook Air.
  So, I deleted the initial user (I did not need it), so that the other users (already with admin rights) would be the only logical logins that should show upon restart.
  Result: The initial "deleted" user shows still, all alone and none of the other users.  So I now log in to this "deleted" user, it is very slow to start before the other logins eventually appear after the this delay. 
  How do I get my users to show at the login screen upon startup and restart?

  Go to Settings > General > Date & Time. Make sure your time zone is correct and turn on Set Automatically if it isn't on already.

• Why do I get a Track out of memory error while running open loop frequency response?

  MatrixX Build 61mx1411: I get a "Track out of memory" error when I run the Open Loop Frequency Response from the MatrixX pull down tools. What can I do to prevent this? We are running on an HP B1000 with 768 MB of RAM under HP-UX 10.2.

  In the old days of Mx say Version 5 and prior the user actually selected the amount of memory that would be allocated. Depending on the size of the model etc. you would have to allocate memory. In version 6.0 and going forward there is no need for the user to manually allocate the memory.
  Build {rstack=50000,istack=200000,sstack=50000,cstack=50​0 000}
  If this is a command in a script file that you are running and the error is resulting from that then I would try commenting out everything after the letter d in the word build and then starting it back up.
  i.e. only use Build
  I don't believe that there is a way to manually allocate the initial SystemBuild Stack size.
  I believe initially the stack size is set to 10010.
  However, one way
  you can manually set the initial SystemBuild stack size,is to create a large StateSpace as soon as you start up SystemBuild. This will prevent piece-meal reallocs while using SystemBuild.
  You can created a new SuperBlock in SystemBuild and then drop down a StateSpace Block with 199 inputs and 199 Outputs and 1 State and entered ones(200,200)as the StateSpace Matrix without any problems. This would resize this internal stack to at least 40000.
  You really should not have to do this but if that helps then you might think about doing this in your startup.ms file you could use SBA or load the file then you could delete the superblock and begin working.
  "Bob" gave me this little tid bit.
  Please let me know if any of this is of use.
  Garrett
  Garrett Thurston
  [email protected]
  Phone: 781.993.5540

• ITunes locks up when trying to log another user out of the store.

  Running Windows 7.  System restart is all that will allow me to re-open iTunes.  Running a diagnostic check indicates that the store cannot communicate.  Results of that follow:
  Microsoft Windows 7 x64 Business Edition Service Pack 1 (Build 7601)
  Hewlett-Packard HP Elite 7100 Microtower PC
  iTunes 10.5.2.11
  QuickTime 7.7.1
  FairPlay 1.13.37
  Apple Application Support 2.1.6
  iPod Updater Library 10.0d2
  CD Driver 2.2.0.1
  CD Driver DLL 2.1.1.1
  Apple Mobile Device 4.0.0.97
  Apple Mobile Device Driver 1.57.0.0
  Bonjour 3.0.0.10 (333.10)
  Gracenote SDK 1.9.5.502
  Gracenote MusicID 1.9.5.115
  Gracenote Submit 1.9.5.143
  Gracenote DSP 1.9.5.45
  iTunes Serial Number [redacted]
  Current user is not an administrator.
  The current local date and time is 2012-01-18 20:13:46.
  iTunes is not running in safe mode.
  WebKit accelerated compositing is enabled.
  HDCP is not supported.
  Core Media is supported.
  Video Display Information
  Intel Corporation, Intel(R) Graphics Media Accelerator HD
  **** External Plug-ins Information ****
  No external plug-ins installed.
  iPodService 10.5.2.11 (x64) is currently running.
  iTunesHelper 10.5.2.11 is currently running.
  Apple Mobile Device service 3.3.0.0 is currently running.
  **** Network Connectivity Tests ****
  Network Adapter Information
  Adapter Name:          {34514AC4-8B99-438B-923C-E2C96131C81C}
  Description:          Realtek PCIe GBE Family Controller
  IP Address:          [redacted]
  Subnet Mask:          255.255.255.0
  Default Gateway:          [redacted]
  DHCP Enabled:          Yes
  DHCP Server:          [redacted]
  Lease Obtained:          Wed Jan 18 20:08:05 2012
  Lease Expires:          Wed Jan 18 20:08:04 2012
  DNS Servers:          [redacted]
  Active Connection:          LAN Connection
  Connected:          Yes
  Online:                    Yes
  Using Modem:          No
  Using LAN:          Yes
  Using Proxy:          No
  SSL 3.0 Support:          Enabled
  TLS 1.0 Support:          Enabled
  Firewall Information
  Windows Firewall is on.
  iTunes is NOT enabled in Windows Firewall.
  Connection attempt to Apple web site was successful.
  Connection attempt to browsing iTunes Store was successful.
  Connection attempt to purchasing from iTunes Store was successful.
  Connection attempt to iPhone activation server was successful.
  Connection attempt to firmware update server was unsuccessful.
  The network connection timed out.
  Connection attempt to Gracenote server was successful.
  Last successful iTunes Store access was 2012-01-18 20:10:05.
  I've reset the firewall "outbound rules" as suggested in the help after the diagnostic test.  This only allows me to enter the store but upon initiating log out iTunes locks.  I've used the "netsh winsock reset" (as suggested here: https://discussions.apple.com/message/15905544#15905544) to no avail.
  Any ideas are appreciated.

  Thanks for the response.  Following the instructions in that article produces the following information.  Very close to what is described in the article but the names differ (IPv6 vs. IP) and a total of eight rather than 10 values.  I can't see any LSP interfering with this . . .
  I've updated my Norton AntiVirus without effect.  Interestingly the firewall "inbound rules" shows one for iTunes even when the connectivity test fails.  If I delete the existing and create a new rule it will work only until I try to log out the current user.  Then the party is over.
  Any other ideas?
  Name
  MSAFD Tcpip [TCP/IPv6]
  Connectionless Service
  No
  Guarantees Delivery
  Yes
  Guarantees Sequencing
  Yes
  Maximum Address Size
  28 bytes
  Maximum Message Size
  0 bytes
  Message Oriented
  No
  Minimum Address Size
  28 bytes
  Pseudo Stream Oriented
  No
  Supports Broadcasting
  No
  Supports Connect Data
  No
  Supports Disconnect Data
  No
  Supports Encryption
  No
  Supports Expedited Data
  Yes
  Supports Graceful Closing
  Yes
  Supports Guaranteed Bandwidth
  No
  Supports Multicasting
  No
  Name
  MSAFD Tcpip [UDP/IPv6]
  Connectionless Service
  Yes
  Guarantees Delivery
  No
  Guarantees Sequencing
  No
  Maximum Address Size
  28 bytes
  Maximum Message Size
  63.99 KB (65,527 bytes)
  Message Oriented
  Yes
  Minimum Address Size
  28 bytes
  Pseudo Stream Oriented
  No
  Supports Broadcasting
  Yes
  Supports Connect Data
  No
  Supports Disconnect Data
  No
  Supports Encryption
  No
  Supports Expedited Data
  No
  Supports Graceful Closing
  No
  Supports Guaranteed Bandwidth
  No
  Supports Multicasting
  Yes
  Name
  MSAFD Tcpip [TCP/IP]
  Connectionless Service
  No
  Guarantees Delivery
  Yes
  Guarantees Sequencing
  Yes
  Maximum Address Size
  16 bytes
  Maximum Message Size
  0 bytes
  Message Oriented
  No
  Minimum Address Size
  16 bytes
  Pseudo Stream Oriented
  No
  Supports Broadcasting
  No
  Supports Connect Data
  No
  Supports Disconnect Data
  No
  Supports Encryption
  No
  Supports Expedited Data
  Yes
  Supports Graceful Closing
  Yes
  Supports Guaranteed Bandwidth
  No
  Supports Multicasting
  No
  Name
  MSAFD Tcpip [UDP/IP]
  Connectionless Service
  Yes
  Guarantees Delivery
  No
  Guarantees Sequencing
  No
  Maximum Address Size
  16 bytes
  Maximum Message Size
  63.99 KB (65,527 bytes)
  Message Oriented
  Yes
  Minimum Address Size
  16 bytes
  Pseudo Stream Oriented
  No
  Supports Broadcasting
  Yes
  Supports Connect Data
  No
  Supports Disconnect Data
  No
  Supports Encryption
  No
  Supports Expedited Data
  No
  Supports Graceful Closing
  No
  Supports Guaranteed Bandwidth
  No
  Supports Multicasting
  Yes
  Name
  RSVP TCPv6 Service Provider
  Connectionless Service
  No
  Guarantees Delivery
  Yes
  Guarantees Sequencing
  Yes
  Maximum Address Size
  28 bytes
  Maximum Message Size
  0 bytes
  Message Oriented
  No
  Minimum Address Size
  28 bytes
  Pseudo Stream Oriented
  No
  Supports Broadcasting
  No
  Supports Connect Data
  No
  Supports Disconnect Data
  No
  Supports Encryption
  Yes
  Supports Expedited Data
  Yes
  Supports Graceful Closing
  Yes
  Supports Guaranteed Bandwidth
  No
  Supports Multicasting
  No
  Name
  RSVP TCP Service Provider
  Connectionless Service
  No
  Guarantees Delivery
  Yes
  Guarantees Sequencing
  Yes
  Maximum Address Size
  16 bytes
  Maximum Message Size
  0 bytes
  Message Oriented
  No
  Minimum Address Size
  16 bytes
  Pseudo Stream Oriented
  No
  Supports Broadcasting
  No
  Supports Connect Data
  No
  Supports Disconnect Data
  No
  Supports Encryption
  Yes
  Supports Expedited Data
  Yes
  Supports Graceful Closing
  Yes
  Supports Guaranteed Bandwidth
  No
  Supports Multicasting
  No
  Name
  RSVP UDPv6 Service Provider
  Connectionless Service
  Yes
  Guarantees Delivery
  No
  Guarantees Sequencing
  No
  Maximum Address Size
  28 bytes
  Maximum Message Size
  63.99 KB (65,527 bytes)
  Message Oriented
  Yes
  Minimum Address Size
  28 bytes
  Pseudo Stream Oriented
  No
  Supports Broadcasting
  Yes
  Supports Connect Data
  No
  Supports Disconnect Data
  No
  Supports Encryption
  Yes
  Supports Expedited Data
  No
  Supports Graceful Closing
  No
  Supports Guaranteed Bandwidth
  No
  Supports Multicasting
  Yes
  Name
  RSVP UDP Service Provider
  Connectionless Service
  Yes
  Guarantees Delivery
  No
  Guarantees Sequencing
  No
  Maximum Address Size
  16 bytes
  Maximum Message Size
  63.99 KB (65,527 bytes)
  Message Oriented
  Yes
  Minimum Address Size
  16 bytes
  Pseudo Stream Oriented
  No
  Supports Broadcasting
  Yes
  Supports Connect Data
  No
  Supports Disconnect Data
  No
  Supports Encryption
  Yes
  Supports Expedited Data
  No
  Supports Graceful Closing
  No
  Supports Guaranteed Bandwidth
  No
  Supports Multicasting
  Yes

• 8.0 hangs at Initializing User Interface

  My son has a fourteen minute movie project that was created in Premier Elements 3.0.  For some reason every time he goes to render the movie now he gets an error.  The only thing it will let him do is render it to DVD format.  The problem with this is that he'd like to post the movie on the web and we don't know how to get it to the web from the DVD format.
  The computer running 3.0 is Win XP 32 bit with 2GB of ram.  It cannot be upgraded further.  We assumed these issues were happening due to a low memory problem of some sort.
  To solve this problem about a year ago, we tried upgrading to a new version of 8.0 on a newer machine.  We haven't been able to get any of the movie projects to open in 8.0. They all hangs on a black screen with the message "Initializing User Interface."
  The new computer is Intel Quad Core CPU  [email protected]  4 GB of ram, 64 bit running Windows 7.
  Graphics cards are two Nvidia 9600 GT.  I currently have the SLI disabled.
  All of my drivers and software are up to date.
  Our version of 8.0 was updated to 8.1 or 8.01 not sure what it was... it is the only update available for 8.0.
  You can see other movies he created with 3.0 back when it was working properly here...
  http://www.youtube.com/watch?v=f-QgSllmhvU
  http://www.youtube.com/watch?v=oFEc9VBV0ik
  We've tried calling in about this issue and have been incredibly frustrated with the lousy customer service.  The woman today told me that he would just have to recreate the movie in 8.0.   She claimed there is a way to convert it but she won't tell me unless I pay an hourly rate or buy the new 9.0 product.  The new project contains over 8000 pictures and represents a year of work.
  I'd like help with either of these problems.  Getting the 3.0 version to render or getting the 8.0 version to open the 3.0 project so that it could be rendered.
  Thanks

  Although Adobe touts their PRE as being 'backwards compatible" in reality it doesn't really work. If you have projects created with an older version, then you should only do further editing in that same version.
  Multiple versions of PRE happily coexist, so install your 3.0.2 version (get the update from http://www.adobe.com/support/downloads/detail.jsp?ftpID=3565) on your newer machine. If you have saved the v3 project out from the v8 product then recopy the project from your older machine to the newer - saving it from v8 will not work in v3.
  Cheers,
  Neale
  Insanity is hereditary, you get it from your children

• After effects CS3 locks up at Initializing User Interface

  I am doing an install for a school lab and they are requesting both CS3 and CS4. Is that possible under Mac OS 10.5? I have managed to get everything to work except After effects CS3. They didn't need CS4 after effects so i removed that and CS3 after effects still doesn't work. I removed the prefrerences in the users Library folder and allowed after effects to re-create it and I am still unable to load the program It Freazes at Initializing User interface. I have tried uninstalling CS4 and CS3 After effects still didn't work. I just uninstalled CS3 as well and re-installed it again and i am still getting the same error. Any suggestions? I might Remove CS3 again and use the script that is on the net to remove all CS3 data.

  What Macs are we talking about? There are some issues with some iMac models that seem to occur with specific configurations of said iMacs. A regular occurence is some 2007/2008 series models with ATI cards not launching AE at all or going into a freeze. Users have reported that completely re-installing OSX fixed these issues, so I can only assume it's a flaw in the factory disk image used to pre-format and pre-configure those machines upon delivery. Other than that I'm not aware of a specific cause, but who knows. If you can provide more info, I'm sure something can be clearly made out as the culprit.
  Mylenium

• I'm relatively new to Mac and want to try and get the most out of the new MacBook Air.   My wife and I have been sharing the same Apple ID. We both have iPhones - she has a 5 and I've got a 4S.   We only have one copy of iTunes and we have been sharing t

  I'm relatively new to Mac and want to try and get the most out of the new MacBook Air.
  My wife and I have been sharing the same Apple ID. We both have iPhones - she has a 5 and I've got a 4S.
  We only have one copy of iTunes and we have been sharing the account. (She doesn't really use the computer for anything beyond writing the odd weekend assignment.)
  Would I be better off setting her up with her own and making her as a separate user on the computer? Would this require much work?
  In recent times with updates, we have a few problems with the duplication of texts and that sort of thing. Both of our texts are stored on the computer and that sort of thing. Also, sometimes texts I send her are sent through to me  from her, if that makes any sense.
  Anyway, I don't really want to overly complicate matters when it comes to accounts etc, but I wanted to know if a fresh Apple ID would be the best thing or even a new user?
  Any tips etc would be greatly appreciated
  Thanks in advance
  MacBook
  I have this question too (0) Reply

  Your question is almost too much a personal one, begging the question "do we (husband and wife) feel comfy sharing one account on the Mac"   maybe thats why nobody answered you.
  It doesnt complicate anything, but it adds steps for switching accounts on the Mac/ purchases etc. of course
  since your question is mostly personal, ..I wont answer THAT part of it, but creating a new account is easy.....messing with switching back and forth is also a personal preference 'issue' as well.   I prefer to keep things simple, but...........you and yours,  I dont know.......
  http://support.apple.com/kb/PH11468

• How to use an authenticated user for a proxy call

  Dear all,
  I am currently working on a JEE application where the user needs to authenticate (for this I have configured the web.xml).
  Now inside this application I need to do a proxy call to a PI webservice.
  I would like to use the user credentials of the already logged in user in order to call the proxy.
  What I don't want to do is to use a service user for the proxy call.
  The code I am trying to call looks something like this:
       private IntegratedConfigurationIn getPort() throws Exception{
            IntegratedConfigurationIn port = null;
            try {
                 IntegratedConfigurationInService service = null;
                 service = new IntegratedConfigurationInService();
                 port = (IntegratedConfigurationIn) service.getIntegratedConfigurationIn_Port();
                BindingProvider bp = (BindingProvider)port;
                bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, user);
                bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);
                if (url.length() != 0)
                     bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, url);
            catch (Exception ex){
                 ex.printStackTrace();
            return port;
  The examples I found to retrieve the userdata pointed to codes similar to this one:
  public HttpServletRequest getHttpRequest() throws Exception {
            // Get runtime context
            Properties props = new Properties();
            props.put("domain", "true");
            Context initialContext = new InitialContext(props);
            ApplicationWebServiceContext wsContext = (ApplicationWebServiceContext) initialContext
                      .lookup(" /wsContext/ApplicationWebServiceContext");
            HttpServletRequest req = wsContext.getHttpServletRequest();
            return req;
  com.sap.security.api.IUser sapUser = com.sap.security.api.UMFactory.getAuthenticator().getLoggedInUser(getHttpRequest(), null);
            IUser ep5User = com.sapportals.wcm.util.usermanagement.WPUMFactory.getUserFactory().getEP5User(sapUser);
  Now I don't know how to bring it togehter and how to use an authenticated user for the BindingProvider.
  I would appreciate any hints or ideas.

  Peter,
  from the first screenshot, what I understood is that, you are calling an inbound PI web service that is intended to create an integrated configuration object (this is used for whole lot of other reason completely) but not actually calling a development web service.
  For this, you would have to generate your client classes from the WSDL provided by the PI developer for that particular service. Once you get those client classes generated, you could used the method provided in the other screenshot to extract the user and password and call the intended web service.
  Vijay Konam

• OAM SSO integration question:How can I get a user identity from ObSSOCookie

  We are building an OAM SSO solution. The App server is both on OAS and WLS. My question is that, after I get the ObSSOCookie from httprequest.
  I need to verify whether the ObSSOCookie is a valid one, and I also need to get user identity from the cookie and pass it to login module to populate user principal
  Of course, one way of doing that is to install access manager SDK and go from there. But we support multiple OS, it's a pain to add Access manager SDK to different installer for different OS.
  I am trying to use IdentityXML Functions which is a SOAP based webservice so that I don't need to worry about the OS platform. But I can't find a webService which returns user identity based on a valid ObSSOCookie. It seems that I can invoke webService with valide ObSSOCookie, but there is no way to get the user identity back. Am I missing something?
  Hope someone can help me out.
  Thanks.
  -Wei

  Ok. Sounds like you are a vendor trying to play well in an SSO environment.
  Here is what I tell OAM customers when they are evaluating software to see if it will cooperate with a system like OAM.
  Can the software's native authentication scheme be explicitly turned off (usually a configuration in a file)?
  Can the software be configured to accept a token of identity in the form of a Cookie or HeaderVar (also configurable in a file)?
  If the answer to both is yes, then the system is capable of 'third party trust' for authentication.
  From your perspective, your logic for login should be something like:
  Is my native authN turned off?
  If yes, can I find the cookie or header that I should be looking for?
  If yes, take the value and proceed to create user session for this identity per usual (except that you never evaluated the authN - you trust that it was done).
  If no, present the native AuthN scheme anyway.
  If you follow this pattern, you are in the good company of folks like PeopleSoft and Plumtree who had these types of integrations working long ago.
  Yes, there are other ways to do this but, in my humble opinion, this remains the most stable and effective pattern we see.
  What you ask for as the identity token value is up to you. It is often the login ID value that you would have used in your own authN procedure. There's nothing particularly sensitive about having a webgate set headers - they are only available to the server and not to the client. Cookie of course could be seen but can't be spoofed as the webgate has the final word on it's content.
  Mark

• Is there a way to get a user login record after sleep?

  I know that by opening terminal and typing in "last" (without the quote marks) that it will give me about a 3 week record of who has logged on my computer after shutdowns and restarts.
  What I want to know is this:
  a) Is there a way to get a user login record after the computer only goes to sleep?
  b) is there a way to get the terminal to go back further than just 3 weeks or so for the shutdown/restart records?
  Is there software that might do this???
  Thanks in advance, this is important for me.

  bikinijack wrote:
  Thanks, Dave: so this is what I type in the terminal? "ls -l /var/log/wtmp*" (without the quotes). And how do you unzip something that has been "gzipped"?
  "man gzip" will give you the details for using gzip
  My first question can be explained this way: To get into the computer when it is coming out of sleep you need to type in a password, then it opens to the desktop. Is there a way I can find out the times over the course of a day/week/month that this is being done? i.e., is there a log being made somewhere of when the computer is being opened and signed onto after being asleep?
  When you wake the computer from a sleep, you are not logging in again so there will be
  no record of the event as a "login"
  My computer possibly could be used by a few other people that have access to my computer password (don't ask why) and I basically want to know if they are signing on when I am away from my desk.
  You may want to look at /var/log/asl.log or /var/log/secure.log which contain details of
  authentication attempts (which is what you are doing) and failures.
  I am not asking why you have multiple people accessing your computer with your password --
  but consider setting up separate username, it is a lot easier to manage and you will probably
  not be asking questions like this one.
  Dave

• Unable to get Windows User Name using Oracle Forms 6i, Jinitiator 1.3.1.17

  Hi,
  Requirement: Get Windows User Name using Oracle Web Forms 6i.
  Tools Using: Windows NT, Oracle web forms 6i, Oracle 10g DB.
  Description: I am using GetClientInfo JBean from otn.oracle.com, which gets windows user name, IP address and machine name. The demo I got from oracle web site uses Jinitiator version 1.1.7.18. While we are using the latest version Jinitiator 1.3.1.17. Due to this reason, I am unable to use Javakey which comes with older version but doesn't come with newer version, that's why I can't create the new JavaBean Java identity (PJC).
  Please advise what to do. All environment variables are set everything is done, this is the only thing bothering me.
  I went through the article 202768.1 from metalink, but on step 5, it gives an error keytool error: java.lang.Exception: Input not an X.509 Certificate.
  Also, please let me know if there is any other workaround for this requirement.
  Thanks & Best Regards,
  Mo

  Hi,
  Thanks for your kind reply. Actually there was a problem in creating a certificate, now it is okay with the same method. Certificate got imported on client and everything is ready.
  Now, the problem is when I try to set Bean Area Implementation Class property with oracle.forms.demos.GetClientInfo, it gives an error FRM-13008 Cannot find JavaBean with name 'oracle.forms.demos.GetClientInfo'.
  I went through the articles 1072329.6, 196824.1, and set ClassPath and Path variables with proper values. Also, I have copied jar file and signature file in forms60/java folder. I don't see any problems. Please let me know what I am doing wrong. My limitation is that I have to do all this in forms6i.
  I searched forums on metalink and found out that someone installed Patch 15, and everything went okay for him. Do you think I should install Patch 15? if YES, how will I do it, I mean should I first uninstall my forms and then install patch15 or install the patch on my forms?
  Thanks so much for your help.
  Thanks & Best Regards,
  Mo

• Getting the user name and computer name

  I've been trying to find out how to do this, but can't seem to get it.
  I have an AIR application that needs to get the user's login name, and computer name for verification.  I can't find anywhere to do this.  Is AIR able to get this information? Is there work arounds if there isn't?
  It won't ever be a web app, just an AIR app.

  What I did in Air 2 to accomplish that is the following:
                 public function getHostName():void {
                      if(NativeProcess.isSupported) {
                           var OS:String = Capabilities.os.toLocaleLowerCase();
                           var file:File;
                           if (OS.indexOf('win') > -1) {
                                //Executable in windows
                                file = new File('C:\\Windows\\System32\\hostname.exe');
                           } else if (OS.indexOf('mac') > -1 ) {
                                //Executable in mac
                           } else if (OS.indexOf('linux')) {
                                //Executable in linux
                           var nativeProcessStartupInfo:NativeProcessStartupInfo = new NativeProcessStartupInfo();
                           nativeProcessStartupInfo.executable = file;
                           var process:NativeProcess = new NativeProcess();
                                process.addEventListener(NativeProcessExitEvent.EXIT, onExitError);
                                process.addEventListener(ProgressEvent.STANDARD_OUTPUT_DATA, onOutput);
                                process.start(nativeProcessStartupInfo);
                                process.closeInput();
                 import utls.StringHelper;
                 public function onOutput(event:ProgressEvent):void {
                      var strHelper:StringHelper = new StringHelper();
                      var output:String = event.target.standardOutput.readUTFBytes(event.target.standardOutput.bytesAvailable);
                           output = strHelper.trimBack(output, "\n");
                           output = strHelper.trimBack(output, "\r");
                      trace('"'+output+'"');
  The package that I used is from the manual:
  package utls
       public class StringHelper
            public function StringHelper()
            public function replace(str:String, oldSubStr:String, newSubStr:String):String {
                 return str.split(oldSubStr).join(newSubStr);
            public function trim(str:String, char:String):String {
                 return trimBack(trimFront(str, char), char);
            public function trimFront(str:String, char:String):String {
                 char = stringToCharacter(char);
                 if (str.charAt(0) == char) {
                      str = trimFront(str.substring(1), char);
                 return str;
            public function trimBack(str:String, char:String):String {
                 char = stringToCharacter(char);
                 if (str.charAt(str.length - 1) == char) {
                      str = trimBack(str.substring(0, str.length - 1), char);
                 return str;
            public function stringToCharacter(str:String):String {
                 if (str.length == 1) {
                      return str;
                 return str.slice(0, 1);
  And sorry for the miss topic I just realized that it is on flex topic, but I post it either way it may be useful for anyone