Getting initiating user out of proxy
Hello!
Following scenario:
R/3(A) (sync. Proxy) --> XI --> R/3(B) (sync. Proxy).
At the target system the user initiating the proxy in (A) should be investigated out of the proxy runtime data (This works fine via several called methods of the proxy instance). But instead of the user triggering the proxy (as shown correct in the monitoring) the XI user is placed in the runtime as i can see during debugging...
Result:
XI-Monitoring shows RUNTIME-User = User of (A). <-Correct
Debugging shows RUNTIME-User = User of XI. <-Incorrect
How can I get during runtime the real initiator of the communication as shown in the monitoring?
Any ideas?
Kind regards,
Klaus
SQL> CREATE TABLE T(USRNAME VARCHAR2(30));
Table created
SQL> CREATE OR REPLACE TRIGGER TRI_TEST
2 BEFORE DELETE
3 ON TT
4 FOR EACH ROW
5 BEGIN
6 INSERT INTO T VALUES(USER);
7 END;
8 /
Trigger created
SQL> SELECT * FROM T;
USRNAME
SQL> SELECT * FROM TT;
EMP_P_ID EMP_FIRSTNAME EMP_ADDRESS
100 Steven SKING
101 Neena NKOCHHAR
102 Lex LDEHAAN
103 Alexander AHUNOLD
104 Bruce BERNST
105 David DAUSTIN
106 Valli VPATABAL
107 Diana DLORENTZ
108 Nancy NGREENBE
109 Daniel DFAVIET
10 rows selected
SQL> DELETE FROM TT WHERE EMP_P_ID=100;
1 row deleted
SQL> SELECT * FROM T;
USRNAME
DBAUSR
SQL> Edited by: Garey on 2009-8-3 上午2:37
Similar Messages
-
Initial User not getting populated
Hello
We have just upgraded from SAP 4.6 to ECC 6.0, there is a task to get Initial User details, in older version we were using binding workflow cont - 'workitem.workitemcreator' to task cont - 'Initialuser', In upgraded version the binding changed itself to workflow cont - 'Intialuser' to task cont - 'Intialuser', which does not populate the 'Intialuser' in task cont.
If i change workflow cont to 'workitem.workitemcreator' or 'inituser' the task goes in error. What should I do??? to populate 'Initialuser' of task cont.
Thanks
BhavnaNo, it's not a problem of an UI (portal).
"We also wrote a script that would fetch all the details of the users from the FIM DB and the values are blank there too. so i'm guessing there's no problem with the portal." -
I hope you know that it is highly not recommended to do any operations on DB directly?
Ok, you say that you create user programmatically on FIM. Is it via PowerShell or another way? If attrbiutes are blank in Request - it seems that they are not passed to FIMService correctly. Maybe some special characters in those fields in source?
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. -
Kinit: Client not found in Kerberos database while getting initial credentials
Hi all,
I am trying to configure application which uses Kerberos authentication.
Error message:
kinit: Client not found in Kerberos database while getting initial credentials
I use Windows Server 2003 domain controller as LDAP server, Tomcat application (on Linux) and IIS application as client, and apache load balancer.
There is multidomain environment: russia.domain.net, europa.domain.net, asia.domain.net;
Tomcat and IIS servers works behind a proxy server (Apache on Linux).
For applications created two DNS records type A. all DNS use IP address of Apache proxy server:
application-sandbox.russia.domain.net
applicationweb-sandbox.russia.domain.net
To confiure kerberos authentication i have performed the following steps:
1. Create user account in EUROPA domain and configure delegation for this:
EUROPE\application_sandbox
2. Register SPN for this account:
setspn -A HTTP/application-sandbox.russia.domain.net EUROPE\application_sandbox
setspn -A HTTP/application-sandbox EUROPE\application_sandbox
3. After i verified registered SPN for this account:
setspn.exe -L EUROPE\application_sandbox
Registered ServicePrincipalNames for CN=kxxb999,OU=Users,DC=europe,DC=domain,DC=net:
HTTP/application-sandbox
HTTP/application-sandbox.russia.domain.net
3. After i generate a keytab file:
ktpass /princ HTTP/application-sandbox.russia.domain.net:@RUSSIA.DOMAIN.NET /ptype krb5_nt_principal /crypto rc4-hmac-nt /mapuser EUROPE\application_sandbox /out application_sandbox.keytab -kvno 0 /pass Pa$$w0rd
4. Properties of account looks like the following:
Get-ADUser -Identity appication_sandbox -Properties CN, ServicePrincipalNames, UserPrincipalName
CN : kxxb999
DistinguishedName : CN=kxxb999,OU=Users,DC=europe,DC=domain,DC=net
Enabled : True
GivenName :
Name : kxxb999
ObjectClass : user
SamAccountName : application_sandbox
ServicePrincipalNames : {HTTP/application-sandbox, HTTP/application-sandbox.russia.domain.net}
Surname : application_sandbox
UserPrincipalName : HTTP/[email protected]
4.Note that CN and User logon name are different. SPN registered for DNS record.
There are no computer in domain with name application-sandbox.russia.domain.net. this is a DNS record for application.
5. Then i copy keytab file to Linux machine, configure krb5.conf file and trying to get TGT for registered principal name.
krb5.conf file:
[libdefaults]
default_realm = EUROPE.DOMAIN.NET
dns_lookup_realm = false
dns_lookup_kdc = false
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
[realms]
RUSSIA.DOMAIN.NET = {
kdc = dc01.russia.domain.net
admin_server = dc01.russia.domain.net
default_domain = russia.domain.net
EUROPE.DOMAIN.NET = {
kdc = dc01.europe.domain.net
admin_server = dc01.europe.domain.net
default_domain = europe.domain.net
[domain_realm]
europe.domain.net = EUROPE.DOMAIN.NET
.europe.domain.net = EUROPE.DOMAIN.NET
russia.domain.net = RUSSIA.DOMAIN.NET
.russia.domain.net = RUSSIA.DOMAIN.NET
[appdefaults]
autologin = true
forward = true
forwardable = true
encrypt = true
Then i verified created keytab file:
klist -e -k -t application_sandbox.keytab
Keytab name: FILE:application_sandbox.keytab
KVNO Timestamp Principal
0 01/01/70 01:00:00 HTTP/[email protected] (arcfour-hmac)
And trying to get TGT ticket:
kinit -V -k -t application_sandbox.keytab HTTP/[email protected]
Using default cache: /tmp/krb5cc_0
Using principal: HTTP/[email protected]
Using keytab: application_sandbox.keytab
kinit: Client not found in Kerberos database while getting initial credentials
But if i use SamAccountName name with kinit commant then i can aquire TGT ticket:
[root@localhost security]# kinit application_sandbox
Password for [email protected]:
[root@localhost security]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]
Valid starting Expires Service principal
06/30/14 16:37:41 07/01/14 02:37:38 krbtgt/[email protected]
renew until 07/01/14 16:37:41
I'm in trouble. can anyone faced this problem?
Thank youHi all,
according to Amy answer I thought, how user principal could not be found in Kerberos database, e.g AD domain.
My HTTP service works in RUSSIA domain, but user principal created in EUROPE domain.
Next, i have checked my ktpass command:
ktpass /princ HTTP/[email protected] /ptype krb5_nt_principal /crypto rc4-hmac-nt /mapuser EUROPE\application_sandbox /out application_sandbox.keytab -kvno 0 /pass
Pa$$w0rd
especially the following parameters:
/princ HTTP/[email protected]
/mapuser EUROPE\application_sandbox
When generating keytab it changes userlogon name to HTTP/application-sandbox.russia.domain.net and set domain domain to RUSSIA.DOMAIN.NET
But no user principal with name application_sandbox in RUSSIA.DOMAIN.NET domain (e.g. Kerberos realm)
So solution is change RUSSIA.DOMAIN.NET to EUROPE.DOMAIN.NAME in ktpass command.
After that i am able to get TGT and authenticate in domain. -
I Have 2 users on my computer and both access i-tunes using same password etc. however 1 library has the full content of music but the other one has only partial playlists. How do I get both users to have the same full library?
The title of my initial post is a bit misleading. I already took a chance deleting one of the iPhones, hoping if I deleted the wrong one, I can still reauthorize it (all with the same Apple ID acct, so not subject to 90-day waiting period, right?) The iTunes database just updated itself, and it says I have 4 "devices" "in the Cloud", but 5 "computers" associated w my account. How can I find out what computers are associated? Isn't there a list I can see? I dont have a clue what computers they might be. If I use the "Deauthorize All" option, is it a pain to add them all back in. I assume I would have to log in from each computer to reauthorize each one. Would I have to be running the newest OS or version of iTunes to reauthorize? I think I have a PowerBook G4 Titanium with an older OS and iTunes. I'd like to keep that authorized, if possible.
-
How do I get all users to show on screen upon startup for login?
New MacBook Pro with latest IOS. Yosemite10.10
I got my first MacBook Pro out of the box from the Apple store yesterday...Logged in as an initial admin user...Then I migrated my MacBook Air to it. All three imported users showed. Success!! Then I restarted the MacBook Pro and the startup screen shows only a single login option: The initial admin user login Icon and name that I used on the MacBook Pro just before migrating the other users in from my MacBook Air.
So, I deleted the initial user (I did not need it), so that the other users (already with admin rights) would be the only logical logins that should show upon restart.
Result: The initial "deleted" user shows still, all alone and none of the other users. So I now log in to this "deleted" user, it is very slow to start before the other logins eventually appear after the this delay.
How do I get my users to show at the login screen upon startup and restart?Go to Settings > General > Date & Time. Make sure your time zone is correct and turn on Set Automatically if it isn't on already.
-
Why do I get a Track out of memory error while running open loop frequency response?
MatrixX Build 61mx1411: I get a "Track out of memory" error when I run the Open Loop Frequency Response from the MatrixX pull down tools. What can I do to prevent this? We are running on an HP B1000 with 768 MB of RAM under HP-UX 10.2.
In the old days of Mx say Version 5 and prior the user actually selected the amount of memory that would be allocated. Depending on the size of the model etc. you would have to allocate memory. In version 6.0 and going forward there is no need for the user to manually allocate the memory.
Build {rstack=50000,istack=200000,sstack=50000,cstack=500 000}
If this is a command in a script file that you are running and the error is resulting from that then I would try commenting out everything after the letter d in the word build and then starting it back up.
i.e. only use Build
I don't believe that there is a way to manually allocate the initial SystemBuild Stack size.
I believe initially the stack size is set to 10010.
However, one way
you can manually set the initial SystemBuild stack size,is to create a large StateSpace as soon as you start up SystemBuild. This will prevent piece-meal reallocs while using SystemBuild.
You can created a new SuperBlock in SystemBuild and then drop down a StateSpace Block with 199 inputs and 199 Outputs and 1 State and entered ones(200,200)as the StateSpace Matrix without any problems. This would resize this internal stack to at least 40000.
You really should not have to do this but if that helps then you might think about doing this in your startup.ms file you could use SBA or load the file then you could delete the superblock and begin working.
"Bob" gave me this little tid bit.
Please let me know if any of this is of use.
Garrett
Garrett Thurston
[email protected]
Phone: 781.993.5540 -
ITunes locks up when trying to log another user out of the store.
Running Windows 7. System restart is all that will allow me to re-open iTunes. Running a diagnostic check indicates that the store cannot communicate. Results of that follow:
Microsoft Windows 7 x64 Business Edition Service Pack 1 (Build 7601)
Hewlett-Packard HP Elite 7100 Microtower PC
iTunes 10.5.2.11
QuickTime 7.7.1
FairPlay 1.13.37
Apple Application Support 2.1.6
iPod Updater Library 10.0d2
CD Driver 2.2.0.1
CD Driver DLL 2.1.1.1
Apple Mobile Device 4.0.0.97
Apple Mobile Device Driver 1.57.0.0
Bonjour 3.0.0.10 (333.10)
Gracenote SDK 1.9.5.502
Gracenote MusicID 1.9.5.115
Gracenote Submit 1.9.5.143
Gracenote DSP 1.9.5.45
iTunes Serial Number [redacted]
Current user is not an administrator.
The current local date and time is 2012-01-18 20:13:46.
iTunes is not running in safe mode.
WebKit accelerated compositing is enabled.
HDCP is not supported.
Core Media is supported.
Video Display Information
Intel Corporation, Intel(R) Graphics Media Accelerator HD
**** External Plug-ins Information ****
No external plug-ins installed.
iPodService 10.5.2.11 (x64) is currently running.
iTunesHelper 10.5.2.11 is currently running.
Apple Mobile Device service 3.3.0.0 is currently running.
**** Network Connectivity Tests ****
Network Adapter Information
Adapter Name: {34514AC4-8B99-438B-923C-E2C96131C81C}
Description: Realtek PCIe GBE Family Controller
IP Address: [redacted]
Subnet Mask: 255.255.255.0
Default Gateway: [redacted]
DHCP Enabled: Yes
DHCP Server: [redacted]
Lease Obtained: Wed Jan 18 20:08:05 2012
Lease Expires: Wed Jan 18 20:08:04 2012
DNS Servers: [redacted]
Active Connection: LAN Connection
Connected: Yes
Online: Yes
Using Modem: No
Using LAN: Yes
Using Proxy: No
SSL 3.0 Support: Enabled
TLS 1.0 Support: Enabled
Firewall Information
Windows Firewall is on.
iTunes is NOT enabled in Windows Firewall.
Connection attempt to Apple web site was successful.
Connection attempt to browsing iTunes Store was successful.
Connection attempt to purchasing from iTunes Store was successful.
Connection attempt to iPhone activation server was successful.
Connection attempt to firmware update server was unsuccessful.
The network connection timed out.
Connection attempt to Gracenote server was successful.
Last successful iTunes Store access was 2012-01-18 20:10:05.
I've reset the firewall "outbound rules" as suggested in the help after the diagnostic test. This only allows me to enter the store but upon initiating log out iTunes locks. I've used the "netsh winsock reset" (as suggested here: https://discussions.apple.com/message/15905544#15905544) to no avail.
Any ideas are appreciated.Thanks for the response. Following the instructions in that article produces the following information. Very close to what is described in the article but the names differ (IPv6 vs. IP) and a total of eight rather than 10 values. I can't see any LSP interfering with this . . .
I've updated my Norton AntiVirus without effect. Interestingly the firewall "inbound rules" shows one for iTunes even when the connectivity test fails. If I delete the existing and create a new rule it will work only until I try to log out the current user. Then the party is over.
Any other ideas?
Name
MSAFD Tcpip [TCP/IPv6]
Connectionless Service
No
Guarantees Delivery
Yes
Guarantees Sequencing
Yes
Maximum Address Size
28 bytes
Maximum Message Size
0 bytes
Message Oriented
No
Minimum Address Size
28 bytes
Pseudo Stream Oriented
No
Supports Broadcasting
No
Supports Connect Data
No
Supports Disconnect Data
No
Supports Encryption
No
Supports Expedited Data
Yes
Supports Graceful Closing
Yes
Supports Guaranteed Bandwidth
No
Supports Multicasting
No
Name
MSAFD Tcpip [UDP/IPv6]
Connectionless Service
Yes
Guarantees Delivery
No
Guarantees Sequencing
No
Maximum Address Size
28 bytes
Maximum Message Size
63.99 KB (65,527 bytes)
Message Oriented
Yes
Minimum Address Size
28 bytes
Pseudo Stream Oriented
No
Supports Broadcasting
Yes
Supports Connect Data
No
Supports Disconnect Data
No
Supports Encryption
No
Supports Expedited Data
No
Supports Graceful Closing
No
Supports Guaranteed Bandwidth
No
Supports Multicasting
Yes
Name
MSAFD Tcpip [TCP/IP]
Connectionless Service
No
Guarantees Delivery
Yes
Guarantees Sequencing
Yes
Maximum Address Size
16 bytes
Maximum Message Size
0 bytes
Message Oriented
No
Minimum Address Size
16 bytes
Pseudo Stream Oriented
No
Supports Broadcasting
No
Supports Connect Data
No
Supports Disconnect Data
No
Supports Encryption
No
Supports Expedited Data
Yes
Supports Graceful Closing
Yes
Supports Guaranteed Bandwidth
No
Supports Multicasting
No
Name
MSAFD Tcpip [UDP/IP]
Connectionless Service
Yes
Guarantees Delivery
No
Guarantees Sequencing
No
Maximum Address Size
16 bytes
Maximum Message Size
63.99 KB (65,527 bytes)
Message Oriented
Yes
Minimum Address Size
16 bytes
Pseudo Stream Oriented
No
Supports Broadcasting
Yes
Supports Connect Data
No
Supports Disconnect Data
No
Supports Encryption
No
Supports Expedited Data
No
Supports Graceful Closing
No
Supports Guaranteed Bandwidth
No
Supports Multicasting
Yes
Name
RSVP TCPv6 Service Provider
Connectionless Service
No
Guarantees Delivery
Yes
Guarantees Sequencing
Yes
Maximum Address Size
28 bytes
Maximum Message Size
0 bytes
Message Oriented
No
Minimum Address Size
28 bytes
Pseudo Stream Oriented
No
Supports Broadcasting
No
Supports Connect Data
No
Supports Disconnect Data
No
Supports Encryption
Yes
Supports Expedited Data
Yes
Supports Graceful Closing
Yes
Supports Guaranteed Bandwidth
No
Supports Multicasting
No
Name
RSVP TCP Service Provider
Connectionless Service
No
Guarantees Delivery
Yes
Guarantees Sequencing
Yes
Maximum Address Size
16 bytes
Maximum Message Size
0 bytes
Message Oriented
No
Minimum Address Size
16 bytes
Pseudo Stream Oriented
No
Supports Broadcasting
No
Supports Connect Data
No
Supports Disconnect Data
No
Supports Encryption
Yes
Supports Expedited Data
Yes
Supports Graceful Closing
Yes
Supports Guaranteed Bandwidth
No
Supports Multicasting
No
Name
RSVP UDPv6 Service Provider
Connectionless Service
Yes
Guarantees Delivery
No
Guarantees Sequencing
No
Maximum Address Size
28 bytes
Maximum Message Size
63.99 KB (65,527 bytes)
Message Oriented
Yes
Minimum Address Size
28 bytes
Pseudo Stream Oriented
No
Supports Broadcasting
Yes
Supports Connect Data
No
Supports Disconnect Data
No
Supports Encryption
Yes
Supports Expedited Data
No
Supports Graceful Closing
No
Supports Guaranteed Bandwidth
No
Supports Multicasting
Yes
Name
RSVP UDP Service Provider
Connectionless Service
Yes
Guarantees Delivery
No
Guarantees Sequencing
No
Maximum Address Size
16 bytes
Maximum Message Size
63.99 KB (65,527 bytes)
Message Oriented
Yes
Minimum Address Size
16 bytes
Pseudo Stream Oriented
No
Supports Broadcasting
Yes
Supports Connect Data
No
Supports Disconnect Data
No
Supports Encryption
Yes
Supports Expedited Data
No
Supports Graceful Closing
No
Supports Guaranteed Bandwidth
No
Supports Multicasting
Yes -
8.0 hangs at Initializing User Interface
My son has a fourteen minute movie project that was created in Premier Elements 3.0. For some reason every time he goes to render the movie now he gets an error. The only thing it will let him do is render it to DVD format. The problem with this is that he'd like to post the movie on the web and we don't know how to get it to the web from the DVD format.
The computer running 3.0 is Win XP 32 bit with 2GB of ram. It cannot be upgraded further. We assumed these issues were happening due to a low memory problem of some sort.
To solve this problem about a year ago, we tried upgrading to a new version of 8.0 on a newer machine. We haven't been able to get any of the movie projects to open in 8.0. They all hangs on a black screen with the message "Initializing User Interface."
The new computer is Intel Quad Core CPU [email protected] 4 GB of ram, 64 bit running Windows 7.
Graphics cards are two Nvidia 9600 GT. I currently have the SLI disabled.
All of my drivers and software are up to date.
Our version of 8.0 was updated to 8.1 or 8.01 not sure what it was... it is the only update available for 8.0.
You can see other movies he created with 3.0 back when it was working properly here...
http://www.youtube.com/watch?v=f-QgSllmhvU
http://www.youtube.com/watch?v=oFEc9VBV0ik
We've tried calling in about this issue and have been incredibly frustrated with the lousy customer service. The woman today told me that he would just have to recreate the movie in 8.0. She claimed there is a way to convert it but she won't tell me unless I pay an hourly rate or buy the new 9.0 product. The new project contains over 8000 pictures and represents a year of work.
I'd like help with either of these problems. Getting the 3.0 version to render or getting the 8.0 version to open the 3.0 project so that it could be rendered.
ThanksAlthough Adobe touts their PRE as being 'backwards compatible" in reality it doesn't really work. If you have projects created with an older version, then you should only do further editing in that same version.
Multiple versions of PRE happily coexist, so install your 3.0.2 version (get the update from http://www.adobe.com/support/downloads/detail.jsp?ftpID=3565) on your newer machine. If you have saved the v3 project out from the v8 product then recopy the project from your older machine to the newer - saving it from v8 will not work in v3.
Cheers,
Neale
Insanity is hereditary, you get it from your children -
After effects CS3 locks up at Initializing User Interface
I am doing an install for a school lab and they are requesting both CS3 and CS4. Is that possible under Mac OS 10.5? I have managed to get everything to work except After effects CS3. They didn't need CS4 after effects so i removed that and CS3 after effects still doesn't work. I removed the prefrerences in the users Library folder and allowed after effects to re-create it and I am still unable to load the program It Freazes at Initializing User interface. I have tried uninstalling CS4 and CS3 After effects still didn't work. I just uninstalled CS3 as well and re-installed it again and i am still getting the same error. Any suggestions? I might Remove CS3 again and use the script that is on the net to remove all CS3 data.
What Macs are we talking about? There are some issues with some iMac models that seem to occur with specific configurations of said iMacs. A regular occurence is some 2007/2008 series models with ATI cards not launching AE at all or going into a freeze. Users have reported that completely re-installing OSX fixed these issues, so I can only assume it's a flaw in the factory disk image used to pre-format and pre-configure those machines upon delivery. Other than that I'm not aware of a specific cause, but who knows. If you can provide more info, I'm sure something can be clearly made out as the culprit.
Mylenium -
I'm relatively new to Mac and want to try and get the most out of the new MacBook Air.
My wife and I have been sharing the same Apple ID. We both have iPhones - she has a 5 and I've got a 4S.
We only have one copy of iTunes and we have been sharing the account. (She doesn't really use the computer for anything beyond writing the odd weekend assignment.)
Would I be better off setting her up with her own and making her as a separate user on the computer? Would this require much work?
In recent times with updates, we have a few problems with the duplication of texts and that sort of thing. Both of our texts are stored on the computer and that sort of thing. Also, sometimes texts I send her are sent through to me from her, if that makes any sense.
Anyway, I don't really want to overly complicate matters when it comes to accounts etc, but I wanted to know if a fresh Apple ID would be the best thing or even a new user?
Any tips etc would be greatly appreciated
Thanks in advance
MacBook
I have this question too (0) ReplyYour question is almost too much a personal one, begging the question "do we (husband and wife) feel comfy sharing one account on the Mac" maybe thats why nobody answered you.
It doesnt complicate anything, but it adds steps for switching accounts on the Mac/ purchases etc. of course
since your question is mostly personal, ..I wont answer THAT part of it, but creating a new account is easy.....messing with switching back and forth is also a personal preference 'issue' as well. I prefer to keep things simple, but...........you and yours, I dont know.......
http://support.apple.com/kb/PH11468 -
How to use an authenticated user for a proxy call
Dear all,
I am currently working on a JEE application where the user needs to authenticate (for this I have configured the web.xml).
Now inside this application I need to do a proxy call to a PI webservice.
I would like to use the user credentials of the already logged in user in order to call the proxy.
What I don't want to do is to use a service user for the proxy call.
The code I am trying to call looks something like this:
private IntegratedConfigurationIn getPort() throws Exception{
IntegratedConfigurationIn port = null;
try {
IntegratedConfigurationInService service = null;
service = new IntegratedConfigurationInService();
port = (IntegratedConfigurationIn) service.getIntegratedConfigurationIn_Port();
BindingProvider bp = (BindingProvider)port;
bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, user);
bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);
if (url.length() != 0)
bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, url);
catch (Exception ex){
ex.printStackTrace();
return port;
The examples I found to retrieve the userdata pointed to codes similar to this one:
public HttpServletRequest getHttpRequest() throws Exception {
// Get runtime context
Properties props = new Properties();
props.put("domain", "true");
Context initialContext = new InitialContext(props);
ApplicationWebServiceContext wsContext = (ApplicationWebServiceContext) initialContext
.lookup(" /wsContext/ApplicationWebServiceContext");
HttpServletRequest req = wsContext.getHttpServletRequest();
return req;
com.sap.security.api.IUser sapUser = com.sap.security.api.UMFactory.getAuthenticator().getLoggedInUser(getHttpRequest(), null);
IUser ep5User = com.sapportals.wcm.util.usermanagement.WPUMFactory.getUserFactory().getEP5User(sapUser);
Now I don't know how to bring it togehter and how to use an authenticated user for the BindingProvider.
I would appreciate any hints or ideas.Peter,
from the first screenshot, what I understood is that, you are calling an inbound PI web service that is intended to create an integrated configuration object (this is used for whole lot of other reason completely) but not actually calling a development web service.
For this, you would have to generate your client classes from the WSDL provided by the PI developer for that particular service. Once you get those client classes generated, you could used the method provided in the other screenshot to extract the user and password and call the intended web service.
Vijay Konam -
OAM SSO integration question:How can I get a user identity from ObSSOCookie
We are building an OAM SSO solution. The App server is both on OAS and WLS. My question is that, after I get the ObSSOCookie from httprequest.
I need to verify whether the ObSSOCookie is a valid one, and I also need to get user identity from the cookie and pass it to login module to populate user principal
Of course, one way of doing that is to install access manager SDK and go from there. But we support multiple OS, it's a pain to add Access manager SDK to different installer for different OS.
I am trying to use IdentityXML Functions which is a SOAP based webservice so that I don't need to worry about the OS platform. But I can't find a webService which returns user identity based on a valid ObSSOCookie. It seems that I can invoke webService with valide ObSSOCookie, but there is no way to get the user identity back. Am I missing something?
Hope someone can help me out.
Thanks.
-WeiOk. Sounds like you are a vendor trying to play well in an SSO environment.
Here is what I tell OAM customers when they are evaluating software to see if it will cooperate with a system like OAM.
Can the software's native authentication scheme be explicitly turned off (usually a configuration in a file)?
Can the software be configured to accept a token of identity in the form of a Cookie or HeaderVar (also configurable in a file)?
If the answer to both is yes, then the system is capable of 'third party trust' for authentication.
From your perspective, your logic for login should be something like:
Is my native authN turned off?
If yes, can I find the cookie or header that I should be looking for?
If yes, take the value and proceed to create user session for this identity per usual (except that you never evaluated the authN - you trust that it was done).
If no, present the native AuthN scheme anyway.
If you follow this pattern, you are in the good company of folks like PeopleSoft and Plumtree who had these types of integrations working long ago.
Yes, there are other ways to do this but, in my humble opinion, this remains the most stable and effective pattern we see.
What you ask for as the identity token value is up to you. It is often the login ID value that you would have used in your own authN procedure. There's nothing particularly sensitive about having a webgate set headers - they are only available to the server and not to the client. Cookie of course could be seen but can't be spoofed as the webgate has the final word on it's content.
Mark -
Is there a way to get a user login record after sleep?
I know that by opening terminal and typing in "last" (without the quote marks) that it will give me about a 3 week record of who has logged on my computer after shutdowns and restarts.
What I want to know is this:
a) Is there a way to get a user login record after the computer only goes to sleep?
b) is there a way to get the terminal to go back further than just 3 weeks or so for the shutdown/restart records?
Is there software that might do this???
Thanks in advance, this is important for me.bikinijack wrote:
Thanks, Dave: so this is what I type in the terminal? "ls -l /var/log/wtmp*" (without the quotes). And how do you unzip something that has been "gzipped"?
"man gzip" will give you the details for using gzip
My first question can be explained this way: To get into the computer when it is coming out of sleep you need to type in a password, then it opens to the desktop. Is there a way I can find out the times over the course of a day/week/month that this is being done? i.e., is there a log being made somewhere of when the computer is being opened and signed onto after being asleep?
When you wake the computer from a sleep, you are not logging in again so there will be
no record of the event as a "login"
My computer possibly could be used by a few other people that have access to my computer password (don't ask why) and I basically want to know if they are signing on when I am away from my desk.
You may want to look at /var/log/asl.log or /var/log/secure.log which contain details of
authentication attempts (which is what you are doing) and failures.
I am not asking why you have multiple people accessing your computer with your password --
but consider setting up separate username, it is a lot easier to manage and you will probably
not be asking questions like this one.
Dave -
Hi,
Requirement: Get Windows User Name using Oracle Web Forms 6i.
Tools Using: Windows NT, Oracle web forms 6i, Oracle 10g DB.
Description: I am using GetClientInfo JBean from otn.oracle.com, which gets windows user name, IP address and machine name. The demo I got from oracle web site uses Jinitiator version 1.1.7.18. While we are using the latest version Jinitiator 1.3.1.17. Due to this reason, I am unable to use Javakey which comes with older version but doesn't come with newer version, that's why I can't create the new JavaBean Java identity (PJC).
Please advise what to do. All environment variables are set everything is done, this is the only thing bothering me.
I went through the article 202768.1 from metalink, but on step 5, it gives an error keytool error: java.lang.Exception: Input not an X.509 Certificate.
Also, please let me know if there is any other workaround for this requirement.
Thanks & Best Regards,
MoHi,
Thanks for your kind reply. Actually there was a problem in creating a certificate, now it is okay with the same method. Certificate got imported on client and everything is ready.
Now, the problem is when I try to set Bean Area Implementation Class property with oracle.forms.demos.GetClientInfo, it gives an error FRM-13008 Cannot find JavaBean with name 'oracle.forms.demos.GetClientInfo'.
I went through the articles 1072329.6, 196824.1, and set ClassPath and Path variables with proper values. Also, I have copied jar file and signature file in forms60/java folder. I don't see any problems. Please let me know what I am doing wrong. My limitation is that I have to do all this in forms6i.
I searched forums on metalink and found out that someone installed Patch 15, and everything went okay for him. Do you think I should install Patch 15? if YES, how will I do it, I mean should I first uninstall my forms and then install patch15 or install the patch on my forms?
Thanks so much for your help.
Thanks & Best Regards,
Mo -
Getting the user name and computer name
I've been trying to find out how to do this, but can't seem to get it.
I have an AIR application that needs to get the user's login name, and computer name for verification. I can't find anywhere to do this. Is AIR able to get this information? Is there work arounds if there isn't?
It won't ever be a web app, just an AIR app.What I did in Air 2 to accomplish that is the following:
public function getHostName():void {
if(NativeProcess.isSupported) {
var OS:String = Capabilities.os.toLocaleLowerCase();
var file:File;
if (OS.indexOf('win') > -1) {
//Executable in windows
file = new File('C:\\Windows\\System32\\hostname.exe');
} else if (OS.indexOf('mac') > -1 ) {
//Executable in mac
} else if (OS.indexOf('linux')) {
//Executable in linux
var nativeProcessStartupInfo:NativeProcessStartupInfo = new NativeProcessStartupInfo();
nativeProcessStartupInfo.executable = file;
var process:NativeProcess = new NativeProcess();
process.addEventListener(NativeProcessExitEvent.EXIT, onExitError);
process.addEventListener(ProgressEvent.STANDARD_OUTPUT_DATA, onOutput);
process.start(nativeProcessStartupInfo);
process.closeInput();
import utls.StringHelper;
public function onOutput(event:ProgressEvent):void {
var strHelper:StringHelper = new StringHelper();
var output:String = event.target.standardOutput.readUTFBytes(event.target.standardOutput.bytesAvailable);
output = strHelper.trimBack(output, "\n");
output = strHelper.trimBack(output, "\r");
trace('"'+output+'"');
The package that I used is from the manual:
package utls
public class StringHelper
public function StringHelper()
public function replace(str:String, oldSubStr:String, newSubStr:String):String {
return str.split(oldSubStr).join(newSubStr);
public function trim(str:String, char:String):String {
return trimBack(trimFront(str, char), char);
public function trimFront(str:String, char:String):String {
char = stringToCharacter(char);
if (str.charAt(0) == char) {
str = trimFront(str.substring(1), char);
return str;
public function trimBack(str:String, char:String):String {
char = stringToCharacter(char);
if (str.charAt(str.length - 1) == char) {
str = trimBack(str.substring(0, str.length - 1), char);
return str;
public function stringToCharacter(str:String):String {
if (str.length == 1) {
return str;
return str.slice(0, 1);
And sorry for the miss topic I just realized that it is on flex topic, but I post it either way it may be useful for anyone
Maybe you are looking for
-
Installing Yosemite not possible
Is not possible in my MacBook air. Essantials.pkg is failed to extract. And hints? Ulli
-
How far back does spotlight go to search sms.
Does anyone know how far back spotlight will search for sms? Does it find sms from 6 or 7 months ago or does it only show more recent and if so any idea how recent. Does this differ in older phones or older IOS's.
-
Transaction/program to change AVAILABLEFLAG parameter from table UJ0_PARAM_APP
Hi Experts, Do you know if is there a transaction/program to change BPC environment status (for example, a transaction/program that changes AVAILABLEFLAG parameter from table UJ0_PARAM_APP to "0" or "1"). Regards, Danilo
-
How to report that my ipod was stolen
my ipod was stolen but has a password on it can anybody help me track it with mobile me on it
-
Adobe premiere CC 2014 keeps crashing
I have been experiencing this problem for the past two days. The program only runs smoothly for the first 15 minutes after which scrubbing through your timeline becomes impossible. After that,the program crashes. I've tried uninstalling & reinstallin