Getting the LDAP credential to do a SSO
Hi All,
I am working on a java application which uses the LDAP authentication. So it prompts me a default LDAP (Standard Windows authentication) login box for the login.
Now from this java application i want to do a single sign on to a BI application (Cognos). To do this i would need a credentials which user has entered in the LDAP login box.
Is there a way to get these credential back for the logged in user.if this is possible then i can use these credential to use it for the Cognos SSO.
if this is not possible then any workaround?
Thanks
Amar
Sorry to bring up such an old thread, but this is pretty much the problem I am trying to solve. In the VI I am writing, I am receiving a constant hex stream from COM5 on my desktop and doing some number manipulation to pick out and convert part of the hex stream to a Watt-Second number. I am than taking this number, every second, and dumping it to a text file for later use. Well, now I need to take the last two Watt-Second readings from the text file and subract the first from the second to get my power consumption. However, my problem lies within picking the last two measurements off the file. Even if I could get it so there were only two variables instead of writing to a text file, I could live with that, I just don't know how to do it. Also, is it even possible to do what I want to do, i.e. write and read from a text file within a second? Or would it have to be a longer gap or would there be file access issues?
I would like to try the VI screenshot that altenbach posted, but I have never seen those file icons on the left and can't find them in Labview.
I've also attached the VI I am working on, to avoid any confusion, the For loop where the data is being written to the file was my attempt at trying to get a row count for how many times a value was written to the file.
Any help would be greatly appreciated. Thank you!
Attachments:
Serial Comm VI - ECM to Desktop.vi 57 KB
Similar Messages
-
Why can't I get my Mac to like the LDAP server?
On Monday I started hammering away at getting the LDAP server setup on the Linux server with openldap. I was able to get a test Mac running Leopard to see the LDAP server and the accounts. The next battle was to get home directories to mount under /home. I was about to do that after finding a working ldif example using automaster and autohome. After that I was able to get the Public share automatically mounted on /Network/Public. Wonderful!
Tuesday I came in thinking that the next battle would be with Samba. Unfortunately, somewhere in powering off the Mac and rebooting it, I lost all the share mounting! It still sees the accounts, but it absolutely will not see the mounts. In trying to figure it out I have wiped the LDAP database and restarted it, I have wiped the test Mac twice, I have made sure the Mac is running the latest updates, and still nothing.
If I go into dscl this is now what I see:
ls Automount/
Record Name Unknown
Record Name Unknown
ls AutomountMap/
Record Name Unknown
Record Name Unknown
cat Mounts/10.110.1.1:\/share\/public/
dsAttrTypeNative:cn: 10.110.1.1:/share/public
dsAttrTypeNative:objectClass: mount top
AppleMetaNodeLocation: /LDAPv3/10.110.1.1
RecordName: 10.110.1.1:/share/public
RecordType: dsRecTypeStandard:Mounts
On the LDAP server, the records look like:
dn: automountMapName=auto_master,ou=mounts,dc=example,dc=com
automountMapName: auto_master
objectClass: top
objectClass: automountMap
dn: automountKey=/home,automountMapName=auto_master,ou=mounts,dc=example,dc=com
objectClass: top
objectClass: automount
automountKey: /home
automountInformation: auto_home
dn: automountMapName=auto_home,ou=mounts,dc=example,dc=com
automountMapName: auto_home
objectClass: top
objectClass: automountMap
dn: automountKey=*,automountMapName=auto_home,ou=mounts,dc=example,dc=com
objectClass: top
objectClass: automount
automountKey: *
automountInformation: 10.110.1.1:/home/&
dn: cn=10.110.1.1:/share/public,ou=mounts,dc=example,dc=com
mountDirectory: /Network/Public
objectClass: mount
objectClass: top
mountType: nfs
cn: 10.110.1.1:/share/public
It looks like for some reason it's either missing entries from the LDAP server, and/or it's ignoring some of the mapping and leaving them out. The Mounts entry is missing the VFSLinkDir which maps to mountDirectory. The Automount stuff is missing the RecordName which maps to automountKey and automountMapName.
What the heck happened? Why does the Mac refuse to see the LDAP server the way it did on Monday?I am having something similar going on and can't sort out what it is doing:
ldiffs:
dn: automountMapName=auto_master,dc=example,dc=edu
objectClass: top
objectClass: automountMap
automountMapName: auto_master
dn: automountKey=/foo,automountMapName=auto_master,ou=Mounts,dc=soe,dc=ucsc,
dc=edu
objectClass: automount
automountKey: /foo
automountInformation: auto.foo,dc=example,dc=edu -rw,resvport,
hard,intr,nosuid,tcp
Second one:
dn: automountMapName=auto.foo,dc=example,dc=edu
objectClass: top
objectClass: automountMap
automountMapName: auto.foo
dn: automountKey=tstaff,automountMapName=auto.foo,dc=example,dc=edu
objectClass: top
objectClass: automount
automountInformation: fileserver:/export/foo/tstaff
automountKey: tstaff
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 name=tstaff[] map=auto.foo,dc=example,dc=edu opts=rw,resvport,hard,intr,nosuid,tcp path=/foo direct=0
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 getmapent_ds called
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 getmapent_ds: key=[ tstaff ]
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 ds_match called
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 ds_match: key =[ tstaff ]
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 ds_match: Searching for tstaff,automountMapName=auto.foo,dc=example,dc=edu
9/25/09 11:45:25 AM automountd[1101] ds_search failed
exiting ...
It seems like it can't find the trigger point tstaff. It is looking for:
ds_match: Searching for tstaff,automountMapName=auto.foo,dc=example,dc=edu
which isn't what the DN is in ldap:
Distinguished Name: automountKey=tstaff,automountMapName=auto.foo,dc=example,dc=edu
any thoughts?
regards,
Derek -
How does the LDAP authentication process?
Hi All,
In SAP KB1384915(https://bosap-support.wdf.sap.corp/sap/support/notes/1384915), BOE client authentication's process is described as follows:
1. The BOXI SDK calls the login on the BOXI client plugin (passing username & password).
2. The BOXI client plugin passes the username and password to the third-party authentication server. This may be an LDAP server, or a Windows Active Directory server, or any other server that the BI Platform supports.
3. The third-party authentication server authenticates the credentials. This generates a security buffer needed by the BOXI server-side authentication plugin.
4. The SDK passes the security buffer to the CMS, which forwards it to the server-side plugin.
At this point the handshake process may be finished, or it may continue
5. This exchange continues until the server-side authentication system indicates that the authentication process has completed.
Authentication always ends on the server side.
6. The user has been authenticated. The CMS must verify that the user is a member of a mapped group before the logon process can complete.
Question about LDAP auth,
I think that the client plugin doesn't know LDAP server's hostname & portnumber at the time of step2.(BOE server only knows it)
So I think, the client will access to BOE server to get the LDAP-related informations before the step.
Would you please tell me whether the following process is correct?
1. The BOXI SDK calls the login on the BOXI client plugin.
2. The client plugin gets LDAP-related information (LDAP hostname, portnum, base DN etc) from BOE server.
At this step, client plugin DOESN'T pass the username&password to BOE Server. Only get informations.
3. The client plugin passes the username and password to the LDAP server.
4. The LDAP server authenticates the credentials. This generates a security buffer needed by the BOXI server-side authentication plugin.
5. The SDK passes the security buffer to the CMS, which forwards it to the server-side plugin.
At this point the handshake process may be finished, or it may continue
6. This exchange continues until the server-side authentication system indicates that the authentication process has completed.
Authentication always ends on the server side.
7. The user has been authenticated. The CMS must verify that the user is a member of a mapped group before the logon process can complete.
Thanks®ards,
TadashiHi,
in a BOE Environment the CMS does all of the authentication processes. So i would say that the Client passes the LDAP informations entered by the user to the CMS and the CMS does the authentication on behalf of the client.
If you need an official Statement, i would recommend you open a Support Message with the SAP Support.
Otherwise you could monitor the network traffic during the Authentication of the Client. There you should see if the Client communicates directly with the LDAP Host or only with the CMS.
Regards
-Seb. -
Exact syntax for the LDAP Username Edit Function
Hi,
I have followed the How-To on setting up LDAP as an authentication method but I am having trouble specifying the "Username Edit Function".
I have a database table which contains a list of user email addresses and associated distinguished name (dn) as stored in an external LDAP...I populated this table using DBMS_LDAP. I want to allow the user to enter his/her email address and email password and execute a small lookup function (GET_DISTINGUISHED_NAME) to fetch the corresponding DN and pass it along to the built-in LDAP authentication.
I have tried several things to get this to work such as:
"get_distinguished_name(p_username)" - Returns ERR-10412 and then ORA-06550: line 2, column 1: PLS-00801: internal error [22503] ORA-06550: line 2, column 1: PL/SQL: Statement ignored.
"get_distinguished_name(p_username);" - same as above.
and so on. Rather than list each and every attempt here, could someone tell me what the syntax should be for specifying this function call?
Thanks in advance,
TedHi, Sergio
Thanks for this. I had read the "Using LDAP for Login Authentication" document but I guess I did not correctly understand the "Enter 'return your_function;'" instruction properly...I thought I had to pass p_username as a parameter to my function. After ensuring that "p_username" was the name of the parameter in my function definition, I hit another error but another post in this forum showed me how to fix that issue (Re: Error ERR-10416 Error executing wwv_flow_custom_auth_ldap.authenticate Nov 20, 2003 5:24 PM ) and I am now able to get the LDAP Tool to authenticate okay.
Do you think I can dynamically set the value for the "LDAP Host" field? We actually have two different email systems (results of a recent merger) and I'll need to find a way to have my LDAP authentication go against one or the other, depending upon what organization they were originally from. I can get this LDAP Host IP Address from my database tables but I am not sure how I could set it within the Authentication Scheme. Could I do something in the "Pre-Authentication Process"?
Ted -
Get the user name of sso user who logged in from my partner application
Hello,
I have created a jsp web application and i registered it under oracle sso server. How can i get the user_name of the user logged in to the sso server from my web application in order to personalize my web page ???
Thanks in advance.Hi zeliko,
Have you tried request.getRemoteUser() or request.getHeader("Osso-User-Dn")?
-Vinod -
How to Get the SSO Logged user information in database trigger
I need to track which SSO user is inserting data into a table , so how can i get the information of that user in a database trigger on that table
thanksTry using portal30.wwctx_api.get_user returns a varchar2 (PUBLIC) or the Username that is logged in
I need to track which SSO user is inserting data into a table , so how can i get the information of that user in a database trigger on that table
thanks -
Where to get the SSO ticket for a JCO-Connection from?
Hey All,
The szenario is, I've got a Java application and I want to connect to a SAP System. For this I want to use SSO. In the documentation of JCO I found this phrase:
For SSO specify the user to be $MYSAPSSO2$ and pass the base64 encoded ticket as as the passwd parameter.
Well... Now my question... Where to get this base64 ticket from? The problem is, I'm NOT using WebDynpro, it's a custom application running on client side. Now how to get the needed information? (PSE?)
It would be great when you could give me a clue.
Best regards,
KristianThis linksactualy leads to the same place I mentioned where
it installs the
player over the Internet
Another thing is that these players are said to be different
for different
browsers which means they are working together with a
browser. I am looking
for a player which allows to play SWF file directly, without
a browser.
I have such a player installed together with FLASH-8 - I am
looking for
such a player
"DMennenoh" <[email protected]> wrote in
message
news:e2qgmu$t5r$[email protected]..
> Does this help:
>
http://www.macromedia.com/shockwave/download/alternates/
>
> --
> Dave -
> Adobe Community Expert
> www.blurredistinction.com
> www.macromedia.com/support/forums/team_macromedia/
>
> -
How can i get the list of all users present in the LDAP
Hi Experts,
How can i get the list of all users present in the LDAP ?
Is there any API or function Code to get all user list??
Please help me out!!!
Help will be rewardedWell it will depend on exactly where your UME configuration points to in the LDAP tree but yes, it is possible to get all users. Something like the following should do it:
import com.sap.security.api.*;
import com.sapportals.portal.prt.component.*;
IUserFactory iuf;
ISearchResult isr;
IUser user
String userid;
iuf = UMFactory.getUserFactory();
isr = iuf.getUniqueIDs();
you will need to iterate the ISearchResult object but you can get IUser objects by
userid = (String)isr.next();
user = iuf.getUser(userid);
then you can imanipulate / identify / or whatever you need with the user object
Haydn -
How to get the value of passwordexpirationtime at LDAP
LDAP Gurus,
I want to sent an email notification before user's password is expired, so I need get the value of attribute "passwordexpirationtime" for all the users.
while I tried a lot of ways, but I can not see and get the value.
e.g command and output of 1 user as follow
ldapsearch -p 370 -h ldapserver.abc.com -b 'ou=People,dc=abc,dc=com' objectclass=*
dn: uid=user1,ou=People, dc=abc,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
objectClass: shadowaccount
givenName: John
sn: Paul
description: John Paul
loginShell: /bin/bash
gidNumber: 9042
uidNumber: 9042
uid: user1
cn: John Paul
gecos: John Paul
homeDirectory: /export/home/user1
Question:
which ldap command and options can be used to get the value of attribute "passwordexpirationtime" for all the users.
Environment:
Sun Directory Server 5.2_Patch_4
Thanks you in advance.Thanks your guys help first.
1.we need send email notification to user before password expired as a lot of users not often login servers(UNIX) and they even can not get password expired prompt, these users are personal UNIX users, not service users. we need the value of passwordexpirationtime to do a script to send email.
2. I tried these command you advised, while still can not get the value of passwordexpirationtime.
1)ldapsearch -p 370 -h ldapserver1.abc.com -b 'ou=People,dc=abc,dc=com' objectclass=* passwordexpirationtime
dn: uid=d411,ou=People, dc=abc,dc=com
dn: uid=user2,ou=People, dc=abc,dc=com
2)ldapsearch -p 370 -h ldapserver1.abc.com -b 'ou=People,dc=abc,dc=com' objectclass=passwordobject passwordexpirationtime
ldapsearch -p 370 -h ldapserver1.abc.com -b 'ou=People,dc=abc,dc=com' objectclass=passwordobject
output is nothing.
3.Enrique mentioned about passwordobject object class to have access to the passwordexpirationtime attribute. I am not sure if it has been
granted/defined or not.while I check the DS GUI as follow(sorry I can not past screenshoot here, so I need describe as follow)
when I go to DS server GUI, configuration->Schema and select "passwordobject" under Standard Object Classes(Read-Only), I can see there are "passwordExpirationTime" Under Allowed Attributes.
if NOT, what I need do to grant the access (or through create custom object), how this will affect our ldap server as ldap server is very critical.
4.I did above ldapsearch using unix root user, do I need use ldap directory manager user to do search, if so , how I can put manager username/password into ldapsearch command?
Again thank all your help. -
How can I get the people's attribute from LDAP?
The LDAP Server is Netscape Directory Server 4.1.
I have been trying to connect to my LDAP server from WLS, but when I try to get an Attributes , I get a "No attributes".
The source code is following:
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://10.0.1.253:389/o=rl.com");
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
// Ask for all attributes of object
Attributes attrs = ctx.getAttributes("uid=joe,ou=People");
// Find the surname ("sn") and print it out
System.out.println("sn: " + attrs);
dn: uid=joe,ou=People, o=rl.com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Joe Ken
uid: joe
givenName: Joe
sn: KenWhen you initialize the context, you must have read priviledges.
I have resolve it.
Cui Qiang <[email protected]> wrote in message
news:39fe94ac$[email protected]..
>
The LDAP Server is Netscape Directory Server 4.1.
I have been trying to connect to my LDAP server from WLS, but when I tryto get an Attributes , I get a "No attributes".
The source code is following:
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://10.0.1.253:389/o=rl.com");
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
// Ask for all attributes of object
Attributes attrs = ctx.getAttributes("uid=joe,ou=People");
// Find the surname ("sn") and print it out
System.out.println("sn: " + attrs);
dn: uid=joe,ou=People, o=rl.com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Joe Ken
uid: joe
givenName: Joe
sn: Ken -
How can i get the SSO to work successfully?
How can i get the SSO to work successfully? I followed the note for configuring infoview with ad sso using kerveros & .net.
Adding the AD group into the win ad authentication configuration page creates the user group but the members of the group aren't being pulled in when I go to the group and select / query the users tabBart,
By default the setting for update options on the Windows AD tab of authentication does not actually create the aliases until the user attempts to login the first time. We set it this way to prevent a huge group of alias's being created when the administrator sets up Windows AD and also so that only user aliases for users actually using the system get created. You can change this behaviour though if you like. Simply change the radio button option to 'New Aliases will be added and new users will be created' this will create the accounts for you when you hit the update button. If you have a large group your adding I would wait until and afterhours time when you have less activity as this will impact CMS performance while it creates all the accounts. -
Ldap query to get the users of a OU
Hi,
I want to get the available users into a OU and the query I'm using is like this:
(OU=Departamento Informatica,DC=mydomain,DC=com)
There is a user into this OU so when I do the LDAP test query the user shuld be returned but the result is 0.
Can anybody help me or tell me which must be the correct query?
Thanks in advance.
Regards.This can be done either by dsquery or Powershell commands (Like
Get-ADUser).
For dsquery, I would recommend that you refer to this Wiki article initiated by Richard for more details about LDAP filtering:
http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters-en-us.aspx
dsquery * "OU=TargetOU,DC=CONTOSO,DC=COM" -filter "(&(objectcategory=person)(objectclass=user))"
For Get-ADUser, all you need is to specify your OU as the search base:
Get-ADUser -SearchBase "OU=TargetOU,DC=CONTOSO,DC=COM" -Filter *
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
How to get the SSO user from PL/SQL with Windows native authen
I connect to a 10g daabase using SSO through Windows Native Authentication wher the OID user mapps to a single Database user.
I need to get the SSO user from pl/sql
My fornt end is Portal & FormsHmm, I see.
Well your problem boils down to being in the database and needing to have access to web environment variables. The SSO sets specific variables in the environment but your stored procedure is not privy to them.
Now having said that, note that the mod_plsql Web Toolkit has a utility for accessing cgi variables. For instance,
owa_util.get_cgi_env('Osso-User-Dn')
If your web application cannot capture the SSO info and pass it to the stored proc in a parameter, OWA may be the only way.
Check out the Single Sign-On Developers Guide, specifically the part about developing statically protected PLSQL applications.
Hope this helps.
regards,
tt -
How do get the role from ldap session.
i am using the follwing getting the role from the request in openldap and j_security_check:
f(request.isUserInRole("manager")){
how can i use this in the session:You might wanna change permissions for that attribute ...
Change it from Admin to OWNER and you should be able to then get it for any user ...
HTH .. -
Hello,
I am trying to connect to external domain via UPS Account having "Replicate Directory changes" permission on external domain while creating sync connection in UPSA.
I have checked below URLS :
http://social.technet.microsoft.com/Forums/en-US/1912bf88-8fec-4b5d-9d1e-a42db8318e33/ldap-server-is-unavailable-sharepoint-2010-user-synchronization?forum=sharepointadminprevious
http://social.technet.microsoft.com/Forums/en-US/6525d3aa-9197-42a2-aea0-190b84ac8356/the-ldap-server-is-unavailable?forum=sharepointadminprevious
And looks like its network connectivity issue - and hence I have verified that port 389 is open by infra team.
Note : I am able to connect to local AD , does it make sense that port is not open for external domain ?
Can anyone please let me know what can be the issue ?
Your help will be highly appreciated as I am struggling to fix this issue since quite long time but no luck yet.
Thank you in advance.
Kind regards,
Dipti ChhatrapatiHi Dipti,
If you have Two-Way trust relationship then not sure if you have tried below:
Create a folder on the SharePoint server
Go to Folder properties - Security tab
Try adding user of the external domain on the folder
Please let us know if you are able to add the user or not. If you are able to add then it means that the connection and trust is proper and you should be able to create sync connection in UPA without any issues or else there is some issue with the connectivity
or the trust which is configured.
Please also make sure that you have given permissions to sync account as per below TechNet:
http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx
Replicate Directory changes permissions are also required on cn=configuration container, below are the steps:
Grant Replicate Directory Changes permission on the cn=configuration container
Use this procedure to grant Replicate Directory Changes permission on the cn=configuration container to an account.
To grant Replicate Directory Changes permission on the cn=configuration container
On the domain controller, click Start, click Run, type adsiedit.msc, and then click OK.
If the Configuration node is not already present, do the following:
In the navigation pane, click ADSI Edit.
On the Action menu, click Connect to.
In the Connection Point area of the Connection Settings dialog box, click Select
a well know Naming Context, select Configuration from the drop-down list, and then click OK.
Expand the Configuration node, right-click the CN=Configuration... node, and then click Properties.
In the Properties dialog box, click the Security tab.
In the Group or user names section, click Add.
Type the name of the synchronization account, and then click OK.
In the Group or user names section, select the synchronization account.
In the Permissions section, select the Allow check box next to the Replicating
Directory Changes (Replicate Directory Changes on Windows Server 2003) permission, and then click OK.
Kind regards,
Bhavik K Jain
Please ensure that you mark a question as Answered once you receive a satisfactory response.
Maybe you are looking for
-
Review quiz - move to next slide
I have a quiz which seems to work fine until it comes to reviewing it. When i click 'review' it takes me to the first question which shows whether it was answered correctly/incorrectly but there doesnt seem to be anyway to move onto the next questio
-
Time and date are set incorrectly on the routers and switches
I've just noticed that the date and time on all my Cat4006's, Cat3548's and Cat6000 were grossly incorrect. I was wondering if this would contribute to problems I am having on the network. Does the switches/routers check the timestamp on the packets
-
Hi, Currently we are using IDOC basic type "DESADV01" for ASN inbound IDOC's. we got a new requirement to update handling units and serial numbers. when I was checking the latest version "DELVRY07", i could see it has got many relevant segments/field
-
Hi all, Can anyone give the user exit name for credit check.
-
Can't see or reference table generated by 'Make Table' query.
Hi, MS Access 2013 -- Not really a programming question per se, but, if I create a query in the MS Access user interface, I cannot reference it; neither can I see it in the Access Objects List, nor can I see using the Objects Search Bar. I have obse