Hide user and password in URL
Hi Experts,
I need a help on portal URL. We are using SSA (Spend Analytics) in Portal. One of the option in portal is that you can generate an E-mail Link of a report which goes to users.
Link looks like this for end user (They receive it via E-Mail)
http://Host:Port/irj/servlet/prt/portal/prtrootxapps.analytics.ds_par.inbounds?guid=CC1E61FF_7B3F_45CB_A3BE_B00F6BD487B7&objType=REPO&objId=0DA4575B_3C28_E6D8_66C5_04008115C625
Users should be able to view this link as soon as they click on it. If a user is already logged into portal and copy and paste the link, it works fine. However, if a user is not logged in and copy and past this link to IE, It automatically changes URL to something else and shows user & password
This is how it looks like. URL changes to the following link..
http://HOST:PORT/irj/portal?j_user=XYZ_USER&j_password=XYZ_PASS&submit_logon=true
So I'm not sure what is making portal to redirecting the link to (http://HOST:PORT/irj/portal?j_user=XYZ_USER&j_password=XYZ_PASS&submit_logon=true) when they enter generated link (http://Host:Port/irj/servlet/prt/portal/prtrootxapps.analytics.ds_par.inbounds?guid=CC1E61FF_7B3F_45CB_A3BE_B00F6BD487B7&objType=REPO&objId=0DA4575B_3C28_E6D8_66C5_04008115C625) and why is it showing user/pass and from where is it picking user & password.
I kindly request all experts to please help me in this. I want to hide users/pass and make sure the link works fine without getting redirected it.
Your help is much appreciated
Thanks in Advance!!
Afi
Hi Sinivasan,
I thought about it but I do not see User Mapping Field stating anything. It's empty.
Here is how it looks like:
Authentication Ticket Type : SAP Assertion Ticket
Logon Method : SAPLOGONTICKET
User Mapping Fields : <empty>
User Mapping Type : admin,user
So.. I really don't know why and from where is it picking up user/pass to URL. We are not even using Anonymous Login. Any other thing you could think of the possibility?
Thanks
Afi
Similar Messages
-
Hide login and password in URL after running script - how?
Folks, I've got a script that gets webalizer data.
I've embedded the login and password in the script, but don't want it to show up in the URL as it currently does. Is there any way for me to do this?
I am using the code from an example script:
property target_URL : "http://finance.yahoo.com/q?s=AAPL&d=v1"
open location target_URLthe following only works if the URL has no relational links, try this:
set target_URL to "http://www.apple.com"
set dest_file to ((path to desktop as string) & "temp.html")
-- down load it to your desktop first
tell application "URL Access Scripting" to download target_URL to dest_file replacing yes
-- do shell script "curl " & target_URL & " -o ~/desktop/temp.html" -- alternative is curl
-- then open, the URL will be your desktop
open location ("file://" & POSIX path of dest_file) -
URL in sender SOAP channel with user and password
Hi Expert,
I have developed SOAP to proxy scenario.The serder WSDL is generated by using sender agreement. In the WSDL we are using default below URL.
http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel
But the client requirement is that he want SAP user and password also in above url.
Is this possible in sender SOAP channel?
Any body can please help me for above issue?
Thanks.
Edited by: darshana-PI on Feb 1, 2012 5:26 PMThanks prateek,
we have used HTTP plain adapter for this and used below link to call that interface in PI. And its working.
http://server:port/sap/xi/adapter_plain?service=<xxx>&namespace=<xxx>&interface=<xxx>&sap-user=<xxx>&sap-password=<xxx>&qos=BE
I can understand the security related problem, but that was the requirement for end application.
Thanks,
Darshana. -
Linking to an OBIEE report without showing the user and password
Hi!
we are trying to access to an obiee report from an external portal (coded with php).
The idea is that the user clicks on a link an gets the report in pdf format. For that purpose we are using this url:
http://ttivobiee01:7001/analytics/saw.dll?Go&Path=/shared/Prueba/ogp_obi&Action=Print&P0=1&P1=eq&P2="Criteria"."Key"&P3=1402&NQuser=user&NQPassword=pass&format=pdf
But this url is expossing OBIEE's user and password.
In order to avoid this security issue we tried to do an wget of the url but it doesn't return the report. Instead we get an html, which seams to download the report chunk by chunk (using javaScript).
The question is, is there any way that we could let our portal ussers access to an obbie report without expossing the user and password?
I have been looking into oracle forums and have found this: OBIEE Go URL with password protected
but we couldn't use this aproach due to security issues.
Thanks!
NuriaHi!
We have finally done this (and it works!)
<?php
$urlInforme='http://obi:7001/analytics/saw.dll?Go&Path=/shared/Prueba/ogp_obi&Action=Print&P0=1&P1=eq&P2="Criterios"."Clave oficial"&P3=1402&NQuser=user&NQPassword=pass&format=pdf';
$ch = curl_init($urlInforme);
$ckfile = tempnam ("./", "CURLCOOKIE");
$ch = curl_init ($urlInforme);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $ckfile);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec ($ch);
$ch = curl_init ($urlInforme);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $ckfile);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
$fp = fopen("salida.pdf", "w");
curl_setopt($ch, CURLOPT_FILE, $fp);
$output = curl_exec ($ch);
curl_close($ch);
fclose($fp); -
WebService in XI with user and password
Hello,
I´ve created a webservice in XI. When I call this webservice without user and password from an external tool (soapUI 1.7.5), the following error appears:
+Logon Error Message
Der Aufruf der URL http:... wurde aufgrund fehlerhafter Anmeldedaten abgebrochen.+
(means: the call failed because of missing authorization)
Ok, but where can I implement the user and passwort, that this webservice can be called automatically from an other application?
Thanks for your assistence.
Kind regards
MartinHi Huber,
<b>but where can I implement the user and passwort, that this webservice can be called automatically from an other application?</b>
open the WSDL ....and in the left side (bottom) u can see option of user name and password...but i guess its not possible to login automaticaly.
u have to provide the username and password evrytime....
regards
biplab -
User and Password for JMS-Adapter
Hi all,
when configuring JMS-Adapter e.g. for IBM MQSeries i do not find field where to specify the user and password for the MQ. We configure e.g. a receiver communication channel.
In 2.0 JMS-Adapter we can put user and password like this
JMS.QueueConnectionFactoryImpl.user=YTEST
JMS.QueueConnectionFactoryImpl.password=<!%YTEST%!>
in the property file. We can also hide the passwort with
the mechanism of password token.
How can this be done in JMS 3.0 Adpater? Is it possible?
Thanks,
Ly-Na PhuOh, sorry. Now i see the field for user and passwort.
Thanks,
Ly-Na Phu -
UCM Administration Applets request the user and password confirmation
I want to ask if someone has experienced in the UCM Administration Applets, that request the user and password confirmation for each time the applets are executed,
Is there any configuration in the UCM that activates this behavior?
I’m trying to reproduce this behavior in the development environment but with not much success
The UCM version is 10.350
Thanks for your support.Is there any configuration in the UCM that activates this behaviorNo. It's more likely that you are accessing the applets via a URL that does not match the one you originally used to log in to the Content Server.
For example, you logged into "http://myserver/cs" or "http://<ip address>/cs". However, your HttpServerAddress variable is defined in Content Server as "http://myserver.mydomain.com". (Any absolute links to the applets use the variable to build the URL.) The browser "thinks" this is a new domain, and doesn't forward credentials to the different address. So the applet must prompt again for credentials. (Are you using a load balancer by chance? Does your HttpServerAddress variable in Content Server match the DNS entry being used for the load balancer?)
I've also seen some versions of the Sun client JRE do this by design as a security "feature". If you using IE, make sure your server address is in the "trusted" or "intranet" security zone. -
Pass the username and password in URL to auto log in the application from SharePoint List
how to Pass the username and password in URL to auto log in the application from SharePoint List
I have a link in my SharePoint list when user try to open the link its asking username and password .i want to put username and password in URL to auto log in into that external URL from sharepoint
please help me it is possibleCheck out
http://serverfault.com/questions/371907/can-you-pass-user-pass-for-http-basic-authentication-in-url-parameters
Kind regards,
Margriet Bruggeman
Lois & Clark IT Services
web site: http://www.loisandclark.eu
blog: http://www.sharepointdragons.com -
How to pass user and password in workspace when open a bqy
hello,
how to pass user and password of workspace when refresh a bqy for a query in DB2.
I don't know where to insert the properties in order to use user and password of workspace,
I want to use user of login of workspace,
I don't want to make to appear the mask of login newly when the user refresh the query.
I don't want to set a default user and password
thanks
massimoDear Friend,
What you mean?
1. Do you mean how to pass login page on workspace ?
2. or Do you mean how you can use a connection file to connect to db that is hide from user?
3. or You mean how to use user & password to login to doc on workspace
Answer for 1:
use link
http://HyperServer:45000/workspace/browse/get/MyFolder/MyIR.bqy?user=admin&pass=password
Answer for 2:
a) Upload or import connection file ( MyConn.oce ) to DB2 into workspace,
b) for IR doc properties change file connection ( MYConn.oce )
Answer for 2:
use link without user & pass parameter
http://HyperServer:45000/workspace/browse/get/MyFolder/MyIR.bqy <?user=admin&pass=password>
regards
siyavuş -
How i said on the question. I tried to upgrade the ios on the phone and I was asked for my icloud user and password. I don’t remember these exactly and I tried several times with different options but unsuccessfully. I also forget my email used to configurate the phone. I have the phone box and the bill. I sent you an email with my problem and attachments with the box informations, the bill and the reset request. What to do? You said to me:
Your request comes from an unrecognized email domain. Apple accepts email requests only from email domains for Apple-authorized carriers.
Please re-submit your request using your official carrier domain.
but this email is authorized, what to do??
respectfully, BebaIf you have forgotten then these links are the only way to resolve
http://www.apple.com/support/appleid/
As long as you have owned the iPhone from new and your Apple id is the one used to activate when new
OR have you recently purchased the iPhone secondhand ? -
External Web Service - User and password in HTTP header
Hi!
How is it possible to add user and password in the HTTP header in a external web service call?
I have created a "Portal Service from WSDL file - Client side" with the wizard in SAP Developer Studio. I following the Java Development Guide - Web Service Security, and use the <i>secured service connection</i>. I have also created a new <i>System Landscape</i>, but should the new system be based on HTTP, my own PAR or what?
How can I check that the user and password is added to the HTTP header or the SOAP envelope? Do I have to scan http traffic with a proxy as Paros or can I find the request sent from SAP EP in the logs?
Cheers
AsleHello All,
I have been struggling a bit while putting a reasonable security framework on a jax-rpc style web service. I'm using JWSDP1.2 to set up the webservice. I've tried to outline my problem below. Please correct me where I'm wrong.
I've been through the Sun's WS tutorials, but they are not really clear on security. However, from them I surmised that there are two decent authentication techniques. HTTP Basic and mutual authentication (MA) . Both have their drawbacks though. HTTP Basic suffers from poor encryption while MA is a bit difficult to set up on both client and server sides. Another problem with MA is that there is no central repository for users/passwords.
OK, what I would really like to do is use my own user database to verify users/passwords i.e. use a HTTP Basic like authentication (but at application level) but run it over SSL for encryption. It seems simple, but is it possible?
Also, I have noted that when I use HTTP Basic on the service side, and use a java client, then setting username/password has no effect. In other words, I can always access the web-service, even with wrong username/password.
Sorry for the long post. Hope someone can help. Thanks. -
I have an Apple TV 2nd Gen, iPad 2 and can't get the icon to appear when i swipe from left to right. What am I missing?
I am able to get the 'Home sharing' 'user and password on my Mac.
Also using IPad 2 I am able to get the ITunes to accept the user name and same password as the Mac.
However, the only way I can see the 'Home sharing; icon is in Music on the Ipad. When I tap on the Icon it asks for a password.
When I give the same password, it is rejected.
Help!!!!
JaxxdiggsPersonally I think the iOS devices are poor at reconnecting - Airplay establishes that a link is available but when the iPhone/iPad has been away from the house and rejoins the network i think AppleTV already thinks it's connected with a different IP address and fails to recognise it has joined the network again with new credentials.
Something along those lines anyway.
I find that a combination of restarting AppleTV, router and iOS device tends to fix it, but not for everyone.
AC -
Link to folder with user and password
Hi all!
From my action I want to redirect to a file in order to download it but the problem is that this file is in a web folder with user/password
How can I redirect to it to downlad it directly without introducing user and password manually by the customer?
Thanks!
TDo you understand where this user/password restriction comes from? It look like just a HTTP based authentication. A Servlet can access the local file system directly without issueing a new HTTP request for that. Or is that file located at another server?
-
Problem in getting Portal Mapped user and password in Web Dynpro iView
I am developing a webdynpro iview.My app need to read mapped user and password form a system in Portal runtime.
I used the following codes in my Web Dynpro java program:
IWDClientUser user = WDClientUser.getCurrentUser();
IUser iuser = user.getSAPUser();
IUserMappingService iums = (IUserMappingService)WDPortalUtils.getServiceReference(IUserMappingService.KEY );
// IUserMappingService iums = (IUserMappingService)
// PortalRuntime.getRuntimeResources().getService(IUserMappingService.KEY);
IUserMappingData iumd = iums.getMappingData (systemalias, iuser);
Map map = new HashMap ();
iumd.enrich(map);
String userid = (String)map.get( "user" );
String pwd = (String)map.get ("mappedpassword");
I've add a sharing references in project properties,the value is "PORTAL:sap.com/com.sapportals.portal.prt.service.usermapping.IUserMappingService"
But when I run the iview on my Portal, it goes wrong, the message is:
com.sap.engine.services.deploy.container.DeploymentException: Clusterwide exception: Failed to prepare application ''local/HomePage'' for startup. Reason= Clusterwide exception: Failed to start dependent library ''com.sapportals.portal.prt.service.usermapping.IUserMappingService'' of application ''local/HomePage''. Status of dependent component: STATUS_MISSING. Hint: Is the component deployed correctly on the engine?
at com.sap.engine.services.webdynpro.WebDynproContainer.prepareStart(WebDynproContainer.java:1490)
at com.sap.engine.services.deploy.server.application.StartTransaction.prepareCommon(StartTransaction.java:231)
at com.sap.engine.services.deploy.server.application.StartTransaction.prepareLocal(StartTransaction.java:184)
at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhasesLocal(ApplicationTransaction.java:365)
at com.sap.engine.services.deploy.server.application.ParallelAdapter.runInTheSameThread(ParallelAdapter.java:117)
Anybody can help me?And are there anyother methods can get mapped user and password of Portal systems in Web Dynpro JAVA.Hi Wayne,
Did you added com.sap.security.api.jar to your webdynpro project. if not follow this steps.
1. Right-click the project in Eclipse or SAP NetWeaver Developer Studio.
2. Select Properties.
3. Choose Java build path -> Libraries -> Add Variable -> Select variable WD_RUNTIME -> Extend -> com.sap.security -> lib -> com.sap.security.api.jar.
I hope this should solve your problem.
Regards, Suresh KB -
Reset the user and password in the config tool
Dear All,
how can I reset the user and password in the config tool ?
Regards
ertashow can I reset the user and password in the config tool ?
Section from help:
http://help.sap.com/saphelp_nw70/helpdata/en/1c/129d440bbe4b7d8ae8b82879808d7e/content.htm
Section from SDN Wiki:
https://www.sdn.sap.com/irj/scn/wiki?path=/display/ep/to%252breset%252badministrator%252bpassword%252bthrough%252bconfig%252btool
Regards,
Abhishek.
Maybe you are looking for
-
Cannot deploy VM from VMM and AppController
Hi All, I have been installing the VMM and AppController. Initially all went well. After I install RU5 there occurs a problem where I can not deploy vm of VMM and AppController with error messages like that : host A kuilab01 on kuilab01 still availa
-
Secondary Site Install Stuck at "Pending"
I have tried installing on 3 servers with the same result. The install stays at "Pending" after passing Prerequisite checks. This is Configuration Manager 2012 R2 CU3 the site is Server 2012. ConfigMgrPrereq.log <10-29-2014 13:01:40> ***************
-
Address book no longer communicates with phone
My Address Book has stopped being able to dial my phone and sent text. It seemed to happen at the last OS automated update (perhaps). Address book can link to phone via link button, but does not dial or initiate text. Phone still announces incoming c
-
Workflow in PR release procedure
Dear All, Can anybody help me to know, the config steps used in PR release workflow and also the front end process of WF , how it works, any ref doc?? Thanks Rajeev
-
TS4079 siri is not on my iphone 4s
no siri in general settings languages restriction or after resets please help ios 5.1.1 iphone 4s