Hooking LDAP with Weblogic for Authentication

I have a lot of users in an LDAP-Directory and I would like to map this directory to a Website on my Weblogic instance.
Now, I've added LDAP into my Security Realm in Weblogic, what do i add to the web.xml ? Is this sufficient?
Do I need to change anyting else in my Weblogic configuration than adding OpenLDAP Support in Authentication?
Thanks!

HI Tim,
Yes LDAP can be used trough SAP BP CMS (BO authentication).
That's means all the users has to be imported into CMS and after that BPC is using for authentication BO certificate to authenticate to CMS.
So you have also SSO.
You don't need Active directory in this case.
Any way BPC is still working also with Microsoft Active directory without CMS but you have to decide what kind of authentication satisfy better customer requirements.
You can use or Microsoft Active Directory or CMS but you cannot use both in the same time.
Kind Regards
Sorin Radulescu

Similar Messages

  • Iplanet LDAP with Weblogic

    Hello All,
    I forgot the subject line. I'm trying to set up iPlanet Directory 4.1 with
    WebLogic 5.1 Sp3 on Solaris7. Weblogic will see the users I specify
    (username,groupname) but not
    the group, additionally it will allow you to login if you know the
    username and anypassword. I get the following error when loading the
    http://localhost:port/AdminRealm. I've gone through the LDAP
    properties file a million times. Lastly, now it does a core - dump
    while trying to start.
    Please help.
    Richard
    ################# Begin Error ###############################3
    java.lang.NullPointerException
    at weblogic.security.ldaprealm.LDAPDelegate.magicBunny(Compiled Code)
    at weblogic.security.ldaprealm.LDAPDelegate.addGroupMember
    (Compiled Code)
    at weblogic.security.ldaprealm.LDAPDelegate.getGroupMembers
    (Compiled Code)
    at weblogic.security.ldaprealm.LDAPDelegate.getGroupMembers
    (LDAPDelegate.java:518)
    at weblogic.security.ldaprealm.LDAPRealm.getGroupMembersInternal
    (LDAPRealm.java:81)
    at weblogic.security.acl.AbstractListableRealm.getGroupMembers
    (AbstractListableRealm.java:302)
    at weblogic.security.acl.FlatGroup.ensureFreshness
    (FlatGroup.java:149)
    at weblogic.security.acl.FlatGroup.members(FlatGroup.java:236)
    at admin.AdminRealm.composePage(Compiled Code)
    at admin.AdminServlet.service(AdminServlet.java:257)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:865) at
    weblogic.servlet.internal.ServletStubImpl.invokeServlet
    (ServletStubImpl.java:123)
    at weblogic.servlet.internal.ServletContextImpl.invokeServlet
    (ServletContextImpl.java:744)
    at weblogic.servlet.internal.ServletContextImpl.invokeServlet
    (ServletContextImpl.java:692)
    at weblogic.servlet.internal.ServletContextManager.invokeServlet
    (ServletContextManager.java:251)
    at weblogic.socket.MuxableSocketHTTP.invokeServlet
    (MuxableSocketHTTP.java:363)
    at weblogic.socket.MuxableSocketHTTP.execute
    (MuxableSocketHTTP.java:263)
    at weblogic.kernel.ExecuteThread.run(Compiled Code)

    I have the same requirement too. I have been looking at many sources and havent
    come across any that mentions anything related to this. If you come across anything
    please do let me know.
    Regards
    Vijay
    "Licheng" <[email protected]> wrote:
    >
    I also face the similar problem. In our case, one of the business requirements
    for the authentication process is that when a user is authenticated,
    but his password
    expires, the system should force the user to change password.
    With JAAS and WebLogic 7.0, I don't know the standard or "preferred"
    approach
    to this problem
    regards
    Licheng

  • Issue while integrating external LDAP with weblogic

    Hi,
    i am trying integrating external LDAP (OpenLdap) with weblogic 10.3. I created a provider and provided required credentials and able to see users and group of the LDAP into the weblogic console. I am also able to login in the weblogic console with the users available in the LDAP after assigning the admin role to the ldap group. But i when i see the user's property (by clicking on the user in the admin console) it only shows the tabs for General, Password and Group only. on the other hand if i see the users from DefaultAuthenticator, it shows the Attribute tab apart from the General, Password and Group.
    Can anyone let me knwo how can we get the Attribute tab for the Ldap users.
    thx,
    Ajay

    Hi Ajay
    By default Weblogic has READ ONLY adapters for any External Security Providers that are configured like any AD Providers. READ ONLY means, you can only read the data from the ldap but not modify it, hence may be its not showing the Attributes tag. For Default Authenticator, see the first paragraph note in Attributes tab, that says the same thing. NOW, may be WLS can atleast show Attributes in READ only format, but it needs some sort of mappings to be defined. Say on Weblogic side, we have like firstName, lastName which on any typical AD will be like sn (surname = lastname), givenname (firstname) etc etc. This mapping is tough to generalize.
    One thing for sure is, from Weblogic you cannot modify or edit any attributes for any user in external AD. If you really want to get those attributes, you may need to use some javax.ldap apis or some 3rd party ready to use tools/apis. I remember Weblogic Portal has a facility to configure a xml file that defines attributes mapping and get all attributes for any user. But again thats in Weblogic Portal product and not part of weblogic server.
    If you have any SOA Software, they have some utilities for the same.
    Thanks
    Ravi Jegga

  • Ssh server with keys for authentication?

    Anyone have a link to doco or tutorial that covers how to setup an ssh server running on your Mac (latest version OSX) such that:
    * assumption - port forward ssh port on your home gateway to your Mac
    * keys established (for better security) - i.e. need to have the key available on your external PC when wanting to ssh back to home
    * custom ssh port
    * only access ssh requires for logon from predefined external IP addresses (or perhaps this is something you'll setup on your home internet gateway/router along with port forwarding)

    hi kbwrecker,
    as i know, sharepoint will as well follow the diagram that you posted before, additional article
    https://technet.microsoft.com/en-us/library/cc262350(v=office.15).aspx#plansaml
    i checked with our ADFS engineer, the certificate is to sign the token, so, it should not have any relation directly to each of the realm.
    i am not quite sure on how this ADFS and token signing, will work that deep, as from sharepoint side, we may need only the certificate that is valid, and update them to our environment, to make it work.
    for more details regarding this issue, you may try to open a thread as well in the ADFS thread for this.
    based on the additional article, your design may able to work, but we encourage you to seek more deep answer in ADFS forum thread
    https://technet.microsoft.com/en-us/windowsserver/dd448613.aspx
    Regards,
    Aries
    Microsoft Online Community Support
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • "paused for authentication" on a network print job?

    what do I do with "paused for authentication" on a network print job? How do I authenticate so the job will print?

    Hello, ETeague. 
    Thank you for visiting Apple Support Communities. 
    Here is an article that you may find helpful with this issue. 
    OS X Lion: Troubleshoot a network printer
    http://support.apple.com/kb/PH4220
    Cheers,
    Jason H. 

  • Weblogic security authentication; question to interact with the realm

    Hi, I have a quick question about weblogic security authentication....
    We are using weblogic 81sp3. We have user-group info in an Novell eDirectory LDAP server.
    Currently, a Novell Authenticator provider is configured under : Security > Realms > myRealm > Providers > Authentication This tells Weblogic from where to get the user and groups. Weblogic caches this information of the logged on users for certain time ( example : 60 secs ) after which it cleans the cache for all inactive users. We want to interact with the Weblogic cache. Add more user profile information to this cache and use it in our application .
    Does somebody know how to programmatically interact with Weblogic user-group cache - read , write , update and delete user-group info in cache and control time to live for the cache ?

    already checked
    TTLCache class which weblogic provides. But they seem to depracetd it
    help ?

  • LDAP realm for authentication and ACL in Database

    We are thinking of using LDAP realm for authentication and we want to use ACL from a Database. But the documentation says: "WebLogic Server defers to the LDAP realm for authentication, but not for authorization. Authorization is accomplished with access control lists (ACLs), which are defined in the weblogic.properties file"
    Can we use LDAP realm for authentication and manage our ACL from a Database? or do we have to use the weblogic.properties file? Do the weblogic security API help in the above scenario? Thanks Ram

    Unfortunately, there is no easy way to do this in wls 6.0.
    The only way to handle it is to write your own custom realm
    that uses ldap for users and groups and a database for acls -
    probably not a viable alternative.
    -Tom
    "kevin doherty" <[email protected]> wrote:
    >
    Jeffrey Hirsch <[email protected]> wrote:
    You should be able to use the DelegatedRealm interface to utilize the authentication methods from LDAP and the authorization methods from RDBMSRealm...
    I'm trying to do this too, but we are using WL6 and I see that the DelegatedRealm interface has been deprecated in this version. I'd greatly appreciate more information on doing this in WL6.
    Thanks!
    -kd

  • External LDAP for authentication

    Hi All,
    I want to use external ldap for authentication purpose with Access Manager.
    I tried adding this external ldap as a secondary ldap but couldn�t succeed.
    If I add this ldap in the primary ldap along with the AM�s own ldap, this also fails to authenticate users from the external ldap.
    How can I achieve this?
    I read many topics in this forum regarding this but none of them explain how it can be achieved.
    Please suggest.
    Thanks in advance.

    This is what the amconsole log says:
    ERROR: ConsoleServletBase.onUncaughtException
    java.lang.NullPointerException
         at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.constructFilter(LDAPv3Repo.java:3126)
         at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.search(LDAPv3Repo.java:1996)
         at com.iplanet.am.sdk.AMDirectoryManager.search(AMDirectoryManager.java:1938)
         at com.sun.identity.idm.AMIdentityRepository.searchIdentities(AMIdentityRepository.java:221)
         at com.sun.identity.console.idm.model.EntitiesModelImpl.getEntityNames(EntitiesModelImpl.java:139)
         at com.sun.identity.console.idm.EntitiesViewBean.getEntityNames(EntitiesViewBean.java:222)
         at com.sun.identity.console.idm.EntitiesViewBean.beginDisplay(EntitiesViewBean.java:177)
         at com.iplanet.jato.taglib.UseViewBeanTag.doStartTag(UseViewBeanTag.java:149)
         at jsps.console._idm._Entities_jsp._jspService(_Entities_jsp.java:86)
         at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
         at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
         at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
         at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
         at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
         at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
         at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:382)
         at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
         at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
         at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:133)
         at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:149)
         at com.sun.identity.console.idm.HomeViewBean.forwardTo(HomeViewBean.java:109)
         at com.sun.identity.console.realm.RealmPropertiesBase.nodeClicked(RealmPropertiesBase.java:90)
         at com.sun.web.ui.view.tabs.CCTabs.handleTabHrefRequest(CCTabs.java:129)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:585)
         at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
         at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
         at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
         at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
         at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
         at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
         at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
         at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
         at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:787)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
         at com.sun.mobile.filter.AMLController.doFilter(AMLController.java:163)
         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
         at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
         at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)

  • Help: which LDAP server should I use with weblogic 5.1

    Hi:
    I try to use LDAP for user profile management. I am free to use any LDAP
    server as long as it is easy to work with weblogic 5.1 or 6.0.
    Any suggestions?
    Thank you.
    li

    This is what I did for my DS settings
    1. select Oracle JDBC Driver
    2. set Classes12.jar in Websphre classpath - (Oracle thin driver)
    3. create DS with option User defined JDBC provider
    means I have added Thin driver provided by Oracle , instead of deprecated Thin driver from IBM.

  • Multiple LDAP directories for authentication

    Hi,
    I just upgraded to GroupWise 2014 (from 2012). In GW2012 I used LDAP authentication against eDir. In GW2014, I associated the GW mailboxes to Active Directory. I tested a few accounts and I can login just fine. However I also have mailboxes that have to authenticate to eDir, because (for now) they don't have AD equivalent accounts.
    To achieve this, I also added the eDirectory as a directory in the GW admin console. I then enabled LDAP authentication in the Post Office security settings, without adding the "Available LDAP Servers" to the "Selected LDAP Servers" box.
    When I logon to a mailbox that is associated to eDir, it allows me to logon. I do have a mailbox that doesn't allow me to logon, although it is associated to eDir. When I re-associate (remove-add) it, it works for a while only to stop working again. It's not entirely stable.
    In the POA log, I see the following message: Alert: Utilize LDAP server which is not in the pool configuration! So it would seem it doesn't particularly like my setup.
    Questions:
    * Is what I'm trying to achieve not supported or am I configuring it wrong?
    * If I add the "Available LDAP Servers" to the "Selected LDAP Servers" box will it use it a failover pool and thus mess up my mixed-directory authentication?
    * Is it possible to use GroupWise authentication for some mailboxes and AD authentication for others. If so, it would take away the need to use eDir.
    Iwan

    It's not an error, just informational. The LDAP AUTH code for the POA has changed somewhat in 2014. Before, it used to only use LDAP servers in a pool, but now, it will first try any LDAP servers/directories in it's "Preferred list", but if it can't not find the user using that list, it will then proceed to try all other LDAP servers that are configured.
    --Morris
    >>> iwan<[email protected]> 1/9/2015 5:16 AM >>>
    Hi,
    I am able to authenticate to AD en edir within the same PO. I would like
    to phase out edir as maintaining two directories is not ideal. The only
    reason I still use edir is for those few GW accounts that do not have AD
    counterparts and for which I do not want to create AD accounts. So using
    LDAP(AD) together with GW auth would be ideal for me. I'll look into
    creating a second PO for this purpose.
    I just wonder why the POA log keeps displaying the following message, if
    having multiple directories in a single PO is supported: "Utilize LDAP
    server which is not in the pool configuration!"
    Iwan
    iwan
    iwan's Profile: https://forums.novell.com/member.php?userid=5639
    View this thread: https://forums.novell.com/showthread.php?t=481102

  • WLC connect LDAP for Authentication, but could not connect to server

    Hi Everyone, I got a problem when I use WLC 5508 connect to LDAP for authentication, but no luck there, it's a simple config, but not easy to work on my job, I got the following messgae:
    Service Port - Not connected
    Distrubution port include:
         Management Interface - in AP Management VLAN - 30
         Student AP interface - in Student VLAN - 20
         Staff AP interface - in Staff VLAN - 10
    AD is in Staff VLAN - 10
    WLC LDAP Server setting
    Base DN:OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
    User Attribute: sAMAccountName
    User Object Type: Person
    Debug aaa all enable message
    *LDAP DB Task 1: Jul 09 01:40:58.969: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
    *LDAP DB Task 1: Jul 09 01:41:00.969: ldapInitAndBind [1] configured Method Anonymous lcapi_bind (rc = 1005 - LDAP bind failed)
    *LDAP DB Task 1: Jul 09 01:41:00.969: ldapClose [1] called lcapi_close (rc = 0 - Success)
    *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to IDLE
    *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to RETRY
    *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP_OPT_REFERRALS = -1
    WLC GUI Log:
    *LDAP DB Task 1: Jul 09 02:56:13.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
    *LDAP DB Task 1: Jul 09 02:56:11.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
    *LDAP DB Task 1: Jul 09 02:56:09.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
    LDP Message of LDAP BaseDN:
    Expanding base 'CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk'...
    Result <0>: (null)
    Matched DNs:
    Getting 1 entries:
    >> Dn: CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
    4> objectClass: top; person; organizationalPerson; user;
    1> cn: Frankie F. Yeung;
    1> sn: Yeung;
    1> givenName: Frankie;
    1> initials: F;
    1> distinguishedName: CN=Frankie F. Yeung,OU=OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
    1> instanceType: 0x4 = ( IT_WRITE );
    1> whenCreated: 8/10/2011 10:28:14 China Standard Time China Standard Time;
    1> whenChanged: 8/10/2011 10:31:26 China Standard Time China Standard Time;
    1> displayName: Frankie F. Yeung;
    1> uSNCreated: 3850555;
    1> uSNChanged: 3850571;
    1> name: Frankie F. Yeung;
    1> objectGUID: 6ebfc7e9-6989-4f11-bae7-62c23af67edc;
    1> userAccountControl: 0x10200 = ( UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD );
    1> badPwdCount: 0;
    1> codePage: 0;
    1> countryCode: 0;
    1> badPasswordTime: 0;
    1> lastLogoff: 0;
    1> lastLogon: 0;
    1> pwdLastSet: <ldp error <0x0>: cannot format time field;
    1> primaryGroupID: 513;
    1> objectSid: S-1-5-21-3867848445-1581729766-1247451615-2172;
    1> accountExpires: <ldp error <0x0>: cannot format time field;
    1> logonCount: 0;
    1> sAMAccountName: fckyeung;
    1> sAMAccountType: 805306368;
    1> userPrincipalName: [email protected];
    1> objectCategory: CN=Person,CN=Schema,CN=Configuration,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
    Hope I can resolve this problem ASAP, thanks!

    Your AD is in the Staff Vlan so maybe the WLC uses the Staff interface instead of management to contact the AD. I don't know how you sniffed exactly.
    The comment about eap methods you saw is when you use LDAP with dot1x security. It is the same as saying "You cannot do peap-mschapv2 or eap-fast-mschpv2 with LDAP".
    But you can do LDAP for web authentication, that has no eap methods.
    Your original problem was a binding problem from the WLC, so we can expect that the WLC really is sending traffic towards AD.

  • Anyone configured OID with weblogic as external LDAP

    Hey,
    I need help from someone who configured Oracle Internet Directory with weblogic 7 or any version to us as external LDAP server.
    Your Help is greatly appreciated.
    Thanks & Best Regards,
    Nagendra

    I was able to use OID as external LDAP for my Weblogic. I was able to move the stuff from Weblogic Embedded LDAP to Oracle Internet Directory Server, I have done it by myself
    Thanks
    Nagendra

  • Need MBAM 2.5 Helpdesk and selfservice sites to open for authenticated users with no password prompt

    I Need MBAM 2.5 Helpdesk and self service sites to open for authenticated users with no password prompt. I just cant seem to get this to work. The account used in the application pool has its SPN registered and delegation set. I can use that account to login
    to the sites but am prompted for a password. That said anyone I add into the helpdesk users group cannot negotiate the sites. Only the account I have set in the application pool can. I want domain authenticated users that have been added to the MBAM Help Desk
    Users group to negotiate the site with NO password challenge at all.
    tconners

    This generally means that your SPN is not set up correctly.  Let's say the web server you installed the SSP on is lance.contoso.com and your app pool creds are corp\lance.  You should set an SPN similar to setspn -s http/lance.contoso.com
    corp\lance.  In your browser, you should now be able to access the SSP without prompts.  However, if you still get prompted, generally that means that your local intranet zone in IE does not have an entry for *.contoso.com.  Since you are entering
    an FQDN in your browser, IE interprets the "." to mean "on the internet" which breaks Kerberos authentication.  By adding *.contoso.com to your local intranet zone, you are telling it that lance.contoso.com is on the intranet, so use
    Kerberos.
    I can confirm, that I have exact configuration and I always get the password promt for the very first time. We have 2 server (1xIIS and 1xSQL) infrastructure in production with SPN set like it should and I get the password prompt.

  • Problem with Windows 7 802.1x prompted for authentication multiple times

    I have setup a WLAN for users to bring in their own devices (devices are not on the domain).  It is setup for WPA2-Enterprise/AES and it doesn't require certificates.  We authenticate with a Cisco Secure Access Server 5.1.44 (setup with Active Directory).
    I have configure dthe Windows 7 wireless client:
    WPA-Enterprise/AES
    PEAP - removed "Validate server certificate"
    EAPMSCHAPv2 properties disabled "Automatically use my Windows login name and password
    Advanced settings 802.1x - ticked for "user authentication"
    My problem is when I connect to the WLAN, I'm prompted for authentication multiple times (x2).  On the second login prompt everything logs in OK.  No errors are received after the first login attempt.
    Thanks

    This doesn't have anything to do with eap settings?
    Are the current defaults the recommended settings:
    EAP-Identity-Request Timeout (seconds)........... 30
    EAP-Identity-Request Max Retries................. 2
    EAP Key-Index for Dynamic WEP.................... 0
    EAP Max-Login Ignore Identity Response........... enable
    EAP-Request Timeout (seconds).................... 30
    EAP-Request Max Retries.......................... 2
    EAPOL-Key Timeout (milliseconds)................. 1000
    EAPOL-Key Max Retries............................ 2
    EAP-Broadcast Key Interval....................... 3600
    I have seen this multiple times on varying drivers and systems. The first time you login until it is cached.
    Thanks,
    Andrew

  • Cannot create connection pool with weblogic jDriver XA for oracle

    Hi everybody,
    we have serious problems configuring the weblogic jDriver for Oracle with support
    for distributed transactions.
    Everything works fine with the non-XA driver.
    We tried the suggestions given here before like setting the environment variable
    ORACLE_SID. However, this does not change the errors we get. We use Weblgic Server
    6.1 SP2 with oracle 8.1.7 (client and server) under Windows NT.
    When attempting to create the connection pool, we get the following exception:
    Starting Loading jDriver/Oracle .....
    <14.05.2002 15:48:30 CEST> <Error> <JDBC> <Cannot startup connection pool "DiplPool"
    weblogic.common.ResourceException: java.sql.SQLException: open failed for XAResource
    'DiplPool' with error XAER_RMERR : A resource manager error has occured in the transaction
    branch. Check Oracle XA trace file(s) (if any) for database errors. The Oracle XA
    trace file(s) are located at the directory where you start the Weblogic Server, and
    have names like xa_<pool_name><MMDDYYYY>.trc.
    at weblogic.jdbc.oci.xa.XAConnection.<init>(XAConnection.java:58)
    at weblogic.jdbc.oci.xa.XADataSource.getXAConnection(XADataSource.java:601)
    at weblogic.jdbc.common.internal.XAConnectionEnvFactory.makeConnection(XAConnectionEnvFactory.java:200)
    at weblogic.jdbc.common.internal.XAConnectionEnvFactory.createResource(XAConnectionEnvFactory.java:57)
    at weblogic.common.internal.ResourceAllocator.makeResources(ResourceAllocator.java:698)
    at weblogic.common.internal.ResourceAllocator.<init>(ResourceAllocator.java:282)
    at weblogic.jdbc.common.internal.ConnectionPool.startup(ConnectionPool.java:623)
    at weblogic.jdbc.common.JDBCService.addDeployment(JDBCService.java:107)
    at weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentTarget.java:329)
    The trace file looks like this:
    ORACLE XA: Version 8.1.5.0.0. RM name = 'Oracle_XA'.
    113105.161:160.160.-1344514975:
    xaoopen: xa_info=Oracle_XA+Acc=P/schamper/schamper+SesTm=100+DB=DiplPool+Threads=true+LogDir=.+DbgFl=0x15,rmid=-1344514975,flags=0x0
    113105.161:160.160.-1344514975:
    ORA-12560: TNS: Fehler bei Protokolladapter
    113105.161:160.160.-1344514975:
    xaolgn_help: XAER_RMERR; OCIServerAttach failed. ORA-12560.
    113105.161:160.160.-1344514975:
    xaoopen: return -3
    We suspect that we do not set the properties of the connection pool correctly. The
    declaration of the pool in config.xml looks something like the following:
    <JDBCConnectionPool CapacityIncrement="1" DriverName="weblogic.jdbc.oci.xa.XADataSource"
    InitialCapacity="10" MaxCapacity="15" Name="DiplPool"
    Properties="user=scott;password=tiger;url=jdbc:weblogic:oracle:srlaptop_aidenbach.muc.sdm-research.de;dataSourceName=DiplPool"
    Targets="Marvin" TestTableName="privcust" URL="jdbc:weblogic:oracle:srlaptop_aidenbach.muc.sdm-research.de"/>
    Are there any known issues with the XA driver and the versions of oracle and Weblogic
    we use? Can someone tell us how exactly we have to define the connection pool or
    provide an example?
    Any help would be greatly appreciated.
    Best regards,
    Michael

    Hi Michael
    Here is an example connection pool tag,
    <JDBCConnectionPool
    Name="oraXAPool"
    Targets="myserver"
    DriverName="weblogic.jdbc.oci.xa.XADataSource"
    InitialCapacity="1"
    MaxCapacity="10"
    CapacityIncrement="2"
    Properties="user=scott;password=tiger;server=ORCL"
    />
    Ensure that the server=ORCL is replaced by server=<what ever the Alias is
    defined in TNSNAMES.ORA file>
    You dont have to specify the URL for this.
    hth
    sree
    "Michael Wufka" <[email protected]> wrote in message
    news:[email protected]...
    >
    Hi everybody,
    we have serious problems configuring the weblogic jDriver for Oracle withsupport
    for distributed transactions.
    Everything works fine with the non-XA driver.
    We tried the suggestions given here before like setting the environmentvariable
    ORACLE_SID. However, this does not change the errors we get. We useWeblgic Server
    6.1 SP2 with oracle 8.1.7 (client and server) under Windows NT.
    When attempting to create the connection pool, we get the followingexception:
    Starting Loading jDriver/Oracle .....
    <14.05.2002 15:48:30 CEST> <Error> <JDBC> <Cannot startup connection pool"DiplPool"
    weblogic.common.ResourceException: java.sql.SQLException: open failed forXAResource
    'DiplPool' with error XAER_RMERR : A resource manager error has occured inthe transaction
    branch. Check Oracle XA trace file(s) (if any) for database errors. TheOracle XA
    trace file(s) are located at the directory where you start the WeblogicServer, and
    have names like xa_<pool_name><MMDDYYYY>.trc.
    at weblogic.jdbc.oci.xa.XAConnection.<init>(XAConnection.java:58)
    atweblogic.jdbc.oci.xa.XADataSource.getXAConnection(XADataSource.java:601)
    atweblogic.jdbc.common.internal.XAConnectionEnvFactory.makeConnection(XAConnec
    tionEnvFactory.java:200)
    atweblogic.jdbc.common.internal.XAConnectionEnvFactory.createResource(XAConnec
    tionEnvFactory.java:57)
    atweblogic.common.internal.ResourceAllocator.makeResources(ResourceAllocator.j
    ava:698)
    atweblogic.common.internal.ResourceAllocator.<init>(ResourceAllocator.java:282
    atweblogic.jdbc.common.internal.ConnectionPool.startup(ConnectionPool.java:623
    at weblogic.jdbc.common.JDBCService.addDeployment(JDBCService.java:107)
    atweblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
    arget.java:329)
    The trace file looks like this:
    ORACLE XA: Version 8.1.5.0.0. RM name = 'Oracle_XA'.
    113105.161:160.160.-1344514975:
    xaoopen:xa_info=Oracle_XA+Acc=P/schamper/schamper+SesTm=100+DB=DiplPool+Threads=true
    LogDir=.DbgFl=0x15,rmid=-1344514975,flags=0x0
    113105.161:160.160.-1344514975:
    ORA-12560: TNS: Fehler bei Protokolladapter
    113105.161:160.160.-1344514975:
    xaolgn_help: XAER_RMERR; OCIServerAttach failed. ORA-12560.
    113105.161:160.160.-1344514975:
    xaoopen: return -3
    We suspect that we do not set the properties of the connection poolcorrectly. The
    declaration of the pool in config.xml looks something like the following:
    <JDBCConnectionPool CapacityIncrement="1"DriverName="weblogic.jdbc.oci.xa.XADataSource"
    InitialCapacity="10" MaxCapacity="15" Name="DiplPool"
    Properties="user=scott;password=tiger;url=jdbc:weblogic:oracle:srlaptop_aide
    nbach.muc.sdm-research.de;dataSourceName=DiplPool"
    Targets="Marvin" TestTableName="privcust"URL="jdbc:weblogic:oracle:srlaptop_aidenbach.muc.sdm-research.de"/>
    >
    Are there any known issues with the XA driver and the versions of oracleand Weblogic
    we use? Can someone tell us how exactly we have to define the connectionpool or
    provide an example?
    Any help would be greatly appreciated.
    Best regards,
    Michael

Maybe you are looking for

  • PI 7.1 XSLT and ASMA

    Hi, I want to set the file name in the File Adapter as part of an XSLT-Mapping. The steps are as follows in the XSLT: 1. Set Filename to new filename in ASMA. 2. Check if Month = '1' on payload xml. . If month = 1 , then copy record in xml, else next

  • Schedule lines in SUS-PO

    Hello, following problem. In SUS it's possible to create some scedule lines in the confirmation process for one PO-position. But if you want to create an ASN afterwards the system doesn' propose the schedule lines of the PO-position. It only proposes

  • My Mozilla updated or changed not too long ago, I had to reset and now it's gone back to 9 thumbnails. How to I get the other one back?

    Okay so like I said above, my Mozilla suddenly changed one day to showing a search box, and two different "favorite" tabs when I opened a new tab. After I set it up with my favorites and deleted the ones I didn't used I liked it a lot better and it w

  • SSIS 2012: Integration Services Catalog not showing data for most recent executions

    Techies-- Under a previous deployment of an SSIS package, I was able to go to the Integration Services Catalog, look under the  folder-->project--> package  then right click and request a standard report for all executions. The report would display t

  • Stuck cd... is it ok to disable the drive?

    so my super drive has been un able to burn cd or dvd for a long time. i took it into apple they confirmed it needed to be replaced but was expensive so i waited.. i dont use it much.. well today i played a cd with itunes and the cd is stuck.. been se