How do I use Generic LDAP Authentication in JDeveloper?

Similar Messages

• How to make use of Windows authentication from my Java application

  I have a Java application, Instead I design one more login page for my application, I want to make use of Windows Authentication.
  How should I use that windows authentication in my java application
  can any help me in suggesting a solution

  How will they be able to access your application if they aren't users of the system?

• Why we use the LDAP Authentication over the DB authentication?

  Hi All,
  Why we use the LDAP Authentication over the DB authentication?
  Any specific region is for that?
  When we use LDAP do we need DB authentication again or it will be optional?
  In same case in ADSI do the DB authentication is optional or compulsory .
  Thanks in advance
  Tusar

  LDAP / AD authentication is useful if you already use it in your organisation and you'll find that most orgs have some form of user authentication already in place.
  Do users in your company have to log into to their machines every morning? If so, why not use those credentials to control access to Siebel? It's a way of providing a single directory of employee authentication information available across applications, keeping maintenance and change costs down.
  When you use LDAP authentication, you specify an AD object that contains a set of DB authentication details so that the component can access the Siebel database. In Siebel 8, you can directly specify those details in the security profile. As such, you only then have to maintain a single set of DB specific authentication details: much easier to manage. You can always switch back to DB authentication if you want to, but you'd have to go through all users accounts and create them with the same login and password specified in AD.

• How Do I Use Generics with Framework Extension Classes?

  Hi Guys and Gals,
  I've been writing alot of duplicate code lately for ViewObjects that are all basically the same. So it occurred to me that perhaps I could put shared code in a Framework Extension Class. My problem lies in the fact that I do quite a bit of class casting as well. I thought perhaps Generics could come to the rescue. But uh ... I don't really know anything about them, which makes asking the right questions or even researching difficult.
  Here's an example of what I would like to accomplish.
  I have many different Master-Detail ViewObjects which are all pretty much the same. For example ...
  PurchaseOrder (1-*) PoRows
  SalesOrder (1-*) SoRows
  Invoice (1-*) InvoiceRows
  etc...
  Here is sample code for the PurchaseOrder / PoRows
    public void cancelDocument()
      RowIterator ri = this.getPoRowsVO();  // access the detail view object
      RowSetIterator rsi = ((RowSet)ri).createRowSetIterator(null);
      while(rsi.hasNext())
        PoRowsVORowImpl next = (PoRowsVORowImpl)rsi.next();
        next.cancelRow();  // call a detail view object method exposed to the client
      rsi.closeRowSetIterator();
    }However, these two lines are cause for ponderance
       1.  RowIterator ri = this.getPoRowsVO();
       2.  PoRowsVORowImpl next = (PoRowsVORowImpl)rsi.next();Which leads me to two questions:
  1) How do I access the Detail part of the relationship in a framwork extension class generically?
  2) If I have to cast, is there a way to read the class type through reflection and cast using a generic method with what I've found?
  I would think writing common methods in a Framework Extension class would really help make maintaining my code easier, and I could see how it would be a powerful tool. But how would one get around these ViewObject specific problems?
  Will

  Hi,
  you are correct, Generics has a different meaning in Java then what you ask for.
  Actually to access a detail row set from a parent row, you can use code like this:
      public void voRowCancel(){
          for (int i = 0; i < this.getAttributeCount(); i++)
                 if(this.getStructureDef().getAttributeDef(i).getAttributeKind() == AttributeDef.ATTR_ASSOCIATED_ROWITERATOR){
                   RowSet rs = (RowSet) this.getAttribute(i);
                  // ... to do ...
      }However, the code you invoke is on a custom implementation class, which makes it difficult to get to this from here.
  Frank

• How can i use "dbloginmodule" after migrating to jdeveloper 11?

  Hi,
  I have developed a simple system with dbloginmodule on jdevelper 10.132,but jdev11 does not support it ,what can I do ?

  hi lixinzhu
  See also this forum message by Frank Nimphius:
  Re: How use DBTableOraDataSourceLoginModule in ADF Security in JDev 11g (Bo
  "+However, WLS does have RDBMLauthentication providers already. You can configure the RDBMS provider through the weblogic console. As a long term strategy we like to bring back the option to configure custom JAAS LoginModules directly, but this will have to wait until the release of the full OracleAs 11 becomes available next year.+"
  success
  Jan Vervecken

• How to get user attributes from LDAP authenticator

  I am using an LDAP authenticator and identity asserter to get user / group information.
  I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
  Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
  Any help would be appreciated

  Hi Julián,
  in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
  A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
  Beginner
  Medium
  Advanced
  Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
  Hope it helps
  Detlev

• AD LDAP authentication or authorization

  Hi,
  It really drives me crazy because I can't seem to find the right solution for my issue.
  I'm trying to use the LDAP authentication for my apex applications.
  So far, straight forward LDAP authentication works just fine, but EVERYBODY who has a user account can log into any application.
  I'm using the %LDAP_USER% string to validate the users and that's just fine.
  But I want to restrict somehow users from logging into my applications.
  Either way by ldap groups or an users table in every application.
  Can someone please help me with this, or give me directions/examples of login functions/schemes?
  Thanks so much!
  Regards, Bas

  What you have done so far is called Authentication. It's the question of "who am I?"
  What you want to add is called Authorization, which is the "what can I do?"
  So, you need to create an Authorization Scheme to secure components of your application. An authorization scheme can secure almost any component of an APEX app including:
  - The application
  - Pages
  - Tabs
  - Regions
  - List items
  - Items
  - Columns in reports
  - More that I'm not thinking of
  Look at the doc on authorization schemes. You have 2 primary options that I can think of:
  1) Use LDAP groups by using the APEX_LDAP package to lookup information about a user. I'm not sure if the member_of function works against AD or just OID, you might need to use the get_attribute function instead. In short, you query AD, then return true or false based on the attributes of the user. Once they are logged in you can reference the username with the :APP_USER APEX variable
  2) A table of usernames (not passwords). You authorization scheme could just be an "Exists query" such as:
  select 1 from valid_users where username = :APP_USEROnce you decide on an authorization scheme and create it, you then edit the security attributes of your app / page / region / etc and apply it
  Tyler Muth
  http://tylermuth.wordpress.com
  "Applied Oracle Security: Developing Secure Database and Middleware Environments": http://sn.im/aos.book

• How to use two different LDAP authentication for my Apex application login

  Hi,
  I have 2 user groups defined in the LDAP directory and I provided the DN string for apex authentication something like the below
  cn=%LDAP_USER%,ou=usergrp1,dc=oracle,dc=com
  cn=%LDAP_USER%,ou=usergrp2,dc=oracle,dc=com
  The problem is I couln't pointout both the groups in DN string, I am trying to allow both usergroups to access the application.
  Does anyone know how to define both the group in LDAP DN String ?.
  Thanx in advance
  Vijay.

  Vijay,
  I don't think you'll be able to use the built-in LDAP authentication scheme. Just create a new authentication scheme that has its own authentication function. In that function code your calls to dbms_ldap however you need. Search the forum for dbms_ldap.simple_bind_s to find examples.
  Scott

• How to use LDAP authentication in Oracle Linux

  Hi All,
  In Oracle Linux 2.6.18-194 el5, goes to system->Administration->Authentication, enabled LDAP in both User Information and Authentication, tried to use network user account information to log in the linux machine but it did not work.
  The login screen waits over 10 minutes after enter username and password each and then says usename and password is not corrent.
  LDAP Settings only asked two information LDAP Search Base on and LDAP Server. We have another application which uses same LDAP server works fine.
  How to make Oracle linux server as LDAP client for user longin?
  Tanks in advance for yur help.

  I have no idea, but you might find it helpful to read Redhat's documentation concerning this subject:
  http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-ldap.html

• How to include all the child OU groups of a master OU group in LDAP authentication

  Dear All,
  I am using Apex 4.2 on windows server 2012 on internet explorer with database 11g R2 all 64 bit.
  we are using Microsoft Active Directory Authentication in our domain.
  I have created two protals, Staff Portal and Student Portal
  I have two groups, Staff and Students. these two groups coming under HCT group.
  I want to configure LDAP authentication for these groups, so that student cannot login to staff portal and vice versa.
  I had created on authentication schema in apex.
  inititally I configured as below
  for example I have a group ETC, inside ETC I have CSS in active directory,
  DN String=cn=%LDAP_USER%,dc=hct,dc=org
  Use Exact distinguish name=YES
  LDAP Username edit function=
  return apex_escape.ldap_dn (
               p_string => :USERNAME,
               p_escape_non_ascii => false ) || ',ou=users,ou=css,ou=etc,ou=staff,ou=hct'   ;
  Username Escaping=NO ESCAPING
  and it is working,
  now I have another group under ETC, which is ESS. how to include ESS also? I mean how to include all the child groups of a master group?
  because I will then only include the STAFF ou and the rest of the ou which coming under staff will come automatically.
  please refer to this thread for more details.
  Re: Re: Different LDAP authentication for Student and Staff Active directory groups
  Thank you.

  Powershell (or vbscript if you want to be old school).
  You can trigger a powershell script which will remove the offending user(s) easily enough with out resorting to a TOLDAP pass.  Nearly any script type thing would work but powershell is preferred.  It can be triggered separately from the TO AD stuff and will take multiple objects to run in one pass if you can construct the command line (or create a text file and feed it in).
  Otherwise, TOLDAP is the way to write to AD...
  Peter

• Using Weblogic LDAP JAAS credentials for 3rd party authentication

  Hello to all!
  I'm posting this question because I'm developing a software layer that will connect a weblogic based web application, with LDAP authentication, to a 3rd party application, also with LDAP authentication, and I'm having difficulties in getting a <b><i>javax.security.auth.Subject</i></b> object from the weblogic server.
  I already have a way of doing it, but it requires that a username and a password exist in some sort of storage, in order to work (either hardcoded (which is to be avoided as much as possible) or stored in a file (which is to be avoided if possible, but if nothing better exists...)).
  I'm using a Weblogic 11g server, with LDAP authentication (LDAP provider placed in last at the provider list, with flag SUFFICIENT) and I'm developing the software layer using Oracle's jDeveloper 11g Release 1.
  Now, this 3rd party application requires a <b><i>javax.security.auth.Subject</i></b> object in order to perform authentication.
  How do I get this from the weblogic server ?
  Of the following approaches, can you tell me which are the most correct ones ?
  <ul>
  a)<b>
      LoginContext lc = null;
      try {
          lc = new LoginContext("<JAAS instance name>");
          lc.login();
      } catch (LoginException e) {
          e.printStackTrace();
      javax.security.auth.Subject subject = lc.getSubject();
  </b>
  </ul>
  <ul>
  b)<b>
      LoginContext lc = new LoginContext("<JAAS instance name>"
          new MyClass.CallbackHandler(userid, password));
      lc.login();
      javax.security.auth.Subject subject = lc.getSubject();
      javax.security.auth.Subject.doAs(subject, myClassObject);
  </b>
  </ul>
  <ul>
  c)<b>
      javax.security.auth.Subject subjectA = weblogic.security.Security.getCurrentSubject();
      subjectA.doAs(subjectA, myClassObject);
  </b>
  </ul>
  Thanks in advance,
  Nuno B.

  Here is a document on Monitoring and Reporting Tool Integration into Network Admission Control.
  http://www.cisco.com/en/US/netsol/ns466/networking_solutions_white_paper0900aecd801dee49.shtml

• How to do LDAP authentication in OC4J instance?

  Need to configure third party LDAP authentication for an application deployed in OC4J instance. How to configure this?

  Hi,
  I think that links will be useful to you!
  http://download-uk.oracle.com/docs/cd/B15904_01/web.1012/b14013/configoc4j.htm
  http://www.oracle.com/technology/sample_code/tech/java/codesnippet/security/jaznldap/index.html
  Afonso

• Using PAM for LDAP authentication

  Good Day All,
  I want to know how I can use PAM to enable users authenticate to my Solaris 9 Box using an existing LDAP server.I would appreciate if the explanation is simpler and more detailed as I am new to this stuff.Also is there any othe means like an open source solution so that users can use a centrailzed authentication server so that users gain access to a solaris box without going for a local /etc/passwd and /etc/shadow files.

  It depends on what LDAP Server you used.
  The steps are more than just the pam_ldap configuration.
  You may find the following how-to useful or not at all.
  http://web.singnet.com.sg/~garyttt/
  HTH
  Gary

• Designer takes several minutes for login using LDAP authentication

  We have a issue, when we tried to login to the designer using LDAP authentication it takes several minutes and using enterprise account we are able to login to the designer with in seconds.
  CMC and infoview all are working fine using LDAP authentication.
  We are using BOXIR2,
  FP 1.6.
  Thank You in Advance.
  Thanks & Regards,
  Collin.

  There have been several changes in LDAP since FP 1.6 but if infoview is ok then hopefully you aren't running into any of them. When logging into client tools the LDAP requests are sent to the LDAP server directly from the client. An issue like this would suggest there is a problem reaching the LDAP server from the client.
  Is LDAP SSL being used? If yes try disabling it, if no then you can packet scan the logon attempt on the client and filter the LDAP traffic to see how long it's taking for that communication.
  Regards,
  Tim

• SharePoint 2010 with LDAP authentication, using NOVELL eDirectory

  One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
  Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
  I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
  In the Membership provider name text box I entered "LdapMember"
  In the Role provider name  text box I entered "LdapRole"
  In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
  <membership>
  <providers>
  <add name="LdapMember"
  type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
  <providers>
  <add name="LdapRole"
  type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  groupContainer="OU=people,O=validobject"
  groupNameAttribute="cn"
  groupNameAlternateSearchAttribute="samAccountName"
  groupMemberAttribute="member"
  userNameAttribute="sAMAccountName"
  dnAttribute="distinguishedName"
  groupFilter="((ObjectClass=group)"
  userFilter="((ObjectClass=person)"
  scope="Subtree" />
  </providers>
  </roleManager>
  I modified the SecurityTokenServiceApplication web.config with these details
  <system.web>
  <membership>
  <providers>
  <add name="LdapMemebr"
  type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  <roleManager enabled="true">
  <providers>
  <add name="LdapRole"
  type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  groupContainer="OU=people,O=validobject"
  groupNameAttribute="cn"
  groupNameAlternateSearchAttribute="samAccountName"
  groupMemberAttribute="member"
  userNameAttribute="sAMAccountName"
  dnAttribute="distinguishedName"
  groupFilter="(&amp;(ObjectClass=group))"
  userFilter="(&amp;(ObjectClass=person))"
  scope="Subtree" />
  </providers>
  </roleManager>
  </system.web>
  I modified the web.config of the test application I created with these details
  <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
  <providers>
  <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
  <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  groupContainer="OU=people,O=validobject"
  groupNameAttribute="cn"
  groupNameAlternateSearchAttribute="samAccountName"
  groupMemberAttribute="member"
  userNameAttribute="cn"
  dnAttribute="dn"
  groupFilter="(&amp;(ObjectClass=group))"
  userFilter="(&amp;(ObjectClass=person))"
  scope="Subtree" />
  </providers>
  </roleManager>
  <membership defaultProvider="i">
  <providers>
  <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
  <add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  useDNAttribute="true"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
  The server could not sign you in. Make sure your user name and password are correct, and then try again.
  I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
  8306 - SharePoint Foundation - The security token username and password could not be validated.
  in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
  then this:
  Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
  at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
  The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
  The LDAP server tells the SharePoint server it is ready to communicate
  the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
  The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
  The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
  The SharePoint server acknowledges the connection is closing
  ... and then nothing happens, except the error on SharePoint
  What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
  specified in the web.config). That part does not seem to be happening.
  I am at a standstill on this and any help would be greatly appreciated.

  OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
  is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
  for enabling Forms Based Authentication:
  "ASP.NET Membership provider name"
  "ASP.NET Role manager name"
  We entered a name for Membership provider, and left Role manager blank.
  In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
  <membership>
  <providers>
  <add name="LdapMember"
  type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword="validpassword"
  useDNAttribute="false"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  <roleManager>
  <providers>
  </providers>
  </roleManager>
  useDNAttribute="false" turned out to be important as well.
  So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
  leave anything related to the role provider blank
  configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
  Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
  Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
  a non-existent role manager.