How to authenticate against AD?

Similar Messages

• How to authenticate CXF-Webservice against external LDAP in WebLogic?

  Hi there,
  I'm trying to integrate our Camel-application into WebLogic 12c. All the incoming endpoints are CXF-based webservices. These are secured by "UsernameToken Timestamp" with the WSS4JInInterceptor configured like this:
  <bean id="wss4jInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
            <constructor-arg>
                 <map>
                      <entry key="action" value="UsernameToken Timestamp" />
                      <entry key="passwordType" value="PasswordDigest" />
                      <entry key="passwordCallbackClass"
                           value="de.mycompany.camel.cxf.UserTokenCallbackHandler" />
                 </map>
            </constructor-arg>     
  </bean>
  My problem is: WSS4JInInterceptor expects the UserTokenCallbackHandler to return the password of the user delivered in the header <wsse:Username>. Is there any way to retrieve this from an external LDAP configured in WebLogic? I've already managed to retrieve the users, groups etc with JMX (javax.management.MBeanServerConnection and weblogic.security.providers.authentication.LDAPAuthenticatorMBean), but I can't figure out how to authenticate the user against the LDAP, i. e. retrieve the password.
  Or am I heading in a completely wrong direction and this is not the way to achieve authentication for CXF-Webservices in WebLogic?
  Please give me a hint (code-snippets preferred ;-) ) how to solve this.
  Regards,
  Frank

  I have run into the exact same situation ? Did you ever get around this ? If so, how ? Please let me know.

• How do you get OS X Lion to authenticate against LDAP?

  Need help getting OpenLDAP to authenticate against LDAP on  Linux server....please help!

  Go to the Users & Groups system preferences, click "Login Options:" and then click "Edit" next to "Network Account Server." Then click the plus button and add your LDAP authentication server. You can also click the Directory Utility button to further refine the settings for your server and the LDAP service.

• Assigning a login module to a single WebDynpro to authenticate against LDAP

  Hi there,
  we are running the J2EE Engine 7.0 within XI on SAP NetWeaver 2004s / Linux x86_64.
  Basically, i want to Authenticate a Java WebDynpro against an LDAP (Active Directory). With the XI Usage installed, I can not customize the UME to authenticate against an LDAP (not supported and not possible).
  Thus, I want to use a custom login module or, if suitable, a standard login module to authenticate against LDAP. I know that all WebDynpro Apps use the default authentication scheme that in turn references the authentication template "ticket".
  1) Can I use a predefined Login Module to authenticate against Active Directory LDAP or do I have to write a custom login module?
  2) Is it possible to assign a login module to a single WebDynpro and how can I do this?
  Thanks a lot in advance,
  Oliver Kalkofen

  > Thus, I want to use a custom login module or, if
  > suitable, a standard login module to authenticate
  > against LDAP.
  We have developed a custom login module which does this. It looks to the user like the BasicPasswordLoginModule provided with SAP, but the userid and password entered has to be a valid accountpassword from the Active Director domain. We use the Kerberos protocol to perform this useridpassword validation, not LDAP. The userid can be just a name, in which case the default domain (realm in Kerberos terminology) or it can be specified as user@REALM in which case a non-default realm can be used to authenticate. Once the authentication is complete, we look in USRACL table to map this Kerberos principal name onto a SAP userid so we can then create an SSO2 ticket.
  If you interested to evaluate, or get a quote for purchasing this, please contact me offline. Of course, you can develop your own if you are happy to do so. I just thought you might be interested to know of an alternative.
  Thanks,
  Tim

• Messaging Server authenticate against directory server

  Just wonder how to make messaging server authenticate against directory server? Basically I created users on the directroy server, and would like to let these users to access messaging server?
  Thanks for advice!

  I'm sorry, your question doesn't really make any sense.
  Messaging Server always authenticates to users in a Directory.
  How did you "create users"? That may be the problem. If you don't create the users with the provisioning tools provided with Messaging, then the users don't have the correct object classes and attributes to function as Messaging users.

• How to authenticate a Non domain member laptop with AAA

  Dear all,
  I do have problem in resolving issue for AAA, the scenario is like if a user connect his laptop with a cisco Switch, and the computer is not a member of domain, we do like to allow internet and get an ip from DHCP server only to those users who;s computers are member of active directory. do let me know how is it possible? support will be appreciated.
  Regards
  Ibrahim

  Hi Ibrahim,
  Do you use CiscoSecure ACS?
  If so, this is possible, using AAA/dot1X on the switch and configuring ACS to authenticate against Active Directory.
  There are lots of configuration examples available here:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_configuration_examples_list.html
  Specifically the wired dot1x; nac: ldap integration with acs; cisco secure acs for windows with eap-tls machine authentication.
  Although some of these are for wireless, I can't see why the principle can not be applied to wired.
  Also there are posts on the learning network:
  https://learningnetwork.cisco.com/thread/2221
  https://learningnetwork.cisco.com/thread/12897
  Regards, Ash.

• How to authenticate Username and password in MVC using Azure Active Directory

  Need a sample application where in need to authenticate user entered logindetails using Azure Active directory.

  Hi,
  Kindly go through beneath article which helpful to understand the procedure.
  How to Authenticate Web Users with Azure Active Directory Access Control
  http://azure.microsoft.com/en-in/documentation/articles/active-directory-dotnet-how-to-use-access-control/
  Developing ASP.NET Apps with Windows Azure Active Directory
  http://www.asp.net/identity/overview/getting-started/developing-aspnet-apps-with-windows-azure-active-directory
  Adding Sign-On to Your Web Application Using Azure AD
  https://msdn.microsoft.com/en-us/library/azure/dn151790.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Can the Design Console authenticate against the OID?

  Can the Design Console authenticate against the OID?
  In my setup the users authenticate against the OID server when logging to OIM Web Console.
  The OID has a plugin that redirects the authentication request to the Microsoft AD server.
  That way the users can login to OIM Web Console using their Microsoft network password.
  A small problem is that I have a handful of users that need to use the Design Console, and when they attempt to login it almost always fails at first.
  It fails because they forget that the password they have to type on the Design Console login screen actually resides within the OIM Server and as time goes by the password becomes different then the one used to login to the Microsoft network.
  So i wondered if it is somehow possible to configure the Design Console to authenticate against my OID server, then it would redirect the authentication request to the Microsoft AD Server and they would not have to bother about what is/was the password stored within the OIM.
  Thanks for any thought on the matter.
  Adriano.

  Design Console always authenticate against the OIM user credentials. I suppose this is due to the factor that this does not behave as an http request over web, so its almost impossible to redirect the login request to some other server(AD/OID etc).
  I also did not find this in the Oracle documentation, so I suppose its not possible. The AD Pass Syncwould work but just installing the AD Pass Sync for a handful of users (accessing design console) would not be recommended as it requires an agent to be installed on AD side. You might need to handle the OIM passwords for such users manually.

• How to autenticate against database using OPS logon

  Hi,
  is there a possibility to authenticate a forms
  application against database using
  operating system (W2K - domain) logon directly,
  without any SSO (SSO and LDAP)?
  What are the requisites i need?
  Thanks in advance,
  Robert
  mailto: [email protected]

  Robert
  as far as I know, for Forms on the Web there isn't yet a way to do this. In the upcoming release Oracle 10G Forms (9.0.4) and Oracle Application Server 10G OID can be used to authenticate against Windows domains. This way you could use SSO for what you want. I am saying this carefully because I didn't tried it but took it from the OID specs.
  Frank

• How to authenticate your webapplication ?

  hi
  how to authenticate your webapplication in java
  Thanks
  jiten

  Develop a login routine :s
  Most people will simply do the basics: login form, submit, database check. You could also authenticate through the webserver (or with HTTP authentication for example). Then there are the authentication API's, like JAAS.
  http://java.sun.com/products/jaas/

• Make netatalk on FreeBSD authenticate against OD?

  Hello!
  I recently set up a ZFS file server running FreeBSD. I'm sharing the pool with netatalk, and it works just fine. What I really want to get working, though, is authentication against our central Xserve G5 running Leopard server. All of our services requiring authentication, goes through OD, so it would have been really nice to get this working on the file server too.
  I tried to follow this howto in the FreeBSD handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/ldap-auth/article.html#CLIEN T However, I really do not know very much about LDAP, and I can't seem to get it working. When running ldapsearch, I get this in response:
  # ldapsearch
  # extended LDIF
  # LDAPv3
  # base <dc=kreativsone,dc=no> (default) with scope subtree
  # filter: (objectclass=*)
  # requesting: ALL
  # search result
  search: 2
  result: 32 No such object
  # numResponses: 1
  - What does this mean? Do I have to use SSL or TLS or something? Any help is appreciated! If you need some output or something, please ask!

  Thanks, but unfortunately this does not help. In order to get netatalk to authenticate against OD, I need to get FreeBSD authenticating against OD. That is my main problem.

• How to authenticate to webserver using URLScraper.

  I want to use the URLScraper channel within the portal to display the content of a HTML file that is located on a webserver. This webserver requires authentication of the user. When I display the content as a link in a bookmark channel, the portal uses Basic authentication to login to webserver. When I use the URLScraper, the message "No access" is displayed in the channel. Does anyone know how to authenticate within an URLScraper channel?
  Regards,
  Twan Janssen

  You can use a Java "Authenticator"-class and register it as the "default Authenticator" in the channel. The Authenticator gets its user depending on the Logon Information from the Profile Server using Profile API.
  Thanks,
  Raj_indts
  Developer Technical Support
  Sun Microsystems
  http://www.sun.com/developers/support

• How to authenticate with OD on Network Accounts outside of a LAN

  Does anybody have a solution for allowing a mac computer client to connect and authenticate against my mac mini OD server outside of its LAN. This is so they can access their network accounts. On the laptop at a friends house using snow leopard, I added successfully the network account server which is running at home to their system. When I log out the user accounts appear however upon passwod authentication, the screen just shakes its head.
  What can be done so that my friend can be able to log in.
  I could sure use some help from all you lovely people out there. Thank You for your time and God Bless.
  Joe

  Have you considered enabling the account to be Mobile Accounts? that way even when the network is down, say on an airplane or where ever, they could sitll log into their computers?
  Have you tried turning off the firewall? or DMZ the Mac Server? (incase of a port issue) if it works, then you know where to look.
  I assume you have: 389, 636, 625, 2336, 4120, 749, 88, 4511
  Along the same lines, do you know if they're directly online; or behind a firewall from where ever they're trying to conenct?
  Is the OD set to accept all kind of authetication? or only specific porticals? KDC vs Hash, extra. if some login methods are disabled, have you tried enabling them?
  Also you could try looking at the secure.log to see if it's spitting out an error message.
  you could also try turning on debugging, and seeing what shows up in the log. Mac OS X Server v10.5, 10.6: Enabling Directory Service debug logging

• Authenticate against AD then Internal Store with same username?

  I know this sounds easy at first glance but I am having a nightmare of a time finding a way to get this to work.  Our engineers were used to OUR old ACS 3.2 method where an account was either authenticated against the internal user store or Wwindows AD and would like to duplicate this functionality with the our new ACS 5.3 setup.  I fully realize that the two models are not even close to being similar between those two versions but I am being asked anyway.
  Here is the crux of the issue.  If you have a jsmith account in the internal user store with one password, and also a jsmith in AD with a different password then the system cannot seem to handle different accounts with same name when it comes to passwords.
  I have an internal store sequence setup to authenticate against AD then the local data store.  The problem is that if the user puts the password of the internal store user the ACS server sees that the user exists in AD but that password was incorrect and authentication fails.
  Bottom line is that I need some kind of logic that says try to authenticate against AD first with this username and password, and if that fails instead of ending there try to authenticate to the internal store using the given username and password.
  Appreciate any help on this.

  Jagdeep,
  I thought ACS 5.3 allowed you to use the internal database but point the password authentication to AD? However if the user isnt found then we can point to AD by using a identity sequence store?

• How can authenticate users´portal in OIM?

  I have installed Aqualogic Interaction 6.5, and I want import and authenticate users from OIM(or another LDAP)? What i can do?
  I read that i must install Oracle webcenter identity services? It´s true? Where i can adquire?
  thanks

  I have not tried with 6.5, btu I think you just need to install one of the identity services which allow you to sync and authenticate against various sources (LDAP, AD, etc). See here for more info http://edocs.bea.com/alui/integration/