How to use ADF Security policies in OID Ldap

Similar Messages

• How to make adf security?

  Dear all
  How to make adf security?
  I am new adf security.
  I'm facing security issue. Now i need to secure me application (User, Group, Role etc...)
  Oracle recommend me use WebLogic internal LDAP or OID. How to manage User, Group, Role deploy after?
  Thanks Lhagva

  Hi,
  once you deployed an application, users and roles are no longer in the domain of ADF Security. So the administration is
  WLS console - if users and groups are in the WLS LDAP
  Identity Management - if users and roles are in OID, RDBMA, Active Directory etc.
  Enterprise Managers - to manage application roles and granting permissions or application roles to enterprise groups
  Frank

• ADFS and SharePoint Integration: How to use ADFS Roles?

  Hello,
  I've successfully integrated SharePoint with ADFS2 and users can login by ADFS. One of the claims mapping in ADFS and SharePoint is SAM-Account-Name->Windows account name.
  Is there any guideline how to grant a permission to an specific role? For example I want to grand read access to an specific list to a specific AD group called "ListReaders"
  A link to an online article explains how to use ADFS Roles in SharePoint would be a great help.
  Thank you,

  Hi Allan,
  According to your description, my understanding is that grant permission to ADFS roles.
  Please refer to “A Fellows” last suggestion to grant permission to ADFS roles in the link below:
  http://social.technet.microsoft.com/Forums/en-US/4d5ee453-1447-4d14-b297-33c27ef2c24d/permissions-using-adfs-roles?forum=sharepointadmin
  More reference:
  http://www.css-security.com/blog/claims-based-authentication-and-authorization-with-adfs-2-0-and-sharepoint-2010/
  Thanks,
  Victoria
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Victoria Xia
  TechNet Community Support

• Oepe-12.1.2.1-kepler how to use ADF Templates in JSP page

  Hi all,
      I use oepe 12.1.2.1 kepler 4.3 and creating JSP page but I can't see any ADF Rich Faces Page in JSP Templates Page of Preferences Dialog. How to use ADF Templates in JSP page?
  Thanks,
  Thomas

  Select the JSP Templates link. Is the ADF Rich Faces Page template listed? Refer Creating the Login Page/4.
  Introduction to the Oracle Enterprise Pack for Eclipse (OEPE) IDE

• Create .jspx page to add users using ADF security.

  Hello,
  I'm using JDeveloper 11.1.1.3. I've created a login page (form based) with different users and roles using ADF Security. I'm able to successfully login/logout through the users and get redirected to the home page. However, i'm asked to create a page by which i can create users and add roles to them. This page will only be accessible by the administrator. I searched this forum for anything that might help, but couldn't find anything. Can anyone help?
  Thanks,
  Mohamed.

  check this thread:
  Re: change password in jazn-data.xml programmatically

• How to use ADF variables in C:when test?

  I have a <af:iterator in my page fragment as follows
  <af:iterator id="i1" value="#{queryModel.currentDescriptor.conjunctionCriterion.criterionList}" var="criterion" varStatus="vs">
  Within this iterator, I want to make a decision absed on the index of the iterator. To do this test, I am using jstl as follows
  <c:when test="${vs.index == '0' or vs.index == '2' or vs.index == '4'}">
  This test is however always evaluating to false. I have tried cahnging my code using various combiantion as below ...
  <c:when test="#{vs.index == '0' or vs.index == '2' or vs.index == '4'}">
  <c:when test="${vs.index == 0 or vs.index == 2 or vs.index == 4}">
  <c:when test="${vs.index == '0' || vs.index == '2' || vs.index == '4'}">
  But nothign seems to be working fine.
  Can some one help me with what I am doing wrong?
  Thanks.

  How to use ADF variables in <C:when test?

• How to use ADF Faces with struts1.3.8

  Hi
  Can anybody guide us how to use ADF faces with Struts 1.3.8.
  Your help will be appreciated.
  Thanks
  Chetan

  Xpp,
  Have a look at the ADF Developer's Guide for specific instructions on menus (the ADF Developer's Guide for Forms/4GL Developers has the information in section 19.2).
  You can put javascript handlers on the components to get keyboard event handling.
  John

• Migrating ADF Security Policies to Active Directory

  Hi,
  Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
  Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
  Thanks.

  Hi,
  Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
  Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
  Thanks.

• Best way Of providing user authentication using ADF security...

  Hi,
  I have a web application . I want to implement to ADF security to the application.. What is the best approach of doing this? I have the user information in the database tables along with the roles and other information. I want to these tables for authorization ?
  What is the best approach to do this? It would be great if u could help ..
  I ma using 11g release 2
  Thanks in advance.
  Rakesh

  Hi,
  Thanks for the quick response.
  I have been looking at the post but i found one of the forum post in which the person was saying the SQLAuthentication doesnt work ..
  "Be wary when using ADF Security (OPSS) with a SQLAuthenticator.
  This is feedback I got in SR 3-4124753004 :
  "If the you want to use DB as the identity store, then the supported way is to buy OVD server license and configure DB adapter in OVD and then configure an OVD authenticator in Weblogic. SQLAuthenticator will not be used as identity store. And, we do not recommend to use LibOVD for DB identity store. OVD server is the recommended and supported way."
  related bugs are :
  - bug 13876651, "FMW CONTROL SHOULD NOT ALLOW MANAGING USERS GROUPS FROM SQL AUTHENTICATOR"
  - enhancement request 12864498, "OPSS : ADDMEMBERSTOAPPLICATIONROLE : THE SEARCH FOR ROLE FAILED"
  related forum threads are :
  - "ADF Security : identity store : tables in a SQL database"
  - "OPSS : addMembersToApplicationRole : The search for role failed"
  regards
  Jan Vervecken"
  Is this true?
  Rakesh

• Authenticate ADF application using adf security wizard against LDAP OID

  I have an adf application which i intend to authorise using LDAP. For now , i have actually hand coded in java for authenticating the users of my application. Using JNDI I directly connect to LDAP and authenticate users. However , recently it came to my notice that i can also do that using ADF sercurity wizard , but i am unable to do so. which securing the ADF application ,no where in the wizard LDAP configuration is mentioned. do i have to change some file manually ? i have no idea on how to proceed on that.

  i have setup wls , making th OIDAuthentication as Sufficient. but i dont know how to configure from ADF side so that it can authenticate against LDAP. when i try the ADF sercurity wizard option , it tells me to create new Roles . Is there any way where i can import the ldap credentials to the security wizard ..?

• JDev11g : How to add java servlet under ADF security policies

  I'm trying to set a same login on http servlet ( i create it trough wizard in jDev ) as it is for other .jspx pages.
  I configured the jazn-data.xml and login ( user roles, realms ) is working fine.
  But i can't configure http servlet to be under this authorization.
  This problem occured when I was migrating from jDev 11g TP4 to production also from OC4J to WebLogic,
  but if I create a new http servlet I am also unable to put it under JAZN authorization.
  Thank you in advance for your help, Rok Kogovšek

  I reproduced problem on new test application, it was working fine until I set up ADF Security by wizard.
  I choose ADF Authentication and Authorization then Http Basic Authentication ( on real project is form based but probablly this doesn't matters )
  then for Identy store I chose Application XML, no automatic grants and without redirect.
  I also set inside web.xml this ( to put servlet under same login as other pages ).
  *&lt;security-constraint&gt;*
  *&lt;web-resource-collection&gt;*
  *&lt;web-resource-name&gt;testServlet&lt;/web-resource-name&gt;*
  *&lt;url-pattern&gt;/test&lt;/url-pattern&gt;*
  *&lt;/web-resource-collection&gt;*
  *&lt;auth-constraint&gt;*
  *&lt;role-name&gt;valid-users&lt;/role-name&gt;*
  *&lt;/auth-constraint&gt;*
  *&lt;/security-constraint&gt;*
  When I finish this i got same error as on first project.
  Here is whole error:
  oracle.jbo.common.ampool.ApplicationPoolException: JBO-30003: The application pool (oracle.fod.mobile.testModuleLocal) failed to checkout an application module due to the following exception:
  at oracle.jbo.common.ampool.ApplicationPoolImpl.doCheckout(ApplicationPoolImpl.java:2262)
  at oracle.jbo.common.ampool.ApplicationPoolImpl.useApplicationModule(ApplicationPoolImpl.java:3086)
  at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:453)
  at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:424)
  at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:419)
  at oracle.jbo.client.Configuration.getApplicationModule(Configuration.java:1395)
  at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1363)
  at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1335)
  at oracle.fod.mobile.testServlet.doGet(testServlet.java:22)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(Unknown Source)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Caused by: oracle.adf.share.security.ADFSecurityAuthenticationException: JAAS login error.
  Invalid null input: name
  at oracle.adf.share.security.authentication.JAASAuthenticationService.doLogin(JAASAuthenticationService.java:120)
  at oracle.adf.share.security.authentication.JAASAuthenticationService.login(JAASAuthenticationService.java:89)
  at oracle.adf.share.security.authentication.JAASAuthenticationService.login(JAASAuthenticationService.java:71)
  at oracle.jbo.common.UserAznUtil.authenticate(UserAznUtil.java:62)
  at oracle.jbo.common.UserAznUtil.authenticateUser(UserAznUtil.java:29)
  at oracle.jbo.server.ApplicationModuleImpl.prepareSession(ApplicationModuleImpl.java:6387)
  at oracle.jbo.server.ApplicationModuleImpl.prepareSession(ApplicationModuleImpl.java:6356)
  at oracle.jbo.server.ApplicationPoolMessageHandler.doPoolMessage(ApplicationPoolMessageHandler.java:171)
  at oracle.jbo.server.ApplicationModuleImpl.doPoolMessage(ApplicationModuleImpl.java:8377)
  at oracle.jbo.common.ampool.ApplicationPoolImpl.sendPoolMessage(ApplicationPoolImpl.java:4364)
  at oracle.jbo.common.ampool.ApplicationPoolImpl.prepareApplicationModule(ApplicationPoolImpl.java:2421)
  at oracle.jbo.common.ampool.ApplicationPoolImpl.doCheckout(ApplicationPoolImpl.java:2207)
  ... 25 more
  Caused by: javax.security.auth.login.LoginException: Invalid null input: name
  at javax.security.auth.login.LoginContext.init(LoginContext.java:229)
  at javax.security.auth.login.LoginContext.(LoginContext.java:367)
  at javax.security.auth.login.LoginContext.(LoginContext.java:444)
  at oracle.adf.share.security.authentication.JAASAuthenticationService.doLogin(JAASAuthenticationService.java:102)
  ... 36 more
  *And here is the sample application on which i reproduced this error [http://www.k-invent.si/doc/testServlet.zip|https://marvin/exchweb/bin/redir.asp?URL=http://www.k-invent.si/doc/testServlet.zip]*
  Thank you for your help, Rok Kogov&scaron;ek

• How to use  ADF application functionality in Webcenter Portal

  Hi,
  We have an separate ADF application with bunch of functionality that are been using in others applications.We have to use these functionality in the WebCenter portal.
  In this ADF application, each jspx page used for implementing different functionality(for example Calendar for one page, subscriptions for one page like that) and there are no bounded task flow used.
  Challenge here is, need to some how import the ADF application as reusable component (section) and yet to use different functionality (I mean accessing each jspx page)
  So, what are the ways we can utilize these ADF functionality in WebCenter portal? Let me know your thoughts?
  Any help really appreciated.
  Thanks,
  San.

  All,
  if you have WebCenter in place the best way is to use the ADF portlet bridge. You can create portlet entries at design time in JDev on each JSPX as well as on any TaskFlow definition (right click as mentioned above). That's quite convenient if you stay in the WebCenter / ADF world. You'll get the standalone as well as the portletized application so the standalone version will still be working. Mind that if you portletize an ADF Application you need to deploy it in a portlet runtime. That means you need to extend your ADF container with the portlet runtime. That requires a WebCenter license for the server since the portlet runtime is a part of the WebCenter product stack.
  In respect of SSO, after deploying your Portlet Producer App you'll get WSRP Webservices on application level for which you can apply OWSM policies (Enterprise Manager) so the identity of the portal will be propagated to the Portlet Producer App. Details can be found on WebCenter Portal Developer's Guide.
  Just to let you know that these portlets can be only consumed on Oracle's portals (be that WebCenter or Oracle Portal 11g). That's caused by some Oracle specific WSRP additions to the ADFPortlet Bridge.
  Jiri, what do you mean with "enhance it with portal features"? Oracle's portlet aproach is fully based on WSRP, means decoupling. So you cannot add portal features to the portlet. Everything has to be packed in request and response. There's no direct access to portal /portlet resources to interact with.

• How to retrieve ADF security username in PL/SQL?

  I would like to create a database trigger to log the change to a table and would like to catch the username logged in through ADF security setup.
  How do I retrieve this user name (not the database username) in the trigger?
  Thanks,
  Richard

  Richard,
  Welcome to OTN.
  Always mention your jdev and clear usecase (recommended to read this announcement first : https://forums.oracle.com/forums/ann.jspa?annID=56).
  What trigger do you mean? Logged in username for an adf app can be caught using #{securityContext.userName} groovy. You can use this to pass this wherever required. Set this to the place required accordingly, so that you can get it in the trigger.
  -Arun

• How to use ADF Query search with EJB 3.0

  Hi,
  In ADF guide http://download.oracle.com/docs/cd/E12839_01/web.1111/b31974/web_search_bc.htm#CIHIJABA
  The steps to create query search with ADF Business Components says:
  "+From the Data Controls panel, select the data collection and expand the Named Criteria node to display a list of named view criteria.+"
  But with EJB, I'm not able to find Named Criteria node. Can we use ADF query search component with EJB? If yes, can you please show me some example, tutorial etc.?
  Thanks
  BJ

  For EJBs you'll need to implement the query model on your own.
  An example of how the model should look like is in the ADF Faces components demo.
  http://jdevadf.oracle.com/adf-richclient-demo/faces/components/query.jspx
  Code here:
  http://www.oracle.com/technology/products/adf/adffaces/11/doc/demo/adf_faces_rc_demo.html

• How to use Object Class:orclDbServer in OID

  Not sure if i have posted in the correct forum, I am quite new to OID
  I am planning to use orclDbServer Object Class, but not sure how to use, i have searched in Google, and Oracle Documentation, there are so little information about this, there are only:
  Object Class: orclDbServer
  Description: Defines the attributes for database service entries
  Attributes: orclNetDescName, orclVersion
  Below is the ldif file i created for add one entry with object class orclDBServer:
  dn: cn=orclDBServer_test, cn=OracleContext, dc=ldapcdc, dc=lcom
  changetype: add
  objectclass: top
  objectclass: orclDBServer
  cn: orclDBServer_test
  orclNetDescName: (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST=10.182.114.121)(PORT = 1521))(CONNECT_DATA = (SERVER = DEDICATED)(SERVICE_NAME = oh112)))
  after i use below command to add this entry:
  ldapadd -h localhost -p 389 -D "cn=orcladmin" -w welcome1 -f test_add.ldif
  then use ldapsearch to search:
  ldapsearch -h localhost -p 389 -b "dc=lcom" "objectclass=orclDBServer"
  the result is like below:
  cn=orclDBServer_test, cn=OracleContext, dc=ldapcdc, dc=lcom
  cn=orclDBServer_test
  orclnetdescname=(DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST=10.182.114.121)(PORT = 1521))(CONNECT_DATA = (SERVER = DEDICATED)(SERVICE_NAME = oh112)))
  objectclass=top
  objectclass=orclDBServer
  objectclass=orclService
  It seems it added a line for me:
  objectclass=orclService
  Is there anything wrong with my ldif file when i want to use orclDbServer?
  Edited by: ening on Jan 5, 2010 9:31 PM

  Hi,
  if you are having main controller and sub-controller then you may need to use below coding to use application class reference.
  *Data declaration
    DATA:  obj_cntrl        TYPE REF TO cl_bsp_controller2,
           obj_sub_cntrl   TYPE REF TO z_cl_sub_cntl,
           application TYPE REF TO z_cl_application.
  *Get the controller
    CALL METHOD obj_main_cntrl->get_controller   "obj_main_cntrl is the object of main controller
      EXPORTING
        controller_id       = 'SUB'   "Controller ID
      RECEIVING
        controller_instance = obj_cntrl  .
    obj_sub_cntrl ?= obj_cntrl  .
    application ?= obj_sub_cntrl ->application.
  or simply use below code in your controller method.
    application ?= me->application.
  Thnaks,
  Chandra