HTTP Authentication Methods

Similar Messages

• Lync mobility and HTTP authentication test failed. Is reverse proxy required?

  I currently have the following setup.
  1 x 2013 edge server lync1.local.com
  has 3 dmz ips for external names 
  has 1 internal ip
  2 x 2013 std front end servers lync2 & lync3.local.com
  Ive read that in 2013 the mobility service is installed automatically on the front end servers and i do see it running on both.
  All my clients can connect from the windows and mac clients(internally and externally) but not from phone or windows app store client (internally or externally)
  running the exchangeconnectivity test on the website i get the following error
  Testing HTTP authentication methods for URL https://lyncdiscover.external.com/Autodiscover/AutodiscoverService.svc/root/user.
    HTTP authentication test failed.
  Additional Details
  A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
  HTTP Response Headers:
  X-MS-Server-Fqdn: lync1.local.com
  Connection: close
  Content-Length: 64
  Content-Type: text/plain
  Server: RTC/5.0
  Elapsed Time: 427 ms.
  After some reading I notice that many people refer to a reverse proxy when dealing with mobility.
  I do not have a reverse proxy server installed. Is this required for the mobility to work correctly? I cant just use the edge server?
  Thanks in advance for any help.

  Take a look at Georg Thomas' blog: http://www.lynced.com.au/2014/04/configure-citrix-netscaler-vpx-as.html also the Citrix official documentation: http://www.citrix.com/global-partners/microsoft/netscaler.html 
  Please mark posts as answers/helpful if it answers your question.
  Blog
  Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

• UCM 11g web services with HTTP authentication

  Is it possible to setup UCM 11g web services with HTTP authentication?
  I did setup UCM 11g web services using OWSM policies and are working well.
  But my development team wants to consume web services with only HTTP authentication (simple user name and password), do not want to use Keystore files and encryption.
  Please help me guys.
  Thank you in advance

  Hi ,
  If you are looking to use the WSDL to execute ucm services then use SoapUI IDE on development , there it requires only the http authentication method .
  Let me know if this is the actual requirement which you were looking for or if I have missed the point .
  I use this to quickly test WSDL and verify if the service being invoked is actually correct or not .
  Thanks,
  Srinath
  Edited by: Srinath Menon on Apr 26, 2013 11:32 AM

• The HTTP authentication test failed on activesync exchange 2010

  `21

  Testing HTTP Authentication Methods for URL https://xxxxxdyndns.biz/Microsoft-Server-ActiveSync/.
  The HTTP authentication test failed
  Additional Details
  The Initial Anonymous HTTPS request didn't fail, but Anonymous isn't a supported authentication method for this scenario.
  Elapsed Time: 670 ms

• Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

  I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
  When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
  to use to log in   and after 3-5 second
   and return me the logon page with error message “Authentication failed” 
  I base my setup on the technet article
  http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
  I validated than all my certificate are valid and able to retrieve the crl
  I got in eventlog id 300
  The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
  Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
  Additional Data
  Exception details:
  Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
  ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
  correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  --- End of inner exception stack trace ---
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
  serializationContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
  trustNamespace, AsyncCallback callback, Object state)
  System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
  failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  thx
  Stef71

  This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
  on my case was :
  PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ad0001.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
  Certificate                 : [Subject]
                                  CN=domain.AD0001CA, DC=domain, DC=com
                                [Issuer]
                                  CN=domain.AD0001CA, DC=portal, DC=com
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  22/07/2014 11:32:05
                                [Not After]
                                  22/07/2024 11:42:00
                                [Thumbprint]
                                  blablabla
  Name                        : domain.ad0001
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : domain.ad0001
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17164
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ADFS_Signing.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
  Certificate                 : [Subject]
                                  CN=ADFS Signing - adfs.domain
                                [Issuer]
                                  CN=ADFS Signing - adfs.domain
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  23/07/2014 07:14:03
                                [Not After]
                                  23/07/2015 07:14:03
                                [Thumbprint]
                                  blablabla
  Name                        : Token Signing Cert
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : Token Signing Cert
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17184
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.PORTAL>

• Single-Sign-On (SSO) configuration on JAVA Stack through HTTP Header method

  Hello SDN community,
  in the context of a Proof of Concept, we are testing the integration of Microsoft Sharepoint Portal with SAP Backend (addin) systems.
  As the architecture impose use an external scenario (access from the internet), we couldn't use the Kerberos (SPNego) solution and thus we chosed the http header solution which in short uses an intermediary web server (in this case the IIS of the MOSS solution) which will act as authority.
  I miss information on how the workflow works for this http header authentication method. Through the visual administrator of the addin JAVA stack, it is possible to configure each application with a customized authentication (a choice of security modules). But this all that I know.
  My task is to configure SSO. From a sharepoint portal, the user should be able to access Web Dynpros and BSPs. I imagine that the very first call to a webdynpro or bsp (or maybe when we log on the sharepoint portal), the request to the WDP or BSP will first be forwareded by the intermediary server to the JAVA stack (or is it the SAP dispatcher that has to be configured).
  Is there an application to be built on the java stack to deal with the authentication, modify http header?
  What will the Java stack return? a sap long ticket? a token?
  How will the redirect work (to by example a BSP which is in the ABAP stack)?
  SAP preconise to secure with SSL the link between the intermediary web server and the JAVA stack, is IP restriction also a solution?
  A lot of questions about how this SSO http header should work,
  I would be very greatful for any help, or info,
  Kind regards,
  Tanguy Mezzano

  Hi Tanguy,
  to tell you the truth I'm really unsure about what you are trying to achieve. When I started posting to your thread I thought all you wanted was trying to access your J2EE engine via Browser and authenticate against the engine using HTTP Header Variables. Nevermind:
  Here are some answers to your question:
  in fact I did succeed, the problem was that even after domain-relaxation done by the J2EE, I had to change the domain of th SAP cookie to the bbbb.domain.com to be understood (I would have thought that all hosts in/under domain .domain would have accepted such a cookie but it seems that no...).
  The server does not care about the domain because Cookies in an HTTP Request do not contain any domain information. The domain is just important when the Cookie is set by the server so your Client (Browser) will know in which cases the Cookie may be sent or not. So if your domain is xxx.yyy.domain.com and your cookie is issued to .domain.com then your Browser will definitely sent it to all hosts under .domain.com (This includes xxx.yyy.domain.com etc.)
  My current scenario is: in a first request get a SAP Logon Ticket from the Java Stack, then change its domain and then directly call the backend with it.
  You can do that but there is no Client involved in this scenario. So this is useful if you just want to test the functionality (e.g. authentication to J2EE using Header Variables (This works finally!!!) and then use the fetched Logon Ticket to test SSO against any trusted Backend!!)
  So everything's is in a Java Client application without using any redirection.
  If I understand you, you're solution is from the Browser call a servlet (which is deployed on the Java Stack and has no authentication schema) by passing to it our http header.
  No, you should initially authenticate somewhere! I thought that maybe you had some resource you access before accessing the Java Stack. This could be any application (e.g. deployed on a Tomcat or JBOSS or other server or if you like even SAP J2EE). After authenticating there you are aware of the username and could use it to  procceed (e.g. Authenticate against the J2EE using the same user and HTTP Header authentication for that particular user!)
  That servlet will transfer the http header (with the HttpClient app) in order to get from the Java Stack a SAP Logon ticket, and then to redirect to the resource and by sending back the cookie in client browser. Am I correct?
  This was just a suggestion because I realized that there was no Client ever involved in any of your testing (looked strange to me!). I was just thinking that it would be easier for you to just get the Cookie into your Browser so your Browser would do the rest for you (in your case finally send the Logon Ticket Cookie to your Backend to test SSO using Logon Tickets!).
  The AuthenticatorServlet somehow serves as a Proxy to your client because your client is not able to set the Header Variable. That's why I initially suggested to use a Proxy (e.g. Apache) for that purpose. The problem is just that if you use a Proxy you will have to tell it somehow which username it should set in the Header Variable (e.g. using a URL Parameter or using a personalized client certificate and fetch the username (e.g. cn=<username> from the certificate!)
  This way of doing would simplify the calls for sso for each new application needing authentication, instead of having all code each time in it...
  I'm stuck again! Do you want to authenticate an End User or do you want to authenticate an application that needs to call any resources in your Backend that requires authentication?
  So my problem now, is how to call the servlet from the client browser:
  I'm trying to call my servlet from the browser but I don't succeed. I am able to understand how to reach a jsp from the Java Stack, but not to reach a servlet. I don't find the path to my servlet:
  <FORM method="POST" action="SSORedirect2" >
  A JSP is a servlet too. There is just no JAVA Class involved!
  You do not need any POST Request to invoke a Servlet.
  I see that my servlet is deployed, but I don't how what path to give to my form to invoke the servlet, here follows my web.xml
    <?xml version="1.0" encoding="UTF-8" ?>
    <!DOCTYPE web-app (View Source for full doctype...)>
  - <web-app>
    <display-name>WEB APP</display-name>
    <description>WEB APP description</description>
  - <servlet>
    <servlet-name>SSOredirect2</servlet-name>
    <servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
    </servlet>
  - <servlet>
    <servlet-name>SSORedirect2.jsp</servlet-name>
    <jsp-file>/SSORedirect2.jsp</jsp-file>
    </servlet>
  - <security-constraint>
    <display-name>SecurityConstraint</display-name>
  - <web-resource-collection>
    <web-resource-name>WebResource</web-resource-name>
    <url-pattern>/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
  - <auth-constraint>
    <role-name>DefaultSecurityRole</role-name>
    </auth-constraint>
    </security-constraint>
  - <security-role>
    <role-name>DefaultSecurityRole</role-name>
    </security-role>
    </web-app>
  If you have an AuthenticatorServlet Class all you need is to add the Servlet Mapping in your web.xml file
  e.g.
  <servlet>
    <description>
    </description>
    <display-name>AuthenticatorServlet</display-name>
    <servlet-name>AuthenticatorServlet</servlet-name>
    <servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>AuthenticatorServlet</servlet-name>
    <url-pattern>/AuthenticatorServlet</url-pattern>
  </servlet-mapping>
  You can directly call the Servlet in your Browser by calling the URL provided in the url-pattern of your Servlet mapping ( in this case /AuthenticatorServlet). The engine will invoke the Class "com.atosorigin.examples.AuthenticatorServlet" in the background and do whatever you defined there!
  I have also to pass my http header and the redirectUrl in the GET request.
  If you like! I just suggested this for testing purposes. As I stated before you need a way to tell your proxy (or in your case AuthenticatorServlet) which user should be set when calling the Engine in order to authenticate using HTTP Header. You could use the URL Paramater to define the user you actually want to use when you set the Header Variable.
  I just introduced the redirectURL because you were talking about redirects all the time. So if you finally want to call the Backend you could define the Backend URL in the redirectURL Parameter and the Servlet will make sure that you are redirected to this location after the whole process!
  Thx for your input very helpful,
  But again 0 points
  Cheers

• Webservice with HTTP authentication

  Hi,
  how do i supply the userid an password for a http authenticated webservice.  I already choose the option for http authentication on the security tab on the logical port.
  Alos tried to find it in the Visual Admin to the server but i am stuck.
  Greetings Danny.

  There are two ways to do this
  <b>Option 1: Hard code the Username/Password</b>
  For this, use the method _setUser and _setPassword.
  These are methods for your model class Request_<WebService>_PortType.... (the model class for the webservice). I invoked these methods in the wdDoInit method of the component controller class.
  For example, i imported the WSDL for the RFC SXMB_GET_MESSAGE_LIST and used it like this:
  Request_SXMB_GET_MESSAGE_LISTPortType_SXMB_GET_MESSAGE_LIST oRequest =
  new Request_SXMB_GET_MESSAGE_LISTPortType_SXMB_GET_MESSAGE_LIST();
  oRequest._setUser("bcuser");
  oRequest._setPassword("password");
  <b>Option 2: Use HTTP Destinations</b>
  Open Visual Administrator and goto node Services, Destination Service. Create a HTTP destination with the URL of the webservice, maybe choose basic authentication and give the username / password. Now, you could use this HTTP destination in the component controller class. Even though there is a method _setHTTPDestinationName, this did not work for me. I had to write the following code to retrieve the URL, username, password from the HTTP destination
  import javax.naming.Context;
  import javax.naming.InitialContext;
  import javax.naming.NamingException;
  import java.net.HttpURLConnection;
       InitialContext ctx ;
       Object obj;
       DestinationService dstService;
       Destination destination;
       HTTPDestination httpDestination ;
       HttpURLConnection httpurlconnection = null;
       Properties destprop = null;
       String url = "";
       String username = "";
       String password = "";
            ctx = new InitialContext();
            obj = ctx.lookup(DestinationService.JNDI_KEY);
            dstService = (DestinationService) obj;          
            destination = dstService.getDestination("HTTP","NC_IS");
            destprop = destination.getDestinationProperties();
            httpDestination = (HTTPDestination) destination;
            url = httpDestination.getUrl();
            username = destprop.getProperty("USERNAME");
            password = destprop.getProperty("PASSWORD");  
  (I know the java code sucks and the purists will hang me; nevertheless it works)
  Besides the code, you need to do the following as well:
  (1) In the Package explorer, select your project, right click, cick on "Set Additional Libraries.."
  (2) Select security.class and tc/sec/destinations/interface
  (3) Click on menu Project > Properties, goto Webdynpro refereces node in the tree and add the following
      (a) Interface References: tcsecdestinations~interface
      (b) Service References: tcsecdestinations~service
  All the best, try option 1 first before you embark on the second one.
  Regards, Parag.

• Authentication method for JCo connection in XSS installation

  Hi All,
  I have a query which perplexes me.  I am implementing XSS (ESS/MSS) on SAP Portal EP6 SR1 with an ECC5 backend for prototype purposes.
  When I follow SAP's help steps to setup JCo connections, it states that for the metadata connection you should use a security authentication method of 'User/Password', but for the application data connection you should use a security authentication method of 'Ticket'.
  Does anyone know why the difference in methods here?  Is it possible to use 'User/Password' for both?  Any thoughts would be appreciated.

  Hi john,
  User -ID /Pwd method can be used to access the backend for both types of Data as per your scenario.
  User -ID /Pwd method and logon tickets both can be used to access data in backend.
  The difference lies in the scenario with which you are accessing the back-end.
  If all your portal users are same as backend users then you can select Logon ticket methods.
  If they are going to be different then you need User-ID /Pwd method .
  Check the following link to get a clear picture:
  <a href="http://help.sap.com/saphelp_ep50sp2/helpdata/en/4d/dd9b9ce80311d5995500508b6b8b11/frameset.htm">Scenario to use type of SSO</a>
  Hope it helps.
  Regards,
  Vivekanandan

• NPS Authentication Methods - EAP Types

  We are moving from IAS to NPS and are configuring the policy like it was in IAS.  When we click on the Constraints tab > Authentication Methods > and then highlight Microsoft: Protected EAP (PEAP) and click Edit we get an error "The data is
  invalid".  How do we fix this error?  There are no errors in the event viewer for NPS.

  Hi MarkNDOR,
  Thanks for posting here.
  We’d suggest to smoothly migrate IAS to NPS with following the guide in the link below without manually recreate all polices, it was also included the
  Iasmigreader.exe utility which will help to transfer the IAS policies to NPS compatible file type:
  NPS Migration Guide
  http://technet.microsoft.com/en-us/library/ee791849(WS.10).aspx
  Thanks.
  Tiger Li
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• ASA to ACS: how to distinguish different authentication methods?

  I have SSL VPN Clients connecting to an ASA 5520 using RADIUS to a backend Cisco ACS. I want to support two authentication options for the clients. The first is a certificate combined with an Active Directory username & password. The second is a token-name & one-time-password.
  Setting these two authentication methods up on the ASA is no problem ... I can configure user selectable connection profiles that have the wanted authentication settings. The ACS can handle both the AD and token credentials.
  Here's the problem. I need to be able to distinguish on the ACS if a connection request was certificate authenticated or not. I don't want users choosing to do a token/OTP connection and then entering in their AD credentials instead. the ACS won't know that this AD authentication request wasn't properly combined with a certificate.
  I've used NAR settings in the past to control what user databases an AAA client can authentication against, however, if the two authentication methods are coming from the same AAA client (the ASA), what can I do?

  I guess this should be possible with a feature called NAP,( network access profiles). Here you can define which database to use for any specific request. We can filter request on the basis of attributes sent in the authentication request.
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/NAPs.html
  Regards,
  ~JG

• Wireless Security & Authentication methods

  Hi,
  I've some experience on WLAN Networks, but I would like to have your opinion around Wireless Security implemenations.
  We have several sites where we have some Cisco Access points running IOS. We are currently doing WEP 128b, with Mac-Authentication against a central ACS Server.
  But having fixed WEP, and mac registrations is not very practical.
  Do you know about any method to have authentication against Active Directory (passing through the Cisco ACS), and Dynamic WEP Keys ?
  Any recommendation is welcome.
  Of course with this we would like to bring up our level of security.
  Thanks a lot for all,
  Best Regards,
  Jorge

  802.1x/EAP authentication is the most popular authentication method in wireless. The following documents explain how to configure EAP authentication.
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801bd035.shtml
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c0912.shtml
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00805e7a13.shtml

• None of the available endpoints supports authentication methods user/pass

  Dear All
  i  create a destination in the ce7.1.but when i  test the destination in the ws navigator  ,but it cant not run ,  the error is:
  The destination [YHSendMessage02] supports the following authentication methods [User Name/Password (Basic)], but none of the available endpoints supports them. The supported authentication types are [None]. Either the destination has to be updated or a new endpoint should be used
  i test the ws in the navigator  dont used the destination ,it work well, so i think maybe some wrong in my ce  about the destination 'configuration.
  best regards

  The following message returned from SAP:
  Root of the problem is found. The problem occurs as PI WSDLs doesn't contain security settings. Lack of security settings breaks consumption of those services. I'm working on providing a fix to enable consumption of such services.
  Looking at a WSDL generated by PI (example):
  <wsp:Policy wsu:Id="OP_si_servicename"/>
  The policy contains no transportbinding or authentication methods at all.
  Looking at a WDSL generated by ECC (example):
  <wsp:Policy wsu:Id="BN_BN_si_ManageCustomizingCustomerService_binding">
        <saptrnbnd:OptimizedXMLTransfer uri="http://xml.sap.com/2006/11/esi/esp/binxml" wsp:Optional="true" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"/>
        <saptrnbnd:OptimizedXMLTransfer uri="http://www.w3.org/2004/08/soap/features/http-optimization" wsp:Optional="true" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"/>
        <wsp:ExactlyOne xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
           <wsp:All>
              <sp:TransportBinding>
                 <wsp:Policy>
                    <sp:TransportToken>
                       <wsp:Policy>
                          <sp:HttpsToken>
                             <wsp:Policy>
                                <sp:HttpBasicAuthentication/>
                             </wsp:Policy>
                          </sp:HttpsToken>
                       </wsp:Policy>
                    </sp:TransportToken>
                    <sp:AlgorithmSuite>
                       <wsp:Policy>
                          <sp:TripleDesRsa15/>
                       </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                       <wsp:Policy>
                          <sp:Strict/>
                       </wsp:Policy>
                    </sp:Layout>
                 </wsp:Policy>
              </sp:TransportBinding>
           </wsp:All>
        </wsp:ExactlyOne>
     </wsp:Policy>
  At the moment SAP is working on a fix to solve this problem.

• Custom authentication methods

  During the deployment of web application, you use the deployment descriptor to "tell" the browser how to retrieve user information. Therefor the <auth-method> is specified. Normally you use something like BASIC or FORM authentication.
  Is there a way to provide an own implementation of such an authentication method?
  Lets say you would like to create some kind of advanced authentication method called ADV_FORM to perform something like form authentication but with additional or other parameters on the logon web page...
  Can this be done without being some kind of god like Sun Microsystems core development team?
  Does anyone know some references for this matter?
  Any suggestion would be appreciated.
  Kurt

  Large static groups have always been a performance issue. While there is some [tuning |http://blogs.sun.com/DirectoryManager/entry/the_truth_about_nsslapd_search] that was introduced for DS 5.x to help with some specific search related problems, I can't guarantee that this will resolve the issue entirely.

• HTTPS authentication in an iPhone app

  Hi,
  I am new to iPhone app development. I am trying to log a user in to a website which performs HTTPs authentication.
  I need to then use the cookie generated by this process in all future requests to the website.
  Can anyone point me to sample code / methods which are used for this.
  Really appreciate any help.
  Thanks,
  RT

  This a forum for users, try here: http://developer.apple.com/iPhone/program/

• Suggestions/Help - Authentication method and tracking of acess/download

  Hello all.
   Recently i've got a mission to do on Sharepoint and i would like to ask you guys for some suggestions on how to do this:
  -Create an authentication method and tracking of access and download documents from one page.
  Already tried some ways but no success until now, then i come here to ask for your help.
  I am a beginner in sharepoint development so please try to speak in the simplest possible way, some terms i may end up not understanding.
  I do Really appreciate all the help.

  Hopefully you have access to Central Administration.  If you don't, I think you don't have the control over the farm you will need to accomplish your task.  Go into Central Admin.  On the left side you will see an option "Upgrade and
  Migration".  Select the option "Convert farm license type".  The next page will tell you the current license version.  I'm not sure about Foundation, but I expect that the upgrade and migration link won't be available at all and
  thus could be assumed to be Foundation which may not have the functionality you desire.  The list at
  http://technet.microsoft.com/en-us/library/jj819267.aspx will show you that they are only available in the Standard or Enterprise version.