IAS 9i, JAAS and Proxy Authentication

Similar Messages

• 1200 AP and Proxy authentication?

  Hello,
  I currently have radius (Linux FreeRadius) working to authenticate admin access to the AP.
  Is it possible to authenticate user web requests through the 1200 AP using a radius server and the stock IOS? The current version is Version 12.2(13).
  I am setting up a hotspot for my office and want users to authenticate via radius before accessing the net.

  We can use virtual http (or telnet)
  All traffic from inside to outside on port 80 will be blocked by default.
  Users will have to http (or telnet) to a virtual ip and after authentication, a access-list will be downloaded from the radius server allowing traffic on port 80.
  Cut-through proxy (as in PIX) cannot be done on IOS.

• Softwareupdate Tool and Proxy Authentication

  Is there a method for negotiating proxy authentication when using the softwareupdate tool. I may want to to connect to Apple's servers on the internet from time to time.
  Our proxy is a BlueCoat SG800 with software v4.2. It prompts for authentication for port 80 requests.
  Thanks.

  Monday I used softwareupdate tool to get the update list for my eMac.
  This is cool. It asked for permission to use my internet keychain! In a few minutes I got the list and updated my QuickTime.
  This only works in Tiger. Panther will not prompt for authentication.
  So I answered my own question.

• Is there an issue with the latest version of FF with HTTPS requests and Proxy authentication?

  I'm currently working inside a cope network behind a proxy, which requires authentication.
  When browsing to websites externally to our network I would usually only be promoted once for authentication details; after that I would never see the prompt again until after restating the browser.
  However after the latest update I've found that when visiting HTTPS sites I'm promoted for my login details. But even though I enter the correct information the prompt does not take the details and continually asks until eventually our proxy closes the connection (usually with my account now being locked).
  My other browsers (IE, GC) work fine without problems.
  Any ideas?

  It could be a regression in Firefox 18 that wasn't present in Firefox 17. The developers are known nowadays for including too many experimental changes and my bet is one of them is causing this.
  But to confirm, could you downgrade back to Firefox 17 and still see if it works well with proxy authentication?
  Download link:
  <br> www.mozilla.org/en-US/products/download.html?product=firefox-17.0.1&os=win&lang=en-US

• Authentication & Authorization with SSO, JAAS and Database Tables mix

  Hi,
  I'm looking for how manage Authentication & Authorization in a J2EE ADF+Struts+JSP application.
  I'm interested in use SSO for authentication (I just did it programatically & dynamically already), and now I would like to could define authorization using database tables with users, groups, profiles, individual permissions, ..., (maitanined dynamically by web application admin) throught JAZN (JAAS or however is said) but not statically defining roles, groups, users, ... in jazn xml files.
  I saw that exists the possibility to create a custom DataSourceUserManager class to manage all this, and this gave me the idea that this could be possible to do (I was thinking in make a custom Authorization API over my application tables, without JAZN) but what is better that use and extended and consolidated aprox like JAZN.
  Anybody could tell me if my idea could be possible, and realizable, and maybe give me some orientation to build this approach.
  A lot of thanks in advanced.
  And sorry, excuse my so bad english.
  See you.

  Marcel,
  Originally the idea was to create a post to only explain how to do authentication using a Servlet filter. However,
  I have recently added code to the JHeadstart runtime and generators to enable both JAAS and 'Custom' authentication AND authorization in generated applications. Therefore, this post will be made after we have released the next patch release, as it will depend on these code changes.
  We currently plan to have the patch release available sometime in the second half of May.
  Kind regards,
  Peter Ebell
  JHeadstart Team

• My app store is not working after installing mavericks. When I open app store it repeatedly asking me to login with apple ID and to provide User name and Password for proxy authentication in a loop.I am a newbie to mac,Please help me.

  My app store is not working after installing mavericks. When I open app store it repeatedly asking me to login with apple ID and to provide User name and Password for proxy authentication in a loop.I am a newbie to mac,Please help me.

  Hmmmm... would appear that you need to be actually logged in to enable the additional menu features.
  Have you tried deletting the plists for MAS?
  This page might help you out...
  http://www.macobserver.com/tmo/answers/how_to_identify_and_fix_problems_with_the _mac_app_store
  Failing that, I will have to throw this back to the forum to see if anyone else can advise further.
  Let me know how you get on?
  Thanks.

• WWSAPI - Cannot connect to web service via SSL and HTTP proxy authentication with NTLM, errorCode 0x803d0016, HTTP status 407

  Hi,
  I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
  0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
  In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
  a second request with NTLMSSP_AUTH is sent.
  Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
  I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
  Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
  WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
  Any idea?
  Thanks

  Hi,
  I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
  0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
  In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
  a second request with NTLMSSP_AUTH is sent.
  Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
  I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
  Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
  WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
  Any idea?
  Thanks

• Safari, Proxy Authentication, and Certificate Authorities ( for https )

  A recent update to Safari has caused it to not work with our proxy authentication.  It will not provide authentication details when looking up SSL certificate authorities, causing certificate errors on all https:// websites. All other traffic (http, https if certificate is bypassed, plugins, etc.) seem to work just fine. Is anyone else having this problem?  If so, is there a fix?
  It occurs on Mac and PC.  I am using SquidGuard with NTLM authentication.  All other browsers on our system (IE x.x, FireFox, Chrome, Opera ) don't have this issue.

  I have the same problem and it's frustrating as can be.
  What happens to me is that When I bring my laptop to work, and put it on the work network and launch Safari, Safari informs me that each of my plugins is invalid and then uninstalls them - I'm effectively not able to use any plug ins at work, and I have to go hunt them down when I get back home (for reference, The extensions are still physically in \users\me\Library\Safari\Extensions - so when I get home I can just double click on all of them)
  I opened a case with apple and I encourage you to do the same. Perhaps if enough users complain they will find a gentler way to work with it.
  They had me do a capture and after analyzing it said it was an issue with the work network and not being able to valdate the extensions.
  It sounds like the same issue you have - as my work network uses a proxy as well.
  The rep suggested that I use a different browser at work, but I'm so used to clicking safari, that I do it out of habit.
  I really like Safari, and hope they get it fixed - Safari may not get respect in the windows world, but it's really a great browser - especially on a laptop where screen real estate is limited (where I often hit command-shift-\ to hide the address bar to see more of the page)
  -Jack

• IAS and MAC authentication

  Hi, I´m having some trouble to authenticate the users with EAP and MAC authentication, i´m using IAS server and the EAP authentication is working well, but when I configure the MAC and EAP authentication, it doesn´t connect to the clients.
  Any idea how can I solve this problem??
  Thansk

  I think MAC authentication is not supported in IAS , you can do MAC address filtering on AP

• TL 11g: JPA and DB proxy authentication?

  Hi!
  I posted similar question of JDev 11g forum, but I hope I can get more profound expertise here :)))
  OK. I want to make a proof-of-concept for end-to-end security using a novel 11g technology: I want to use EJB 3.0 / JPA (TopLink) and to enable subject identity propagation to database using Proxy Authentication mechanism. I stress that I want to use JPA (annotated entities) and not TopLink mappings, and to have as simplest as possible code (yes, I know...).
  Now, my idea is to use Session Event Listener (registered in persistance.xml) to set a proxy connection inside a standard unit of work connection defined in persistance.xml (in the proxy connection I would not set username/password in event listener as I want to do that inside EJB Session Facade).
  Then, in EJB Session Fascade I would like to set a username/password for database login in session that will be used to execute a JPA transaction. I discovered that I can get a ServerSession and Active Session from Entity Manager, with:
  EntityManager em = emf.createEntityManager();
  ServerSession serverSession = ((oracle.toplink.jpa.JpaEntityManager)em).getServerSession();
  Session activeJPASession  = ((oracle.toplink.jpa.JpaEntityManager)em).getActiveSession();What I don't know is how to proceed. Do I have to use Server Session to create/open a new Client Session (but, I'm not sure if then I also have to use a manual transactions inside EBJ Session Bean method, or I can rely on container managed transaction?)? Or I can just set username/password on Active Session. Or I can change a DatabaseLogin (ActiveSession.getLogin().setUsername().setPassword())?
  Please, any advice is appreciated. I'm not an expert on JPA/TopLink so I may spend days figuring this out...
  Thanks in advance!
  PaKo

  PaKo,
  We need to make proxy authentication easier through the JPA interface. At present you can configure the event listener using the toplink.session-event-listener to implement the proxy events as described in the documentation. The piece that is missing is the ability to pass in the proxy authentication credentials when acquiring an EntityManager.
  You are correct that you would need to acquire a client session directly (Note: the JpaHelper can help). When acquired you can use this client session to access the database but it will function only as TopLink's native API and not completely as JPA.
  I filed bug 219434 against EclipseLink to address passing the credentials into:
  EntityManagerFactory.createEntityManager(Map properties)I will continue to investigate to get you a better solution.
  Doug

• DAP and http proxy authentication

  I have a ASA firewall with http proxy authetication and now i configure DAP for Anyconnect with AD .I disable the "Default Dynamic Access Policy"  proxy authentication fail .Someone knows how to configure the DAP for http proxy authentication ?
  best regards

  Still nothing about it. I've also posted to another threads with similar problems:
  http://discussions.apple.com/message.jspa?messageID=8165122#8165122
  http://discussions.apple.com/message.jspa?messageID=8165120#8165120
  http://discussions.apple.com/message.jspa?messageID=8165118#8165118
  http://discussions.apple.com/message.jspa?messageID=8149758#8149758
  As I said before, while I've had OS 1.1.4, everything was normal. It began when I upgraded to 2.0.2 and after to 2.1. I also double checked if the TI here changed the policies, and they assured me they don't.
  Several other users with 2.x are also reporting the same trouble. As far as now, I've came across a post suggesting me to install a local http proxy on the phone, but I don't think it's gonna work.
  Let's keep this thread alive!

• Define Reverse Proxy and Deffered Authentication Schema

  Hi Experts,
  Can some one help me with the Definition for "*Reverse Proxy in OAM*" and "Deffered Authentication Schema (*DAS*) in Directory server". And please quote one example for understanding.......
  Thanks in Advance.
  Sandy
  Edited by: sandyb4u on Oct 11, 2010 1:34 AM

  Hello Markus,
  1. have you checked out Alon Weinstein's Weblog <a href="/people/sap.user72/blog/2005/02/23/the-reverse-proxy-series--part-2-iis-as-a-reverse-proxy">The Reverse Proxy Series -- Part 2: IIS as a reverse-proxy</a>?
  2. Is the IIS a must? Can you give Apache or SAP Web Dispatcher a try. Prakash Singh wrote a Weblog <a href="/people/prakash.singh4/blog/2005/08/16/how-to-setup-webdispatcher-to-load-balance-portal-in-a-clustered-environment">How to setup webdispatcher to load balance portal in a clustered environment</a>.
  Regards
  Gregor

• Oracle Proxy Authentication and WLS 8.1/CMP

  Hey folks,
  Is there any way to configure WLS 8.1 to automatically set the Oracle CLIENT_IDENTIFIER
  variable or use Oracle Proxy Authentication on JDBC connections? I'm interested
  in using Oracle auditing with my CMP entity beans, but would like to capture the
  app tier user identity, instead of the data source pool user.
  Thanks.

  "Brent Smith" <[email protected]> wrote in message
  news:3fa15807$[email protected]..
  >
  Hey folks,
  Is there any way to configure WLS 8.1 to automatically set the OracleCLIENT_IDENTIFIER
  variable or use Oracle Proxy Authentication on JDBC connections? I'minterested
  in using Oracle auditing with my CMP entity beans, but would like tocapture the
  app tier user identity, instead of the data source pool user.
  I would ask in the weblogic.developer.interest.jdbc newsgroup.

• I get proxy authentication box during installation and when  i provide the proxy user and pass, it do not accept it and i can not go on whit the installation? any solution for that?

  i need a solution for a proxy authentication error

  Alyafeim please request your I.T. department review the Adobe Creative Cloud Service Access Documentation for IT section of http://www.adobe.com/devnet/creativesuite/enterprisedeployment.html

• How to pass Proxy user dynamically in Toplink proxy authentication?

  Hi,
  I'm using Toplink Proxy Authentication with my ADF JSF application and want to pass the Proxy user dynamically to the preLogin(..) method of mySessionEventListener (Currently proxy user is hard coded).
  This is to make my application user as the Proxy user.
  I have tried to do this in two ways:
  1) In my Login screen Backing Bean, I retrieve the session as
  session = sessionFactory.acquireSession(); and set the application user in it as
  session.setProperty("proxyUser1", inputText1.getValue());
  But,
  session.getProperty("proxyUser1") returns null in the preLogin(..) method
  2) I add a loginUser property to the mySessionEventListener class and create a constructor to set it.
  Then I call the constructor from my Login Backing Bean as
  mySessionEventListener eventMgr = new mySessionEventListener(<proxy_user>);
  session.getEventManager().addListener( eventMgr );
  But, the loginUser property seeems to be transient and does not retain value when retrieved in preLogin(..) method.
  Please indicate if anything is wrong. Also, is there any other way to get this done?
  Thanks in advance.
  Vikas

  Hi Vikas,
  Probably your sessions.xml defines a ServerSession, and acquireSession method returns a ClientSession. ServerSession is the object that connects to the database, it may have any number of ClientSessions associated with it - all of them use connections provided by ServerSession's connection pools.
  So if you'd like to alter the serverSession before login, acquireSession is too late - it triggers login of the ServerSession and returns a ClientSession.
  To get the ServerSession before login:
  // the first param indicates that the session shouldn't be connected
  Session serverSession = sessionFactory.getSharedSession(false, false);Now you have a serverSession on which login hasn't been called yet.
  You can set the property into the session, or directly into its login.
  In fact you may choose to do whatever you wanted to do in preLogin right here - in this case no preLogin event would be required of course.
  Finally to get a ClientSession, call the same api did:
  // the first param indicates that the session shouldn't be connected
  Session clientSession = sessionFactory.getSession();On the first such call the ServerSession will be connected.
  Note that because all the ClientSessions will connect through the connections provided by the same ServerSession they will all use proxyUser1.
  If you are interested in using different proxy users for different ClientSessions http://www.oracle.com/technology/products/ias/toplink/doc/1013/main/_html/dblgcfg008.htm#BABDABCF lists several scenarios for that.
  Andrei