IMQ 2.0 and LDAP for user authentication

Similar Messages

• My app store is not working after installing mavericks. When I open app store it repeatedly asking me to login with apple ID and to provide User name and Password for proxy authentication in a loop.I am a newbie to mac,Please help me.

  My app store is not working after installing mavericks. When I open app store it repeatedly asking me to login with apple ID and to provide User name and Password for proxy authentication in a loop.I am a newbie to mac,Please help me.

  Hmmmm... would appear that you need to be actually logged in to enable the additional menu features.
  Have you tried deletting the plists for MAS?
  This page might help you out...
  http://www.macobserver.com/tmo/answers/how_to_identify_and_fix_problems_with_the _mac_app_store
  Failing that, I will have to throw this back to the forum to see if anyone else can advise further.
  Let me know how you get on?
  Thanks.

• What is the option client certificate for user authentication used for?

  Hi All,
  I have to work on a FTPS - XI -SAP scenario.
  I can see an option for client certificate for user authentication when security is enabled for the FTP adapter. what exactly is this option used for?
  P.S: I went through sap help but couldnt quite understand.

  Thanks a lot Mark.
  So for a FTPS -> XI -> SAP scenario the following settings are required.
  1. I have to create a certificate in Visual Admin for the XI server , send a csr to a CA and get it signed by them, and i have to add this to the ssl_service view.
  2. I have to hand over the public key to the FTPS server & this key will be used for encryption of the file
  the above 2 steps are mandatory.
  If i choose to use the client certificate option , i have to get the client certificate from the FTPS server and add it into the TrustedCAs list. This certificate is just to imply that the client is what it claims to be.
  Will this certificate be used for encryption?
  To make it clear let me put it this way. The certificate created in the XI Server is used for encryption and also for ascertaining that the its what it claims to be.
  The clients certificate option is used only to make sure that the client is what its claiming to be & this is not used for encryption?

• Invalid resource 'LDAP' for user

  Hi all,
  I want to integarate IDM with LDAP.Test connection is working when i intergarate with LDAP.I got the status as "succeeded" on full reconcilation and I was able to create users through IDM.I could see the users created in LDAP too...In IDM when i click assignments tab i get "Inalid resource 'LDAP' for user '12121'.Here,'12121'is my account id. I don't know wat mistake i have made.Please anyone of u help me out in this problem.

  hehehe... no problem.
  There's a flag somewhere that gives you the option of omitting the domain. If you do, it defaults to the domain that the content server is on. I think you can get there from the "active directory" config link at the top of the "filter debug" administration page. Its kind of buried...

• How to pause while document printing and wait for user actions.

  How to pause while document printing and wait for user actions. (for sample: pressed button). Pause after each printed pages.

  Print page by page after considering the user actions!

• ISE Authentication Policy for RSA Securid and LDAP for VPN

  We are working on replacing our existing ACS server with ISE.  We have 2 groups of users, customers and employees.  The employee's utilize RSA securid for authentication while the customers use Window authentication.  We have integrated the AD into ISE using LDAP and this has been tested.  We are now working on trying to get the rsa portion to work.  We are wanting to utilize the authorization policy to assign the group-policy/IP for both clients via the LDAP user attributes.
  Here is my question:
  Under the authentication policy should we look @ an identity store that has RSA securid users, LDAP users and then internal users.  I assume if the user isn't present in the RSA store it will then look @ the LDAP, will this present an issue with overhead in our RSA environment.  With the legacy ACS the descsion on where to authenticate the user was done on the ACS, either Windows or RSA.  The employee users will still also be present in the LDAP so we can utilize the attributes for IP address/group policy.  The number of customer vpn's is several times larger than employees and I am afraid that if we have to query the securid servers for every authentication vpn authentication attempt this could cause issues.  Our utilimate goal is to move to any connect and utilize a single url for all authentication but allow ise to instruct the asa what attributes to hand to the client such as dns/Dacl. 
  Thanks,
  Joe

  That is not what I want. I want user "test1" to be able to do this:
  C
  Username: test1
  Enter PASSCODE:
  C2960>en
  Enter PASSCODE:
  C2960#
  In other words, test1 user has to type in his/her RSA token password to get
  into exec mode. After that, he/she has to use the RSA token password to
  get into enable mode. Each user can get into "enable" mode with his/her
  RSA token mode.
  The way you descripbed, it seemed like anyone in this group can go directly
  into enable mode without password. This is not what I have in mind.
  Any other ideas? Thanks.

• Active Directory Authentication and permissions for user group in APEX 4.0

  Hello,
  I am new to oracle APEX and I have searched the forum for active directory authentication for a user group and I am really confused about all the different threads. Can anyone please provide me the steps to follow; in order to implement AD authentication for a user group in Oracle APEX 4.0.
  These are the threads which i was looking at to get an idea like how AD authentication works but its really confusing for me.
  Help with Authentication (APEX_LDAP.AUTHENTICATE)
  Re: LDAP Authentication Via Groups
  Thanks,
  Tony

  You need to give it more than 30 minutes before bumping your own post. This is not an official support channel, so you need to be patient and wait for people to read, think and respond.

• Please guide me for user authentication and authorization in WebDynPro App

  Hi,
      I just study the WebDynPro to develop the SAP Portal. I've ever developed the Web-based App using J2EE. So when i developed the Web-based App i have to develop the control of the user authentication and authorization on each page for example ,checking the session of the user whether they can access this page or whether session is expired or not,. So i have no idea with the WebDynPro and the SAP Portal because i never had experience for both WebDynPro and Portal.
  I need to ask you some question to clarify my doubt :
  1. SAP Portal  is web page that include every enterprise application with in one page and user log-in to them just on time, isn't it?
  2. If i integrate WebDynPro with SAP Portal, which one will do the authentication and authorization?. I mean that, Do i have to develop the code to check authentication and authorization in the WebDynPro App or Let the SAP Portal manage them?
  3.Could you please suggest the best practice for authentication and authorization in webDynPro.
  Many Thanks
  Noppong J

  in most case you don't have to write code to deal with session, authentication and authorization.
  1. yes,
  2. no, no code needed. you just set an attribute to your application, which make the the authentication required. when user access this page, portal will display the logon page
  3 you can put some authorization related code in web dynpro for specific requirement, search this doc "Protecting Access to the Web Dynpro Car Rental Application Using UME Permissions"

• Setup Java system directory server 6 client for user authentication

  I am trying to set up a native LDAP client for sun directory server 6 for network based user authentication. I checked the sun doc for naming service (LDAP) and the documentation are for setting up LDAP client for directory server 5. Is there any documentation for setting up LDAP client for directory server 6? Or the documents for setting LDAP client for directory server 5 is still good for 6? Particularly, I want to use SSL communication between server and client.

  Hi,
  could be one of the other 'bad jokes' of DS/ldapclient because the documentation describes a lot of stuff about profiles etc. but: you need some special schema files to use the whole stuff and they are not installed with Solaris or DS (and they include the NisDomainObject). I had to search for them in the internet. They are also printed in the documentation. Save them in your server's config/schema directory as i.e. 61DUAConfigProfile.ldif and 62nisDomain.ldif and try idsconf again (maybe you have to cleanup something).
  I test and prepare DS6 here, and we will use it in production too. I hadn't any problem with it and it has some important advantages over DS5.2. But we won't have a huge directory so I can't tell you anything more about it.
  Regards
  Jochem Ippers
  Here are the ldifs:
  61DUAConfigProfile.ldif:
  dn: cn=schema
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'Default LDAP server host address used by a DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'Default LDAP base DN used by a DUA' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC 'Preferred LDAP server host addresses to be used by a DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maximum time in seconds a DUA should allow for a search to complete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximum time in seconds a DUA should allow for the bind operation to complete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'Tells DUA if it should follow referrals returned by a DSA search result' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC 'A keystring which identifies the type of authentication method used to contact the DSA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to live, in seconds, before a client DUA should re-read this configuration profile' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' DESC 'LDAP search descriptor list used by a DUA' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribute mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Identifies type of credentials a DUA should use when binding to the LDAP server' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Objectclass mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC 'Default search scope used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DESC 'Identifies type of credentials a DUA should use when binding to the LDAP server for a specific service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMethod' DESC 'Authentication method used by a service of the DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
  objectClasses: ( 1.3.6.1.4.1.11.1.3.1.2.4 NAME 'DUAConfigProfile' SUP top STRUCTURAL DESC 'Abstraction of a base configuration for a DUA' MUST ( cn ) MAY ( defaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearchScope $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authenticationMethod $ followReferrals $ serviceSearchDescriptor $ serviceCredentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attributeMap $ profileTTL ) X-ORIGIN 'user defined' )
  62nisDomain.ldif:
  dn: cn=schema
  attributeTypes: ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
  objectClasses: ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top STRUCTURAL MUST nisDomain X-ORIGIN 'user defined' )

• Requirements for user authentication

  In my trials of configuring the software, it seems that the only option of providing user access authentication is via LDAP integration. This seems a heavy requirement for non-enterprise usage.
  I created a default directory service, but cannot enable access control without setting up distributed access, which seems to require LDAP. Installing LDAP has it's own set of prerequisites. Is all this really necessary? Am I misunderstanding the documentation?
  Thanks,
  Sean Wyatt

  Dear sean.wyatt,
  LDAP is not the only option for user-auth. There are key files and digest files. Or you have some reason to use only LDAP.

• Portal, BW and Datasources for users

  Hello,
  Our current system toplogy looks like this:
  We have a Portal and BW (NW04s) which share one Java Application Server.
  Since the main work is creating BW reports and presenting them at the portal, the users are being created at the BW System, the roles are being built over there and everything is exported to the portal. The Application Server is not an ABAP one but since the users created in BW and transported to the portal they are considering as an ABAP Datasource. This means that the main feed of the portal are users created on the BW.
  What we would like to do is change the main feed of the portal to our Active Directory server which will handle user creation/deletion/modification. This means that the portal and the BW will no longer share the same Datasource and my questions are:
  1. Is our current work procedure correct?
  2. How can we reflect this change to the BW as well, so it will "know" the new toplogy? Do we need to maintain now two sets of users, one for the portal and one for the BW system?
  3. What will happen with all the users already created on the BW and transported to the portal and their authorizations?
  4. At this new toplogy, who will be in charge of creating the roles and managing the authorizations, the BW side or the portal side?

  Hi Roy,
  according to SAP it is possible. Unfortunately, I have not done it yet. But at SAP TechEd 2006 in Amsterdam Gerlinde Zibulski and Frank Buchholz gave an interesting presentation of "Identity Management in Heterogeneous System Landscapes: the SAP Solution". There they talked about the synchronization at great length. Furthermore you find quite some information in the SAP Library. Even how to enable Windows authentication if the user's ids in ADS and ABAP user management do not match. See <a href="http://help.sap.com/saphelp_nw04/helpdata/en/43/4c3725aeaf30b4e10000000a11466f/content.htm">Configuring the UME when Using Non-ADS Data Sources</a>.
  @Michael: Sounds like you have got some experience regarding the synchronization process. Could you please elaborate why you do not recommand it!
  Best regards,
  Martin

• User role for user authentication in a SOAP receiver channel

  Hi,
  What is the role required for a user in a SOAP receiver channel. This user is specified in the User Authentication while configuring the channel.

  Hi,
  User Authentication is not mandatory but If your Web service requires logon data, select the Configure User Authentication checkbox and fill in the corresponding fields.
  If the Web service is outside your system landscape and you need to address a proxy
  server, select the Configure Proxy checkbox.
  The sender SOAP adapter does not require a SOAP action, but you always have
  to apply logon data when using the SOAP adapter. In the central adapter engine
  you can use a service user such as xiappluser; in a non-central adapter
  engine or a PCK you must use one of the user names assigned to security role
  xi_adapter_soap_message for component XISOAPAdapter.
  Regards,
  Divya

• Function Module used for user Authentication in B2B webshop

  Hi Gurus,
  Can someone please help me in finding a Function module which is getting called for the user authentication in B2B webshop and where can i find this class file which is getting called in the NWDS?
  Thanks
  Saurabh

  Depending upon if you are coming from Portal (SSO) or B2B logon screen, one of the following function modules is called to authenticate authorize the B2B application usage.
  CRM_ISA_IUSER_LOGIN
  CRM_ISA_LOGIN_CHECKS
  Easwar Ram
  http://www.parxlns.com

• Unable to open a report and asking for user credentials

  Hi,
  when i am trying to open a crystal report, i am asking for user credentials and my URL is directed to the below URL
  http://hostname/PlatformServices/service/app/logon.do?appKind=InfoView&service=%2FOpenDocument%2FappService.do&backContext=%2FOpenDocument&backUrl=%2Fopendoc%2FopenDocument.jsp%3FSERVICE%3D%252FOpenDocument%252FappService.do%26OBJIDS%3D20016421%26backUrl%3D%252Fcontent%252Fview.do%26PREF%3DmaxOpageUt%253D200%253BmaxOpageC%253D10%253Btz%253DUS%252FPacific%253BmUnit%253Dinch%253BshowFilters%253Dtrue%253BsmtpFrom%253Dtrue%253BpromptForUnsavedData%253Dtrue%253B%26CONTAINERID%3D6424083%26backContext%3D%252FPlatformServices%26LOC%3Den%26APPKIND%3DInfoView%26PVL%3Den%26ACTID%3D280%26service%3Dtimeout&backUrlParents=1&appName=OpenDocument&prodName=BusinessObjects+Enterprise&cmsVisible=false&cms=servername%3A6600&authenticationVisible=false&authType=secEnterprise&sso=false&sm=true&smAuth=secLDAP&persistCookies=true&sessionCookie=true&useLogonToken=true
  Please help me on this

  Hi,
          This is happening to all of the users. And this kind of behaviour is happening frequently to most of the users but as for me and some of us this is not happening frequently.
  And we are using Crystal Reports 2008 ie. CR12.
  -VinodC

• ACS SE 4.2, 802.1x and certificates for machine authentication

  I'm trying to figure out how to put this lot together, but dont know enough about ACS when used with an external CA.
  What I want to get working is:
  A PC with a machine cert gets connected to a switch running 802.1x. The switch uses EAP with .1x to query PC, handing this off to ACS, that bit I'm ok with. The ACS needs to query the CA server to authenticate the PC, its this process I'm not sure about.
  Reading the documentation I think that I need to configure LDAP between the ACS and the CA, which is running on 64-bit 2008 server. But, ACS SE remote agent is 32 bit only.
  Is this correct, if so how do I get ACS SE to communicate with a 64-bit 2008 CA server?

  Hi Bernhard,
  That answers my questions, having never worked with AD, CA and LDAP etc I didn’t realise that you could assign attributes at a user (machine in my case) level, although it makes perfect sense when you indicated that, as LDAP is a method of supporting user accounts right?
  I suppose in that case I'll be able to assign an attribute through LDAP, which ACS will use to map that account/machine to a specific VLAN. The attribute value will be used to represent the VLAN mapping.
  What component in ACS do I use to match against attributes? I don’t see anything in the NAP, NAF or RAC sections about this.
  As an alternative, your reply prompted me to look at the ACS User Group mapping section, it describes mapping a windows group to an ACS group, which may also be a solution, although not as flexible as being able to match on an LDAP attribute associated with the machine accounts.
  Reading through this it seems this is an area where the SE and Windows based ACS platforms differ, I'm using SE.
  Andy