Inject User Attributes into SAML Credential Mapper V2 Assertions
We are using SAML CMV2 on 10.0 MP1 and we would like to add user attributes in SAML assertions '<attributestatement>'.
How do we inject attribute statements in assertions?
[url http://e-docs.bea.com/wls/docs100/dvspisec/credmap.html]
AT:
- Do You Need to Develop a Custom Credential Mapping Provider?
- 3rd paragraph, 4th sentence...
States that the AttributeStatement can be configured to house user information. I have looked all over on how I can 'configure' the SAMLCMV2 to inject the user info we want (DN, favorite color, anything).
Any input would be great,
Thanks!
Edited by dejavuuuuu at 03/18/2008 5:57 AM
Edited by dejavuuuuu at 03/18/2008 5:59 AM
Looks like it is not available in Weblogic 10 MP1 and we might have to wait for 10.3 where you get the SAMLCredentialAttributeMapper.
http://edocs.bea.com/wls/docs100/javadocs/weblogic/security/providers/saml/SAMLCredentialAttributeMapper.html
Similar Messages
-
Null Pointer Exception while configuring SAML Credential Mapper
Hi,
I am trying to set up my customised SAML code for WLS 10.3. To test it , I have created a standalone suite with 2 applications,one as a source where the authentication will be through simple username and password and second as destination where the identity assertion will take place based on token generated in first app.
So to achieve this , I am using a default SAMLCredentialMapperV2 for credential mapping at source site. But While configuring it, the management tab of the credential mapper shows null pointer exception.
Can anyone point out whats wrong or if I am missing on anything?
Steps to create:-
1. Create a security realm
2.Goto security realm ->Provider ->Credential Mapping tab.
3.Create a credential mapper of type SAMLCredentialMapperV2 and with specifications as mentioned in http://www.oracle.com/technetwork/articles/entarch/sso-with-saml3-086457.html
4. Click on the newly created mapper and go to management tab. It throws null pointer exception which is visible on the screen.
Log Entries are as follows:-
<Error> <Console> <BEA-240003> <Console encountered the following error java.lang.NullPointerException
at com.bea.common.security.saml.registry.SAMLPartnerRegistry.<init>(SAMLPartnerRegistry.java:153)
at com.bea.common.security.saml.registry.SAMLRelyingPartyRegistry.<init>(SAMLRelyingPartyRegistry.java:26)
at weblogic.security.providers.saml.SAMLCredentialMapperV2Impl.init(SAMLCredentialMapperV2Impl.java:65)
at weblogic.security.providers.saml.SAMLCredentialMapperV2Impl.listRelyingParties(SAMLCredentialMapperV2Impl.java:81)
at weblogic.security.providers.saml.SAMLCredentialMapperV2MBeanImpl.listRelyingParties(SAMLCredentialMapperV2MBeanImpl.java:206)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
at java.security.AccessController.doPrivileged(Native Method)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
at javax.management.remote.rmi.RMIConnectionImpl_1033_WLStub.invoke(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
at $Proxy144.listRelyingParties(Unknown Source)
at com.bea.console.actions.security.providers.SAMLCredentialMapperV2ManagementPartnersTableAction.getSAMLCredentialMapperV2Partners(SAMLCredentialMapperV2ManagementPartnersTableAction.java:60)
at com.bea.console.actions.security.providers.SAMLCredentialMapperV2ManagementPartnersTableAction.getCollection(SAMLCredentialMapperV2ManagementPartnersTableAction.java:42)
at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:82)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:211)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)I've got the same issue too.
My setup is to have one domain acting as both Source and Destination.
For every 10 seconds, I'm seeing 4 of these logs, and the CPU consumption is 100% consistently.
####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentials: Subject initiator>
####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentials(Subject): getCredentialInternal() called>
####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): SAML Credential Mapper does not support credential type: weblogic.UserPassword, returns null>
Does anyone know what's happening? I've got one of the Security Provider = Active Directory, and thus there's no password returning. Could it be the root cause of the problem? -
SAML Credential Mapper does not support credential type
Has anybody any idea on what could be causing the message below, which is being logged several times?
<[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <1309285937475> <BEA-000000> <SAMLCredentialMapperV2: getCredentials(Subject): getCredentialInternal() called>
<[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <1309285937475> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): **SAML Credential Mapper does not support credential type: weblogic.UserPassword, returns null**>
Best regards
Update: Forgot to mention this is SOA Suite 11G environment
Edited by: user9501748 on Jun 28, 2011 11:53 AMI've got the same issue too.
My setup is to have one domain acting as both Source and Destination.
For every 10 seconds, I'm seeing 4 of these logs, and the CPU consumption is 100% consistently.
####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentials: Subject initiator>
####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentials(Subject): getCredentialInternal() called>
####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): SAML Credential Mapper does not support credential type: weblogic.UserPassword, returns null>
Does anyone know what's happening? I've got one of the Security Provider = Active Directory, and thus there's no password returning. Could it be the root cause of the problem? -
SAML Credential Mapper Relying Party "Post Form"
Hi,
Has anybody used Custom Post Form for SAML credential Mapper Relying Party.
If so can you pls tell the specs. It is saml V2
I am trying like this in a html
<input type="hidden" name="TARGET " value="ddddd" />
<input type="hidden" name="SAML_AssertionConsumerURL" value="ddddddd" />
<input type="hidden" name="SAML_AssertionConsumerParams" value="homogenousMap" />
<input type="hidden" name="SAML_ITSRequestParams" value="" />
But everytime it gives a Internal server error in the logs
####<Oct 13, 2008 2:16:19 PM PDT> <Debug> <SecuritySAMLService> <pd7000163> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1223932579244> <BEA-000000> <SAMLServlet (samlits): doGet(): Unexpected throwable while handling request, returning INTERNAL_SERVER_ERROR: java.lang.NullPointerException>
I am also not finding any details about samlits servlet.
WEblogic front line support also does not know. No weblogic documentation on the actual implementation.
Thanks
VishnuVishnu, you should also try cross-posting in the WLS-Security forum.
WebLogic Server - Security -
How validate user.attributes in SAML assertation?
Hello!
I'm using WebLogic Server 10.3.6.0 + Oracle Service Bus 11.1.1.6 + Oracle Enterprise Manager 11g.
I deploy my Web Service on Weblogic Server and protect this by OWSM SAML-based policy (now it is oracle/wss_saml_token_bearer_over_ssl_service_policy).
It is working, but some things I don't understand.
My main question: how can I configure to validation of user.attributes in the saml assertation?
For example, inbound requests has 3 attributes in saml assertation tag: role, email and dept.
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2000/10/XMLSchema-instance">
<soap:Header>
<wsse:Security>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="Id-0000010a3c4ff12c-0000000000000002"
IssueInstant="2006-03-27T15:26:12Z" Version="2.0">
<saml:Issuer Format="urn:oasis ... WindowsDomainQualifiedName">
TestCA
</saml:Issuer>
<saml:Subject>
<saml:NameIdentifier Format="urn:oasis ... WindowsDomainQualifiedName">
TestUser
</saml:NameIdentifier>
</saml:Subject>
<saml:Conditions NotBefore="2005-03-27T15:20:40Z"
NotOnOrAfter="2028-03-27T17:20:40Z"/>
*<saml:AttributeStatement>*
*<saml:Attribute Name="role" NameFormat="http://www.oracle.com">*
*<saml:AttributeValue>admin</saml:AttributeValue>*
*</saml:Attribute>*
*<saml:Attribute Name="email" NameFormat="http://www.oracle.com">*
*<saml:AttributeValue>[email protected]</saml:AttributeValue>*
*</saml:Attribute>*
*<saml:Attribute Name="dept" NameFormat="">*
*<saml:AttributeValue>engineering</saml:AttributeValue>*
*</saml:Attribute>*
*</saml:AttributeStatement>*
</saml:Assertion>
</wsse:Security>
</soap:Header>
<soap:Body>
<product>
<name>Enterprise Gateway</name>
<company>Oracle</company>
<description>Web Services Security</description>
</product>
</soap:Body>
</soap:Envelope>
But I want permit only request's with 4 attibutes (for example, role + email + dept + city) or something like? How I can configure this in OWSM-policy settings or WebLogic settings?
Thanks for any help.That would be the easiest route but isn't it against the standards to use triggers on tables. I was thinking of doing the validation before the item is created on the page, by customizing the create item and update item pages.
Did anyone work on PIM to do this sort of customization, the pages are all dynamic and are pretty complex, I am not able to figure out where to fit in my validation. -
JSR168 User Attributes -- testing under JSC
I'm writing a JSR-168 portlet that will receive a user attribute from the portal container that it's running under.
So far, thought, I'm not having any luck finding a place I can configure dummy user attributes into JSC for testing. Should they fit in somehow in one of the tabs in the Deployment Descriptor editor?Yes, I've been over that document several times -- it's printed out and lying on the desk next to me, in fact.
However...I'm still a little fuzzy on two particular points that I don't think are directly covered:
(1) Accessing the USER_INFO map provided by my portal container (section PLT.17 of the JSR 168 specification). I understand this to be completely distinct from portlet preferences, unless JSC2 is doing something behind the scenes to merge the two. Since the USER_INFO map is a component of the PortletRequest, I think the code in Mr. Botterill's document gets me close enough to work things out there. However...
(2) Assuming that I've got the USER_INFO code figured out in my portlet, how do I configure the JSC2 portlet test environment to populate a USER_INFO map so that I can verify that everything's working correctly? -
Jdev 11g: No credential mapper entry found for password indirection user
Hi,
Ive been trying to deploy an application as described in http://download.oracle.com/docs/cd/E12839_01/web.1111/b31974/bcextservices.htm#ADFFD542
When the application is installed into weblogic, I get the following error:
An error occurred during activation of changes, please see the log for details.
weblogic.application.ModuleException:
java.security.PrivilegedActionException: weblogic.common.ResourceException: java.security.PrivilegedActionException: weblogic.common.ResourceException: No credential mapper entry found for password indirection user=psa_dev for data source psa_devCheck out What does this message mean? thread
-
How can i pass the logged in user attribute value into looku query ?
HI,
Is there any way to pass loggined in user attribute vallue to lookup query directrely in AD Child Group form.(Like '$Form data.UD_ADUSER_AD')
Thanks in advance
Edited by: 790561 on 5/12/2011 16:01loggined in user attribute vallue can be understood differently:
- A requester raising a request and you want *Requestor's ID" there.
- An approver logging in to the system for doing approvals.
- A System admin logged in to the system for managing the *Forms, Requests' etc
All the above cases are different and you would expect different values for all. If you requirement was the Requester then
1) Either create a hidden attribute in the Process Form and pre-populate it from the Request Form. In your query use *$Form data.UD_ADUSER_DUMMYREQID')*
2) Or directly capture the *$Requester Information.User Login$* attribute in the process form and do manipulations -
Broken OIM installation after creating user attribute
Hi All,
I tried to create a new user attribute with a list of values. I assume that I specified some of the required values incorrectly as I obtained an error message from the OIM application. Now however, I am not able to login into the OIM application even after restarting OIM. The error that I am getting in the console is as follows:
<Jan 12, 2012 1:06:21 PM SAST> <Error> <oracle.iam.identity.usermgmt.impl> <IAM-3051235> <An error occurred while searching for the user attributes.
oracle.iam.configservice.exception.InvalidLookupException: An exception occurred while retrieving the look-up values: The look-up code 123 is invalid.
at oracle.iam.configservice.impl.EntityUtil.getAttribute(EntityUtil.java:666)
at oracle.iam.configservice.impl.EntityUtil.getAttributes(EntityUtil.java:743)
at oracle.iam.configservice.impl.EntityUtil.getAttributes(EntityUtil.java:780)
at oracle.iam.configservice.impl.RDBMSDAO.getAttributes(RDBMSDAO.java:1158)
at oracle.iam.configservice.impl.ConfigManagerImpl.getAttributes(ConfigManagerImpl.java:784)
at oracle.iam.identity.usermgmt.impl.UserManagerImpl.hasUnsearchableAttributes(UserManagerImpl.java:4819)
at oracle.iam.identity.usermgmt.impl.UserManagerImpl.search(UserManagerImpl.java:1607)
at oracle.iam.identity.usermgmt.impl.UserDetailsProviderImpl.getUserDetails(UserDetailsProviderImpl.java:125)
at oracle.iam.platform.auth.impl.util.AuthenticationContextUtilForEJB.setUserPreferences(AuthenticationContextUtilForEJB.java:137)
at oracle.iam.platform.auth.impl.util.AuthenticationContextUtilForEJB.setAuthenticationContextInEJB(AuthenticationContextUtilForEJB.java:93)
at oracle.iam.scheduler.api.SchedulerServiceEJB.startx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy250.startx(Unknown Source)
at oracle.iam.scheduler.api.SchedulerService_lp8yuv_SchedulerServiceRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.iam.scheduler.api.SchedulerService_lp8yuv_SchedulerServiceRemoteImpl.startx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy179.startx(Unknown Source)
at oracle.iam.scheduler.api.SchedulerServiceDelegate.start(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
at $Proxy249.start(Unknown Source)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.startScheduler(SchedulerStartupServlet.java:99)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.init(SchedulerStartupServlet.java:46)
at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)
at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58)
at weblogic.servlet.internal.StubLifecycleHelper.<init>(StubLifecycleHelper.java:48)
at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:539)
at weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletContext.java:1985)
at weblogic.servlet.internal.WebAppServletContext.loadServletsOnStartup(WebAppServletContext.java:1959)
at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1878)
at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3153)
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1508)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:482)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:636)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:205)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:58)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
<Jan 12, 2012 1:06:21 PM SAST> <Error> <oracle.iam.platform.auth.impl> <IAM-0060010> <Error while loading mapping plugin
oracle.iam.platform.utils.userpreferences.UserDetailsException: Invalid number of users 0 entries returned for user ID OIMINTERNAL.
at oracle.iam.identity.usermgmt.impl.UserDetailsProviderImpl.getUserDetails(UserDetailsProviderImpl.java:135)
at oracle.iam.platform.auth.impl.util.AuthenticationContextUtilForEJB.setUserPreferences(AuthenticationContextUtilForEJB.java:137)
at oracle.iam.platform.auth.impl.util.AuthenticationContextUtilForEJB.setAuthenticationContextInEJB(AuthenticationContextUtilForEJB.java:93)
at oracle.iam.scheduler.api.SchedulerServiceEJB.startx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy250.startx(Unknown Source)
at oracle.iam.scheduler.api.SchedulerService_lp8yuv_SchedulerServiceRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.iam.scheduler.api.SchedulerService_lp8yuv_SchedulerServiceRemoteImpl.startx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy179.startx(Unknown Source)
at oracle.iam.scheduler.api.SchedulerServiceDelegate.start(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
at $Proxy249.start(Unknown Source)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.startScheduler(SchedulerStartupServlet.java:99)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.init(SchedulerStartupServlet.java:46)
at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)
at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58)
at weblogic.servlet.internal.StubLifecycleHelper.<init>(StubLifecycleHelper.java:48)
at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:539)
at weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletContext.java:1985)
at weblogic.servlet.internal.WebAppServletContext.loadServletsOnStartup(WebAppServletContext.java:1959)
at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1878)
at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3153)
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1508)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:482)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:636)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:205)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:58)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
Any assistance will be appreciated. I need this resolved ASAP...
Thanks,
user10233157user10233157 wrote:
Yes Bikash:-) can you log in into Design Console? If yes, recreate the Lookup.
-Bikash -
Configuring Credential mapper using WLST script
Is it possible to use a wlst script to define a new credential mapper.i.e.to [perform the following steps:
Check Use cross-domain protocol.
And then fill in the the values of the attributes which follow like remote host remote user and remote password.
I tried using the wlst recording for the same.However got the following message.
A security change to a role, policy, user, group or credential mapping was made, but this change was not recorded.
I was wondering if we can access the security MBeans using WLST.
Please advise.
Thanks in advance.It is possible if you export the properties with:
connect(url='t3://localhost:7001',adminServerName='AdminServer',timeout=60000)
serverConfig()
cd('/')
currentDomainName=cmo.getName()
cd('serverConfig:/SecurityConfiguration/' + currentDomainName + '/Realms/myrealm/CredentialMappers/DefaultCredentialMapper')
prop=Properties()
cmo.exportData('DefaultCreds','/tmp/credentialmapper_properties.txt',prop)Edit them, then import them with:
cmo.importData('DefaultCreds','/tmp/credentialmapper_properties.txt',prop)You can list the Credential Mapper configuration with:
connect(url='t3://localhost:7441',adminServerName='AdminServer',timeout=60000)
serverConfig()
cd('/')
currentDomainName=cmo.getName()
cd('serverConfig:/SecurityConfiguration/' + currentDomainName + '/Realms/myrealm/CredentialMappers/DefaultCredentialMapper')
cursor=cmo.listMappingsByPattern('*',10)
while cmo.haveCurrent(cursor):
# A resource ID looks like: 'type=<remote>, protocol=cross-domain-protocol, remoteHost=testDomain'
current_mapping_resource_id=cmo.getCurrentMappingResourceID(cursor)
cmo.getRemoteUserName(current_mapping_resource_id,'cross-domain')
cmo.advance(cursor)
cmo.close(cursor)See also: [url http://download.oracle.com/docs/cd/E12839_01/web.1111/e13707/security_data_migration.htm]Securing WebLogic Server 11g Release 1 (10.3.1) - Migrating Security Data
Edited by: Mircea Vutcovici on Jun 22, 2011 3:49 PM -
How to get user attributes from LDAP authenticator
I am using an LDAP authenticator and identity asserter to get user / group information.
I would like to access LDAP attributes for the user in my ADF Taskflow (Deployed into webcenter spaces).
Is there an available api to get all the user attributes through the established weblogic authenticator provider or do i have to directly connect to the LDAP server again?
Any help would be appreciatedHi Julián,
in fact, I've never worked with BSP iViews and so I don't know if there is a direct way to achieve what you want. Maybe you should ask within BSP forum...
A possibility would be to create a proxy iView around the BSP iView (in fact: before the BSP AppIntegrator component) which reads the user names and passes this as application params to the BSP component. But this is
Beginner
Medium
Advanced
Also see http://help.sap.com/saphelp_nw04/helpdata/en/16/1e0541a407f06fe10000000a1550b0/frameset.htm
Hope it helps
Detlev -
Need to Pass Active Directory Attributes into OBIEE for use in Report Query
Hi,
We're using OBIEE 11.1.1.5 and have integrated it with AD security. Users successfully log into OBIEE and BIP (which is integrated with OBIEE) using their network/AD accounts.
Next step for us is to be able to pass some AD attributes that are on the user accounts into OBIEE and BIP so we can restrict data queries for the person logged in.
I've searched the web and so far have only come up with specific steps for setting this up in BIP. Since BIP is integrated with OBIEE, we have not set any of the MSAD/LDAP security up there - it is all in OBIEE. I have been unable to find the equivalent for adding the attribute names for data query bind variables.
With our current setup, we are unable to filter the report data automatically based on who has logged into the application (analytics and BIP). We have security setup within the catalog so only certain AD groups can access objects, but beyond that we need to be able to secure the data using AD attribute information. For example, all of our users should be able to access an Open Purchase Order report, but they should only be able to see their own purchase orders - not everyone in the company.
Anyway, we're looking to be able to pass AD attributes into OBIEE so that we can use this data in our Analytics and BIP queries.
How can we get this setup?
Thank you in advance!
SuzanneA fairly common problem, see:
http://www.williamrobertson.net/documents/comma-separated.html
http://www.oracle-base.com/articles/misc/DynamicInLists.php
http://tkyte.blogspot.com/2006/06/varying-in-lists.html -
Multiple users logged into one server, each users printer has a different name, application needs ONE name to print to.
I'm NOT in any way a Terminal Services expert and I need help trying to get an application program working in a multi-user environment.
The issue is that the printer changes for every user that is logged in. The application needs to print NOT to the default printer, but to a "special" printer which is selected in the application... let's call it a label printer to simplify the explanation.
You have your default regular printer, easy for the application to find that one, and then you have a special printer that labels get printed onto. The application needs to know what printer is the label printer. So we allow the user to select that in the
application and the selection is stored in a config file in
C:\ProgramData\mfgr\prog\setting files
I don't have access to the application so I can't change how this works.
In the "regular" world, selecting the label printer driver to use should be per machine, NOT per user. When a new user logs into a machine, the physical printer doesn't go "poof" and a new printer suddenly appear. Same printer for all
users.
Yet in terminal services, the physical machine is "merged" with the virtual machine on the server. And there can be many users logged in at the same time. So each users real machine (and real printer) is injected into the "fake" terminal
services machine. The name of the printers is made unique for each user. So the printers DO go "poof" and change names depending on the user logged into terminal services.
So user "A" logs in and sets up the application to print to "LabelPrinterForUserA" (or whatever the name of the printer happens to be), that setting is stored in the ProgramData subfolder, and all is well. Later, user "B" logs
in, and when they print, the application tries to print to "LabelPrinterForUserA" which doesn't exist for user B or is only accessible by user A. If user B re-configures, that breaks it for user A.
SOLUTION 1: The way that /should/ work (in my mind) is that you define one "generic" printer in Terminal Services... call it "Virtual Label printer" and when the user wants to print to it, the print job gets re-directed back to whatever
physical printer is actually connected to their local workstation. There is a map of virtual printer to actual printer depending on the current user. The application is told once to print to "Virtual Label Printer" for all users.
SOLUTION 2: Or... there should be some way to make the ProgramData sub folders separate per user. E.g. when user "A" tries to access:
C:\ProgramData\mfgr\prog\setting files
they actually get
C:\UserData\UserA\AppData\mfgr\prog\setting files
and user "B" gets
C:\UserData\UserB\AppData\mfgr\prog\setting files
So the question I have is: Does either of those solutions exist hidden somewhere in the setup of terminal server? Or is there another way around this issue that I don't know?I don't really have a "for sure" answer to this, but because people here can't seem to deal with a question that hasn't been answered I'll provide the best answer I did receive from ServerFault.com user Nathan:
I can feel your pain with using old software on terminal servers ...the solution I've come up with definitely won't scale as it requires some manual configuration, but I've gotten this method to work with our label printers (which require to be
printed to an LPT port...yep, that old).
Share your USB-connected printers to the network on each machine. Then, have the user log in on aunique session for each of them
(a TS account cannot be shared among computers for this to work) and install a network printer pointing to the USB one they shared. Try to use a DNS name to account for possible DHCP movements.
After, it should work. Each user can do this since display names can be identical as long as the ports are different (which they are).
This was clarified by the following series of comments:
I think you are on to something here, and I originally advised the admin to do this. The problem he ran into is that it setup the printer names in the TS as "printer on usersworkstation"
and he could not rename it except to change the "printer" to whatever. E.g. the "on userworkstation" remained. I believe there is another way of installing the printer which avoids this, but I can't find it. Ages ago, one used to do NET
USE LPT2 \\computer\printer password /USER:domain\user /PERSISTENT:YES and then tell the driver to print to LPT2 – James
Newton Mar
17 at 16:21
@JamesNewton That's actually the exact method we used. The way around the "network printer" part is to install it as local printer and map it to a TCP/IP port that way. – Nathan
C Mar
17 at 16:28
You mean in the case where the printers are TCP/IP connected and not local USB / LPT to the users workstation? That makes sense. Wonder if this will work for USB connected printers... – James
NewtonMar
17 at 16:35
@JamesNewton You'd share the local printer on the client's PC then on the server connect via TCP/IP to it. You'd need static addresses or use DNS names if DHCP, though. – Nathan
C Mar
17 at 16:51
Ah. Yes. I see. Looks like the LPT thing should work even with a USB connected printer:superuser.com/questions/182655/… – James
Newton Mar
17 at 17:09 -
Select One Choice-select multiple attributes into mutiple columns
Select One Choice-select multiple attributes into mutiple columns does not work.
read-only view object view1 - columns a, b, c
updatable view object view2 - also columns a, b, c
Select One choice has the capability to bind multiple columns to multiple columns. I understand how this wizard is to be used for these multiple mappings, i.e., view2.a mapped to view1.a, view2.b mapped to view1.b, etc., and using 'select multiple...' for the display attribute. When I complete the 'List Binding Editor" correctly, in this example, only column a will be updated. Columns b,c, etc. will not be effected.
Has anyone solved this? Please do not reply telling me how to use the editor, I know how, it just is not working.
Here is my jspx segment,
<af:selectOneChoice value="#{bindings.Eis000tv1SlOffice.inputValue}"
label="#{bindings.Eis000tv1SlOffice.label}">
<f:selectItems value="#{bindings.Eis000tv1SlOffice.items}"/>
Here is pageDef segment:
<list id="Eis000tv1SlOffice" IterBinding="Eis000tv1Iterator"
StaticList="false" ListOperMode="0" ListIter="OfficeSpaceV1Iterator"
NullValueFlag="1" NullValueId="Eis000tv1SlOffice_null">
<AttrNames>
<Item Value="SlOffice"/>
<Item Value="Floor"/>
<Item Value="FloorArea"/>
</AttrNames>
<ListAttrNames>
<Item Value="SlOffice"/>
<Item Value="Floor"/>
<Item Value="Area"/>
</ListAttrNames>
<ListDisplayAttrNames>
<Item Value="SlOffice"/>
<Item Value="Floor"/>
<Item Value="Area"/>
</ListDisplayAttrNames>
</list>
Here is the iterator:can u set as specified here
-Djps.app.credential.overwrite.allowed=true http://radalcove.com/blog/?p=34 -
Accessing user attributes from a pipeline component
Hello,
I'm using WLCS & WLPS 3.1. I use webflow and I have implemented the page
transition myself to work with the portal. Everything is working fine.
I'm planning to implement a complex step of a business process as a pipeline
component. For various reasons, this PC will be implemented as an EJB. To
perform its job, this PC needs to get information about the user that is
currently logged in. More specifically, it needs to lookup custom attributes
from the user profile (i.e. user property set).
So my question is : is this possible directly from the PC, or do I have to
populate the pipeline session with required information in the input
processor?
Thank you for your advice
NicolasHello Ture,
Thanks for both posts.
Nicolas
"Ture Hoefner" <[email protected]> wrote in message
news:[email protected]..
... To perform its job, this PC needs to get information about the userthat
is
currently logged in. More specifically, it needs to lookup customattributes
from the user profile (i.e. user property set).
So my question is : is this possible directly from the PC, or do I haveto
populate the pipeline session with required information in the input
processor?Hello Nicolas,
I have not tried this myself. I think that the disconnect between the
pipeline session and the portal session is probably the fact that theattributes
in the portal session have their keys "fixed up" by prepending the portal
request URI. This is made possible by the
com.beasys.commerce.foundation.flow.jsp.DefaultDestinationDeterminer,which the
PortalDestinationDeterminer extends. It puts a "TRAFFIC.URI" attributeinto the
each request that goes through the FlowManagerServlet for the portal. Inthe
Acme exampleportal, the "SERVICEMANAGER.USER" attribute is put into theportal
HttpSession as "exampleportal.SERVICEMANAGER.USER".
If you want to get to the cached profile from your portal from yourpipeline
component (PC) then you would have to know that the name is "fixed up" tobe
"exampleportal.CACHED_PROFILE". There are probably several different waysyou
could get the "TRAFFIC.URI" information to your PC.
Ture Hoefner
BEA Systems, Inc.
2590 Pearl St.
Suite 110
Boulder, CO 80302
www.bea.com
Maybe you are looking for
-
I'm looking to upgrade my old macbook (currently have a black macbook from way back when). I wouldn't mind playing some of the games in the topic title but I'm not sure if they will play on OSX. It says "no integrated graphics," but that's not in r
-
Hi everybody, Can any one of you please provide me with some document/ Blog which describes the end to end configuration steps for various scenarios like simple XML to file scenario. I am aware of various teminologies but have never tried hands on a
-
Hello I am running MS SQL 2008R2 SP3 and I am trying to run MaintenancePLan. Current jobs are: 1) Check Database Integrity (scheduled to run every Sunday at 2am) 2) Reorganize Index (scheduled to run every Monday to Friday at 5am) 3) Rebuild Index (s
-
When using the Apple wireless keyboard with Apple TV, what are the keys involved? The direction keys are kinda self explainatory, but having trouble figureing out the others. Such as to back track like the "Menu" button on the ATV remote. Thanks in a
-
Copy function produces an almost solid black copy
After years of satisfactory performance my all in one printer copier fax has a problem copying in both colour and black and white. In both cases the copy comes out as an almost solid black page, sometimes with a line or so of the print to be copied,