Interchange Authentication using AUTACK
My customer will be integrating to a bank using EDIFACT messages over SFTP. The bank's security requirements are that the AUTACK message is used to secure the interchange. AUTACK, used as an authentication message, is sent by the originator of an interchange consisting of one or more EDIFACT transaction messages, or by a party having authority to act on behalf of the originator, to give:
• origin authentication,
• validation of sequence integrity
• non-repudiation of origin
The AUTACK message process requires generation of the EDIFACT documents that will be in the exchange e.g. multiple PAYMUL documents, pass most (certain segments are not to be used for the hashing/digital signature) of the content of each of these documents as a single string to hash and generate a Digital Signature that is then put in the AUTACK message that is sent in the transmission of the transactional EDIFACT documents. The AUTACK message is sent after the transaction messages.
As far as I've understood things this looks like something that B2B doesn't cater for OOTB. Is this the case? Are there any workarounds or use of B2B / SOA that could achieve this requirement?
The bank might have an option to use PGP in place of AUTACK, we are checking if this applies to EDIFACT, although again B2B doesn't seem to support any additional security on top of SFTP communication unlike AS/2 which does. Again am I correct in my understanding?
Any advice about how this AUTACK use case could be met would be appreciated
Thanks
Mike
Mike,
You are right and there is no OOTB support in Oracle B2B for handling AUTACK's however Oracle B2B can accept AUTACK transactions and pass it to middleware (SOA). At middleware you may handle the AUTACK's and process the message accordingly (signature verification).
The bank might have an option to use PGP in place of AUTACKPGP is also not supported yet at B2B but again, you may receive PGP encrypted files at B2B and can pass them to middleware. At middleware you may handle PGP encryption/decryption.
You may consider filing an enhancement request with support for AUTACK handling at B2B.
Regards,
Anuj
Similar Messages
-
Client Certificate Mapping authentication using Active Directory across trusted forests
Hi,
We currently have a setup where the on-premises environment and the cloud environment are based on two separate forests linked by a 1-way trust, i.e., the exist in the on-premises AD and the 1-way trust allows them to use their
credentials to login to a cloud domain joined server. This works fine with the Windows authentication.
We are now looking at implementing a 2-Factor authentication using Certificate. The PKI infrastructure exists in the On-Premises Forest. The users are able to successfully login to on-premise servers configured with "AD CLient Certificate
Mapping".
However, we are unable to achieve the same functionality on the cloud domain joined servers. I would like to know
1. Is this possible?
2. If yes, what do we need to do to make this work.
Just to clarify, we are able to authenticate using certificates by enabling anonymous authentication. However, we are unable to do the same after turning on "Client Certificate Mapping authentication using Active Directory"1. Yes!
2. Before answering this I need to know if your are trying to perform a smart card logon on a desktop/console or if you just want to use certificate based authentication in an application like using a web application with client certificate requirements
and mapping?
/Hasain
We will eventually need it for smartcard logon on to desktop/console. However, at present, I am trying to use this for certificate based authentication on a web application.
To simulate the scenario, I setup up two separate forests and established a trust between them.
I then setup a Windows PKI in one of the forests and issued a client certificate to a user.
I then setup a web server in both the forests and configured them for anonymous authentication with Client SSL requirement configured.
I setup a test ASP page to capture the Login Info on both the servers.
With the client and the server in the same forest, I got the following results
Login Info
LOGON_USER: CORP\ASmith
AUTH_USER: CORP\ASmith
AUTH_TYPE: SSL/PCT
With the client in the domain with the PKI and the server in the other Forest, I got the following response
Login Info
LOGON_USER:
AUTH_USER:
AUTH_TYPE:
I tried the configuration with the Anonymous Authentication turned off and the AD CLient Certificate mapping turned on.
With the client and the server in the same forest, I am able to login to the default page. However, with the server in a trusted forest, I get the following error.
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied -
How to set proxy authentication using java properties at run time
Hi All,
How to set proxy authentication using java properties on the command line, or in Netbeans (Project => Properties
=> Run => Arguments). Below is a simple URL data extract program which works in absence of firewall:
import java.io.*;
import java.net.*;
public class DnldURLWithoutUsingProxy {
public static void main (String[] args) {
URL u;
InputStream is = null;
DataInputStream dis;
String s;
try {
u = new URL("http://www.yahoo.com.au/index.html");
is = u.openStream(); // throws an IOException
dis = new DataInputStream(new BufferedInputStream(is));
BufferedReader br = new BufferedReader(new InputStreamReader(dis));
String strLine;
//Read File Line By Line
while ((strLine = br.readLine()) != null) {
// Print the content on the console
System.out.println (strLine);
//Close the input stream
dis.close();
} catch (MalformedURLException mue) {
System.out.println("Ouch - a MalformedURLException happened.");
mue.printStackTrace();
System.exit(1);
} catch (IOException ioe) {
System.out.println("Oops- an IOException happened.");
ioe.printStackTrace();
System.exit(1);
} finally {
try {
is.close();
} catch (IOException ioe) {
}However, it generated the following message when run behind the firewall:
cd C:\Documents and Settings\abc\DnldURL\build\classes
java -cp . DnldURLWithoutUsingProxy
Oops- an IOException happened.
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
at java.net.Socket.connect(Socket.java:452)
at java.net.Socket.connect(Socket.java:402)
at sun.net.NetworkClient.doConnect(NetworkClient.java:139)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:402)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:618)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:306)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
at sun.net.www.http.HttpClient.New(HttpClient.java:339)
at sun.net.www.http.HttpClient.New(HttpClient.java:320)
at sun.net.www.http.HttpClient.New(HttpClient.java:315)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:510)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:487)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:615) at java.net.URL.openStream(URL.java:913) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
I have also tried the command without much luck either:
java -cp . -Dhttp.proxyHost=wwwproxy -Dhttp.proxyPort=80 DnldURLWithoutUsingProxy
Oops- an IOException happened.
java.io.IOException: Server returned HTTP response code: 407 for URL: http://www.yahoo.com.au/index.html
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245) at java.net.URL.openStream(URL.java:1009) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
All outgoing traffic needs to use the proxy wwwproxy (alias to http://proxypac/proxy.pac) on port 80, where it will prompt for valid authentication before allowing to get through.
There is no problem pinging www.yahoo.com from this system.
I am running jdk1.6.0_03, Netbeans 6.0 on Windows XP platform.
I have tried Greg Sporar's Blog on setting the JVM option in Sun Java System Application Server (GlassFish) and
Java Control Panel - Use browser settings without success.
Thanks,
GeorgeHi All,
How to set proxy authentication using java properties on the command line, or in Netbeans (Project => Properties
=> Run => Arguments). Below is a simple URL data extract program which works in absence of firewall:
import java.io.*;
import java.net.*;
public class DnldURLWithoutUsingProxy {
public static void main (String[] args) {
URL u;
InputStream is = null;
DataInputStream dis;
String s;
try {
u = new URL("http://www.yahoo.com.au/index.html");
is = u.openStream(); // throws an IOException
dis = new DataInputStream(new BufferedInputStream(is));
BufferedReader br = new BufferedReader(new InputStreamReader(dis));
String strLine;
//Read File Line By Line
while ((strLine = br.readLine()) != null) {
// Print the content on the console
System.out.println (strLine);
//Close the input stream
dis.close();
} catch (MalformedURLException mue) {
System.out.println("Ouch - a MalformedURLException happened.");
mue.printStackTrace();
System.exit(1);
} catch (IOException ioe) {
System.out.println("Oops- an IOException happened.");
ioe.printStackTrace();
System.exit(1);
} finally {
try {
is.close();
} catch (IOException ioe) {
}However, it generated the following message when run behind the firewall:
cd C:\Documents and Settings\abc\DnldURL\build\classes
java -cp . DnldURLWithoutUsingProxy
Oops- an IOException happened.
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
at java.net.Socket.connect(Socket.java:452)
at java.net.Socket.connect(Socket.java:402)
at sun.net.NetworkClient.doConnect(NetworkClient.java:139)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:402)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:618)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:306)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
at sun.net.www.http.HttpClient.New(HttpClient.java:339)
at sun.net.www.http.HttpClient.New(HttpClient.java:320)
at sun.net.www.http.HttpClient.New(HttpClient.java:315)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:510)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:487)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:615) at java.net.URL.openStream(URL.java:913) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
I have also tried the command without much luck either:
java -cp . -Dhttp.proxyHost=wwwproxy -Dhttp.proxyPort=80 DnldURLWithoutUsingProxy
Oops- an IOException happened.
java.io.IOException: Server returned HTTP response code: 407 for URL: http://www.yahoo.com.au/index.html
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245) at java.net.URL.openStream(URL.java:1009) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
All outgoing traffic needs to use the proxy wwwproxy (alias to http://proxypac/proxy.pac) on port 80, where it will prompt for valid authentication before allowing to get through.
There is no problem pinging www.yahoo.com from this system.
I am running jdk1.6.0_03, Netbeans 6.0 on Windows XP platform.
I have tried Greg Sporar's Blog on setting the JVM option in Sun Java System Application Server (GlassFish) and
Java Control Panel - Use browser settings without success.
Thanks,
George -
OSB Authentication using username and password (plaintext or digest)
Hi,
I want to implement a simple osb authentication using username/password (plain text or digest) , so that client required to provide username password token in soap header (message Level security) to access our webservices. I have read some of articles which shows how to create custom ws policy, but received following error during deployment.
weblogic.wsee.ws.init.WsDeploymentException: The WebLogic Server 9.x-style policy is not supported in JAX-WS web services
Please note - I can not install OWSM as part of my requirement
=======
<?xml version="1.0"?>
<!-- WS-SecurityPolicy -->
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wssp="http://www.bea.com/wls90/security/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wls="http://www.bea.com/wls90/security/policy/wsee#part">
<!-- Identity Assertion -->
<wssp:Identity>
<wssp:SupportedTokens>
<!-- Use UsernameToken for authentication -->
<wssp:SecurityToken IncludeInMessage="true"
TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken">
<wssp:UsePassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"/>
</wssp:SecurityToken>
</wssp:SupportedTokens>
</wssp:Identity>
</wsp:Policy>You can use the default Auth.xml WS policy in OSB and be able implement the authentication using username and plain text password.
Just assign the Auth.xml on the Request Policies of the Proxy Service (under Policies).
Then use any user credentials that has access to the domain for testing.
If you want to restrict access for each operation then in the Security tab, under Message Access Control, specify a Role.
Then in the OSB > Security Configuration, create the appropriate role with the specific role conditions like User is User1 or User is User2 etc ...
Hope this helps.
Thanks,
Patrick -
HTTPS authentication using SSL in SOAP Sender adapter
Hi,
We are currently doing a SOAP to RFC synchronous scenario in PI 7.0. Our client wants to ensure that the data security is maintained at the transport level. So, we have planned to implement the HTTPS without client authentication using SSL certificates. Our Basis team has promised us that they will take care of the cerficate generation and installation part in the server. Now i am confused at the PI communication channel setup level.
1) Do i have to specify the certificate installed path in the channel or in any other object ? If so, where do i have to configure the path ?
2) What is the exact path that has to be carried by a PI developer once the certificates are installed in the server ?
I have attached my communnication channel screenshot below,
http://i41.tinypic.com/mk49h.jpg
Please let me know what i have to configure in the Sender SOAP channel to receive data securely once the certificates are installed in the system.
Thanks & Regards,
Sherin Jose PHi,
1.for transport level security you should assign the HTTPS connection created in SM59 to the SOAP communication channel.
The HTTPS connection should use the certificates imported in t-code STRUST.
have you seen below thread,
SSL / X.509 In SOAP Sender/Receiver Adapter
Please go through below blog,
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b2e7020d-0d01-0010-269c-a98d3fb5d16c?overridelayout=true
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60ff2883-70c5-2c10-f090-a744def2ba66?QuickLink=index&overridelayout=true
http://help.sap.com/saphelp_nwpi71/helpdata/de/14/ef2940cbf2195de10000000a1550b0/content.htm
2. you nedd to check the message flow between the sender and receiver through PI .
regards,
ganesh. -
Oracle ADF 11g – Authentication using Custom ADF Login Form Problem
Hi Guys,
I am trying to Authenticate my adf application using custom Login Form.
following this..
http://www.fireboxtraining.com/blog/2012/02/09/oracle-adf-11g-authentication-using-custom-adf-login-form/#respond
But my Login Page is not Loading.I think its sending request in chain.my jdev version is 11.1.1.5.Any Idea.
Thanks,
RaulHi Frank,
I deleted bounded code and In another Unit Test I created a simple login.jspx page and applied form based authentication but still facing same problem means something wrong in starting.
My login.jspx page is
<?xml version='1.0' encoding='UTF-8'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
<jsp:directive.page contentType="text/html;charset=UTF-8"/>
<f:view>
<af:document id="d1" >
<af:form id="f1" >
<af:panelFormLayout id="pfl1">
<af:inputText label="USERNAME" id="it1"
/>
<af:inputText label="PASSWORD" id="it2"
/>
<af:commandButton text="LOG IN" id="cb1" />
<f:facet name="footer">
</f:facet>
</af:panelFormLayout>
</af:form>
</af:document>
</f:view>
</jsp:root>
Don't know wht real problem is -
Oracle 9i/10G DB authentication using Active Directory (with out OID)
Hello All,
We want to use a Single-Password authentication scheme using the Active
Directory as the primary source for userId/Password.
We don't want to use the Active Directory and OID bridge.
As we have many databases and would like to configure all Databases to use Active
Directory for Authentication. Our goal is to have single id/password across all
the databases and any user should be able to login from any computer using their
windows id/password, note that we don't want to use the OSAuthentication.
We have read the documents provided by oracle for authentication using Active
Directory, we were able to create Oracle Schema in Active Directory and were
also able to register a DB with Active Directory and then created user as global
user in Oracle Database and provided the DN of the user. When we tried
authenticate with all this setup it comes back and says invalid ID/Password !!!
And with 10G database we get the Oracle Error ORA-03113: end-of-file on communication channel !!
Has any one tried or have information on Integrating Oracle to Auth against Active Directory?
Envoirnment:
Oracle DB Version: 9.2.0 and also tried on 10.0.1 with same results
Operating System: Windows 2000/ Windows 2000 Server
Constraint: We don't want to user OID ( as we don't have license for this
product ! )I have a thread started similar to your request.
OS Authenication on Windows
Somewhere I read this. It works on Oracle 9i on Linux, but I have not tried it with Oracle 9i on Windows.
SHOW PARAMETER OS_AUTHENT_PREFIX;
SHOW PARAMETER REMOTE_OS_AUTHENT;
CREATE USER OPS$SOMEUSER IDENTIFIED EXTERNALLY;
GRANT CREATE SESSION TO OPS$SOMEUSER;
For the username, I wonder if we are supposed to put the Windows Domain name as part of the username? Such as, for a Windows domain user MyDomain\SomeUser
CREATE USER OPS$MYDOMAIN\SOMEUSER IDENTIFIED EXTERNALLY;
I really wish Oracle or somebody created a guide or book on how to do this. -
Machine authentication using certificates
Hi,
I am facing this error while machine authenticates agaist AD for wireless users. My requirement is users with corporate laptop get privileged vlan and BYOD should get normal vlan.I am using Cisco ISE 1.1.1 and configured authentication policies to diffrenciate clients based on corp asset and BYOD. Authentication policy result is identity sequnce which uses certificate profile and AD. All corp laptops should be authenticated using certificates and then followed by AD user and pass. when I configure XP users to validate server certificate this error comes in ISE log "Authentication failed : 11514 Unexpectedly received empty TLS message; treating as a rejection by the client" and if I disable validate sewrver certificate then this error "Authentication failed : 22049 Binary comparison of certificates failed".
Any help??
Thanks in advance.Hi [answers are inline]
I have tried using Cisco Anyconnect NAM on Wondows XP for machine and user authentication but EAP-chaining feature is not working as expected. I am facing few challenges. I have configured NAM to use eap-fast for machine and user authentication and ISE is configured with required authorisation rule and profiles/results. when machine boots up it sends machine certificate and gets authenticated against AD and ISE matches the authorisation rule and assigns authZ profile without waiting for user credentials.
This is expected for machine authentication, since the client hasnt logged in machine authentication will succeed so the computer has connectivity to the domain.
Now when a user logs on using AD user/pass, authentication fails as the VLAN assigned in AuthZ profile does not have access to AD. ISE should actually check with their external database but Its not.
Do you see the authentication report in ISE? Keep in mind that you are authenticating with a client that has never logged into the workstation before. I am sure you are looking for the feature which starts the NAM process before the user logs in. Try checking this option here:
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac04namconfig.html#wp1074333
Note the section below:
–Before User Logon—Connect to the network before the user logs on. The user logon types that are supported include user account (Kerberos) authentication, loading of user GPOs, and GPO-based logon script execution.
If you choose Before User Logon, you also get to set Time to Wait Before Allowing a User to Logon:
Time to Wait Before Allowing User to Logon—Specifies the maximum (worst case) number of seconds to wait for the Network Access Manager to make a complete network connection. If a network connection cannot be established within this time, the Windows logon process continues with user log on. The default is 5 seconds.
Note If the Network Access Manager is configured to manage wireless connections, set Time to wait before allowing user to logon to 30 seconds or more because of the additional time it may take to establish a wireless connection. You must also account for the time required to obtain an IP address via DHCP. If two or more network profiles are configured, you may want to increase the value to cover two or more connection attempts.
You will have to enable this setting to allow the supplicant to connect to the network using the credentials you provide, the reason for this is you are trying to authenticate a user that has never logged into this workstation before. Please make changes to the configuration.xml file, and then select the repair option on the anyconnect client and test again.
Interestingly, if I login with an AD user which is local to the machine its gets authenticated and gets correct AuthZ profile/access level. If I logoff and login with different user, Windows adapter gets IP address and ISE shows successful authentication /authz profile but NAM agent prompts limited connectivity. Any help??
Please make the changes above and see if the error message goes away.
Thanks,
Tarik Admani
*Please rate helpful posts* -
Trusted Authentication using QUERY_STRING
Hi All,
We are trying to configure the Trusted Authentication using Query_String in XIR3.1
We have customer portal ,where in login to custom web page and click on the link which routes to Infoview.We are configuring sso to bypass the credentials from webportal to Infoview home page.
We have created a paramerter to pass the user information.We have made all the required changes for configuring trusted authentication,like:
1) Enable Trusted Authentication in cmc.Enter shared secret in cmc
2) Make changes to the web.xml file
3) Create TrustedPrincipal.conf file
In web.xml file we gave "trusted.auth.user.retrieval" as "QUERY_STRING" & "trusted.auth.user.param" as the parameter value we are using to pass the user information.
If the parameter we are using is "MyUser" to pass the user information ,After configuring, we noticed that ,when we launch the url, "http://host:8080/InfoViewApp/logon/logon.do?MyUser=<username>" we can directly login to Infoview without giving any credentials.We are not sure if we are moving in right direction? Is this how the QUERY_STRING work?
We also noticed that,instead of giving any username if we give any other value the infoview home page opens up with Guest account?
Thank you,
BillYou should disable guest when using any method of SSO. Then anything placed in the URL other than a proper user would fail. And yes this is exactly how query string works (the username must be supplied in the URL). If looking for a more dynamic/secure method you will need to combine with a front end authenticator such as IIS, siteminder, etc and use one of our other methods such as remote_user, http_header, etc
Regards,
Tim -
OAM 11gR2 Authentication using username/password/additional ldap field
I want to add additional credential parameter along with username and password to be validated against LDAP.
Is there any out of the box solution for authentication using username/password/additional ldap field in OAM 11gR2?
This solutions exist in 10g and could not find any OOB feature in 11g.Do you need to accept additional parameter from user via login form & then use it in credential mapping step
Not sure if %% syntax would work .. havent tried it. next option is to develop custom authentication plugin
Additional ldap attribute against static value
If you need to add additional ldap attribute (check against static value) that you can specify in LDAP search filter in "User Identification plugin" configuration
Take a look at "MTLDAPPlugin" under custom authentication modules
Hope this helps -
Web Service Authentication using Microsoft Active Directory
Hi
Is there a way to create Oracle Java Web Services that requires authentication using Active Directory?
Regards,
Néstor BoscánIf you use the SOA Suite the Oracle Web Service Manager is included in there. Using this you can add steps that will authenticate against an AD.
cu
Andreas -
About 802.1x port authentication using TACACS+
Hi
I have some question. Please help me. Thanks.
Question1. May I use that 802.1x port authentication using TACACS+
Question2. Is it true? TACACS+ will not work with 802.1x because EAP is not supported in TACACS+, and there are no plans to get EAP over TACACS+.
Any help would be greatly appreciated.
Thanks.Thanks to you.
Where to find the documents about Tacacs+ doesn't support EAP?
I cast more time and I cannot find the documents.
Please help me....
Thanks. -
Radius server web authentication using ISE
Hi,
Can anyone point me in the direction of a guide to implement radius server web authentication using ISE?
I need this to be layer 3 Web Auth with all authentication requests coming from the wireless anchor controller, therefore don't think I can implement central web auth on ISE as detailed in the user guide as its layer 2 and auth requests come from the foreign controller.
The following link explains "Radius Server Web Authentication" using ACS. I need to find something similar for ISE - http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html
Thanks,Hi,
Please check these:
Central Web Authentication on the WLC and ISE Configuration Example
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
Regards
Dont forget to rate helpful posts -
Shared Services External Authentication using LDAP in 9.3.1
Hi,
I have installed Hyperion Shared Services with native directory. And now planning to setup external authentication using LDAP. I need some guidance to understanding how the external authentication works.
Questions:
1. Is it possible to setup Shared Services to use both Native and LDAP user directory? What I mean is some users will be able to login using Native directory, and some others will need to login using User Directory (external authentication).
2. For User Directory (say we use LDAP), when the user is added into Shared Services, can they be assigned with Groups created in Native directory? We want to explore to use just the external authentication and define all of the groups within shared services.
If not possible, can we manage the Groups of the User directory using shared services? How is the groups work with external authentication?
Any feedback would be much appreciated.
Thanks,
LianHi,
Yes you can use both Native and external authentication. When you add the external provider the native is left by defaut anyway.
Yes you can add your external users to native groups. You can also provision the groups in the AD if you wish.
Gee -
How to find which authentication used to site collection and site using powershell
Hi,
How to find how-many web app, sitecollection, site used Windows authentication,claim authentication and classic, secure store authention , adfs authentication using powershell code in sharepoint 2013.
If sites are used adfs authentication how to find which email id used for that.
Thanks,Authentication is only defined at the Web Application level, and the only valid auth methods are Classic (Windows (Basic/NTLM/Kerberos)), Claims (Windows (Basic/NTLM/Kerberos)), FBA Claims, , SAML Claims (ADFS), and Anonymous.
You can find out what authentication scheme(s) are enabled via:
$wa = Get-SPWebApplication http://webApp1$wa.IisSettings["Default"] #replace with the zone name you're interested in
The output will look similar to this:
PS C:\Users\trevor> $wa.IisSettings["Default"]
AuthenticationMode : Forms
MembershipProvider : i
RoleManager : c
AllowAnonymous : False
EnableClientIntegration : True
ServerBindings : {Microsoft.SharePoint.Admini
stration.SPServerBinding}
SecureBindings : {}
UseWindowsIntegratedAuthentication : True
UseBasicAuthentication : False
DisableKerberos : True
ServerComment : SharePoint
Path : C:\inetpub\wwwroot\wss\Virtu
alDirectories\spwebapp180
PreferredInstanceId : 42768054
UseClaimsAuthentication : True
ClaimsAuthenticationRedirectionUrl :
UseFormsClaimsAuthenticationProvider : False
FormsClaimsAuthenticationProvider :
UseTrustedClaimsAuthenticationProvider : False
UseWindowsClaimsAuthenticationProvider : True
OnlyUseWindowsClaimsAuthenticationProvider : True
WindowsClaimsAuthenticationProvider : Microsoft.SharePoint.Adminis
tration.SPWindowsAuthenticat
ionProvider
ClaimsAuthenticationProviders : {Windows Authentication}
ClaimsProviders : {}
ClientObjectModelRequiresUseRemoteAPIsPermission : True
UpgradedPersistedProperties : {}
So on this Web Application in the Default Zone you can tell I have Windows Claims enabled, not using Kerberos (so using NTLM), and Trusted (SAML/ADFS) is not enabled, neither is Forms or Anonymous.
Trevor Seward
Follow or contact me at...
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Maybe you are looking for
-
Enhanced Rebate settlement - item not relevant for billing
I'm trying to settle an enhanced rebate agreement & i continue to get the error "Item is not relevant for billing". I'm using the materials for which the rebate was accrued as the settlement materials via the configuration for a variable key. I've
-
Where can I find a download for Indesign CS4 6.0 WIN?
We are a charity organisation and during the office move, it appears that we have lost the CD which may have recieved at the time. Having spoken to Tech Support at Adobe, they recommend that I put this on the forum as there is no download available
-
HT4623 Software Update is not appering in my ipad
In my iPad when I try to update software in general setting their is no option available to update? How to update ?
-
All my Skype to Go Numbers Changed
Hi I have saved my skype to go numbers in my cell. Recently, I went to call one of these numbers and was told that the call would not connect (and asked for pin etc.). When i logged in to Skype I saw that all my Skype to Go numbers had changed - it l
-
Application Language Popup appears unexpectedly - very annoying
Hi, When Acrobat is open in the background and I am working in another application in the foreground (especially in MS-Word) I often (every 5-10 minutes), and unexpectedly, get a popup titled "Adobe Acrobat" forcing me to choose a language or press E