Interchange Authentication using AUTACK

My customer will be integrating to a bank using EDIFACT messages over SFTP. The bank's security requirements are that the AUTACK message is used to secure the interchange. AUTACK, used as an authentication message, is sent by the originator of an interchange consisting of one or more EDIFACT transaction messages, or by a party having authority to act on behalf of the originator, to give:
• origin authentication,
• validation of sequence integrity
• non-repudiation of origin
The AUTACK message process requires generation of the EDIFACT documents that will be in the exchange e.g. multiple PAYMUL documents, pass most (certain segments are not to be used for the hashing/digital signature) of the content of each of these documents as a single string to hash and generate a Digital Signature that is then put in the AUTACK message that is sent in the transmission of the transactional EDIFACT documents. The AUTACK message is sent after the transaction messages.
As far as I've understood things this looks like something that B2B doesn't cater for OOTB. Is this the case? Are there any workarounds or use of B2B / SOA that could achieve this requirement?
The bank might have an option to use PGP in place of AUTACK, we are checking if this applies to EDIFACT, although again B2B doesn't seem to support any additional security on top of SFTP communication unlike AS/2 which does. Again am I correct in my understanding?
Any advice about how this AUTACK use case could be met would be appreciated
Thanks
Mike

Mike,
You are right and there is no OOTB support in Oracle B2B for handling AUTACK's however Oracle B2B can accept AUTACK transactions and pass it to middleware (SOA). At middleware you may handle the AUTACK's and process the message accordingly (signature verification).
The bank might have an option to use PGP in place of AUTACKPGP is also not supported yet at B2B but again, you may receive PGP encrypted files at B2B and can pass them to middleware. At middleware you may handle PGP encryption/decryption.
You may consider filing an enhancement request with support for AUTACK handling at B2B.
Regards,
Anuj

Similar Messages

  • Client Certificate Mapping authentication using Active Directory across trusted forests

    Hi,
    We currently have a setup where the on-premises environment and the cloud environment are based on two separate forests linked by a 1-way trust, i.e., the exist in the on-premises AD and the 1-way trust allows them to use their
    credentials to login to a cloud domain joined server. This works fine with the Windows authentication.
    We are now looking at implementing a 2-Factor authentication using Certificate. The PKI infrastructure exists in the On-Premises Forest. The users are able to successfully login to on-premise servers configured with "AD CLient Certificate
    Mapping".
    However, we are unable to achieve the same functionality on the cloud domain joined servers. I would like to know
    1. Is this possible?
    2. If yes, what do we need to do to make this work.
    Just to clarify, we are able to authenticate using certificates by enabling anonymous authentication. However, we are unable to do the same after turning on "Client Certificate Mapping authentication using Active Directory"

    1. Yes!
    2. Before answering this I need to know if your are trying to perform a smart card logon on a desktop/console or if you just want to use certificate based authentication in an application like using a web application with client certificate requirements
    and mapping?
    /Hasain
    We will eventually need it for smartcard logon on to desktop/console. However, at present, I am trying to use this for certificate based authentication on a web application.
    To simulate the scenario, I setup up two separate forests and established a trust between them.
    I then setup a Windows PKI in one of the forests and issued a client certificate to a user.
    I then setup a web server in both the forests and configured them for anonymous authentication with Client SSL requirement configured.
    I setup a test ASP page to capture the Login Info on both the servers.
    With the client and the server in the same forest, I got the following results
    Login Info
    LOGON_USER: CORP\ASmith
    AUTH_USER: CORP\ASmith
    AUTH_TYPE: SSL/PCT
    With the client in the domain with the PKI and the server in the other Forest, I got the following response
    Login Info
    LOGON_USER:
    AUTH_USER:
    AUTH_TYPE: 
    I tried the configuration with the Anonymous Authentication turned off and the AD CLient Certificate mapping turned on.
    With the client and the server in the same forest, I am able to login to the default page. However, with the server in a trusted forest, I get the following error.
    401 - Unauthorized: Access is denied due to invalid credentials.
    You do not have permission to view this directory or page using the credentials that you supplied

  • How to set proxy authentication using java properties at run time

    Hi All,
    How to set proxy authentication using java properties on the command line, or in Netbeans (Project => Properties
    => Run => Arguments). Below is a simple URL data extract program which works in absence of firewall:
    import java.io.*;
    import java.net.*;
    public class DnldURLWithoutUsingProxy {
       public static void main (String[] args) {
          URL u;
          InputStream is = null;
          DataInputStream dis;
          String s;
          try {
              u = new URL("http://www.yahoo.com.au/index.html");
             is = u.openStream();         // throws an IOException
             dis = new DataInputStream(new BufferedInputStream(is));
             BufferedReader br = new BufferedReader(new InputStreamReader(dis));
          String strLine;
          //Read File Line By Line
          while ((strLine = br.readLine()) != null)      {
          // Print the content on the console
              System.out.println (strLine);
          //Close the input stream
          dis.close();
          } catch (MalformedURLException mue) {
             System.out.println("Ouch - a MalformedURLException happened.");
             mue.printStackTrace();
             System.exit(1);
          } catch (IOException ioe) {
             System.out.println("Oops- an IOException happened.");
             ioe.printStackTrace();
             System.exit(1);
          } finally {
             try {
                is.close();
             } catch (IOException ioe) {
    }However, it generated the following message when run behind the firewall:
    cd C:\Documents and Settings\abc\DnldURL\build\classes
    java -cp . DnldURLWithoutUsingProxy
    Oops- an IOException happened.
    java.net.ConnectException: Connection refused
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
    at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
    at java.net.Socket.connect(Socket.java:452)
    at java.net.Socket.connect(Socket.java:402)
    at sun.net.NetworkClient.doConnect(NetworkClient.java:139)
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:402)
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:618)
    at sun.net.www.http.HttpClient.<init>(HttpClient.java:306)
    at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
    at sun.net.www.http.HttpClient.New(HttpClient.java:339)
    at sun.net.www.http.HttpClient.New(HttpClient.java:320)
    at sun.net.www.http.HttpClient.New(HttpClient.java:315)
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:510)
    at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:487)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:615) at java.net.URL.openStream(URL.java:913) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
    I have also tried the command without much luck either:
    java -cp . -Dhttp.proxyHost=wwwproxy -Dhttp.proxyPort=80 DnldURLWithoutUsingProxy
    Oops- an IOException happened.
    java.io.IOException: Server returned HTTP response code: 407 for URL: http://www.yahoo.com.au/index.html
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245) at java.net.URL.openStream(URL.java:1009) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
    All outgoing traffic needs to use the proxy wwwproxy (alias to http://proxypac/proxy.pac) on port 80, where it will prompt for valid authentication before allowing to get through.
    There is no problem pinging www.yahoo.com from this system.
    I am running jdk1.6.0_03, Netbeans 6.0 on Windows XP platform.
    I have tried Greg Sporar's Blog on setting the JVM option in Sun Java System Application Server (GlassFish) and
    Java Control Panel - Use browser settings without success.
    Thanks,
    George

    Hi All,
    How to set proxy authentication using java properties on the command line, or in Netbeans (Project => Properties
    => Run => Arguments). Below is a simple URL data extract program which works in absence of firewall:
    import java.io.*;
    import java.net.*;
    public class DnldURLWithoutUsingProxy {
       public static void main (String[] args) {
          URL u;
          InputStream is = null;
          DataInputStream dis;
          String s;
          try {
              u = new URL("http://www.yahoo.com.au/index.html");
             is = u.openStream();         // throws an IOException
             dis = new DataInputStream(new BufferedInputStream(is));
             BufferedReader br = new BufferedReader(new InputStreamReader(dis));
          String strLine;
          //Read File Line By Line
          while ((strLine = br.readLine()) != null)      {
          // Print the content on the console
              System.out.println (strLine);
          //Close the input stream
          dis.close();
          } catch (MalformedURLException mue) {
             System.out.println("Ouch - a MalformedURLException happened.");
             mue.printStackTrace();
             System.exit(1);
          } catch (IOException ioe) {
             System.out.println("Oops- an IOException happened.");
             ioe.printStackTrace();
             System.exit(1);
          } finally {
             try {
                is.close();
             } catch (IOException ioe) {
    }However, it generated the following message when run behind the firewall:
    cd C:\Documents and Settings\abc\DnldURL\build\classes
    java -cp . DnldURLWithoutUsingProxy
    Oops- an IOException happened.
    java.net.ConnectException: Connection refused
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
    at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
    at java.net.Socket.connect(Socket.java:452)
    at java.net.Socket.connect(Socket.java:402)
    at sun.net.NetworkClient.doConnect(NetworkClient.java:139)
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:402)
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:618)
    at sun.net.www.http.HttpClient.<init>(HttpClient.java:306)
    at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
    at sun.net.www.http.HttpClient.New(HttpClient.java:339)
    at sun.net.www.http.HttpClient.New(HttpClient.java:320)
    at sun.net.www.http.HttpClient.New(HttpClient.java:315)
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:510)
    at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:487)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:615) at java.net.URL.openStream(URL.java:913) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
    I have also tried the command without much luck either:
    java -cp . -Dhttp.proxyHost=wwwproxy -Dhttp.proxyPort=80 DnldURLWithoutUsingProxy
    Oops- an IOException happened.
    java.io.IOException: Server returned HTTP response code: 407 for URL: http://www.yahoo.com.au/index.html
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245) at java.net.URL.openStream(URL.java:1009) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
    All outgoing traffic needs to use the proxy wwwproxy (alias to http://proxypac/proxy.pac) on port 80, where it will prompt for valid authentication before allowing to get through.
    There is no problem pinging www.yahoo.com from this system.
    I am running jdk1.6.0_03, Netbeans 6.0 on Windows XP platform.
    I have tried Greg Sporar's Blog on setting the JVM option in Sun Java System Application Server (GlassFish) and
    Java Control Panel - Use browser settings without success.
    Thanks,
    George

  • OSB Authentication using username and password (plaintext or digest)

    Hi,
    I want to implement a simple osb authentication using username/password (plain text or digest) , so that client required to provide username password token in soap header (message Level security) to access our webservices. I have read some of articles which shows how to create custom ws policy, but received following error during deployment.
    weblogic.wsee.ws.init.WsDeploymentException: The WebLogic Server 9.x-style policy is not supported in JAX-WS web services
    Please note - I can not install OWSM as part of my requirement
    =======
    <?xml version="1.0"?>
    <!-- WS-SecurityPolicy -->
    <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    xmlns:wssp="http://www.bea.com/wls90/security/policy"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wls="http://www.bea.com/wls90/security/policy/wsee#part">
    <!-- Identity Assertion -->
    <wssp:Identity>
    <wssp:SupportedTokens>
    <!-- Use UsernameToken for authentication -->
    <wssp:SecurityToken IncludeInMessage="true"
    TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken">
    <wssp:UsePassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"/>
    </wssp:SecurityToken>
    </wssp:SupportedTokens>
    </wssp:Identity>
    </wsp:Policy>

    You can use the default Auth.xml WS policy in OSB and be able implement the authentication using username and plain text password.
    Just assign the Auth.xml on the Request Policies of the Proxy Service (under Policies).
    Then use any user credentials that has access to the domain for testing.
    If you want to restrict access for each operation then in the Security tab, under Message Access Control, specify a Role.
    Then in the OSB > Security Configuration, create the appropriate role with the specific role conditions like User is User1 or User is User2 etc ...
    Hope this helps.
    Thanks,
    Patrick

  • HTTPS authentication using SSL in SOAP Sender adapter

    Hi,
    We are currently doing a SOAP to RFC synchronous scenario in PI 7.0. Our client wants to ensure that the data security is maintained at the transport level. So, we have planned to implement the HTTPS without client authentication using SSL certificates. Our Basis team has promised us that they will take care of the cerficate generation and installation part in the server. Now i am confused at the PI communication channel setup level.
    1) Do i have to specify the certificate installed path in the channel or in any other object ? If so, where do i have to configure the path ?
    2) What is the exact path that has to be carried by a PI developer once the certificates are installed in the server ?
    I have attached my communnication channel screenshot below,
    http://i41.tinypic.com/mk49h.jpg
    Please let me know what i have to configure in the Sender SOAP channel to receive data securely once the certificates are installed in the system.
    Thanks & Regards,
    Sherin Jose P

    Hi,
    1.for transport level security you should assign the HTTPS connection created in SM59 to the SOAP communication channel.
    The HTTPS connection should use the certificates imported in t-code STRUST.
    have you seen below thread,
    SSL / X.509 In SOAP Sender/Receiver Adapter
    Please go through below blog,
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b2e7020d-0d01-0010-269c-a98d3fb5d16c?overridelayout=true
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60ff2883-70c5-2c10-f090-a744def2ba66?QuickLink=index&overridelayout=true
    http://help.sap.com/saphelp_nwpi71/helpdata/de/14/ef2940cbf2195de10000000a1550b0/content.htm
    2. you nedd to check the message flow between the sender and receiver through PI .
    regards,
    ganesh.

  • Oracle ADF 11g – Authentication using Custom ADF Login Form Problem

    Hi Guys,
    I am trying to Authenticate my adf application using custom Login Form.
    following this..
    http://www.fireboxtraining.com/blog/2012/02/09/oracle-adf-11g-authentication-using-custom-adf-login-form/#respond
    But my Login Page is not Loading.I think its sending request in chain.my jdev version is 11.1.1.5.Any Idea.
    Thanks,
    Raul

    Hi Frank,
    I deleted bounded code and In another Unit Test I created a simple login.jspx page and applied form based authentication but still facing same problem means something wrong in starting.
    My login.jspx page is
    <?xml version='1.0' encoding='UTF-8'?>
    <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"
              xmlns:f="http://java.sun.com/jsf/core"
              xmlns:h="http://java.sun.com/jsf/html"
              xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
      <jsp:directive.page contentType="text/html;charset=UTF-8"/>
      <f:view>
        <af:document id="d1" >
          <af:form id="f1" >
            <af:panelFormLayout id="pfl1">       
              <af:inputText label="USERNAME" id="it1"
                            />       
              <af:inputText label="PASSWORD" id="it2"
                              />
              <af:commandButton text="LOG IN" id="cb1" />
              <f:facet name="footer">       
              </f:facet>                 
            </af:panelFormLayout>
          </af:form>
        </af:document>
      </f:view>
    </jsp:root>
    Don't know wht real problem is

  • Oracle 9i/10G DB authentication using Active Directory (with out OID)

    Hello All,
    We want to use a Single-Password authentication scheme using the Active
    Directory as the primary source for userId/Password.
    We don't want to use the Active Directory and OID bridge.
    As we have many databases and would like to configure all Databases to use Active
    Directory for Authentication. Our goal is to have single id/password across all
    the databases and any user should be able to login from any computer using their
    windows id/password, note that we don't want to use the OSAuthentication.
    We have read the documents provided by oracle for authentication using Active
    Directory, we were able to create Oracle Schema in Active Directory and were
    also able to register a DB with Active Directory and then created user as global
    user in Oracle Database and provided the DN of the user. When we tried
    authenticate with all this setup it comes back and says invalid ID/Password !!!
    And with 10G database we get the Oracle Error ORA-03113: end-of-file on communication channel !!
    Has any one tried or have information on Integrating Oracle to Auth against Active Directory?
    Envoirnment:
    Oracle DB Version: 9.2.0 and also tried on 10.0.1 with same results
    Operating System: Windows 2000/ Windows 2000 Server
    Constraint: We don't want to user OID ( as we don't have license for this
    product ! )

    I have a thread started similar to your request.
    OS Authenication on Windows
    Somewhere I read this. It works on Oracle 9i on Linux, but I have not tried it with Oracle 9i on Windows.
    SHOW PARAMETER OS_AUTHENT_PREFIX;
    SHOW PARAMETER REMOTE_OS_AUTHENT;
    CREATE USER OPS$SOMEUSER IDENTIFIED EXTERNALLY;
    GRANT CREATE SESSION TO OPS$SOMEUSER;
    For the username, I wonder if we are supposed to put the Windows Domain name as part of the username? Such as, for a Windows domain user MyDomain\SomeUser
    CREATE USER OPS$MYDOMAIN\SOMEUSER IDENTIFIED EXTERNALLY;
    I really wish Oracle or somebody created a guide or book on how to do this.

  • Machine authentication using certificates

    Hi,
    I am facing this error while machine authenticates agaist AD for wireless users. My requirement is users with corporate laptop get privileged vlan and BYOD should get normal vlan.I am using Cisco ISE 1.1.1 and configured authentication policies to diffrenciate clients based on corp asset and BYOD. Authentication policy result is identity sequnce which uses certificate profile and AD. All corp laptops should be authenticated using certificates and then followed by AD user and pass. when I configure XP users to validate server certificate this error comes in ISE log "Authentication failed : 11514 Unexpectedly received empty TLS message; treating as a rejection by the client" and if I disable validate sewrver certificate then this error "Authentication failed : 22049 Binary comparison of certificates failed".
    Any help??
    Thanks in advance.

    Hi [answers are inline]
    I  have tried using Cisco Anyconnect NAM on Wondows XP for machine and  user authentication but EAP-chaining feature is not working as expected.  I am facing few challenges. I have configured NAM to use eap-fast for  machine and user authentication and ISE is configured with required  authorisation rule and profiles/results. when machine boots up it sends  machine certificate and gets authenticated against AD and ISE matches  the authorisation rule and assigns authZ profile without waiting for  user credentials.
    This is expected for machine authentication, since the client hasnt logged in machine authentication will succeed so the computer has connectivity to the domain.
    Now when a user logs on using AD user/pass,  authentication fails as the VLAN assigned in AuthZ profile does not have  access to AD. ISE should actually check with their external database  but Its not.
    Do you see the authentication report in ISE? Keep in mind that you are authenticating with a client that has never logged into the workstation before. I am sure you are looking for the feature which starts the NAM process before the user logs in. Try checking this option here:
    http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac04namconfig.html#wp1074333
    Note the section below:
    –Before  User Logon—Connect to the network before the user logs on. The user  logon types that are supported include user account (Kerberos)  authentication, loading of user GPOs, and GPO-based logon script  execution.
    If you choose Before User Logon, you also get to set Time to Wait Before Allowing a User to Logon:
    Time to Wait Before Allowing User to Logon—Specifies the maximum (worst  case) number of seconds to wait for the Network Access Manager to make a  complete network connection. If a network connection cannot be  established within this time, the Windows logon process continues with  user log on. The default is 5 seconds.
    Note If the Network Access Manager is configured to manage wireless connections, set Time to wait before allowing user to logon to 30 seconds or more because of the additional time it may take to  establish a wireless connection. You must also account for the time  required to obtain an IP address via DHCP. If two or more network  profiles are configured, you may want to increase the value to cover two  or more connection attempts.
    You will have to enable this setting to allow the supplicant to connect to the network using the credentials you provide, the reason for this is you are trying to authenticate a user that has never logged into this workstation before. Please make changes to the configuration.xml file, and then select the repair option on the anyconnect client and test again.
    Interestingly, if I login with an AD user which is local to  the machine its gets authenticated and gets correct AuthZ  profile/access level. If I logoff and login with different user, Windows  adapter gets IP address and ISE shows successful authentication /authz  profile but NAM agent prompts limited connectivity. Any help??
    Please make the changes above and see if the error message goes away.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • Trusted Authentication using QUERY_STRING

    Hi All,
    We are trying to configure the Trusted Authentication using Query_String in XIR3.1
    We have customer portal ,where in login to custom web page and click on the link which routes to Infoview.We are configuring sso to bypass the credentials from webportal to Infoview home page.
    We have created a paramerter to pass the user information.We have made all the required changes for configuring trusted authentication,like:
    1) Enable Trusted Authentication in cmc.Enter shared secret in cmc
    2) Make changes to the web.xml file
    3) Create TrustedPrincipal.conf file
    In web.xml file we gave "trusted.auth.user.retrieval" as "QUERY_STRING" & "trusted.auth.user.param" as the parameter value we are using to pass the user information.
    If the parameter we are using is "MyUser" to pass the user information ,After configuring, we noticed that ,when we launch the url, "http://host:8080/InfoViewApp/logon/logon.do?MyUser=<username>"  we can directly login to Infoview without giving any credentials.We are not sure if we are moving in right direction? Is this how the QUERY_STRING work?
    We also noticed that,instead of giving any username if we give any other value the infoview home page opens up with Guest account?
    Thank you,
    Bill

    You should disable guest when using any method of SSO. Then anything placed in the URL other than a proper user would fail. And yes this is exactly how query string works (the username must be supplied in the URL). If looking for a more dynamic/secure method you will need to combine with a front end authenticator such as IIS, siteminder, etc and use one of our other methods such as remote_user, http_header, etc
    Regards,
    Tim

  • OAM 11gR2 Authentication using username/password/additional ldap field

    I want to add additional credential parameter along with username and password to be validated against LDAP.
    Is there any out of the box solution for authentication using username/password/additional ldap field in OAM 11gR2?
    This solutions exist in 10g and could not find any OOB feature in 11g.

    Do you need to accept additional parameter from user via login form & then use it in credential mapping step
    Not sure if %% syntax would work .. havent tried it. next option is to develop custom authentication plugin
    Additional ldap attribute against static value
    If you need to add additional ldap attribute (check against static value) that you can specify in LDAP search filter in "User Identification plugin" configuration
    Take a look at "MTLDAPPlugin" under custom authentication modules
    Hope this helps

  • Web Service Authentication using Microsoft Active Directory

    Hi
    Is there a way to create Oracle Java Web Services that requires authentication using Active Directory?
    Regards,
    Néstor Boscán

    If you use the SOA Suite the Oracle Web Service Manager is included in there. Using this you can add steps that will authenticate against an AD.
    cu
    Andreas

  • About 802.1x port authentication using TACACS+

    Hi
    I have some question. Please help me. Thanks.
    Question1. May I use that 802.1x port authentication using TACACS+
    Question2. Is it true? TACACS+ will not work with 802.1x because EAP is not supported in TACACS+, and there are no plans to get EAP over TACACS+.
    Any help would be greatly appreciated.
    Thanks.

    Thanks to you.
    Where to find the documents about Tacacs+ doesn't support EAP?
    I cast more time and I cannot find the documents.
    Please help me....
    Thanks.

  • Radius server web authentication using ISE

    Hi,
    Can anyone point me in the direction of a guide to implement radius server web authentication using ISE?
    I need this to be layer 3 Web Auth with all authentication requests coming from the wireless anchor controller, therefore don't think I can implement central web auth on ISE as detailed in the user guide as its layer 2 and auth requests come from the foreign controller.
    The following link explains "Radius Server Web Authentication" using ACS.  I need to find something similar for ISE - http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html  
    Thanks,

    Hi,
    Please check these:
    Central Web Authentication on the WLC and ISE Configuration Example
    http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
    Regards
    Dont forget to rate helpful posts

  • Shared Services External Authentication using LDAP in 9.3.1

    Hi,
    I have installed Hyperion Shared Services with native directory. And now planning to setup external authentication using LDAP. I need some guidance to understanding how the external authentication works.
    Questions:
    1. Is it possible to setup Shared Services to use both Native and LDAP user directory? What I mean is some users will be able to login using Native directory, and some others will need to login using User Directory (external authentication).
    2. For User Directory (say we use LDAP), when the user is added into Shared Services, can they be assigned with Groups created in Native directory? We want to explore to use just the external authentication and define all of the groups within shared services.
    If not possible, can we manage the Groups of the User directory using shared services? How is the groups work with external authentication?
    Any feedback would be much appreciated.
    Thanks,
    Lian

    Hi,
    Yes you can use both Native and external authentication. When you add the external provider the native is left by defaut anyway.
    Yes you can add your external users to native groups. You can also provision the groups in the AD if you wish.
    Gee

  • How to find which authentication used to site collection and site using powershell

    Hi,
    How to find  how-many web app, sitecollection, site used Windows authentication,claim authentication and classic, secure store authention , adfs authentication using powershell code in sharepoint 2013.
    If sites are used adfs authentication how to find which email id used for that.
    Thanks,

    Authentication is only defined at the Web Application level, and the only valid auth methods are Classic (Windows (Basic/NTLM/Kerberos)), Claims (Windows (Basic/NTLM/Kerberos)), FBA Claims, , SAML Claims (ADFS), and Anonymous.
    You can find out what authentication scheme(s) are enabled via:
    $wa = Get-SPWebApplication http://webApp1$wa.IisSettings["Default"] #replace with the zone name you're interested in
    The output will look similar to this:
    PS C:\Users\trevor> $wa.IisSettings["Default"]
    AuthenticationMode : Forms
    MembershipProvider : i
    RoleManager : c
    AllowAnonymous : False
    EnableClientIntegration : True
    ServerBindings : {Microsoft.SharePoint.Admini
    stration.SPServerBinding}
    SecureBindings : {}
    UseWindowsIntegratedAuthentication : True
    UseBasicAuthentication : False
    DisableKerberos : True
    ServerComment : SharePoint
    Path : C:\inetpub\wwwroot\wss\Virtu
    alDirectories\spwebapp180
    PreferredInstanceId : 42768054
    UseClaimsAuthentication : True
    ClaimsAuthenticationRedirectionUrl :
    UseFormsClaimsAuthenticationProvider : False
    FormsClaimsAuthenticationProvider :
    UseTrustedClaimsAuthenticationProvider : False
    UseWindowsClaimsAuthenticationProvider : True
    OnlyUseWindowsClaimsAuthenticationProvider : True
    WindowsClaimsAuthenticationProvider : Microsoft.SharePoint.Adminis
    tration.SPWindowsAuthenticat
    ionProvider
    ClaimsAuthenticationProviders : {Windows Authentication}
    ClaimsProviders : {}
    ClientObjectModelRequiresUseRemoteAPIsPermission : True
    UpgradedPersistedProperties : {}
    So on this Web Application in the Default Zone you can tell I have Windows Claims enabled, not using Kerberos (so using NTLM), and Trusted (SAML/ADFS) is not enabled, neither is Forms or Anonymous.
    Trevor Seward
    Follow or contact me at...
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Maybe you are looking for

  • Enhanced Rebate settlement - item not relevant for billing

    I'm trying to settle an enhanced rebate agreement & i continue to get the error "Item is not relevant for billing".  I'm using the materials for which the rebate was accrued as the settlement materials via the configuration for a variable key.  I've

  • Where can I find a download for Indesign CS4 6.0 WIN?

    We are a charity organisation and during the office move, it appears that we have lost the CD which  may have recieved at the time. Having spoken to Tech Support at Adobe, they recommend that I put this on the forum as there is no download available

  • HT4623 Software Update is not appering in my ipad

    In my iPad when I try to update software in general setting their is no option available to update? How to update ?

  • All my Skype to Go Numbers Changed

    Hi I have saved my skype to go numbers in my cell. Recently, I went to call one of these numbers and was told that the call would not connect (and asked for pin etc.). When i logged in to Skype I saw that all my Skype to Go numbers had changed - it l

  • Application Language Popup appears unexpectedly - very annoying

    Hi, When Acrobat is open in the background and I am working in another application in the foreground (especially in MS-Word) I often (every 5-10 minutes), and unexpectedly, get a popup titled "Adobe Acrobat" forcing me to choose a language or press E