IWS6.0 digest authentication with iDS5.1 on W2K?

Similar Messages

• Digest Authentication with OC4J standalone

  Hi,
  I am using oc4j 9.0.3 standalone web container . I used axis application as soap engine for deploying a web service in the oc4j . I want to implement HTTP digest authentication for my webservice.
  I am forced to use the same verison of OC4J due to some reasons. Could anyone help me in knowing the procedure for the HTTP digest authentication implementation using oc4j903 asap.
  Advance thanks for help

  could anyone please reply to this thread asap

• How to configure a Proxy in OSB with Digest Authentication?

  Hello, Guys.
  I need a help with this subject.
  I have a demand to configure a Proxy in OSB 11.1.1.6 with Digest Authentication. I'm using a Embedded Ldap with Identity Asserter.
  I'have configured a DefaultAuthenticator and the DefaultIdentityAsserter to support Digest Password and create a new LdapIdentityAsserter pointing to my embedded Ldap.
  When I'll create a new Proxy, in the security options, i can see the digest options to authenticate my username and password. I selected the one of all the options, but in the time of the Proxy test the authentication didn't work.
  Could anyone help me?
  Thanks you.

  Unfortunately, a reference trigger can't be used for continuous acquisition after the trigger. The maximum post-trigger count is either 2^24 or 2^32 depending on your hardware. Depending on your sampling rate and how many samples you expect to acquire before issuing a software stop, using the max post-trigger count may be sufficient for you. There are a couple of other options I can think of that you might want to try:
  1.) If possible, play with the trigger condition such that it occurs at the start of your pre-trigger data and use it as a start trigger instead. I suspect this may not be possible.
  2.) Set up a continuous acquisition and implement detection of the trigger condition through software. This is more software work and is more CPU intensive than the hardware solution, but it can definitely be made to work.
  3.) With some creative use of the counters, you may be able to latch the sample clock number that trigger occurred on. This would allow you to setup a continuous acquisition and use the hardware to tell you where the trigger occurred instead of figuring it out in software. What I'm thinking is you would set up a buffered event counting task with the ai/SampleClock as the timebase source of the counter and the trigger signal as the sample clock of the counter. By reading the first count value, you should know which AI sample the trigger occurred. From there, you can seek to the right position in the buffer and begin reading data indefinitely.
  Good luck!

• Logical Port for Digest Authentication

  Hello,
  I want to connect to a webservice which is running at an IIS with Digest Authentication. I created a Consumer Proxy and added a Logical Port in SAO Management (Java-Stack) to this Consumer Proxy, but I can't find a digest authetification in Configuration of the Logical Port. Is it possible to connect from a SAP System to a webservice with Digest Authentification?
  Thanks and best regards
  Iris

  Hello Gourav,
  Thank you for your answer.
  I tried to create a Logical Port with HTTP Access to the WSDL, but the WSDl needs digest authetication as well. So I get the error
  Error: Error in WSDL access: Exception occurred in communication framework:Error in HTTP Framework:401Unauthorizedhttps://itnts2371/SecurityWebService.asmx?WSDL
  though I logged in with right credentials.
  Then I tried to read the WSDl from a file then, but I get the error
  Error: Error in WSDL parsing: Exception occurred in library handler
  So I created a manual Logical Port for SSL-Access. I get only "User ID/Password" and "SAP Authenticatoin Assertion Ticket", but no "Digest Authentication". "User ID/Password" doesn't work, I get a dialog to put in User ID and password, but I'm never authorized.
  Any other suggestions?
  Thanks
  With best regards
  Iris

• OSB: HTTP digest authentication for WebServices

  Hi,
  How do I configure HTTP digest authentication for WebServices offered by the OSB (Proxy Services with WS as transport)?
  Best regards
  Dimo

  Did you figure out how to do it.?

• Digest Authentication issues

  Has anyone ever successfully performed a remote http server
  digest authentication? I am currently building a script that
  authenticates against a server using a supplied username and
  password. All of my attempts thus far have come up empty and I am
  not quite sure where I am going wrong with this.
  I have modeled my headers exactly after the heads I get with
  a successful Firefox login.
  Here are the headers I get from the Live Headers firefox
  addon.
  Initial Response:
  http://rets.armls.mlsrets.com/rets/login
  GET /rets/login HTTP/1.1
  Host: rets.armls.mlsrets.com
  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
  rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
  Accept:
  application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q= 0.9,text/plain;q=0.8,image/png,*/*;q=0.5
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  HTTP/1.x 401 Unauthorized
  Content-Length: 1944
  Content-Type: text/html
  Server: Microsoft-IIS/6.0
  X-Powered-By: ASP.NET
  WWW-Authenticate: Digest
  qop="auth",realm="[email protected]",nonce="2aaa0db6ed2bb21e8b913e1844b0abf1",opaque="2 0050024497281"
  Date: Sun, 20 May 2007 00:24:49 GMT
  Connection: close
  Authenticated Response:
  http://rets.armls.mlsrets.com/rets/login
  GET /rets/login HTTP/1.1
  Host: rets.armls.mlsrets.com
  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
  rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
  Accept:
  application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q= 0.9,text/plain;q=0.8,image/png,*/*;q=0.5
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Authorization: Digest username="cril01",
  realm="[email protected]",
  nonce="2aaa0db6ed2bb21e8b913e1844b0abf1", uri="/rets/login",
  response="db214dcb999219968d829b5513e476dd",
  opaque="20050024497281", qop="auth", nc=00000001,
  cnonce="1d545807784766d0"
  HTTP/1.x 200 OK
  Connection: close
  Date: Sun, 20 May 2007 00:24:54 GMT
  Server: Microsoft-IIS/6.0
  X-Powered-By: ASP.NET
  Expires: 0
  Cache-Control: private
  RETS-Version: RETS/1.5
  Set-Cookie: RETS-Session-ID=2aaa0db6ed2bb21e8b913e1844b0abf1;
  path=/
  Content-Type: text/xml
  Now even with me exactly copying these headers. I still get
  401 (Unauthorized) errors. Does anyone see where I went wrong with
  this?
  Here is a link to my current test:
  http://www.myhomesmart.com/admin/dev/test4.cfm
  And here is my code.

  You cannot just copy headers form successful login, since
  they are a function of server's nonce, which is different on every
  request (this is the main idea of Digest). Actually, authorization
  is a function of server's nonce and client's nonce. So, you have to
  correclty calculate this every time you log in.
  However, with
  CFX_HTTP5 I
  immediately got this [successful] response without any programming:
  <RETS ReplyCode="0" ReplyText="Operation Successful">
  <RETS-RESPONSE>
  MemberName = TRUDY MOORE
  User = CRIL01,1,SUBSCRIBER,CRIL01
  Broker = HOMESMART
  MetadataVersion = 1.00.00004
  MinMetadataVersion = 1.00.00004
  OfficeList = NONE
  TimeoutSeconds = 1440
  Action = /RETS/Action
  GetObject = /RETS/GetObject
  Login = /RETS/Login
  Logout = /RETS/Logout
  Search = /RETS/Search
  GetMetadata = /RETS/GetMetadata
  X-Links = /RETS/LINKS
  X-Stats = /RETS/STATS
  X-OMEGA = /RETS/Omega
  </RETS-RESPONSE>
  </RETS>

• Httpurlconnection digest authentication

  We have an applet which runs after requesting a page from an http server. This applet then makes thousands of http requests (SOAP) to the same server. Our problem is that when we set the server to require digest authentication for the soap service, the httpurlconnection is sending the soap request, getting back an unauthorized, then sending the auth information with the next request. So every request is getting huge overhead, 2 round trips, when it should be 1. For the first request, java vm pops up its little window and asks for credentials, then for the rest of the requests it uses those same credentials, but does not automatically send them until the server requests them. How can I set it so that for each request, it automatically sends the credentials with the cnonce, instead of sending no credentials, getting an unauthorized reply, then sending again with the credentials? I tried System.setProperty("http.auth.digest.validateServer", "true");, but that did not change anything. All help is appreciated.

  A brute-force way I have discovered is to clear out the entire AuthCacheValue map:
  AuthCacheValue.setAuthCache(new AuthCacheImpl());
  However, both AuthCacheValue and AuthCacheImpl are part of the sun.net.www.* classes, so this method would be very fragile and raises issues of incompatibility.

• Authentication with Web Accees managment through Headervariable

  Hi All
  We have configured External WEb Access Management Product (reverse proxy, passthrough) for authentication to access our BI Java 7.0 Application using Header variable.We have configured authschemes.xml and UME Properties
  When we are trying to access our BI Java 7.0 Application then get the below Error
  " Cannot logon user defined in header variable"
  Please help me on this if anyone have faced these type of issue
  Waiting for your fast immediate response on this
  Thanks with Regards
  Deelip Kumar

  Hi Patrick
  I have doubt on onething, in visual Administrator the below Login module stacks are available,
    SAP-J2EE-Engine – this is a default configured login module stack that can be used by everyone.
  ·        Basic – allows for Basic Authentication, supported by the Web container.
  ·        Client – allows for client certificate authentication, supported by the Web container.
  ·        Digest – allows for digest authentication, supported by the Web container.
  ·        Form  – allows for form authentication, supported by the Web container.
  ·        Ticket – used for creating and verifying logon tickets.
  ·        Evaluation assertion ticket – used for verifying assertion tickets (tickets used between systems).
  I have selected SAP J2EE Engine and then defined the below Logon stack
  EvaluateTicketLoginModule  SUFFICIENT  {ume.configuration.active=true}
  HeaderVariableLoginModule  REQUIRED  {ume.configuration.active=true, Header=}
  CreateTicketLoginModule  SUFFICIENT  {ume.configuration.active=true}
  BasicPasswordLoginModule  REQUISITE {}
  CreateTicketLoginModule  OPTIONAL  {ume.configuration.active=true}
  it do not understand whether it is right or we should create new policy under policy configuration and the define the above stack.now i am also facing problem in loggin to Visual adminstrator
  Please suggest
  Thanks with Regards
  Deelip Kumar

• SPA112 - HTTP Authentication with Provisioning

  Is it possible to provision a device with an HTTP server using HTTP Digest Authentication?
  I've tried using the URL format of: http://username:[email protected]/spa.xml
  But formatting it like that makes the SPA request the entire URL in a DNS query, which doesn't resolve properly.
  Am I missing some username/password fields?
  Thanks!

  I found some of the information you were looking for.
  To include the username and password when you resync the phone,
  the details are located in the provisioning guide p 90 here
  http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/csbpvga/ata/provisioning/guide/Provisioning.pdf
  The word to search for is “digest authentication” We are talking about using the profile rule
  Digest Authentication Support in Profile and Report Rule
  Digest Authentication based on the username and password is defined as part of
  profile rule and a report rule. The syntax is:
  [--uid $SA]
  [--pwd $SB]
  In the following example, the phone uses this username and password when it is challenged by the server:
  [--uid slee --pwd 1234] http://download.com/spacfg.xml
  Dan

• I get error message: "An error occurred with the  publication of album...Authentication with server failed...whenever I open a facebook file in my iPhoto. In each file, most of my photos have disappeared. What do I need to do?

  I get error message: "An error occurred with the  publication of album...Authentication with server failed. Please check your login and password information" whenever I open a facebook file in my iPhoto. In each file, most of my photos have disappeared. I am hoping I can retrieve these "lost" files. What do I need to do?

  Message was edited by: leroydouglas
  better yet, try this solution:
  https://discussions.apple.com/message/12351186#12351186

• Flex Error #1001: Digest mismatch with RSL error

  I apologize if this is not the correct location for this question but it was the closest I could find.
  I am working in salesforce trying to add a new content pack.  This screen uses a tool written in flash.  The screen that comes up is an error with the following:
  Flex Error #1001: Digest mismatch with RSL
  https://cs13.salesforce.com/_swf/121310/sfc/flex/framework_3.5.0.12683.swf.
  Redeploy the matching RSL or relink your application with the matching
  library.
  I have been working with SalesForce support but they don't have a clue and want to punt to Adobe. 
  The support staff at SalesForce has no trouble accessing the page with the flash control from thier pc.  I have tried several computers in my office and from several browsers (IE 9 and Chrome).  I have reinstalled Flash Player 11 and cleared browser caches.  Nothing seems to work.
  It has to be something common to computers in my office or my network.  All of the information I can find on the Internet talks about rebuilding the application and redeploying it.  I can't do that since this is part of SalesForce and not something I own.  Also, it works for them on their computers.
  I am running windows 7 64 bit.  I have McAfee running (and have checked that Flash is not blocked).
  The flash player itself works when I go to the Adobe site and try other content.
  The only other odd thing I have is that my hard drive is encrypted.
  Any ideas?
  Thanks,
  Mike

  Chris,
    I have cleared the browsser and flash cache data then restarted browswers and windows. Still no luck.  I reverted the flash player back to 10.3 after following the instructions in the link you provided for a clean install but still get the error.  SalesForce did not state what version of FlashPlayer they are using but I will check with them later today. 
  All of the machines that I have tested on have been at the office and all have encrypted hard drives with PGP desktop.  I am going to try my laptop on my home network tonight to see if we are blocking something during the download.
    This is driving me nuts.  I know is it something specific to the machines in the office or the office network but I can't find it.
  Thanks for your help.  Please let me know if you have any other ideas.
  Mike

• Error in authentication with ldap server with certificate

  Hi,
  i have a problem in authentication with ldap server with certificate.
  here i am using java API to authenticate.
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
  I issued the new certificate which is having the up to 5 years valid time.
  is java will authenticate up to one year only?
  Can any body help on this issue...
  Regards
  Ranga

  sorry i am gettting ythe same error
  javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
  here when i am using the old certificate and changing the system date means i can get the authentication.
  can you tell where we can concentrate and solve the issue..
  where is the issue
  1. need to check with the ldap server only
  2. problem in java code only.
  thanks in advance

• Ricoh Aficio MP C2051 Scan to Folder - Windows 7 64 bit Error: Authentication with the destination has failed check settings

  I got an issue with OS of widows 7.
  unable to scan  documents to user's PC.am getting error message "Authentication with the destination has failed. Check settings. To check the current status, press [Scanned Files Status
  Other Windows xp  PC can do this.
  How can I fix this problem?
  Printer Model :C2051 /mp2001sp

  Hi,
  I searched for the error and it is mentioned in Ricoh's website:
  Messages Displayed on the Control Panel When Using the Scanner Function
  http://support.ricoh.com/bb_v1oi/pub_e/oi_view/0001045/0001045718/view/trouble/int/0036.htm
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Message
  Cause
  Solution
  “Authentication with the destination has failed. Check settings. To check the current status, press [Comm. Status/Print].”
  The entered login user name or login password is not correct.
  Check that the user name and password are correct.
  Check that the ID and password for the destination folder are correct.
  A password of 128 or more characters may not be recognized.
  From the solution, it mentioned that the issue could relate to user account or its password.
  Please let me know if it is in domain environment. If so, please test to log the same user account currently on Windows 7 to Windows XP and see if issue persists.
  Also please test to directly access the scanning folder on printer server to see if there is any issue in accessing the destination folder. 

• Not Working-central web-authentication with a switch and Identity Service Engine

  on the followup the document "Configuration example : central web-authentication with a switch and Identity Service Engine" by Nicolas Darchis, since the redirection on the switch is not working, i'm asking for your help...
  I'm using ISE Version : 1.0.4.573 and WS-C2960-24PC-L w/software 12.2(55)SE1 and image C2960-LANBASEK9-M for the access.
  The interface configuration looks like this:
  interface FastEthernet0/24
  switchport access vlan 6
  switchport mode access
  switchport voice vlan 20
  ip access-group webauth in
  authentication event fail action next-method
  authentication event server dead action authorize
  authentication event server alive action reinitialize
  authentication order mab
  authentication priority mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  authentication violation restrict
  mab
  spanning-tree portfast
  end
  The ACL's
  Extended IP access list webauth
      10 permit ip any any
  Extended IP access list redirect
      10 deny ip any host 172.22.2.38
      20 permit tcp any any eq www
      30 permit tcp any any eq 443
  The ISE side configuration I follow it step by step...
  When I conect the XP client, e see the following Autenthication session...
  swlx0x0x#show authentication sessions interface fastEthernet 0/24
             Interface:  FastEthernet0/24
            MAC Address:  0015.c549.5c99
             IP Address:  172.22.3.184
              User-Name:  00-15-C5-49-5C-99
                 Status:  Authz Success
                 Domain:  DATA
         Oper host mode:  single-host
       Oper control dir:  both
          Authorized By:  Authentication Server
             Vlan Group:  N/A
       URL Redirect ACL:  redirect
           URL Redirect: https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  AC16011F000000490AC1A9E2
        Acct Session ID:  0x00000077
                 Handle:  0xB7000049
  Runnable methods list:
         Method   State
         mab      Authc Success
  But there is no redirection, and I get the the following message on switch console:
  756005: Mar 28 11:40:30: epm-redirect:IP=172.22.3.184: No redirection policy for this host
  756006: Mar 28 11:40:30: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_qualify ...
  I have to mention I'm using an http proxy on port 8080...
  Any Ideas on what is going wrong?
  Regards
  Nuno

  OK, so I upgraded the IOS to version
  SW Version: 12.2(55)SE5, SW Image: C2960-LANBASEK9-M
  I tweak with ACL's to the following:
  Extended IP access list redirect
      10 permit ip any any (13 matches)
  and created a DACL that is downloaded along with the authentication
  Extended IP access list xACSACLx-IP-redirect-4f743d58 (per-user)
      10 permit ip any any
  I can see the epm session
  swlx0x0x#show epm session ip 172.22.3.74
       Admission feature:  DOT1X
       ACS ACL:  xACSACLx-IP-redirect-4f743d58
       URL Redirect ACL:  redirect
       URL Redirect:  https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
  And authentication
  swlx0x0x#show authentication sessions interface fastEthernet 0/24
       Interface:  FastEthernet0/24
       MAC Address:  0015.c549.5c99
       IP Address:  172.22.3.74
       User-Name:  00-15-C5-49-5C-99
       Status:  Authz Success
       Domain:  DATA
       Oper host mode:  multi-auth
       Oper control dir:  both
       Authorized By:  Authentication Server
       Vlan Group:  N/A
       ACS ACL:  xACSACLx-IP-redirect-4f743d58
       URL Redirect ACL:  redirect
       URL Redirect:  https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
       Session timeout:  N/A
       Idle timeout:  N/A
       Common Session ID:  AC16011F000000160042BD98
       Acct Session ID:  0x0000001B
       Handle:  0x90000016
       Runnable methods list:
       Method   State
       mab      Authc Success
  on the logging, I get the following messages...
  017857: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_qualify ...
  017858: Mar 29 11:27:04: epm-redirect:epm_redirect_cache_gen_hash: IP=172.22.3.74 Hash=271
  017859: Mar 29 11:27:04: epm-redirect:IP=172.22.3.74: CacheEntryGet Success
  017860: Mar 29 11:27:04: epm-redirect:IP=172.22.3.74: Ingress packet on [idb= FastEthernet0/24] matched with [acl=redirect]
  017861: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: Enqueue the packet with if_input=FastEthernet0/24
  017862: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_process ...
  017863: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: Not an HTTP(s) packet
  What I'm I missing?

• Ricoh Aficio MP C2051 Scan to Folder - Windows Server 2012 Error: Authentication with the destination has failed check settings

  I have recently upgraded a clients servers to Windows Server 2012 & since doing so have lost the ability to scan to folder.
  Both servers are domain controllers and previously on a 2008 domain controller I would have had to make the following change to allow scan to folder:
   Administrative Tools
   Server Manager
   Features
   Group Policy Manager
   Forest: ...
   Default Domain Policy
  Computer configuration
   Policies
   Windows Settings
   Security Settings
   Local Policies
   Security Options
   Microsoft Network Server: Digitally Sign Communications (Always)
   - Define This Policy
   - Disabled
  However I have applied this to the Windows 2012 server but am still unable to scan, possibly due to added layers of security in server 2012. The error on the scanner is Authentication with the destination has failed check settings.
  I have also tried the following at the server:
  Policies -> Security Policies
  Change Network Security: LAN Manager authentication level to: Send LM & NTLM - Use NTLMv2 session security if negotiated.
  Network security: Minimum session security for NTLM SSP based (including secure RPC) clients and uncheck the require 128 bit.
  Network security: Minimum session security for NTLM SSP based (including secure RPC) servers and uncheck the require 128 bit
  I have created a user account on the server for the ricoh and set this in the settiings of the Ricoh and verified everything is correct.
  Are there any other things I have missed?

  I can email anybody the firmware module if interested and how to...
  Tell me your model and email
  If your offer still stands we have an Aficio MP C3300
  Firmwareversion
  Modulnavn Version Delnummer 
  System/Copy  1.13  D0255562H  
  Network Support  8.16.1  D0255563D  
  Font EXP  1.03  D0255588  
  OptionPCLFont  1.02  D0255589  
  animation  1.3.1  D0255568A  
  Fax  01.10.00  D0255569B  
  RemoteFax  01.10.00  D0255564B  
  Printer  1.11  D0255572A  
  RPCS  3.7.5.4.1  D0255574A  
  Option PCL  1.00  D0255580A  
  Scanner  01.17  D0255570C  
  Network DocBox  1.00  D0255567B  
  Web Support  1.06  D0255565B  
  Web Uapl  1.07  D0255566C  
  libcvm(v4)  4.13  D4135765B  
  GWFCU3-13(WW)  03.00.00  D3935570C  
  PowerSaving Sys  1.10  D0255560C  
  Engine 1.51:09 D0255117E 
  OpePanel 1.03 D0251492A 
  LANG0 1.03 D0251496 
  LANG1 1.03 D0251496 
  ADF 03.420:02 D3665604 
  Finisher 01.090:03 D3725112
  Best Regards/
  Henrik Plougstad
  henrik(a)pieroth.dk