J_security_check users from MySQL (or a similar authentication method)?

Similar Messages

• Migrate User from Classic mode to Forms Authentication in SharePoint 2013

  Hi All,
  I have upgraded a SharePoint 2010 classic mode site to SharePoint 2013 claims authentication. I have executed the command MgrateUser($true) and the user account is updated to Claims mode and I am able to login to the site.
  Now I have extended the site to use forms authentication against Active Directory. How do I update the accounts to Form Authentcation mode using Powershell, is there any command available.
  Thanks & Regards
  pankaj

  Okay, I would suggest instead to use Web Application Proxy and ADFS 3.0 (using an NTLM connection to SharePoint). This way you get your forms experience for those users who require it (or all, your choice) and you do not have to change anything with SharePoint.
  More info here: http://thesharepointfarm.com/2014/02/sharepoint-and-the-web-application-proxy-role/
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Cisco ACS v4.1 - User Export incl. Authentication Method

  Hi,
  I wish to export a list of all our users, to include their group and more importantly, their password authentication method. We have a combination users that authenticate using both ACS internal database and also external RSA Secure ID database. Basically I need to identify all users who are NOT authenticating against Secure ID.
  I ran CSUtil.exe -u   , however this only gives me the user & group, doesn't list the authentication method per user.
  Thanks,
  Brian

  Brian,
  Unfortunately, CSUtil.exe will only list the users & group they are a member of. So the simple answer is no.
  If the goal is to set everyone to use token authentication, you could get export a list of all users with CSUtil.exe, then use the client import option to update database used for authentication of all users. Here is the url for documentation on this and other CSUtil.exe options.
  =====================
  Via Csutil
  Created a file in text format
  ONLINE
  UPDATE::EXT_SDI
  ADD::EXT_SDI:PROFILE:
  DELETE:
  csutil -i
  =====================
  If you feel adventerous, you could explore the contents of the dump.txt. by running csutil -d
  This file does contain the information you are looking for. However, there is no documentation or support available for reading or decrypt it.,
  Regards,
  Jatin
  Do rate helpful posts-

• BPM 11g workspace not show user from OVD - top most authentication provider

  Hi,
  We have added OVD which connected to LDAP as the top-most authentication provider for myrealm. The order of the providers are:
  (1) OVD (control Flag:SUFFICIENT)
  (2) DefaultAuthenticator(control Flag: REQUIRED)
  (3) DefaultIdentityAsserter
  The users and groups from the OVD are displayed in the weblogic console and are searchable in the OEM when I want to add the user/group to the application role but not in the BPM workspace. I find a related thread:
  Weblogic administrator account is inactive after enabling DB Authenticator
  It seems I did the same but I am still able to login bpm workspace with weblogic id. I guess my BPM does not use OVD for the Authenticator at all and it is still using DefaultAuthenticator. Can anyone please help and let me know what I missed for the setting? Should I put DefaultIdentityAsserter to the 2nd in the provider list to solve this?
  Thanks,
  Helen
  Edited by: Helen on Mar 22, 2011 7:31 AM

  Hi Helen
  Make sure that for the second Authenticator (DefaultAuthenticator) the required Flag is SUFFICIENT. From Weblogic point of view, if it is required, this means that user should and must exist in this provider also. Since you configured external LDAP and say you have something like "mytestuser" in LDAP. I guess you already added this user "mytestuser" to the BPMWorflowAdmin role as per the forum you listed below. But this user may not and will not exist in the default authenticator. So try making it sufficient and see if that works.
  As mentioned in my earlier post, I do have LDAP cconfigured to my BPM Domain and this is the first in the order of providers. I added a user from this LDAP into workflow admin role in em. I could login into bpm/workspace and see adminstrator link.
  Thanks
  Ravi Jegga

• Cannot prevent authenticated users from creating a blog on "My Page"

  I have a brand new Snow Leopard (10.6.1) 2.26 Ghz quad core Xserve with 12Gb RAM that will be used for web collaboration services. I've currently set up Wiki and Blog services with a group membership to allow creating wikis/blogs. The reason for this is for staff development purposes with the plan to add people into the group as they are trained. The process to set it all up was very simple, however, I'm having an issue preventing authenticated users from creating a personal blog. Although I can prevent the creation of wiki's to members of a group easily, any authenticated user on the server can log into "My Page" and will be able to create a blog. I've gone to server admin>choose the server>choose the "access" icon and set the column "for selected services below" (blog) to "allow only users and groups below" (the group) and it still doesn't prevent them from making a blog page. In WGM for the group on the "Basic" tab, the "enable the following services for this group" has only the choice of "none" and therefore since the site isn't showing as a choice, the Wiki, Blog, Calendar and Mailing List is grayed out. I've seen another thread that states in 10.6 that option for setting the service acl in the group settings of WGM is unavailable. Does anyone know a fix for my problem of security access for a "My Page" blog or is it a possible bug in Snow Leopard? Right now my only workaround is to remove the users access and enable it as they are trained. This isn't an ideal fix, however, because we have some users who want to limit their wiki or blog to authenticated users only, not public access. Any help will be greatly appreciated.
  Message was edited by: dstrollo.il

  Ran into this same issue.... Talked with a field engineer who confirmed the behavior. The question now is this a defect or "feature that does not work as as the audience desires". As I far can tell, the security setting for blogs in server admin does nothing at all. This has the potential to cause a few issues as you cannot limit who can have a blog.
  Message was edited by: jlindler

• 10.6.1 Server - cannot prevent authenticated users from creating a blog

  I have a brand new Snow Leopard (10.6.1) 2.26 Ghz quad core Xserve with 12Gb RAM that will be used for web collaboration services. I've currently set up Wiki and Blog services with a group membership to allow creating wikis/blogs. The reason for this is for staff development purposes with the plan to add people into the group as they are trained. The process to set it all up was very simple, however, I'm having an issue preventing authenticated users from creating a personal blog. Although I can prevent the creation of wiki's to members of a group easily, any authenticated user on the server can log into "My Page" and will be able to create a blog. I've gone to server admin>choose the server>choose the "access" icon and set the column "for selected services below" (blog) to "allow only users and groups below" (the group) and it still doesn't prevent them from making a blog page. In WGM for the group on the "Basic" tab, the "enable the following services for this group" has only the choice of "none" and therefore since the site isn't showing as a choice, the Wiki, Blog, Calendar and Mailing List is grayed out. I've seen another thread that states in 10.6 that option for setting the service acl in the group settings of WGM is unavailable. Does anyone know a fix for my problem of security access for a "My Page" blog or is it a possible bug in Snow Leopard? Right now my only workaround is to remove the users access and enable it as they are trained. This isn't an ideal fix, however, because we have some users who want to limit their wiki or blog to authenticated users only, not public access. Any help will be greatly appreciated.

  Thanks for the suggestion, but that would prevent all users from creating personal blogs. I was hoping to be able to have a group of users that can create a personal blog outside of the blog attached to a wiki.

• LDAP authentication in AD (users from other trusted domain)

  Hi
  I have two domain: my - DOMAINA.LOCAL and other trusted - DOMAINB.LOCAL
  I use LDAP authentication in AD for authentication users (AnyConnect).
  Now, I need to authenticate few users from other trusted domain (DOMAINB.LOCAL).
  I do not want direct connect with the domain contoller in the trusted domain.
  My domain controller (DOMAINA.LOCAL), can authenticate users from other trusted domain (if I use username "DOMAINB\userindomainb"), if I try to connect by RDP client to some server (for example, to my domain controller).
  But if I try to test aaa-server authentication from ASA
  I get error.
  I think, I must use username like "DOMAINB\userindomainb" but this not work.
  Help me please.
  Thanks!
  My config:
  aaa-server ADA protocol ldap
  aaa-server ADA (inside) host 10.0.0.1
   ldap-base-dn dc=domaina, dc=local
   ldap-scope subtree
   ldap-naming-attribute sAMAccountName
   ldap-login-password *****
   ldap-login-dn cn=Cisco ASA, ou=ServiceAccounts, ou=Services, dc=domaina, dc=local
   server-type microsoft

  Hello!
  I see in console (debug LDAP):
  Request for [email protected] returned code (10) Referral
  Does ASA support authentication via LDAP referrals?
  I read old thread:
  https://supportforums.cisco.com/discussion/11132591/cisco-asa-and-ldap-authentification
  And see: CSCsj32153  Symptom:the ASA/PIX doesn't currently support LDAP Referall searches. 
  But I use:
  Cisco Adaptive Security Appliance Software Version 9.2(3)
  Device Manager Version 7.3(3)
  Compiled on Mon 15-Dec-14 05:10 PST by builders
  System image file is "disk0:/asa923-smp-k8.bin"
  Thanks!

• I received an email from the "apple team" saying that my mac may have been exposed to spyware and wants my passwor, user id, etc.  Is this authentic?

  I received an email from the "apple team" saying that my mac may have been exposed to spyware and wants my passwor, user id, etc.  Is this authentic?

  I doubt that apple team sends this kind of emails. At the best, they may ask you to change your password, but not to reaquest to provide one.

• How i get user info from ldap using java after authenticating user with SSO

  Hi
  I have one jsp/bean application as a partner application with SSO.
  It works fine.
  Now i need to get other attributes of user from LDAP who has logged into the application through SSO.
  using SSO java APIs i only get username, userDN, subscriber info.
  To get user's other attribute i have to user LDAP APIs for that i have to create on Directory Context, for the same i need userpassword.
  so here i my question, how do i get user password after he has logged in thro SSO.
  regards..
  and thanking u in advance
  samir

  Valentina,
  there's no way to get the password value from the directory (it's one way). Of course you can get the hashed (MD4,MD5,SHA-1) base64 encoded value (i.e. the value you see in OiD) but not the 'password'.
  --Olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• AD Group Membership with User From Domain Outside of Forest

  Here's one to twist your brain around -
  I have kerberos authentication using Active Directory working between a client's web browser and my web-app hosted in JBoss. I also have limited authorization working by checking group memberships using LDAP. This currently only works if all users are in the same domain. The ever-helpful adler_steven has detailed in another thread (http://forum.java.sun.com/thread.jspa?threadID=603815&tstart=15) how to do a group membership check for all Users/Groups in a single forest using the Global Context.
  I need to go beyond the domain and even beyond the forest and try to authorize a user from a trusted domain by checking if the user is a member of a group in my domain. Authentication works fine using kerberos. It's the authorization by group check I am having trouble with. I believe there are two ways to approach this:
  Approach #1
  Access the MS-specific PAC in the kerberos token from the client to get the group SIDs. The structure of the PAC is nicely defined in this article: http://appliedcrypto.com/spnego/pac/ms_kerberos_pac.html. However, I have no idea how to access the decrypted token. I pass the encrypted token that I receive from the browser to myGssContext.acceptSecContext(...) to complete the authentication.
  Question: Does anyone know how to get the decrypted kerberos ticket from there, specifically the authorization-data field?
  Approach #2
  Try to walk through the Active Directory structures in both domains using LDAP. In the domain group that I am checking, I can see a member attribute that references a foreignSecurityPrincipal object. The CN of this object happens to be the objectSID of the user I am looking for in the remote domain. Unfortunately, I have to check the remote domain server directly to verify that. The foreignSecurityPrincipal object itself does not contain any hint about what user it refers to aside from the SID (no originalDomainName attribute or something similar). It is feasible that I could walk the chain of references back to the remote domain AD server. That would require that my configuration include a list of remote domain servers to check (since I could have users from multiple trusted domains) and that my JBoss server have access to those servers.
  Question: Does anyone know of some other LDAP-related way of finding information about a user from a remote, trusted domain without having to hit the server for that domain directly?
  adTHANKSvance
  Eric

  You should be able to work back from the foreignSecurityPrincipal object :-) He says with a wry smile..
  This post prompts me to think whether one day someone will draw the entity relationship diagram for AD. Oh well, I've been procrastinating for years, a few more won't hurt !
  If it was a user from within the same forest, you should just be able to perform a search against a GC using the objectSID as the search filter. I've forgotten, but I don't think they will be represented as foreign security principals.
  Have a look at the post titled JNDI, Active Directory and SID's (Security Identifiers) available at
  http://forum.java.sun.com/thread.jspa?threadID=585031&tstart=150 that describes how to search for an object based on their SID.
  Now if it is a user from another forest, with which you have a trust relationship, then we begin the navigation excercise.
  You'll need obtain the user's SID (either from the cn or from the objectSID attributes) from the foreignSecurityPrincipal object. For example CN=S-1-5-21-3771862615-1804478405-1612909269-2143,CN=ForeignSecurityPrincipals,DC=antipodes,DC=com
  objectSID=S-S-1-5-21-3771862615-1804478405-1612909269-2143Then obtain the domain RID, eg.S-1-5-21-3771862615-1804478405-1612909269Next you will have to recurse each of the crossRef objects in the Partitions container, in the configuration naming context (which you will find listed in the RootDSE). The crossref objects that represent trusted domains or forests will have values for their trustParent attributes. A sample query would be something like//specify the LDAP search filter
  String searchFilter = "(&(objectClass=crossRef)(trustParent=*))";
  //Specify the Base for the search
  String searchBase = "CN=Partitions,CN=Configuration,DC=antipodes,DC=com";For each crossRef object, you can then use the dnsRoot attribute to determine the dns domain name of the forest/domain (if you want to later use dns to search for the dns name,ip address of the domain controllers in the trusted domains/forests), and then use the nCName attribute to determine the distinguished name of the trusted forest/domain.dnsRoot = contoso.com
  ncName = dc=contoso,dc=comPerform another bind to the ncName for the trusted domain/forest and retrieve the objectSID attribute, which will be the domain's RID. You may want to cache this information as a lookup table to match domain RID's with domain distingusihed names and dns names.String ldapURL = "ldap://contoso.com:389";
  Attributes attrs = ctx.getAttributes("dc=contoso,dc=com");
  System.out.println("Domain SID: " + attrs.get("objectSID").get());Once you find out which domain matches the RID for the foreignSecurityPrincipal, you can then perform a search for the "real user" .And then finally you should have the user object that represents the foreign security principal !
  Just one thing to note. Assume that CONTOSO and ANTIPODES are two separate forests. If you bind as CONTOSO\cdarwin against the CONTOSO domain, the tokenGroups attribute (which represents teh process token) will contain all of the group memberships of Charles Darwin in the CONTOSO domain/forest. It will not contain his memberships if any, of groups in the ANTIPODES forest. If Charles Darwin accesses a resource in ANTIPODES, then his process token used by the ANTIPODES resource will be updated with his group memberships of the ANTIPODES forest. Also you can have "orphaned foreignn security principal", where the original user object has been deleted !
  BTW, If I was doing this purely on Windows, IIRC, you just use one API call DsCrackNames, to get the "real user", and then the appropriate ImpersonateUser calls to update the process token etc..
  Good luck.

• DB Migration from MYSQL to ORACLE Using Offline Capture

  Hi
  Am doing a database migration from MySQL to Oracle using SQL Developer (version 2.1.1.64). So far, I've successfully captured the MySQL database and converted it to the Oracle Model. However, when generating offline scripts to create the converted model schema into Oracle DDL scripts it managed to generate SQL to create: 1) User 2) Sequences 3) Tables 4) Triggers and 5) constraints.
  It has created the SQL to add the primary key constraints and index constraints. Although it did the foreign key constraints in the SQL, the foreign key constraints seems to have missed the cascading options for the foreign key constraint. I.e. theres no reference of whether the foreign key constraint will restrict on delete or cascade etc.
  We have a foreign keys in the MySql database that have different cascading options and these have not being ported over into the migration SQL. Therefore, all the foreign keys generated in the SQL by default are cascade to restrict on delete.
  Does 'Generate Oracle DDL' not take into account a foreign key's on delete cascading option?
  Any help or information would be greatly appreciated.
  Thanks

  Hello,
  that reminded me for the following thread:
  Migration Microsoft SQL Sever 2005 to Oracle 11g cascade on delete problem
  That is a similar issue, isn't it?
  I opened a bug for that, and it will be fixed in SQL Developer 3.1 (not in any 3.0 Early Adopter version). If you hit the same issue, there is no other way then using the workaround as used in the mentioned thread.
  Regards
  Wolfgang

• Cannot delete users from Catalog Manager

  We're trying to delete users who no longer have access to OBIEE from the Catalog Manager. When we try we get an error saying access denied for user to path /users/[userid]... I know we can go out to the file system and manually delete the folder but we would like to use the Catalog Manager for this so that we can delegate this to our security staff.
  Is a configuration setting wrong somewhere? It fails with users who have been granted admin rights as well as for the administrator id.
  Security is configured with Hyperion Shared Services via an initialization block This is working fine. When we add a user to a group in Shared Services, the user catalog is created when the user logs in. We just can't get rid of it after removing the user from the Shared Services group.
  We are running everything except the Admin Tool on AIX.
  Thanks.
  Jerry

  I'm not sure I understand.
  My system is configured to use Hyperion Shared Services for authentication. We do not create users in OBIEE. We create groups in OBIEE and assign them privileges. We then create the same groups in Shared Services. We add users to the appropriate group in Shared Services. When the user logs in, their user folder is created. When we need to remove a user's access, we take them out of the Shared Services group. We then want to delete their user folder in the catalog. We log in as an admin (we even tried this with the Administrator account), but we get the error.
  Is there any way to delete users via OBI Presentation Services > Administration > Manage Catalog?
  Thanks.
  Jerry

• Unable to connect to the server to pull data from mysql

  Hello,
  I am novice working with Flash Builder 4 and I just created a test application which runs well in my computer pulling data from Mysql using PHP and populating a datagrid. But when I transfered it to the my hosting provider failed. I have been doing some modifications to the gateway.php and amf.config.ini to solve some of the issues. Now the application try to run but doesn't populate the data in the datagrid. I included a tracking point in my data service file to read the connections variables, but they come up in blank. I highly appreciate any help. Here are my gateway.php, amf.config.ini and the data service.
  gateway.php
  <?php
  ini_set("display_errors", 1);
  $dir = dirname(__FILE__);
  $webroot = $_SERVER['DOCUMENT_ROOT'];
  $configfile = "$dir/amf_config.ini";
  $fp = fopen("tracking.txt", "a");
  fwrite($fp, "1-config file " . $configfile . "\r\n");
  //default zend install directory
  $zenddir = $webroot. '/ZendFramework/library';
  //-$zenddir = $webroot;
  fwrite($fp, "2-default zendir" . $zenddir . "\r\n");
  //Load ini file and locate zend directory
  if(file_exists($configfile)) {
       $arr=parse_ini_file($configfile,true);
       if(isset($arr['zend']['webroot'])){
            $webroot = $arr['zend']['webroot'];
            $zenddir = $webroot. '/ZendFramework/library';
       if(isset($arr['zend']['zend_path'])){
            $zenddir = $arr['zend']['zend_path'];
  fwrite($fp, "3-after zendir" . $zenddir . "\r\n");
  // Setup include path
  //add zend directory to include path
  set_include_path(get_include_path().PATH_SEPARATOR.$zenddir);
  // Initialize Zend Framework loader
  require_once 'Zend/Loader/Autoloader.php';
  //-require_once 'Autoloader.php';
  Zend_Loader_Autoloader::getInstance();
  // Load configuration
  $default_config = new Zend_Config(array("production" => false), true);
  $default_config->merge(new Zend_Config_Ini($configfile, 'zendamf'));
  $default_config->setReadOnly();
  $amf = $default_config->amf;
  fwrite($fp, "4- configfile" . $dafault_config["production"] . "\r\n");
  // Store configuration in the registry
  Zend_Registry::set("amf-config", $amf);
  // Initialize AMF Server
  $server = new Zend_Amf_Server();
  $server->setProduction($amf->production);
  if(isset($amf->directories)) {
       $dirs = $amf->directories->toArray();
       foreach($dirs as $dir) {
           // get the first character of the path.
           // If it does not start with slash then it implies that the path is relative to webroot. Else it will be treated as absolute path
           $length = strlen($dir);
           $firstChar = $dir;
           if($length >= 1)
                $firstChar = $dir[0];
           if($firstChar != "/"){
                // if the directory is ./ path then we add the webroot only.
                if($dir == "./"){                  
                     $server->addDirectory($webroot);
                }else{
                     $tempPath = $webroot . "/" . $dir;
                      $server->addDirectory($tempPath);
            }else{
                    $server->addDirectory($dir);             
  fwrite($fp, "5-temp path" . $tempPath . "=>" . "\r\n");
  fwrite($fp, "******************************************" . "\r\n");
  // Initialize introspector for non-production
  if(!$amf->production) {
       $server->setClass('Zend_Amf_Adobe_Introspector', '', array("config" => $default_config, "server" => $server));
          $server->setClass('Zend_Amf_Adobe_DbInspector', '', array("config" => $default_config, "server" => $server));
  // Handle request
  echo $server->handle();
  ?>
  amf.config.ini
  [zend]
  ;set the absolute location path of webroot directory, example:
  ;Windows: C:\apache\www
  ;MAC/UNIX: /user/apache/www
  ;-webroot =c:/wamp/www/
  webroot = /home/frutiexp/public_html
  ;set the absolute location path of zend installation directory, example:
  ;Windows: C:\apache\PHPFrameworks\ZendFramework
  ;MAC/UNIX: /user/apache/PHPFrameworks/ZendFramework
  ;zend_path = /home/frutiexp/public_html/ZendFramework
  [zendamf]
  amf.production = true
  amf.directories[]=fb41/services
  ;amf.directories[]=./
  CoursesService.php
  <?php
  *  README for sample service
  *  This generated sample service contains functions that illustrate typical service operations.
  *  Use these functions as a starting point for creating your own service implementation. Modify the
  *  function signatures, references to the database, and implementation according to your needs.
  *  Delete the functions that you do not use.
  *  Save your changes and return to Flash Builder. In Flash Builder Data/Services View, refresh
  *  the service. Then drag service operations onto user interface components in Design View. For
  *  example, drag the getAllItems() operation onto a DataGrid.
  *  This code is for prototyping only.
  *  Authenticate the user prior to allowing them to call these methods. You can find more
  *  information at <link>
  class CoursesService {
       var $username = "myusername";
       var $password = "mypassword"
       var $server = "localhost";
       var $port = "3306";
       var $databasename = "frutiexp_trainsur";
       var $tablename = "courses";
       var $connection;
        * The constructor initializes the connection to database. Everytime a request is
        * received by Zend AMF, an instance of the service class is created and then the
        * requested method is invoked.
       public function __construct() {
              $this->connection = mysqli_connect(
                                            $this->server, 
                                            $this->username, 
                                            $this->password,
                                            $this->databasename,
                                            $this->port
  $fp = fopen("./tracking.txt", "a");
  fwrite($fp, "1-service".  $databasename . " " . $username . "\r\n");
  fclose($fp);
            $this->throwExceptionOnError($this->connection);
        * Returns all the rows from the table.
        * Add authroization or any logical checks for secure access to your data
        * @return array
       public function getAllCourses() {
            $stmt = mysqli_prepare($this->connection, "SELECT * FROM $this->tablename");         
            $this->throwExceptionOnError();
            mysqli_stmt_execute($stmt);
            $this->throwExceptionOnError();
            $rows = array();
            mysqli_stmt_bind_result($stmt, $row->cou_id, $row->cou_title, $row->cou_overview, $row->cou_objectives);
           while (mysqli_stmt_fetch($stmt)) {
             $rows[] = $row;
             $row = new stdClass();
             mysqli_stmt_bind_result($stmt, $row->cou_id, $row->cou_title, $row->cou_overview, $row->cou_objectives);
            mysqli_stmt_free_result($stmt);
           mysqli_close($this->connection);
           return $rows;
        * Returns the item corresponding to the value specified for the primary key.
        * Add authroization or any logical checks for secure access to your data
        * @return stdClass

  Hello Jdesko,
  Thank you for you prompt response. Yes, I have changed the connections variables in my dataservice ( I didn't post real values). You are right, after all I didn't make changes on the gateway.php except to add some tracking points. The one that I changed is the amf.config,ini. The application runs without any error exceptions, but don't populate the datagrid. According with the tracing is stoping just when establishing the connection to the database. Please let me know if you have any other clue. thanks

• How to use CSACS 3.3 to authenticate users from multiple windows domain?

  Can Cisco Secure ACS 3.3 be used to authenticate users from another Windows domain that is not a child nor a trusted domain???
  hello, here is my scenario:
  ACS 3.3 was installed on a member server on domain1. I need to authenticate and ultimately populate the users into ACS from another domain. The service already works perfect on just domain1, but now I need to authenticate users from another domain.
  And adding those domains as trusted domains in domain1 is not an option.
  Is Generic LDAP my only other option? Any config guides that you guys know with regard to doing this?
  Any input is much appreciated.

  Hi Betcy,
  I am not familiar with sharepoint solutions, but as you mentioned about windows credentials I believe it refers to kerberos tokens. On this case you can take advantage of SPNego authentication.
  You can find more details on following SAP note:
  #[1488409|https://service.sap.com/sap/support/notes/1488409] - New SPNego Implementation
  I hope it helps.
  Kind regards,
  Lisandro Magnus

• Password Violation error while creating users from Admin interface

  Guys,
  The Sun Identity Manager system throws policy violation error while creating users from Sun Identity Manager Admin interface.
  Current System:
  1. I have configured TAM Pass-Thru authentication for End User Login Application.
  2. I have an admin user 'testsjimadmin1' who has admin capabilities. testsjimadmin1 user has default SJIM password policy.
  3. I have custom password policies configured for different orgainizatoions
  Problem:
  1. The Sun Identity Manager throws a password policy violation error when 'testsjimadmin1' tries to create an user with valid or invalid password from Sun Identity Manager Admin interface.
  2. If TAM Pass-thru authentication is removed for 'End User Login Application' and Sun Identity Manager default authentication is configured for 'End User Login Application' then testsjimadmin1 was able to create user successfully without any errors.
  Please let me know if any configurations are required to be made on Sun Identity Manager for TAM Pass-Thru authentication so that admin users can create users successfully from admin interface.
  Appreciate your help!!!
  Thanks
  Vijay

  Guys,
  The Sun Identity Manager system throws policy violation error while creating users from Sun Identity Manager Admin interface.
  Current System:
  1. I have configured TAM Pass-Thru authentication for End User Login Application.
  2. I have an admin user 'testsjimadmin1' who has admin capabilities. testsjimadmin1 user has default SJIM password policy.
  3. I have custom password policies configured for different orgainizatoions
  Problem:
  1. The Sun Identity Manager throws a password policy violation error when 'testsjimadmin1' tries to create an user with valid or invalid password from Sun Identity Manager Admin interface.
  2. If TAM Pass-thru authentication is removed for 'End User Login Application' and Sun Identity Manager default authentication is configured for 'End User Login Application' then testsjimadmin1 was able to create user successfully without any errors.
  Please let me know if any configurations are required to be made on Sun Identity Manager for TAM Pass-Thru authentication so that admin users can create users successfully from admin interface.
  Appreciate your help!!!
  Thanks
  Vijay