JAAS and form-based webtier authentication

Similar Messages

• Jaas and Form-based

  Hi everybody, I want to know if somebody has information to integrate jaas with form-based, i am using tomcat 5.5
  Thanks in advance..

  Hi, You may like to go through the following link.
  http://developinjava.com/readarticle.php?article_id=6

• User Name- and Password-Based Mutual Authentication

  Hi,
  The J2EE 1.4 Tutorial Update 1 shows an example of Client-Certificate Authentication over HTTP/SSL with JAX-RPC, but no User Name- and Password-Based Mutual Authentication example.
  Does this work the same? Does the client need a certificate for User Name- and Password-Based Mutual Authentication?
  I created my own self-signed certificate and imported it using the keytool. When I use my client to connect to my JAX-RPC web service, I get the following error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found.
  It seems that no trusted certificate is found... on the client side?! How do I specify the client certificate at the client side? I created a client certificate and added it to the keystore in the application server...
  If somebody should have an example of User Name- and Password-Based Mutual Authentication, I'd really apreciate it.
  Thanks, d3m0.

  Hi,
  I've almost the same problem.In an application based on Java Web Start, i try to attack a web service through HTTPS. Before the call of the web services, the client have discussed with the server through HTTPS, so the user have already accept the certificate (i use self-signed certificate too), i get the same exception.
  At the begining i've used classes from axis. I've found that axis doesn't want to support non trusted certificate. Some workaround were that the client access the private key of the server ... not really secure. So i've tried to use the JAX-RPC classes, always the exception.
  For the moment , we don't want to use trusted certificate and don't want to install on each user workstation the server certificate. I continue to investigate, if someone have some solution ? What i don't understand is why i've this exception altough i'm in a secure environment (JWS + user accepts the untrusted certificate).
  Sorry, i've never work on User Name- and Password-Based Mutual Authentication, but i think your exception come because of self-signed certificate.
  Regard,
  Pierre.

• SP4 and Form Based Authentication

  Hi,
  I had just advised a customer to apply SP4 to WLS and
  then plug in the 'source code' patch, he replied that he had
  been informed that SP4 breaks Form Based Authentication for
  war web apps?
  Can anyone confirm/deny this for me please ?
  regards,
       Patrick.

  Hehe Hiya Patrick!, that was Me! seems we use the same hot source of info :)
  Cheers
  Rob :)
  "Patrick Byrne" <[email protected]> wrote in message
  news:[email protected]..
  Hi,
  I had just advised a customer to apply SP4 to WLS and
  then plug in the 'source code' patch, he replied that he had
  been informed that SP4 breaks Form Based Authentication for
  war web apps?
  Can anyone confirm/deny this for me please ?
  regards,
  Patrick.

• Issues with OSSO ,custom login module and form based authentication

  Hi:
  We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
  authentication and Custom login module.
  Application is going in infinite loop when we we try to login using osso ,from the logs
  what I got is looks like tha when we we try to login from OSSO application goes to the login
  page and it gets the remote user from request so it forwards it to the home page till now
  it is correct behaviour ,but after that It looks like home page find that authentication is
  not done and sends it back to the login page and login page again sends it to the home as it
  finds that remote user is not null.
  Our web.xml form authentication entry looks like this :
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/jsp/login.jsp</form-login-page>
  <form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
  </form-login-config>
  </login-config>
  While entry in orion-application.xml has the following entry for custom login :
  <jazn provider="XML">
       <property name="custom.loginmodule.provider" value="true" />
  <property name="role.mapping.dynamic" value="true" />
  </jazn>
  Whether If I change the authentication type to BASIC and add the following line
  in orion-application.xml will solve the issue :
  <jazn provider="XML">
       <property name="custom.loginmodule.provider" value="true" />
  <property name="role.mapping.dynamic" value="true" />
  <jazn-web-app auth-method="SSO" >
  </jazn>
  Any help regarding it will be appreciated .
  Thanks
  Anil

  Hi:
  We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
  authentication and Custom login module.
  Application is going in infinite loop when we we try to login using osso ,from the logs
  what I got is looks like tha when we we try to login from OSSO application goes to the login
  page and it gets the remote user from request so it forwards it to the home page till now
  it is correct behaviour ,but after that It looks like home page find that authentication is
  not done and sends it back to the login page and login page again sends it to the home as it
  finds that remote user is not null.
  Our web.xml form authentication entry looks like this :
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/jsp/login.jsp</form-login-page>
  <form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
  </form-login-config>
  </login-config>
  While entry in orion-application.xml has the following entry for custom login :
  <jazn provider="XML">
       <property name="custom.loginmodule.provider" value="true" />
  <property name="role.mapping.dynamic" value="true" />
  </jazn>
  Whether If I change the authentication type to BASIC and add the following line
  in orion-application.xml will solve the issue :
  <jazn provider="XML">
       <property name="custom.loginmodule.provider" value="true" />
  <property name="role.mapping.dynamic" value="true" />
  <jazn-web-app auth-method="SSO" >
  </jazn>
  Any help regarding it will be appreciated .
  Thanks
  Anil

• Can you enable both Windows Based Authentication and Forms Based Authenication for the same web application?

  Hello Community
      In WS2012 and SharePoint 2013 Server is it possible when creating a
  web application to enable both Windows Based Authentication/Negotiate
  (Kerberos) and enable Forms Based Authentication or does the web application
  use either one or the other?
      Thank you
      Shabeaut 

  Yes , you can use dual authentication on same web application. You can use same web application , at OOB login page you will have option to use windows or form login.
  Or you can extend your web application to a new web app and configure extended web application to use Form Based Authentication(Note extended web application will also show same content database , so the content will same only url will be different)
  http://blogs.technet.com/b/ptsblog/archive/2013/09/20/configuring-sharepoint-2013-forms-based-authentication-with-sqlmembershipprovider.aspx
  http://gj80blogtech.blogspot.in/2013/11/forms-based-authentication-fba-in.html
  Thanks
  Ganesh Jat [My Blog |
  LinkedIn | Twitter ]
  Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful.

• MOBI SSO with trusted authentication and form based authentication

  Dear All,
  I am trying to configure Trusted authentication based SSO FOR MOBI, here are the details:
  - SAP BI 4.1 SP04
  - Trusted authentication with HTTP header configurred for BI Launchpad and working fine.
  Now to have SSO from Mobile, I plan to leverage the existing configuration of BI Launchpad and at Mobile level, I want to use authentication type as TRUSTED_AUTH_FORM, instead of TRUSTED_AUTH_BASIC, with the approach: Trusted authentication with HTTP header.
  And
  Provide our app users their X502 certs.
  1. Will the above approach work ??
  2. As per SAP NOTE: 2038165 - SSO using form based trusted auth gives with the SAP BI app for iOS gives error MOB00920 this does not work and is still under investigation from July last year ? So for any community member, has this been found working ??
  I would appreciate your valuable inputs.
  Regards,
  Sarvjot Singh

  Hi,
  According to your post, my understanding is that you want to know the difference of the SharePoint three type user authentications.
  Windows claims-based authentication uses your existing Windows authentication provider (Active Directory Domain Services [AD DS]) to validate the credentials of connecting clients. Use this authentication to allow AD DS-based accounts access to SharePoint
  resources. Authentication methods include NTLM, Kerberos, and Basic.
  Forms-based authentication can be used against credentials that are stored in an authentication provider that is available through the ASP.NET interface
  SAML token-based authentication in SharePoint 2013 requires coordination with administrators of a claims-based environment, whether it is your own internal environment or a partner environment.
  There is a good article contains all the SharePoint Authentications, including how they work and how to configure.
  http://sp77.blogspot.com/2014/02/authentication-in-sharepoint-2013_5.html#.VFcyQ_mUfkJ
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support

• KP26 free and form-based

  Hello :
  I don't see any different when choosing either Free or Form-based.
  Thx in advance

  HI,
  In Free Based, we have to select the cost centers from the list  and then have to gice the planned activity for that cost center.
  In form based, automatically all the cost centers mentioned in the cost center group or from cost center to to cost center will appear in the screen. We can choose and enter the planned activites from the automatically available cost centers in the screen.
  Thanks,
  Shilpa.

• Office Web Apps and Forms Based Authentication

  Is it possible to use Office Web Apps Server 2013 to give external SharePoint Foundation 2013 clients access to Office documents in a View only capacity?
  Does FBA work with Office Web Apps or would external users have to at least have a Windows CAL in AD if we are just using SharePoint Foundation?

  Hi,
  It may be possible.
  Here are some links for your situation:
  http://technet.microsoft.com/en-us/library/ff431682(v=office.15).aspx
  http://blogs.technet.com/b/office_web_apps_server_2013_support_blog/archive/2014/03/20/office-web-apps-2013-errors-previewing-viewing-editing-documents-when-using-fba-in-the-extended-zone-but-not-the-default-zone.aspx
  http://technet.microsoft.com/en-us/library/ee806890(v=office.15).aspx
  Office Web Apps can be used only by SharePoint 2013 web applications that use claims-based authentication.
  There is a known issue when using Office Web App in the extended zone with FBA, but not the default zone. Please configure FBA authentication in the Default zone in case of that.
  Hope it helps.
  Regards,
  Rebecca Tu
  TechNet Community Support

• XWS-Security, JAAS and role-based authorization

  What is my best bet to try to authorize users to use certain web services? For example, let's say a user logs into a web application A, who connects to a web application B implementing Web Services and XWSS.
  A passes along the userNameToken, and B authenticates it (let's say, using JAAS). Now it needs to authorize the user to use the actual web service. Can I do this with JAAS? What is the best way to define the policies? Does it mean I have to create PrivilegedActions for every webservice? What are my other alternatives besides JAAS?
  Thanks in advance.

  Alternatively, is there a way to see which web service the client is requesting from the SecurityEnvironmentHandler (callbackHandler)?

• Forcing specific clients or groups to use forms based authentication (FBA) instead of windows based authentication (WIA) with ADFS

  Hi,
  We are have a quite specific issue. The problem is most likely by design in ADFS 3.0 (running on Windows Server 2012 R2) and we are trying to find a "work-around".
  Most users in the organization is using their own personal computer and everything is fine and working as expected, single sign-on (WIA) internally to Office 365 and forms based (FBA) externally (using Citrix NetScaler as reverse proxy and load
  balancing with the correct rewrites to add client-ip, proxy header and URL-transformation).
  The problem occurs for a few (50-100) users where they are sharing the same computer, automatically logged on to the computer using a generic AD-user (same for all of them). This AD-user they are logged on with does not have any access to Office365
  and if they try to access SharePoint Online they receive an error that they can't login (from SharePoint Online, not ADFS).
  We can't change this, they need to have this generic account logged on to these computers. The issue occurs when a user that has access to SharePoint Online tries to access it when logged on with a generic account.
  They are not able to "switch" from the generic account in ADFS / SharePoint Online to their personal account.
  The only way I've found that may work is removing IE as a WIA-capable agent and deploy a User-Agent version string specific to most users but not the generic account.
  My question to you: Is there another way? Maybe when ADFS sees the generic user, it forces forms based authentication or something like that?
  Best regards,
  Simon

  I'd go with your original workaround using the user-agent and publishing a GPO for your normal users that elects to use a user-agent string associated with Integrated Windows Auth.. for the generic accounts, I'd look at using a loopback policy that overwrites
  that user agent setting, so that forms logon is preferred for that subset of users. I don't think the Netscaler here is useful in this capacity as it's a front-end proxy and you need to evaluate the AuthZ rules on the AD FS server after the request has been
  proxied. The error pages in Windows Server 2012 R2 are canned as the previous poster mentioned and difficult to customize (Javascript only)...
  http://blog.auth360.net

• Form based authentication HTTP 403 access forbidden in WL 8.1

  Hi there..
  I found following message posted in April-2004 by Sandeep very useful.
  I also ended up getting the following HTTP 403 Forbidden access error while using Pageflow controller and Form based authentication.
  I noticed 2 things. If you have a normal webapp A, which is a plain old webapp (which does not use pageflow..workshop etc..) then the following error does not occur.
  It only happens with those webapps which utilizes WL 8.1's pageflow features. Note that I am not using nested page flows. I just used 1 pageflow controller and wanted to have the form based login feature for the same.
  BEA's samples on form authentication talks about nested page flows and javax.security.auth.login.FailedLoginException and etc.. are they only applicable to nested pageflows?
  can't I use the same to capture failed login exception within a single controller?
  I tried out putting FailedLoginException exception-handler in Global.app file but it didn't catch it. Only the following work around worked. is this a bug in WL 8.1 workshop? or I am missing something.
  I would appreciate if someone can clear this doubt.
  I am using WL 8.1 with sp3.
  Rajesh
  Hey guys,
  I could find the solution for my problem. Here it is
  We need to add following lines of code in the erro.jsp page.
  <form action"j_security_check>
  ....write the error mesage....
  </form>
  You will get rid of "403 Forbidden page" error.
  Thanks,
  Sandip
  [email protected] (Sandip Atkole) wrote in message news:<[email protected]>...
  I am trying to set up Form-Based Authentication on WebLogic 8.1
  The Problem:
  If the user provides correct userid/password, he gets access to the
  protected resource as required, but if he provides incorrect
  userid/password, he gets a 403 Forbidden page, instead of getting the
  login failure page.
  The Descriptors:
  WEB.XML
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/Login.jsp</form-login-page>
  <form-error-page>/LoginError.jsp</form-error-page>
  </form-login-config>
  </login-config>
  Why doesn't it redirect to "/LoginError.jsp" instead of showing the
  403 Forbidden page?
  Thanks in advance
  Sandip

  It seems like a bug. However when I explicitly reset the error using set status it worked for me. I added following code in my error jsp .
  <%     
       response.setHeader("conent-type","text/html");
       response.setStatus(200);
  %>

• Authentificaton - JDBC realm & Form Based in Jdeveloper 10.1.3 and OCJ4

  Dear Partners:
  Being new working with Jdeveloper 10.1.3 and embedded OC4J,
  I'm migrating an application from Tomcat and trying to
  setup authentication for my JSP pages: JDBC realm and Form Based.
  I succeeded only adding the security constraint to
  the application's server.xml file, and creating the
  user and user's roles tables. Yet, I got lost
  by using the Jdeveloper's menu option Tools->OC4J embedded
  OC4J server preferences.
  Any documentation or examples are appreciated.
  Thank you.

  Waheed - we aren't satisfied with our device coverage for mobile devices, hence we're focusing our efforts on Telnet/PDA and working with partners for ADF support for the broader class of mobile devices. Please send me an email or give me a call with any questions ([email protected], +1-408-687-8185).
  -Indu

• Form based authentication very slow

  Hi,
  We are facing problem in form based login authentication. Any application having a form based authentication is taking too much time.
  We are running SAP J2EE Server 6.40 with SP16.
  The database and the J2EE server are in a single machine.
  The basic authentication does not show up any problem.
  The form based takes up too much amount of time but does go through.
  What can be the problem?
  Regards,
  Ameya

  Hi Ameya,
  if form based authentication is working fine for you then please send me complete step by step procedure or any document if you have any as i configured everything required for form based authentication and when i provide any of the .jsp page in the url i am not getting the login page. please help me as soon as possible

• Form Based authentcation in Sharepoint 2010

  Hi,
     I am Having a problem. everytime i enter the URL for accesing the site i am getting a new page which asks me whether i have to use forms based autherntication or Windows based authentication.Attaching the below screen shot of the same. can some
  one help me to sort out this issue.

  If you implment Forms Based authentication on the same AAM zone where you are using Windows Authentication this is the way it is designed to work.  If you Extend the Web Application to a new Zone and turn on Forms Based authentication there but not
  in the default zone then you won't get the prompt.  Instead you'll use windows authentication when you use the default Zone url and Forms based authentication when you use the extended zone URL.
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.