JAAS and form-based webtier authentication
Hi, I would like to know if it is possible to use form-based authentication with
JAAS in a webapp. I would appreciate if you could show me some sample code.
Thanks /Chris
Hi, You may like to go through the following link.
http://developinjava.com/readarticle.php?article_id=6
Similar Messages
-
Hi everybody, I want to know if somebody has information to integrate jaas with form-based, i am using tomcat 5.5
Thanks in advance..Hi, You may like to go through the following link.
http://developinjava.com/readarticle.php?article_id=6 -
User Name- and Password-Based Mutual Authentication
Hi,
The J2EE 1.4 Tutorial Update 1 shows an example of Client-Certificate Authentication over HTTP/SSL with JAX-RPC, but no User Name- and Password-Based Mutual Authentication example.
Does this work the same? Does the client need a certificate for User Name- and Password-Based Mutual Authentication?
I created my own self-signed certificate and imported it using the keytool. When I use my client to connect to my JAX-RPC web service, I get the following error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found.
It seems that no trusted certificate is found... on the client side?! How do I specify the client certificate at the client side? I created a client certificate and added it to the keystore in the application server...
If somebody should have an example of User Name- and Password-Based Mutual Authentication, I'd really apreciate it.
Thanks, d3m0.Hi,
I've almost the same problem.In an application based on Java Web Start, i try to attack a web service through HTTPS. Before the call of the web services, the client have discussed with the server through HTTPS, so the user have already accept the certificate (i use self-signed certificate too), i get the same exception.
At the begining i've used classes from axis. I've found that axis doesn't want to support non trusted certificate. Some workaround were that the client access the private key of the server ... not really secure. So i've tried to use the JAX-RPC classes, always the exception.
For the moment , we don't want to use trusted certificate and don't want to install on each user workstation the server certificate. I continue to investigate, if someone have some solution ? What i don't understand is why i've this exception altough i'm in a secure environment (JWS + user accepts the untrusted certificate).
Sorry, i've never work on User Name- and Password-Based Mutual Authentication, but i think your exception come because of self-signed certificate.
Regard,
Pierre. -
SP4 and Form Based Authentication
Hi,
I had just advised a customer to apply SP4 to WLS and
then plug in the 'source code' patch, he replied that he had
been informed that SP4 breaks Form Based Authentication for
war web apps?
Can anyone confirm/deny this for me please ?
regards,
Patrick.Hehe Hiya Patrick!, that was Me! seems we use the same hot source of info :)
Cheers
Rob :)
"Patrick Byrne" <[email protected]> wrote in message
news:[email protected]..
Hi,
I had just advised a customer to apply SP4 to WLS and
then plug in the 'source code' patch, he replied that he had
been informed that SP4 breaks Form Based Authentication for
war web apps?
Can anyone confirm/deny this for me please ?
regards,
Patrick. -
Issues with OSSO ,custom login module and form based authentication
Hi:
We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
authentication and Custom login module.
Application is going in infinite loop when we we try to login using osso ,from the logs
what I got is looks like tha when we we try to login from OSSO application goes to the login
page and it gets the remote user from request so it forwards it to the home page till now
it is correct behaviour ,but after that It looks like home page find that authentication is
not done and sends it back to the login page and login page again sends it to the home as it
finds that remote user is not null.
Our web.xml form authentication entry looks like this :
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
</form-login-config>
</login-config>
While entry in orion-application.xml has the following entry for custom login :
<jazn provider="XML">
<property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
</jazn>
Whether If I change the authentication type to BASIC and add the following line
in orion-application.xml will solve the issue :
<jazn provider="XML">
<property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
<jazn-web-app auth-method="SSO" >
</jazn>
Any help regarding it will be appreciated .
Thanks
AnilHi:
We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
authentication and Custom login module.
Application is going in infinite loop when we we try to login using osso ,from the logs
what I got is looks like tha when we we try to login from OSSO application goes to the login
page and it gets the remote user from request so it forwards it to the home page till now
it is correct behaviour ,but after that It looks like home page find that authentication is
not done and sends it back to the login page and login page again sends it to the home as it
finds that remote user is not null.
Our web.xml form authentication entry looks like this :
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
</form-login-config>
</login-config>
While entry in orion-application.xml has the following entry for custom login :
<jazn provider="XML">
<property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
</jazn>
Whether If I change the authentication type to BASIC and add the following line
in orion-application.xml will solve the issue :
<jazn provider="XML">
<property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
<jazn-web-app auth-method="SSO" >
</jazn>
Any help regarding it will be appreciated .
Thanks
Anil -
Hello Community
In WS2012 and SharePoint 2013 Server is it possible when creating a
web application to enable both Windows Based Authentication/Negotiate
(Kerberos) and enable Forms Based Authentication or does the web application
use either one or the other?
Thank you
ShabeautYes , you can use dual authentication on same web application. You can use same web application , at OOB login page you will have option to use windows or form login.
Or you can extend your web application to a new web app and configure extended web application to use Form Based Authentication(Note extended web application will also show same content database , so the content will same only url will be different)
http://blogs.technet.com/b/ptsblog/archive/2013/09/20/configuring-sharepoint-2013-forms-based-authentication-with-sqlmembershipprovider.aspx
http://gj80blogtech.blogspot.in/2013/11/forms-based-authentication-fba-in.html
Thanks
Ganesh Jat [My Blog |
LinkedIn | Twitter ]
Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful. -
MOBI SSO with trusted authentication and form based authentication
Dear All,
I am trying to configure Trusted authentication based SSO FOR MOBI, here are the details:
- SAP BI 4.1 SP04
- Trusted authentication with HTTP header configurred for BI Launchpad and working fine.
Now to have SSO from Mobile, I plan to leverage the existing configuration of BI Launchpad and at Mobile level, I want to use authentication type as TRUSTED_AUTH_FORM, instead of TRUSTED_AUTH_BASIC, with the approach: Trusted authentication with HTTP header.
And
Provide our app users their X502 certs.
1. Will the above approach work ??
2. As per SAP NOTE: 2038165 - SSO using form based trusted auth gives with the SAP BI app for iOS gives error MOB00920 this does not work and is still under investigation from July last year ? So for any community member, has this been found working ??
I would appreciate your valuable inputs.
Regards,
Sarvjot SinghHi,
According to your post, my understanding is that you want to know the difference of the SharePoint three type user authentications.
Windows claims-based authentication uses your existing Windows authentication provider (Active Directory Domain Services [AD DS]) to validate the credentials of connecting clients. Use this authentication to allow AD DS-based accounts access to SharePoint
resources. Authentication methods include NTLM, Kerberos, and Basic.
Forms-based authentication can be used against credentials that are stored in an authentication provider that is available through the ASP.NET interface
SAML token-based authentication in SharePoint 2013 requires coordination with administrators of a claims-based environment, whether it is your own internal environment or a partner environment.
There is a good article contains all the SharePoint Authentications, including how they work and how to configure.
http://sp77.blogspot.com/2014/02/authentication-in-sharepoint-2013_5.html#.VFcyQ_mUfkJ
Thanks & Regards,
Jason
Jason Guo
TechNet Community Support -
Hello :
I don't see any different when choosing either Free or Form-based.
Thx in advanceHI,
In Free Based, we have to select the cost centers from the list and then have to gice the planned activity for that cost center.
In form based, automatically all the cost centers mentioned in the cost center group or from cost center to to cost center will appear in the screen. We can choose and enter the planned activites from the automatically available cost centers in the screen.
Thanks,
Shilpa. -
Office Web Apps and Forms Based Authentication
Is it possible to use Office Web Apps Server 2013 to give external SharePoint Foundation 2013 clients access to Office documents in a View only capacity?
Does FBA work with Office Web Apps or would external users have to at least have a Windows CAL in AD if we are just using SharePoint Foundation?Hi,
It may be possible.
Here are some links for your situation:
http://technet.microsoft.com/en-us/library/ff431682(v=office.15).aspx
http://blogs.technet.com/b/office_web_apps_server_2013_support_blog/archive/2014/03/20/office-web-apps-2013-errors-previewing-viewing-editing-documents-when-using-fba-in-the-extended-zone-but-not-the-default-zone.aspx
http://technet.microsoft.com/en-us/library/ee806890(v=office.15).aspx
Office Web Apps can be used only by SharePoint 2013 web applications that use claims-based authentication.
There is a known issue when using Office Web App in the extended zone with FBA, but not the default zone. Please configure FBA authentication in the Default zone in case of that.
Hope it helps.
Regards,
Rebecca Tu
TechNet Community Support -
XWS-Security, JAAS and role-based authorization
What is my best bet to try to authorize users to use certain web services? For example, let's say a user logs into a web application A, who connects to a web application B implementing Web Services and XWSS.
A passes along the userNameToken, and B authenticates it (let's say, using JAAS). Now it needs to authorize the user to use the actual web service. Can I do this with JAAS? What is the best way to define the policies? Does it mean I have to create PrivilegedActions for every webservice? What are my other alternatives besides JAAS?
Thanks in advance.Alternatively, is there a way to see which web service the client is requesting from the SecurityEnvironmentHandler (callbackHandler)?
-
Hi,
We are have a quite specific issue. The problem is most likely by design in ADFS 3.0 (running on Windows Server 2012 R2) and we are trying to find a "work-around".
Most users in the organization is using their own personal computer and everything is fine and working as expected, single sign-on (WIA) internally to Office 365 and forms based (FBA) externally (using Citrix NetScaler as reverse proxy and load
balancing with the correct rewrites to add client-ip, proxy header and URL-transformation).
The problem occurs for a few (50-100) users where they are sharing the same computer, automatically logged on to the computer using a generic AD-user (same for all of them). This AD-user they are logged on with does not have any access to Office365
and if they try to access SharePoint Online they receive an error that they can't login (from SharePoint Online, not ADFS).
We can't change this, they need to have this generic account logged on to these computers. The issue occurs when a user that has access to SharePoint Online tries to access it when logged on with a generic account.
They are not able to "switch" from the generic account in ADFS / SharePoint Online to their personal account.
The only way I've found that may work is removing IE as a WIA-capable agent and deploy a User-Agent version string specific to most users but not the generic account.
My question to you: Is there another way? Maybe when ADFS sees the generic user, it forces forms based authentication or something like that?
Best regards,
SimonI'd go with your original workaround using the user-agent and publishing a GPO for your normal users that elects to use a user-agent string associated with Integrated Windows Auth.. for the generic accounts, I'd look at using a loopback policy that overwrites
that user agent setting, so that forms logon is preferred for that subset of users. I don't think the Netscaler here is useful in this capacity as it's a front-end proxy and you need to evaluate the AuthZ rules on the AD FS server after the request has been
proxied. The error pages in Windows Server 2012 R2 are canned as the previous poster mentioned and difficult to customize (Javascript only)...
http://blog.auth360.net -
Form based authentication HTTP 403 access forbidden in WL 8.1
Hi there..
I found following message posted in April-2004 by Sandeep very useful.
I also ended up getting the following HTTP 403 Forbidden access error while using Pageflow controller and Form based authentication.
I noticed 2 things. If you have a normal webapp A, which is a plain old webapp (which does not use pageflow..workshop etc..) then the following error does not occur.
It only happens with those webapps which utilizes WL 8.1's pageflow features. Note that I am not using nested page flows. I just used 1 pageflow controller and wanted to have the form based login feature for the same.
BEA's samples on form authentication talks about nested page flows and javax.security.auth.login.FailedLoginException and etc.. are they only applicable to nested pageflows?
can't I use the same to capture failed login exception within a single controller?
I tried out putting FailedLoginException exception-handler in Global.app file but it didn't catch it. Only the following work around worked. is this a bug in WL 8.1 workshop? or I am missing something.
I would appreciate if someone can clear this doubt.
I am using WL 8.1 with sp3.
Rajesh
Hey guys,
I could find the solution for my problem. Here it is
We need to add following lines of code in the erro.jsp page.
<form action"j_security_check>
....write the error mesage....
</form>
You will get rid of "403 Forbidden page" error.
Thanks,
Sandip
[email protected] (Sandip Atkole) wrote in message news:<[email protected]>...
I am trying to set up Form-Based Authentication on WebLogic 8.1
The Problem:
If the user provides correct userid/password, he gets access to the
protected resource as required, but if he provides incorrect
userid/password, he gets a 403 Forbidden page, instead of getting the
login failure page.
The Descriptors:
WEB.XML
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/LoginError.jsp</form-error-page>
</form-login-config>
</login-config>
Why doesn't it redirect to "/LoginError.jsp" instead of showing the
403 Forbidden page?
Thanks in advance
SandipIt seems like a bug. However when I explicitly reset the error using set status it worked for me. I added following code in my error jsp .
<%
response.setHeader("conent-type","text/html");
response.setStatus(200);
%> -
Authentificaton - JDBC realm & Form Based in Jdeveloper 10.1.3 and OCJ4
Dear Partners:
Being new working with Jdeveloper 10.1.3 and embedded OC4J,
I'm migrating an application from Tomcat and trying to
setup authentication for my JSP pages: JDBC realm and Form Based.
I succeeded only adding the security constraint to
the application's server.xml file, and creating the
user and user's roles tables. Yet, I got lost
by using the Jdeveloper's menu option Tools->OC4J embedded
OC4J server preferences.
Any documentation or examples are appreciated.
Thank you.Waheed - we aren't satisfied with our device coverage for mobile devices, hence we're focusing our efforts on Telnet/PDA and working with partners for ADF support for the broader class of mobile devices. Please send me an email or give me a call with any questions ([email protected], +1-408-687-8185).
-Indu -
Form based authentication very slow
Hi,
We are facing problem in form based login authentication. Any application having a form based authentication is taking too much time.
We are running SAP J2EE Server 6.40 with SP16.
The database and the J2EE server are in a single machine.
The basic authentication does not show up any problem.
The form based takes up too much amount of time but does go through.
What can be the problem?
Regards,
AmeyaHi Ameya,
if form based authentication is working fine for you then please send me complete step by step procedure or any document if you have any as i configured everything required for form based authentication and when i provide any of the .jsp page in the url i am not getting the login page. please help me as soon as possible -
Form Based authentcation in Sharepoint 2010
Hi,
I am Having a problem. everytime i enter the URL for accesing the site i am getting a new page which asks me whether i have to use forms based autherntication or Windows based authentication.Attaching the below screen shot of the same. can some
one help me to sort out this issue.If you implment Forms Based authentication on the same AAM zone where you are using Windows Authentication this is the way it is designed to work. If you Extend the Web Application to a new Zone and turn on Forms Based authentication there but not
in the default zone then you won't get the prompt. Instead you'll use windows authentication when you use the default Zone url and Forms based authentication when you use the extended zone URL.
Paul Stork SharePoint Server MVP
Principal Architect: Blue Chip Consulting Group
Blog: http://dontpapanic.com/blog
Twitter: Follow @pstork
Please remember to mark your question as "answered" if this solves your problem.
Maybe you are looking for
-
Project Online 2013 Licenses/Subscription
I am actually new to the Project Online 2013 ( not the project server ) So have a question regarding the correct subscription for my users. A bit background, we are trying to implement a Project Portfolio Management solution at our organization and
-
Why is sound distorted on my MacBook?
Okay so a few days ago I noticed a fuzzy, distorted sound quality during video play. This is the case when I use youtube, watch other flash videos, or play songs in itunes. The normal sounds for the system commands such as turning it on and off or th
-
Duplicate fonts in character menu CS6 Mac
Anyone else seeing this on the Mac version of CS6?
-
Invoking Acrobat PDF compare from Java code
Need to invoke the Adobe Acrobat XI's PDF compare feature using Java code. Description: ======== We are exploring the possibilities of passing 2 PDF's from Java to Adobe Acrobat XI SDK to get the compared results in new PDF. If anyone has explored wi
-
Macbook capable run Snow Leopard smoothly
hello, just wondering if my macbook is capable of running SL smoothly without anything crashes, 1st generation macbook: 2GHz Intel Core Duo 80GB HDD upgraded 2GB SDRAM <--- that's the highest capacity my generation is allowed right? also, i like to r