Kerberos integration with SecurID?

Hi...
Is it possible to integrate Kerberos with SecurID? Historically we have run a fairly open system and often user credentials are shared (private keys, etc). I doubt I can do much about this process wise, and any potential solution I can think of I can also think of a workaround for.
Most of the guys have SecurID tags already and it would seem logical to be able to use this hard authentication to provide the first ticket, and to subsequently validate the connection as tickets expire.
I have checked the RSA site and there only seems to be a PAM module available. I am also aware of a patch for OpenSSH, but is there anything I can do specifically with Kerberos?
cheers

Have you checked http://www.rsa.com/rsasecured/product.aspx?id=1738
Thanks,
Tim

Similar Messages

OAM 11g integration with Kerberos on cluster with load-balanced virtualhost

Hello!
I need to make a Kerberos integration with OAM.
I find following notes about OAM 11g: WNA Configuration for HA Clusters [ID 1365888.1] (https://support.oracle.com/epmos/faces/ui/km/SearchDocDisplay.jspx?_afrLoop=223640518878014&type=DOCUMENT&id=1365888.1&displayIndex=1&_afrWindowMode=0&_adf.ctrl-state=14ehvbh4z2_61).
"In an OAM Clustered environment, the OAM Principal for WNA must be the same on all tiers i.e. the load-balanced virtualhost for the OAM cluster.
Therefore each OAM managed server will reference the same keytab file, generated for Principal HTTP/<virtualhost.domain>, and the keytab file will be in the same location on all OAM managed servers.
For example: ${DOMAIN_HOME}/domains/${DOMAIN_NAME}/config/fmwconfig/oam/<keytab filename>.
After copying the keytab file to the same directory on all OAM managed server machines, complete the configuration of the Kerberos authentication module in OAM Administration Console (/oamconsole).
The AdminServer will ensure that the oam-config.xml file on all OAM managed server tiers in the cluster is updated with this configuration."
The question is; When I generate oam.keytab with following command, What is the name of the server that I will must put in the command? Virtualhost (load-balanced), Node1 or Node2?
ktpass -princ HTTP/<servername>@DOMAIN -pass XXXXXXX mapuser DOMAIN\user -out oam.keytab.
Thanks in advance and best regards!
PS: Sorry if my english is not clear.

David,
Your Principal name should be the SSO LB URL.(ie :sso.mycomany.com)
ktpass -princ HTTP/sso.mycomany.com@DOMAIN -pass XXXXXXX mapuser DOMAIN\user -out oam.keytab.
Also make sure sso.mycomany.com has a reverse DNS configured correctly.
you can check using dig command
ping sso.mycomany.com
What ever the ip-address
dig -x <IP-ADDRESS>
Check in the reverse DNS section there should be 1 record.
;; ANSWER SECTION:
1.1.1.1.in-addr.arpa. 3600 IN PTR sso.mycomany.com.
Let me know if you have more questions.
Thanks
Saurabh

Integrating Kerberos authentication with OBIEE

Hi,
Is it possible to integrate Kerberos authentication with OBIEE? If yes, how can that be done? Are there any documentation available?
Thanks

we can integrate with LDAP with the help of below link
http://oraclebizint.wordpress.com/2007/10/10/oracle-bi-ee-101332-using-ldapoid-authentication/
Regards
Venkata

Kerberos authentification with WinServer 2003 ADS

Hi,
I tried to implement the Kerberos authentification based on Web AS 6.40 EP6 SP17 and Windows Server 2003 ADS according to the following logs:
<a href="https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/3541">kerberos implementation with ADS made easy</a>
<a href="https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/3522">Windows Integrated Authentication via Kerberos on an LDAP data source</a>
But actually it doesnt work. Already at the generation of the keytab file I got an message that it was not possible to bind to the default domain ("failed getting target domain"). The other steps were made appropriately.
So where is the problem. Does it lie at the configuration of the Domain Controller. There was no special configuration made with it because I thougt that Kerberos authentification is possible by default
Thanks, regards
Markus Armbruster

Didnt work!
Let me explain what I did and maybe anyone of you will see my failure.
1. Assigned a workíng connection to ADS of an WinServer 2003
2. Took the xml of this configuration and added the corresonding lines. (kbr5pincipalname)
3. Uploaded the xml
4. Added -Djavax.security.auth.useSubjectCredsOnly=false
         -Djava.security.krb5.conf= E:/usr/sap/SPE/JC00/j2ee/security/krb5.conf
         -Dsun.security.krb5.debug=true
   to server configuration
5. Created
    -om.sap.core.server.jaas.SPNegoLoginModule
    -com.sap.security.core.server.jaas.SPNegoMappingLoginModule
    -com.sun.security.auth.module.Krb5LoginModule
6. On J2EE Host %java_home% inktab -a host/[email protected] -k keytab
7. setspn -A HTTP/server.aaa.bbb.ccc serviceuser
8. Assign HTTP/[email protected] to the loginModules SPNegoLoginModule and Krb5LoginModule
So wheres the cause for this misfunction?
Last, what is the ConfigTool->UME_LDAP_data->use UME unique id with unique LDAP attribut = samaccountname?
Do I need to change it krb5principalname?
regards

Kerberos - tampering with ticket cache

Hello,
sorry if this is allready posted here, I couldn't fing it.
I'm using the Kerberos ver.5 Login Modul in JAAS to authenticate users (Java version is 1.4.2). I'm also using SSO mechanisms of Kerberos, so with kinit I make a ticket for myself into the ticket cache and I'm using it withou re-contacting the KDC nor requiring password again.
But I just find out, that when I take a HexEditor, and edit the ticket cache, I could easily change my name in that ticket (eg. to "admin" or other). After this the JAAS Login Modul does not recognize the change, and yells "admin" succesfully logged in. Now letting anybody work with admin privileges is not what I dreamed about! This is not the bug that I can live with!
Is there any method to recognize that the Ticket Cache was tampered with? Or any other suggestions?
Thanks in advance

Hi
Yes, I would like to know how to use kinit programmatically too! The whole mechanism doesn't really make sense to me - I would have thought the Krb5LoginModule, if configured with useTicketCache=true, would call kinit itself if it found an empty/expired ticket in the cache, and then used that cache for susbsequent operations. Is the version of kinit that comes with the JDK written in Java? Where's the source code?? In single sign on, surely we want to update the cache quite often e.g. at the start of each day. The only way I can see of doing this is by getting the use to do this manually (urghhh), or calling the kinit.exe program from Java, which doesn't sound too great either. I wonder if this is what most people do.....
I did get out my hex editor and edit the cache as it happens - and it did indeed throw an exception (see below). Interestingly it seems to have got past the login stage, but as expected when the GSS communication begins, the handshaking between client and server fails. Here's the full stack trace I got:
PS I'd be interested in your thoughts on the use of kinit....
Connected to server localhost/127.0.0.1
KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.af.a(Unknown Source)
at sun.security.krb5.internal.ae.a(Unknown Source)
at sun.security.krb5.internal.ae.<init>(Unknown Source)
at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)
at sun.security.krb5.internal.az.a(Unknown Source)
at sun.security.krb5.internal.az.a(Unknown Source)
at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at SampleClient.main(SampleClient.java:144)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at MyAction.run(Login.java:212)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
at Login.main(Login.java:177)
KrbException: Integrity check on decrypted field failed (31) - PROCESS_TGS
at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)
at sun.security.krb5.internal.az.a(Unknown Source)
at sun.security.krb5.internal.az.a(Unknown Source)
at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at SampleClient.main(SampleClient.java:144)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at MyAction.run(Login.java:212)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
at Login.main(Login.java:177)
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.af.a(Unknown Source)
at sun.security.krb5.internal.ae.a(Unknown Source)
at sun.security.krb5.internal.ae.<init>(Unknown Source)
... 17 more
java.security.PrivilegedActionException: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
at Login.main(Login.java:177)
Caused by: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
at MyAction.run(Login.java:214)
... 3 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at MyAction.run(Login.java:212)
... 3 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Integrity check on decrypted field failed (31) - PROCESS_TGS)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at SampleClient.main(SampleClient.java:144)
... 8 more

OIM 9.1.0 Integration with Active Directory 2008 R2

Hi,
My customer is running Root/Child AD structure based on windows 2003 w/SP2, OIM 9.1.0 deployed under one of the child domains, and integrated with child domains controllers which runs windows server 2003 as well.
My customer has decided to upgrade his AD to Windows Server 2008 R2 domain controllers across the entire AD Forest and still wants to integrate the current OIM v9.1.0 with AD for all of his Users provisioning and password synchronizations.
Am not sure if current OIM version of OIM 9.1.0 is compatible and supported by OIM v9.1.0 under active directory version 2008 / R2, and not sure if it can be integrated with such AD version.
Any guidance is really appreciated.
Also I was thinking of such scenario but also not sure of its support ability and if OIM will keep working on such scenario, the scenario is to upgrade only the AD root domain to Windows 2008 R2 while keeping the child domain holding the OIM 9.1.0 at Windows 2003 version.
Is this a working and supported scenario by OIM v9.1.0 ?

I believe you question should be if the connector supports this architecture. Check out the versions supported for the connector you are using and you should be good.
-Bikash

Service desk integration with 3rd party tool

Hi all,
I've problems understanding the setup of connecting a 3rd party service desk tool with solman itsm.
So far it's clear that I need to activate and configure the service provider and consumer in soamanager.
The webservice then will be called by the 3rd party tool with corresponding data.
However, according to spro I need to define a value mapping for incoming/outgoing calls.
I do not understand this mapping... the WSDL of webservice ICT_SERVICE_DESK_API contains lots of fields, but in spro -> value mapping I can only define the following fields (which are hard coded in type pool AIICT):
SAPCategory
SAPComponent
SAPDatabase
SAPFrontend
SAPIncidentID
SAPIncidentStatus
SAPInstNo
SAPOperatingSystem
SAPSoftwareComponent
SAPSoftwareComponentPatch
SAPSoftwareComponentRelease
SAPSubject
SAPSystemClient
SAPSystemID
SAPSystemType
SAPUserStatus
What about attachments, priority etc.?
Will the interface parameters mapped to these ones?
For what purpose do I need to maintain the value mapping?
Can you give me a hint?
Regards, Richard Pietsch

can you please check the WIKI Solution manager Service Desk Integration with third party service desk - SAP Solution Manager - Security and Authorizat…

Java Stack mandatory for a SAP BI system integrated with EP?

Hi Guru's,
Currently we are using SAP NetWeaver 2004 s version 7.0 system for our BI.
This is integrated with the EP. But our BI system does not contain the Java Stack installed.
When we work on WAD templates and execute the template, it is automatically directed to EP portal where we can see our reports.
Here my question is do we need Java Stack for this system to use ADOBE DOCUMENT services or can it work with EP only for the web functionalities.
Any info on this is of great help.
Best Regards
Kumar

HI Reddy,
We came to know from our basis team that we do not have the Java Stack installed in our BI 7.x system yet.
As it is integrated with EP which has Java, our web reports are working.
1) But my question is still do we ned to install the Java Stack in our BI system as i do not find any Export to PDF option in EP for the reports (eventhough AS Java supports this).
2) Or can we use the existing configuration without Java STack integrated to EP for the new tools like Report Designer and Integrated Planning?
Regards
Kumar

Session keep Alive when EBS is integrated with OIF acting as SP

We have an E-Business Suite R12(12.1.3) Application which is integrated with Oracle Access Manager 11.1.1.5. For authentication the Oracle Access Manager delegates the authentication request to Oracle Identity Federation acting as a Service Provider (SP). There is a home-grown SSO which acts as the Identity provider by Federating it with OIF using SAML 2.0 protocol.
The integration is successful and EBS is able to authenticate using this third party SSO.
Now there are multiple applications which are integrated with this third party SSO and the user can access any of these applications including EBS.
Considering a scenario where a user is using EBS Application say for more than 30 mins. Now when he tries to login to another application the challenge screen is thrown though he can continue to work on EBS without any issue. The reason being that the session timeout on the IDP side is set to 30 mins.
To overcome this issue the solution that has been thought of using a javascript for each page load on the application which will update the SSO token with the latest UTC time on the IDP server. This has been successfully done for all other applications except EBS.
So my question is how we can call this java script for each page load for EBS?
Thanks & Regards
Sarbashis

It appears that OAM is removing the url parameters for the p_done_url sent to it by OIF.
302 Redirect to -> Location: https://sso.mycompany.com/oam/server/logout?p_done_url=https%3A%2F%2Fsso.mycompany.com%2Ffed%2Fuser%2Fsloosso%3Fid%3Dosso%26type%3D3&invokeOSFSLogout=false
Result: 200. Set-Cookie OAM-ID to expired.
Form Submits: https://sso.mycompany.com/fed/user/sloosso
Result: 500 Error
Notice the p_done_url value in the redirect has extra parameters which when the Form is submitted are lost.
If I manually enter the url: https://sso.mycompany.com/fed/user/sloosso?id=osso&type=3&invokeOSFSLogout=false
Then I am successfully logged out.
This seems almost like a bug in OAM...

RE: Legacy Integration with PI/Open

Greg -
We are currently working on wrappering the APIs for UniVerse (aka Pick on
UNIX).
We received some help from the guys at RTD in Denver.
We tested out a C program that uses the Universe APIs and it works fine.
We will be building the Forte piece and compiling it this week.
Our first application is to inquire the UniVerse data, after that is
successful, we will move to inserting & updating.
Let us know how we can help.
Larry McCartney
[email protected]
(203)459-7959 - Trumbull
From:
[email protected][SMTP:[email protected]
om]
Sent: Monday, October 12, 1998 11:00 AM
To: [email protected]
Subject: forte-users-digest V1 #1111
forte-users-digest Monday, 12 October 1998 Volume 01 : Number
1111
In this issue:
Legacy Integration with PI/Open
is OBB32.dll available
Java Integration
Java Integration
Re: Legacy Integration with PI/Open
RE: Forms That Will Not Close
RE: Forms That Will Not Close
RE: Forms That Will Not Close
Re: AfterValueChange event trigged when it shouldn't be...
math library
From: [email protected]
Date: Mon, 12 Oct 1998 09:49:56 +1000
Subject: Legacy Integration with PI/Open
This is a bit of a long shot, but has anyone experience with integrating
Forte with PI/Open. PI/Open is a variant of PICK. We have a requirement
to read and update a PI/Open database from within our Forte application,
and we would be most interested to hear from anyone who has experience in
doing this.
We are aware of a set of APIs provided with PI/Open that are written in
"C". We could wrapper these from within Forte, however the issue is that
the APIs provided are non-shared, and Forte requires shared libraries.
Thanks in advance for any help.
Greg Barber.
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received
this in error, please contact the sender and delete the material from any
computer.
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: "sridhar t" <[email protected]>
Date: Sun, 11 Oct 1998 22:01:36 PDT
Subject: is OBB32.dll available
hi,
am working on forte3.0.G.2. when i tried to use objectbroker library i
am unable to find the runtime objectbroker library (OBB32.dll). is this
dll available with this version. if not is there any alternative.
thanks,
sridhar,
Goldstone Softech USA
Get Your Private, Free Email at http://www.hotmail.com
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: srinivasa gopi <[email protected]>
Date: Sun, 11 Oct 1998 23:12:22 -0700 (PDT)
Subject: Java Integration
Hello,
I'm trying to integrate Forti with Java in Java mode using IIOP.I
followed the steps as explained in the Forti Web enterprise manual.I
compiled the Java files that are generated by Forti along with the
client Java file.The Java applet is getting downloaded on the client
browser(IE 4.0), but the problem is browser is giving an exception
** Java.lang.RuntimeException can't connect to service object with
the ior file name **.
My question is on every client is it necessary for ORB(Visigenic for
Java 3.2) and also the Forti Java interoperability package that is
provided by the Forti for compatability with Java or it is not
required on the clients ?
Is there any other alternative to achieve the goal as this will give
wide access to the Forti service objects through Web Browser clients.
Please mail me the solution to this problem as early as possible it is
very urgent.
Thanks in advance,
Srinivasa Gopi,
Goldstone Softech USA
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: srinivasa gopi <[email protected]>
Date: Sun, 11 Oct 1998 23:26:26 -0700 (PDT)
Subject: Java Integration
Hello,
I'm trying to integrate Forti with Java in Java mode using IIOP.I
followed the steps as explained in the Forti Web enterprise manual.I
compiled the Java files that are generated by Forti along with the
client Java file.The Java applet is getting downloaded on the client
browser(IE 4.0), but the problem is browser is giving an exception
** Java.lang.RuntimeException can't connect to service object with
the ior file name **.
My question is on every client is it necessary for ORB(Visigenic for
Java 3.2) and also the Forti Java interoperability package that is
provided by the Forti for compatability with Java or it is not
required on the clients ?
Is there any other alternative to achieve the goal as this will give
wide access to the Forti service objects through Web Browser clients.
Please mail me the solution to this problem as early as possible it is
very urgent.
Thanks in advance,
Srinivasa Gopi,
Goldstone Softech USA
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: Tim Hagemann <[email protected]>
Date: Mon, 12 Oct 1998 09:21:06 +0200
Subject: Re: Legacy Integration with PI/Open
Greg,
This is a bit of a long shot, but has anyone experience with integrating
Forte with PI/Open. PI/Open is a variant of PICK. We have arequirement
to read and update a PI/Open database from within our Forte application,
and we would be most interested to hear from anyone who has experiencein
doing this.
We are aware of a set of APIs provided with PI/Open that are written in
"C". We could wrapper these from within Forte, however the issue isthat
the APIs provided are non-shared, and Forte requires shared libraries.Would be interersting, which operating system you're using.
You could write a dll (on windows) or shared library (on unix) wrappering
the
original,statically linked "C"-Libs. This lib could be used by Forte.
Tim Hagemann
Tim Hagemann
Ascom GmbH Email: [email protected]
Charlottenburger Allee 61 Phone: +49 241 96806 273
D-52068 Aachen Fax: +49 241 96806 225
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: "Rottier, Pascal" <[email protected]>
Date: Mon, 12 Oct 1998 09:38:25 +0200
Subject: RE: Forms That Will Not Close
Exiting the event loop will not close the window! Invoking
'Close' method on the window will. Check if this method
is executed. It appears, the AfterFinalize event exits the
event loop and nothing more. Then, your applications
waits for some event from your main window, like 'Mouse-
Enter', before invoking Window.Close().
Pascal
Hi,
We seem to be having some type of deadlock problem when trying to
close
forms and am wondering if anyone else has experienced this problem.
The
phenomenon does not always occur and is not specific to any one client
machine.
I will explain the phenomenon:
1. We have an object that contains our main application startup
method.
This method then instantiates our main application window (Control)
and
invokes the Display() method using start task.
2. All other forms created by the application are created using a form
manager service object which exists on the client partition. The form
manager has a CreateForm() method which instantiates a form class of
the
specified type and invoked the form's Display() method using start
task.
3. Each form has a Close push button which when clicked invokes
Window.RequestFinalize().
Now, the problem we have is this:
The user starts the application and the main application window is
displayed. The user then selects an option from the main window and a
child form is created using the form manager service object and is
displayed. The user can continue to create more child forms by
selecting
options from the main window and all child forms are instantiated and
displayed correctly.
However, when the user attempts to close one of the forms the form
does
not close. The finalize event is triggered and the event loop is
exited,
but the form continues to be displayed and does not close. If the user
then moves the mouse pointer over the main application window, the
child
form immediately closes. Moving the mouse cursor over other child
windows (or even the desktop) does NOT do this - only when the mouse
cursor is moved over the main window does the child form close.
Does anyone have any ideas on this?
Regards,
Jace.
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive
<URL:http://pinehurst.sageit.com/listarchive/>- -
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: Jason de Cean <[email protected]>
Date: Mon, 12 Oct 1998 17:47:20 +1000
Subject: RE: Forms That Will Not Close
Hi Pascal,
The Display() method is as follows:
self.Open();
event loop
when Window.AfterFinalize do
exit;
when task.Shutdown do
exit;
end event;
self.Close();
<end>
Are you saying we should do a Window.Close() in there somewhere as well
Regards,
Jace.
On Monday, 12 October 1998 17:36, Rottier, Pascal
[SMTP:[email protected]] wrote:
Exiting the event loop will not close the window!
Invoking
'Close' method on the window will. Check if this method
is executed. It appears, the AfterFinalize event exits
the
event loop and nothing more. Then, your applications
waits for some event from your main window, like 'Mouse-
Enter', before invoking Window.Close().
Pascal
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: "Rottier, Pascal" <[email protected]>
Date: Mon, 12 Oct 1998 11:04:24 +0200
Subject: RE: Forms That Will Not Close
Jason,
No, self.Close() should close the window. This is the
method I referred to. You could place a traceline
behind self.Close() to see if it is executed. It is not
inconcievable some exception may exit the Display()
method before self.Close() is executed.
After that, maybe, some events from your main
window trigger something that causes a call like 'My-
Window.Close()', where 'MyWindow' is a subclass of
'UserWindow', so 'MyWindow' gets closed after all.
Maybe you've overridden 'Close()', so now it doesn't
work properly anymore.
Are you sure you exit the event loop after you press
the close button?? The display method is not regis-
terred for any <PushButton>.Click event, though maybe
you just didn't include the full Display method in your
mail.
Remember that an event loop will only respond to an
event if it is not currently handling an event. So, the
method behind <PushButton>.Click may call a self.
Window.RequestFinalize(), which will cause an After-
Finalize event to be posted, which will be placed in
the event queue. If this method however keeps waiting
for something, the event loop will not respond to the
AfterFinalize event, until this method is done waiting.
Pascal.
Hi Pascal,
The Display() method is as follows:
self.Open();
event loop
when Window.AfterFinalize do
exit;
when task.Shutdown do
exit;
end event;
self.Close();
<end>
Are you saying we should do a Window.Close() in there somewhere as
well
Regards,
Jace.
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: Thomas Kunst <[email protected]>
Date: Mon, 12 Oct 1998 14:28:55 +0200
Subject: Re: AfterValueChange event trigged when it shouldn't be...
Which version of Fort=E9 are you using? We had some strage problems with
GUI events in Fort=E9 3.0.F.2, which disappeared now that we use 3.0.J.1!=
Fouche, Jaco wrote:
=
Hi there,
=
I'm hoping that someone out there has experienced the following (and
knows why it is happening. ) :-)
=
I have a couple of windows on which the AfterValueChange event is
triggered on a field upon hitting the delete key.
We all know that this should only happen upon leaving the field, ie. th=e
field loosing focus. The problem is that I'm trying to recreate this in=
a simple test class, but now it won't happen. I still have the original=
windows on which it is happening, but I would like to construct
something small and simple to send to Forte.
=
Any ideas as to why this could be happening?
=- -- =
Dr. Thomas Kunst mailto:[email protected]
sd&m GmbH & Co. KG http://www.sdm.de
software design & management
Thomas-Dehler-Str. 27, 81737 Muenchen, Germany
Tel +49 89 63812-221 Fax -444
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: Greg Gorham <[email protected]>
Date: Mon, 12 Oct 1998 09:51:07 -0400
Subject: math library
I need direction to the source of Forte libs that handle more scientific
math. Also included is the need for more scientific print formating. I
understand, second hand, that such material is available from third
party vendors/sources.
Thanks
Greg Gorham
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
End of forte-users-digest V1 #1111
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

Greg,
This is a bit of a long shot, but has anyone experience with integrating
Forte with PI/Open. PI/Open is a variant of PICK. We have a requirement
to read and update a PI/Open database from within our Forte application,
and we would be most interested to hear from anyone who has experience in
doing this.
We are aware of a set of APIs provided with PI/Open that are written in
"C". We could wrapper these from within Forte, however the issue is that
the APIs provided are non-shared, and Forte requires shared libraries.Would be interersting, which operating system you're using.
You could write a dll (on windows) or shared library (on unix) wrappering the
original,statically linked "C"-Libs. This lib could be used by Forte.
Tim Hagemann
Tim Hagemann
Ascom GmbH Email: [email protected]
Charlottenburger Allee 61 Phone: +49 241 96806 273
D-52068 Aachen Fax: +49 241 96806 225
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

Excel integration with Entry and Approval for SSM not working

Iu2019m having trouble getting excel integrated with E&A for being able to enter large number of historic data points into a cube-built model u2013 Iu2019ve gone through all the docs several times and there is no good concrete explanation on how to do this. I keep getting the following error message:
Error opening Excel Automation server can't create object. This can be caused by:
1. - The application is not installed on your machine
2. - The browser security does not support ActiveX scripts.
3. - Your were prompted to run ActiveX and you said No, if that is the cause close all browser instances and reopen.
However, I've done the following:
-          Iu2019ve installed the excel add-in on both the server and my local machine, and Iu2019ve enabled the add-in part in Excel on my local machine.
-          The browser security is definitely set to accept all active X scripts
-          I am never prompted to run activeX when I select u201CHistorical Datau201D within entry/approval. I just get the above error message.
-          Iu2019ve flushed cache and restarted listener several times.
What am I missing? I donu2019t see it in any of the docs.
Thanks!

Robb,
Looking at what you've done, there doesn't seem to be an obvious answer. The best suggestion I can make is to fill out a support ticket on this. There must be other factors at work here that will require a deeper look.
Regards,
Bob

Jabber cannot Call - Integration with CUCM/AD

Dear all,
I installed CUCM 9.1.1 and CUPS 9.1.1 with Jabber client 9.0.1.
when I run Jabber on a joined domain PC (login with AD username and password), there are no problem with the calling ability.
But when I try to use a non-join domain PC (I am using VPN to connect to office network and using my personal PC), only the chatting feature that are available. I cannot loggin to phone accounts and cannot make any calls with my Jabber client.
Should I use UDS integration with AD?
Thanks,
Hasan

Hi Hasan,
Can you take a look on this thread:
https://supportforums.cisco.com/message/3914353#3914353
If you still have problem connecting, can you try with newer version of Jabber?
Regards,
Srdjan

CUCM 8.6.2.20000-2 integrated with Office 365?

Hi people,
VOICE MAIL APPLICATION:
Does anybody knows something like that? How to integrate with Cisco Unified Communication Manager 8.6? It is similar the integration with Exchange 2010?
Best regards,
Daniel

Unless you can create a SIP trunk on Office 365 and allow traffic to pass between CUCM and Office 365 across the SIP trunk it would not work. Cisco never supported any Exchange UM for voicemail, it works, but if you have issues Cisco is not going to help you there. No different here, if you can get it to work based on the above, then support is on you.
HTH,
Chris

Unity Connection Integration with CS 1000 and Meridian 81 - PIMG

I have a customer who have (2) Nortel Meridian 81 and (1) CS1000 for their 3 locations along with Octal 350 servicing 2500 voicemail users today. Customer also has a Cisco UCM in their network today which is servicing their wireless phone users.
UCM and CS1000 are networked together using Q.Sig trunks today. Customer is looking at replacing their Octal solution with a new Voice mail solution.
I was looking at integration documents for Unity Connection using PIMG.
In this scenario, would I need 3 separate PIMG 's at the three remote sites and integrate it with Unity connection or Can I achieve this using just one PIMG at one of the sites, considering the three sites are trunked together using tie-trunks.
http://www.cisco.com/en/US/partner/docs/voice_ip_comm/connection/7x/integration/pimg/guide/cucintpimg090.html#wp1051831
Appreciate any pointers/ help.

Hi there,
Just to add a note to the great tips from Hailey (+5 Hailey!)
We are in the final stages of replacing our "old" Octel with Unity Connection, part of
which is integrated to our CS1000 and CUCM in a "Hybrid" deployment like yours
Centralized Voice Messaging
Cisco Unity Connection supports centralized voice messaging through the phone system, which supports
various inter-phone system networking protocols including proprietary protocols such as Avaya DCS,
Nortel MCDN, or Siemens CorNet, and standards-based protocols such as QSIG or DPNSS. Note that
centralized voice messaging is a function of the phone system and its inter-phone system networking,
not voice mail. Connection will support centralized voice messaging as long as the phone system and its
inter-phone system networking are properly configured.
Setting Up a Nortel Meridian 1 Digital PIMG
Integration with Cisco Unity Connection
Attachments:
cucwithnortel.pdf (308.1 K)
Centralized voice messaging provides voice messaging services to all users in a networked phone system environment. Connection can be hosted on a message center PINX and provide voice messaging services to all users in an enterprise assuming the message center PINX and all user PINX phone systems are properly networked.For a centralized voice messaging configuration to exist, a suitable inter-phone system networking protocol must exist to deliver a minimum level of feature support, such as:•Message waiting indication (MWI).•Transfer, which ensures that the correct calling/called party ID is delivered to the voice messaging system.•Divert, which ensures that the correct calling/called party ID is delivered to the voice messaging system.Other features may be required depending on how the voice messaging system is to be used. For example, if it is also serving as an automated attendant, path-replacement is needed as this feature prevents calls from hair-pinning.
http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/design/guide/7xcucdg050.html#wp1053538
Cheers!
Rob

I'm trying to use kerberos V5 with ActiveDirectory but get an error

I'm trying to use kerberos V5 with ActiveDirectory im using simple code from previuos posts but
when i try with correct username/password i get :
Authentication attempt failedjavax.security.auth.login.LoginException: Message stream modified (41)
when i try incorrect username/pass i get :
Pre-authentication information was invalid (24)
Debug info is :
Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Kerberos username [naiden]: naiden
Kerberos password for naiden:      naiden
          [Krb5LoginModule] user entered username: naiden
Acquire TGT using AS Exchange
          [Krb5LoginModule] authentication failed
Pre-authentication information was invalid (24)
Authentication attempt failedjavax.security.auth.login.LoginException: Java code is :
import javax.naming.*;
import javax.naming.directory.*;
import javax.security.auth.login.*;
import javax.security.auth.Subject;
import com.sun.security.auth.callback.TextCallbackHandler;
import java.util.Hashtable;
* Demonstrates how to create an initial context to an LDAP server
* using "GSSAPI" SASL authentication (Kerberos v5).
* Requires J2SE 1.4, or JNDI 1.2 with ldapbp.jar, JAAS, JCE, an RFC 2853
* compliant implementation of J-GSS and a Kerberos v5 implementation.
* Jaas.conf
* racfldap.GssExample {com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true doNotPrompt=true; };
* 'qop' is a comma separated list of tokens, each of which is one of
* auth, auth-int, or auth-conf. If none is supplied, the default is 'auth'.
class KerberosExample {
public static void main(String[] args) {
java.util.Properties p = new java.util.Properties(System.getProperties());
p.setProperty("java.security.krb5.realm", "ISY");
p.setProperty("java.security.krb5.kdc", "192.168.0.101");
p.setProperty("java.security.auth.login.config", "C:\\jaas.conf");
System.setProperties(p);
// 1. Log in (to Kerberos)
LoginContext lc = null;
try {
lc = new LoginContext("ISY",
new TextCallbackHandler());
// Attempt authentication
lc.login();
} catch (LoginException le) {
System.err.println("Authentication attempt failed" + le);
System.exit(-1);
// 2. Perform JNDI work as logged in subject
Subject.doAs(lc.getSubject(), new LDAPAction(args));
// 3. Perform LDAP Action
* The application must supply a PrivilegedAction that is to be run
* inside a Subject.doAs() or Subject.doAsPrivileged().
class LDAPAction implements java.security.PrivilegedAction {
private String[] args;
private static String[] sAttrIDs;
private static String sUserAccount = new String("Administrator");
public LDAPAction(String[] origArgs) {
this.args = (String[])origArgs.clone();
public Object run() {
performLDAPOperation(args);
return null;
private static void performLDAPOperation(String[] args) {
// Set up environment for creating initial context
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
// Must use fully qualified hostname
env.put(Context.PROVIDER_URL, "ldap://192.168.0.101:389/DC=isy,DC=local");
// Request the use of the "GSSAPI" SASL mechanism
// Authenticate by using already established Kerberos credentials
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
env.put("javax.security.sasl.server.authentication", "true");
try {
/* Create initial context */
DirContext ctx = new InitialDirContext(env);
/* Get the attributes requested */
Attributes aAnswer =ctx.getAttributes( "CN="+ sUserAccount + ",CN=Users,DC=isy,DC=local");
NamingEnumeration enumUserInfo = aAnswer.getAll();
while(enumUserInfo.hasMoreElements()) {
System.out.println(enumUserInfo.nextElement().toString());
// Close the context when we're done
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}JAAS conf file is :
ISY {
     com.sun.security.auth.module.Krb5LoginModule required
debug=true;
};krb5.ini file is :
# Kerberos 5 Configuration File
# All available options are specified in the Kerberos System Administrator's Guide. Very
# few are used here.
# Determines which Kerberos realm a machine should be in, given its domain name. This is
# especially important when obtaining AFS tokens - in afsdcell.ini in the Windows directory
# there should be an entry for your AFS cell name, followed by a list of IP addresses, and,
# after a # symbol, the name of the server corresponding to each IP address.
[libdefaults]
     default_realm = ISY
[domain_realm]
     .isy.local = ISY
     isy.local = ISY
# Specifies all the server information for each realm.
#[realms]
     ISY=
          kdc = 192.168.0.101
          admin_server = 192.168.0.101
          default_domain = ISY
     }

Now it works
i will try to explain how i do this :
step 1 )
fallow this guide http://www.cit.cornell.edu/computer/system/win2000/kerberos/
and configure AD to use kerberos and to heve Kerberos REALM
step 2 ) try windows login to the new realm to be sure that it works ADD trusted realm if needed.
step 3 ) create jaas.conf file for example in c:\
it looks like this :
ISY {
     com.sun.security.auth.module.Krb5LoginModule required
debug=true;
};step 4)
( dont forget to make mappings which are explained in step 1 ) go to Active Directory users make sure from View to check Advanced Features Right click on the user go to mappings in secound tab kerberos mapping add USERNAME@KERBEROSreaLm for example [email protected]
step 5)
copy+paste this code and HIT RUN :)
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import com.sun.security.auth.callback.TextCallbackHandler;
public class Main {
    public static void main(String[] args) {
    java.util.Properties p = new java.util.Properties(System.getProperties());
    p.setProperty("java.security.krb5.realm", "ISY.LOCAL");
    p.setProperty("java.security.krb5.kdc", "192.168.0.101");
    p.setProperty("java.security.auth.login.config", "C:\\jaas.conf");
    System.setProperties(p);
    // 1. Log in (to Kerberos)
    LoginContext lc = null;
    try {
            lc = new LoginContext("ISY", new TextCallbackHandler());
    // Attempt authentication
    lc.login();
    } catch (LoginException le) {
    System.err.println("Authentication attempt failed" + le);
    System.exit(-1);
    // 2. Perform JNDI work as logged in subject
    Subject.doAs(lc.getSubject(), new LDAPAction(args));
    // 3. Perform LDAP Action
    * The application must supply a PrivilegedAction that is to be run
    * inside a Subject.doAs() or Subject.doAsPrivileged().
    class LDAPAction implements java.security.PrivilegedAction {
    private String[] args;
    private static String[] sAttrIDs;
    private static String sUserAccount = new String("Administrator");
    public LDAPAction(String[] origArgs) {
    this.args = origArgs.clone();
    public Object run() {
    performLDAPOperation(args);
    return null;
    private static void performLDAPOperation(String[] args) {
    // Set up environment for creating initial context
    Hashtable env = new Hashtable(11);
    env.put(Context.INITIAL_CONTEXT_FACTORY,
    "com.sun.jndi.ldap.LdapCtxFactory");
    // Must use fully qualified hostname
    env.put(Context.PROVIDER_URL, "ldap://192.168.0.101:389");
    // Request the use of the "GSSAPI" SASL mechanism
    // Authenticate by using already established Kerberos credentials
    env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
//    env.put("javax.security.sasl.server.authentication", "true");
    try {
    /* Create initial context */
    DirContext ctx = new InitialDirContext(env);
    /* Get the attributes requested */
    //Create the search controls
    SearchControls searchCtls = new SearchControls();
    //Specify the attributes to return
    String returnedAtts[]={"sn","givenName","mail"};
    searchCtls.setReturningAttributes(returnedAtts);
    //Specify the search scope
    searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
    //specify the LDAP search filter
    String searchFilter = "(&(objectClass=user)(mail=*))";
    //Specify the Base for the search
    String searchBase = "DC=isy,DC=local";
    //initialize counter to total the results
    int totalResults = 0;
    // Search for objects using the filter
    NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
    //Loop through the search results
    while (answer.hasMoreElements()) {
            SearchResult sr = (SearchResult)answer.next();
        totalResults++;
        System.out.println(">>>" + sr.getName());
        // Print out some of the attributes, catch the exception if the attributes have no values
        Attributes attrs = sr.getAttributes();
        if (attrs != null) {
            try {
            System.out.println("   surname: " + attrs.get("sn").get());
            System.out.println("   firstname: " + attrs.get("givenName").get());
            System.out.println("   mail: " + attrs.get("mail").get());
            catch (NullPointerException e)    {
            System.err.println("Error listing attributes: " + e);
    System.out.println("RABOTIII");
        System.out.println("Total results: " + totalResults);
    ctx.close();
    } catch (NamingException e) {
    e.printStackTrace();
}It will ask for username and password
type for example : [email protected] for username
and password : TheSecretPassword
where ISY.LOCAL is the name of kerberos realm.
p.s. it is not good idea to use Administrator as login :)
Edited by: JOKe on Sep 14, 2007 2:23 PM

Kerberos integration with SecurID?

Similar Messages

Maybe you are looking for