LDAP Authentication for OSB Services

Hi ,
I would like to know how to secure proxy services to be accessible to only selected users in a given LDAP configured under weblogic "Providers".
For example only users test1 and test2 must be able to access the proxy service and the methods.
Also is similar type of access control possible with roles?ie only users assigned to a particular role must be able to access the proxy service.
Please note we don't want to use OWSM for this.
Thanks.

Please refer section "45.5 Access Control Policies" at -
http://download.oracle.com/docs/cd/E17904_01/doc.1111/e15866/model.htm#i1063159
Also refer -
http://download.oracle.com/docs/cd/E17904_01/doc.1111/e15866/message_level_cust_auth.htm#i1069719
Regards,
Anuj

Similar Messages

How to enable LDAP authentication for APEX

How do I enable LDAP authentication for APEX 4.2? Thank for your help.
Kevin

you need to create new authentication based on predefined LDAP authentication from shared components => Authentication
and provide your company LDAP authentication credentials

How to use two different LDAP authentication for my Apex application login

Hi,
I have 2 user groups defined in the LDAP directory and I provided the DN string for apex authentication something like the below
cn=%LDAP_USER%,ou=usergrp1,dc=oracle,dc=com
cn=%LDAP_USER%,ou=usergrp2,dc=oracle,dc=com
The problem is I couln't pointout both the groups in DN string, I am trying to allow both usergroups to access the application.
Does anyone know how to define both the group in LDAP DN String ?.
Thanx in advance
Vijay.

Vijay,
I don't think you'll be able to use the built-in LDAP authentication scheme. Just create a new authentication scheme that has its own authentication function. In that function code your calls to dbms_ldap however you need. Search the forum for dbms_ldap.simple_bind_s to find examples.
Scott

LDAP Authentication for Application APEX 3.2

Dear All,
I have created an application in APEX 3.2 for that i am using the below code for authentication all my domain users
create or replace
FUNCTION              "ADS_LDAP_AUTHENTICATE"
(p_username IN VARCHAR2, p_password IN VARCHAR2) RETURN BOOLEAN AS
c_Directory   VARCHAR2(50) ;
c_Port        NUMBER(4);
c_BaseDN      VARCHAR2(200);
c_InitUser    VARCHAR2(200);
c_InitPass    VARCHAR2(32);
l_session     DBMS_LDAP.SESSION;
l_success     PLS_INTEGER;
l_attributes DBMS_LDAP.STRING_COLLECTION;
l_result      DBMS_LDAP.MESSAGE;
l_userdn      VARCHAR2(2000);
CURSOR get_authentication_dtls
IS
SELECT domain_name,server_port,server_base_dn,server_principal,server_credentials
FROM    PS_TB_SYSTEM_ADS_CONFIG_DICT;
BEGIN
OPEN get_authentication_dtls;
LOOP
FETCH get_authentication_dtls INTO c_Directory,c_port,c_baseDN,c_InitUser,c_InitPass;
EXIT WHEN get_authentication_dtls%NOTFOUND;
--Open initial lookup session.
l_session := DBMS_LDAP.INIT(c_Directory,c_Port);
l_success := DBMS_LDAP.SIMPLE_BIND_S(l_session, c_InitUser,c_InitPass);
IF l_success = DBMS_LDAP.SUCCESS THEN
    l_attributes(1) := NULL;
    l_success := NULL;
    l_success := DBMS_LDAP.SEARCH_S(ld => l_session,
                                   base => c_BaseDN,
                                   scope => dbms_ldap.scope_subtree,
                                   filter => '(|(sAMAccountName=' ||p_Username || ')(mailNickname=' || p_Username || '))',
                                   attrs => l_attributes,
                                   attronly => 0,
                                   res => l_result);
    IF l_success = DBMS_LDAP.SUCCESS THEN
      l_userdn := dbms_ldap.get_dn(l_session,dbms_ldap.first_entry(l_session,l_result));
      IF l_userdn IS NOT NULL THEN
        l_success := dbms_ldap.unbind_s(l_session);
        l_session := dbms_ldap.init(c_Directory,c_Port);
        l_success := dbms_ldap.simple_bind_s(l_session, l_userdn,NVL(p_password, 'QWERTASDFZXC'));
      END IF;
    END IF;
else
    return FALSE;
END IF;
IF l_success = DBMS_LDAP.SUCCESS THEN
CLOSE get_authentication_dtls; /* Close cursor before returning */
    RETURN TRUE;
END IF;
END LOOP;
CLOSE get_authentication_dtls;
   RETURN FALSE; /* if the success has not happened till all servers processed, then return FALSE */
EXCEPTION
WHEN OTHERS THEN
    RETURN FALSE;
END;
Now i dont want to allow all the domain user to access my application. So we planned to create a user group in active directory.
Can anyone suggest me how to allow only a set of users to access my application using LDAP.
Thanks in Advance.
Cheers,
San.

Use the below link for Ldap Authentication
LDAP (MS AD) Group Authentication

Java client for OSB service

Hi All,
We have to talk to OSB11g proxy service which is created as Any Soap service (url: http://myosb.firmname.com:7001/osb-ws)
I have java client applications which need to consume this proxy service built on top of OSB by providing the necessary inputs.
Typically we get wsdl url's and then we use Jdeveloper to create web service client proxies to generate client side web service artifacts and call the web service.
But I am confused here as to how can I get a handle to the OSB service from a java client. The OSB developers on the project tell me they don't have and cannot provide a WSDL based URL.
What are the general practices for consuming OSB proxy service from java client apps. Google search result did not yield much help.
Please let me know your thoughts.
Regards,

Hi Anuj,
Thanks for reply. As u guys mentioned that about the URL I have rechecked the URL and realized the port number which I was using that was Admin Server Port while environment contains two servers Admin and Managed both. I have change the Port Number from Admin to Managed now its hitting the Service but now another problem I start facing that I need to pass a big XML as input request to that OSB Proxy Service. I have two different code where I am attaching the input request in two different ways but none of them is passing that request to URL and in both cases I am getting default response from URL.
Here is the Code, Code1 through Core Java:
===============================================================================================
package retriggerpsftorder;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
public class MyTest {
public MyTest() {
System.out.println("Constructor executing");
System.out.println("JAVA Version : " + System.getProperty("JAVA.VERSION"));
public static void main(String arga[]) {
try {
// Construct data
String data = URLEncoder.encode("key1", "UTF-8") + "=" + URLEncoder.encode("<migrateOrder>\n" +
" <migrateOrderId>51c797d61dd211b2818a</migrateOrderId>\n" +
" <createCustomer>false</createCustomer>\n" +
" <createBillingAccount>false</createBillingAccount>\n" +
" <Customer>\n" +
" <ID>\n" +
" </PIN>\n" +
"     </customerAccountNumber\"></customerAccountNumber\">\n" +
" </externalIdentifier>\n" +
" </ID>\n" +
" <creditClass>W</creditClass>\n" +
" </Customer>\n" +
" <Account>\n" +
" <name>Gurwinder Singh</name>\n" +
" <ID>\n" +
" <PIN>1987</PIN>\n" +
"     <billingAccountNumber>695909361</billingAccountNumber>\n" +
" </ID>\n" +
" </Account>\n" +
" <CustomerOrder>\n" +
" <customerOrderPartyReference>\n" +
" <MSISDN>61425265789</MSISDN>\n" +
" </customerOrderPartyReference>\n" +
" <orderSource>\n" +
" <templateName>AUP1057_AU10357_24_DATA_0113</templateName>\n" +
" </orderSource>\n" +
" <typeCode>Connect</typeCode>\n" +
" <futureSubmitDate>2011-02-28</futureSubmitDate>\n" +
" <cancelOpenOrdersIndicator>false</cancelOpenOrdersIndicator>\n" +
" <lineItem actionCode=\"Add\" priorityRanking=\"1\">\n" +
" <product ID=\"AUX221\" type=\"SAMID\" attributeCount=\"19\">\n" +
" <attribute>\n" +
" <name>Accept Code</name>\n" +
" <value>Accept 5</value>\n" +
" </attribute>\n" +
" </product>\n" +
" </lineItem>\n" +
" <lineItem actionCode=\"Add\" priorityRanking=\"2\">\n" +
" <product ID=\"OFF0018\" type=\"SAMID\" attributeCount=\"1\">\n" +
" <attribute>\n" +
" <name>Period Override</name>\n" +
" <value>24</value>\n" +
" </attribute>\n" +
" </product>\n" +
" </lineItem>\n" +
" <lineItem actionCode=\"Allocate\" priorityRanking=\"3\">\n" +
" <equipment ID=\"012645002053476\" type=\"Handset\" />\n" +
" </lineItem>\n" +
" <lineItem actionCode=\"Allocate\" priorityRanking=\"4\">\n" +
" <resource ID=\"89610300000905636996\" type=\"SIM\" />\n" +
" </lineItem>\n" +
" <externalOrderReference>\n" +
" <serviceID>75055433</serviceID>\n" +
" <customerID>921092224696621123154029260421</customerID>\n" +
" <serviceStartDate>2009-02-10</serviceStartDate>\n" +
" <serviceRatePlan>X3Cap $29 24m($29min-35cFF)</serviceRatePlan>\n" +
" <agreementNumber>VHU0029215</agreementNumber>\n" +
" <accountNumber>3382437469</accountNumber>\n" +
" <migrationType>Loyalty Handset Upgrade Acq</migrationType>\n" +
" <receiveMarketingInfoOverrideIndicator>false</receiveMarketingInfoOverrideIndicator>\n" +
" </externalOrderReference>\n" +
" <orderSalesReference>\n" +
" <dealerReferenceID>D3641</dealerReferenceID>\n" +
" <trailingCommissionRatePlan>MUPR9</trailingCommissionRatePlan>\n" +
" <trailingCommisionDealerReference>D3734</trailingCommisionDealerReference>\n" +
" </orderSalesReference>\n" +
" </CustomerOrder>\n" +
" <ContactManagementActivity>\n" +
" <activityCategory>Proof of Purchase - Mig from 3</activityCategory>\n" +
" <activityType>Migration from 3</activityType>\n" +
" <activityDescription>Proof of Purchase Information</activityDescription>\n" +
" <activityComment>MSISDN: 0425265789354610026170561</activityComment>\n" +
" </ContactManagementActivity>\n" +
"</migrateOrder>\n", "UTF-8");
//data += "&" + URLEncoder.encode("key2", "UTF-8") + "=" + URLEncoder.encode("value2", "UTF-8");
System.out.println("Data going for Request : "+data);
// Send data
URL url = new URL("http://172.22.161.101:8017/app/mig3/migrate/MigrateOrder");
URLConnection conn = url.openConnection();
conn.setDoOutput(true);
OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
wr.write(data);
wr.flush();
// Get the response
BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
int i=0;
while ((line = rd.readLine()) != null) {
System.out.println("Values of Line : "+ i + " : "+ line);// Process line...
i++;
wr.close();
rd.close();
} catch (Exception e) {
=========================================
Code 1 Response
Values of Line : 0 : <?xml version="1.0" encoding="UTF-8"?>
Values of Line : 1 : <migrateOrderReply><statusCode>Failed</statusCode><errorReturn><errorCode>CORE_SYS_GENERIC</errorCode><errorMessage>Unexpected System exception</errorMessage></errorReturn></migrateOrderReply>
Process exited with exit code 0.
Note: The above response message is the default response message, even if u not pass any input parameter then also the above message will come.
==========================================================================================================
Code 2 : Using Servlet
package retriggerpsftorder;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.Servlet;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.client.HttpClient;
import org.apache.commons.httpclient.HttpConnection;
import org.apache.commons.httpclient.HttpState;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.URI;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.RequestEntity;
import org.apache.http.client.HttpClient;
public class GIFTProcess extends HttpServlet implements Servlet {
private static final String CONTENT_TYPE =
"text/html; charset=windows-1252";
public void init(ServletConfig config) throws ServletException {
super.init(config);
public void doGet(HttpServletRequest req,
HttpServletResponse resp) throws ServletException,
IOException {
resp.setContentType(CONTENT_TYPE);
PrintWriter out = resp.getWriter();
try {
NameValuePair nvpRtn =
new NameValuePair("body", "<migrateOrder>\n" +
" <migrateOrderId>51c797d61dd211b2818a</migrateOrderId>\n" +
" <createCustomer>false</createCustomer>\n" +
" <createBillingAccount>false</createBillingAccount>\n" +
" <Customer>\n" + " <ID>\n" +
" </PIN>\n" +
"     </customerAccountNumber\"></customerAccountNumber\">\n" +
" </externalIdentifier>\n" +
" </ID>\n" +
" <creditClass>W</creditClass>\n" +
" </Customer>\n" + " <Account>\n" +
" <name>Gurwinder Singh</name>\n" +
" <ID>\n" + " <PIN>1987</PIN>\n" +
"     <billingAccountNumber>695909361</billingAccountNumber>\n" +
" </ID>\n" + " </Account>\n" +
" <CustomerOrder>\n" +
" <customerOrderPartyReference>\n" +
" <MSISDN>61425265789</MSISDN>\n" +
" </customerOrderPartyReference>\n" +
" <orderSource>\n" +
" <templateName>AUP1057_AU10357_24_DATA_0113</templateName>\n" +
" </orderSource>\n" +
" <typeCode>Connect</typeCode>\n" +
" <futureSubmitDate>2011-02-28</futureSubmitDate>\n" +
" <cancelOpenOrdersIndicator>false</cancelOpenOrdersIndicator>\n" +
" <lineItem actionCode=\"Add\" priorityRanking=\"1\">\n" +
" <product ID=\"AUX221\" type=\"SAMID\" attributeCount=\"19\">\n" +
" <attribute>\n" +
" <name>Accept Code</name>\n" +
" <value>Accept 5</value>\n" +
" </attribute>\n" +
" </product>\n" + " </lineItem>\n" +
" <lineItem actionCode=\"Add\" priorityRanking=\"2\">\n" +
" <product ID=\"OFF0018\" type=\"SAMID\" attributeCount=\"1\">\n" +
" <attribute>\n" +
" <name>Period Override</name>\n" +
" <value>24</value>\n" +
" </attribute>\n" +
" </product>\n" + " </lineItem>\n" +
" <lineItem actionCode=\"Allocate\" priorityRanking=\"3\">\n" +
" <equipment ID=\"012645002053476\" type=\"Handset\" />\n" +
" </lineItem>\n" +
" <lineItem actionCode=\"Allocate\" priorityRanking=\"4\">\n" +
" <resource ID=\"89610300000905636996\" type=\"SIM\" />\n" +
" </lineItem>\n" +
" <externalOrderReference>\n" +
" <serviceID>75055433</serviceID>\n" +
" <customerID>921092224696621123154029260421</customerID>\n" +
" <serviceStartDate>2009-02-10</serviceStartDate>\n" +
" <serviceRatePlan>X3Cap $29 24m($29min-35cFF)</serviceRatePlan>\n" +
" <agreementNumber>VHU0029215</agreementNumber>\n" +
" <accountNumber>3382437469</accountNumber>\n" +
" <migrationType>Loyalty Handset Upgrade Acq</migrationType>\n" +
" <receiveMarketingInfoOverrideIndicator>false</receiveMarketingInfoOverrideIndicator>\n" +
" </externalOrderReference>\n" +
" <orderSalesReference>\n" +
" <dealerReferenceID>D3641</dealerReferenceID>\n" +
" <trailingCommissionRatePlan>MUPR9</trailingCommissionRatePlan>\n" +
" <trailingCommisionDealerReference>D3734</trailingCommisionDealerReference>\n" +
" </orderSalesReference>\n" +
" </CustomerOrder>\n" +
" <ContactManagementActivity>\n" +
" <activityCategory>Proof of Purchase - Mig from 3</activityCategory>\n" +
" <activityType>Migration from 3</activityType>\n" +
" <activityDescription>Proof of Purchase Information</activityDescription>\n" +
" <activityComment>MSISDN: 0425265789354610026170561</activityComment>\n" +
" </ContactManagementActivity>\n" +
"</migrateOrder>\n");
NameValuePair[] nvpout = { nvpRtn };
HttpConnection httpConn = new HttpConnection("172.22.161.101", 8017);
System.out.println("httpConn : " + httpConn.getHost() + " getPost: " + httpConn.getPort());
httpConn.open();
System.out.println("Is Connection Open? --> " + httpConn.isOpen());
PostMethod postMethod = new PostMethod();
postMethod.setPath("http://172.22.161.101:8017/app/mig3/migrate/MigrateOrder");
System.out.println("postMethod.getPath() : " + postMethod.getPath());
//postMethod.setQueryString("http://172.22.161.101:8017/app/mig3/migrate/MigrateOrder");
//System.out.println("getQueryString : " + postMethod.getQueryString());
//System.out.println("postMethod.getParams() : " + postMethod.getParams());
postMethod.setRequestBody(nvpout);
System.out.println("validate--> " + postMethod.validate());
postMethod.execute(new HttpState(), httpConn);
System.out.println("isRequestSent --> " + postMethod.isRequestSent());
System.out.println("statusLine--> " + postMethod.getStatusLine());
String serviceResponse = postMethod.getResponseBodyAsString();
System.out.println("Response from Call : " + serviceResponse);
} catch (Exception e) {
out.println("Error Occured during the process.");
e.printStackTrace();
==========================================================================================
Code 2 Response -----
C:\Oracle\Middleware\SOASuite101351\jdk\bin\javaw.exe -jar C:\jdevstudio10135\j2ee\home\admin.jar ormi://10.161.1.169:23891 oc4jadmin **** -updateConfig
11/03/02 15:30:19 WARNING: Shared-library oracle.expression-evaluator:10.1.3.1 is closing, but is imported by adf.oracle.domain:10.1.3.1, adf.generic.domain:10.1.3.1.
2/03/2011 15:30:19 com.oracle.corba.ee.impl.orb.ORBServerExtensionProviderImpl preInitApplicationServer
WARNING: ORB ignoring configuration changes. Restart OC4J to apply new ORB configuration.
Ready message received from Oc4jNotifier.
Embedded OC4J startup time: 7765 ms.
Target URL -- http://10.161.1.169:8988/JAVAProject-RetriggerPSFTOrder-context-root/giftprocess
ERROR: Unable to connect to JQS service: connection refused
11/03/02 15:30:22 httpConn : 172.22.161.101 getPost: 8017
11/03/02 15:30:22 Is Connection Open? --> true
11/03/02 15:30:22 postMethod.getPath() : http://172.22.161.101:8017/app/mig3/migrate/MigrateOrder
11/03/02 15:30:22 validate--> true
11/03/02 15:30:22 isRequestSent --> true
11/03/02 15:30:22 statusLine--> HTTP/1.1 200 OK
2/03/2011 15:30:22 org.apache.commons.httpclient.HttpConnection releaseConnection
WARNING: HttpConnectionManager is null. Connection cannot be released.
11/03/02 15:30:22 Response from Call : <?xml version="1.0" encoding="UTF-8"?>
<migrateOrderReply><statusCode>Failed</statusCode><errorReturn><errorCode>CORE_SYS_GENERIC</errorCode><errorMessage>Unexpected System exception</errorMessage></errorReturn></migrateOrderReply>
==================================================================================
If u find any thing wrong then please let me know.
Any reply is highly appreciated.
Thanks Manish

Radius or LDAP (not Oracle LDAP) authentication for GridControl

I'm running GC 10.2.0.3.0 on Oracle Linux, and I'd like to be able to open up GridControl to other users without setting up accounts/passwords for them. Accounts I can handle, passwords, I don't want to handle.
I see that if I create a new GC user via enterprise manager, a new database accout is also created in the EMREP database. I've configured our EMREP database to use radius authentication and it works when I connect via sqlplus to the EMREP database. The user is set to authenticate "externally" and os_authent_prefix is set to ''.
However, after I set up external authentication for a given user, they are no longer able to login to enterprise manager using their radius authenticated password. So something about EM is not capable of radius authentication with the local EMREP database?
Questions for all:
Is it possible to authenticate users of enterprise manager GridControl against an external password store? I have at my disposal: radius (works great for several of our databases), ActiveDirectory (without oracle schema extensions), LDAP (active directory), proxying the EM server with another Apache server.
I do not have a license for OID and the "free use" license for OID does not allow for user management. We cannot we purchase OID for this purpose.
Our GC environment is Linux so Windows OS authentication against AD isn't going to work and we need to support Firefox/IE/Other browsers on various OS's.
I've seen hints that "external authentication" is possible with "generic" sources, but nothing concrete. Anyone doing this?

<QUOTE>All I want now is the capability to perform my own method of LDAP BIND to AD to be used as a security plugin to the database authentication piece</QUOTE>
Amen.
Right now, I've got an SR open on the radius authentication issue in GC. It took me a two weeks to convince the Oracle tech that I wasn't talking about getting Oracle to use OS authentication where OS users were authenticated by radius.
I've put about 40 actual work hours in on this issue, going so far as to deconstruct the EM install .jar files and trying to replace the JDBC drivers.
At this point I believe that it would be relatively easy for Oracle to add Radius authentication support to Grid control in their next big release (11g).
Doing so would involve replacing the 10g JDBC thin drivers with 11g JDBC thin drivers. The 10g thin jdbc drivers support advanced security encryption and checksums, but not the radius authentication. The 11g thin drivers DO implement the radius option as well as a full complement of encryption checksum types not supported in 10g. From there it should be a simple matter of the EM java login procedure/bean/servlet/jsp being able to set the thin driver to use the radius code in the jdbc layer.
The other option, which I haven't yet given up on would be to hack the EM code so that instead of using 10g thin drivers it uses 10g OCI jdbc (thick) drivers. The thick drivers support the radius authentication and encryption/checksum features natively, and the settings are controled by the sqlnet.ora file. I've got java code using those just fine. If only I could hack EM to use them.
In short, if I had access to the source, I could probably code this up in a week. Very frustrating.
I thought about trying the OID route, but as I said in my original post, we don't have a license. Even if I got it working, and it sounds like it doesn't really work, I can't justify spending $x00,000 for 10-15 dbas not to have to use dedicated accounts and passwords.
Normal user login to our 9i and 10g databases we have working with radius (backed by Active Directory). All we do is "create user xxxxxx identified externally;" and the user is good to go.
In short, I think EM GridControl is awesome. I manage 36 databases with it and I've solved problems in minutes that used to take hours or days. When I show it to some of our oracle "power users" they all want it, but they're all radius authenticated.
I'll keep the thread updated if I see results from our SR.

SUP user authentication for web services

Hi there.
Has anyone in the comunity had any experience with building Web Service based Mobile Business Object (MBO) in SUP 1.5.2. We have built a mobile application for a blackberry device which consumes two ERP web services. The application deploys successfully and runs on the blackberry device just fine. However, untill now the user credentials needed to authenticate a consumer to a web service has been hard-coded into the mobile business object. This, from an accountability point of view, is not an acceptible model (i.e. all mobile users would be logging in to the ERP backend with 1 common user ID).
Has anyone had any experience and could suggest an an alternative solution to this that would support accountability i.e. map SUP users to ERP users, trusted connections etc. and is this possible with SUP 1.5.2?
S

Actually, SUP 1.5.2 just provides the HTTP basic authentication for WS-MBO. It is enable that to create 'username' and 'password' on the WS-MBO as two input parameters. Thus, you can design your device app in SUP to prompt the dialog to accpet the username and password before you access your WS-MBO. Similar, if your web-service has input argument for username and password, you also can design a dialog like above.

Server-side authentication for web services

I was hoping to use Azure's server-side authentication for a HTML/JS web app. Some things are a bit unclear. For example, if a new user authenticates via Facebook, I want to create an associated record on the server-side and associate extra data with the
user, irrespective of the service used to log in. If they log in again, I want the client to be able to get this extra data (eg preferences) from the server. On the back-end, I also want to be able to update particular fields of this record that the user cannot
change themselves. I know how to go about this in a plain Node.js backend, but not sure how some of these basic things map to using Azure's services.

Once the user logs in, you will have their information available to your server scripts. So one option is to use a custom API (or a Mobile Services Table) to insert/read/update the user data. You would protect this endpoint so that only logged-in users can
access it, and then access the
user object to obtain an ID an associate it in a table row. Lookups could be performed by similarly querying for the ID.
In terms of some fields being restricted, you could remove these from the update request itself.
Some pointers that might be helpful:
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-get-started-data/
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-call-custom-api/
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-authorize-users-in-scripts/

Kerberos authentication for Excel Services

Hi,
I am configuring Keberos for Excel Service Application and facing some issue. Things i have done so far:
Configured web application to use Kerberos: Verified it from server authentication logs, klist and net mon that web application is using kerberos.
Excel service Account: domain\ExcelSVA
SQL server service account: domain\SQLSERV
C2WTS account : domain\C2wts
set spn on in using setspn - s sp/excelservices domain\ExcelSVA and delegated constarined authentication to domain\SQLSERV
then setspn - s sp/c2wts domain\C2wts and delegated constrained authentication to domain\SQLSERV.
C2WS account has impersonate identity ,logon as service and act as part of OS rights in app servers where excel and c2wt are running
Now when i try to refresh data i get error :The data connection uses Windows Authentication and user credentials could not be delegated.
The following connections failed to refresh: SQLServername port, databasename
http://technet.microsoft.com/en-us/library/ff487975.aspx
First 3 errors don't apply to me since i cant see these errors in SP log files and my sharepoint and database servers are in same domain.
For UPN, there is a email id assoisated with account that i am using and i have been using that email id to logon to other services in my company so UPN should be done too.
The Excel Services service account must have Active Directory permissions to query the object. Now this got me confusing. Where do i actually
give this? In sql server or AD? Which object does it need to query? The excel database in sql server. If it is so, then the permission needs to be granted on sql .
Also this link http://social.msdn.microsoft.com/Forums/en-US/99a3cf4f-dabc-4ac9-9ea8-afa677199ffa/kerberos-and-excel-services?forum=sharepointgeneralprevious
Microsoft solution described here is weired. I don't think sql server has c2wts or excel service application started on it. And from drop down list that is i don't know what is the solution talking of.
Does any one have any idea if i am missing any delegation or any step?
sachin

Any idea??
sachin

User Authentication for Web Services

Hi,
I am developing a web services that resides in Intranet. Thus, would like to implement application layer of user authetication, i.e. to match the input user name and password against Database record through a web service logon() method. If authentication is passed, the client program is allowed to call subsequence web service methods, else exception needs to be thrown when calling subsequence methods.
As understand that each method call to web services is treated seperately. Thus, how can we implement the authentication so that the client program only passes in the user name and password at once through logon() method, instead of perfoming the authentication for each method?
Appreciate the advice. Thanks.

Hi,
But, I need to develop the web services logon method using WSDL which generated the LogonBindingImpl.java, instead of web services using EJB bean.
Besides, the Web Service logon method (LogonBindingImpl.java) need to accept the input user name and password to check with the user name and password that stored in database table through the EJB bean. If checking successful, client program is allowed to invoke other WebServices method, else login failed exception need to be thrown when client calling other web services methods.
Appreciate the advice here on how to achieve that. Thanks.

Setting Basic Authentication for Web Service in WLS 6.1

Hi,
I am trying to set-up a Basic Username/Password authentication for a Web Service
that is hosted in WLS 6.1.
How do I go about doing that? Also once I get the username and password, how do
I pass that info
to the SOAP servlet to do the authentication? Can you give me some pointers on
this?
Thanks
Madhu

How do you want to do it? Through use of client.jar for the service or
directly? Here is how I do it directly:
String auth = "guest", pwd = "guest";
URL url = new URL("http://localhost:7001");
URL cmdURL = new URL(url.toString()+"/systemtest/TestWebService");
HttpURLConnection conn = (HttpURLConnection) cmdURL.openConnection();
String encAuth =
new BASE64Encoder().encode((auth + ":" + pwd).getBytes());
// BASE64Encode distributes long strings on multiple
// lines; we don't like that, no siree
int it = 0;
while ((it = encAuth.indexOf('\n')) != -1
|| (it = encAuth.indexOf('\r')) != -1) {
encAuth = encAuth.substring(0, it) +
encAuth.substring(it + 1);
conn.setRequestProperty("Authorization", "Basic " + encAuth);
conn.setRequestProperty("Content-Type", "text/xml");
conn.setRequestProperty("SOAPAction", cmdURL.toString());
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setUseCaches(false);
OutputStream oStr = conn.getOutputStream();
String cmd =
"<?xml version=\"1.0\" ?>\n"
+ "<soap:Envelope xmlns:soap=\"http://schemas.xmls"
+ "oap.org/soap/envelope/\"><soap:Body>"
+ "<ping><arg0>false</arg0></ping>"
+ "</soap:Body></soap:Envelope>";
oStr.write(cmd.getBytes());
oStr.close();
InputStream iStr = conn.getInputStream();
byte[] buffer = new byte[1024];
while (true) {
int size = iStr.read(buffer);
if (size == -1)
break;
System.out.println(new String(buffer, 0, size));
ThorAAge

Authentication for bussines services in OSB

Hello all ,
I had a business services that made a call to wsdl based SharePoint service . But when I tried to call a method from wsdl - I get this error in the test window from OSB .
" The invocation resulted in an error: Unauthorized. "
Where should I attached also the authentication information ?
Many thanks in advance ,
Stefan

Hello ,
this is ResponseMetadata from the test - so it will be http authenticate ?
Best regards,
Stefan
<con:metadata xmlns:con="http://www.bea.com/wli/sb/test/config">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:user-header name="MicrosoftSharePointTeamServices" value="14.0.0.4762"/>
<tran:user-header name="SPRequestGuid" value="a4652831-2cbe-4aaa-8689-74d0f7f976d0"/>
<tran:user-header name="X-Powered-By" value="ASP.NET"/>
<http:Content-Length>0</http:Content-Length>
<http:Date>Tue, 11 Jan 2011 14:17:03 GMT</http:Date>
<http:Server>Microsoft-IIS/7.5</http:Server>
<http:WWW-Authenticate>NTLM</http:WWW-Authenticate>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">1</tran:response-code>
<tran:response-message xmlns:tran="http://www.bea.com/wli/sb/transports">Unauthorized</tran:response-message>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">iso-8859-1</tran:encoding>
<http:http-response-code xmlns:http="http://www.bea.com/wli/sb/transports/http">401</http:http-response-code>
</con:metadata>

HTTP Basic authentication for proxy service and its wsdl?

Hello:
For some reasons I needed to configure the HTTP basic authentication on a proxy service at OSB 11g. Everything was OK until I realized that, additionally to the authentication when calling the service, the OSB also asks for credentials when I try to get that proxy wsdl file.
My requirements are to secure the proxy service when is called only, not when retrieving the wsdl.
Is this possible to configure on OSB / WLS? How?
Greetings!
Edited by: user4483647 on 02-sep-2010 12:59
Edited by: user4483647 on 02-sep-2010 13:25

If I'm not wrong, Basic authentication is Transport level feature. So passing User/Password in SOAPHeader doesn't make sense. SOAP message can only be sent when you have a HTTP Connection open. During opening of HTTP connection User/Password is required for basic authentication.
http://www.student.nada.kth.se/~d95-cro/j2eetutorial14/doc/Security7.html#wp156943
Edited by: mneelapu on Apr 2, 2009 2:09 PM

Error in LDAP Authentication for Sun One App Server 8..pls help

I need to authenticate my sun java system application server 8 with openldap server.....
i have added ldap realm as given in the administrators guide http://docs.sun.com/source/817-6088/security.html
My settings in the sun app server were like this:
Realm: ldap
Class Name: com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
directory ldap://10.1.1.79:389
base-dn o=stooges
jaas-context ldapRealm
search-bind-dn cn=StoogeAdmin,o=stooges
search-bind-password secret1
My openldap schema is as follows
file : /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
database ldbm
suffix "o=stooges"
rootdn "cn=StoogeAdmin,o=stooges"
rootpw secret1
directory /var/lib/ldap/stooges
defaultaccess read
schemacheck off
lastmod on
index cn,sn,st pres,eq,sub
index uid,userPassword eq
file : /var/lib/ldap/stooges/stooges.ldif
dn: o=stooges
objectClass: top
objectClass: organization
o: stooges
description: The Three Stooges
dn: cn=StoogeAdmin,o=stooges
objectClass: organizationalRole
cn: StoogeAdmin
description: LDAP Directory Administrator
dn: ou=MemberGroupA,o=stooges
ou: MemberGroupA
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupA
dn: ou=MemberGroupB,o=stooges
ou: MemberGroupB
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupB
dn: uid=vikram,ou=MemberGroupA,o=stooges
uid:vikram
givenName:vicky
objectClass:top
objectClass:person
objectClass:organizationalPerson
objectClass:inetorgperson
sn:kone
cn:Kone Vikram
userPassword:glamsham
When i start ldap server and sun server,
the login page for sun server asks for username and password ....
when i give
username : vikram
password : glamsham
Error page comes.....
HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
Sun-Java-System/Application-Server-PE-8.0
Subsequent attempts to login gives another error page
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
com.sun.enterprise.tools.guiframework.exception.FrameworkException: Unabled to handle pre-compiled JSP '/jsp/j_security_check'. Expected pre-compiled classname: 'org.apache.jsp.jsp.j_005fsecurity_005fcheck'.
com.sun.enterprise.tools.admingui.servlet.HandlePrecompiledJsp.doPost(HandlePrecompiledJsp.java:59)
javax.servlet.http.HttpServlet.service(HttpServlet.java:768)
javax.servlet.http.HttpServlet.service(HttpServlet.java:861)
sun.reflect.GeneratedMethodAccessor55.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:324)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:289)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:205)
note The full stack trace of the root cause is available in the Sun-Java-System/Application-Server-PE-8.0 logs.
Sun-Java-System/Application-Server-PE-8.0
So pls... help as to how to go about this..
P.S. My ldap server runs as "ldap" user not as root

Try with "vikram" as a member of "cn=asadmin" group in your LDAP directory...

Problem with LDAP authentication for users in a group

I've gone through several forums attempting to find a solution, but I still can't get authentication to work for users in a particular group within AD. Our ASA is running 9.1(2), and the domain controller is a Windows Server 2012 R2.
I can configure the VPN connection, so that all users can authenticate just fine; however, when I setup the group, there appears to be success, but I'm reprompted to authenticate, and it eventually fails:
[6707] memberOf: value = CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com
[6707] mapped to IETF-Radius-Class: value = GroupPolicy_COMPANY_SSL_VPN
[6707] mapped to LDAP-Class: value = GroupPolicy_COMPANY_SSL_VPN
[6707] msNPAllowDialin: value = TRUE
I'd be grateful if anyone can point me into the right direction and show me what I'm doing wrong. Thank you.
ldap attribute-map AuthUsers
map-name memberOf IETF-Radius-Class
map-value memberOf "CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com" GroupPolicy_COMPANY_SSL_VPN
aaa-server LDAP protocol ldap
aaa-server LDAP (COMPANY_PROD_INTERNAL) host 10.10.100.110
ldap-base-dn DC=COMPANY,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=LDAPAuth,CN=Users,DC=COMPANY,DC=com
server-type microsoft
ldap-attribute-map AuthUsers
group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0
vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
webvpn
anyconnect ask none default anyconnect
group-policy GroupPolicy_COMPANY_SSL_VPN internal
group-policy GroupPolicy_COMPANY_SSL_VPN attributes
wins-server none
dns-server value 10.10.100.102
vpn-tunnel-protocol ikev1 ikev2 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUNNEL
default-domain value net.COMPANY.com
webvpn
anyconnect profiles value COMPANY_SSL_VPN_client_profile type user
tunnel-group COMPANY_SSL_VPN type remote-access
tunnel-group COMPANY_SSL_VPN general-attributes
address-pool COMPANY-SSL-VPN-POOL
authentication-server-group LDAP
authorization-server-group LDAP
authorization-server-group (COMPANY_PROD_INTERNAL) LDAP
default-group-policy NOACCESS
authorization-required
tunnel-group COMPANY_SSL_VPN webvpn-attributes
group-alias COMPANY_SSL_VPN enable
tunnel-group COMPANY_SSL_VPN ipsec-attributes
ikev1 pre-shared-key *****

I just figured it out. Under "group-policy GroupPolicy_COMPANY_SSL_VPN attributes", I had to add "vpn-simultaneous-logins 15". Apparently, it was using the value "vpn-simultaneous-logins 0" under the NOACCESS group policy.

LDAP Authentication for OSB Services

Similar Messages

Maybe you are looking for