Login authentication using jbuilder 7 personal

Similar Messages

• What is the difference between Login authentication using AAA and Login Local

  Hello,
  I am currently studying my CCNA and I am curious as to what is the difference between configuring the below 2 options, which seem to achieve the same outcome to me.
  1).
  Router(config)#username user1 password pass1
  Router(config)#line vty 0 15
  Router(config-line)login local
  Or
  2).
  Router(config)#username user1 password pass1
  Router(config)#aaa new-model
  Router(config)#aaa authentication login LOCAL_AUTH local
  Router(config)#line vty 0 15
  Router(config-line)#login authentication LOCAL_AUTH
  Thanks for your replies

  When only looking at the authentication as you have configured it, you are right. Both do the same thing. But when you activate aaa new-model, you have plenty more options to control how your complete AAA is working. Most important, you can send the authentication to an external Authentication-server with RADIUS or TACACS+ or you can do Authorization where the external server controls what you are allowed to do after you have authenticated.
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• How to set up local server to use a remote server for login authentication?

  Thank you in advance for any help you can offer.
  We are trying to set up a "sub-network" (dont' know if this is the right terminology) using a 10.4 Server OS, to manage a set of clients... the trick is that the client login/home directory information is on a different remote server, and shall remain there, for the most part.
  To make it easy to understand here's the environment:
  *Local Server:* 10.4 G4 Server Quicksilver 1G dual--we have total control of this one
  *Main/remote server:* 10.5 Xserve.. don't know which vintage--we have very very very little input on this machine.. effectively at the mercy of the sysadmin of this system who is very conservative in changing anything (hence the need for a separate server to install applications and client machine-specific profiles, etc since the Xserve admin refuses do it). This serves MacBooks/MacBookPros and few iMacs. (no Windows PC.. as that group of comptuers have their own server)
  client: ~20 eMacs/iBooks all running 10.4.
  use environment: elementary school-->very low network demand (no e-mail, just running local apps linking to server(s) for licensing and login, and some file saving small files on remote server, user preferences, etc).
  The remote server (the Xserve) has all the login authentication, as well as the home directories. every school year, the directories get updated as new students enroll and old students graduate. Currently all the clients are directly linked to the Xserve via LDAP while we bring the local server on-line.
  the local sever (our G4 Quicksilver) will have few network applications that will support the client machines. We also will be setting up computer accounts and groups for our clients so that we can properly set their environments (the Xserve admin will not do this on the Xserve, so currently all the clients are connecting to the server as a "guest computer" from what little I understand watching what was done)
  now, what is the best way to approach this type of set up with minimal "inconvenience" of the Xserve admin?
  I am pretty experienced with standalone UNIX and macOS X administration, but a novice to this whole Server and network setup thing. Any suggestions, instructions, pointers to URLs with how-tos is much appreciated. I am not afraid to use Terminal (grew up on UNIX before GUI), etc., and willing to try safe but unconventional setups if that is what's needed...
  thanks for any help!

  Oh never mind.... I figured it out myself helps to read up on the manuals. d'oh. sorry for the bandwidth waste...

• Oracle ADF 11g – Authentication using Custom ADF Login Form Problem

  Hi Guys,
  I am trying to Authenticate my adf application using custom Login Form.
  following this..
  http://www.fireboxtraining.com/blog/2012/02/09/oracle-adf-11g-authentication-using-custom-adf-login-form/#respond
  But my Login Page is not Loading.I think its sending request in chain.my jdev version is 11.1.1.5.Any Idea.
  Thanks,
  Raul

  Hi Frank,
  I deleted bounded code and In another Unit Test I created a simple login.jspx page and applied form based authentication but still facing same problem means something wrong in starting.
  My login.jspx page is
  <?xml version='1.0' encoding='UTF-8'?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"
            xmlns:f="http://java.sun.com/jsf/core"
            xmlns:h="http://java.sun.com/jsf/html"
            xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
    <jsp:directive.page contentType="text/html;charset=UTF-8"/>
    <f:view>
      <af:document id="d1" >
        <af:form id="f1" >
          <af:panelFormLayout id="pfl1">       
            <af:inputText label="USERNAME" id="it1"
                          />       
            <af:inputText label="PASSWORD" id="it2"
                            />
            <af:commandButton text="LOG IN" id="cb1" />
            <f:facet name="footer">       
            </f:facet>                 
          </af:panelFormLayout>
        </af:form>
      </af:document>
    </f:view>
  </jsp:root>
  Don't know wht real problem is

• How  Stateless Web services requests can be authenticated using HTTP Login

  Hi All,
  How Stateless Web services requests can be authenticated using HTTP Login (with Oracle CRM On Demand Single Sign On (SSO) Token in HTTP Header).
  If there is any code regarding stateless Web services requests to CRMOD please send it to me that will be helpful for me.
  Please help me.
  Thanks,
  Jaysing
  Edited by: 883663 on Sep 19, 2011 12:06 AM

  You cant use stateless web services when you're using SSO. It's called out in the documentation.

• Questions regarding authentication used in SRDemo ADF Tutorial

  Hello,
  I am currently in the process of learning ADF with the help of SR Demo application from OTN.
  I have a few questions regarding the authentication used in SRDemo ADF Tutorial.
  1) Why do I need to specify the list of the all the users in the jazn-data.xml file with the name and credential attributes?
  2) How I change the authentication mechanism to point to database tables.(If it's not using, correct me if I am wrong).
  3) The prompt which I am getting for authentication is like OEM authentication. Can I change this to a normal authentication login page?
  4) As an option I would like to pass the person who logged in to windows , should be able to log in to the application. How can I pass the username(which I have in a java string) to my application and get logged in?
  Any help is highly appreciable.
  Thanks

  Read these two, should help
  http://technology.amis.nl/blog/?p=1462
  http://stegemanoracle.blogspot.com/2006/02/using-custom-login-module-with-jdev.html
  But to be honest, I couldn't get it working.

• I'm trying to connect through the FTP client Filezilla. When I try to login with the wizard, it gives me a "503 Failure of Data Connection" reply; when I attempt to login myself, it gives me a "530 Login Authentication Failed." HELP!!!

  My current softward is: Mac OS X Lion 10.7.5 (11G63)
  When I attempt to use the Filezilla connection wizard I get the following message:
  Connecting to probe.filezilla-project.org
  Response: 220 FZ router and firewall tester ready
  USER FileZilla
  Response: 331 Give any password.
  PASS 3.7.1.1
  Response: 230 logged on.
  Checking for correct external IP address
  Retrieving external IP address from http://ip.filezilla-project.org/ip.php
  Checking for correct external IP address
  IP 27.0.19.56 ch-a-bj-fg
  Response: 200 OK
  PREP 52470
  Response: 200 Using port 52470, data token 1871898076
  PORT 27,0,19,56,204,246
  Response: 200 PORT command successful
  LIST
  Response: 150 opening data connection
  Response: 503 Failure of data connection.
  Server sent unexpected reply.
  Connection closed
  When I attempt to login Host/Username/Password myself I get the following message:
  Status:          Resolving address of amyhoney.com
  Status:          Connecting to 184.168.54.1:21...
  Status:          Connection established, waiting for welcome message...
  Response:          220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
  Response:          220-You are user number 12 of 500 allowed.
  Response:          220-Local time is now 04:05. Server port: 21.
  Response:          220-This is a private system - No anonymous login
  Response:          220 You will be disconnected after 3 minutes of inactivity.
  Command:          USER 5475****
  Response:          331 User 5475**** OK. Password required
  Command:          PASS ********************
  Response:          530 Login authentication failed
  Error:          Critical error
  Error:          Could not connect to server
  Now before anyone points out the obvious: my username and password are correct. I've already gone through changing them so I know they are.
  Additionally, I've pretty much tried EVERYTHING I've read online, from messing with "terminal" (and subsequently the FTP and STFP options) to changing the sharing options and turning on file sharing/remote management as well as just turning off my Firewall completely.
  Now I've used Filezilla before when I first published my site and everything worked fine. My site is published through Wordpress so most of my editing was done through simply logging into my "wp-login." I recently changed the theme and in order to change the header image in that theme I have to do it through my "wp-content" folder, which means I need to use Filezilla. I feel like a complete moron right now considering I've had my site for about a year and can't even doing something this simple.
  I've read that the newer version of Lion/Mountain Lion don't support automatice FTP anymore, which (as I mentioned prior) I attempted to fix through Terminal. However, nothing I do seem to do works.
  Can someone walk me through fixing this? And I do mean 'walk me through'. I'm not a tech-savvy nerd who knows all the lingo, I just know the basics so sorry if my ignorance offends you.
  HELP!!

  First be sure login and password are OK. Sometimes the address starts wit "http://..." and sometime starts with "ftp://...". Try both normal FTP access and Scure FTP access (SFTP). At the end, contact the site's provider.

• Custom Authentication using WebService

  Hi,
  I am trying to create a way to Authenticate my users after calling a Webservice using Custom Authentication so that they don't have to Log on twice (SSO).
  Here is a brief description of what I'm trying to do:
  - End Users Login and get Authenticated in an iPlanet Portal.
  - Once in - they hit a link which calls my APEX Application in a new window.
  - I call the Web Service that return a response telling me if they have a valid Portal session along with username etc.
  - If they are logged in to our Portal - I authenticate them in APEX using Custom Authentication and allow them to continue.
  I have done this so far:
  - Created an After Footer Process in the Login Page(101) that calls the Web Service.
  - Created an automatic Page submit on page 101 with Javascript.
  - Changed the After Submit Process 'Set Username Cookie' to use the Login returned in the Web Service.
  - Changed the After Submit Process 'Login' to use the Login returned in the Web Service.
  - Custom Authentication is run after Page is submitted.
  - The user can then run the Application.
  Everything was working fine when I was already logged in to APEX as a Developer, but when I tried to run the application as a non-developer I get the Error:
  ORA-01400: cannot insert NULL into ("FLOWS_030100"."WWV_FLOW_COLLECTIONS$"."USER_ID")
  I now realize that my Webservice Process is trying to store the result of the Web Service call before the Login has occured - so there is no APEX User at this point.
  Does anyone have a way to accomplish what I'm trying to do?
  Thanks,
  Bill

  You should create a page sentry function based on the often-cited ntlm page sentry function discussed in this forum. That has the framework you need. Here is an example, although it's kind of old:
  function modntlm_page_sentry return boolean as
      l_current_sid            number;
      l_authenticated_username varchar2(256) := OWA_UTIL.GET_CGI_ENV('REMOTE_USER');
  begin
      if l_authenticated_username is null then
          return false;
      end if;    
      l_current_sid := wwv_flow_custom_auth_std.get_session_id_from_cookie;
      if wwv_flow_custom_auth_std.is_session_valid then
          htmldb_application.g_instance := l_current_sid;
          if l_authenticated_username = wwv_flow_custom_auth_std.get_username then
              wwv_flow_custom_auth.define_user_session(
                  p_user=>l_authenticated_username,
                  p_session_id=>l_current_sid);     
              return true;
          else -- username mismatch. Unset the session cookie and redirect back here to take other branch
              wwv_flow_custom_auth_std.logout(
                  p_this_flow=>v('FLOW_ID'),
                  p_next_flow_page_sess=>v('FLOW_ID')||':'||nvl(v('FLOW_PAGE_ID'),0)||':'||l_current_sid);
              htmldb_application.g_unrecoverable_error := true; -- tell htmldb engine to quit           
              return false;
          end if;
      else -- application session cookie not valid; we need a new htmldb session
          wwv_flow_custom_auth.define_user_session(
              p_user=>l_authenticated_username,
              p_session_id=>wwv_flow_custom_auth.get_next_session_id);
          htmldb_application.g_unrecoverable_error := true; -- tell htmldb engine to quit
          if owa_util.get_cgi_env('REQUEST_METHOD') = 'GET' then
              wwv_flow_custom_auth.remember_deep_link(p_url=>'f?'||wwv_flow_utilities.get_cgi_query_string_decoded);
          else
              wwv_flow_custom_auth.remember_deep_link(p_url=>'f?p='||
                  to_char(htmldb_application.g_flow_id)||':'||
                  to_char(nvl(htmldb_application.g_flow_step_id,0))||':'||
                  to_char(htmldb_application.g_instance));
          end if;
          wwv_flow_custom_auth_std.post_login( -- register session in htmldb sessions table,set cookie,redirect back
              p_uname     => l_authenticated_username,
              p_flow_page => htmldb_application.g_flow_id||':'||nvl(htmldb_application.g_flow_step_id,0));
          return false;       
      end if;   
  end modntlm_page_sentry;You would replace this:
  l_authenticated_username varchar2(256) := OWA_UTIL.GET_CGI_ENV('REMOTE_USER');
  ...with whatever statement will allow you to get the authentication status and authenticated user name from the environment, from HTTP headers, or from some other external source.
  Then you would put this into the page sentry function attribute of the authentication scheme for your application:
  return modntlm_page_sentry;
  Of course you can name it anything you like but it should be compiled in your applicaiton's parsing schema.
  Scott

• How can I set up SSL login authentication on one domain for multiple domains

  Our site currently runs in 22 countries with 22 different
  country domains:
  www.mysite.com
  www.mysite.co.uk
  www.mysite.fr
  etc
  We want to use SSL on our login pages but realise that the
  cost of certification for every domain is expensive. One solution
  would be to channel all login activity to a single domain, eg:
  www.mysite.com/login.cfm?site=fr which would then redirect to
  www.mysite.fr – this is how Google do it
  But, currently we are using encrypted cookies for login
  authentication so we would have the problem of having to transfer
  the cookie info across domains securely. Is there any way of going
  about this?
  Any other suggestions would be great, too. We do plan to move
  to session management for logins but this is a longer term project
  so we are hoping to sort out the SSL prior to that.

  Can you not pass the values you need as URL parameters?
  Encrypt them befor you send them and then decrypt them on the new
  domain. Then add them to whatever place you need (cookie, session,
  etc.)?

• Client Certificate Mapping authentication using Active Directory across trusted forests

  Hi,
  We currently have a setup where the on-premises environment and the cloud environment are based on two separate forests linked by a 1-way trust, i.e., the exist in the on-premises AD and the 1-way trust allows them to use their
  credentials to login to a cloud domain joined server. This works fine with the Windows authentication.
  We are now looking at implementing a 2-Factor authentication using Certificate. The PKI infrastructure exists in the On-Premises Forest. The users are able to successfully login to on-premise servers configured with "AD CLient Certificate
  Mapping".
  However, we are unable to achieve the same functionality on the cloud domain joined servers. I would like to know
  1. Is this possible?
  2. If yes, what do we need to do to make this work.
  Just to clarify, we are able to authenticate using certificates by enabling anonymous authentication. However, we are unable to do the same after turning on "Client Certificate Mapping authentication using Active Directory"

  1. Yes!
  2. Before answering this I need to know if your are trying to perform a smart card logon on a desktop/console or if you just want to use certificate based authentication in an application like using a web application with client certificate requirements
  and mapping?
  /Hasain
  We will eventually need it for smartcard logon on to desktop/console. However, at present, I am trying to use this for certificate based authentication on a web application.
  To simulate the scenario, I setup up two separate forests and established a trust between them.
  I then setup a Windows PKI in one of the forests and issued a client certificate to a user.
  I then setup a web server in both the forests and configured them for anonymous authentication with Client SSL requirement configured.
  I setup a test ASP page to capture the Login Info on both the servers.
  With the client and the server in the same forest, I got the following results
  Login Info
  LOGON_USER: CORP\ASmith
  AUTH_USER: CORP\ASmith
  AUTH_TYPE: SSL/PCT
  With the client in the domain with the PKI and the server in the other Forest, I got the following response
  Login Info
  LOGON_USER:
  AUTH_USER:
  AUTH_TYPE: 
  I tried the configuration with the Anonymous Authentication turned off and the AD CLient Certificate mapping turned on.
  With the client and the server in the same forest, I am able to login to the default page. However, with the server in a trusted forest, I get the following error.
  401 - Unauthorized: Access is denied due to invalid credentials.
  You do not have permission to view this directory or page using the credentials that you supplied

• Server does not support PLAIN or LOGIN authentication

  I try to send mail via XI Mail adapter. My settings are below
  Transport protocol : SMTP
  Message protocol : XIPAYLOAD
  url : smtp://10.44...
  Authentication Method : Plain
  User : ...
  Password...
  From :
  To : ....
  But i give this error   "server does not support PLAIN or LOGIN authentication"..
  I think I use SSL or something else, but I dont know how to do by using Mail adapter..
  Or Why do i get this error ?
  Thanks

  Hello Tuncer,
  In your case, you need to first enable SSL on your PI server, which requires some effort. Here are the links for SSL configuration for AS ABAP and AS Java:
  http://help.sap.com/saphelp_nw70/helpdata/en/0d/a22640632cec01e10000000a155106/content.htm
  http://help.sap.com/saphelp_nw70/helpdata/en/56/a12640632cec01e10000000a155106/content.htm
  After that, you need to exchange client certificates between your PI and mail server so that the two systems will accept each other's logon tickets. Only after that you can use your mail adapter with SSL. All adapters that run on the adapter engine use Java AS's authentication mechanisms, so SSL should be enabled for your AS Java, you cannot enable it only for the mail adapter.
  I recommend trying this scenario with another mail server that doesn't require SSL first with plain authentication. Then you can go for SSL, but you will probably need an experienced basis guy to help you for the configuration.
  Hope this helps,
  Regards / selamlar
  Gökhan

• "invalid password "on Iweb Test. and on SEO Tool, Login Failed Login Authentication Failed, ALL SETTING ARE CORRECT HELP

  I have been updating my site over the last week, using Iweb SEO TOOL, but suddenly 2 days ago I can no longer update when i go to publish it says "invalid password "on Iweb Test. and on SEO Tool, Login Failed Login Authentication Failed, the password and all settings are correct.
  I am 100% sure the all the setting are correct, as it has been working for the last 7 months and I have just been updating it, then suddenly it stopped, I have all the FTP settings wrote down, and even changed the passwords twice hoping that may work to no avail.

  Try the following:
  delete the iWeb preference files, com.apple.iWeb.plist and com.apple.iWeb.plist.lockfile, that resides in your Home() /Library/Preferences folder.
  go to your Home()/Library/Caches/com.apple.iWeb folder and delete its contents.
  Click to view full size
  launch iWeb and try again.
  If that doesn't help continue with:
  move the domain file from your Home/Library/Application Support/iWeb folder to the Desktop.
  launch iWeb, create a new test site, save the new domain file and close iWeb.
  go to the your Home/Library/Application Support/iWeb folder and delete the new domain file.
  move your original domain file from the Desktop to the iWeb folder.
  launch iWeb and try again.

• Oracle 9i/10G DB authentication using Active Directory (with out OID)

  Hello All,
  We want to use a Single-Password authentication scheme using the Active
  Directory as the primary source for userId/Password.
  We don't want to use the Active Directory and OID bridge.
  As we have many databases and would like to configure all Databases to use Active
  Directory for Authentication. Our goal is to have single id/password across all
  the databases and any user should be able to login from any computer using their
  windows id/password, note that we don't want to use the OSAuthentication.
  We have read the documents provided by oracle for authentication using Active
  Directory, we were able to create Oracle Schema in Active Directory and were
  also able to register a DB with Active Directory and then created user as global
  user in Oracle Database and provided the DN of the user. When we tried
  authenticate with all this setup it comes back and says invalid ID/Password !!!
  And with 10G database we get the Oracle Error ORA-03113: end-of-file on communication channel !!
  Has any one tried or have information on Integrating Oracle to Auth against Active Directory?
  Envoirnment:
  Oracle DB Version: 9.2.0 and also tried on 10.0.1 with same results
  Operating System: Windows 2000/ Windows 2000 Server
  Constraint: We don't want to user OID ( as we don't have license for this
  product ! )

  I have a thread started similar to your request.
  OS Authenication on Windows
  Somewhere I read this. It works on Oracle 9i on Linux, but I have not tried it with Oracle 9i on Windows.
  SHOW PARAMETER OS_AUTHENT_PREFIX;
  SHOW PARAMETER REMOTE_OS_AUTHENT;
  CREATE USER OPS$SOMEUSER IDENTIFIED EXTERNALLY;
  GRANT CREATE SESSION TO OPS$SOMEUSER;
  For the username, I wonder if we are supposed to put the Windows Domain name as part of the username? Such as, for a Windows domain user MyDomain\SomeUser
  CREATE USER OPS$MYDOMAIN\SOMEUSER IDENTIFIED EXTERNALLY;
  I really wish Oracle or somebody created a guide or book on how to do this.

• Machine authentication using certificates

  Hi,
  I am facing this error while machine authenticates agaist AD for wireless users. My requirement is users with corporate laptop get privileged vlan and BYOD should get normal vlan.I am using Cisco ISE 1.1.1 and configured authentication policies to diffrenciate clients based on corp asset and BYOD. Authentication policy result is identity sequnce which uses certificate profile and AD. All corp laptops should be authenticated using certificates and then followed by AD user and pass. when I configure XP users to validate server certificate this error comes in ISE log "Authentication failed : 11514 Unexpectedly received empty TLS message; treating as a rejection by the client" and if I disable validate sewrver certificate then this error "Authentication failed : 22049 Binary comparison of certificates failed".
  Any help??
  Thanks in advance.

  Hi [answers are inline]
  I  have tried using Cisco Anyconnect NAM on Wondows XP for machine and  user authentication but EAP-chaining feature is not working as expected.  I am facing few challenges. I have configured NAM to use eap-fast for  machine and user authentication and ISE is configured with required  authorisation rule and profiles/results. when machine boots up it sends  machine certificate and gets authenticated against AD and ISE matches  the authorisation rule and assigns authZ profile without waiting for  user credentials.
  This is expected for machine authentication, since the client hasnt logged in machine authentication will succeed so the computer has connectivity to the domain.
  Now when a user logs on using AD user/pass,  authentication fails as the VLAN assigned in AuthZ profile does not have  access to AD. ISE should actually check with their external database  but Its not.
  Do you see the authentication report in ISE? Keep in mind that you are authenticating with a client that has never logged into the workstation before. I am sure you are looking for the feature which starts the NAM process before the user logs in. Try checking this option here:
  http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac04namconfig.html#wp1074333
  Note the section below:
  –Before  User Logon—Connect to the network before the user logs on. The user  logon types that are supported include user account (Kerberos)  authentication, loading of user GPOs, and GPO-based logon script  execution.
  If you choose Before User Logon, you also get to set Time to Wait Before Allowing a User to Logon:
  Time to Wait Before Allowing User to Logon—Specifies the maximum (worst  case) number of seconds to wait for the Network Access Manager to make a  complete network connection. If a network connection cannot be  established within this time, the Windows logon process continues with  user log on. The default is 5 seconds.
  Note If the Network Access Manager is configured to manage wireless connections, set Time to wait before allowing user to logon to 30 seconds or more because of the additional time it may take to  establish a wireless connection. You must also account for the time  required to obtain an IP address via DHCP. If two or more network  profiles are configured, you may want to increase the value to cover two  or more connection attempts.
  You will have to enable this setting to allow the supplicant to connect to the network using the credentials you provide, the reason for this is you are trying to authenticate a user that has never logged into this workstation before. Please make changes to the configuration.xml file, and then select the repair option on the anyconnect client and test again.
  Interestingly, if I login with an AD user which is local to  the machine its gets authenticated and gets correct AuthZ  profile/access level. If I logoff and login with different user, Windows  adapter gets IP address and ISE shows successful authentication /authz  profile but NAM agent prompts limited connectivity. Any help??
  Please make the changes above and see if the error message goes away.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• Trusted Authentication using QUERY_STRING

  Hi All,
  We are trying to configure the Trusted Authentication using Query_String in XIR3.1
  We have customer portal ,where in login to custom web page and click on the link which routes to Infoview.We are configuring sso to bypass the credentials from webportal to Infoview home page.
  We have created a paramerter to pass the user information.We have made all the required changes for configuring trusted authentication,like:
  1) Enable Trusted Authentication in cmc.Enter shared secret in cmc
  2) Make changes to the web.xml file
  3) Create TrustedPrincipal.conf file
  In web.xml file we gave "trusted.auth.user.retrieval" as "QUERY_STRING" & "trusted.auth.user.param" as the parameter value we are using to pass the user information.
  If the parameter we are using is "MyUser" to pass the user information ,After configuring, we noticed that ,when we launch the url, "http://host:8080/InfoViewApp/logon/logon.do?MyUser=<username>"  we can directly login to Infoview without giving any credentials.We are not sure if we are moving in right direction? Is this how the QUERY_STRING work?
  We also noticed that,instead of giving any username if we give any other value the infoview home page opens up with Guest account?
  Thank you,
  Bill

  You should disable guest when using any method of SSO. Then anything placed in the URL other than a proper user would fail. And yes this is exactly how query string works (the username must be supplied in the URL). If looking for a more dynamic/secure method you will need to combine with a front end authenticator such as IIS, siteminder, etc and use one of our other methods such as remote_user, http_header, etc
  Regards,
  Tim