Login problems using safari5.1

Hi there. I’m on a macbook pro, running safari. I just updated to safari 5.1, and since then all my automatic logins have gone. Ticking the ‘keep me logged in’ box isn’t working, and I have to re-enter all the details every time. Any ideas? Cheers.

Hi asailor, Welcome to Apple's Users Help Users
Forums.
Were you in S 2.0.4 prior to 2 days ago when the prob
started?
Maybe the bank was doing maintenance. What bank is
it? Maybe someone will chime in.
I was using S 2.0.4 prior to the login problem. The bank rep said it
was a Safari issue. I reported the bug to Apple. Yesterday, I was able to login and today I can't. ndbt.com is the bank's website.
Thanks for you help!

Similar Messages

Problem using Implementing Remote Panel Security with a Login Example Guide

I'm having issues implementing a Remote Panel protected by username and password using this NI guide:
Implementing Remote Panel Security with a Login Example
Remotepanellogin.zip
After login process using Login.vi, if the user has the right password, his IP will be included in the Webserver allowed access list and the user can open the web site which hosts the Main.vi. Ok.
But if the user doesn't have the password, his IP will be denied!
Here is the problem: Will his IP be denied at all including Login.vi?
I can't block access to Login.vi because even if the user entered a wrong password, he can still try login again....
How can I configure a type of Allowed and Denied table using Webserver properties? For example:
IP: 10.0.0.2 - Login.vi (allowed) - Main.vi (allowed) -> User entered a right password
IP: 10.0.0.3 - Login.vi (allowed) - Main.vi (denied) -> User entered a wrong password
Note: Login.vi must be visible and accessible always.
These are the Implementing Remote Panel Security with a Login Example instructions:
After you configure the VIs with the Web Publishing Tool, browse to the Remote Panel Login VI and run it. When this VI runs, LabVIEW gives remote panel access to all users, but they can view and control only this VI.
If a user successfully logs in by supplying the Username of NI and password of labview (both are case sensitive) then LabVIEW gives remote panel access to the IP address specified in the Remote Panel Login VI only. That user can then browse to and run the Main VI.
Thanks in advance!
APrado
Message Edited by APrado on 04-01-2009 08:21 AM

I'm thinking about using the option Reentrant Execution (VI property > Category > Execution).
Could anyone help me?
Thanks.

AD account Login problem with MAC 10.6.8

Hi All,
We have around 50 odd MAC that are connected to windows server 2008 R2. the user were logining in to these MACs using their AD account. Recently few of the random MAC did not allow the user to login using their AD account.When analyzed though the MAC shows that it has connected to the Domain and the server is active with green button it has unbind itself from the server.I had to login in as local user bind the MAC back to get this resolved.
Now the same has started happeneing for most of the MAC that we have and every morning I have login as local Admin and unbind / bind the MAC with the server. this gets reset once the user reboots or shutsdown.
Have tried with few of the below solution but nothing helped:
Solution 1:
<key>mdns_timeout</key>
<integer>2</integer>
The integer value is in seconds; changing it to at least 5 should allow the Mac OS X client to reconnect to the Active Directory domain after a network interruption. In some configurations, a larger timeout value may be required.
You can change this value by using the sudo command and a text editor to edit the preference file directly. Or you can use the Terminal command below, making sure to enter it all on a single line:
sudo /usr/libexec/PlistBuddy -c 'Set :mdns_timeout 5' /System/Library/SystemConfiguration/IPMonitor.bundle/Contents/Info.plist
Solution 2:
I have seen all of the probable solutions and tried everything and still I am getting issues with 10.6.6 and after rebooting the Mac gets unbind. Or the Mac gets Network Accounts Available even when not accessing the list of users from AD. But the thing that I have done that has solved all my issues with AD on the Macs is to uncheck the box to search on all domains. For some reason I am seeing that when the Macs have this option checked, it searches through out the forest on the same domain controller more than once, so AD stops the handshaking of the authentication.
I hope this helps like it did on our Network, since then I have not seen the Macs lose the binding or slow SMB.
If you've tried this please let us know.
TIP: Uncheck Allow Authentication from any domain for Mac AD problems
Wednesday, April 20, 2011
Steven Wells sent a fix and an explanation of problems with Macs losing their binding to Active Diretory:
Unchecking "Allow authentication from any domain in the forest" is working at our college. We have been beating our heads on this for about 2 terms, with no understanding of why it works in some places and not in others. When we found this working, our IT guy said that the Security SID is being duplicated, when it looks in other domain forest, and that is what is causing the problem. This is the first time I have found an explanation for the problem.
If you've tried this approach please let us know.
Solution 3:
Solved it. Create a file in Textedit with the name 'auto_master' (no file extension) with the following contents:
# Automounter master map
+auto_master # Use directory service
/net -hosts -nobrowse,hidefromfinder,nosuid
/home auto_home -nobrowse,hidefromfinder
#/Network/Servers -fstab
/- -static
Place this in /etc/ folder
Hope this helps
solution 4:
TIP: a Kerberos fix for OS X 10.5 and 10.6 binding to Active directory
Friday, November 11, 2011
Mehdi Mafi forwarded a fix he found for problems with Leopard and Snow Leopard binding to Active Directory:
This was taken from Dane Riley's imaging building for DeployStudio.
With Mac OS X Leopard every Mac is now running a KDC (Kerberos Distribution Center). Basically each imaged machine is using the same security certificate and hash. Deploying a single image will deploy the same KDC to every system. This [Apple] article covers how to reset the local KDC so that each system is unique. Basically, do the following:
Launch Keychain Access
Search for com.apple.kerberos.kdc and delete all 3 items
Using Terminal type sudo rm -fr /var/db/krb5kdc
After deployment, perhaps using Apple Remote Desktop to all systems, re- establish the KDC by typing sudo /usr/libexec/configureLocalKDC
If you've tried this approach with Mac OS X 10.5, 10.6, or even Lion, please let us know. .
TIP: More on a kerberos fix for AD binding problems
Monday, November 14, 2011
Mehdi Mafi updated his Friday report about Mac OS X 10.6 problems binding to Active Directory:
You may want to add this. If the Mac keeps unbinding from AD (people can't log in to a Mac), here is how to fix it:
Unbind it from Domain
Launch Keychain Access
Search for com.apple.kerberos.kdc and delete all 3 items
Using Terminal type sudo rm -fr /var/db/krb5kdc
Re-establish the KDC by typing sudo /usr/libexec/configureLocalKDC
Bind it to domain again ( When you bind, uncheck allow authentication from any domain in the forest in: Directory Utilitiy-> Advanced Options\Administrative ) this fix the issue that sometimes it can' find AD under search space.
If you tried this please let us know.
Solution 5:
For Snow Leopard AD login issues, use upper case domain
Solution 6: for .local
To create this StartupItem, create the following directory as root:
/Library/StartupItems/FixADAuth
Then chown it to root:wheel and chmod it to 755. These must also be the owner/permissions on the two files it will contain, below:
Contents of our /Library/StartupItems/FixADAuth/FixADAuth:
#!/bin/bash
. /etc/rc.common
date > /var/log/FixADAuth.log
n=0
AuthSuccess=0
while [ $AuthSuccess != 1 ]
do
id Administrator && AuthSuccess=1 || networksetup -setsearchdomains Ethernet "Empty"; networksetup -setsearchdomains Ethernet middlewich.local; n=$(($n+1))
done
echo Authentication successful: $AuthSuccess >> /var/log/FixADAuth.log echo Operation count: $n >> /var/log/FixADAuth.log
date >> /var/log/FixADAuth.log
Contents of our /Library/StartupItems/FixADAuth/StartupParameters.plist:
Description = "Fixes Active Directory authentication issue";
Uses = ("Disks");
Obviously you'll need to change "middlewich.local" to your own domain name (and the network interface name if your connection is wireless). The script checks to see if it can see the user "Administrator" on the domain, as he's a fairly common bloke, but if you've renamed yours for security reasons then pick another one. I've also included some logging functionality for debug purposes, so you can verify how well the script is working if you need to and time it in your environment before telling the users how long to wait. The /var/log/FixADAuth.log file will contain the date/time the process started, the success variable set to 1 (just to verify), how many DNS operations were required to fix the problem, and the date/time it ended. For us the time difference is normally about +30-40 seconds with around 120-180 operations taking place. Once you're happy with the script, you can strip it down to its bare functionality if you like, like so for us:
#!/bin/bash
. /etc/rc.common
AuthSuccess=0
while [ $AuthSuccess != 1 ]
do
id Administrator && AuthSuccess=1 || networksetup -setsearchdomains Ethernet "Empty"; networksetup -setsearchdomains Ethernet middlewich.local
done
I hope this helps someone!
Regards

You are welcome.
But the question is 10.6 mac just like 10.6.8 , as long as its the same and works.
Yes. You can save some updates by using the combo update.
10.6.8 Combo Updater

Oracle 10g express edition browser login problem

Hi
I installed oracle 10g express edition and after installing successfully logged in browser , unlocked hr login and also created one form then I shutdown the database and rebooted my pc and since then when I try to login to "go to Database Home page" after starting database , I get a cookie 127.0.0.1 with username and password, First of all I am not sure what username/password it is expecting, I believe it requires my Windows XP username and password , I tried to enter couple of times my pc login username which has administrator privileges, I also checked it has ora_dba group but after entering pc username , password browser opens saying "unauthorized". I created another os user and tried with that still same. I tried entering oracle password "SYSTEM" and password for it but still could not login, I tried HR username password still nothing.
I tried disabling firewall but still same issue. I tried to re-install two time but still same .
Start database dos prompt does show all the process are started successfully .
I also did ping for 127.0.0.1 and it does ping.
I tried everything what I knew.
Can anyone please help me ..to resolve this issue .

Hi
This is how I resolved the browser login problem .
I checked the listener log
C:\OracleXE\app\oracle\product\10.2.0\server\NETWORK\log
And found the error
TNS-12542: TNS:address already in use
TNS-12560: TNS:protocol adapter error
TNS-00512: Address already in use
I have another version for oracle installed on my pc .
I ended both the oracle process (Oracle.exe) through the Task Manager
Then manually started OracleServiceXe service through Component Services
Control Panel Performance & Maintenance Administrative Component Services
Then did following
Programs Oracle Database10g ExpressEdition Start Database
Programs Oracle Databse10g ExpressEdition Go to Database Homepage
Enter username SYSTEM
Enter password xxxxxx whatever given at the time of installing.
And I did successfully login to the browser .
Hope this will help to those of you who have run into similar problem which I faced
Good Luck .
A. Patil

Tunneling Problem using HttpsUrlConnection

Hi,
I had gone through forums regarding this topic and still i am facing the same problem using the HttpsUrlConnection. We are working behind a proxy so we have to make a proxy authorization if we want to connect to a server in the internet.
But in case of HttpUrlConnection, everything works
fine. But if we do the same with a HttpsUrlConnection, the authentication fails. It throws an IOException
with the message
Unable to tunnel through 192.9.100.10:80.
Proxy returns "HTTP/1.1 407 Proxy authentication required"
Sample code as follows,
The following code doesn't have any problem becos it works fine with HttpUrlConnection and also it is working without proxyserver for https as well.
This is running under MSVM.
I don't want to use SSLSocketFactory and i need to use following layout(i.e only with Httpsurlconnection)
Is there any way to make work with proxyserver? Or can't we do this at all?
System.setProperty("proxySet","true");
System.setProperty("https.proxyHost","proxyIP");
System.setProperty("https.proxyPort","80");
OutputStream os = null;
OutputStreamWriter osw = null;
InputStream is = null;
InputStreamReader isr = null;
BufferedReader br = null;
URL url;
String line = null;
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
String login = proxyUserName+":"+proxyPassWord;
String encodedLogin = new sun.misc.BASE64Encoder().encode(login.getBytes());
url = new URL("https://www.verisign.com");
HttpsURLConnection con = null;
con =(HttpsURLConnection) url.openConnection();
con.setRequestProperty("Proxy-Authorization", encodedLogin);
con.setRequestMethod("GET");
con.setDoOutput(true);
con.setDoInput(true);
con.setUseCaches(false);
con.connect();
os = con.getOutputStream();
osw = new OutputStreamWriter(os);
osw.write("SampleMsg");
osw.flush();
osw.close();
is = con.getInputStream();
isr = new InputStreamReader(is);
br = new BufferedReader(isr);
while ( (line = br.readLine()) != null)
System.out.println("line: " + line);
Can any one help me regarding this?I need a reply very urgently.
Thanks,
Prabhakaran R

Hope this help.
Note to change the properties to fit your system, and use the supported package ( JSSE, JRE1.5.......).
You can use URLConnection for both HTTP or HTTPS protocol.
import java.io.*;
import java.net.*;
import java.security.*;
import java.util.*;
import javax.net.ssl.*;
public class testSSL9 {
public testSSL9() {
byte[] data = httpConnection();
System.out.println(new String(data));
public static void main(String[] args) {
Properties sysprops = System.getProperties();
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// sysprops.put("java.protocol.handler.pkgs",
// "com.sun.net.ssl.internal.www.protocol");
sysprops.put("java.protocol.handler.pkgs",
"javax.net.ssl.internal.www.protocol");
sysprops.put("javax.net.ssl.trustStore",
"D:/jdk1.4/jre/lib/security/cacerts");
sysprops.put("javax.net.debug", "ssl,handshake,data,trustmanager");
sysprops.put("https.proxyHost", "172.16.0.1");
sysprops.put("https.proxyPort", "3128");
sysprops.put("https.proxySet", "true");
sysprops.put("http.proxyHost", "172.16.0.1");
sysprops.put("http.proxyPort", "3128");
sysprops.put("proxySet", "true");
testSSL9 testSSL91 = new testSSL9();
private byte[] httpConnection() {
try {
URL url = null;
// String strurl = "https://www.verisign.com";
String strurl = "https://central.sun.net";
// String strurl = "http://www.yahoo.com"; --> use: HttpURLConnection
url = new URL(strurl);
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
HttpsURLConnection.setFollowRedirects(false);
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setUseCaches(false);
connection.connect();
InputStream stream = null;
BufferedInputStream in = null;
ByteArrayOutputStream bytearr = null;
BufferedOutputStream out = null;
try {
stream = connection.getInputStream();
in = new BufferedInputStream(stream);
bytearr = new ByteArrayOutputStream();
out = new BufferedOutputStream(bytearr);
catch (Exception ex1) {
System.out.println(ex1);
System.out.println("Server reject connection...sory");
int i = 0;
while ( (i = in.read()) != -1) {
out.write(i);
out.flush();
stream.close();
in.close();
bytearr.close();
out.close();
return bytearr.toByteArray();
catch (Exception ex) {
ex.printStackTrace();
return null;
}

Rendering problem using meteor inside an HTML overlay

Hi everyone,
I'm having a pretty specific problem, using meteor, and could really use some help.
I've posted a detailed description of the problem on Stack Overflow, but the gist of it is this:
Inside of Adobe DPS, the headless browser used in overlays on iOS 6.1.7 has some issues with meteor.
specifically:
1- every meteor page -- no matter if it's just the out-of-the-box Hello Meteor page -- generates a non-obtrusive error: TypeError: 'undefined' is not a function. There's no stack trace, no other details (I used debuggify to discover the error)
2- after redirect from the "accept permissions" page(s) using the Facebook Login Alternative flow, the page will not render.
Neither of these errors occurs inside Mobile Safari, or Mobile Chrome on the iPad.
I believe this may be caused by some of the restrictions we're putting on the headless browser (hence error #1), and is a combination of the redirect having a hash (#) after the URL, and (maybe?) handlebars or some other js framework not loading in time.
If anyone has any ideas -- either to solve this specific problem, or a workaround for me (I need to log in to facebook using meteor, inside a DPS article HTML overlay on an iPad) I'd really appreciate it.
Article on Stack is here: http://stackoverflow.com/questions/18808652/meteor-rendering-in-adobe-dps-overlay-after-re direct-from-facebook-login
Thanks!
Strack

Unfortunately if something works in Mobile Safari that doesnt' mean it'll work in DPS, due to how the iOS Web Control works. It's kinda, but not exactly, the same as Mobile Safari, and sometimes things work in one but not the other. This isn't something we have control over either, it's just how the OS control works.
Neil

Problem using SmartCard with 2 Certificates stored and SunPKCS11

Hi,
I'm trying to access one SmartCard token in Java 1.5 using SunPKCS11 provider for crypt, decrypt and digital signature operations.
I have 2 certificates stored on Token:
- CertA;
- CertB.
There are also 2 PIN:
- PIN1;
- PIN2.
I use:
- PIN1 for logging into the token;
- PIN1 for operation involving CertA;
- PIN2 for operation involving CertB;
There is no problem to logging into the token using Java and, without any troubles, I can read certificates and key from the
cryptographic card.
There is no problem using CertA for all my operation, but every attempt of using Private Key of CertB (for the same operations) returns with an Exception:
java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DEVICE_ERROR
Here there's an extract of my source code.
public void loginToken() {
Provider UserProvider = new sun.security.pkcs11.SunPKCS11(C:\\pkcs11.cfg);
Security.addProvider(UserProvider);
try {
KeyStore ks = null;
X509Certificate UserCert = null;
PrivateKey UserCertPrivKey = null;
PublicKey UserCertPubKey = null;
//PIN
char PIN1[] = "11111".toCharArray();
char PIN2[] = "22222".toCharArray();
//logging into token
ks = KeyStore.getInstance("PKCS11", UserProvider);
ks.load(null, PIN1);
//enumeration alias
String alias = "";
Enumeration e = ks.aliases();
while (e.hasMoreElements()) {
alias = (String) e.nextElement();
//Certificate
UserCert = (X509Certificate) ks.getCertificate(alias);
//PublicKey
UserCertPubKey = (PublicKey) ks.getCertificate(alias).getPublicKey();
if (alias.compareToIgnoreCase("Cert1") == 0) {
     //PrivateKey reference
UserCertPrivKey = (PrivateKey) ks.getKey(alias, PIN1);
} else if (alias.compareToIgnoreCase("Cert2") == 0) {
//PrivateKey reference
UserCertPrivKey = (PrivateKey) ks.getKey(alias, PIN2);
} else {
System.out.println("ALIAS UNKNOW");
System.exit(1);
//Signature Test
if (!MakeSignature(UserCertPrivKey, UserProvider))
System.out.println(" *** SIGNATURE OK *** ");
else
System.out.println(" *** SIGNATURE KO *** ");
catch (Exception ex) {
System.out.println("ERROR: " + ex);
public boolean MakeSign(PrivateKey PrivKey, Provider p) {
try {
//File I/O
FileInputStream txtfis = new FileInputStream("C:\\Test.txt");
FileOutputStream sigfos = new FileOutputStream("C:\\Test_Signature.txt");
//Signature Obj init
Signature dsa = Signature.getInstance("SHA1withRSA", p.getName());
dsa.initSign(PrivKey);
//Update data
BufferedInputStream bufin = new BufferedInputStream(txtfis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
len = bufin.read(buffer);
dsa.update(buffer, 0, len);
bufin.close();
//Make signature
byte[] realSig = dsa.sign();
//save signature on file
sigfos.write(realSig);
sigfos.close();
return true;
catch (Exception ex) {
System.out.println("ERROR: " + ex);
return false;
Any help would be grateful...
Thanks in advance.
P.S. Sorry for my English

This is the same my initial problem.
I resolved it using IAIK-PKCS#11Wrapper (it is FREE) insted of sun.security.pkcs11.SunPKCS11.
You can find it here:
http://jce.iaik.tugraz.at/sic/products/core_crypto_toolkits/pkcs_11_wrapper
Here an exemple of code.
The main class:
import iaik.pkcs.pkcs11.Module;
import iaik.pkcs.pkcs11.DefaultInitializeArgs;
import java.util.Hashtable;
import iaik.pkcs.pkcs11.Token;
import iaik.pkcs.pkcs11.Slot;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.objects.RSAPrivateKey;
import java.util.Vector;
import iaik.pkcs.pkcs11.objects.PrivateKey;
import iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate;
import java.util.Enumeration;
import iaik.pkcs.pkcs11.objects.Key;
import java.security.cert.CertificateFactory;
import java.io.ByteArrayInputStream;
import iaik.pkcs.pkcs11.Mechanism;
import java.security.Security;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.io.File;
import java.io.FileInputStream;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSProcessableByteArray;
import java.util.ArrayList;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import org.bouncycastle.cms.CMSSignedData;
import java.io.FileOutputStream;
import java.security.cert.X509Certificate;
import iaik.pkcs.pkcs11.TokenInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
public class MakeSignature {
public static void main(String[] args) {
     String USER_PIN = "12345678";
     String DLL_NAME = "C:\\windows\\system32\\dll_P11_name.dll";
     String OBJ_LABEL1 = "CNS0"; //this is the label of my 1th cert
     String OBJ_LABEL2 = "CNS1"; //this is the label of my 2th cert
     String INPUT_FILE = "C:\\Temp\\test.txt";
     String OUTPUT_FILE = "C:\\Temp\\test.p7m";
    try {
       // ********** INITIALIZE PKCS#11 MODULE WITH DEFAULT PARAMETERS **********
      Module pkcs11Module = Module.getInstance(DLL_NAME);
      pkcs11Module.initialize(new DefaultInitializeArgs());
       // ********** SELECT TOKEN **********
      Slot[] slotsWithToken = pkcs11Module.getSlotList(Module.SlotRequirement.TOKEN_PRESENT);
      Token[] tokens = new Token[slotsWithToken.length];
      Hashtable tokenIDtoToken = new Hashtable(tokens.length);
      long tokenID = -1;
      Token tokenUsed = null;
      //enum readers
      for (int i = 0; i < slotsWithToken.length; i++) {
        tokens[i] = slotsWithToken.getToken();
tokenID = tokens[i].getTokenID();
tokenIDtoToken.put(new Long(tokenID), tokens[i]);
System.out.println("Active tokens:");
System.out.println("Token ID: " + tokenID);
if (tokens.length == 0) { //No SC found
System.out.println("No SC presents");
else {
System.out.println("Using token: " + tokens[0].getTokenID());
tokenUsed = tokens[0];
     //Note: if you have more reader and more SC inserted, you have to write
     //here the code for select the right token
     // ********** OPEN SESSION VS THE TOKEN AND IF REQUIRED SUBMIT PIN **********
TokenInfo tokenInfo = tokenUsed.getTokenInfo();
Session session = tokenUsed.openSession(Token.SessionType.SERIAL_SESSION, false, null, null);
if (tokenInfo.isLoginRequired()) {
session.login(Session.UserType.USER, USER_PIN.toCharArray());
     // ********** SET SEARCH TEMPLATE FOR THE P11 OBJECT **********
RSAPrivateKey privateSignatureKeyTemplate = new RSAPrivateKey();
privateSignatureKeyTemplate.getSign().setBooleanValue(Boolean.TRUE);
privateSignatureKeyTemplate.getLabel().setCharArrayValue(OBJ_LABEL2.toCharArray());
     // ********** SEARCH P11 OBJECT USING TEMPLATE **********
Vector keyList = new Vector(4);
session.findObjectsInit(privateSignatureKeyTemplate);
Object[] matchingKeys;
while ( (matchingKeys = session.findObjects(1)).length > 0) {
keyList.addElement(matchingKeys[0]);
session.findObjectsFinal();
     //Try to find the corresponding certificates for the signature keys
Hashtable keyToCertificateTable = new Hashtable(4);
Enumeration keyListEnumeration = keyList.elements();
while (keyListEnumeration.hasMoreElements()) {
PrivateKey signatureKey = (PrivateKey) keyListEnumeration.nextElement();
byte[] keyID = signatureKey.getId().getByteArrayValue();
X509PublicKeyCertificate certificateTemplate = new X509PublicKeyCertificate();
certificateTemplate.getId().setByteArrayValue(keyID);
session.findObjectsInit(certificateTemplate);
Object[] correspondingCertificates = session.findObjects(1);
if (correspondingCertificates.length > 0) {
keyToCertificateTable.put(signatureKey, correspondingCertificates[0]);
session.findObjectsFinal();
     //There are three cases now: 1 no obj found; 2 found only one obj, 3 found more obj
Key selectedKey = null;
X509PublicKeyCertificate correspondingCertificate = null;
//no object found for template
if (keyList.size() == 0) {
System.out.println("No object found for template");
throw new Exception("No object found for template");
//Founf only one object
else if (keyList.size() == 1) {
selectedKey = (Key) keyList.elementAt(0);
// create a IAIK JCE certificate from the PKCS11 certificate
          correspondingCertificate = (X509PublicKeyCertificate)keyToCertificateTable.get(selectedKey);
System.out.println("One object Found");
//Found more object ... user can select one
else {
     System.out.println("Many obj found!!!");
//write here the code for select the right object
     // ********** GET THE OBJECT **********
RSAPrivateKey signerPriKey = (RSAPrivateKey) selectedKey;
java.security.cert.CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
byte[] derEncodedCertificate = correspondingCertificate.getValue().getByteArrayValue();
//Cast to java.security.cert.X509Certificate
java.security.cert.X509Certificate signerCert = (java.security.cert.X509Certificate) certificateFactory.
generateCertificate(new ByteArrayInputStream(derEncodedCertificate));
     // ********** SIGNATURE OPERATION **********
//Add BouncyCastle as provider
Security.addProvider(new BouncyCastleProvider());
//initialize signature operation
session.signInit(Mechanism.RSA_PKCS, (PrivateKey) signerPriKey);
//get input data
File src = new File(INPUT_FILE);
int sizecontent = ( (int) src.length());
byte[] contentData = new byte[sizecontent];
FileInputStream freader = new FileInputStream(src);
freader.read(contentData, 0, sizecontent);
freader.close();
     //calculate digest of the input data
byte[] toEncrypt = buildBits(contentData); //I've already posted the code for this function
//make signature
byte[] signature = session.sign(toEncrypt);
     // ********** MAKE P7 WELL FORMAT DOCUMENT **********
//CMSSignedDataGenerator fact = new CMSSignedDataGenerator();
Signature2CMSSignedData fact = new Signature2CMSSignedData();
CMSProcessableByteArray content = new CMSProcessableByteArray(contentData);
//Creation of BC CertStore
ArrayList certList = new ArrayList();
certList.add(signerCert);
CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC");
//Signature Alg
String algorithm = CMSSignedDataGenerator.DIGEST_SHA1;
//add element to P7
fact.addSignature(signature, signerCert, algorithm);
fact.addCertificatesAndCRLs(certs);
//generate enveloped using Bouncycastle provider
     CMSSignedData envdata = fact.generate(PKCSObjectIdentifiers.data.getId(), content, true);
byte[] enveloped = envdata.getEncoded();
//Write P7 file
FileOutputStream efos = new FileOutputStream(OUTPUT_FILE);
efos.write(enveloped);
efos.close();
// ********** END **********
session.closeSession();
pkcs11Module.finalize(null);
catch (Exception ex) {
ex.printStackTrace();
}Main class uses buildBits function (already posted in this topic) and Signature2CMSSignedData class.import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.security.cert.CertStore;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BERConstructedOctetString;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerIdentifier;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSSignedData;
* class for generating a RSA pkcs7-signature message.
public class Signature2CMSSignedData2 {
CertStore certStore;
List certs = new ArrayList();
List crls = new ArrayList();
List signerInfs = new ArrayList();
List signers = new ArrayList();
public static final String DATA = PKCSObjectIdentifiers.data.getId();
public static final String ENCRYPTION_RSA = "1.2.840.113549.1.1.1";
private byte[] signatureData = null;
private X509Certificate cert = null;
private String digestOID = null;
private String encOID = null;
public Signature2CMSSignedData2() {
public void addSignature(byte[] signatureData, X509Certificate cert, String digestOID) {
this.signatureData = signatureData;
this.cert = cert;
this.digestOID = digestOID;
this.encOID = ENCRYPTION_RSA;
public void addCertificatesAndCRLs(CertStore certStore) throws Exception{
try {
Iterator it = certStore.getCertificates(null).iterator();
while (it.hasNext()) {
X509Certificate c = (X509Certificate) it.next();
certs.add(new X509CertificateStructure((ASN1Sequence) makeObj(c.getEncoded())));
Iterator it2 = certStore.getCRLs(null).iterator();
while (it2.hasNext()) {
X509CRL c = (X509CRL) it2.next();
crls.add(new CertificateList((ASN1Sequence) makeObj(c.getEncoded())));
catch (Exception e) {
throw new Exception(e.getMessage());
private DERObject makeObj(byte[] encoding) throws Exception {
if (encoding == null) {
return null;
ByteArrayInputStream bIn = new ByteArrayInputStream(encoding);
ASN1InputStream aIn = new ASN1InputStream(bIn);
return aIn.readObject();
public CMSSignedData generate(String signedContentType, CMSProcessable content, boolean encapsulate) throws Exception {
try {
ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
ASN1EncodableVector signerInfos = new ASN1EncodableVector();
DERObjectIdentifier contentTypeOID = new DERObjectIdentifier(signedContentType);
// add the SignerInfo objects
Iterator it = signerInfs.iterator();
AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(digestOID), new DERNull());
AlgorithmIdentifier encAlgId;
encAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(encOID), new DERNull());
digestAlgs.add(digAlgId);
ASN1Set signedAttr = null;
ASN1Set unsignedAttr = null;
ASN1OctetString encDigest = new DEROctetString(signatureData);
ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getTBSCertificate());
ASN1InputStream aIn = new ASN1InputStream(bIn);
TBSCertificateStructure tbs = TBSCertificateStructure.getInstance(aIn.readObject());
IssuerAndSerialNumber encSid = new IssuerAndSerialNumber(tbs.getIssuer(), tbs.getSerialNumber().getValue());
signerInfos.add(new SignerInfo(new SignerIdentifier(encSid), digAlgId, signedAttr, encAlgId, encDigest, unsignedAttr));
ASN1Set certificates = null;
if (certs.size() != 0) {
ASN1EncodableVector v = new ASN1EncodableVector();
it = certs.iterator();
while (it.hasNext()) {
v.add( (DEREncodable) it.next());
certificates = new DERSet(v);
ASN1Set certrevlist = null;
if (crls.size() != 0) {
ASN1EncodableVector v = new ASN1EncodableVector();
it = crls.iterator();
while (it.hasNext()) {
v.add( (DEREncodable) it.next());
certrevlist = new DERSet(v);
ContentInfo encInfo;
if (encapsulate) {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
content.write(bOut);
ASN1OctetString octs = new BERConstructedOctetString(bOut.toByteArray());
encInfo = new ContentInfo(contentTypeOID, octs);
else {
encInfo = new ContentInfo(contentTypeOID, null);
SignedData sd = new SignedData(new DERSet(digestAlgs), encInfo, certificates, certrevlist, new DERSet(signerInfos));
ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.signedData, sd);
return new CMSSignedData(content, contentInfo);
catch (Exception e) {
throw new Exception(e.getMessage());
}Bye.

Web Center app with ADF Security - login problem

I have a custome Oracle Web Center app.
I have a page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the root page http://127.0.0.1:7101/MyApp-ViewController-context-root/
and i get
Error 403--Forbidden
I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the required entries are there.
This works fine if i use a Login link with
destination="#{'/adfAuthentication?login=true&end_url=/faces/postLogin.jspx'} "
which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.
P.S. Have been advised to try here when I originally asked this in the WebCenter forum. Web Center app ADF Security - login problem
Edited by: new_to_webcenter on 18-Jan-2011 05:25

Thanks for your response Frank.
The web.xml has
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
When configuring ADF Security via JDev , I chose "Redirect upon successful authentication" to the Welcome Page
"/faces/postLogin.jspx"
this then adds into web.xml
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/postLogin.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
So the sequence which works is:
Login via the '/adfAuthentication?login=true&end_url=/faces/postLogin.jspx' and this redirects to login.html (OOTB form which posts to j_security_check) and then to the postLogin.jspx
I'm trying to do away with a Login link, and trying the simple login form embedded in my page alongwith other content.
So should the form be posting to j_security_check directly or to the adfAuthentication ?

IMac login problems on any 10.6 update

I have a 24" iMac that is 2 years old. After using snow leopard on my husband's new macbook I decided to get it for my imac. The base install of 10.6 works fine but of course it immediately wants to be updated to a new release. If I update it past the base install from the CD I get login problems.
What happens is that the desktop appears and the finder menu is at the top but the date and network status etc - everything from the top right of the menu bar is missing. The computer will not move forward. No amount of waiting or button pushing will improve the situation.
Sometimes I could log in to another account but then it would start happening on that acocunt too. I made myself a new account and it started happening on that too. Every time if I did a re-install of the base 10.6 from the CD it went back to working fine. I would have to say no to every update of 10.6 on software update. This has been going on for 6 months. I thought maybe with 10.6.4 they fixed it but it did it again.
yesterday I did a fresh install. Thinking it was caused by my old quicken 2007 or parallels (though its v 5) or something else that has some bit that starts at login I formatted the HD , installed 10.6 fresh and installed nothing but ilife 9. I downloaded the 10.6.4 update and it still happens. I logged off my account and logged back in to test and it froze again. I am at my wits end. The only thing I saved from my old profile was my mail folder. I can find nothing else to fix. Any ideas?

SamNS wrote:
the desktop appears and the finder menu is at the top but the date and network status etc - everything from the top right of the menu bar is missing.
Do things behave better if you boot into "safe mode" by holding down a shift key while your Mac is booting?
http://support.apple.com/kb/HT1455

Simultaneous login problem

Hi
I am having simultaneous login problems. In the past I have been able to sign into my skype account on both my Mac Book Pro and my Windows 7 desktop PC. However since I had to change my password I can only login into one machine at a time now. Also when I change my password on the desktop PC I can only sign into that skype / computer. Whenever I type the same account name and same exact password on my Mac Book Pro, it says it doesn't recognize my sign-in details but I am 100% sure that I typed it in exactly the same way as I did on my desktop. Another is that when I reset my password on my Mac Book those details won't work on the Desktop PC and vice-versa.
I would like to know what is the problem in this situation, I am not sure if this is an application error or a networking error where the account details are not signing in from a different IP or MAC address.
Please and thank you!

"The load balancing was already functional:"
Do you have a description how to do that?
I Would like to know how.
"so ALL traffic, not going to the LAN network and so over this interface, went out on the DMZ interface, with source IP from LAN."
If you put the VPN servers behind 1-1 NAT instead they will use the firewall as GW and the VPN clients will get at your remote sites/LAN IF you add routing definitions in VPN config what networks are reachable through VPN.
Or you keep servers as they are but also add add more routing definitions in VPN AND static routes to each server with the firewall as gw to those remote networks. Default gw will still be through the DMZ IPs though.
The problem with more than one VPN client from behind same IP address is, with your current server settings, most likely because of the client side NAT router isn't coping with the task. Your public IP VPN server(s) should mean NAT VPN problem is at the other end (customer/client network router/firewall).
If two VPN clients behind same NAT router connected to different servers at your end, "12.34.56.80" and "12.34.56.81" (both are public IPs?) respectively I believe at least two should be able to connect.
3G/4G modems isn't an option?
Maybe try bringing your own tested working portable router (ethernet/wifi maybe includes a VPN client that connect to your servers) to the customer and put it temporarily on their LAN? There are these small new 3G/WiFi routers too. Depends on wether you need to be connected to customer LAN or not.
Try other VPN solution, SSL or OpenVPN?
Use both PPTP and L2TP simultaneously (PPTP could be troubelsome if GRE/TCP 1723 passthrough is disabled)?

Can't login ADFS using IE

I created ADFS v2 on one of windows 2008 R2 serves. The AD Sync works fine. However, I can't login the ADSF server using adfssvr.mydomain.com/adfs/ls/idpinitiatedsignon.aspx even we have correct internal DNS settings.
Troubleshooting steps:
1. I read this article "A federated user is repeatedly prompted for credentials during sign-in to Office 365, Azure, or Windows Intune". If I modify the web.config, I can login. But none of resolutions fixes the probelm.
2. If I use Firefox broswer, I can login. Only IE doesn't work.
3. I have tried different IE version, differen computers, using compatibility view and adding the website to IE security site.
What could be hte probelm?
Bob Lin, MCSE & CNE Networking, Internet, Routing, VPN Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com

Hi,
Thanks for your posting.
So the problem is that you cannot login ADFS using IE but other browser could?
What is the error message when you cannot login ADFS using IE?
In addition, I suggest you refer to the following forum to get professional support:
Claims based access platform (CBA), code-named Geneva Forum
http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
Regards.
Vivian Wang

ICloud login problem on Apple Mail App

So is Apple considering its own Mail App on the Mac to be a third part app? Been having login problems since they started requring two step verification on third party apps. Once I shut off my two step verification on my iCloud account it worked fine.

You shouldn't need to turn off two-step verification or use an app-specific password for your Mac mail to work with iCloud (mine works fine). Try turning tow-step verification back on. If Mail doesn't work, go to System Preferences>iCloud, uncheck Mail, restart your Mac, then go back and check Mail again.

What's causing these power-up and login problems?

I recently switched from Tiger to Leopard (installed by the repairers) and have encountered some power-up and login problems. Basically, my set up is that the computer automatically logs into a non-admin account, launches a Safari page, and then that's it - after checking the webpage, I logout of that account, into my main account, and work from there.
In Tiger :
A few times quite recently the computer would freeze, either while Safari was launching / opening the webpage, or when I tried to logout. Force Quit didn't work (total freeze) so I would force power-off and switch on again, and things would be fine.
In Leopard, one of the following has begun to happen, about two weeks after I began using it:
• The computer reaches the grey screen with an endlessly rotating gear wheel. (Power off / on again)
• The computer logs in to the account; after selecting 'Log out...' I log out, but instead of giving me the login screen, it logs straight back into that account, and this happens every time I try 'Log out...'. (Use Fast User Switching instead to reach main account, where one or two software glitches prompt a Restart) This has happened twice.
• This morning, the computer reached the blue screen where the pointer appeared - faded - appeared - faded etc endlessly (Power off / on again).
Clearly it is not the System - experiencing problems in both Tiger and Leopard proves that. Nor is it my HD - I've had a new one installed. It must therefore be a setting in my login account, though it's hard to see what : I only use that account for login, and a single launch of Safari, and it's been ok for years.
Should i create another login account and see if that solves the problem? By the way, the repairers did not give me any Leopard install disks, so please don't suggest that method of diagnosis. I only have the original Tiger disks.

christopher rigby1 wrote:
2. I don't know what Apple app(s) you refer to? As I said I've upgraded all the free ones, and iLife '06 is working (and I have the disks).
Look in your Applications folder: Any Apple app there, except for the ones you've mentioned. And all the built-in parts of OSX.
3. They told me that I CAN do a full restore from a Time Machine backup (via Disk Utility apparently).
That should tell you something about the quality of their advice.
See: [Mac OS X 10.6 Help Recovering your entire system|http://docs.info.apple.com/article.html?path=Mac/10.6/en/15638.html].
Or the *Restoring your entire system from a backup* section, towards the bottom of [Mac 101: Time Machine|http://support.apple.com/kb/HT1427].
Or look up +*Time Machine+* in Mac Help.
Or #14 in [Time Machine - Frequently Asked Questions|http://web.me.com/pondini/Time_Machine/FAQ.html] (or use the link in *User Tips* at the top of this forum).
And if there's a problem with your installation of OSX (which seems likely), or the Apple apps, you can't reinstall them, either.
4. Having spent hours and hours getting the machine to work properly (upgrading Mail and sorting out Mail problems, upgrading Safari, re-upgrading iTunes and sorting out problems), I'm not prepared to spend hours and hours doing the whole thing in reverse to restore Tiger, including learning HOW to do that.
Correct; unless you have backups of the Tiger system, that's impractical at best.
So unless anyone has a reasonably simple, straightforward answer as to what this problem might be, it looks like I must live with it.
You have some sort of problem with your Mac and it's not going to get better on it's own. Most likely, it will get worse.
If you haven't, try the things recommended by Dale.
Also try running the +Apple Hardware Test.+ It's on one of the disc(s) that came with your Mac, and is tailored to it's particular hardware. The disk should have +Apple Hardware Test+ and instructions for running it printed in very tiny type.
I sympathize with your situation, but the repair shop violated the Apple license, and put you in an untenable situation. If they won't correct it by supplying the Leopard disc, you really should report them to Apple.
You need to purchase a retail copy of Leopard (not the gray discs that came with another Mac; they won't boot yours). They're not shown on the Apple Store website anymore, and eBay and other sellers get a premium for them, but AppleCare should have them for the original $129.

Keychain "login" Problems   Can't remember my Keychain password. Admin Password also does not help. Mac Mini(Late 2012) OS 10.10.2

Series of Keychain "Login" Problems.
Hardware: Mac Mini (Late 2012) 2.5 GHz Intel COre i5, 4GB 1600 MHz DDR3
OS X : 10.10.2 upgraded yesterday
Mail wants to use "login" keychain.   I enter Password but no success.
CalendarAgent wants to use "login" keychain. I enter Password but no success.
Com.apple.internetaccounts.xpc wants to you "login" keychain. Password, not successful.
At some point in past days I was offered to rename Keychain, so I did.
In Keychain Access, I deleted "Login"    and selected Delete references.
Just now I went into ~/Library/Keychains and found Login.Keychain and Login_renamed.Keychain.
I have renamed Login.keychain -> Login-old.keychain.
I renamed Login_renamed.keychain-> Login.Keychain.
In Keychain Access, I added "Login" back. This should be the renamed keychain.
Original problems still persist. No noticeable changes.
Keychain wants to use the "Login" keychain.   Can't remember my password or it is incorrect.
Help?
TITLprods

I turned off and turned on the computer. When restarting it said that it could not use the Login and did I want to create a new or use and alternate? I created new and for the moment things seem to be working under the command of the "New Login"
That still doesn't really alleviate the problem of the old login.

Thunderbird login problem..

I try repeatedly to set-up Thunderbird. I have a single password for MY BT and BTMail, having followed the BTID instructions when I was migrated over yesterday. I copied and pasted the exact BT ID login details that are stored in LastPass, which log me in to webmail (!) so as to ensure no typos and yet... I keep getting this:

I also have the same problem using 1password.
I also have the problem of phoning the call centre twice only to be told "It cannot be fixed here, BT technical will email you"
Well, I'm still waiting for the email after 5 days. Still my contract is up in November

Login problems using safari5.1

Similar Messages

Maybe you are looking for