Logon failure with username/password authentication in WLE 5.1

Hi,
I have WLE 5.1 configured and running on a Win2K system. I am able to
build and run the simpapp sample program. I am also able to build the
interceptor_cxx sample and run with all interceptors other than the
security interceptor. What I realised in this case was that the
PersonQueryClient did not perform any login of a user from which the
security interceptor could extract user ID information (have I missed
something? I am a WLE and CORBA newbie) so I modified the ubb config
file to define SECURITY as USER_AUTH and add the AUTHSVC, modified
personqueryclientc.cpp to get access to the SecurityLevel2 principal
authenticator, built the app, created a user with the tpussradd command,
and ran the app (the AUTHSVC successfully starts).
The Tobj::AuthType returned by the get_auth_type method of the
PrincipalAuthenticator is Tobj::TOBJ_APPAUTH as I expect. I call the
logon method with the parameters (user_name, argv[0], sys_password,
password, 0) where user_name is the same as the user I created with the
tpusradd command, argv[0] is personqueryclient (I've tried tpusradd'ing
the user both with the "-c personqueryclient" argument and without),
sys_password is the password I specified when tmloadcf was run against
the modified ubb config file, password is the password I specified when
I ran tpusradd. The logon always fails returning
Security::SecAuthFailure. In the ULOGxxxx file the following message is
displayed:
181605.NUMBAT!TMSYSEVT.2180: LIBTUX_CAT:1484: WARN: .SysClientSecurity:
User tbartley on SITE1 authentication failure
I've tried running in the following manners all with the same result:
1. With or without the security_cxx interceptor registered
2. With the user in or not in a group
3. With the the user created using the "-c personqueryclient" arg to
tpusradd or not
If I change the security level down to APP_PW then everything works and
the security_cxx interceptor sees a client name of personqueryclient and
a username of personqueryclient. The logon fails if I use a sys_password
other than the one specified to tmloadcf and succeeds if I use the
correct password.
Can anyone tell me what I might be doing wrong in the username/password
authentication case?
Here's the code I inserted to personqueryc.cpp to perform the logon:
// Get SecurityCurrent object
CORBA::Object_var var_security_current_oref
= bootstrap.resolve_initial_references("SecurityCurrent");
SecurityLevel2::Current_var var_security_current_ref =
SecurityLevel2::Current::_narrow(var_security_current_oref.in());
// Get the principal authenticator
SecurityLevel2::PrincipalAuthenticator_var
var_principal_authenticator_oref =
var_security_current_ref->principal_authenticator();
char user_name[100] = "";
char password[100] = "";
char sys_password[100] = "";
// Narrow to a BEA Principal Authenticator
Tobj::PrincipalAuthenticator_var v_bea_pa =
Tobj::PrincipalAuthenticator::_narrow(var_principal_authenticator_oref.in());
// See what level of logon has been turned on
Tobj::AuthType auth_type = v_bea_pa->get_auth_type();
cout << "Auth type: ";
switch (auth_type) {
case Tobj::TOBJ_APPAUTH: cout << "TOBJ_APPAUTH"; break;
case Tobj::TOBJ_SYSAUTH: cout << "TOBJ_SYSAUTH"; password[0] = '\0';
break;
case Tobj::TOBJ_NOAUTH: cout << "TOBJ_NOAUTH"; break;
default: cout << "TOBJ_<unknown>"; break;
cout << endl;
cout << "Username: ";
cin >> user_name;
switch (auth_type) {
case Tobj::TOBJ_APPAUTH: {
cout << "User password: ";
cin >> password;
// fall through
case Tobj::TOBJ_SYSAUTH: {
cout << "App password: "; cin >> sys_password;
break;
default: {
break;
// now that we've got all the data necessary, logon
Security::AuthenticationStatus status =
v_bea_pa->logon(user_name,
argv[0],
sys_password,
password,
0); // user data
cout << "Logon result: ";
switch (status) {
case Security::SecAuthSuccess: cout << "SecAuthSuccess"; break;
case Security::SecAuthFailure: cout << "SecAuthFailure"; break;
case Security::SecAuthContinue: cout << "SecAuthContinue"; break;
case Security::SecAuthExpired: cout << "SecAuthExpired"; break;
default: cout << "SecAuth<unknown>"; break;
cout << endl;
if (status != Security::SecAuthSuccess) {
cerr << "Invalid password." << endl;
exit(1);
Here are the entries I added to the ubb config file:
*RESOURCES
SECURITY USER_AUTH
AUTHSVC AUTHSVR
*SERVERS
AUTHSVR SRVGRP=SYS_GRP SRVID=6 RESTART=Y GRACE=600 MAXGEN=2 CLOPT="-A"
I do not have the WLE Security Services installed (i.e. the package
that provides SSL and crypto). Is this required? It's not clear to me
from the documentation if this is required for username/password based
authentication or not.
Thanks for any help,
Tim Bartley

Hi Michael
I am using SSL in my application. So that it asks for the certificate username
and password while startup. But now i want to mention the username and password
in weblogic.properties file itself. So that the client need not have to provide
the username and password everytime. I am using weblogic server 5.1 version.
How do i do this?
Hope my question is clear. Please help.
with regds
siva
Michael Young <[email protected]> wrote:
Hi.
It's not 100% clear to me what you are asking for. Do you want authentication
turned off for
your application? That will certainly turn off prompting for authentication
information. You
can set your ACL for your application (in your properties file) to allow
everyone to execute
it. Something like:
weblogic.allow.execute.<myApplication>=everyone
But maybe you want some kind of silent authentication so that not everyone
can execute your
app? I suppose you could pass authentication info in a cookie. I really
don't know enough
about your application, though.
I suggest you post this question in weblogic.developer.interest.security
- you have a better
chance of getting an answer there for security related questions.
Hope this helps.
Michael
siva wrote:
Hi all,
I have the following requirements. I have an application which asksfor the authentication
information like username and password at first. The application isrunning in
weblogic5.1 server. Is there a way where in weblogic.properties file,i mention
the username and password so that the application will not ask forin the browser.
please help. It's urgent.
with regds
siva--
Developer Relations Engineer
BEA Support

Similar Messages

  • WSDL security policy username & password authentication

    Hi,
    I am creating a WS policies in WSDL for username & password authentication , below is what I am using:-
    <wsdl:service name="echoService">
        <wsdl:port name="echoPort" binding="tns:echoBinding">
            <soap:address location="http://pponnala-tecra-xp.stc.com:18181/
             echoService/echoPort"/>
            <wsp:PolicyReference URI="#HttpBasicAuthBindingBindingPolicy"/>
        </wsdl:port>
    </wsdl:service>
    <wsp:Policy wsu:Id="HttpBasicAuthBindingBindingPolicy">
        <mysp:MustSupportBasicAuthentication on="true">
            <mysp:BasicAuthenticationDetail>
               <mysp:WssTokenCompare/>
            </mysp:BasicAuthenticationDetail>
        </mysp:MustSupportBasicAuthentication>
        <mysp:UsernameToken mysp:IncludeToken="http://schemas.xmlsoap.org/ws/
         2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
           <wsp:Policy>
                <sp:WssUsernameToken10>bobby</sp:WssUsernameToken10>
                <sp:WssPassword>${pass_token}</sp:WssPassword>
           </wsp:Policy>
      </mysp:UsernameToken>
    </wsp:Policy>
    Here I need to pass the <Wsspassword> in the respective placeholder from the application. How we can pass
    the respective password to the <sp:WssPassword>${pass_token}</sp:WssPassword>? I have hardcoded with some
    valid password. But it is not working. What I am doing wrong here? Is there any way we can validate the authentication
    in a better way in WSDL? Also clarify now we can pass the password in the respective pass_token placeholder?
    Please clarify.
    Thanks.

    If you want the script to check whether the user successfully logged in. Go to tester's perspective, click on the POST request of the login and view HTML page response. There you should be able to see the page after successful login. Search and select an element that only appears after successful login, right click the test and create a variable. Use that variable to create a check after the POST request to let the script know whether it should continue or fail the script.

  • Securing a BPEL Process with username/password in 10g

    securing a BPEL Process with username/password in 10g

    use OWSM gateways..
    create a gateway and define your policy in the gateway

  • EUS password authentication in sql developer failing with username/password

    We have recently changed to use Enterprise User Security (EUS) for our client authentication (password global authentication).
    This is working fine but we are encountering an issue with SQL Developer whereby we can't logon using our EUS details, it simply returns the following on the logon screen:
    Status : Failure - Test failed: ORA-01017: invalid username/password; logon denied
    Logging on via sql plus client and server software and other 3rd party tools like pl/sql developer works correctly.
    It appears to be an issue with sql developer itself.
    We are using the latest Production release of sql developer 2.1
    Does anyone have any ideas?
    This is an issue for
    Edited by: david butler on Jan 14, 2010 10:45 AM

    Further to this, I have now found a suitable resolution to this that doesn't require an external client.
    There is a jdbc setting that will allow you to use EUS password authentication.
    Add the jdbc line option (below) in the sqldeveloper.conf file (backup the sqldeveloper.conf file first).
    AddVMOption -Doracle.jdbc.thinLogonCapability=o3
    The sqldeveloper.conf file can be found wherever you have installed sqldeveloper, under <INSTALL_HOME>\sqldeveloper\bin\sqldeveloper.conf.
    After you add this option, restart SQL Developer and you should be able to use your EUS username / password to authenticate via SQL Developer.

  • Authentication with username/password *OR* certificates?

    Hi folks,
    we have to authenticate users either via username/password combo or via
    certificate.
    Of course, by using SSL in both cases. Is this possible with WLS 6.0? Since
    I've read
    that I have to configure WLS explicitly to support client certificates, I'm
    rather suspiscious
    if this will work.
    Any ideas anybody?
    Regards,
    Gerhard

    You can use certificates for authentication if you do the following:
    1) you need to implement a CertAuthenticator which, given a
    certificate from SSL, extracts a user name (for example, get
    the email address from the certificate and return the name
    portion - [email protected] might use foo as the user name)
    2) in your realm, you must have a user for the user name in
    the certificate (so, for the example above, you need to have
    a user named "foo" in the realm)

  • Authentication Scheme with Username / Password stored in App Table

    Hi all,
    Up to now all of our applications have used SSO authentication, but I now need to step away from this to allow users from outside our organisation (and therefore not in our OID system) to use one specific application.
    I therefore have a table in my application that stores username and password. I have a function that compares the entered username and password to this table and returns a boolean result. This function is then registered in my Authentication Scheme as the Authentication function.
    All this works well and is causing no problems. The problem is that the password is stored and checked in plain text - obviuosly not very good.
    How do I go about changing the password column in my table, the pages that allow this password to be set and updated and the authentication function that checks the username / password to use some form of encryption?
    Also, do I need to be worrying about all the other fields (Page Sentry Function,Session Verify Function, Pre-Authentication Process etc) that the Authentication Scheme offers me - or can I just leave these blank as they are now.
    If someone can give me a complete 'out-of-the-box' solution that would be wonderful - otherwise a good hard pusj int he right direction would be much appreciated.
    Many thanks,
    Martin

    Hello Martin,
    If you check out the Discussion Forum application here, you should find the information you need. This app stores an encrypted version of the user's password in the table.
    http://www.oracle.com/technology/products/database/application_express/packaged_apps/packaged_apps.html#FORUM
    Good luck,
    Don.
    You can reward this reply by marking it as either Helpful or Correct :)

  • Problem with username/password using SQLAuthenticator

    I want to setup SQLAuthenticator but authentication is refused because wrong username/password.
    I am using JDev Studio Edition Version 11.1.2.1.0 with integrated WLS.
    As a base I take this two URLs:
    http://weblogic-wonders.com/weblogic/2010/03/11/configuring-sql-authenticator-with-weblogic-server/ and
    http://biemond.blogspot.com/2008/12/using-database-tables-as-authentication.html
    1. I create db tables (default table names for SQLAuthenticator), but don't fill users and groups - OK
    2. In WLS I create new SQLAuthenticator Authentication provider inside deafult realm myrealm - OK
    3. I put this provider to the top among all three providers
    4. In JDev I configure ADF Security - define Enterprise Roles to matching to the names in GROUPS table of SQLAuthenticator - ??
    5. I Define Application users and roles and setup Resource grants
    6. I run my application
    7. In database tables USERS, GROUPMEMBERS, GROUPS I can see users and roles from Jdev, that means, at deploy time, this tables are filled too
    8. In WLS I can see Users and Groups under myrealm which are transfered at deploy time and mirrors USERS, GROUPMEMBERS, GROUPS
    9. In USERS table I can see password is encripted by {SHA-1}
    But when try to login I am always rejected with "Invalid username or password".
    Before setting up SQLAuthenticator (only default options) the logins were successful, so application shold be OK.
    I try also with Plaintext Passwords Enabled and put into USERS table unencripted password, but without success.
    I can confirm that SQLAuthenticator mechanism actually get password from USERS table. I replaced default SQL for getting password from
    SELECT U_PASSWORD FROM USERS WHERE U_NAME = ?
    to
    select get_pwd(?) as U_PASSWORD from dual. In my get_pwd PL/SQL function I perform logging in I can see that this function was called.
    So the problem is in WLS when comparing passwords.
    Any suggestions, where to start digging?
    Ragards,
    Sašo
    Edited by: Sašo C. on 5.10.2011 7:26
    Edited by: Sašo C. on 5.10.2011 7:32

    The problem is solved! Crucial was hint from http://biemond.blogspot.com/2008/12/using-weblogic-provider-as.html:
    The Control Flag for my new SQLAuthenticator Authentication provider must be changed from Optional to Sufficient AND
    the Control Flag for existing DefaultAuthenticator must be changed from Required to Sufficient!
    It seems that before SQLAuthenticator took password from USERS table, but didn't use it in the authentication process.
    Regards,
    Sašo

  • Bookmark a page with username/password in the URL

    I can add username/password for HTTP authentication directly to the URL (e.g. http://user:[email protected]/ ) and this works fine with the browser on Firefox OS 1.3 (on a ZTE Open C). However, when bookmarking that page, the bookmark doesn't include the username/password any more and so I'll have to manually enter the username/password when visiting that site again (after clearing private data) - and unfortunately there is no password manager for Firefox OS yet...
    Another way to add a bookmark appears to be via a small Javascript using the "save-bookmark", however that appears to only give me the option to add the bookmark to the Home Screen (and I am not sure if it will keep the username/password information in the bookmarked URL).
    Is there any other way to add a bookmark to the browser and keep the username/password information in the URL?

    Here is an example:
    http://user1:[email protected]/auth-basic/
    Works fine if you enter that URL in the URL bar. But when bookmarking it, it only gets bookmarked as http://test.webdav.org/auth-basic/ and so you will have to enter username and password again (after clearing cookies and session data) when opening from bookmarks.

  • Simple http username-password authentication

    I want to achieve a simple authentication process. When a user wants to access the internet, he/she would have to enter username/password combination. The platform is 1721 or 1841 router.
    I tried to use authentication-proxy, but it turns out IOS 12.3 doesn't support Windows RADIUS server.
    Is there a way to use authproxy with a windows-based solution?
    If not, what else can I use besides authproxy IOS feature?
    Thanks

    To use auth proxy you need a RADIUS server, this should work if you have ACS server.

  • Frontrow chokes on iphoto galleries protected with username password

    When I try to select in Frontrow a web gallery (as they are listed on the bottom on the selection list) which is protected by a username and password the screen turns black, after a few seconds the list comes back and is blocked. Again after a few seconds an error message pops up telling to press pause/play which brings you back to the main menu.
    Galleries without username password work fine and also the tumbnails left of the protected gallery names in the list are correct.

    adrenalin. I couldn't disagree more about the AppleTV still being a useless device.
    it USED TO BE a brick in our living room, the only time it got turned on was when the Comcast remote's code became liked by the AppleTV and turned it on every time I turned on the cable box.
    However after this update... I must say, the thing rocks. It's not cheaper to rent movies at my local store, it's certainly not more convenient, and the integration with my iPhone is insane. I just rented a movie last night after the update. And have tested moving it between computer, tv, and phone, all without a hitch. This is going to be awesome.
    My complaint with the .mac settings is an easy fix. Hopefully in the next incremental update. Apple?
    Now what I want to know is, once the iPhone SDK is released, who out there is going to be first to get me a third party app that turns my iPhone into a full fledged bluetooth remote for my appleTV. Can't wait to be able to use a full keyboard.

  • JSP-MySQL user login with username, password and registration

    Hi everyone:
    i need to create a simple jsp client login with username and password. There is also a registration link for those not register yet.
    I m using tomcat and MySQL and have already create a client login with username and password page.(record already in database).
    I m now have no idea on how to create a registration link, ie update the database. please help..the examples i search through google were build by Jboss, strut, ApacheGeronimo which i m not familiar with.
    Is it any "package" or "wizard" available in creating the login and registration page? Most of the webpage has build with user login and registration part, may i know how they "create" them?
    Please help.. Thanks in advance!

    hi,
    You can use tomcat5.5 for this. you can get help from the following link.
    http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html
    If ur registrantion page is RegistrationPage.jsp then u can write it:
    <a href="RegistrationPage.jsp">Registration Page </a">For Registration page u have to use session & for u can search this in javaworld.com site. MAy from this u will get ur solution

  • Problem with USERNAME & PASSWORD creation--JDBC connection with MYSQL

    How to connect to JDBC with Mysql Connector
    i installed mysql & created table, it works fine
    During Password---> I gave it as tiger , no username
    i installed mysql connector
    i saved the .jar file path in class path
    HOW TO CREATE USERNAME & PASSWORD & DATASOURCE NAME ---> Is it the password -tiger or something else like (ADMinstrative tools-ODBC-services--etc )
    Pl, help,
    tks
    Xx

    How to connect to JDBC with Mysql Connector
    i installed mysql & created table, it works fine
    During Password---> I gave it as tiger , no usernameTiger? This ain't Oracle.
    I think you should give a username and password. How can it look up a password without a username? Better GRANT the right permissions, too.
    Read the MySQL docs a bit more closely. Your path isn't the way to go.
    %

  • Email Access with Secure Password Authentication [SPA]

    Hi All,
    I am sorry if this question is repeated.
    My company uses Secure Password Authentication [SPA] to access POP3/SMTP Email access. I was able to configure the email to my iPhone before Company forced SPA.
    Can anybody provide instructions to configure the SPA in iphone?
    Thanks for the help in advance.

    45 Views and No reply. Please help.

  • Administrator API: Login to specific instance with username, password

    1) How do I login to a specific instance of ColdFusion administrator with a username and password.  The example I see everywhere is variations of:
    adminObj = createObject("component","cfide.adminapi.administrator");
    adminObj.login("password");
    which appears to be based on no instances and not multiple administrators.
    my goal is to log into a set of instances and assign datasources to each of them based on a csv file.  I know how to do all that once logged in.
    What I don't know how to do is log in!
    Please help!
    2) Is there an actual document anywhere that actually documents the administrator API?  I have the help files that I suspect everyone has and they don't.
    Thank you.

    The way I did it was to create a directory under the cfide folder in a given instance and called the pages via http://server.blah.com:8301/cfide/blah/admin.cfm
    Here's some example code of creating a datasource (I don't recall where I grabbed it from, it isn't mine - but it does work).
    <!--- <!--- log in CFAdmin User --->
    <cfset administratorService = CreateObject("component","CFIDE.adminapi.administrator")>
    <cfset bIsLoggedIn = administratorService.Login(dsnpassword,dsnuser)>
    <cfif bIsLoggedIn>
       <cfset datasourceService = createObject("component", "CFIDE.adminapi.datasource")>
       <!--- check to see if datasource with same name doesn't already exist --->
       <cfif datasourceService.VerifyDSN(#dsName#) eq false>
          <cfset stArgs = StructNew()>
          <cfset stArgs.name = #dsName#>
          <cfset stArgs.database = #dbName#>
          <cfset stArgs.host = #dbServer#>
          <cfset stArgs.port = 1433>
          <cfset stArgs.driver = mssql>
          <cfset stArgs.selectmethod = datasource_selectmethod>
          <cfset stArgs.username = dbuser>
          <cfset stArgs.password = dbpassword>
          <!--- create datasource - this one's for MSSQL DB --->
          <cfset datasourceService.SetMSSQL(argumentCollection=stArgs)>
       </cfif>
    </cfif> --->

  • My email provider uses no encryption (no SSL), and does not require me to log onto SMTP with username/password. If I do, it doesn't configure. Please help. NICK

    Have never struck this before. Usually email apps give the choice of "No Encryption" (as against SSL). My system will not brook encryption in this form. Also, when setting up SMTP, there is an option for username and password NOT to be added every time the email is accessed. Yet this app requests that you do. If so, then my emails will not work in this form. Other than that, I like it! :-) NICK

    Hey there,
    Thank you for contacting Mozilla! I understand that you are having problems with accessing email on your phone. In order to better understand and investigate on the issue that you are encountering, please reply to this message with the following information:
    * What is the model of your phone?
    * What is the OS version found in the Device Information page? Please visit [http://mzl.la/Gzz6Kp this link] if you need help finding the Build ID of your phone.
    * Please provide the exact steps to reproduce the issue you are encountering.
    * Who is your current cell phone carrier?
    * How often do you encounter this issue?
    Please be sure to include as much detail as possible, including any websites that may exhibit this issue, and any error messages that you may be receiving, exactly as they appear. This will ensure that we will have all the information needed to investigate into this. Thank you for your help and we look forward to hearing from you!
    Curtis Parfitt-Ford
    Mozilla Support

Maybe you are looking for

  • I can't write to usb stick [solved]

    I've installed arch on my notebook yesterday. It took a few hours, but I got almost everything working correctly. My issue is that when I plug in a usb stick, it gets automatically mounted, but I can't write to it. I had the same issue with my ntfs d

  • RDP to a Terminal Server via TTPT not working through routers.

    I am having problems using RDP to a terminal server through a user home router and DSL connection. User has a Linksys WRT5G v3 (Firmware 4.21.1) connected to a Cisco 678 DSL Modem.  If I direct connect the home computer to the Cisco DSL Modem everyth

  • How can I transfer PDF books to the kindle app

    how can I transfer PDF books to the kindle app     

  • HT204053 Music transfer

    How do I transfer music from my itunes located on my hp laptop to my ipad

  • BAPI for Pricing & Conditions

    1. what is the use of Function     Module "BAPI_PRICES_CONDITIONS"? what value we have to pass to BAPI BAPI_PRICES_CONDITIONS"? 2. Which function Module will use to Extract the Pricing & conditions Details (from SD) ? 3. Can anyone help me how to ext