Msg #732 - The 'Block authenticated user' rule is active.

Similar Messages

• Using a bean to capture the currently authenticated user information

  Hi,
  i have an ADF web based application . The authentication and authorization is managed by OID(LDAP) . I want to put user level access in the application. I have made a custom method in the application module, that handles the authorization at user level. But i do not know how to capture the info of currently logged in user. I'am aware i can do this using a bean. Can someone tell me how

  It'd be better to post this to the JDeveloper forum where ADF is covered.
  cheers
  -steve-

• De-authenticating users with multiple active sessions

  Hi guys,
  I haven't posted much, but I've lurked for a long time and, until now, always found
  the answer to my questions, but this one has me stumped. I've implemented the
  Session Timeout utility successfully,
  but I would like to add another function that would exchange a transaction_id between
  the user and the server, as mentioned
  Re: diallow multiple logins.
  When I try to use this new function, the initial cookie gets set and the value is
  inserted into the table. However, when I try to navigate to a second page, the value
  in the cookie is not the same as the value in the table. When I keep all of the records
  and compare them to all of the set-cookie calls, it appears that the
  table is being updated more often than the cookies. I would really appreciate some
  input on this problem or another way to validate that the user is active in
  only one session.
  Thanks,
  Art
  This is the process to create the initial cookie on Page 101-->
  declare
    l_magic_number number;
    l_new_number number;
  begin
    select to_number(to_char(sysdate, 'WDDHHMISS')) into l_magic_number from dual;
    dbms_random.seed(l_magic_number);
    l_new_number := dbms_random.random;
    delete from transaction_cookies where trans_user = owa_cookie.get('LOGIN_USERNAME_COOKIE').vals(1);
    insert into transaction_cookies (trans_user, transaction_id)
                    values (owa_cookie.get('LOGIN_USERNAME_COOKIE').vals(1), l_new_number);
    owa_cookie.send(
        name    => 'HTMLDB_SESSION_TRANSACTION',
        value   => to_char(l_new_number),
        expires => null,
        path    => '/',
        domain  => null
  end;And the validation function is here-->
  function check_transaction_id return boolean as
  cursor c_select_number(user_name varchar2) IS
          select transaction_id
          from   transaction_cookies
          where  trans_user = user_name;
  l_cookie_exists   boolean       := true;
  l_selected_number number;
  l_cookie_number   number;
  l_new_number      number;
  user_id        varchar2(256);
  begin
      if htmldb_custom_auth.get_user is null then
          return true;
      end if;
      begin
          l_cookie_number := to_number(owa_cookie.get('HTMLDB_SESSION_TRANSACTION').vals(1));
          exception when no_data_found then
              l_cookie_exists := false; -- no cookie set, assume first page visit after login
      end;
      user_id := owa_cookie.get('LOGIN_USERNAME_COOKIE').vals(1);
      open  c_select_number(user_id);
      fetch c_select_number into l_selected_number;
      close c_select_number;
      if l_cookie_exists and l_cookie_number <> l_selected_number then
          delete from transaction_cookies where trans_user = user_id;
          OWA_COOKIE.REMOVE(
              name    => 'HTMLDB_SESSION_TRANSACTION',
              val   => to_char(l_cookie_number),
              path    => '/');
          wwv_flow.g_unrecoverable_error := true;
          owa_util.redirect_url('f?p='||wwv_flow.g_flow_id||':'||l_invalid_session_page);
          return false;
      elsif not g_other_cookie_already_sent then
          select to_number(to_char(sysdate, 'WDDHHMISS')) into l_magic_number from dual;
          dbms_random.seed(l_magic_number);
          l_new_number := dbms_random.random;
          delete from transaction_cookies where trans_user = user_id;
          insert into transaction_cookies values(user_id, l_new_number);
            /* The timeout function opened the HTTP header...*/
          owa_cookie.send(
              name    => 'HTMLDB_SESSION_TRANSACTION',
              value   => to_char(l_new_number),
              expires => null,
              path    => '/',
              domain  => null
          owa_util.http_header_close; /* Since this is called after the timeout function, THIS one will close the header*/
          g_other_cookie_already_sent := true;
      end if;
      return true;
  end check_transaction_id;

  Art - Thanks for the detailed problem description (with code). The problem you're seeing is due, in part, to the fact that an application's session verification function is run on every page show and page submit. Based on your function's logic, when you show a page, a cookie is sent (after you purge the table and do an insert). Then you submit the page and it runs again, purging the table, inserting a new value into the table, and sending that value in the cookie. Then the page branches to the next page (usually doing a URL redirect. Here's where it messes you up. Whenever a redirect is done, apex clears the HTTP header, so the cookie doesn't get to your browser. When the next show page request is handled (as a result of the branch), the function checks if the browser's cookie matches the value in the table. It doesn't.
  The solution will involve having the function not do its thing if a page "submit" is being processed. There might be better ways to detect this but here is some could you could try:    if owa_util.get_cgi_env('REQUEST_METHOD') = 'GET' and
         lower(owa_util.get_cgi_env('PATH_INFO')) = '/f' then ......which would be true for show requests only (f?p URLs). I have to tell you though, that with some of the newer request types (ppr pagination, csv/fop output, on-demand/ajax invoked processes, ...), you may have to tinker quite a bit.
  Also, in your code I see you use the LOGIN_USERNAME_COOKIE cookie to identify the user. This will not be reliable if a user is using the same browser to run more than one application. You really should use v('APP_USER') to identify the user (authenticated or not). And if your user is running multiple apps in the same browser, your other cookie needs a name unique to the application lest one app's cookie overwrites the other's.
  Scott

• Periodically Hyperion Workspace Will Hang with msg "Authenticating  User.."

  Hi,
  Periodically Hyperion Workspace Will Hang with the Message "Authenticating User.." after Supplying the Username and Password for the Login. But FDM, Smartview are working fine. The problem is only with workspace.
  No errors has been recorded in HSvevent log and workspace logs.
  We are using Weblogic application server and the version is 11.1.1.3.
  It is working fine once we restart the Hyperion workspace- Agent service.
  Please advice the possible root causes for this, so that we can put a permanent fix for this issue.
  Thanks

  Hi-
  I've encountered this issue in my slow network environment, and it was rectified after we've done the following:
  Enable IE ActiveX controls:
  1. Open Internet Explorer
  2. Click the Tools menu, and then click Internet Options
  3. On the Security tab, click the Custom level button
  4. Scroll down the Security Settings list until you see ActiveX controls and plug-ins
  5. Enable Automatic prompting for ActiveX controls
  6. Scroll down to Download signed ActiveX controls and click Enable or Prompt
  7. Scroll down to Run ActiveX controls and plug-ins and click Enable or Prompt
  8. Scroll down to Script ActiveX controls marked safe for scripting and click Enable or Prompt
  9. Click OK, and then click OK again
  Add 3 DWord items to the registry under
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  ReceiveTimeout 900000
  KeepAliveTimeout 900000
  ServerInfoTimeout 900000
  These values are in milliseconds. So, 900000 is 15 minutes
  Access URL using the pop-up: http://server:19000/workspace, not the http://server:19000/workspace/index.jsp <-- not sure what's the differences on how this works, but apparently it worked well in my slow network environment.
  Increase the workspace server timeout settings.
  Use supported browsers in the Oracle certification matrix.
  -William

• Authenticated Users & Users missing from Root

  Hello,
  Environment: MDT 2013, 2008 R2, Windows 7 x86.  MDT is located on Windows 7 x86 and is not integrated with SCCM or WDS.
  Process: Separate build, capture, and deployment task sequences.
  Problem:  After deployment the Authenticated Users and local Users are missing from the root (e.g., c:).  The only security permissions assigned to the root are SYSTEM, domain account, Local Administrator.
  This causes problems once joined to a domain due to the fact Authenticated Users have no permissions forcing a given user to have a temporary account.  So far, only a partial workaround is identified and is undesirable in the long-run.  The workaround
  is to manually add Authenticated Users as well as the Local Users to the root and delete the domain account but the system will only allow partial inheritance through the file structure.  Delete all entries for a particular user in the registry (e.g.,
  PolicyGUID, ProfileGUID, ProfileList).  Afterwards, log in to the machine with an account within the domain administrator group.
  Additional information shows the registry Profilelist entries for a user maintains partial access with a value of 204; this includes the user and a domain account within the administrator group.  The domain account present after deployment has a value
  of 0.  Two accounts have the expected value of 256 and they are the local and domain administrator account.
  Also, if the same image is deployed using the PE environment the accounts are as they should be.  The groups added are: Authenticated Users, Localmachine\Users, SYSTEM, Localmachine\Administrators.
  The questions are: why would the Authenticated Users and Local Users accounts be missing?  Why is the account used to deploy added?
  Help is very appreciated, and thank you.

  Hello, Nicholas the sysprep and capture is completed by a default template from MDT LTI sequence.  The answer file used is the default provided by MDT.  No attempt is made to capture from winpe because this simply negates the point of the MDT process. 
  However, applying the same image from winpe there are no permission issues and all the appropriate groups are assigned to the root.
  With returning to the office this fine morning, I ran icacls on a machine:
  C:\Users\Administrator>icacls c:\
  c:\ No mapping between account names and security IDs was done.
  (I)(OI)(CI)(F)
  BUILTIN\Administrators:(I)(OI)(CI)(F)
  NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
  Mandatory Label\High Mandatory Level:(OI)(NP)(IO)(NW)
  Successfully processed 1 files; Failed processing 0 files
  Thank you for the continued effort, Nicholas.  With the additional icacls information I will delve into the general error provided.

• Authenticated Users

  I am reading that the Everyone group includes the group Authenticated Users, plus the Guest account, plus the reserved accounts SERVICE, LOCAL_SERVICE, NETWORK_SERVICE, etc.   Is this still the case in Windows 8.1?
  To be clear, would Authenticated Users only include:
  1) Users who login interactively, including users in Guests group (NOT the Guest account!)
  2) Users who login through Terminal Services or Remote Desktop
  3) Users who access resources on the computer through Microsoft Networking.
  Does this imply that any file system resource that needs to be accessed by system services will have the "Everyone" group with a minimum of read access on the target folder or files?
  Is there any documentation listing all file system resources that either Windows 8 or Windows 2012 system services need to have access to?   I'm trying to harden my NTFS permissions and I don't want to break critical system services.
  Will

  Sorry for my dilatory reply. According to your description, I doubt there is no way to achieve your goal. As far as I know, there is no app of microsoft can manage a progress file access. What we can do is
  limit User Account execute the program, such as using AppLocker, we can specific special
  user execute the program.
  I am not requiring a program from Microsoft to virtualize or secure anything.  It would be nice to have that but it was not the question.  My question is do we have documentation about what specific security settings and user rights a new user
  group needs to have to be able to execute applications while logged in?   
  I don't want them in Users group because that group has write access to a large part of the file system.  I want to create a new NTFS group with very limited file system access, which then forces me to add that new user group into the various security
  settings and user settings required to execute programs.
  Such documentation has to exist somewhere....
  Will

• Everyone Group vs. Authenticated Users Group

  Two questions.....
  1.) What is the difference between the "Everyone" group and the "Authenticated Users" group.
  2) We are starting to use some new BI content (NW04s) in our federated portal and have found that we have to grant permissions to "Authenticated Users" instead of the "Everyone" group. Any ideas why?
  Regards,
  Diane

  Diane,
  The following asnwer is not a SAP answer but I did a quick check on our system and:
  1. the difference between the group Everyone and Authenticated users is exactly 1 user assignment.. I looked further and see that it has to do with the J2EE_GUEST user. this user is member of the group Everyone but NOT of the group Authenticated users.
  2. Can not give you a sure anser on this question but maybe it has to do with security that this is needed?!?!\
  Hopfully another SDN community member can fill me in here...
  Good luck and Kind Regards,
  Benjamin Houttuin

• Reg Authenticated Users Group

  Hello Everyone.
  We created two Roles Role1 and Role2 for this Roles we have assigned the Group "Authenticated Users"
  Now the client requirement is they wants to remove couple of users who are assigned to Role1(who belong to "Authenticated Users" group.
  Though it is not a good practise One thing I can do is search for the group "Authenticated Users" in portal  then choose modify and choose assigned users and remove the users from this group.So,that they can not see Role1
  If I remove the users from the group "Authenticated Users" then they will not be able to see Role2 as they are removed from the "Authenticated Users" group which is assigned to Role2
  Can anyone help me out regarding this issue.

  Hi Shailesh,
  What you understood is correct ie  "Both the users have been added to Role 1 and Role 2, and both the roles have been assigned to "Authenticated Group".
  I tried the step what you have stated.
  once I login to portal --- User administration -- identity management
  search for the user.
  choose modify
  if I click on assigned roles I do not see either Role1 or Role2 under assigned roles
  but if i click on assigned groups I see " Authenticated  Users"
  thanks in advance

• Authenticated users blocked by rbl

  Hi,
  I have a user who is now having email sent via our server blocked by an rbl. The email being sent was to me, so we both have an account on the same server and no other mail server was involved.
  Is there a way to configure Postfix to accept all incoming email from authenticated users, bypassing the rbl list for authenticated users?
  Output of postconf -n below.
  Thanks
  Ron
  alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  daemon_directory = /usr/libexec/postfix
  debugpeerlevel = 2
  enableserveroptions = yes
  html_directory = no
  inet_interfaces = all
  localrecipientmaps = proxy:unix:passwd.byname $alias_maps
  luser_relay =
  mail_owner = postfix
  mailboxsizelimit = 0
  mailbox_transport = cyrus
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  mapsrbldomains =
  messagesizelimit = 10485760
  mydomain = wagnercreativegroup.com
  mydomain_fallback = localhost
  myhostname = smtp.wagnercreativegroup.com
  mynetworks = 127.0.0.1/32,66.167.106.195/32,66.167.106.194
  mynetworks_style = host
  newaliases_path = /usr/bin/newaliases
  ownerrequestspecial = no
  queue_directory = /private/var/spool/postfix
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = postdrop
  smtpdclientrestrictions = permit_mynetworks rejectrblclient zen.spamhaus.org rejectrblclient combined.njabl.org rejectrblclient bl.spamcop.net permit
  smtpdpw_server_securityoptions = plain,login,cram-md5
  smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
  smtpdsasl_authenable = yes
  smtpduse_pwserver = yes
  unknownlocal_recipient_rejectcode = 550
  virtualaliasdomains = hash:/etc/postfix/virtual_domains
  virtualaliasmaps = hash:/etc/postfix/virtual,hash:/var/mailman/data/virtual-mailman
  virtualmailboxdomains = hash:/etc/postfix/virtualdomainsdummy
  virtual_transport = lmtp:unix:/var/imap/socket/lmtp
    Mac OS X (10.4.8)  

  Change:
  smtpdclientrestrictions = permit_mynetworks rejectrblclient zen.spamhaus.org rejectrblclient combined.njabl.org rejectrblclient bl.spamcop.net permit
  to:
  smtpdclientrestrictions = permitsaslauthenticated, permit_mynetworks rejectrblclient zen.spamhaus.org rejectrblclient combined.njabl.org rejectrblclient bl.spamcop.net permit
  Issue: sudo postfix reload
  Also, if you like, see my tutorial on "Frontline spam defense for Mac OS X Server", available here:
  http://osx.topicdesk.com/downloads/

• Problem: SMTP Authenticated Users Blocked By RealTime Blacklists

  Running Server 10.5.2
  I have the following RTBLs in the server setup
  bl.spamcop.net
  zen.spamhaus.org
  I have several remote users on cable connections who connect to the SMTP service and authenticate using their login and password. When they try to send email, the RTBLs block them from being able to relay mail even though they are authenticated users.
  Shouldn't Authenticated users bypass any RTBLs which are defined?
  Is there any way to fix this major program (Major problem for me anyways)?
  Message was edited by: ch0b1ts2600

  You can add the IP of you remote users to the list at 'Accept SMTP relays from these hosts and networks' under the Mail > Relays tab of Server Admin. Unfortunately for those users with dynamic IP addresses you may find yourself inserting a range of IPs like "66.214.80.0/20".
  It's a lot easier than constantly trying to remove their IP from the Spamhaus RBL list.

• CSA User authentication auditing rule and Policy conflicts

  Hi there
  We have CSA 5.2 in our environment and i created a custom policy and added the 'user authentication auditing' rule and enabled auditing failure events on windows XP machine but i dont see any failure attempts in the CSA MC event log even though i tried to logon on with invalid passwords.What could be the reason for this.
  Secondly i was wondering what happens when i apply two policies, Are the policy settings added and applied to the group or one policy gets priority over the other
  Thanks for your anwers
  Ahmed

  Have you checked the security event logs on the machines in question? If there are no events there, CSA cannot report them.
  That's where CSA gets the info and by default, there is no account auditing in Windows XP.
  You have to enable it either via group or local policy.
  Tom

• How do I combine two user iPhoto files into one...keeps blocking the pics between users

  How do I combine two user iPhoto files into one...keeps blocking the pics between users on the same Mac?

  Put the library on an external hard drive that is formatted as shown in this screenshot:
  OT

• Workspace Credential Conflict between Logged-in User and the Authenticated User

  Hi there,
  I am running LiveCycle ES Update1 SP2 with Process Management component on WIN/JBoss/SQL Server 2005.
  I have been encountering user credential conflicts from time to time, but it has not been consistent and the problem manifested in various ways, such as:
  - problem when logging in with error "An error occurred retrieving tasks." on the login screen
  - user logs in successfully but is showing somebody else queue(s) with his/her own queue with no task in there
  - fails to claim task from group queue.
  The stacktrace from the server.log file I collected from a production system shows the exception below.
  Has anybody else encountered the similar problem?
  It looks to me that it doesn't log out cleanly and some kind of caching is done on the authenticated session and is not cleaned up properly on user logout.
  2009-07-10 15:05:13,955 ERROR [com.adobe.workspace.AssemblerUtility] ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
  2009-07-10 15:05:13,955 INFO  [STDOUT] [LCDS] [ERROR] Exception when invoking service 'remoting-service': flex.messaging.MessageException: ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
    incomingMessage: Flex Message (flex.messaging.messages.RemotingMessage)
      operation = submitWithData
      clientId = F3D2CDD0-330F-F00B-C710-5AF3F7CB4138
      destination = task-actions
      messageId = 7E385A6B-E4E6-3A81-CD6A-630DF4FAE5BB
      timestamp = 1247202313955
      timeToLive = 0
      body = null
      hdr(DSEndpoint) = workspace-polling-amf
      hdr(DSId) = F3C38977-171B-7BED-3B16-F3A5FE419479
    Exception: flex.messaging.MessageException: ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
      at com.adobe.workspace.AssemblerUtility.createMessageException(AssemblerUtility.java:369)
      at com.adobe.workspace.AssemblerUtility.checkParameters(AssemblerUtility.java:561)
      at com.adobe.workspace.tasks.TaskActions.callSubmitService(TaskActions.java:788)
      at com.adobe.workspace.tasks.TaskActions.submitWithData(TaskActions.java:773)
      at sun.reflect.GeneratedMethodAccessor941.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at flex.messaging.services.remoting.adapters.JavaAdapter.invoke(JavaAdapter.java:421)
      at flex.messaging.services.RemotingService.serviceMessage(RemotingService.java:183)
      at flex.messaging.MessageBroker.routeMessageToService(MessageBroker.java:1495)
      at flex.messaging.endpoints.AbstractEndpoint.serviceMessage(AbstractEndpoint.java:882)
      at flex.messaging.endpoints.amf.MessageBrokerFilter.invoke(MessageBrokerFilter.java:121)
      at flex.messaging.endpoints.amf.LegacyFilter.invoke(LegacyFilter.java:158)
      at flex.messaging.endpoints.amf.SessionFilter.invoke(SessionFilter.java:44)
      at flex.messaging.endpoints.amf.BatchProcessFilter.invoke(BatchProcessFilter.java:67)
      at flex.messaging.endpoints.amf.SerializationFilter.invoke(SerializationFilter.java:146)
      at flex.messaging.endpoints.BaseHTTPEndpoint.service(BaseHTTPEndpoint.java:278)
      at flex.messaging.MessageBrokerServlet.service(MessageBrokerServlet.java:315)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:252)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at com.adobe.workspace.events.RemoteEventClientLifeCycle.doFilter(RemoteEventClientLifeCycle .java:138)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:202)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:202)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
      at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:159)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11P rotocol.java:744)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
      at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
      at java.lang.Thread.run(Thread.java:595)
  Kendy

  I am having the same server issue and i cant get hold of SP3 to fix it. can anyone tell me how to fix this problem or provided a link where i can get SP3 from? Ive spent most of the day on the phone to Adobe Support and they have been unable to provide me with a link to the service pack.

• Create users in OID or update FND_USER to do the local authentication

  Hi,
  We have changed the OID sever for an 11i instance
  Hence I think some users who were in the old OID server are not present in the new one
  And the FND users of 11i are not able to get authenticated
  Shall I
  - Create the user in new OID server - Configuration tab of http://server/oiddas doesnt allow me to do that
  How ?
  Any API ?
  - Export / import from the old OID server to new one ?
  If yes, which tables
  - Can I update FND_USER to do the local authentication and not go thru OID/ SSO ?
  Thanks
  - Pooja
  I have posted the question in Application Server - General forum also

  Metalink note 233436.1 and 186981.1 should be of some help.
  You can change to local authentication by setting two profile options
  Applications SSO Login Types set to Local
  and Applications SSO Type to SSWA
  You may have to reset the users password if it has been set to EXTERNAL

• Sharepoint 2010, after restore, webpart only can viewd by authenticated users in the public page.

  Hi, I restore a Site from one server to other which have a different domain.
  I installed the wsp files, I published the page, I check for the site pages and everything is ok but, when I visit the page as normal
  user from internet, I get the next error when I visited the pages with webparts.
  When I visit the page with an authenticated user, that show me the webpart normaly.
  I try to check for permissions in the page, I click page permissions
  or library permissions and shows the next:
  Shows me the same error.
  Any ideas?
  Thanks a lot!!

  Hi,
  As I understand, after you restored the site from one server to other server you encountered the error.
  1. From the error you provided, it seems that it cannot find relative files, it is possible that you did not restore the site fully. You can restore the site again. 
  2. You can check the ULS log with the correlation ID, and get the details of the errors. You can fix the problems according to the details of the errors. 
  The case below is about there are several ways to backup and restore site in SharePoint 2010, you can refer to the case.
  http://sharepoint.stackexchange.com/questions/34639/problem-restoring-sharepoint-from-backup 
  Best regards,
  Sara Fan
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]