Multiple Realms in IM
Does anyone know if all of the applications in OCS 10g recognize multiple realms yet? In 9042 only content management did.
thanks
I opened a tar, the answer still is that only content management can interact with multiple realms in such a way as to provide multi-tenancy. Other/all apps will do the same in "future" releases.
Message was edited by:
[email protected]
Similar Messages
-
Support for multiple realms in JAZN
Hello,
I am trying to write a security application for users across multiple JAZN realms. In my jazn.xml, I have to specify a default realm against which I wanna authenticate my user. But I want to authenticate users from multiple realms and so I wanna specify realm name dynamically(may be from a form with drop down list of all realms). Does anybody has any idea about this?
If I don't specify my default realm in my jazn.xml file,
application does not work. It does not authenticate user.
I don't wanna use LDAP based or database provider. I am using jazn-data.xml as data provider.
Any help is appreciated.
Thanks.I also have the same requirement.
Does anyone has any idea , how to solve this ?
Sheetal if u have resolved this , please let me know the solution.
Regards
Shrikant -
Multiple Realms in Apache Tomcat
Sorry, if this is the wrong forum, but its the closest match i could find.
I am trying to run 2 servlets that use apache tomcat's j_security with a FORM login to authenticate clients. I would like these 2 servlets to be authenticated by having j_security look in two different tables in a MS SQL 2000 Server database.
I have read up a lot on apache tomcat's site, and the sense that i've made of it is that i need to have multiple realms, and in order to do that i need multiple contexts. I've tried wrapping my realm tag in a context tag but it doesn't work. What am i missing?
thanks.
<Context path="/servlet/" docBase="ROOT/WEB-INF/classes" reloadable="true" />
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"
connectionName="sa" connectionPassword="******"
connectionURL="jdbc:microsoft:sqlserver://localhost:1433;databaseName=ConcernCheck;selectMethod=cursor;"
userTable="Operator" userNameCol="Username" userCredCol="Password"
userRoleTable="Operator" roleNameCol="Role" />
</Context>
ThanksHi!
I have the same problem! did you solve this problem? can you give me a hint?
Tnx,
Stanislav -
Forgot-Your-Password process with multiple realms
We’re running OAS 10.2.0.2 and we’re considering adding a second identity management realm in order to have, among other things, a different set of password reset validation fields for one group of portal users versus another group.
With two realms in place and OID/SSO configured so that all users from both realms use a common login mechanism, and, presumably, one forgot-your-password mechanism, will the password rest validation fields that are enforced for a given user automatically be based on the realm of which they are a member?
More specifically, will all users from both realms be able to use one common URL to access the OIDDAS forgot-your-password wizard? If so, I’m assuming that when the user enters their username in that wizard, they are then searched against their realm and the policies of that realm then come into play for the rest of the wizard, right?
In other words, with two realms, is this scenario possible without any custom programming:
We have a link to the OIDDAS forgot-your-password link on our existing portal login.jsp page. User A clicks that link and is taken to the OIDDAS forgot-your-password wizard. First he is asked for his username, which he supplies. Then, to verify his identity, he is asked for his Social Security Number, which he supplies, after which he is able to set a new password.
User B, who is in a different realm, clicks the same forgot-your-password link on our login page. After supplying his username, he is asked for his employee I.D. number, which has been configured as the password reset validator in his realm. After supplying that number, he is able to change his password.
--Steve HuntressHi Steve!
AFAIK each OID realm has its own set of policies.
This would mean that your setup should work. I guess the only difficult thing would be that a user must somehow be uniquely identifiable. When you login into OID with multiple realms you need to supply the realm - or have a unique ID (eg email address) and OID must be setup to search from the top.
In order to get to the right forget your pwd wizard you need the realm.
cu
Andreas -
The specified user could not be found - ADFS with multiple realms
I am using a single trusted identity token issuer (ADFS 2.0) with multiple realms for different sites (urn:sharepoint:int-site1 and urn:sharepoint:int-site2). I added my provider to both sites through central administration and the first site works
fine and allows my external user to authenticate. The second site gives me an access denied page (which I expected) and asks that I request access. When I submit the request for access I get an error message back stating "The
specified user [email protected] could not be found". What could I be missing?Hi Drew,
According to your description. My understanding is that you encountered the error "The specified user [email protected] could not be found“ when you try to login the second site. For resolving your
issue ,please take steps as below:
1.Go to site settings->Site Permissions->Access Request Settings.
2.Check the access request send to whom, whether he approve your access request, before you logon.
Reference:http://blogs.msdn.com/b/russmax/archive/2011/03/15/want-to-use-manage-access-requests-feature-in-sharepoint-2010.aspx
Please inform me freely if you have any questions.
Thanks
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Multiple Realms - What good are they?
If I create multiple realms in WL7 domain, how are they used by the server
to auth/auth a user? Is the default realm always used and the other realms
used only in case of failure?
Is there a way to configure an enterprise application to use a particular
realm for its auth/auth? Or do all applications always use the default
realm. It would be cool if weblogic-application.xml had a <default-realm>
element.
-Greg
Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.com"Greg Nyberg" <greg.nyberg.at.objectpartners.com> wrote:
If I create multiple realms in WL7 domain, how are they used by the server
to auth/auth a user? I newer managed to get any more that 1 security realm active at one time. (WL 6.1)
I think it is not really possible.
Please someone prove me to be wrong. -
Multiple Realms, Weblogic 6.1?
Hoping someone knows the answer to this:
Can you set up multiple realms in weblogic 6.1 and have different
applications default to different realms (using out of the box
weblogic security)?
And is it any different in 7.0?
Tia
VCnope.. it's not possible either in 70/6x
thanks
kiran
"Simon VC -Qantas" <[email protected]> wrote in message
news:[email protected]..
Hoping someone knows the answer to this:
Can you set up multiple realms in weblogic 6.1 and have different
applications default to different realms (using out of the box
weblogic security)?
And is it any different in 7.0?
Tia
VC -
OID multiple realms log in issue
Hi All,
I am using OID in a prototype to store users in different organizations. I have done this by creating multiple realms. I am configuring OID with OBIEE so users in OID can log into OBIEE. I am facing an issue when 2 users have the same userid to log into OBIEE. It allows one user to log in successfully but prevents the 2nd one.
Is there a way I can resolve this issue in OID.
ThanksI installed it on windows using the sql scripts instead of the sh scripts.
-
OID multiple realms on Windows
I have successfully installed OID 10g on Windows. I need to configure SSO for multiple realms. The documentation says that I need to run scripts in LINUX environment to enable multiple realms. I wanted to know whether there is any work around for Windows installation. How can I run those scripts to enable multiple realms for Windows.
ThanksI installed it on windows using the sql scripts instead of the sh scripts.
-
when i create a realm in a website it works ok i then share it through webdav again it works ok, when i create a second realm following the same proceedure it dosnt work any ideas its on 10.6.6 server
Hi!
I have the same problem! did you solve this problem? can you give me a hint?
Tnx,
Stanislav -
Group naming in multiple realms
I am using a LDAP realm and the weblogic realm at the same time. I need to create
a group with the name mssess in the Weblogic realm. The group that in my LDAP realm
is also named mssess. Has anyone tried same group name in muliple realms? I cannot
get it to work.I think wls will discard your group in the weblogic (file) realm because if
wls find a group
in the primary realm, which is LDAP in your case, it does not go on and look
up in the backup
file realm.
"Gary" <[email protected]> wrote in message
news:[email protected]..
>
I am using a LDAP realm and the weblogic realm at the same time. I need tocreate
a group with the name mssess in the Weblogic realm. The group that in myLDAP realm
is also named mssess. Has anyone tried same group name in muliple realms?I cannot
get it to work. -
Windows Native Authentication with 2 (multiple) AD domains
I have managed to get Windows Native Authentication for Oracle Application Server 10g (9.0.4) on Windows working. The following has been done and works in a test environment:
Phase 1) Active Directory (AD) to Oracle Internet Directory (OID) Synchronization
Phase 2) Configure a Kerberos Service Account for the Single Sign-on
Currently all the above setup points to a single windows active directory server, i.e. active1.uk.oacle.com. This is acceptable for a test environment, but before the changes can be deployed to production I need to incorporate some disaster recovery.
The active directory is replicated across multiple servers – i.e. active1.uk.oacle.com, active2.uk.oacle.com. In the event that the primary active directory server is unavailable Oracle users should still be able to access applications. I need to incorporate active2.uk.oacle.com into the above setup.
Questions:
1)Can I get away with not incorporating active2.uk.oacle.com into phase 1. If the users have been pulled into OID then we are not particular concerned with pulling in new users in a disaster situation.
2)Can I configure the Oracle side of the Kerberos setup to use multiple realms with an order or precedence – i.e. try active1.uk.oacle.com, then try active2.uk.oacle.com. I would generate a keytab file from each server.
Ideally I would like to just modify the Kerberos setup to check active1.uk.oacle.com then active2.uk.oacle.com. Is this a workable approach? If yes how do I proceed? I believe the krb5.ini and opmn.xml need to be amended.
ThanksDoes anyone have any ideas on how to do this????
-
How to add a separate community of user (customer) in the same REALM?
I have an existing default REALM we have been using for internal users (i.e employees). Now I have a new community of users (i.e customers) but I want to use the same REALM and the same policy but be able to separate those two communities into two different containers.
current realm where employee accounts are: cn=users, dc=mycompany,dc=com
I want to be able to add customer accounts in the same realm but I need also those customers accounts to not be viewable when a user perform a search in the directory using the self service console.
How do i do that? I have been researching the documentation but I'm not looking for what I need.
Any help really appreciated.I guess that this was the main reason to have multiple realms.
When users are in the same realm your ACI covering the subtree (cn=users in this case) allow people to search in this realm.
You could of course add a special attribute to the orcluserv2 or create a new objectclass customer with this attribute. Then - when you create a new user in the realm this needs to ba added. However - this is far from trivial - and furthermore you need to ensure that all tools (eg oiddas) support this - which is even more difficult to accomplish.
In the past I have done this in the following way:
Created a subtree cn=regionalmanagers,dc=mycompany,dc=com
Within this tree I had entries that were composed with my own objectclass. This objectclass contained a group (uniquemembers) and I added the users (cn=John.Doe,cn=Users,dc=mycompany,dc=com) to this group. Then I checked from the application with dbms_ldap calls if a user was a regional manager.
cu
Andreas -
Multiple Database in J2ee Application
Dear sirs,
I have a J2ee application which is running in JBOSS Server. The Data tier is MySql.
Now the scenario is like this,
We are having two clients, and the clients have different sub users. The clients are using two seperate database for the same application. Now the application is working in two different servers assigned for each clients. Now we are planning to integrate it to a single application . I would like to know whether
1. Is it possible to specify the JNDI names for more than one database in the deployement descriptor?
2. if it is then, how can we instruct the container to lookup dynamically for the appropriate database based on the user logged in to the application .
I am planning to setup a new DB for the users information sothat the container can select the appropriate DB based on the user logged in...
Thankyou,
Sudheesh K S,Did you setup multiple realms correctly?
Steps to follow (depending on your version of OID):
- define second realm (OIDDAS)
- Reconfigure SSO (login.jsp)
- enable hosting (wwhost script)
- add second subscriber (addsub script)
- change searchbase (OIDDAS/ldif)
All documented in the Oracle® Internet Directory Administrator's Guide,
10g Release 2 (10.1.2) at
http://download-west.oracle.com/docs/cd/B14099_19/idmanage.1012/b14082/toc.htm
Pay attention to chapter 7 and appendix G -
Best/Recommended Practices regarding realms & psearches
Update: I've found documentation and materials stating that the performance issues related to having multiple realms and their associated psearches (persistent searches) has been fixed in OpenSSO. While this is reassuring in that my initial design should work, it doesn't necessarily mean it is the best method for deployment. If anyone has an opinion on this I would like still like to hear it.
Hi everyone,
First of all, thank you for any information you have provided/will provide to me. I am new to OpenSSO, so this forum has been a useful early stop for answers to questions.
In my scenario I have a small number of applications (less than 10). Each one has different requirements for HTTP Header variables/parameters, and there are no authorization requirements (fine or coarse). My question is regarding the initial realm configuration:
I have been planning to deploy a single sub-realm for each application. The idea was that it would allow for greater flexibility and customization for each application down the road. I have heard some interesting stories regarding multiple realms, persistent seaches and performance from Access Manager 7.1. In the documentation, I see that persistent searches are disabled by default in OpenSSO 8.0 and that there are a significant number of configuration options available.
-In OpenSSO 8.0, is one sub-realm for each application a recommended or even a good practice method?
--If not, can I still separate header variables by application, or will I need to deliver all the variables to each application and let them take what they want?
-Should I be aiming to configure persistent searches?
--If so, what sort of configuration would be a good baseline to start from?
Any assistance is greatly appreciated.
Edited by: AJS418 on Jun 16, 2009 1:04 PMsirinek,
I want to provide the ability for other systems, outside of my network domain (Linux and VMS servers), to deliver data files to my server for processing on a regular recurring basis. These file transfers will be unattended and executed via scheduling utilities on those remote systems.
While these remote systems are managed by a trusted sister organization, I want to provide this access in a way that minimizes risk to servers under my responsibility.
What tools and configurations are best suited for this? SFTP? SSH Authorized keys?
Should the account be configured in a manner that limits access?
Thanks for your help.
Maybe you are looking for
-
I'm planning on making my own Podcast channel for my world of warcraft videos, how to I get started? I'm using my MacBook, Mac OS X (10.6) for my video editing and using my HP Pavilion, Windows 7, g6t-2000 Notebook PC 64-bit for my video recording.
-
Set time out for single webservice in NWDS 2004s
hai, i created webservices for session bean.created webservices are consumed by webdynpro client. when the webdynpro client consuming it.if the response takes more than 60 sec the webservices are timed out so i want to set the time out for my webse
-
Is it possible to restore a norton ghost Windows7 image to a bootcamp partition ?
Trying to setup a dual boot environment on a new Mac Air with MacOS and Windows7 using Bootcamp. Rather than the normal way of installing Win7 from the vanilla install media, is it possible to restore a Norton Ghost image of a different (PC) laptop
-
Reinstalling Edge Animate trial version on another device
My old PC crashed after I installed a trial version of Edge Animate. I tried to reinstall on my laptop, but when I tried to access the download page, I get a blank screen.
-
Clearing Alerts when triggering value no longer applies
On my grid control there is a Critical Alert: Tablespace TBSPCE is 99 percent full. This was triggered in April, 2011. Since then I've done some re-ord and added space. When I try to manually clear it, it refuses Now the Grid Control has a "Last Coll