No matching authentication protocol- JDBC

Similar Messages

• ORA-28040: No matching authentication protocol in version 11.2.0.3

  Hi,
  I am working on database server 11.2.0.3 and the OS is linux 86 bit. i created an entry in sqlnet.ora file with
  SQLNET.ALLOWED_LOGON_VERSION = 10
  it is failing with ORA-28040: No matching authentication protocol error and i am not able to connect as sys till I comment the entry. How do i set this entry and where in the client side do I need to set this entry? Also, do I have to set it to SQLNET.ALLOWED_LOGON_VERSION = 11 instead? I am confused. Please help
  thanks a lot.

  Hello;
  Any chance you are using a JDBC driver?
  Try changing it to : ( Workaround )
  SQLNET.ALLOWED_LOGON_VERSION=8
  OR = 9
  This is an old bug if I remember correctly.
  Bug 8730787
  Best Regards
  mseberg
  Added to mine, but I'm unable to recreate the error. Using Oracle 11 client.
  Found this
  Action:     Administrator should set SQLNET_ALLOWED_LOGON_VERSION parameter
       on both client and servers to values that matches the minimum
       version supported in the system.
  Edited by: mseberg on Feb 16, 2012 12:34 PM
  Edited by: mseberg on Feb 16, 2012 12:36 PM

• No matching authentication protocol Oracle 12c

  Hi, we are working with ColdFusion 10 and Oracle 12c Database, but when we are trying to connect with the database across CF, we have the following message:
  java.sql.SQLException: [Macromedia][Oracle JDBC Driver][Oracle]ORA-28040: No matching authentication protocol
  Does anybody know how can we work with Oracle 12c? Is necessary an update to fix that?
  Thank you.

  Hi Stephen Johnson
  I appreciate too much your help, for this moment we will continue working
  in CF 10, and we will wait the new version of CF 11 to work with 12c.
  Thank you very much for your support, greetings from Mexico.
  Sincerely
  Javier Morales Rangel
  2014-03-24 10:46 GMT-06:00 Runrocket <[email protected]>:
      Re: No matching authentication protocol Oracle 12c  created by
  Runrocket <http://forums.adobe.com/people/Runrocket> in Database Access- View
  the full discussion <http://forums.adobe.com/message/6237571#6237571

• An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP).

  Hello everyone:
  I know this question have been asked in these forums quite a few times. I apologize if it is a repeat telecast but I was not able to find a suitable solution pertaining to my problem.
  I have a AP/SM setup that is configured to get EAP-PEAP authentication from Windows 2012 Server. I have setup everything and have verified that the EAP-PEAP authentication works fine on AP/SM by getting authentication from FreeRADIUS server. Now, when I try
  to get authentication from Windows Server, I am getting a reject. The Event log shows this generic message:
  Reason Code: 23
  Reason:
      An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
  There is nothing in the EAP logs that is obvious too:
  "USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1
  07/11/2014 00:05:57 4927",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
  "USIL01PMPTST01","IAS",07/11/2014,11:59:44,11,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1 07/11/2014 00:05:57 4927",30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
  "USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1
  07/11/2014 00:05:57 4928",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
  "USIL01PMPTST01","IAS",07/11/2014,11:59:44,11,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1 07/11/2014 00:05:57 4928",30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
  "USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,11,"PEAP_TEST",0,"311 1 10.120.133.1
  07/11/2014 00:05:57 4929",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
  "USIL01PMPTST01","IAS",07/11/2014,11:59:44,3,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,11,"PEAP_TEST",23,"311 1 10.120.133.1 07/11/2014 00:05:57 4929",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
  So, basically, the sequence is this:
  request , challenge, request , challenge, request, reject
  Any idea what might be happening?
  Thank you.

  Hi,
  Have you installed certificates on the NPS server properly? Have you selected the proper certificate in the properties of PEAP?
  Here is an article about the Certificate requirements of PEAP,
  Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS
  http://support.microsoft.com/kb/814394
  If your certificate matches the requirement, you may try to reinstall the certificate by export and import.
  To export a certificate, please follow the steps below,
  Open the Certificates snap-in for a user, computer, or service.
  In the console tree under the logical store that contains the certificate to export, click
  Certificates.
  In the details pane, click the certificate that you want to export.
  On the Action menu, point to
  All Tasks, and then click Export.
  In the Certificate Export Wizard, click No, do not export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)
  Provide the following information in the Certificate Export Wizard:
  Click the file format that you want to use to store the exported certificate: a DER-encoded file, a Base64-encoded file, or a PKCS #7 file.
  If you are exporting the certificate to a PKCS #7 file, you also have the option to include all certificates in the certification path.
  If required, in Password, type a password to encrypt the private key you are exporting. In
  Confirm password, type the same password again, and then click
  Next.
  In File name, type a file name and path for the PKCS #7 file that will store the exported certificate and private key. Click
  Next, and then click Finish.
  To import a certificate, please follow the steps below,
  Open the Certificates snap-in for a user, computer, or service.
  In the console tree, click the logical store where you want to import the certificate.
  On the Action menu, point to
  All Tasks, and then click Import to start the Certificate Import Wizard.
  Type the file name containing the certificate to be imported. (You can also click
  Browse and navigate to the file.)
  If it is a PKCS #12 file, do the following:
  Type the password used to encrypt the private key.
  (Optional) If you want to be able to use strong private key protection, select the
  Enable strong private key protection check box.
  (Optional) If you want to back up or transport your keys at a later time, select the
  Mark key as exportable check box.
  Do one of the following:
  If the certificate should be automatically placed in a certificate store based on the type of certificate, click
  Automatically select the certificate store based on the type of certificate.
  If you want to specify where the certificate is stored, select
  Place all certificates in the following store, click
  Browse, and choose the certificate store to use.
  If issue persists, you may try to re-issue the certificate.
  For detailed procedure, you may refer to the similar threads below,
  Having issues getting PEAP with EAP-MSCHAP v2 working on Windows 2008 R2
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/c66cf0a8-24dd-4ccd-b5bb-16bd28ad8d4c/having-issues-getting-peap-with-eapmschap-v2-working-on-windows-2008-r2?forum=winserverNAP
  Hope this helps.
  Steven Lee
  TechNet Community Support

• OS Authentication via JDBC

  Can someone provide a code example of How to Connect With Operating System Authentication Using JDBC/OCI?
  Thanks

  That's a very good question, I am also looking for some solution to resolve it.
  Please let me know if you get something.

• Fatal error: Client does not support authentication protocol requested by server; consider upgrading MySQL client

  Fatal error: Client does not support authentication protocol
  requested by server; consider upgrading MySQL client in
  /homepages/28/d74942468/htdocs/cosmic/sites/onlinemove/Connections/db.php
  on line 9
  This is the error that comes up on the server where the site
  sits. The database is working on my local machine with the local
  settings, but wont connect due to the above.
  I think im using MySQL client 3.23 How do i upgrade?
  I found this on MySQL site:
  http://dev.mysql.com/doc/refman/5.0/en/old-client.html
  I'm not sure how to edit the connection string to make it
  accept the vaules.

  The_FedEx_Guy wrote:
  > Fatal error: Client does not support authentication
  protocol requested by
  > server; consider upgrading MySQL client in
  >
  /homepages/28/d74942468/htdocs/cosmic/sites/onlinemove/Connections/db.php
  on
  > line 9
  > I think im using MySQL client 3.23 How do i upgrade?
  The MySQL client that the error refers to isn't the version
  of MySQL,
  but the MySQL library bundled with PHP. It sounds as though
  your hosting
  company has upgraded to MySQL 4.1 or higher, but is still
  using PHP 4.
  > I'm not sure how to edit the connection string to make
  it accept the vaules.
  You can't. It's the way that the user account passwords are
  stored in
  MySQL. You need to get the hosting company to upgrade to PHP
  5 or to
  reset the passwords in MySQL using the OLD_PASSWORD()
  function. This
  needs to be done by someone with top-level administrative
  privileges on
  the database.
  David Powers, Adobe Community Expert
  Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
  Author, "PHP Solutions" (friends of ED)
  http://foundationphp.com/

• A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)

  Hi,
  I posted this on Azure forim with no luck maybe here is a better choise.
  When trying to connect a windows 8\8.1 client with a vpn connection for azure virtual network we get the fallowing error.
  "A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)"\
  I'm fallowing this msdn article about point to site vpn on azure. according to it the certificat is good for both win 7 and win 8.
  http://msdn.microsoft.com/en-us/library/azure/dn133792.aspx
  this is the commanf to build the client certificat:
  makecert.exe -n "CN=ClientCertificateName" -pe -sky exchange -m 96 -ss My -in "RootCertificateName" -is my -a sha1
  When runing the installtion of the certificat on the client the defult crtificate store is "Automatic", It does not metter if I leave it on Automatic or choose any of the other options (personal, trusted issuers ...) I always get the same error.
  Thanks

  Hi,
  Apologize to say that I am not familar with Azure and lack of the environment to investigate the issue here.
  Besides, please take a look at the below threads to see if it could help:
  Point-to-Site on Windows 8 Client
  connection Error 798
  Best regards
  Michael Shao
  TechNet Community Support

• Configuring smb authentication protocol

  Greetings,
  I am trying to find info on how to change the authentication protocol that Mac OS X uses to connect to Samba shares.
  I want to access our Samba network over a wireless network and I don't want to transmit the LANMAN hash. Is it possible to change the hash from LANMAN to NTLM or do I have tunnel my SMB connections over ssh ?
  Thanks
  Paul
    Mac OS X (10.4.9)  

  The 'process has forked' error messages persist, and users can still connect without passwords. Interestingly, they seem to connect as the correct user, so it's as if the previous connection isn't being terminated properly, or Windows is saving the login information. Perhaps the 'process has forked' messages are indicating that there's some problem with actually getting rid of processes?
  If I shut down the SMB service, disconnect all clients, then restart the service and connect a client, this happens:
  \[2008/03/19 17:05:51, 0\] /SourceCache/samba/samba-187/samba/source/smbd/server.c:main(890)
  smbd version 3.0.25b-apple started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
  The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
  Break on _THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___Y OU_MUST_EXEC_() to debug.
  I don't know if this is relevant, but I saw another post that said that I had to make my SMB server the PDC, and I get a number of messages like this in the SMB Name Service Log:
  Samba name server SERVERNAME is now a local master browser for workgroup WORKGROUPNAME on subnet xxx.xxx.xxx.xx
  Thanks for any help,
  Greg
  Message was edited by: Greg Westin to add a few more details about error messages

• Re: ORA-28041: Authentication protocol internal error

  Hi,
  I am getting similar error,
  can anyone help on it
  RMAN-00571: ===========================================================
  RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
  RMAN-00571: ===========================================================
  RMAN-04004: error from recovery catalog database: ORA-28041: Authentication protocol internal error
  Thanks in advance.

  abdo.89 wrote:
  Hi,
  I am getting similar error,
  can anyone help on it
  RMAN-00571: ===========================================================
  RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
  RMAN-00571: ===========================================================
  RMAN-04004: error from recovery catalog database: ORA-28041: Authentication protocol internal error
  Thanks in advance.
  And what did your research on ORA-28041 turn up?
  Let me google that for you

• A certificate could not be found that can be used with this extensible authentication protocol in PEAP policy config

  Windows 2003 enterprise
  AD DC, DNS, DHCP, CA and IAS all are running from single server. But at the time of configuration of Remote Access Policy the error message of "a certificate could not be found that can be used with this extensible authentication protocol" is appeared.
  So with the help of mmc snap in the certificate was requested from CA (Domain Controller template)as a new certificate request and placed in the local computer personal folder. 
  After placing the certificate the error message was disappeared during configuring PEAP. 
  But after sometime the certificate was disappeared from remote access policy. But the same imported certificate was present in personal folder.
  What is reason for frequent disappearing?
  How to manage the situation?

  Hi,
  I think the cause is that the DomainControllerAuthentication certificate has superseded the
  DomainController certificate which is chosen during the setup of IAS.
  To avoid this, if you’re going to install IAS on a Domain Controller, the DC should be made to enroll for a separate certificate from the template
  'RAS and IAS Servers' before the IAS server is installed and this certificate should then be chosen for any PEAP setup.
  Further details:
  Enrolling Certificates with Templates
  http://technet.microsoft.com/en-us/library/dd197527(v=WS.10).aspx
  Configure the server certificate template
  http://technet.microsoft.com/en-us/library/cc755043(v=WS.10).aspx
  Steven Lee
  TechNet Community Support

• The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server

  wireless authentication not working 
  I found the following in the radius
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          1/15/2014 2:07:57 AM
  Event ID:      6273
  Task Category: Network Policy Server
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:     NAP01.test.local
  Description:
  Network Policy Server denied access to a user.
  Contact the Network Policy Server administrator for more information.
  User:
   Security ID:   doamin \user.a
   Account Name:   user.a
  Client Machine:
   Security ID:   NULL SID
   Account Name:   -
   Fully Qualified Account Name: -
   OS-Version:   -
   Called Station Identifier:  00-0F-7D-C4-45-20:staff
   Calling Station Identifier:  0C-74-C2-EF-Dd-0B
  NAS:
   NAS IPv4 Address:  192.168.9.10
   NAS IPv6 Address:  -
   NAS Identifier:   -
   NAS Port-Type:   Wireless - IEEE 802.11
   NAS Port:   497
  RADIUS Client:
   Client Friendly Name:  wcont1
   Client IP Address:   192.168.9.10
  Authentication Details:
   Connection Request Policy Name: Wireless
   Network Policy Name:  wism
   Authentication Provider:  Windows
   Authentication Server:  NAP01.test.local
   Authentication Type:  EAP
   EAP Type:   -
   Account Session Identifier:  -
   Logging Results:   Accounting information was written to the local log file.
   Reason Code:   22
   Reason:    The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
  Please help

  Hi,
  Anything updates?
  In addition, this issue may also because your client didn't have CA certificate of your domain. Please make sure that your client has CA certificate.
  Besides, the error "The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server" may be due to that the default maximum transmission unit that NPS uses for EAP payloads is 1500
  bytes. You can lower the maximum size that NPS uses for EAP payloads by adjusting the Framed-MTU attribute in a network policy to a value no greater than 1344:
  Configure the EAP Payload Size
  Best regards,
  Susie

• WLS 10.3.4: How to use OS authentication for JDBC Data Source

  Hello all,
  As a preface, I've tried searching the forum/Google for "OS authentication" and reading the WLS JDBC doc to no avail - if it's documented somewhere, a RTFM link would be much appreciated.
  I'm trying to set up a JDBC data source on WLS that leverages the OS Authentication capability of the Oracle database. If it would help, I can go into the reasoning behind why I want to do this, but basically, it's to simplify the config/deployment of a COTS application. What I have in the database is an "identified externally" user that corresponds to the OS user that is running the WebLogic Server. Normally, in tools such as SQL*Plus, I would use "/@db" as the username/password (in other words, no username and no password specified), and I would be logged in as the "idenfitied externally" user. I want to configure the same thing for a WebLogic Data Source, but if I leave the username/password blank, testing the connection in the WLS console gives me "invalid username/password, login denied" I've also tried using "/" as the username, as was documented in a quite old WLS faq, but that gives me the same result.
  Is there some magic switch I need to flip?
  Thanks,
  John

  Hi John, there's no way to do that with connection pools, which is how WLS datasources get their
  connections, or middleware in general. WebLogic would have no way of knowing which if any of the
  pooled connections was appropriate for the current 'user', which is not the application user, but
  instead is the OS identity of the person who started the WebLogic server! If you start up your
  WebLogic server, and people start pointing their browsers to it, doing various stuff, the OS knows
  you started WebLogic, and maybe with the help of OCI, Oracle's JDBC might know it was you who
  started WebLogic's OS process, but what does the OS know about any user that may be running
  a browser or application elsewhere (even if on this same machine), when that browser or application
  connects to your WebLogic server process?
  HTH,
  Joe

• OS Authentication using JDBC Thin driver

  Hi
  I have a problem while connecting to Oracle database using JDBC Thin Driver, Basically I am trying to connect using OS Authentication. The following explains clearly what I am trying to do.
  String connectionURL = "jdbc:oracle:thin:@localhost:1521:XYZ";
  String userName = "/";
  String password = "";
  java.util.Properties info = new java.util.Properties();
  info.setProperty("user",userName);
  info.setProperty("password",password);
  conn = DriverManager.getConnection(connectionURL,info);
  When executing the code I am getting an exception as follows.
  java.sql.SQLException: Null user or password not supported in THIN driver
  When i searched in the Oracle site i got the below information
  Note:
  By default, the JDBC driver retrieves the OS username from the user.name system property, which is set by the JVM. If the JDBC driver is unable to retrieve this system property or if you want to override the value of this system property, then you can use the OracleConnection.CONNECTION_PROPERTY_THIN_VSESSION_OSUSER connection property. For more information, see Oracle Javadoc.
  I want to know how to set the OracleConnection.CONNECTION_PROPERTY_THIN_VSESSION_OSUSER connection property.
  Advance Thanks

  Based on your code, when you try to connect your username is null and the password is "/". You are not going to be able to get the OS password using Java.

• Proxy Authentication with JDBC Datasource instead of JDBC URL?

  Hello,
  A requirement for my current project (ADF 10g) is that a user should be able to log in with his regular database account. For the moment, this is implemented using Proxy Authentication, as described in the following article:
  http://blogs.oracle.com/jheadstart/2008/01/using_proxy_authentication.html
  For now, we are using a JDBC URL defined in the application module config for the BC. In short: a ProxyAuthConnectionPoolManager class was created that overrides the default ConnectionPoolManagerImpl. The getConnection method has been overridden to create a standard connection (with the username/pw defined on the AM), and additionally, create a proxy connection within this connection with the specific user credentials. The (simplified) code:
      public Connection getConnection(String key, String url, Properties props, String username, String pwd) {
          // first fetch a default connection from the pool through the superclass
          Connection connection = super.getConnection(key, url, props, username, pwd);
          // cast into an OracleConnection
          OracleConnection oraConnection = (OracleConnection) connection;
              // close any proxy sessions that would still exist on the connection
              if (oraConnection.isProxySession()) oraConnection.close(OracleConnection.PROXY_SESSION);
              // get a handle on the session scope
              Map sessionScope = ADFContext.getCurrent().getSessionScope();
              if (sessionScope != null) {
                  // find the user object in the session (the account the user logs in with)
                  ProxyAuthUser user = (ProxyAuthUser) sessionScope.get(ProxyAuthUser.JHS_USER_KEY);
                  if (user != null) {
                      // create a property map with the end user credentials
                      Properties proxyProps = new Properties();
                      proxyProps.put(OracleConnection.PROXY_USER_NAME, user.getDbUsername() + "/" + user.getDbPassword());
                      proxyProps.put(OracleConnection.PROXY_USER_PASSWORD, user.getDbPassword());
                      // open the proxy session
                      oraConnection.openProxySession(OracleConnection.PROXYTYPE_USER_NAME, proxyProps);
              return oraConnection; 
      }Now, this works perfectly when using a JDBC URL. But when I switch the JDBC Datasource the ProxyAuthConnectionPoolManager class is not called anymore. This is all done in code in the Application Server. While using a JDBC Datasource is actually necessary: otherwise for each environment (dev, test, production,...) a different WAR file is needed.
  What class can I override with code similar to the piece above, to open a proxy connection inside the existing connection, when using a JDBC Datasource?
  Your help would be greatly appreciated!
  Chris

  Hello Krasimir,
  Frank Nimphius gave me the solution to this problem. The prepareSession is indeed the best place to put the code:
     private OracleConnection oconn = null;
     public void prepareSession(SessionData SessionData) {
        super.prepareSession(SessionData);
        oconn = ((PrxyTransactionImpl)this.getDBTransaction()).getPrxyConnection();
        // Specify the user that connects through the proxy user and its roles
        Properties prop = new Properties();
        prop.put(OracleConnection.PROXY_USER_NAME,"hr");
        prop.put(OracleConnection.PROXY_USER_PASSWORD,"hr");
        //prop.put(OracleConnection.PROXY_ROLES, roles);
        // Open the proxy session (DB-authenticated users)
        try {
           oconn.openProxySession(OracleConnection.PROXYTYPE_USER_NAME, prop);
        catch (SQLException e) {
           // Close the connection, to avoid connection to remain open after exception
           oconn.abort();
           e.printStackTrace();
     }But Frank also created the following helper classes to extend the ADF BC behavior:
     package oracle.sample.dbprxy.adfbc;
     import oracle.jbo.server.DBTransactionImpl2;
     import oracle.jbo.server.DatabaseTransactionFactory;
      * TransactionFactory that returns PrxTransactionImpl, which is a subclass of
      * DBTransactionImpl2
      * @author Frank Nimphius
     public class PrxyDatabaseTransactionFactory extends DatabaseTransactionFactory {
        public PrxyDatabaseTransactionFactory() {
           super();
         * Override the create method to return an instance of PrxyTransactionImpl instead
         * of DBTransactionImpl2
         * @return PrxyTransactionImpl
        public DBTransactionImpl2 create() {
           return new PrxyTransactionImpl();
     package oracle.sample.dbprxy.adfbc;
     import oracle.jbo.server.DBTransactionImpl2;
     import oracle.jdbc.internal.OracleConnection;
     public class PrxyTransactionImpl extends DBTransactionImpl2 {
        public PrxyTransactionImpl() {
           super();
         * The DBTransactionImpl2 does not expose the connection in a public
         * method. This class is a wrapper to expose the connection to the
         * BC app, so it can be accessed in the ApplicationModuleImpl class
         * @return OracleConnection - SQL Connection
        public OracleConnection getPrxyConnection() {
           return (OracleConnection) this.getJdbcConnection();
     }In the configuration of your Application Module, you have to set the property "TransactionFactory" (normally the last one in the list) to oracle.sample.dbprxy.adfbc.PrxyDatabaseTransactionFactory. This way, the DBTransaction() of your AM will have a getPrxyConnection() method and you will have the connection at your disposal. You won't need the createPreparedStatement in your code anymore.
  To close the connection, this is the code behind my "logout button" on the backing bean. Application Module Pooling and Connection Pooling will take care of the rest for you!
     ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
     HttpSession session = (HttpSession)ectx.getSession(false);
     session.invalidate();Another thing: be sure to set the internalconnection property to a different JDBC Datasource (or file based) than the one you are using to connect to the database (the default value). Otherwise connection pooling will be confused and there will be too much pending database connections.
  This works for me, all sessions are closed in time and logging out seems secure. I do not have my complete, adjusted code here at my disposal, but next week, when I'm back at work, I'll have a look to see if there is anything I forgot to mention. So this should get you started, but I'll keep you posted!
  A huge thank you to Frank again for helping me (/us) out with this problem!! And sorry I forgot to post the answer here sooner. I was too busy with testing it. :-)
  Regards,
  Chris

• Reason Code:23 Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol EAP

  I get the above described error when trying to connect to NPS 2012 with a Windows XP machine
  I successfully connecting to that server with an Android phone.
  I started examining the problem and saw the following:
  1. The android phone uses some cipher suites that are not supported in Windows XP and the one that theserver selects in  the Server Hello message is Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xc014
  2. With the WINXP the selected cipher suite is Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 and it fails with the above error.
  3. Next step I did was to restrict the NPS to use only the Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 and not to my surprise the Android phone could not connect and I was getting the same error as with the WINXP.
  Any solution to this prpoblem?

  Hi and thanks for replying
  I do not believe there is a problem with the certificate as it uses the same certificate in both authentication processes - the failed one using the TLS_RSA_WITH_AES_256_CBC_SHA
  cipher suit and the successfull one using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  cipher suit - so I believe the reason lies elsewhere.
  Please check it and try to produce a solution for it.
  Thanks