OAM - Authorization based on the authentication method

Similar Messages

• None of the authentication methods supported by this client are supported by your server.

  Dear Exchange Admin
  We have implemented exchange server .
  MAPI profile configuration in outlook is working fine.but when we try to configure POP3 in outlook ,without SMTP authentication it is fine.
  But when we enable SMTP authentication ,it is getting the following error
  "None of the authentication methods supported by this client are supported by your server.
  Kindly help
  Ashraf

  This worked for me today, as I had the same issue.
  I had to set encryption to TLS to get it to work, and the server names as yahoo.co.uk...
  In Outlook 2013, click File | Add Account.
  Select Manual setup or additional server types.
  Click Next.
  Select POP.
  Click Next.
  On the “Account Settings” page, enter your account settings:
  Your Name: The name you want to show when you send email.
  Email address: Your full Yahoo email address.
  Account Type: POP3
  Incoming Mail Server: pop.mail.yahoo.com
  Outgoing Mail Server: smtp.mail.yahoo.com
  User Name: Your Yahoo ID.
  Password: Your Yahoo account password.
  Leave the “Require logon using Secure Password Authentication” option unchecked.
  Click More Settings.
  Click the Outgoing Server tab.
  Select the My outgoing server (SMTP) requires authentication box.
  Click Use same settings as my incoming mail server.
  Click the Advanced tab. Enter advanced information:
  Incoming server (POP3) port: 995
  Select This server requires an encrypted connection (SSL).
  Outgoing server (SMTP) port: 465, 587, or 25
  Set the encryption type to SSL or TLS
  Set your desired server timeout and delivery options.
  - We recommend leaving a copy of messages on the server.
  Click OK.
  Restart Outlook.
  Click Send/Receive All Folders.
  You can now retrieve emails from your Yahoo Mail account in Outlook 2013.

• Purchasing Group authorization based on the user

  Hi All,
  Can anyone suggest me ideas on how to restrict in accessing details of a PO for a  purchasing group based on the user who tries to access it .
  the object is M-BEST_EKG.
  need guidance in using AUTHORITY_CHECK in restriciting PO group based on the userid.
  Thanks in advance.
  Regards,
  Ry

  Hi,
  ACTIVITY controls what user can do to the PO.
  01-Create
  02-Change
  03-Display
  EKGRP controls the purchasing group
  To restrict to a specific purchasing group, modify the authorization object in the role which user has to allow the specfic P.Grp. only
  Cheers !

• TS3023 Authentication failed because Outlook doesn't support any of the authentication methods.

  I cannot receive emails, although Outlook is working with the same setting sforever properly.... I am desperate.

  I got the following from the microsoft Web site. Also, the SMPT port must be overwriten. Use port 587
  This article contains information about the compatibility of Microsoft Outlook for Mac 2011 and Apple iCloud. Outlook for Mac 2011 does not support Apple iCloud calendar (CalDAV) and contact (CardDAV) synchronization.  Outlook for Mac 2011 does support iCloud Mail. For steps on how to configure your iCloud email account in Outlook for Mac 2011, go to the "More Information" section of this article. 
  To configure your Apple iCloud email account in Microsoft Outlook for Mac 2011, follow these steps:
  Start Outlook 2011.
  On the Tools menu, click Accounts.
  Click the plus sign in the lower-left corner, and then select E-mail.
  Enter your E-mail Address and Password, and then click Add Account.
  Note: The new account will appear in the left navigation pane of the Accounts dialog box.
  Enter one of the following in the Incoming server box:
  mail.me.com (for me.com mail addresses)
  mail.mac.com (for mac.com mail addresses)
  Click to select Use SSL to connect (recommended) under the Incoming server box.
  Enter one of the following in the Outgoing server box:
  smtp.me.com (for me.com mail addresses)
  smtp.mac.com (for mac.com mail addresses)
  Click to select Use SSL to connect (recommended) under the Outgoing server box.
  After you have entered the incoming and outgoing server information, Outlook 2011 will start to receive your email messages. 
  Note: You can click Advanced to enter additional settings, such as leaving a copy of each message on the server. 

• Order for resources in OAM authorization policy

  Hi All
  Does the order for the resources in OAM authorization policy matters or can I put the resources in any order ?
  Thanks

  OAM performs resource Authentication and Authorization based on the URLs. It doesn't matter on what order you try to put them.
  ~Yagnesh

• Credit management Authorization Based on Value.

  Hi All,
  Can help me out to find whether we can implement Credit management based on different level of Values or not.As i know we can do authorization based on % like 100%, 110% etc.
  But i want to activate release authorization based on the Amount like
  level 1              Rs 1 lakh( Can release upto 1 lakh) when it reaches to above of 1 lakh
  level2               Rs  2 lakh ( it will release upto 2 lakh)
  like wise.As what i understand whatever the standard roles are given relevant to % basis only.

  hello, friend.
  yes, you can do this in a few ways...
  1.  try 'Document Class' - a document class is assigned a certain value, which is assigned to a user (the link to credit management is indirect)
  2.  the traditional way is to use 'Risk Category', and you can set specific values (e.g. maximum document values) when doing OVA8. 
  i seem to recall there may also be a way to assign values to risk category, but i will check on this.
  regards.

• Implementing authorization based on database roles

  Hi,
  I am trying to implement authorization in my sample jdeveloper application.
  I have the list of users stored in LDAP and my database table contains the roles for those users.
  Now how can I get the roles from the database table and implement authorization based on the roles?
  I am using jdev 11 and weblogic 10.3
  Thanks

  Hi,
  Checkout [this post|http://forums.oracle.com/forums/thread.jspa?threadID=928304]
  Sireesha

• Cisco ACS v4.1 - User Export incl. Authentication Method

  Hi,
  I wish to export a list of all our users, to include their group and more importantly, their password authentication method. We have a combination users that authenticate using both ACS internal database and also external RSA Secure ID database. Basically I need to identify all users who are NOT authenticating against Secure ID.
  I ran CSUtil.exe -u   , however this only gives me the user & group, doesn't list the authentication method per user.
  Thanks,
  Brian

  Brian,
  Unfortunately, CSUtil.exe will only list the users & group they are a member of. So the simple answer is no.
  If the goal is to set everyone to use token authentication, you could get export a list of all users with CSUtil.exe, then use the client import option to update database used for authentication of all users. Here is the url for documentation on this and other CSUtil.exe options.
  =====================
  Via Csutil
  Created a file in text format
  ONLINE
  UPDATE::EXT_SDI
  ADD::EXT_SDI:PROFILE:
  DELETE:
  csutil -i
  =====================
  If you feel adventerous, you could explore the contents of the dump.txt. by running csutil -d
  This file does contain the information you are looking for. However, there is no documentation or support available for reading or decrypt it.,
  Regards,
  Jatin
  Do rate helpful posts-

• HELP: Microsoft Outlook 2007: No authentication methods supported by...

  I'm trying to get my MS Outlook 2007 to work and keep coming up with errors. When I test my Account Settings the first message I get is:
                           Log onto incoming mail server (POP3): Outlook cannot connect to your incoming (POP3) email sever.
  The second message I get is:
                                            None of
  the authentication methods supported by this client are supported by your server.
  All of which makes no sense to me. I also have this Outbox of mail I want to send but can't do that, but can delete it. Trying to send it I get:
  Sending reported error (0x800CCC78): cannot send message. Verify the email address in your account properties. The sever responded: 530 5.7.1 Authentication required. 
  Of course that probably has to do with my first problem. I NEED HELP!

  Navigate to the Office for Mac Product Forums and ask the question there.

• Reset Authentication method to Exchange 2013 EAC and now I can't get in.

  In trying to work through a list of issues related to Exchange upgrade I inadvertently have locked myself out of the EAC by changing the authentication method.  Is there any way to change it back?

  Hi,
  According to my experience, the ECP login failure issue has many reasons. Thus, to narrow down the cause, we can try to confirm the following information and try the following troubleshooting:
  1. Check the detail information about OWA and ECP virtual directory:
  Get-owavirtualdirectory |fl
  Get-ecpvirtualdirectory |fl
  2. Clear or restart the MSExchangeOWAAppPool
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Angela Shi
  TechNet Community Support

• How to reset endeca authentication method?

  Hi there, I'm using endeca 3.1 on Windows and my endeca Portal just had the admin user ([email protected]) created.
  I've incorrectly changed the authentication method to ID instead of the email (which was the default) and now when I try to login with admin, it gives a message that the user is invalid...
  Is there any way to reset the authentication method back to the default?
  Thanks
  Ygor

  For the default user, "admin" is the user's screen name, not the user ID. That's why you couldn't log in using "admin".
  The user ID is a number.
  I don't know the exact structure of the Studio database, but would it be possible for you to get the user ID for the admin user out of the user table so that you can log in and change the setting back?
  Unless you are logged in to Studio, I don't know how you can could change the setting.

• SCOM 2012 Unix/linux agents authentication method

  Hi everybody
  We have an environment including SCOM 2012 SP1, 10 windows server, 40 linux servers and 10 HP-UX servers. all of them are joined a trusted domain. I know the authentication method between windows agents and management server is kerberos. but about linux
  and HP-UX servers? I have read :
  "UNIX and Linux agent monitoring in Operations Manager requires certificates to secure the SSL communication channel between the Management Servers and agents. The
  Operations Manager UNIX/Linux agent is a very lightweight agent implementation, comprising a CIM Object Manager (OpenPegasus) and CIM Providers.  There are two
  protocols involved in the communication between the Management Server and the UNIX/Linux agent:  ssh and WS-Management."
  Now I want to secure the Unix/Linux agents authentication and communication to RMS. some questions:
  1- how much secure and credible is current authentication method? and in a high secure environment can I trust SCOM self signed Certificates?
  2- Considering this point that Unix/linux computers are joined to active directory domain and are using Kerberos to authenticate, can I use this authentication method between RMS and linux Agents? 
  3- if I make a decision to use certificates should I use gateway server? (considering all servers and RMS are in same trusted domain)
  any other suggestion?
  Thanks in advance

  Hi Ghasem,
  Some helpful links for your questions:
  http://technet.microsoft.com/en-us/library/hh487288.aspx
  http://blogs.technet.com/b/kevinholman/archive/2012/03/18/deploying-unix-linux-agents-using-opsmgr-2012.aspx
  Natalya

• Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

  I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
  When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
  to use to log in   and after 3-5 second
   and return me the logon page with error message “Authentication failed” 
  I base my setup on the technet article
  http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
  I validated than all my certificate are valid and able to retrieve the crl
  I got in eventlog id 300
  The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
  Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
  Additional Data
  Exception details:
  Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
  ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
  correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  --- End of inner exception stack trace ---
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
  serializationContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
  trustNamespace, AsyncCallback callback, Object state)
  System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
  failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  thx
  Stef71

  This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
  on my case was :
  PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ad0001.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
  Certificate                 : [Subject]
                                  CN=domain.AD0001CA, DC=domain, DC=com
                                [Issuer]
                                  CN=domain.AD0001CA, DC=portal, DC=com
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  22/07/2014 11:32:05
                                [Not After]
                                  22/07/2024 11:42:00
                                [Thumbprint]
                                  blablabla
  Name                        : domain.ad0001
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : domain.ad0001
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17164
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ADFS_Signing.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
  Certificate                 : [Subject]
                                  CN=ADFS Signing - adfs.domain
                                [Issuer]
                                  CN=ADFS Signing - adfs.domain
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  23/07/2014 07:14:03
                                [Not After]
                                  23/07/2015 07:14:03
                                [Thumbprint]
                                  blablabla
  Name                        : Token Signing Cert
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : Token Signing Cert
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17184
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.PORTAL>

• How can i send user defined Object as a argument to the MBean methods in authentication provider to create user?

  I developed our own Authentication, Identity Assertion & Authorization providers
  for weblogic 8.1 SP1. In the authenticator MBean i have one method which takes
  user defined object as a argument and returns a user defined object. i am able
  to call all the methods which takes java objects(for example: String, int, ArrayList,
  HashMap, Etc...) as a argument and returns also a java object but when i user
  any user defined object then it gives exception. if in the argument i used user
  defined object then it is not able to call that method telling NoSuchMethodException.
  Is there any way to use user defined object as an argument to MBean method?
  can anyone please help us as we r in the final stage of the project?
  Thanks
  Lakshmi

  "Lakshmi Padhy" <[email protected]> wrote in message
  news:3fc2f50c$[email protected]..
  >
  I developed our own Authentication, Identity Assertion & Authorizationproviders
  for weblogic 8.1 SP1. In the authenticator MBean i have one method whichtakes
  user defined object as a argument and returns a user defined object. i amable
  to call all the methods which takes java objects(for example: String, int,ArrayList,
  HashMap, Etc...) as a argument and returns also a java object but when iuser
  any user defined object then it gives exception. if in the argument i useduser
  defined object then it is not able to call that method tellingNoSuchMethodException.
  >
  Is there any way to use user defined object as an argument to MBeanmethod?
  >
  I seem to remember that jmx only supports scalar datatypes. Ask in the
  weblogic.developer.interest.management newsgroup.

• Which is the best authentication method?

  Okay; I'm asking this question a little late as I've already done my implementation and made my choices.
  Still; It seemed to me the most secure form of authentication for my small ~100 user wireless network was EAP-TLS. My requirements needed me to simply authenticate the machine to the network so a simple certificate based authentication using the same for the encryption seemed the best route. Also the others seemed to have less actual security in them from what I read.
  What other options are there that might be simple and rely on a user/pass combination rather than the certificate and are they truely better?
  My boss really liked the certificate method as it gave us what he felt was hard controls.
  Of course the cert management is a bit of a pain...

  Eap-TlS is also good
  Try this link
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a008009256b.shtml