OAM Post Authentication plugin

Hi All,
Can anybody please suggest me how to develop and configure Post Authentication plugin.
Thanks

Hi Sagar,
Thanks For the Reply.
Once the user accesses the protected resource then I have to store that UserID in some DataBase.
And one more thing, Can we write plugin's in Java. As i know we can write in c but not sure about the java compatability.
Thanks

Similar Messages

  • Unable to login using OAM Custom Authentication Plugin

    Hi,
    I have a problem with OAM Custom Authentication Plugin, My Plugin is Activate successfully. When try to login from Access Manager SSO login page, it is unable to login. I am getting followiing message in the log file.
    I am return ExecutionStatus.SUCCESS from my Java code and I have only one step where I have attached Plugin and my Steps Orchestration is
    On Success -> Success
    On Failure -> Failure
    On Error -> Failure
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller: processing Event:process_creds.
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller:  Event processing finished :process_creds with status fail.
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller: processing Event:is_resource_protected.
    Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthzEngineController processEvent
    INFO: Processing Event is_resource_protected
    Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthzEngineController processEvent
    INFO: Is Resource Protected status : success
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller:  Event processing finished :is_resource_protected with status success.
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller: processing Event:check_valid_session.
    Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.sso.SSOEngineController processEvent
    INFO: Processing Event check_valid_session
    Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.sso.SSOEngineController processEvent
    INFO: Processing Event check_valid_session
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller:  Event processing finished :check_valid_session with status fail.
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller: processing Event:process_creds.
    Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleProcessCredentials
    INFO: Successfully validated the submitted credentials.
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller:  Event processing finished :process_creds with status success.
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller: processing Event:validate_creds.
    Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthnEngineController processEvent
    INFO: Processing Event validate_creds
    Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.authn processEvent
    INFO: Policy ID : DB User Authentication Scheme
    Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
    INFO: Authentication Scheme Id: DB User Authentication Scheme.
    Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
    INFO: Runtime Authentication Scheme: Scheme name: = DB User Authentication Scheme
    Scheme Challenge URL: = http://idmlab.tigerit.com:14100/oam/server/
    Scheme Challenge Mec: = FORM
    Scheme Challenge Par: = {contextType=default, username=string, contextValue=OAM, password=sercure_string, challenge_url=/pages/login.jsp}
    Authentication Module Name: = DB Authentication module
    Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor execute
    INFO: Authentication Module Factory Class: DB Authentication module.
    Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
    INFO: DiagnosticUtil: enetered getDynamicPath
    Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
    INFO: Registering collector at runtime.
    Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
    INFO: Collector already exists, reusing existing.
    Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
    INFO: DiagnosticUtil: enetered getDynamicPath
    Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
    INFO: Registering collector at runtime.
    Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
    INFO: Collector: ["PluginPhaseEvent.oracle.security.am.plugin.diagnostic.PluginPhaseEvent@6d6a08fb":" Collector    : OAMS/OAM/Plugin/AUTHN/Plugin_SamplePlugin/PluginLocate
      Type     : PHASE_EVENT
      Metrics  : 511
      LogLevel : OFF
      EnableRate : false  EnablePersistence : false"], registered at runtime.
    Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
    INFO: Registering collector at runtime.
    Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
    INFO: Collector already exists, reusing existing.
    User Name: test and Password : test
    Authentication Successfull return ExecutionStatus.SUCCESS
    Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
    INFO: Result of Authentication Scheme Execution: false.
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller:  Event processing finished :validate_creds with status fail.
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller: processing Event:check_authn_retry.
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller:  Event processing finished :check_authn_retry with status success.
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller: processing Event:cred_collect.
    Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
    INFO: Processing Event cred_collect
    Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
    INFO: Credential collection process success.
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller:  Event processing finished :cred_collect with status success.
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller: processing Event:PBL_return.
    Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller:  Event processing finished :PBL_return with status success.
    Can anyone help me regarding this issue.
    Thanks
    Tamim Khan

    Hi,
    Little update about authentication plugin, please see the log file below, Result of Authentication Scheme Execution:true, now but, still the cookie is LOGGEDOUTCONTINUE and still I am unable to login.  
    Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
    INFO: Cache data sync:InProcess for request -414941018507193158;
    Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
    INFO: Cache data sync:Success for request -414941018507193158;
    Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller: processing Event:process_creds.
    Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleProcessCredentials
    INFO: Successfully validated the submitted credentials.
    Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller:  Event processing finished :process_creds with status success.
    Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller: processing Event:validate_creds.
    Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.AuthnEngineController processEvent
    INFO: Processing Event validate_creds
    Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.authn processEvent
    INFO: Policy ID : DB Authentication Scheme
    Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
    INFO: Authentication Scheme Id: DB Authentication Scheme.
    Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
    INFO: Runtime Authentication Scheme: Scheme name: = DB Authentication Scheme
    Scheme Challenge URL: = http://idmlab.tigerit.com:14100/oam/server/
    Scheme Challenge Mec: = FORM
    Scheme Challenge Par: = {contextType=external, username=string, contextValue=/oam, password=sercure_string, challenge_url=http://192.168.1.220:14100/ssologin/ssologin.jsp}
    Authentication Module Name: = DB Authentication Module
    Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor execute
    INFO: Authentication Module Factory Class: DB Authentication Module.
    Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
    INFO: DiagnosticUtil: enetered getDynamicPath
    Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
    INFO: Registering collector at runtime.
    Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
    INFO: Collector already exists, reusing existing.
    Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
    INFO: DiagnosticUtil: enetered getDynamicPath
    Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
    INFO: Registering collector at runtime.
    Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
    INFO: Collector already exists, reusing existing.
    User Name: test and Password : test
    Set 1st  Responce
    Set 2nd  Responce
    Set 3rd  Responce
    Setting cookie
    Authentication Successfull return ExecutionStatus.SUCCESS
    Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
    INFO: DiagnosticUtil: enetered getDynamicPath
    Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
    INFO: Registering collector at runtime.
    Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
    INFO: Collector already exists, reusing existing.
    Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
    INFO: Result of Authentication Scheme Execution: true.
    Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller:  Event processing finished :validate_creds with status fail.
    Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller: processing Event:check_authn_retry.
    Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller:  Event processing finished :check_authn_retry with status success.
    Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller: processing Event:cred_collect.
    Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
    INFO: Processing Event cred_collect
    Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
    INFO: Credential collection process success.
    Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller:  Event processing finished :cred_collect with status success.
    Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller: processing Event:PBL_return.
    Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
    INFO: Master Controller:  Event processing finished :PBL_return with status success.
    Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
    INFO: Cache data sync:InProcess for request -414941018507193158;
    Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
    INFO: Cache data sync:Success for request -414941018507193158;
    Can anyone help me please.
    Thanks
    Tamim Khan

  • How are OAM custom authentication plugins used for concurrent requests

    Custom authentication plug-ins are loaded by Access Server.
    I want to understand how they are used or how they work when multiple concurrent request start pouring in.
    Thanks.

    The access server is a multi-threaded application. The "Fn" function of the plugin is executed in each of the thread of the access server.

  • Error in custom OAM authentication plugin

    Hi All
    I am trying to build a custom OAM authentication plugin using JDeveloper. Here are the version information:
    OAM - 11.1.1.5 BP04
    WLS - 10.3.5
    Issue:
    I get the following error in the OAM logs when I try to activate the plugin.
    [2012-11-14T09:39:17.996-08:00] [oam_server1] [WARNING] [] [oracle.oam.extensibility.lifecycle] [tid: DistributedCache:DistributionCache:EventDispatcher] [userId: <anonymous>] [ecid: 0000Jfzyiy6EgKI5qrH7iY1GcxMc000002,0] [APP: oam_server] Activation failed due to felix bundle exception while installing and starting the bundle.Unresolved constraint in bundle oamCustomAuthPlugin [2]: Unable to resolve 2.0: missing requirement [2.0] package; (package=oracle.security.am.plugin.ExecutionStatus)[[
    org.osgi.framework.BundleException: Unresolved constraint in bundle oamCustomAuthPlugin [2]: Unable to resolve 2.0: missing requirement [2.0] package; (package=oracle.security.am.plugin.ExecutionStatus)
    at org.apache.felix.framework.Felix.resolveBundle(Felix.java:3404)
    The names of jar file, class file, plugin xml file etc are all same. My plugin code is very generic and I have the following values in the plugin's manifest and xml file
    Plugin xml file [oamCustomAuthPlugin.xml]:
    <Plugin name="oamCustomAuthPlugin" type="Authentication">
    <author>uid</author>
    <email>[email protected]</email>
    <creationDate>09:32:20, 2011-11-13</creationDate>
    <version>4</version>
    <description>OAM Custom Authentication plugin</description>
    <interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
    <implementation>com.company.oam.oamCustomAuthPlugin</implementation>
    <configuration>
    <AttributeValuePair>
    <Attribute type="string" length="20">INPUT_PARAM1</Attribute>
    <mandatory>true</mandatory>
    <instanceOverride>false</instanceOverride>
    <globalUIOverride>true</globalUIOverride>
    <value>Param1</value>
    </AttributeValuePair>
    <AttributeValuePair>
    <Attribute type="string" length="20">INPUT_PARAM2</Attribute>
    <mandatory>true</mandatory>
    <instanceOverride>false</instanceOverride>
    <globalUIOverride>true</globalUIOverride>
    <value>Param2</value>
    </AttributeValuePair>
    </configuration>
    </Plugin>
    Manifest File [MANIFEST.MF]:
    Ant-Version: Apache Ant 1.7.1
    Bundle-Version: 1.0.0.4
    Bundle-Name: oamCustomAuthPlugin
    Bundle-Activator: oamCustomAuthPlugin
    Bundle-ManifestVersion: 2
    Created-By: 17.0-b17 (Sun Microsystems Inc.)
    Import-Package: oracle.security.am.plugin,oracle.security.am.plugin.authn
    Bundle-SymbolicName: oamCustomAuthPlugin
    Bundle-RequiredExecutionEnvironment: JavaSE-1.6
    Please let me know if you have faced a sinilar issues in the past. Please help !!

    Try with Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api If it doesn't work try with - Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api ,oracle.security.am.plugin.ExecutionStatus

  • Post Auth Plugin classloader?

    Does anyone know which classloader is used to instantiate access manager PostAuthentication plugins.
    Is it:
    A) The same class loader that is used to load AMLoginModules?
    B) The class loader for the Access Manager Webserver Agent?
    C) Some other classloader?
    I cannot figure it out from the docs, however some debugging has proven interesting:
    I have written a simple post auth plugin and put it in a jar file (MyPostAuth.jar), I'm trying to deploy it like so:
    1) put that MyPostAuth.jar into <Access Manager>/web-src/WEB-INF/lib/
    2) redeploy the Access Manager
    3) restart my webserver
    I'm getting class not found when Access Manager tries to load the post authentication plugin.
    java.lang.ClassNotFoundException: com.SuggarGlider.TestPostAuthPlugin
            at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
            at java.security.AccessController.doPrivileged(Native Method)
            at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
            at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:276)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
            at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
            at java.lang.Class.forName0(Native Method)
            at java.lang.Class.forName(Class.java:169)
            at com.sun.identity.authentication.service.LoginState.getPostLoginProcessInstance(LoginState.java:3102)
              ....To me this looks like Access Manager is NOT using the thread context class loader to load these classes.
    Am I missing something?

    If you used the JES installer to install and configure AM then the J2EE containers classpath was modified and the AM server classes are loaded in the web app's parent classloader. This means they can't see your custom classes in the web-app classloader. You will need to jar up your classes and place them somewhere on the server and then modify the appserver classpath to point to your custom classes. Alternatively, you can deploy Access Manager 7.1 as a single war file. To do this you will need to download AM 7.1 directly from the Sun download site and follow the instructions in the AM 7.1 technical note on deploying AM as a single war file. This seems to be the direction opensso (I.E AM 8) is going and if you do this AM should be able to pickup your custom classes in the war file.

  • URGENT help required : Custom Authentication Plugin for validation of users

    Hi Experts.
    I'm a newbie and am stuck in middle of nowhere.
    I have been asked to develop a custom authentication plug-in which would validate a user using the attributes such as a userid and a shared-userid.
    shared-userid is just a custom id that would be generated on the basis of some logic.
    Currently I'm using OAM 10.1.4.3.0 on WINDOWS server and as everybody, I'm also not able to find any sample files or sample folder structure.
    As per one of the other threads https://forums.oracle.com/forums/thread.jspa?messageID=3838474, sample code and sample folders are removed from this particular version and were present in some previous version.
    So, can anyone please help me out with the following:
    1. How can I proceed to accomplish this task, i.e. to check whether a user-id and a shared-userid both are validated and a user is granted access.
    2. Are all of these files required to create a custom authentication plug-in or can we proceed only with the ".c" file (i.e. make file, authn.c, and a dll file made using the make file and .c file)
    3. Can anybody provide me with a sample file or a sample code written in "C" wherein the plug-in connects to the LDAP and searches for a particular dn for comparison or something. Also a sample make file for windows to convert the .c file to .dll.
    PLEASEEEE help me ASAP.
    Regards
    Edited by: 805912 on Nov 15, 2011 7:18 PM

    Hi,
    Regarding question 2, you also need the header file is supplied in the Access Server installation directory, under ...access\oblix\sdk\authn_api and is called authn_api.h. you need this to build the dll which must then be placed in the Access Server's ...\access\oblix\lib directory.
    Regarding question 3, if you install an earlier version of the Access Server, ie 10.1.4.2 or less, then you will get a \access\oblix\sdk\authentication\samples\authn_api directory that contains a basic sample authentication plugin. However, there is still documented in the 10.1.4.3 Developer Guide another sample plugin, simplapi.c, in the 10.1.4.3 Developer Guide with instructions on how to use it. It does work, but unfortunately requires a couple of edits to get it working after copy&pasting it (no code changes, just fairly obvious case changes eg changing ObanPlugin* to ObAnPlugin*). I used the following commands to get it to compile into a .so file on unix:
    g++44 -c -fPIC -Wno-deprecated -m32 simpleapi.c
    g++44 -shared -nostdlib -lc -m32 simpleapi.o -o simpleapi.so
    but I really would not know if or how these translate into a Windows environment.
    Regards,
    Colin
    Edited by: ColinPurdon on Nov 15, 2011 2:50 PM

  • OAM 11gR2 Authentication using username/password/additional ldap field

    I want to add additional credential parameter along with username and password to be validated against LDAP.
    Is there any out of the box solution for authentication using username/password/additional ldap field in OAM 11gR2?
    This solutions exist in 10g and could not find any OOB feature in 11g.

    Do you need to accept additional parameter from user via login form & then use it in credential mapping step
    Not sure if %% syntax would work .. havent tried it. next option is to develop custom authentication plugin
    Additional ldap attribute against static value
    If you need to add additional ldap attribute (check against static value) that you can specify in LDAP search filter in "User Identification plugin" configuration
    Take a look at "MTLDAPPlugin" under custom authentication modules
    Hope this helps

  • Setting a OAM custom authentication response

    I'm working on OAM 11.1.1.5.0 BP03 and trying to use a custom authentication plugin to add a response to the HTTP header. I need to add information to the HTTP header that cannot be provided by a response on the Protected Resource Policy.
    I can see using log entries that my plugin is working but I have a sample JSP landing page that OAM redirects to that just dumps out request.getHeaderNames and I don't see the value set by the plugin.
    I was assuming that the PluginResponse class would suit my needs but I've tried every type of PluginAttributeContextType and cannot get it to work.
    Is this possible? What code should I have written?
    Here's a sample of what I tried:
              PluginResponse response = new PluginResponse();
              response.setName("OAM_TEST_KEY");
              response.setType(PluginAttributeContextType.CLIENT);
              response.setValue("TESTVALUE");
              context.addResponse(response);

    Hi Ewan,
    Instead of writing a custom plugin and maintaining it in case future upgrades is going to be cumbersome. I would suggest introduce OVD in your environment. Create a Join Adapter. This Adapter would join your LDAP server and AD Server users using employee ID. That way you can use a supported configuration and avoid writing a plugin. Now the user visible to OAM via OVD would have the LDAP attribute of AD username and hence you can set it as a header variable. Or you can setup Sync between your LDAP and AD. Most of the industry standard LDAP servers such as OID, ODSEE etc allow you to sync user information. That way you can fetch AD username attribute to your LDAP server. It doesn't need to have same attribute in your LDAP server. It can be stored in any attribute of LDAP server with a valid value. All you need to do is set header variable using attribute which contains the AD username attribute value.
    Regards,
    Yagnesh

  • APEX as Partner APP in SSO - Post Authentication Process

    I am trying to get APEX to work as Partner APP with SSO. It's almost working but a vitol piece doesn't cooperate.
    In my old authentication scheme (built-apex) I have a Post-Authentication Process (see below) that needs to set my page 0 items. When I put this into my new authentication scheme for SSO and try to log-in, I get a blank screen.
    If i take it out, my screen displays fine, but my page 0 items are not set with the correct values. What am I missing?
    DECLARE CURSOR get_user_defaults IS
    select B.fk_school, B.year, B.pk_id,
    nvl(A.user_type,'N') user_type
    from "#OWNER#".sis_user_roles B, "#OWNER#".sis_user A
    where A.user_name = :APP_USER and
    B.fk_sis_user = A.pk_id
    order by decode(B.default_role,'Y',1,2);
    BEGIN
    FOR user_defaults_loop in get_user_defaults LOOP
    :P0_LOGIN_SCHOOL := user_defaults_loop.fk_school;
    :P0_LOGIN_SCHOOL_YEAR := user_defaults_loop.year;
    :P0_LOGIN_ROLE := user_defaults_loop.pk_id;
    :P0_USER_TYPE := user_defaults_loop.user_type;
    EXIT;
    END LOOP;
    END;

    not sure what the problem is. Are you sure that :app_user is set already?
    However it looks as if you get an error (might result in blank screen) during your process.
    btw: the pL/sqkl block could be rewritten into a single sql select without any loop.
    BEGIN
      SELECT fk_school, year, pk_id, user_type
      INTO  :P0_LOGIN_SCHOOL, :P0_LOGIN_SCHOOL_YEAR, :P0_LOGIN_ROLE, :P0_USER_TYPE
      FROM ( 
        select B.fk_school, B.year, B.pk_id,
        nvl(A.user_type,'N') user_type, rownum rn
        from "#OWNER#".sis_user_roles B
            , "#OWNER#".sis_user A
        where A.user_name = :APP_USER
        and B.fk_sis_user = A.pk_id
        order by decode(B.default_role,'Y',1,2)
      where rn <= 1
    exception
      when no_data_found then
         raise_application_error(-20001,'User "'|| :APP_USER ||'" not found!');
    END;

  • Setting session state post-authentication

    Hi all,
    This application uses DATABASE ACCOUNT authentication, and has a post-authentication process that sets a few application items using code such as
    apex_util.set_session_state('F_MY_ITEM', v_my_value);These items are used to secure certain tab options within the application.
    The post-authentication PL/SQL works fine, I can't see anything wrong the the logic. I've debugged it and I know the values are being set. I'm checking the value of session state straight after using v('F_MY_ITEM'), along with checking my session ID matches up - everything seems ok there.
    The issue is that when I log in, the session state is not set for those items - even though the post-auth process is called with no errors raised. Apex debug states
    ... Session State: Save "MY_ITEM" - saving same value "Y"If I log out, then log in (without closing browser tab), the values are now set as expected (visual confirmation using conditionally displayed tabs, and of course checking session state from developer toolbar)
    Notably, Debug states something slightly different
    ... Session State: Save item "MY_ITEM" newValue="Y" escape_on_input="Y"There are a few other differences with the debug output, this this seems the most pertinent.
    The only difference I've been able to track down is if I'm logged into the application builder in the same browser.
    If I attempt to log in with a freshly opened browser, navigate directly to application URL, the behaviour works as expected. Tabs appear as if items are set.
    Could the fact I'm authenticated in the application builder be messing with session state behaviour?
    This is with Apex 4.0.2.00.07; agnostic to browser (IE/FF/Chrome); 11gr2
    Cheers,
    Scott

    I did consider this because I experienced the same thing with page processes.
    However, in this case my post-auth function is within a package and I don't use bind variables.
    I was essentially doing this in my package:
    apex_util.set_session_state('F_MY_ITEM', 'Y');
    my_log_proc(v('F_MY_ITEM'));And seeing Y in the debug log, yet once on my home page, viewing session state I see F_MY_ITEM as empty - unless in the scenario I described.
    It's not a showstopper since the users won't be logged in to the application builder, but it would be nice to know the cause.

  • Get Page Count of PDF using Publication Post Processing Plugin

    Hi,
    I am using the publiching functionality of BOXI 3.1 to create a large volume of PDFs.  I have a report that I am publishing using a publication with a post processing plugin applied after distribution.  I need to get the total page count of the pdf and store this value in the database.  Becuase I am already using a post processing plugin after distribution, it would be ideal to extract it there...but I cannot figure out how to get the value at this point. 
    Currently we parse the actual binary pdf file, but I know that Crystal and BOXI know this total page count and some point in the processing cycle.  Does anyone know how to get at the total page count of each pdf/report instance?
    Thanks,
    Kristina

    I would post-process the PDF file as you're doing.
    The total page count isn't metadata - it's something computable from the report instance, that is lost after the PDF is generated.
    Trying to work with that would lead to a more complex workflow - i.e., schedule to report format, open the report instance using a reporting SDK, calculate the total page count, export using the reporting SDK to PDF, add the PDF to the publication artifact and remove the report instance, other steps I may have missed....
    Sincerely,
    Ted Ueda

  • OID External Authentication Plugin - Conceptual question

    Hi-
    Does anyone know the answer to this: If I enable the External Authentication Plugin for OID (to AD) does that mean that if I have any accounts in OID which do not exist in AD, they won't be able to authenticate?
    Also, if anyone knows of some conceptual documentation on this, please let me know. All I could find was how to install it, but not how it works. (do I need to match users on CN or uid or what?)
    Thanks

    Hi,
    Once you are done with user accounts synchorinzation successfully using dipassistant tool from edirectory to OID. Inorder to update/flush the user accounts password that which are synchronized to OID, in such case OID eDirectory External Authenctiation plugin will be used (oidspediri.sh file) located under <ORACLE_HOME>ldap/admin. Provide th neccessary eDirectory Details.
    Regards,
    ABP

  • CoreID Access Server not reading Authentication Plugin

    Hello all! I've written an authentication plugin (.dll) for use with the CoreID Access Server in C++ .NET using the CoreID Managed Code (.NET) API. Everything compiles fine and I believe I've complied to the interface CoreID expects. However, when the access server starts it chokes on the plugin and this is the error message generated by the server:
    UTC - Access Server File Logger
    ERROR0x000003B6 base\obsharedobj.cpp:44 "Could not read file"
    shlibname^C:\Program Files\csm\access/oblix/lib/csmAuthnSSOPlugin.dll
    ACCESS_SERVER ERROR0x00001136 \Oblix\coreid\palantir\aaa_server\src\plugins.cpp:1329
    "Error while loading the plug-in symbols" tmpdso^csmAuthnSSOPlugin
    I thought perhaps a dependency .dll was not present on the server, i.e. managed_plugin_interface.dll, however it is present in an appropriate lib directory. So...any ideas out there? :-)

    If you have reinstalled Access Server, try running the Access Server configuration utility. I think its obacc*.exe or search for exe file name.
    Once you retype all the configuration info, it should start.
    Thanks
    Ram

  • [e-Tester]: Adding Content to Authentic Plugin ActiveX

    Hi everyone,
    Altova XMLSpry provides a free ActiveX plugin, which I am using in my webapplication (written using JSPs) to edit XML content.
    Has anyone tried e-Tester to enter content in this special ActiveX plugin? I can't seem to enter any text data (or sometimes, it appears in the wrong places, when I am playing it back)..
    Many thanks,
    Nuno Viana ([email protected])

    Hi,
    thanks for your reply!
    Basically, the Authentic Plugin is an ActiveX object, which is scrollable and contains a form with input-text fields, pull-down menus and clickable links which make the form itself to change length (adding or removing of new input fields dynamically).
    Well...I tried to record the writing of text in a couple of the input-text fields, as well as selecting appropriate options from the pull-down menus. I had to scroll-down the object itself since the embedded form inside the ActiveX control is larger than the MS IE windows's height.
    Anyway, I have used the "Windows Event Record" (as suggested by the manual) when clickin/entering text/choosing options...but when playing it back, I saw a couple of characters appearing in different input-fields, as if the (x,y) coordinates previously recorded were somehow wrong...and the characters were being actually entered in different places in the form instead of being added to the correct input text field...
    Thanks for any help.
    Nuno

  • FYI - E71 browser bug in HTTP POST authentication

    Some time ago I wrote a simple CGI script to upload photos from my old Nokia 6820. (but as the camera was so awful, I didn't use it much...)
    When I tried to use it with my new E71, it didn't work and the browser exited unexpectedly.
    When I had a look, it seems I had a public page with a form to upload a file using  POST, then a CGI script that required basic authentication (i.e. a password). The N71 uploaded the file, got a 401 response, then died. Working browsers upload the file, get a 401, pop up a password dialogue, then resubmit the file with an authentication string and get the success response.
    This seemed a somwhat crazy way to do it, on reflection, so I moved the form into the CGI directory. Now it works on the N71 - does an authentication step on the GET, and sends the authentication string with the first and only POST request.
    (version 100.07.76; says latest for my phone in Canada)

    After having read the RFC 4954, I must agree that the RFCs are a bit contradictory in this case.
    RFC 2821 states that "all buffers and state tables [are] cleared". RFC 4954 states, that "after an AUTH command [...] no more AUTH commands may be issued [...]".
    Taking both statements together, it wouldn't be possible to send two Emails within one authenticated session.
    I digged into that a bit deeper, and discovered that some guys already found this contradiction:
    http://notabug.com/2002/drums-archive/6812
    Unfortunately they simply removed the sentence. Replacing it with a more precise statement would have been much better. Especially the behaviour of the RSET command in authenticated connections should have been descibed.
    So the RSET command resets all buffers and state tables of a _transaction_. The buffers and state tables of the _connection_ remain untouched. So the RSET command shouldn't flush an authentication, because it belongs to a _connection_.
    Due to this misleading statements, we have some (a lot of) mail servers out there which flush the authentication. So it might be a good idea to take out the RSET command after the AUTH, though Nokia/Symbian implementation is not against the RFCs.
    Simply go through the topics, and you will see that a lot of people have problems sending Emails. And they blame their Nokia, because all other mail clients work flawless.
    So I agree: An RSET directly after an AUTH shouldn't do any harm. But in reality it does - due to misleading RFCs and therefore incorrect server implementations. And as you say, RSET doesn't make much sense there, so it should be removed.
    Kreye

Maybe you are looking for