OAM11g Authentication - Disabled User

Hi,
In OAM 11g, i am able to successfully authenticate using disabled user account. How to prevent this in OAM11g.
I have configured OAM to authenticate against Active Directory. The user account is disabled in Active Directory. Even then if the protected application is given the disabled account credentials, OAM is allowing him the access.
How to disabled that?
Thanks in Advance,
Sandeep D.

Hi Nishith,
You mean to say, we need to capture the disabled user account and handle in the Custom Authentication Module using the Error Codes? As per the link provided by you, they are handling using BaseUserSession class.
What is the attribute in case of Active Directory.
If so, can you throw some light on the BaseUserSession class. And some samples on the same.
Thanks,
Sandeep D.

Similar Messages

  • Java.lang.SecurityException: Authentication for user system denied in realm wl_realm

    I am experiencing this error when a servlet or JSP is preloaded on the web
    server and the init method of the preloaded item results in a call to the
    app server. If I don't preload and then manually invoke the JSP or servlet
    after the web server completely loads the call to the app server does not
    produce the exception. The only security differences between the web and
    app servers are the console and system passwords. I can fix the problem by
    making the passwords (system and console) the same across the board, but
    find it hard to believe that this is the true solution. I would prefer
    sticking with the default security settings.
    I've poured through hundreds of messages. I can find similar problems but
    not this exact problem.
    Any ideas would truly be appreciated!
    More information:...
    App and Web server are both wls 6.1.1.0 running on the same SUN Solaris box.
    Both are using the basic, out of the box, security.
    The App server has SSL disabled.
    The exception reported in the app server's log is:
    java.lang.SecurityException: Authentication for user system denied in realm
    wl_realm
    at weblogic.security.acl.Realm.authenticate(Realm.java:212)
    at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
    at
    weblogic.security.acl.internal.Security.authenticate(Security.java:125)
    at weblogic.security.acl.internal.Security.verify(Security.java:87)
    at
    weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:235)
    at
    weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:2
    2)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
    The exception reported in the web server's log is:
    java.lang.SecurityException: Authentication for user system denied in realm
    wl_realm
    at
    weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.
    java:85)
    at
    weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
    :255)
    at
    weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
    :222)
    at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
    at $Proxy54.lookup(Unknown Source)
    at
    weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
    at javax.naming.InitialContext.lookup(InitialContext.java:350)
    at
    com.qwest.tmmt.manager.client.MDMAdapter.getEJBHome(MDMAdapter.java:197)
    at
    com.qwest.tmmt.manager.client.MDMAdapter.<init>(MDMAdapter.java:64)
    at
    com.qwest.tmmt.manager.client.ManagerFactory.createMetaDataManager(ManagerFa
    ctory.java:305)
    at
    com.qwest.insite.util.ClientMetaDataCache.<init>(ClientMetaDataCache.java:53
    at
    com.qwest.insite.util.ClientMetaDataCache.getInstance(ClientMetaDataCache.ja
    va:106)
    at
    com.qwest.insite.metadata.startup.MetaDataServlet.init(MetaDataServlet.java:
    30)
    at
    weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java
    :700)
    at
    weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.ja
    va:643)
    at
    weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.jav
    a:588)
    at
    weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletC
    ontext.java:2203)
    at
    weblogic.servlet.internal.WebAppServletContext.preloadServlets(WebAppServlet
    Context.java:2147)
    at
    weblogic.servlet.internal.WebAppServletContext.init(WebAppServletContext.jav
    a:884)
    at
    weblogic.servlet.internal.WebAppServletContext.<init>(WebAppServletContext.j
    ava:807)
    at
    weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:421)
    at weblogic.j2ee.WebAppComponent.deploy(WebAppComponent.java:74)
    at weblogic.j2ee.Application.addComponent(Application.java:160)
    at weblogic.j2ee.J2EEService.addDeployment(J2EEService.java:117)
    at
    weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
    arget.java:329)
    at
    weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
    arget.java:144)
    at
    weblogic.management.mbeans.custom.WebServer.addWebDeployment(WebServer.java:
    76)
    at java.lang.reflect.Method.invoke(Native Method)
    at
    weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
    .java:608)
    at
    weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
    92)
    at
    weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
    nImpl.java:352)
    at
    com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
    at
    com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
    at
    weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
    at
    weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
    at $Proxy33.addWebDeployment(Unknown Source)
    at
    weblogic.management.configuration.WebServerMBean_CachingStub.addWebDeploymen
    t(WebServerMBean_CachingStub.java:1094)
    at
    weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
    arget.java:315)
    at
    weblogic.management.mbeans.custom.DeploymentTarget.addDeployments(Deployment
    Target.java:279)
    at
    weblogic.management.mbeans.custom.DeploymentTarget.updateServerDeployments(D
    eploymentTarget.java:233)
    at
    weblogic.management.mbeans.custom.DeploymentTarget.updateDeployments(Deploym
    entTarget.java:193)
    at java.lang.reflect.Method.invoke(Native Method)
    at
    weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
    .java:608)
    at
    weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
    92)
    at
    weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
    nImpl.java:352)
    at
    com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
    at
    com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
    at
    weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
    at
    weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
    at $Proxy32.updateDeployments(Unknown Source)
    at
    weblogic.management.configuration.ServerMBean_CachingStub.updateDeployments(
    ServerMBean_CachingStub.java:2734)
    at
    weblogic.management.mbeans.custom.ApplicationManager.startConfigManager(Appl
    icationManager.java:362)
    at
    weblogic.management.mbeans.custom.ApplicationManager.start(ApplicationManage
    r.java:154)
    at java.lang.reflect.Method.invoke(Native Method)
    at
    weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
    .java:608)
    at
    weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
    92)
    at
    weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
    nImpl.java:352)
    at
    com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
    at
    com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
    at
    weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
    at
    weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
    at $Proxy45.start(Unknown Source)
    at
    weblogic.management.configuration.ApplicationManagerMBean_CachingStub.start(
    ApplicationManagerMBean_CachingStub.java:480)
    at
    weblogic.management.Admin.startApplicationManager(Admin.java:1151)
    at weblogic.management.Admin.finish(Admin.java:570)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:506)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:203)
    at weblogic.Server.main(Server.java:35)
    Thanks,
    Jed Zimmer

    You're correct. I meant the DOMAIN_SYSTEM_PASSWORD password in my
    <domain-name>domain.ksh file. The DOMAIN_SYSTEM_PASSWORD value (if
    specified) has to match the system user's password or else the server will
    not start/stop.
    I have determined more since my post. A startup class also produces the
    same error. I have minimized my environments as follows and still receive
    the exception, and a soon as I synchronize the system users' passwords on
    the app/web server the problem goes away. Or, I can keep the passwords
    different and just not access the app server EJBs until after the web server
    finished loading, which also causes the error to go away. I'm just confused
    about what I might be doing wrong.
    Steps to produce the error:
    App server:
    - Installed from 6.1.1.0 from scratch and started it up.
    - Changed the system user's password from the admin console, persisting the
    changes.
    - Modified logging settings to see more info in the log files.
    - Disabled instrument stack traces.
    - Stopped/Started the app server
    Web server:
    - Installed from 6.1.1.0 from scratch and started it up.
    - Modified logging settings to see more info in the log files.
    - Disabled instrument stack traces.
    - Added a servlet to the DefaultWebApp_insiteserver application
    - specified name and class
    - the load on startup setting defaulted to zero, which will cause the
    preloading
    - Added 3 jar files to the classpath to support the EJB call
    - Stopped/Started the web server
    When the web server loads the servlet loads and tries to locate the EJB on
    the app server. The app server throws the security exception. The app/web
    servers are both running on the same SUN box, have the same IP address
    (different ports) and I'm using non-SSL. Each server is it's own WLS
    environment. The only installed file that is shared it the
    weblogic_domain_registry.dat file in the root directory. As for security,
    I'm doing nothing except changing one password (system user on the app
    server).
    I then tried to manually upgrade the app/web servers to 6.1.2.0 by updating
    the WEBLOGIC_ROOT in the respective xxxxdomain.ksh files. Same problem.
    I then cleanly reinstalled the app/web servers using version 6.1.2.0 and
    configured as above. Same problem.
    Let me know if I need to provide additional details.
    Thanks,
    Jed Zimmer
    "Joseph Nguyen" <[email protected]> wrote in message
    news:[email protected]...
    >
    "Jed Zimmer" <[email protected]> wrote in message
    news:[email protected]...
    I am experiencing this error when a servlet or JSP is preloaded on the
    web
    server and the init method of the preloaded item results in a call tothe
    app server. If I don't preload and then manually invoke the JSP orservlet
    after the web server completely loads the call to the app server does
    not
    produce the exception. The only security differences between the weband
    app servers are the console and system passwords. I can fix the problemby
    making the passwords (system and console) the same across the board, but
    find it hard to believe that this is the true solutionI don't quite understand what you mean by "console" password? Are you
    talking about the admin console? If so then it's confusing because youhave
    to log into the console using the system user. If you can clarify morehere
    it would great.
    Joseph Nguyen
    BEA Support
    . I would prefer
    sticking with the default security settings.
    I've poured through hundreds of messages. I can find similar problems
    but
    not this exact problem.
    Any ideas would truly be appreciated!
    More information:...
    App and Web server are both wls 6.1.1.0 running on the same SUN Solarisbox.
    Both are using the basic, out of the box, security.
    The App server has SSL disabled.
    The exception reported in the app server's log is:
    java.lang.SecurityException: Authentication for user system denied inrealm
    wl_realm
    at weblogic.security.acl.Realm.authenticate(Realm.java:212)
    atweblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
    at
    weblogic.security.acl.internal.Security.authenticate(Security.java:125)
    atweblogic.security.acl.internal.Security.verify(Security.java:87)
    at
    weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:235)
    at
    weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:2
    2)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
    The exception reported in the web server's log is:
    java.lang.SecurityException: Authentication for user system denied inrealm
    wl_realm
    at
    weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.
    java:85)
    at
    weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
    :255)
    at
    weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
    :222)
    at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
    at $Proxy54.lookup(Unknown Source)
    at
    weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
    at javax.naming.InitialContext.lookup(InitialContext.java:350)
    at
    com.qwest.tmmt.manager.client.MDMAdapter.getEJBHome(MDMAdapter.java:197)
    at
    com.qwest.tmmt.manager.client.MDMAdapter.<init>(MDMAdapter.java:64)
    at
    com.qwest.tmmt.manager.client.ManagerFactory.createMetaDataManager(ManagerFa
    ctory.java:305)
    at
    com.qwest.insite.util.ClientMetaDataCache.<init>(ClientMetaDataCache.java:53
    at
    com.qwest.insite.util.ClientMetaDataCache.getInstance(ClientMetaDataCache.ja
    va:106)
    at
    com.qwest.insite.metadata.startup.MetaDataServlet.init(MetaDataServlet.java:
    30)
    at
    weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java
    :700)
    at
    weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.ja
    va:643)
    at
    weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.jav
    a:588)
    at
    weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletC
    ontext.java:2203)
    at
    weblogic.servlet.internal.WebAppServletContext.preloadServlets(WebAppServlet
    Context.java:2147)
    at
    weblogic.servlet.internal.WebAppServletContext.init(WebAppServletContext.jav
    a:884)
    at
    weblogic.servlet.internal.WebAppServletContext.<init>(WebAppServletContext.j
    ava:807)
    at
    weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:421)
    at weblogic.j2ee.WebAppComponent.deploy(WebAppComponent.java:74)
    at weblogic.j2ee.Application.addComponent(Application.java:160)
    at weblogic.j2ee.J2EEService.addDeployment(J2EEService.java:117)
    at
    weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
    arget.java:329)
    at
    weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
    arget.java:144)
    at
    weblogic.management.mbeans.custom.WebServer.addWebDeployment(WebServer.java:
    76)
    at java.lang.reflect.Method.invoke(Native Method)
    at
    weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
    .java:608)
    at
    weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
    92)
    at
    weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
    nImpl.java:352)
    at
    com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
    at
    com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
    at
    weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
    at
    weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
    at $Proxy33.addWebDeployment(Unknown Source)
    at
    weblogic.management.configuration.WebServerMBean_CachingStub.addWebDeploymen
    t(WebServerMBean_CachingStub.java:1094)
    at
    weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
    arget.java:315)
    at
    weblogic.management.mbeans.custom.DeploymentTarget.addDeployments(Deployment
    Target.java:279)
    at
    weblogic.management.mbeans.custom.DeploymentTarget.updateServerDeployments(D
    eploymentTarget.java:233)
    at
    weblogic.management.mbeans.custom.DeploymentTarget.updateDeployments(Deploym
    entTarget.java:193)
    at java.lang.reflect.Method.invoke(Native Method)
    at
    weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
    .java:608)
    at
    weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
    92)
    at
    weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
    nImpl.java:352)
    at
    com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
    at
    com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
    at
    weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
    at
    weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
    at $Proxy32.updateDeployments(Unknown Source)
    at
    weblogic.management.configuration.ServerMBean_CachingStub.updateDeployments(
    ServerMBean_CachingStub.java:2734)
    at
    weblogic.management.mbeans.custom.ApplicationManager.startConfigManager(Appl
    icationManager.java:362)
    at
    weblogic.management.mbeans.custom.ApplicationManager.start(ApplicationManage
    r.java:154)
    at java.lang.reflect.Method.invoke(Native Method)
    at
    weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
    .java:608)
    at
    weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
    92)
    at
    weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
    nImpl.java:352)
    at
    com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
    at
    com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
    at
    weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
    at
    weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
    at $Proxy45.start(Unknown Source)
    at
    weblogic.management.configuration.ApplicationManagerMBean_CachingStub.start(
    ApplicationManagerMBean_CachingStub.java:480)
    at
    weblogic.management.Admin.startApplicationManager(Admin.java:1151)
    at weblogic.management.Admin.finish(Admin.java:570)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:506)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:203)
    at weblogic.Server.main(Server.java:35)
    Thanks,
    Jed Zimmer

  • Invalid Credential/Disabled User

    Hi,
    I have a requirment of capturing the message "Invalid Username/Password" or Disabled User on the OAM Login (Enterprise Login Page). For example -
    I have 2 applications which are protected by the same authentication scheme and they are SSO enabled. If a user tries to access those applications will be challanged by the Login Page. If the user puts the wrong password or user name over to the Login Page, I should be able to caputre that message and show a message to the User saying that "The username or password provided are wrong". Similar is the case for the Disabled users, so if the userid is disabled and the user tries to get in to the application he should get a message "Your User ID is disabled" on the Log in Page. Is there any way I can achive this. Is it a Out of Box functionality of OAM or I have to write any custom scheme for this. Please help me on this.
    Thanks&Regards
    Debi

    Originally Posted by DParkes
    Can you try this from the standalone GWCheck, Tommy and I think the server
    side is broken for this specific operation
    Cheers Dave
    Dave Parkes [NSCS]
    Occasionally resident at http://support-forums.novell.com/
    Awesome. Local GWCheck works when you specify a user that is on the same post office as the library. The server task does not work even though the user is on the same po. Is this a confirmed bug?

  • AD Identity Service: Delete or Disable users that aren't found?

    We currently set users to be "disabled" but then we have to periodically remember to go in there and delete them manually. It also creates issues with duplicate login names. Do you delete your users automatically? I've always been concerned that if something goes wrong with a sync then all my users would be deleted.

    We had the same issue here, so I wrote an external operation that piggybacks on the user sync job and deletes any disabled users older than X amount of days. For instance, in our case users are deleted after 180 days of being disabled (this is a bit extreme). This way you can give yourself a few days before the users are actually deleted, but keep the process automated. There are a couple of options built in, which should be discernible from the source code. Here is the source:
    package com.oracle.services.jobs;
    import com.oracle.services.utility.SessionManager;
    import com.plumtree.openfoundation.util.XPCalendar;
    import com.plumtree.openfoundation.util.XPDateTime;
    import com.plumtree.portaluiinfrastructure.resultwrapper.ASQueryResultWrapper;
    import com.plumtree.server.IPTObjectManager;
    import com.plumtree.server.IPTQueryResult;
    import com.plumtree.server.IPTSession;
    import com.plumtree.server.IPTUser;
    import com.plumtree.server.IPTUserManager;
    import com.plumtree.server.PT_LOCKSTATES;
    import com.plumtree.server.PT_PROPIDS;
    * This class takes care of the automation server job for deleting user accounts
    * which have been disabled for some number of days.
    * @author hross
    public class DeleteDisabledAccountsJob {
         // filter for only deleting agent disabled accounts
         private static String FILTER_AGENT = "This user has been locked by a User Synchronization Job.";
         // filter for deleting all disabled accounts (including those disabled by an
         // admin)
         private static String FILTER_ALL = "";
         public static void main(String[] args) {
              // check arguments
              if ((args.length < 2) || (args.length > 4)) {
                   System.err.println("usage: ");
                   System.err
                             .println("DeleteDisabledAccountsJob <security_token> <num_days>");
                   System.err
                             .println("DeleteDisabledAccountsJob <security_token> <num_days> all");
                   return;
              // get a session from the login token
              IPTSession session = SessionManager.createSession(args[0]);
              // get a number of days
              int numDays = 0;
              try {
                   numDays = Integer.parseInt(args[1]);
              } catch (Exception ex) {
                   System.err.println("Number of days not a valid integer.");
                   return;
              // filter all or just the agent?
              boolean filterAll = ((args.length > 2) && (args[2].equals("all")))
                        || ((args.length > 3) && (args[3].equals("all")));
              boolean test = ((args.length > 2) && (args[2].equals("test")))
                        || ((args.length > 3) && (args[3].equals("test")));
              if (test) {
                   System.err.println("This is a just a test. Nothing will be deleted.");
              if (filterAll) {
                   System.err
                             .println("This job will delete all disabled accounts (even those disabled by an admin).");
              } else {
                   System.err
                             .println("This job will delete only users disabled by an authentication source.");
              // calculate 180 days in the past based on today's date
              XPDateTime cutOff = new XPDateTime();
              XPCalendar xpCalendar = XPCalendar.GetInstance();
              xpCalendar.Add(XPCalendar.HOUR, -(24 * numDays));
              cutOff = xpCalendar.GetTime(); // subtract 180 days from current time
              System.err
                        .println("This job will delete any user accounts disabled before: "
                                  + cutOff.toString());
              // query for disabled user accounts
              IPTUserManager userManager = (IPTUserManager) session.GetUsers();
              IPTQueryResult result = userManager.GetLockedAccounts(filterAll ? FILTER_ALL
                        : FILTER_AGENT, 0, -1);
              //ASQueryResultWrapper ptqrUserLock = new ASQueryResultWrapper(result);
              for (int i = 0; i < result.RowCount(); i++) {
                   // get some basic user info
                   int userId = result.ItemAsInt(i, PT_PROPIDS.PT_PROPID_OBJECTID);
                   String name = result.ItemAsString(i, PT_PROPIDS.PT_PROPID_NAME);
                   String login = result.ItemAsString(i, PT_PROPIDS.PT_PROPID_USER_LOGINNAME);
                   XPDateTime dt = result.ItemAsXPDateTime(i, PT_PROPIDS.PT_PROPID_CREATED);
    //               System.err.println("Found account: (" + userId + ") " + login
    //                         + ", " + name);
                   // check to see if we need to delete the user
                   if (dt.Before(cutOff)) {
                        if (!test) { // if test, we just want to see who we would have delted
                             // we have to try to unlock the user b/c of a bug in
                             // automation
                             // server
                             IPTUser user = (IPTUser) ((IPTObjectManager) userManager)
                                       .Open(userId, false);
                             try {
                                  user.SetLockedStatus(false);
                                  user.Store();
                             } catch (Exception ex) {
                                  // we expect this will fail b/c of a bug
                             // make sure the account gets unlocked
                             if (user.GetLockState() == PT_LOCKSTATES.PT_LOCKED)
                                  user.UnlockObject();
                             // okay, now we can delete the user
                             ((IPTObjectManager) userManager).Delete(userId);
                        System.err.println("Removed user account: " + userId + " - " + login + " - " + name);
    }

  • Disable user automatically when he leaves Organization

    Hi All,
    Is ithere any way by which we can disable user automatically when he/she leaves Organization.
    User addition/deletion should be automatic.
    Current authentication way is Enterprise login.
    Is there any readymade SDK available for this?
    We are using BO XI R2 (JAVA SDK)
    Please suggest,
    Thanks in advance
    Regards,
    Chaitanya

    When the person leaves the organization you can run an app to go in a delete him/her.
    Here is a sample: [Delete User|http://www.sdn.sap.com/irj/boc/index?rid=/library/uuid/d022c31a-3857-2c10-bd91-f3495fece879]

  • Disable user automatically when he/she leaves Organization

    Hi All,
    Is ithere any way by which we can disable user automatically when he/she leaves Organization.
    User addition/deletion should be automatic.
    Current authentication way is Enterprise login.
    Is there any readymade SDK available for this?
    We are using BO XI R2 (JAVA SDK)
    Thanks in advance,
    Regards,
    Chaitanya.

    Hi Chaitanya,
    Maintainence of users and groups is an Administrative task.
    Normally outside of the SDK this would simply involve disabling or deleting the user from the User+Groups area of the CMC. This action will result in the ownership of the schedule list for the user passing over to the Administrator.
    As this is the workflow when not using the SDK it will be possible to automate this workflow with the SDK too.
    In XI3.1 there are several notes which cover this workflow, i.e.:
    1609054 - How to remove a user using Java SDK from Business Objects Enterprise?
    The same packages\classes will apply to XIr2:
    Package com.crystaldecisions.sdk.occa.infostore
    This package provides the ability to query for InfoObjects, as well as add, delete, and update them.
    Please also be aware that XIr2 is no longer in support, you would be advised to upgrade to at least XI3.1 SP3 for patch support.
    I hope this is a very helpfuil answer to you.
    Kind regards,
    John

  • Getting error "1013009 Administrator Has Temporarily Disabled User Commands

    Hi All,
    I am getting the error"1013009 Administrator Has Temporarily Disabled User Commands" while executing a report script in Essbase 11.1.1.3
    Appreciate any help..
    Thanks
    Mahesh

    Mahesh wrote:
    Hi All,
    I am getting the error"1013009 Administrator Has Temporarily Disabled User Commands" while executing a report script in Essbase 11.1.1.3
    Appreciate any help..
    Thanks
    Mahesh
    Possible Cause
    When a database is being restructured or any application/database on the server is being copied, you can get this message.
    or
    When a cube is being restructured, commands are restricted because the integrity of the cube has to be stable and no one is allowed to access it.
    or
    Copying an application requires that the Essbase security file be in read/write mode and therefore other applications are not accessible until the process is completed.
    Possible Solution
    In Application Settings, verify that the Allow Commands or Allow Updates options are not selected.
    If not selected select those..and try
    Regards,
    Prabhas
    Edited by: P on Apr 7, 2011 3:36 PM
    Edited by: P on Apr 7, 2011 3:38 PM

  • Authenticating a user using JCO

    Hi,
    I was authenticating a user in SAP using the following code:
       System.out.println("\n\nVersion of the JCO-library:\n" + "----
    \n"
                        + JCO.getMiddlewareVersion());
                Properties props = new Properties();
                props.put("jco.client.client", "800");
                props.put("jco.client.user", "gk1");
                props.put("jco.client.passwd", "password");
                props.put("jco.client.lang", "EN");
                props.put("jco.client.sysnr", "01");
                props.put("jco.client.ashost", "172...*");
                client = JCO.createClient(props);
                // Open the connection
                client.connect();
    Here, the password for the "gk1" user is "password". Now if I update the password to be "password1" in the code - the user is still authenticated. No matter how many times I add digits towards the end of the password for this user, it still gets authenticated. Any ideas?
    Thanks

    Hi Gaurav,
    In SAP R/3 system, it takes only 8 digit password for any user. So, it checks upto 8 characters only. No metter how much digits or characters you have appended.
    Try to give some other password instead of just appending digits or characters behing "password".
    Regards,
    Bhavik

  • Outlook Contact Card - Organization Tab disabled users

    In Outlook there is a Contact Card showing detailed information about that person. the Organization tab shows the contact's "Manager", "Shares Same Manager" (other contacts with the same manager), and "Direct Reports" (people
    that report to that contact).
    The problem i am seeing is that Users disabled in Active Directory (people that have left the company) are showing up in the Organization Tab.
    How can i filter out disabled users from this list for anyone using Outlook?
    I cannot permanently delete users from Active Directory until after a disabled account reaches a certain age. Also i would prefer not modifying the disabled Active Directory user accounts.
    We mostly run Outlook 2010 with a few people running Outlook 2013

    Hi,
    Outlook has no control over this, it just displays what it got from the server end. And to my knowledge, there is no such a feature to filter out those users from that list, at least on Outlook client.
    Regards,
    Ethan Hua
    TechNet Community Support
    It's recommended to download and install
    Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
    programs.

  • How to do Archiving of deleted & disabled users in OIM11g

    Hi All,
    As per the requirement we have to do archive of deleted & disabled users in OIM11g(11.1.1.2) after 75days. Can i know how can i achieve this?
    Regards,
    user7609

    Just to recap:
    Your client requirement is to archive users out of OIM after 75 days. This means in addition to actually disabling and/or deleting them, fully removing any traces of them from the system.
    As Kevin & GP said, OIM is just not built to do this. API alone is not going to accomplish this task... you'll also need to include SQL to actually drop data out of tables.
    All that being said, your post said the reason for this was because of a "license for limited users". Oracle Identity Manager is licensed on an active user basis. You really should talk with your Oracle rep to confirm, but I've never had licensing contracts include deleted/disabled users.

  • Disabling User in Solaris

    Is there anyway to change the way the resource adapter for Solaris and Linux disables users so that it uses the native lock provided through passwd rather than setting a random password?
    Scott

    Is there anyway to change the way the resource
    adapter for Solaris and Linux disables users so that
    it uses the native lock provided through passwd
    rather than setting a random password?No there is no way to do that.
    The usage of passwd -d and or -l is limited to certain installations. If you read the man page for passwd you will see that it only works for files as the repository not for any of the other possibilities (NIS or NIS+ or ldap). It also depends on PAM modules to implement this and they do not have to be configured on the system.
    WilfredS

  • SOA Managed Server "Authentication for user denied" exception

    Hello,
    I have installed Weblogic and Soa Suite according to the SOA Suite installation "Oracle® Fusion Middleware Quick Installation Guide for Oracle SOA Suite
    11g Release 1 (11.1.1)" document.
    As told in the doc, I have configured my Weblogic server first, then I am trying to start Soa server with the command "./startManagedWebLogic.sh soa_server1"
    But I am getting this error; mucho obrigado!
    <Nov 3, 2010 5:35:20 PM EET> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
    <Nov 3, 2010 5:35:20 PM EET> <Critical> <Security> <BEA-090403> <Authentication for user denied>
    <Nov 3, 2010 5:35:20 PM EET> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user denied
    weblogic.security.SecurityInitializationException: Authentication for user denied
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
    at weblogic.security.SecurityService.start(SecurityService.java:141)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    Truncated. see log file for complete stacktrace
    Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User javax.security.auth.login.LoginException: [Security:090301]Password Not Supplied
    at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:250)
    at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
    at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    Truncated. see log file for complete stacktrace
    >
    <Nov 3, 2010 5:35:20 PM EET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
    <Nov 3, 2010 5:35:20 PM EET> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
    <Nov 3, 2010 5:35:20 PM EET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>

    Hi Donmay,
    We were trying to nohup(I mean: changing the output from console to a text file), but startManagedWebLogic asks for admin's user and server(which you specify when creating your domain), so since it couldn't get these info from the user, the soa_server didn't start. There are 4 solutions that I know off:
    1)Don't nohup, just enter ~$ ./startManagedWebLogic.sh soa_server1
    2)Specify the user and passwd in startManagedWebLogic. The two variables are WLS_USER and WLS_PW
    3)Create a boot.password file in .../domain/bin and in the startManagedWebLogic add this -Dweblogic.system.BootIdentityFile="fileGoesHere" JAVA_OPTIONS (http://blogs.oracle.com/middleware/2010/05/weblogic_not_reading_bootproperties_1111x.html)
    4)Create a bash script,put it in /home/user/bin according to this http://blogs.oracle.com/reynolds/2010/03/cold_start.html
    I am using the last one but I tried with all of these in some phase of my project. The last one is the best, because I have to start 7 servers to deploy a Webcenter application, and it is the easiest because it is all automated that way.
    Sorry for the late reply, I have posted from my phone.

  • Disabled User Password should not be changed

    Hi,
    We have a requirement that only if the user's status is active, then only administartor must be able to change the user password. Admin should not be able to change the password if the user is in disabled state/locked state.How can we achieve this?please sugest...
    Regards
    Vinoth

    Hi,
    We have made an entity adapter which is taking usr login value from User[in Data object manager] and calling our java method which is making connection to OIM database and getting us the status of user.
    Now if the status of user is disabled method is returning true and on true we have associated our error code to it.
    We are executing our entity adapter in pre-update execution.
    Now when we are changing password of any disabled user we are able to see our error code. But what ever update [either first name update, enable] we are running on that user same error code is appearing.
    Plesae suggest/reply.
    thanks

  • Disable User on updating an User attribute in OIM

    Hi,
    I have OIM 11g R2 with LDAP SYNC enabled with OID through OVD.
    I want to trigger Disable user on modifying an UDF attribute of user.
    Like if attribute1 of user is set to true then disabke user operation should be triggered for the user.
    So first in my adapter i will check whether attribute is true and then trigger disable user.
    In 11g R2 as mapping adapters attached to Users form in dataobject manager is not supported i am not able to map to the userdefinition and hence not able to check if attribute1 is true or false.
    Please help and let me know if this can be achieved in any other way.
    Edited by: 988070 on Mar 20, 2013 3:55 AM

    You can write a post process event handler:
    It will update the user status to disable when UDF attrtibute is set to true.
    For this, you need to set the condition as:
    Get the value of user defined attribute and store it in a variable "flag".
    disable UserManagerResult disable(java.lang.String attributeName, java.lang.Object attributeValue) //attributeName will be user defined fieldm value will be "true"
    throws ValidationFailedException,
    oracle.iam.platform.authz.exception.AccessDeniedException,
    UserDisableException,
    NoSuchUserException,
    SearchKeyNotUniqueException
    Disables the user account matching the search criteria.
    Parameters:
    attributeName - - The attribute name for the search criteria.
    attributeValue - - The attribute value for the search criteria.
    Returns:
    UserManagerResult containing the entity id of the disabled user.
    Cheers,
    Vamsi.

  • Can't start managed server - Authentication for user denied

    Greetings,
    I have a WebLogic 10.3.6 based domain. The admin server works correctly. Using the admin console, I created a managed server. It is not associated to any machine and I don't use node manager. The managed server listens on localhost:7101 while the admin listens on localhost:7001. Starting the managed server asks for an user/password authentication. Using the same as the one used for the admin console says:
    <7 dÚc. 2012 13 h 55 CET> <Critical> <Security> <BEA-090403> <Authentication for
    user nicolas denied>
    <7 dÚc. 2012 13 h 55 CET> <Critical> <WebLogicServer> <BEA-000386> <Server subsy
    stem failed. Reason: weblogic.security.SecurityInitializationException: Authenti
    cation for user nicolas denied
    weblogic.security.SecurityInitializationException: Authentication for user nicol
    as denied
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.do
    BootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:966)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.in
    itialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:873)
    at weblogic.security.SecurityService.start(SecurityService.java:141)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    Truncated. see log file for complete stacktrace
    Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Auth
    entication Failed: User nicolas weblogic.security.providers.authentication.LDAPA
    tnDelegateException: [Security:090295]caught unexpected exception
    at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.log
    in(LDAPAtnLoginModuleImpl.java:251)
    at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(Log
    inModuleWrapper.java:110)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.bea.common.security.internal.service.LoginModuleWrapper.login(Log
    inModuleWrapper.java:106)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    Truncated. see log file for complete stacktrace
    >
    <7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
    hanged to FAILED>
    <7 dÚc. 2012 13 h 55 CET> <Error> <WebLogicServer> <BEA-000383> <A critical serv
    ice failed. The server will shut itself down>
    <7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
    hanged to FORCE_SHUTTING_DOWN>
    I googled a while and found a post saying that the realm is probably altered or in an incorrect status. I reset the the admin's credentials using weblogic.security.utils.AdminAccount but this disn't change anything. Of course, upon the managed server creation, I initialized the fierlds user and password in the server starting tab of the admin console.
    Many thanks for any help.
    Nicolas

    Hi,
    Have you configured LDAP Authenticator on the server?
    If yes, afther the change did you restart both the servers - admin and managed?

Maybe you are looking for

  • Text from another source?

    I want to create a flash website that has some text content (and other content also), so I want that the text would update based on a text file. I really don't know if it is possible, maybe there are other posibilities to make the text update from a

  • Do you recommend me "Learning Oracle 11g Training DVD - Tutorial Video"?

    Hi I found on Amazon "Learning Oracle 11g Training DVD - Tutorial Video by InfiniteSkills". Is it worth it? There are no Amazon reviews :-( Do you use other video training? What do you recommend me?

  • How to send sap generated invoice numbers using rffoedi1 program

    Hi all we are generating PEXR2002 IDocs using RFFOEDI1 program . The program is populating the invoice number field in IDoc with the value from reference number field in MIRO screen. Is there any way that we can populate the SAP generated invoice num

  • Weblogic 10.0 webservice java to wsdl

    can i use JAXB annotations in my web service for which im using weblogic 10.0 to deploy the service. Does weblogic 10.0 supports JAXB annotations..

  • PLz help xsl prob

    this problem has been annoying me for a while now. I cant see logically what im doing wrong.im trying to select all child nodes of a root node and print the current node <xsl:stylesheet xmlns:xsl = "http://www.w3.org/1999/XSL/Transform" version = "1.