OID user authentication

Hi,
I am new to OID. I want to Audit how many people are using OID to authentication.
I am using 10.1.0.4.2.
Thank You,

Hi,
Check the below reference doc
http://www.cs.bris.ac.uk/maintain/OracleDocs/network.816/a77230/strtsrvr.htm#1026046
Go through the secitons "Using Audit Log"
HTH
- Pavan Kumar N

Similar Messages

  • OID and Authenticated Users

    Is there a way to tell if a user has authenticated with OID? Example a shadow group of OID users that the person becomes a member of automatically when the user logs in and then looses membership when their session expires or they log out? I am running into cases where I want access to things granted based solely on authenticated or not but I have yet to find a way to do inside of BI Publisher's permissions structure other than the use of such a group. I noticed the AUTHENTICATED_USERS group but tests revealed that it is not working as required. Any sugestions?

    BIP authorization model is user -> roles -> folders -> reports. When integrated with LDAP-compliant directory (such as OID), a BIP role translates to a directory group and vice versa: http://download.oracle.com/docs/cd/E12844_01/doc/bip.1013/e12188/T421739T475591.htm
    The case of reports that need to be restricted to the specific user group implies that you create this particular group (say Sales) in the directory and BIP makes it a role. So now you've got role "Sales" in BIP, you assign folders A, B and C to that role and publish reports for Sales to those folders.
    The case of reports that need to be available to all authenticated users is a little harder. If you only need online reports (no Excel Analyzer or Online
    Analyzer), you may be in luck. BIP standalone gives all authenticated users a built-in role that allows them to view online reports (and do nothing else). BIP enterprise - not sure. A more 'portable' solution is to create a group Everyone in the directory and add users to it. This will get tedious for a lot of users but you can do it with a script. Perhaps there's a better solution - inquire in the BIP forum (BI Publisher

  • Problem configuring SOA suite to use OID for authentication

    We are in the process of rebuilding our environment to use the full SOA suite with our OID server for authentication (was previously just BPEL using AD directly), and have encountered several problems (below). We have rebuilt the OID server, and reinstalled the SOA suite into a clean ORACLE_HOME to no avail.
    We first rebuilt the OID server using the following steps (derived from Oracle® Internet Directory Administrator's Guide):
    1)     Create the Import and Export profiles for AD synchronization. We did this using the Directory Integration and Provisioning Server Administration tool under “Active Directory Configuration”
    2)     Modify the map file to specify the correct OU mappings between AD and OID.
    3)     Update the profile with the new map file using “dipassistant.bat mp”
    4)     Bootstrap the import profile using “dipassistant.bat bootstrap”
    5)     Start a new instance of the Integration server (odisrv) running on config set 1 (the config set containing the Active Directory import/export profiles) using “oidctl”
    6)     Set the Import profile to Enable. The OID server does not export changes to AD in our current configuration, so the Export profile is left on disable (and not bootstrapped)
    At this point it appears that the AD synchronizes correctly into our new OID server.
    Next we installed the SOA suite:
    1)     We ran “irca.bat” on our database server to create the ORABPEL, ORAESB, and ORAWSM schemas and associated integration repository structure.
    2)     After launching the SOA suite installer, we selected Advanced Install.
    3)     On the next screen, we selected J2EE Server, Web Server, and SOA Suite.
    4)     We then provided the credentials for our Oracle database, and the passwords for ORABPEL, ORAESB, and ORAWSM.
    5)     We configured our new AS instance as an administration instance, but did not opt to use from a separate HTTP server, and did not make this instance part of an OAS cluster topology.
    And finally, we configured our new SOA suite instance to use OID for authentication (using the instructions in Oracle® BPEL Process Manager Administrator's Guide section 2.1.3):
    1)     Used the configure_oid.bat command to seed OID with required users only.
    2)     Logged into the OracleAS Control Console
    3)     Chose the oc4j_soa instance, then Administration->Security->Identity Management
    4)     Configured the OID server using a non-ssl connection and the cn=orcladmin account.
    5)     When prompted, chose to reconfigure all applications in the oc4j_soa instance to OID, but not to use SSO for any of them.
    6)     Copied the contents of ORACLE_HOME\j2ee\home\config\jazn.xml to ORACLE_HOME\j2ee\oc4j_soa\config\jazn.xml
    7)     Restarted the application server.
    After this procedure, we encountered the following issues:
    1)     The BPEL console appears to authenticate users correctly out of OID, but no users have access to the default domain, including bpeladmin and oc4jadmin. All users receive a similar access denied message when attempting to log into the BPEL Admin Console.
    2)     We cannot upload a BPEL process to our new server via JDeveloper’s standard BPEL deployment mechanisms. The connection appears to be working properly and passes all tests, but on uploading a process we get a Java AccessDeniedException. ESB appears to be functioning properly, and accepts uploaded projects without issue.

    Bassman,
    We recently configured our SOA Suite to use OID and SSO. We had the same issues you are having, and we found the resolutions in a blog from Jaas Poot (http://blog.jpoot.com/category/oracle-appserver/oid-ldap/). For the BPEL domain access, this involved going to the data-sources.xml file and changing the database passwords from using ->pwForOrabpel for the orabpel schema and ->pwForOraesb for the oraesb schema to the real passwords; the blog explains more about this.
    The blog also covers the JDeveloper deployment issue, and another issue we encountered, where we couldn't access the BPEL Admin console. All of these were resolved following the steps in the blog.
    Hope this helps
    Candace

  • OC4J 10.0.3 Standalone LDAP / OID JAZN Authentication

    I have tried to setup OID based authentication on OC4J 10.0.3, but I can't get it working. Here is my log output:
    ==> log/oc4j.err.log <==
    04/10/27 16:21:28 java.lang.NoClassDefFoundError: oracle/ldap/util/Guid
    04/10/27 16:21:28 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getrealms(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealms(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.getUMType(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.getUM(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.<init>(Unknown Source)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.mkUserManager(XMLServerConfig.java:174)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.initUserManager(XMLServerConfig.java:328)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.initUserManagers(XMLServerConfig.java:235)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.postInit(XMLServerConfig.java:636)
    04/10/27 16:21:28 at com.evermind.server.deployment.EnterpriseArchive.postInit(EnterpriseArchive.java:1028)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
    04/10/27 16:21:28 at com.evermind.server.deployment.EnterpriseArchive.init(EnterpriseArchive.java:1685)
    04/10/27 16:21:28 at com.evermind.server.ServerComponent.init(ServerComponent.java:181)
    04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.parseApplicationConfig(XMLApplicationServerConfig.java:1701)
    04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.postInit(XMLApplicationServerConfig.java:269)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
    04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.init(XMLApplicationServerConfig.java:1995)
    04/10/27 16:21:28 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:70)
    04/10/27 16:21:28 at java.lang.Thread.run(Thread.java:534)
    04/10/27 16:21:28 oracle.security.jazn.JAZNException: The system is unable to retreive the specified realm(s).
    04/10/27 16:21:28 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getrealms(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealms(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.getUMType(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.getUM(Unknown Source)
    04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.<init>(Unknown Source)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.mkUserManager(XMLServerConfig.java:174)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.initUserManager(XMLServerConfig.java:328)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.initUserManagers(XMLServerConfig.java:235)
    04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.postInit(XMLServerConfig.java:636)
    04/10/27 16:21:28 at com.evermind.server.deployment.EnterpriseArchive.postInit(EnterpriseArchive.java:1028)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
    04/10/27 16:21:28 at com.evermind.server.deployment.EnterpriseArchive.init(EnterpriseArchive.java:1685)
    04/10/27 16:21:28 at com.evermind.server.ServerComponent.init(ServerComponent.java:181)
    04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.parseApplicationConfig(XMLApplicationServerConfig.java:1701)
    04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.postInit(XMLApplicationServerConfig.java:269)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
    04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.init(XMLApplicationServerConfig.java:1995)
    04/10/27 16:21:28 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:70)
    04/10/27 16:21:28 at java.lang.Thread.run(Thread.java:534)
    04/10/27 16:21:28 Caused by: java.lang.NoClassDefFoundError: oracle/ldap/util/Guid
    04/10/27 16:21:28 ... 21 more
    ==> log/stdout.log <==
    04/10/27 16:21:28 JAAS: Configuration properties={deployment.url=file:/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/application.xml, config=jazn.xml}
    04/10/27 16:21:28 JAAS: Configuration file=/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml
    04/10/27 16:21:28 JAAS: Configuration file=/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml
    04/10/27 16:21:28 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, ldap.password={903}R0zophVsScl77An7/urdwMvyvOnenvNI, provider.type=LDAP}
    04/10/27 16:21:28 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, deployment.url=file:/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml, ldap.password={903}R0zophVsScl77An7/urdwMvyvOnenvNI, provider.type=LDAP}
    04/10/27 16:21:28 JAAS: config=jazn.xml path=/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml
    04/10/27 16:21:28 JAAS: Verify file=config/jazn.xml
    04/10/27 16:21:28 JAAS: Configuration file=config/jazn.xml
    04/10/27 16:21:28 JAAS: Configuration file=config/jazn.xml
    04/10/27 16:21:28 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, ldap.password={903}R0zophVsScl77An7/urdwMvyvOnenvNI, provider.type=LDAP}
    04/10/27 16:21:28 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, deployment.url=file:/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml, ldap.password={903}R0zophVsScl77An7/urdwMvyvOnenvNI, provider.type=LDAP}
    04/10/27 16:21:29 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar.ear...
    ==> log/server.log <==
    04/10/27 16:21:29 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar.ear...
    ==> log/stdout.log <==
    done.
    04/10/27 16:21:30 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar/support.war...
    ==> log/server.log <==
    04/10/27 16:21:30 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar.ear... done.
    ==> log/stdout.log <==
    done.
    04/10/27 16:21:31 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar/intranet.war...
    ==> log/oc4j.err.log <==
    04/10/27 16:21:32 java.lang.NoClassDefFoundError: oracle/ldap/util/Guid
    04/10/27 16:21:32 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getrealms(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealms(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.getUMType(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.getUM(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.<init>(Unknown Source)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.mkUserManager(XMLServerConfig.java:174)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.initUserManager(XMLServerConfig.java:328)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.initUserManagers(XMLServerConfig.java:235)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.postInit(XMLServerConfig.java:636)
    04/10/27 16:21:32 at com.evermind.server.deployment.EnterpriseArchive.postInit(EnterpriseArchive.java:1028)
    04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:32 at com.evermind.server.ServerComponent.initDeployment(ServerComponent.java:271)
    04/10/27 16:21:32 at com.evermind.server.ServerComponent.initDeployment(ServerComponent.java:245)
    04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.parseApplicationConfig(XMLApplicationServerConfig.java:1702)
    04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.postInit(XMLApplicationServerConfig.java:330)
    04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
    04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.init(XMLApplicationServerConfig.java:1995)
    04/10/27 16:21:32 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:70)
    04/10/27 16:21:32 at java.lang.Thread.run(Thread.java:534)
    04/10/27 16:21:32 oracle.security.jazn.JAZNException: The system is unable to retreive the specified realm(s).
    04/10/27 16:21:32 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getrealms(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealms(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.getUMType(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.getUM(Unknown Source)
    04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.<init>(Unknown Source)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.mkUserManager(XMLServerConfig.java:174)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.initUserManager(XMLServerConfig.java:328)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.initUserManagers(XMLServerConfig.java:235)
    04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.postInit(XMLServerConfig.java:636)
    04/10/27 16:21:32 at com.evermind.server.deployment.EnterpriseArchive.postInit(EnterpriseArchive.java:1028)
    04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:32 at com.evermind.server.ServerComponent.initDeployment(ServerComponent.java:271)
    04/10/27 16:21:32 at com.evermind.server.ServerComponent.initDeployment(ServerComponent.java:245)
    04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.parseApplicationConfig(XMLApplicationServerConfig.java:1702)
    04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.postInit(XMLApplicationServerConfig.java:330)
    04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
    04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
    04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.init(XMLApplicationServerConfig.java:1995)
    04/10/27 16:21:32 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:70)
    04/10/27 16:21:32 at java.lang.Thread.run(Thread.java:534)
    04/10/27 16:21:32 Caused by: java.lang.NoClassDefFoundError: oracle/ldap/util/Guid
    04/10/27 16:21:32 ... 20 more
    ==> log/stdout.log <==
    done.
    04/10/27 16:21:32 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, ldap.password={903}RU5sQbqWgXGfQi1gYZq22OM/WsLmyAlF, realm.default=trans, provider.type=LDAP}
    04/10/27 16:21:32 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, deployment.url=file:/home/users/jamesw/oc4j_10.0.3/j2ee/home/application-deployments/pillar/, ldap.password={903}RU5sQbqWgXGfQi1gYZq22OM/WsLmyAlF, realm.default=trans, provider.type=LDAP}
    ==> log/server.log <==
    04/10/27 16:21:32 10.0.3.0.0 Started
    ==> log/oc4j.err.log <==
    04/10/27 16:21:42 java.lang.UnsupportedOperationException
    04/10/27 16:21:42 at oracle.security.jazn.oc4j.AbstractUser.getPassword(Unknown Source)
    04/10/27 16:21:42 at oracle.security.jazn.oc4j.FilterUser.getPassword(Unknown Source)
    04/10/27 16:21:42 at com.evermind.security.SecuritySensitive.lookup(SecuritySensitive.java:217)
    04/10/27 16:21:42 at com.evermind.security.SecuritySensitive.decode(SecuritySensitive.java:114)
    04/10/27 16:21:42 at com.evermind.security.SecuritySensitive.decode(SecuritySensitive.java:131)
    04/10/27 16:21:42 at com.evermind.server.DataSourceConfig.getPassword(DataSourceConfig.java:570)
    04/10/27 16:21:42 at com.evermind.server.Application.initDataSource(Application.java:2105)
    04/10/27 16:21:42 at com.evermind.server.Application.initDataSources(Application.java:2635)
    04/10/27 16:21:42 at com.evermind.server.Application.preInit(Application.java:638)
    04/10/27 16:21:42 at com.evermind.server.Application.preInit(Application.java:526)
    04/10/27 16:21:42 at com.evermind.server.Application.setConfig(Application.java:200)
    04/10/27 16:21:42 at com.evermind.server.Application.setConfig(Application.java:170)
    04/10/27 16:21:42 at com.evermind.server.ApplicationServer.initializeApplications(ApplicationServer.java:1708)
    04/10/27 16:21:42 at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:1412)
    04/10/27 16:21:42 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:93)
    04/10/27 16:21:42 at java.lang.Thread.run(Thread.java:534)
    Has anyone run into this before? Can anyone confirm that this actually works in 10.0.3? Thanks.
    -James

    I am now running into the exact same message.
    Has anybody actually got this working ?

  • WLS not able to login with OID user

    Hi
    I have installed WLS 10.3.3 and had configured a new security realm which had OID as the authenticator . Set the details for the provider (OID) and updated , restarted the server . It was working fine till yesterday and I verified this by logging in to the WLS console with the OID user .
    But now out of nowhere the login for OID users have started failing for the applications that are running on WLS . When tested the login for WLS console with the same OID user that is failing as well .
    Not sure what to trace and how to figure out what is happening . Have verified that OID is working fine and this was done by hooking up OID to a standalone application and logging in with the OID users to that app.
    Any help / pointers would be of great help .
    Thanks
    Srinath
    Edited by: Srinath Menon on Nov 24, 2010 9:31 AM

    Try enabling sap* user again and once its enabled, use the user to provide yourself the necessary access.
    For enabling sap* user, follow <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/3a/4a0640d7b28f5ce10000000a155106/frameset.htm">Enabling SAP* user</a>
    Pradeep

  • Row Level Security in OBIEE using OID as authentication Mechanism

    Hi OBIEE Gurus,
    I am trying to implement Row Level Security in OBIEE . Currently I have setup OBIEE to have OID do the user authentication.
    I want to implement RLS by doing the following :
    1. Have Security Groups defined in OID and assign users with group membership.
    2. Import these Security Groups into OBIEE metadata
    3. Apply filters to these Security Groups
    4. Run Answers requests to see if RLS works or not
    Please let me know if this approach works. If this is not the right way or most efficient way to do this, please let me know if there is any document I can follow to accomplish this.
    Appreciate your help.
    Edited by: drakesh on Sep 26, 2008 7:09 AM

    Follow the steps in the following link to set up OID and Row level security:
    http://www.rittmanmead.com/2007/05/21/using-initialization-blocks-with-ldap-and-database-queries-to-control-authentication-and-authorization/
    Instructions for the link above:
    1.In place of Edit Data Source as database you have to select LDAP,define the groups and default initializer as filter expression.
    2.A more simpler approach ,is to create the groups explicitely using the Security Manager in BI Administrator, add filters to those groups, and assign users to those groups.
    Otherwise follow Matt's view
    Thanks,
    Amrita

  • 802.1x machine vs user authentication

    In the process of depolying 802.1x on wired LAN. What is the difference between machine authentication and user authentication? Thanks in advance.

    OK, so assuming we're still talking the MSFT supplicant, you have some options:
    1) USe EAP-TLS and mark any certs deployed to your corporate-owned assets and non-exportable. This solves the issue by brute force. You don't exactly need machine-authentication to do this. You may need machine-auth for other reasons (as I believe we've discussed here).
    2) If PEAP is in use, use the machine-auth and the Machine-Access-Restriction feature in ACS. What this does is a coupling of the notions of machine-auth as a preceeding policy decision for user-auth. Example: It is technically possible that anyone with a valid NT account may be able to 802.1x-authenticate from "any" machine. But with the machine-access-restriction feature, they will only be able to do so if ACS has also authenticated a valid machine-auth session prior to the login attempt.
    3) Use a NAR in ACS. A NAR is a Network Access Restriction. If for example, you have a database of all the MAC Addresses you have (or an OID wildcard) you can configure further checking of a MAC address from an otherwise valid 802.1x authentication attempt. This effectively tells ACS to only allow authentication attempts from MAC Addresses it knows about.
    Hope this helps.

  • Looking for gentle intro to OID - user management.

    Hi guys, LDAP Newbie Alert!
    I've just finished deploying a big stack of Oracle kit including Oracle Internet Directory under WebLogic... it's all working fine, but now I want to start integrating a bunch of third party apps into my OID for authentication.
    I only have a single account in OID which I use for Admin purposes and I'd like to create another less privileged account which I can use for running queries from these 3rd party apps...
    I can create a new user account Ok, but when I try to bind using it I get an error... so I'm guessing that I need to set an ACL or something to give him 'search' rights to the directory, but have no idea where to start...
    Can anyone point me at a simple tutorial or primer to help get over this newbie hurdle?
    Many thanks... Jerry

    Martin,
    I would also suggest you post your need in other HR-related forums in SCN.  That way you'll reach the audience you're seeking directly.  While we do have many SAP customers / partners participating in UAC (we have more than 105,000 members across UAC), the greater SCN community has about 1.8 million members so posting in other forums also makes sense for something so business related. 
    Best Regards,
    Heather

  • Disable OID User account after 90 days of inactivity - OIM

    Hello there,
    I have a requirement where I have to disable a users account if he/she has not logged in since last 90 days into our environment(OID). The users are authenticated via OAM when they are logging in. Does anybody has any idea which attribute in which object class in OID needs to be checked for the last login attempt made by the user and what is the datatype of the same? Is it a date that I can compare after making a initial LDAP context to OID and pointing to each single user?
    Really need a solution for this. Please respond.
    Many Thanks,
    - oidm.

    Check the schema description at:
    http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b25348/schema.htm#CFHCGFCC
    You create a code that runs daily, check for the last login dates and, if is older than 90 days, you disable the OID user.

  • OID User not able to login to owc_discussion

    Hi,
    I have a webcenter content domain (11.1.1.6) with both WCC and owc_discussion up. I have configured a OID authenticator (SUFFICIENT) in my security realm as the first authenticator. I can create users/groups in OID and use them to login to UCM (/cs) or any deployed application. However, i cannot find my users in owc_discussion. Do we have to do the setup as mentioned in http://george.maggessy.com/2009/08/oracle-discussions-configuration.html or am i missing something here.
    My assumption was: any OID user will be let inside owc_discussion just as they log into /cs.
    Thanks
    Shidharth

    Hi,
    In your smoeac transaction you have to suscribe to the object :
    Authorization
    Authorization1
    Authorization 2
    User (USERNAME)
    If you've these it might be working,
    I had the same error message but it's not the id or the password like error message said it's just that customizing for authorization are not replicate as well
    Regards
    Edited by: Julien DESGEORGES on Jan 12, 2009 2:25 PM

  • Configuring OID 10g authenticator in Weblogic 10.3.5

    Hi,
    I have user1, user2..user1000 in OID 10g
    some of the user belong to 'OBIEE_users' group in OID for example user1,user2,user3,user4 belong to this group.
    I have configured OID as authentication provider in weblogic.
    can anyone please let me know what filter to use so that only users belonging to 'OBIEE_user' group (i.e. user1,user2,user3,user4) are visible in weblogic.

    Can anyone please help me with their thoughts on this

  • User Authentication for subfolder not working in Web Browser

    We are using Oracle Application Server 10.1.2.3 and Database Server 10.2.0.5 for our application.
    One of the functionalities of the Application is to send emails with attachments.
    The logic is that the Application would generate the attachment file on the Application Server.
    Then a database package uses Oracle's utl_http package/procedures(more specifically utl_http.request_pieces where the single argument is a URL) to pick up the file from the Application Server via URL, attach the file and send the email.
    Exchange and Relay Server is also set in the Application.
    The problem is that the folder containing the folder which stores the attachments is having user authentication set.
    Example : The main folder is /apps/interface, this folder requires a valid user when it is accessed via URL on a web browser.
    Alias created in httpd.conf
    Alias /int-dir/ "/apps/interface/"
    The folder /apps/interface/email/ is the folder where the attachment files are generated and stored.
    Application Server : 10.12.213.21
    Database Server : 10.12.213.22
    Email Server : 10.12.213.44
    Configuration as per httpd.conf
    Alias /int-dir/ "/apps/interface/"
    <Location /int-dir/>
    AuthName "Interface folder"
    AuthType Basic
    AuthUserFile "/u01/app/oracle/as10g/oasmid/Apache/Apache/conf/.htpasswd"
    require user scott
    </Location>
    <Location /int-dir/email>
    Options Indexes Multiviews IncludesNoExec
         Order deny,allow
         Deny from all
         Allow from 10.12.213.21
         Allow from 10.12.213.22
         Allow from 10.12.213.44
    </Location>
    Using the above configuration the Application is able to attach the files and send the email, however, when we access the following URL :
    http://10.12.213.21:7778/int-dir/ - it prompts for user authentication
    However if we use the following URL :
    http://10.12.213.21:7778/int-dir/email/ - it does not prompt for user authentication, and all the files in the folder are displayed in the browser.
    I have tried so many things including AllowOverride, .htaccess, but i am not able to get user authentication for the email folder.
    Please help me if you can.
    Thanking you in advance,
    GLad to give any more information that i can.
    dxbrocky

    Thanks for your response.  I fixed the problem by selecting "full site" or "full website" at bottom of the web page.  After making this selection the zoom function returned.  Thanks again for your interest.

  • User Authentication failed

    Hi all,
    I like to share one of my peculiar issue with you and like to get a solution as well.
    I am trying to install a portal server with r3load based method. I did a java export of mssql Portal server and suceefully imported in the newly installed server.The server is up and running.I also completed the post installation activites like SLD ,SSO and Jco creation. I am not able to log in to the java page using administrator user and also other users..It keep on saying that user authentication is failed.
    But the beauty is that using the same adminsitrator user i am logging in the visaul administrator .
    I dont know where the problem and also i verified the log files under cluset/server nodes. There i found the log as  follows  --- > Connection is already closed and no longer associated with a managed connection,,
    I dont know where i am missing. Due to this I reinstalled the server and imported again..But the same problem is existing to me. Anyone have suggestion on this please do reply.
    Thanks and Regards
    Vijay

    Hi,
    Thnaks for reply. Its only a java system ,, So no activity needs to be done in SU01. I checked the table in database..the users are exisitng as well in the table.
    FYI: I am able to log in visaul admin but not in the java pages like
    http://<hostname>:port/
    http://<hostname>:port/irj
    Hope i explained  my problem it in right way
    Regards
    Vijay

  • Email Receiver Dynamic User Authentication, is it possible?

    Hello Experts,
    I have a scenario SAP ECC->SAP PI->Gmail Mail Server, now the interface is working fine, the thing is that I want to configure the user Authentication in a dynamic way, I tried to doit in a UDF in the Message Mapping, using the dynamic values for:
    TServerLocation
    TAuthKey
    fields, but is not working, am I using the correct header fields?, or is there another way to change this parameters?, thanks in advance for your answers.
    Regards,
    Julio Cesar

    Hello Gopal,
    Im using Plain, it works fine if I fill up the fields for User and Password in the comm channel, but if I try using the fields in a Dynamic way is not working, thanks for your answer.
    Regards,
    Julio

  • Use Microsoft Online Directory Services as a user authentication provider for our own SharePoint farm?

    Hi,
    I've managed to configure my farm so that  Microsoft Online Directory Services (Office 365 etc.) can be used for STS authentication, but what I'm actually trying to do is allow user authentication - that is, I'm hoping to be able to use the user's
    O365 credentials to authenticate them in my own farm so they can view certain parts of it. If I need to write my own login form or authentication provider or whatever that's fine, as long as the user doesn't need to enter anything when they access my farm
    (provided they already have cached O365 credentials in their browser session).
    FWIW I actually need to be able to support the possibility that users are coming from multiple O365 tenancies, whereby each site collection will be configured to allow users from a different O365 tenancy (more or less).
    If it's not possible to do with my own development farm on a PC, it is possible if the farm is hosted in Azure?
    Thanks
    Dylan

    Hi  Dylan,
    According to your description, my understanding is that you want to use Microsoft Online Directory Services as a user authentication provider for your SharePoint farm.
    For your demand, you can configure a hybrid topology for your SharePoint farm:
    http://technet.microsoft.com/en-us/library/jj838715(v=office.15).aspx
    http://technet.microsoft.com/en-us/library/dn197168(v=office.15).aspx
    Thanks,
    Eric
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
    contact [email protected]
    Eric Tao
    TechNet Community Support

Maybe you are looking for

  • Sound blaster card not found when installing softw

    Hi guys if any one can help me much appreciated. I have read alot of the forums and have tried creatives advice. I installed the drivers for my audogy 2 zs soundcard fine. It sees it in device manager as creative audigy audio processor wdm and i can

  • Versioing: CVS Status not displaying new repository files

    I did some quick searches and did not find this in the forum. Hopefully it is not a duplicate. If so, please point me to the original thread. We have a multi-developer project underway with Creator. We are using CVS for the shared source repository.

  • After updating to iOS 6, my camera is gone from my 3G?

    Any idea how to get it back? The app icon is gone and when downloading other photo applications, (like instagram), the camera feature is just not there. I have already reset the phone with no change. Photos are still accessible.

  • Mysteries behind Zen Micro on 2.20

    2.20.05 worked fine for a week, then the super drainage came back!!! I re-flashed it to 2.20.05 everytime I experienced this drain (at least 0 times now). Here's what i have discovered last night. Sleep Timer (off as usual) Idel shutdown (off for thi

  • How to Substring from the last 3rd underscore?

    Hi Friends, I have so many strings like as given below. PRINT_IB_0_10009473330100_I000001_FILE001_1.txt I have to substring the value starting from last 3rd underscore to extension dot. e.g. I need a output like I000001_FILE001_1 from the above given