OIF 11g Sample Authentication Engine for Trusted HTTP Header
We are trying to achieve OIF authetication based on headers set by windows native authentication. As per our research we have come across this example located at URL: http://www.oracle.com/technology/sample_code/products/id_mgmt/index.html (OIF 11g Sample Authentication Engine for Trusted HTTP Header).
At this point we are trying to see the deployment architecture and configuration required to achieve the functionality described in the example.
Can someone please elaborate more on the set up and configuration required for the example to work ?
Appreciate your feedback.
Realized the hyperlink missing for oracle example..
Here it is: http://www.oracle.com/technology/sample_code/products/id_mgmt/oif/customauthn.jsp.SAMPLE
Similar Messages
-
How can i launch firefox AND adds-on (web of trust, http header with options for exemple) in commande line, on windows ?
firefoxe... -option? <addon name>?....?Does opening this page help: <b>about:addons</b>
*https://developer.mozilla.org/en/Command_Line_Options -
How to unconfigure a Custom Authentication Module for Convergence
After flailing with the incomplete instructions for [Writing a Custom Authentication Module for Convergence|http://wikis.sun.com/display/CommSuite/Writing+a+Custom+Authentication+Module+for+Convergence]
, I decided to try to revert back to the default.
How do you remove the module and go back to the default? I tried to unset the options, but they did not seem to take effect.
sudo /opt/sun/comms/iwc/sbin/iwcadmin -w xxxxx -o auth.custom.servicename -v ""
sudo /opt/sun/comms/iwc/sbin/iwcadmin -w xxxxx -o auth.custom.callbackhandler -v ""
sudo /opt/sun/comms/iwc/sbin/iwcadmin -w xxxxx -o auth.custom.loginimpl -v ""
sudo /opt/SUNWappserver/bin/asadmin stop-appserv
sudo /opt/SUNWappserver/bin/asadmin start-appserv
AUTH: DEBUG from com.sun.comms.client.web.sso.SSOFilter Thread httpSSLWorkerThread-80-1 at 14:45:25,951 - SSO is disabled
AUTH: WARN from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-80-1 at 14:45:25,953 - Subject not found in session, creating one
AUTH: ERROR from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-80-1 at 14:45:25,954 - Unabled to load the class due to
AUTH: ERROR from com.sun.comms.client.protocol.delegate.agent.LoginContextAgent Thread httpSSLWorkerThread-80-1 at 14:45:25,956 - Unable to instantiate callback handler
AUTH: ERROR from com.sun.comms.client.protocol.delegate.LoginCommandDelegate Thread httpSSLWorkerThread-80-1 at 14:45:25,957 - Failed to Login the user: Unable to instantiate callback handler
PROTOCOL: ERROR from com.sun.comms.client.protocol.delegate.LoginCommandDelegate Thread httpSSLWorkerThread-80-1 at 14:45:25,960 - Protocol Error while login : Unknown Reasonjessethompson wrote:
After flailing with the incomplete instructions for [Writing a Custom Authentication Module for Convergence|http://wikis.sun.com/display/CommSuite/Writing+a+Custom+Authentication+Module+for+Convergence]
, I decided to try to revert back to the default.
How do you remove the module and go back to the default? I tried to unset the options, but they did not seem to take effect.After enabling the custom login module using the steps in the earlier thread (http://forums.sun.com/thread.jspa?threadID=5318615), I performed the following steps to disable the custom module and re-enable the ldap auth module:
# Disable custom auth-module
cd /opt/sun/comms/iwc/sbin
./iwcadmin -w <admin password> -o auth.custom.servicename -v ""
./iwcadmin -w <admin password> -o auth.custom.loginimpl -v ""
./iwcadmin -w <admin password> -o auth.custom.callbackhandler -v ""
./iwcadmin -w <admin password> -o auth.misc.CredentialFile -v ""# Re-enable the LDAP auth-module
cd /opt/sun/comms/iwc/sbin
./iwcadmin -w <admin password> -o auth.ldap.callbackhandler -v com.sun.comms.client.security.auth.AppCallbackHandler
./iwcadmin -w <admin password> -o auth.ldap.loginimpl -v com.sun.comms.client.security.auth.modules.impl.SunLDAPLoginModule# Restarte App Server
cd /opt/SUNWappserver/bin/
./asadmin stop-domain; ./asadmin start-domain# Login to iwc interface as user shjorth with password oldpwd
# Login successful with oldpwd -- custom auth module successfully disabled, LDAP re-enabled
Regards,
Shane. -
Single-Sign-On (SSO) configuration on JAVA Stack through HTTP Header method
Hello SDN community,
in the context of a Proof of Concept, we are testing the integration of Microsoft Sharepoint Portal with SAP Backend (addin) systems.
As the architecture impose use an external scenario (access from the internet), we couldn't use the Kerberos (SPNego) solution and thus we chosed the http header solution which in short uses an intermediary web server (in this case the IIS of the MOSS solution) which will act as authority.
I miss information on how the workflow works for this http header authentication method. Through the visual administrator of the addin JAVA stack, it is possible to configure each application with a customized authentication (a choice of security modules). But this all that I know.
My task is to configure SSO. From a sharepoint portal, the user should be able to access Web Dynpros and BSPs. I imagine that the very first call to a webdynpro or bsp (or maybe when we log on the sharepoint portal), the request to the WDP or BSP will first be forwareded by the intermediary server to the JAVA stack (or is it the SAP dispatcher that has to be configured).
Is there an application to be built on the java stack to deal with the authentication, modify http header?
What will the Java stack return? a sap long ticket? a token?
How will the redirect work (to by example a BSP which is in the ABAP stack)?
SAP preconise to secure with SSL the link between the intermediary web server and the JAVA stack, is IP restriction also a solution?
A lot of questions about how this SSO http header should work,
I would be very greatful for any help, or info,
Kind regards,
Tanguy MezzanoHi Tanguy,
to tell you the truth I'm really unsure about what you are trying to achieve. When I started posting to your thread I thought all you wanted was trying to access your J2EE engine via Browser and authenticate against the engine using HTTP Header Variables. Nevermind:
Here are some answers to your question:
in fact I did succeed, the problem was that even after domain-relaxation done by the J2EE, I had to change the domain of th SAP cookie to the bbbb.domain.com to be understood (I would have thought that all hosts in/under domain .domain would have accepted such a cookie but it seems that no...).
The server does not care about the domain because Cookies in an HTTP Request do not contain any domain information. The domain is just important when the Cookie is set by the server so your Client (Browser) will know in which cases the Cookie may be sent or not. So if your domain is xxx.yyy.domain.com and your cookie is issued to .domain.com then your Browser will definitely sent it to all hosts under .domain.com (This includes xxx.yyy.domain.com etc.)
My current scenario is: in a first request get a SAP Logon Ticket from the Java Stack, then change its domain and then directly call the backend with it.
You can do that but there is no Client involved in this scenario. So this is useful if you just want to test the functionality (e.g. authentication to J2EE using Header Variables (This works finally!!!) and then use the fetched Logon Ticket to test SSO against any trusted Backend!!)
So everything's is in a Java Client application without using any redirection.
If I understand you, you're solution is from the Browser call a servlet (which is deployed on the Java Stack and has no authentication schema) by passing to it our http header.
No, you should initially authenticate somewhere! I thought that maybe you had some resource you access before accessing the Java Stack. This could be any application (e.g. deployed on a Tomcat or JBOSS or other server or if you like even SAP J2EE). After authenticating there you are aware of the username and could use it to procceed (e.g. Authenticate against the J2EE using the same user and HTTP Header authentication for that particular user!)
That servlet will transfer the http header (with the HttpClient app) in order to get from the Java Stack a SAP Logon ticket, and then to redirect to the resource and by sending back the cookie in client browser. Am I correct?
This was just a suggestion because I realized that there was no Client ever involved in any of your testing (looked strange to me!). I was just thinking that it would be easier for you to just get the Cookie into your Browser so your Browser would do the rest for you (in your case finally send the Logon Ticket Cookie to your Backend to test SSO using Logon Tickets!).
The AuthenticatorServlet somehow serves as a Proxy to your client because your client is not able to set the Header Variable. That's why I initially suggested to use a Proxy (e.g. Apache) for that purpose. The problem is just that if you use a Proxy you will have to tell it somehow which username it should set in the Header Variable (e.g. using a URL Parameter or using a personalized client certificate and fetch the username (e.g. cn=<username> from the certificate!)
This way of doing would simplify the calls for sso for each new application needing authentication, instead of having all code each time in it...
I'm stuck again! Do you want to authenticate an End User or do you want to authenticate an application that needs to call any resources in your Backend that requires authentication?
So my problem now, is how to call the servlet from the client browser:
I'm trying to call my servlet from the browser but I don't succeed. I am able to understand how to reach a jsp from the Java Stack, but not to reach a servlet. I don't find the path to my servlet:
<FORM method="POST" action="SSORedirect2" >
A JSP is a servlet too. There is just no JAVA Class involved!
You do not need any POST Request to invoke a Servlet.
I see that my servlet is deployed, but I don't how what path to give to my form to invoke the servlet, here follows my web.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE web-app (View Source for full doctype...)>
- <web-app>
<display-name>WEB APP</display-name>
<description>WEB APP description</description>
- <servlet>
<servlet-name>SSOredirect2</servlet-name>
<servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
</servlet>
- <servlet>
<servlet-name>SSORedirect2.jsp</servlet-name>
<jsp-file>/SSORedirect2.jsp</jsp-file>
</servlet>
- <security-constraint>
<display-name>SecurityConstraint</display-name>
- <web-resource-collection>
<web-resource-name>WebResource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
- <auth-constraint>
<role-name>DefaultSecurityRole</role-name>
</auth-constraint>
</security-constraint>
- <security-role>
<role-name>DefaultSecurityRole</role-name>
</security-role>
</web-app>
If you have an AuthenticatorServlet Class all you need is to add the Servlet Mapping in your web.xml file
e.g.
<servlet>
<description>
</description>
<display-name>AuthenticatorServlet</display-name>
<servlet-name>AuthenticatorServlet</servlet-name>
<servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthenticatorServlet</servlet-name>
<url-pattern>/AuthenticatorServlet</url-pattern>
</servlet-mapping>
You can directly call the Servlet in your Browser by calling the URL provided in the url-pattern of your Servlet mapping ( in this case /AuthenticatorServlet). The engine will invoke the Class "com.atosorigin.examples.AuthenticatorServlet" in the background and do whatever you defined there!
I have also to pass my http header and the redirectUrl in the GET request.
If you like! I just suggested this for testing purposes. As I stated before you need a way to tell your proxy (or in your case AuthenticatorServlet) which user should be set when calling the Engine in order to authenticate using HTTP Header. You could use the URL Paramater to define the user you actually want to use when you set the Header Variable.
I just introduced the redirectURL because you were talking about redirects all the time. So if you finally want to call the Backend you could define the Backend URL in the redirectURL Parameter and the Servlet will make sure that you are redirected to this location after the whole process!
Thx for your input very helpful,
But again 0 points
Cheers -
Hello @all
I�m new to Open ESB and NetBeans.
Does anybody has an idea how to put HTTP-Header to the BPEL-Process?
I have to call a WebService (from BPEL) which expects user authentication (sessionId) in the HTTP-Header . How do I do that? Do I have to modify my WSDL-File?
Thanks for your posts in advanceYou would have already defined your WSDL accommodating this requirement. If not, then yes, you might have to change your wsdl.
Assuming you are sending the user info all the way from the BPEL process and assuming soap-http protocol. Typically the way i see this done is, you define a wsdl message with the parts that correspond to your business logic and parts that you would use in the "soap headers". In the BPEL it is always "business as usual" you deal with the abstract wsdl message. It would be developers responsibility to fill the wsdl message parts correctly. Once this message goes through the soap-http BC, it would be the BC's job to then put things as required by the HTTP protocol.
hope that helps,
Kiran B. -
HTTP Authentication Digest for SIP messages in a trunk SIP CUCME
Hello,
we would like to implement HTTP Authentication Digest for SIP messages in a trunk SIP between a Cisco 2851 and an Asterisk server.
We are using CUCM Express with 15.1(4)M (CME 8.6) as voice gateway to connect to PSTN.
According to Cisco documentation:
"To configure a gateway to use HTTP Authentication Digest, give the following command in each dial peer or SIP-UA configuration mode:
authentication username username password password [realm realm]."
The problem is that when call is from CISCO to ASTERISK, Asterisk sends a challenge to Cisco to do Authentication:
INVITE sip:[email protected]:5060 SIP/2.0
Via: SIP/2.0/UDP 10.0.70.11:5060;branch=z9hG4bK3E205D
Remote-Party-ID: "DN1001" <sip:[email protected]>;party=calling;screen=no;privacy=off
From: "DN1001" <sip:[email protected]>;tag=5317D4-2271
To: <sip:[email protected]>
Date: Thu, 20 Feb 2014 10:55:56 GMT
Call-ID: [email protected]
Supported: 100rel,timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 1679566433-2572423651-2156454406-1292596908
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
CSeq: 101 INVITE
Max-Forwards: 70
Timestamp: 1392893756
Contact: <sip:[email protected]:5060>
Expires: 180
Allow-Events: telephone-event
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 208
<--- Reliably Transmitting (no NAT) to 10.0.70.11:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.0.70.11:5060;branch=z9hG4bK3E205D;received=10.0.70.11
From: "DN1001" <sip:[email protected]>;tag=5317D4-2271
To: <sip:[email protected]>;tag=as665c9410
Call-ID: [email protected]
CSeq: 101 INVITE
Server: Asterisk PBX 11.7.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="559bd1d2"
Content-Length: 0
However, when call is for ASTERISK to Cisco, there is no challenge sent.
INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 10.1.32.70:5060;branch=z9hG4bK0c57d67c
Max-Forwards: 70
From: "JOSE MANUEL" <sip:[email protected]>;tag=as2f789a9f
To: <sip:[email protected]>
Contact: <sip:[email protected]:5060>
Call-ID: [email protected]:5060
CSeq: 102 INVITE
User-Agent: Asterisk PBX 11.7.0
Date: Thu, 20 Feb 2014 09:58:27 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 282
<--- SIP read from UDP:10.0.70.11:60829 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.1.32.70:5060;branch=z9hG4bK0c57d67c
From: "JOSE MANUEL" <sip:[email protected]>;tag=as2f789a9f
To: <sip:[email protected]>
Date: Thu, 20 Feb 2014 10:58:27 GMT
Call-ID: [email protected]:5060
CSeq: 102 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-12.x
Content-Length: 0
SIP/2.0 180 Ringing
Via: SIP/2.0/UDP 10.1.32.70:5060;branch=z9hG4bK0c57d67c
From: "JOSE MANUEL" <sip:[email protected]>;tag=as2f789a9f
To: <sip:[email protected]>;tag=556830-757
Date: Thu, 20 Feb 2014 10:58:27 GMT
Call-ID: [email protected]:5060
CSeq: 102 INVITE
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
Allow-Events: telephone-event
Remote-Party-ID: "DN1001" <sip:[email protected]>;party=called;screen=no;privacy=off
Contact: <sip:[email protected]:5060>
Server: Cisco-SIPGateway/IOS-12.x
Content-Length: 0
My configuration in Cisco device is:
dial-peer voice 1 voip
description **Calls to ASTERISK **
destination-pattern 9T
session protocol sipv2
session target sip-server
codec g711ulaw
sip-ua
keepalive target ipv4:10.1.32.70
authentication username CCME password 7 070E234F4A realm asterisk
sip-server ipv4:10.1.32.70:5060
To avoid that the ASTERISK is blocked by Cisco TOLLFRAUD_APP I have added:
voice service voip
ip address trusted list
ipv4 10.1.32.70 255.255.255.255
allow-connections sip to sip
sip
registrar server
The issue is that I would like that Cisco also send a challenge to asterisk server to authenticate SIP messages.
Any ideas?.
Regards.Hello,
yes, but credentials command configure credentials that are used when Cisco UA must register in a server.
I do not need register Cisco into Asterisk server. What I want is that Cisco authenticate SIP messages that receive. I know
that can be enough with TOLLFRAUD_AP where remote IP is checked, but I want to do something like others routing
protocols (as OSPF, BGP) where every message must be authenticated.
Thanks.
Regards. -
Authentication Scheme for sample application in Oracle Express
All, I recently installed Oracle Express on linux and I was browsing the sample application and when I look up the Authentication Scheme for this app I get the message
No authentication schemes have been defined. You can create a new authentication scheme starting with the Create Scheme button above
Now when I click "Authentication Status " I see
Application: 100
Method: Authentication Scheme
Details: Uses authentication schemes to control user authentication and all other aspects of session management for your application.
Logout URL: wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_se
ss=&APP_ID.:1
Public Pages: (none)
Action: Manage authentication schemes using the report above.
Yet when I run the app I know it is looking up the data in the demo_users table. What I don't see is where the function custom_auth is defined for this app as the function to call for authenticating users. Can someone point me in the right direction.
Also has anyone upgraded apex in express to 2.2. Any issues?
thanks
Scott.I think i found it when you are in list view no schemes appear. However, when you switch to detail view then I can see the custom scheme.
scott -
JAAS NTLoginModule for basic http authentication
Hi all,
Can someone point me to the right direction on this subject? I'd like to use JAAS' NTLoginModule to get a user's credentials, then use those credentials to authenticate the user into something that requires a basic http authentication... specifically, a domino web service. (I don't want the user to have to type in his/her password).
First, is this even doable? and Second, what would I need to do to get this working?
Thanks in advance.I am using IIS 6 with Windows Integrated Authentication which passes all HTTP requests to Tomcat 5.5 for processing via the ISAPI plug-in jk1.2 It does nothing else. Don't ask the obvious, I can't tell you. It just is.
I have a new requirement for a new web application on our intranet. I would like to be able to identify my users without them typing anything in. How can I capture any part of the Window's user credential's from within my Java web application on Tomcat?
I'm looking at HttpServletRequest.getRemoteUser() and HttpServletRequest.getUserPrincipals() and I'm thinking I can (minus establishing my own Tomcat realms, etc...).
Any thoughts? Even if you don't know how, just tell me if you know this can be/is being done somewhere. -
Configure Apps domain for Trusted Identity Provider Authentication
Hi
I have a web application which is using siteminder as authentication provider for SharePoint 2013 enviornment.
Can we configure Apps domain on the environment?
If yes, can you provide a link or steps to follow. Our website is using SSL certificate and is public facing site.Hi
I am receiving 401 unauthorized error when trying to access the app from the SharePoint site.
Any help is appreciated
Regards,
Amol -
OIF 11g as IDP supporting multiple SPs
Hello,
I have OIF 11g setup as an IDP using OAM/OID as the authentication engine. I have configured it following the steps provided in section 3.2.3.2 of the doc here: http://docs.oracle.com/cd/E23943_01/oim.1111/e13400/deployment.htm#BABCAABE. There is an OAM policy protecting fed/user/authnoam.
I currently have 2 SPs: sp1 and sp2. Can I have different OAM policies for each SP? For example, I want to allow only users in the ldap group sp1_group access to sp1 and users in ldap group sp2_group access to sp2. The issue is that when an authentication request is sent from any SP, it gets sent to fed/user/authnoam, which is protected by one OAM policy.I had this requirement too in my previous project where for one SP, we want to authenticate aganist consumer data store and another SP, aganist customer. If i remember correctly, the product doesn't support that. Not sure about 11g R2 though.
-
Steps to configure IDP on OIF 11g?
Has anyone used OIF 11g as IDP using SAML 2.0? What are the steps (speacially related to certificate creation and update)? I went through the oracle documents but unable to figure out the correct steps to update the signing/encryption certificate. Should I be using keystore or Oracle Wallet?
Thanks.
VSHello,
Thank you for your reply and for the link to the documentation. I feel confused about with SSO method to use.
Here is the case:
1. Users have enterprise login/password credentials
2. Once logged in their computer they would like to access EPM products which are installed on a remote server without entering their credentials again. They would enter the Url on the IE browser.
3. We are using EPM 11.1.2 with weblogic
If you had to implement SSO in this situation what steps would you follow?
I've tried to create a custom authentication module, but don't know how to use it.
I also read about Http request but don't know when I should use it.
Any ideas for me? -
URGENT help required : Custom Authentication Plugin for validation of users
Hi Experts.
I'm a newbie and am stuck in middle of nowhere.
I have been asked to develop a custom authentication plug-in which would validate a user using the attributes such as a userid and a shared-userid.
shared-userid is just a custom id that would be generated on the basis of some logic.
Currently I'm using OAM 10.1.4.3.0 on WINDOWS server and as everybody, I'm also not able to find any sample files or sample folder structure.
As per one of the other threads https://forums.oracle.com/forums/thread.jspa?messageID=3838474, sample code and sample folders are removed from this particular version and were present in some previous version.
So, can anyone please help me out with the following:
1. How can I proceed to accomplish this task, i.e. to check whether a user-id and a shared-userid both are validated and a user is granted access.
2. Are all of these files required to create a custom authentication plug-in or can we proceed only with the ".c" file (i.e. make file, authn.c, and a dll file made using the make file and .c file)
3. Can anybody provide me with a sample file or a sample code written in "C" wherein the plug-in connects to the LDAP and searches for a particular dn for comparison or something. Also a sample make file for windows to convert the .c file to .dll.
PLEASEEEE help me ASAP.
Regards
Edited by: 805912 on Nov 15, 2011 7:18 PMHi,
Regarding question 2, you also need the header file is supplied in the Access Server installation directory, under ...access\oblix\sdk\authn_api and is called authn_api.h. you need this to build the dll which must then be placed in the Access Server's ...\access\oblix\lib directory.
Regarding question 3, if you install an earlier version of the Access Server, ie 10.1.4.2 or less, then you will get a \access\oblix\sdk\authentication\samples\authn_api directory that contains a basic sample authentication plugin. However, there is still documented in the 10.1.4.3 Developer Guide another sample plugin, simplapi.c, in the 10.1.4.3 Developer Guide with instructions on how to use it. It does work, but unfortunately requires a couple of edits to get it working after copy&pasting it (no code changes, just fairly obvious case changes eg changing ObanPlugin* to ObAnPlugin*). I used the following commands to get it to compile into a .so file on unix:
g++44 -c -fPIC -Wno-deprecated -m32 simpleapi.c
g++44 -shared -nostdlib -lc -m32 simpleapi.o -o simpleapi.so
but I really would not know if or how these translate into a Windows environment.
Regards,
Colin
Edited by: ColinPurdon on Nov 15, 2011 2:50 PM -
Error while creating GTC for trusted source reconciliation in OIM11g
Hi,
I got an exception while trying to create GTC for Trusted source Reconciliation in OIM11g
Class/Method: CreateGenConnectorAction/imageScreen encounter some problems: Provider Exception[[
java.lang.Exception: Provider Exception
at com.thortech.xl.webclient.actions.CreateConnectorAction.getGenericAdapter(CreateConnectorAction.java:2265)
at com.thortech.xl.webclient.actions.CreateConnectorAction.imageScreen(CreateConnectorAction.java:1196)
at com.thortech.xl.webclient.actions.CreateConnectorAction.goNext(CreateConnectorAction.java:521)
at sun.reflect.GeneratedMethodAccessor4673.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
at com.thortech.xl.webclient.actions.CreateConnectorAction.execute(CreateConnectorAction.java:135)
at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.XSSFilter.doFilter(XSSFilter.java:103)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:61)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:115)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:100)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:330)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at com.thortech.xl.gc.util.ProviderFacade.getProvider(ProviderFacade.java:344)
at com.thortech.xl.webclient.actions.CreateConnectorAction.getGenericAdapter(CreateConnectorAction.java:2201)
... 47 more
Caused by: java.lang.NullPointerException
at com.thortech.util.logging.Logger.isDebugEnabled(Logger.java:599)
at com.thortech.xl.gc.impl.recon.SharedDriveReconTransportProvider.initialize(SharedDriveReconTransportProvider.java:106)
... 53 more
Thanks & Regards,
PrasadMost likely you are hitting below bug
Bug 14271576 - OIM BETA : CONNECTOR LOGS ARE NOT GETTING UPDATED IN 11G R2 [preferrred fix ...]
or
Bug 13605443 - NULL POINTER EXCEPTIONS IN OIM SERVER DURING RECONCILIATION USING GTC CONNECTOR
Thanks Deepak -
Error in setting up HTTP Header Variable Authentication
Hi,
I am trying to set-up SSO for SAP Biller Direct aplication (deployed on SAP J2EE 7.0) using HTTP Header variable authentication.
As per SAP documentation I have created a new login module "HeaderVariableLoginModule" pointing to class "com.sap.security.core.server.jaas.HeaderVariableLoginModule".
Then I have added this new login module to Statck "Ticket" and the new config looks as below. HTTP header when UID is passed is USI_LOP.
Name Flag Options
com.sap.security.core.server.jaas.HeaderVariableLoginModule Sufficient ume.configuration.active= tue,
Header=USI_LOP
BasicPasswordLoginModule Optional
CreateTicketLoginModule Optional ume.configuration.active= tue
EvaluateTicketLoginModule Sufficient ume.configuration.active= tue
The problem I am now having is that the authentication through HTTP_HEADEr does not work. Even though I ahve increased the trace level for JAAS module to debug, there is not any type of information generated in the log.
Each time I call the Biller Direct URL from the extrenal web server which also passes the HEADER variable for Authntication, the authrisation just fails and I am being shown a Logon Screen to pust UID/PASSWORD.
Can someone please guide me, how I can debug this? There is very no information whether anyone tried to login with HEADER varibale and that has failed...
Also, I am not pretty sure whether I am using the right Authentication Stack, which is is Ticket in my case..
But when I enter the application without any URL redirects and enter UID and password directly for Biller Direct, I get the following in log file, which makes me believe that I am using the right stack.
LOGIN.OK
User: CONDLG
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.HeaderVariableLoginModule SUFFICIENT ok false false
2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule OPTIONAL ok true true
3. com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok true true
4. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false false
Central Checks true
Any help will be very much apprecated..
Thanks,
Vikrant SudVikrant,
The reason why it is not working is because your login modules in ticket stack are in wrong order and with wrong flags. The first one should be EvaluateTicketLoginModule with flag=SUFFICIENT, then the Header Variable login module, with flag=OPTIONAL, then CreateTicketLoginModule with flag=SUFFICIENT, then BasicPasswordLoginModule with flag=REQUISITE, and lastly CreateTicektLoginModule with flag=OPTIONAL
Thanks,
Tim -
JDeveloper 11g Sample Schema FOD installation failure
Do not have any previous experience about JDeveloper. Downloaded 11g version. Try to follow this link:http://www.oracle.com/technology/obe/obe11jdev/11/common/connection11g.htm to install a sample schema FOD for a tutorial. However at the following step:
5. In the Application Navigator, right-click the build.xml file and choose Run Ant Target-->buildAll.
I got:
BUILD FAILED
C:\FOD\Infrastructure\Ant\build.xml:52: The following error occurred while executing this line:
C:\FOD\Infrastructure\DBSchema\build.xml:91: The following error occurred while executing this line:
C:\FOD\Infrastructure\DBSchema\build.xml:56: The following error occurred while executing this line:
C:\FOD\Infrastructure\DBSchema\build.xml:28: C:\FOD\Infrastructure\Ant\wlserver_10.3\server\lib not found.
Appreciate someone can help me out.
- DenisHi, Arun,
Thanks for your reply. I double-checked, looks there is no settign WLS home in the build.xml. My current setting is as follows, does it look right+
# Base Directory for library lookup
jdeveloper.home=C:\Oracle\Middleware\jdeveloper
src.home=..//..
# JDBC info used to create Schema
jdbc.driver=oracle.jdbc.OracleDriver
jdbc.urlBase=jdbc:oracle:thin:@113.130.218.168
jdbc.port=1521
jdbc.sid=dbwrkev1
# Information about the default setup for the demo user.
db.adminUser=zxxxx4
db.demoUser=FOD
db.demoUser.password=fusion
db.demoUser.tablespace=USERS
db.demoUser.tempTablespace=TEMP
- Denis
Maybe you are looking for
-
i cant purchase or download any of my apps becuase of this is anyone else having this problem
-
Hi My problem with the physical standby database i when i reboot the windows server the if i have AUTOSTART = true for the instance then i it will mount the database in READ ONLY open mode. And if i set the AUSTART in registry to FALSE then i have to
-
Using cron to stop and restart password protected instance (App Server 7)
I have been asked by a customer to create a cron job to stop and restart their web application running under Applications server 7. I have created the script and can stop the instance, but I am unable to start it as it is asking for a password. I hav
-
Hi, I've recently had a problem syncing my iPad with music I already have on iTunes (some purchased from ITunes and some not, built up over the years). I want to have all my music (the ones ticked in iTunes) on the iPad but it just doesn't seem to be
-
Problem in activating datasource Invalid datatype LCHR
Hi, i have created a zextractor (generic) from View in rso2.I have taken a field URL_ADDR in datasource of type LCHR which is coming from table ADR12.But when i m replicating it in dev system(RSA1) its giving me an error as" Field URI_ADDR ( Position