OS and Database Authentication

Similar Messages

• DAD and Database Authentication with db link

  I have a report that access a table via dblink and displays the result set.
  I am trying to implement the database authentication for this using DAD. I created the new DAD without the plsqlusername and password. When I run this application with the valid apex_public_user I get a
  ORA-00942: table or view does not exist ORA-02063: preceding line from DB1
  But I can run the same SQL from sqlplus for the same user. What am I doing wrong? Any help appreciated.
  Thanks

  Found what was causing the problem. I had not given the workspace user the necessary permissions on the remote database.

• Authentication & Authorization with SSO, JAAS and Database Tables mix

  Hi,
  I'm looking for how manage Authentication & Authorization in a J2EE ADF+Struts+JSP application.
  I'm interested in use SSO for authentication (I just did it programatically & dynamically already), and now I would like to could define authorization using database tables with users, groups, profiles, individual permissions, ..., (maitanined dynamically by web application admin) throught JAZN (JAAS or however is said) but not statically defining roles, groups, users, ... in jazn xml files.
  I saw that exists the possibility to create a custom DataSourceUserManager class to manage all this, and this gave me the idea that this could be possible to do (I was thinking in make a custom Authorization API over my application tables, without JAZN) but what is better that use and extended and consolidated aprox like JAZN.
  Anybody could tell me if my idea could be possible, and realizable, and maybe give me some orientation to build this approach.
  A lot of thanks in advanced.
  And sorry, excuse my so bad english.
  See you.

  Marcel,
  Originally the idea was to create a post to only explain how to do authentication using a Servlet filter. However,
  I have recently added code to the JHeadstart runtime and generators to enable both JAAS and 'Custom' authentication AND authorization in generated applications. Therefore, this post will be made after we have released the next patch release, as it will depend on these code changes.
  We currently plan to have the patch release available sometime in the second half of May.
  Kind regards,
  Peter Ebell
  JHeadstart Team

• BPM Composer and custom authenticator

  Hello experts,
  We are using BPM Suite release 11.1.1.4 and we have setup a custom database authenticator for the BPM domain. After following the steps described in the [forum post|http://forums.oracle.com/forums/thread.jspa?messageID=9428626] we have managed to connect successfully to the BPM workspace using administrative rights. Nevertheless, it is not possible to retrieve any projects in the bpm composer page (/bpm/composer), by using any account at all. In all cases, the help page appears and user cannot proceed to any actions.
  Could you please suggest any configuration, role assignment or any other workaround for enabling users coming from a custom database authenticator to work on the bpm composer environment?
  Many thanks in advance,
  Serafeim.

  Never mind. I solved this problem. Just need to ensure all the authenticator control flag set to SUFFICIENT.

• External database Authentication Issue

  Hello Experts
  I have omplemented external database authentication in my PC and somehow its not working
  Do we have to configure the details in NQSconfig file in the security section for implementing External Database Authentication .

  Hello Thanks for your concern .
  Steps i have followed
  *1)* use that table. If not, create the following table in your database.
  CREATE TABLE OBI_USER
  USERNAME VARCHAR2(255 BYTE),
  PASSWORD VARCHAR2(255 BYTE),
  GROUPNAME VARCHAR2(255 BYTE),
  DISPLAYNAME VARCHAR2(255 BYTE),
  LOGLEVEL NUMBER,
  CREATED_DT DATE sysdate,
  **2)**Created New ODBC Connection to use Separate Connection pool for OBIEE Security .
  *3)* Created New Session Initialization Block for Authentication and gave
  (SELECT USERNAME, GROUPNAME, DISPLAYNAME, LOGLEVEL FROM CPR_OBI_USER WHERE UPPER( USERNAME) =UPPER(':USER') AND UPPER(PASSWORD) =UPPER(':PASSWORD') ) by selection the new BI Security connection pool
  In the variable Traget i have defined 'USER', 'GROUP', 'LOGLEVEL','DISPLAYNAME'
  *4)* Created another Session Initialization Block for Authorization and gave (SELECT 'GROUP', GROUPNAME FROM OBI_USER WHERE UPPER( USERNAME) =UPPER(':USER'))
  And selected row wise initialization in variable target AND assigned Authentication Initialization block in the Execution Precedence .
  *5)* Created Groups in Manage-> Security-> Groups with the same group names as given in OBI_USER Table
  *6)* Added Groups in Manage Catalog and groups in Presentation Services .
  *7)* When i log on with the user which is assigned to the group in the OBI_USER Table then its giving
  (Unable to Log In     
  An invalid User Name or Password was entered.
  Please enter your User ID and Password below, and then press the Log In button.)
  Edited by: newbi on Sep 28, 2010 9:53 AM

• Username and Password authentication

  Hi,
  I am new to both JDBC and MSSQL. I've been connecting to msSQL server without providing username and password (DriverManager.getConnection(String url)). I am wondering how to enforce the username and password authentication so that username and password have to be verified before a connection is made. Thanks in advance.

  but where can I get the username & password? I can get
  the connection even with any username & password, why?Hi WeiHang,
  This is regarding the options you have set in the SQL Server. You have to choose from Windows NT authentication and SQL Server Authentication. If you give SQL Server authentication you have mentioned the username and password and you can connect to database simple using DSN(if you are using JDBC-ODBC). However if you choose WindowsNT authentication you donot specify the user name and password there and you have to enter the same at runtime.
  Hope this can help you

• Question about setting cookies and custom authentication

  I have a question about setting cookies.
  I have two different 'projects' in HTMLDB - we will call them App1 and App2.
  I also have two different connection configurations setup in the DADs.conf file. - we will call them Connect1 and Connect2.
  App1 is setup to use database authentication (no user is specified in the DAD) and uses Connect1. Once the user successfully logs in, we set a username cookie (this is a persistent connection).
  We created a custom authenticatoin scheme for App2 - this scheme checks for the username cookie (set by App1). We would like for App2 to use Connect2 (HTMLDB_PUBLIC_USER is the default user specified and it uses connection pooling).
  Is it possible to set a cookie from App1, Connect1 for App2, Connect2 - then redirect to App2 and pick up that cookie?
  Here is an example of what we are trying to accomplish:
  A user loggs into App1, we set a cookie, and the user is redirected to App2. If the cookie exists, we allow them access to the home page in App2, if no cookie, we redirect back to a 'Login Failed' page in App1. We don't want App2 to use the same database connection as App1 though, we need App2 to use connection pooling.
  Is this possible? OR...Is there a better way to accomplish what we want to do?
  This is an enhancement to an existing app. Our requirements are to use Database Authentication (setup where pass expires after 60 days or so, cannot reuse last 3 passwords, etc.) - which is already setup and being used by other applications in our organization. All of our users have accounts in the database. We don't want users to have a new username/pass - and we don't want to manage a separate group for HTMLDB apps.
  The existing application uses HTMLDB's built in authentication - which uses database username/pass, and it uses connection pooling, but we cannot handle the pass expire stuff in it, unless there's something we're not seeing or understanding - at least that's how our DBA explained it to us.
  Any help with this will be appreciated so much. I can send you the code we have if needed.
  Thanks!

  Same problem here.  I have so many problems with this remote app.  Is there an iTunes API? I would like to write my own remote app that actually works.

• JBoss 7 and BlazeDS Authentication

  Hi,
  Has anybody tried to set up Database authentication and BlazeDS though JBoss 7?
  I've performed steps I previously used with other versions but still getting the usual error;
  'There was an unhandled failure on the server. flex/messaging/security/TomcatLoginHolder'
  The truth is I feel like I'm stubbling around in the dark because JBoss 7 is so different to previous versions.
  Any help would be appreciated

  I found the answer for this;
  The trouble I was having was setting the tomcat valve in JBoss 7. Previously this was done in tomcat configuration files and is documented in BlazeDS docs.
  Now the configuration is achieved by;
  1) putting flex-tomcat-common.jar and flex-tomcat-server.jar in the WEB-INF/lib folder of your blazeds war and in the same war
  2) in your jboss-web.xml under WEB-INF the following content
  <jboss-web>
    <security-domain>yourSecurityDomain</security-domain>
    <valve>
          <class-name>flex.messaging.security.TomcatValve</class-name>
      </valve>
  </jboss-web>
  The blazeds configuration remains the same.

• Database Authentication Schema Setup

  Hi, Page 13-17 in the User Guide talks about setting up DAD credentials verification. Text is copied below
  About DAD Credentials Verification
  DAD database authentication uses the Oracle database native authentication and user
  mechanisms to authenticate users using a basic authentication scheme. To use DAD
  credentials verification:
  &#9632; Each application user must have a user account in the Oracle database.
  &#9632; You must configure a PL/SQL DAD for basic authentication (without account
  information).
  how do i setup the dad without account information ?
  - thanks
  neelesh

  nevermind, i just removed the PlsqlDatabaseUsername and Password and it worked.

• Database authentication with 9iAS

  Hi,
  I was wondering if anyone nows when it will be possible to use database authentication with 9iAS. I don't mean just removing the password from the DAD configuration and authentication that way. I want to be able to have basic Oracle authentication like in OAS.

  In the next release of iAS (towards end of year) single signon will be integrated with apache. At that time, it will be possible to do this.

• Forms and database concept

  This question is tricky let's see who answers it right - monica give it try...
  Q1. If i have three trigger written at the block level namely-
  pre-delete
  pre-insert
  pre-update
  and then i do three operations update,delete and insert onthe table what will be the order of execution of the triggers and WHY?
  I am answering the order but i want WHY? so.
  A1. Pre-delete
  Pre-update
  Pre-insert
  but why?

  Anthony,
  each Forms application rewuired database authentication information to access teh database schema. This information can be provided in A Forms login dialog, or as mentioned, stored in an LDAP server using Oracle SSO.
  The Forms application only knows about the current conencted username and password, not about previous users. I don't see a security issue with this.
  Frank

• Java Database Authentication

  Hi :
  I work on web application depends on EJB 3.0 and ADF Faces.
  I don't want to use basic form authentication and authorizations for users...!!??
  I heard about Java Database authentication and authorization...??
  How can I use it...?? somebody helps me please...!!!
  Send me any tutorial or anything related with it..
  Thanks

  Hi,
  and the database authentication uses JAAS LoginModules with basic or form based authentication. See the oC4J Security guide
  Frank

• Web and Database Security - SQL Inject info

  Web and Database Security - SQL Injection.
  Here is a whitepaper on The Dangers of Dynamic Content (SQL Injection)
  http://www.issadvisor.com/viewtopic.php?t=125
  SQL Injection. 3 parts. The first part discusses the basics of how to test
  web applications for SQL injection vulnerabilities. The second part goes into
  the specifics of how to manually identify and test for SQL injection
  vulnerabilities. And the third part describes how to exploit SQL injection to
  retrieve data from the database.
  http://www.issadvisor.com/viewtopic.php?t=123
  Understanding this critical security issue, helps web developers that leverage
  database must design and make their applications more secure.
  Hopefully these two links are informative and useful. Please pass them on.

  An APEX page can certainly be configured to not require authentication (that's pretty standard for the login/ registration page). There is no need for an "Oracle public password." There are accounts in the Oracle database that APEX uses but that no human needs to know the password for. If that's what you mean by "Oracle public password" then, yes, you do. But that would be the case no matter what authentication and authorization scheme you use in APEX.
  A static IP address for your web server is likely a good idea. It's possible to have DNS work with dynamic IP addresses but that's probably not what you want.
  Justin

• Url and DAD authentication

  apex v2.2
  Scenario is
  Apex users are authenticated using database authentication.
  Once authenticated the users may press a column link to a
  non apex DAD stored procedure call which then ask for autentication.
  sample call is - which executes a report request and pass back a pdf to the browser
  http://host:port/<dad>/<package.procedure>?param1=1
  Within the apex security model can I somehow bypass the user/pw challenge as the user signed in has permission to execute the call and a public user shouldn't have access
  This is the appex DAD
  <Location /pls/apex>
  SetHandler pls_handler
  Order deny,allow
  Allow from all
  AllowOverride None
  PlsqlDatabaseUsername APEX_PUBLIC_USER
  PlsqlDatabasePassword xxxxxxxx
  PlsqlDatabaseConnectString train:1521:training SIDformat
  PlsqlDefaultPage apex
  PlsqlDocumentTablename wwv_flow_file_objects$
  PlsqlDocumentPath docs
  PlsqlDocumentProcedure wwv_flow_file_mgr.process_download
  PlsqlAuthenticationMode Basic
  PlsqlNLSLanguage AMERICAN_AMERICA.AL32UTF8
  </Location>
  Any ideas ?
  Thanks
  Pete

  Still no joy!
  Currently there's a region with some items and a button
  when submitting the button GO, page process GO executes:
  htp.init;
  apex_application.g_page_text_generated := true;
  owa_util.mime_header ('application/x-sql',false);
  htp.p('Content-Disposition: attachment; filename=xxxxxxxxxxxx');
  owa_util.mime_header('application/pdf', false);
  owa_util.http_header_close;
  htp.p('Content-Disposition: attachment; filename=test.pdf');
  <package>.download_doc(517); -- see below
  "some processing takes place" but the document is not being displayed
  I've tried the different mime_header and Content-Disposition setttings
  Do I need to redirect the content sent from the server somewhere else?
  Calling the procedure via mod pl/sql works
  Thanks for your reply.
  Pete
  ===
  procedure download_doc(p_file_id upload_reports.ur_id%type
  ,p_mime_type varchar2 default 'application/pdf')
  as
  l_lob upload_reports.report_blob%type;
  l_mime varchar2(30);
  begin
  select f.report_blob
  into l_lob
  from upload_reports f
  where f.ur_id = p_file_id;
  owa_util.mime_header('application/pdf', false);
  owa_util.http_header_close;
  wpg_docload.download_file(l_lob);
  end;

• Cisco ACS 4.2 and Radius authentication?

  Hi,
  I have a Cisco ACS 4.2 installed and using it to authenticate users that log on to switches using TACACS+, when I use local password database, everything is working. But if i try to use external database authentication using a windows 2008 radius server, I have problem that I can only use PAP, not CHAP. Anyone who know if it's possible to use CHAP with external radius authentication?

  To access network devices for administrative purpose, we have only three methods available :
  [1] Telnet : Which uses PAP authentication protocol between client and the NAS device. So the communication between Client and NAS is unencrypted,  and when this information flows from NAS to IAS server gets encrypted using the shared secret key configured on device/IAS server.
  [2] SSH : Which uses  public-key cryptography for encrypting information between client and the NAS device, i.e, information sent between client 
  and NAS is fully secure. And the communication between NAS and IAS is encrypted using shared secret same as above. Good point on SSH side is that commincation channel is secure all the time.Again the authentication type would remain same that is PAP.
  [3] Console:Which is also the same it will not allow to use MSCHAP as there is no need to secure it as you laptop is connected directly to the NAS and then if you are using TACACS it will encrypt the payload .
  Summarizing, we cannot use CHAP, MS-CHAP, MS-CHAP V2 for communication between client and NAS device or administrative access.
  And the most secure way to administer a  device is to use SSH.
  Rgds, Jatin
  Do rate helpful post~