Pb with 2nd Authentication using form.jsp (authentication example)

Hi,
I am using the example form.jsp to log on to my application. The first
page (testsecurity.jsp) can be accessed by "everyone" and until this step everything
goes fine, I manage to log on. From the testsecurity.jsp page there is a link
to a jsp which can only
be accessed by some users (I defined that in the policy file).
Avan if I have identified myself through the form.jsp, before the 2nd page is
displayed, I must log on again. When I give
the same login and password as I gave for the first identification
I can see the proper page.
Do you have any idea about why I have to log on twice?
Thanks
Odile
PS: I checked that, in the session, the attribute "javax.naming.InitialContext"
is still present, if this has anything to do with the authentication..

Similar Messages

Problems with basic authentication example

I am trying to run the basic authentication example from the Professional JSP book (Chapter 16) although for some reason I continue to get "AUTHENTICATION MECHANISM NULL" instead of "AUTHENTICATION MECHANISM BASIC". I do not even get the pop-up window with the prompt for Username and Password. I am running Tomcat 4.0-dev and have tried to access the login window by pointing the browser to the appropriate file:
//localhost:8080/ch16-basic/index.jsp
Still not login window???
I have added the extra user and password to the tomcat-users.xml file (username="projsp" password="projsp" roles="superuser")
Still no luck????
Could someone please let me know what could possibly be going wrong.
Thank you!!!!

The index.jsp is:
<html>
<head>
<title>Protected Area Page</title>
</head>
<body>
<%
out.println("<H2>Authentication Mechanism "+ request.getAuthType() +" </H2>" );
%>
</body>
</html>
The tomcat-users.xml is:

<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
<user name="projsp" password="projsp" roles="superuser" />
</tomcat-users>
And the web.xml is:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_3.dtd">
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ProJSP Authentication Example</realm-name>
</login-config>
</web-app>
WHY ISN"T THIS WORKING!!!!

How do i pass a url with query string using the jsp:forward tag

This snippet of code gives a 403 error
<jsp:forward page="testpage.jsp?test=1" />
How do i rectify it?

Well better way to go about for the job is to use
setAttribute("name","value");method in the first page
and then in next page use method
String s=getAttribute("name");to retreive the value.
Url rewritting or using Query String has some disadvantages ,which are handled by above mentioned approach.
Ashish

Inconsistency problem with Image preview using ImageServlet -JSP

I have a Servlet that reads Images ( JPG) from file system and sends bites to response,
Code works fine and I can see the Image, Problem is that it is very Inconsistent sometimes I can see image and sometimes I see the red X mark instead of image,
if I refresh the page wih shift key holding, the image shows up.
when the image was obsent I can right click the image and go to properties and see the image path and it was correct.
any one has similar experiences with Images before ?
Servlet code follows.
File f = new File(imgPath);
BufferedInputStream in = new BufferedInputStream(new FileInputStream(f));
// Set all the required header information
response.setContentType("image/gif");
response.setContentLength((int)f.length());
response.reset();
response.resetBuffer();
BufferedOutputStream out = new BufferedOutputStream(response.getOutputStream());
byte[] buf = new byte[1024];
int nRead;
while( (nRead=in.read(buf)) != -1 ){
      out.write(buf,0,nRead);
/ Close up all our resources
out.flush();
in.close();
response.flushBuffer();JSP code in pieces.
<% response.setHeader("Cache-Control","no-cache");
   response.setDateHeader("Expires", -1);
   response.setHeader("Pragma", "no-cache");
   response.addHeader("Cache-control", "no-store");
   response.addHeader("Cache-control", "max-age=0");
%>
<html:html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
</head>
<body>
<img src="<%=request.getContextPath()%>/imageServlet?imgType=badge&imgName=<bean:write name='badge' property='name'/>" width="136" height="136" alt="" border="0">
</body>
<head> <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"> </head>
</html:html>Thanks
Narendra

Hi Peter,
Thanks for your e-mail.And sorry for late.
I have changed my activex server in my labview programme.Current
server name is XVideoOCX.I have attached 1 example.Still I am facing
the same problem that I am not getting disply from more than 1 web
cam.So would you be able to advice me,what should I do regarding this
matter.
Actually,This is a part of my M.Sc project.I am under pressure.Peter,Please do me this fevour.
Thanks
Kabir
1 eample from help file:
Video Disply
1. Choose the input mode (Video, Single Image Files, Screen, etc.)
XSetInputMode(0) // This
chooses video as input
2. Choose the video device
XSetVideoInput(0) //
Choose the first available video input device
3. Initialize XVideoOCX
XInit() // Initialize
XVideoOCX
4. Start internal video capture
XStart()
now XVideoOCX should display the live video
5. Stop internal video capture
XStop()
6. Close XVideoOCX
XClose()
Kabir mamun
PhD Student,DCU
[email protected]
www.iward2010.blogspot.com
Attachments:
ax2.vi ‏23 KB

Using HTML, JSP, JavaBeans and Access database

I'm trying to create a login page that will allow users to query, insert, modify, and delete information. I have an HTML page that the user chooses which option they want to do. I have 4 JSP's set up for each option. My biggest issue is getting them to talk to the database using a single JavaBean. I can create several beans to pull the information, post, delete, or modify. I'm having trouble pulling information through the JSP's from the HTML page. Please help...

Hey,
You get html to communicate with your server using forms. Use the request to retrieve the submitted form data. All you would need to do is tell your bean what it is doing, how and with what.
Good luck

Printing in calendar format using forms

I need to print to a file in a calendar format, with
monthly view using Forms 9i. Oracle Portal and APEX
is not an option.
There is a table which consists data for several months,
and I need to use oracle forms as parameter form
to pass the date range to print the calendar.
The requirement is one month per page. I am thinking
there should be a way to generate an HTML output.
As always, looking forward to some great ideas.
thanks

OK. Here goes:
Query 1:
/*Select the months between the from and to dates */
SELECT months, to_date('01-'||months,'DD-MON-YYYY') order_date
FROM ( SELECT distinct TO_CHAR(days,'MON-YYYY') months
FROM (SELECT :p_fr_date + (ROWNUM-1) days
FROM M191F
WHERE ROWNUM <= to_number(:p_to_date - :p_fr_date) +1)
ORDER BY to_date('01-'||months,'DD-MON-YYYY')
M191F is a dummy table with 1000 rows in it. It has 1 column M191COPY NUMBER(10). We use it just as a driver if things want to bring out a given number of records. We are using a parameter form in the report to get p_to_date and p_fr_date but that would be easy to receive from a Form.
In the group I see there is a formula column producing the page title, it returns
return to_char(:order_date,'fmMonth YYYY');
Query 2
Now you need to take some headache pills:
SELECT
TO_CHAR((TO_DATE('01-'||:months,'DD-MON-YYYY') -
DECODE(TO_CHAR(TO_DATE('01-'||:months,'DD-MON-YYYY'),'Dy'),
TO_CHAR(TO_DATE('24-FEB-2003','DD-MON-YYYY'),'Dy'), 0,
TO_CHAR(TO_DATE('25-FEB-2003','DD-MON-YYYY'),'Dy'), 1,
TO_CHAR(TO_DATE('26-FEB-2003','DD-MON-YYYY'),'Dy'), 2,
TO_CHAR(TO_DATE('27-FEB-2003','DD-MON-YYYY'),'Dy'), 3,
TO_CHAR(TO_DATE('28-FEB-2003','DD-MON-YYYY'),'Dy'), 4,
TO_CHAR(TO_DATE('01-MAR-2003','DD-MON-YYYY'),'Dy'), 5,
TO_CHAR(TO_DATE('02-MAR-2003','DD-MON-YYYY'),'Dy'), 6)) + (ROWNUM-1) ,'FMDy dd Mon YYYY') datee,
'' day, '' tasks, to_date('') the_date
FROM M191F
WHERE ROWNUM <= DECODE(TO_CHAR(TO_DATE('01-'||:months,'DD-MON-YYYY'),'Dy'),
TO_CHAR(TO_DATE('24-FEB-2003','DD-MON-YYYY'),'Dy'), 0,
TO_CHAR(TO_DATE('25-FEB-2003','DD-MON-YYYY'),'Dy'), 1,
TO_CHAR(TO_DATE('26-FEB-2003','DD-MON-YYYY'),'Dy'), 2,
TO_CHAR(TO_DATE('27-FEB-2003','DD-MON-YYYY'),'Dy'), 3,
TO_CHAR(TO_DATE('28-FEB-2003','DD-MON-YYYY'),'Dy'), 4,
TO_CHAR(TO_DATE('01-MAR-2003','DD-MON-YYYY'),'Dy'), 5,
TO_CHAR(TO_DATE('02-MAR-2003','DD-MON-YYYY'),'Dy'), 6)
UNION ALL
SELECT TO_CHAR(TO_DATE(ROWNUM||'-'||:months,'DD-MON-YYYY'),'FMDy dd Mon YYYY') datee,
TO_CHAR(TO_DATE(ROWNUM||'-'||:months,'DD-MON-YYYY'),'dd') day,
ans_y_util.daily_tasks (:p_owner, TO_DATE(ROWNUM||'-'||:months,'DD-MON-YYYY')) tasks,
TO_DATE(ROWNUM||'-'||:months,'DD-MON-YYYY') the_date
FROM M191F
WHERE ROWNUM <= TO_CHAR(LAST_DAY(TO_DATE('01-'||:months,'DD-MON-YYYY')),'DD')
The union bit is the call to our function in ans_y_util which I think will return some text to say what's happening on the date provided, for the user. So it calls that once for each date in the range, even if there's nothing happening on that day.
It looks like the trick is in working out which day of the week you're on about. Putting the hard coded date of reference in Feb 2003 gives it a starting point.
Then all this is neatly laid out in the Layout Editor... ;-) I guess it's something to do with an Across/Down layout, measured to fit the 7 cells in it across before going down.
I hope this is relevant. But you did ask!

Creating two sin signals using function generator.vi example

hi all. i want to create two sin signals with different parameters using function generator.vi example. i tried to modify the example by copying the code and try to output two sin signals on different channels of the DAQ but error message saying that you are validating of the AO write buffer . attached is the file. how can i modify it to solve the problem?!
Attachments:
function_generator2.vi ‏123 KB

Nidal,
Below is an example that illustrates how to generate different sine waves on two separate analog output channels.
Example

SharePoint 2010 with LDAP authentication, using NOVELL eDirectory

One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
In the Membership provider name text box I entered "LdapMember"
In the Role provider name text box I entered "LdapRole"
In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
<membership>
<providers>
<add name="LdapMember"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
userDNAttribute="dn"
userNameAttribute="cn"
userContainer="OU=people,O=validobject"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
<providers>
<add name="LdapRole"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
groupContainer="OU=people,O=validobject"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="((ObjectClass=group)"
userFilter="((ObjectClass=person)"
scope="Subtree" />
</providers>
</roleManager>
I modified the SecurityTokenServiceApplication web.config with these details
<system.web>
<membership>
<providers>
<add name="LdapMemebr"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
userDNAttribute="dn"
userNameAttribute="cn"
userContainer="OU=people,O=validobject"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<add name="LdapRole"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
groupContainer="OU=people,O=validobject"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(&(ObjectClass=group))"
userFilter="(&(ObjectClass=person))"
scope="Subtree" />
</providers>
</roleManager>
</system.web>
I modified the web.config of the test application I created with these details
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
groupContainer="OU=people,O=validobject"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="cn"
dnAttribute="dn"
groupFilter="(&(ObjectClass=group))"
userFilter="(&(ObjectClass=person))"
scope="Subtree" />
</providers>
</roleManager>
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword= "validpassword"
useDNAttribute="true"
userDNAttribute="dn"
userNameAttribute="cn"
userContainer="OU=people,O=validobject"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
The server could not sign you in. Make sure your user name and password are correct, and then try again.
I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
8306 - SharePoint Foundation - The security token username and password could not be validated.
in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
then this:
Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
The LDAP server tells the SharePoint server it is ready to communicate
the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
The SharePoint server acknowledges the connection is closing
... and then nothing happens, except the error on SharePoint
What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
specified in the web.config). That part does not seem to be happening.
I am at a standstill on this and any help would be greatly appreciated.

OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
for enabling Forms Based Authentication:
"ASP.NET Membership provider name"
"ASP.NET Role manager name"
We entered a name for Membership provider, and left Role manager blank.
In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
<membership>
<providers>
<add name="LdapMember"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="ldap.server.address"
port="389"
useSSL="false"
connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
connectionPassword="validpassword"
useDNAttribute="false"
userDNAttribute="dn"
userNameAttribute="cn"
userContainer="OU=people,O=validobject"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager>
<providers>
</providers>
</roleManager>
useDNAttribute="false" turned out to be important as well.
So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
leave anything related to the role provider blank
configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
a non-existent role manager.

MOBI SSO with trusted authentication and form based authentication

Dear All,
I am trying to configure Trusted authentication based SSO FOR MOBI, here are the details:
- SAP BI 4.1 SP04
- Trusted authentication with HTTP header configurred for BI Launchpad and working fine.
Now to have SSO from Mobile, I plan to leverage the existing configuration of BI Launchpad and at Mobile level, I want to use authentication type as TRUSTED_AUTH_FORM, instead of TRUSTED_AUTH_BASIC, with the approach: Trusted authentication with HTTP header.
And
Provide our app users their X502 certs.
1. Will the above approach work ??
2. As per SAP NOTE: 2038165 - SSO using form based trusted auth gives with the SAP BI app for iOS gives error MOB00920 this does not work and is still under investigation from July last year ? So for any community member, has this been found working ??
I would appreciate your valuable inputs.
Regards,
Sarvjot Singh

Hi,
According to your post, my understanding is that you want to know the difference of the SharePoint three type user authentications.
Windows claims-based authentication uses your existing Windows authentication provider (Active Directory Domain Services [AD DS]) to validate the credentials of connecting clients. Use this authentication to allow AD DS-based accounts access to SharePoint
resources. Authentication methods include NTLM, Kerberos, and Basic.
Forms-based authentication can be used against credentials that are stored in an authentication provider that is available through the ASP.NET interface
SAML token-based authentication in SharePoint 2013 requires coordination with administrators of a claims-based environment, whether it is your own internal environment or a partner environment.
There is a good article contains all the SharePoint Authentications, including how they work and how to configure.
http://sp77.blogspot.com/2014/02/authentication-in-sharepoint-2013_5.html#.VFcyQ_mUfkJ
Thanks & Regards,
Jason
Jason Guo
TechNet Community Support

Any one else have problems using 'FORM' based authentication in OC4J?

Since I couldn't find any information on this from Oracle I went with the specifications from Orion.
I am using Oracle Internet Directory Server for authentication of OC4J apps. I followed Orions specs for writing and pluging in your own usermanger to make calls to OID. Everything works fine when I use BASIC authentication but when I use FORM based authentication it fails to send the browser to the original url that was requested.
The browser just displays a blank screen?
You can tell that the client is authenticated because you can just request the URL again and it's displayed without prompting for a username/password.
For the login in screen the only specs Orion gives is that your form has to have an action of 'j_security_check' and pass 'j_username' and 'j_password'.
Does oracle have another way to do this, or has anyone else experienced this and no a way to fix it?

Tom,
Custom user authentication in Oc4J 1.0.2.2 is same in both Oc4J and Orion and we have tested that form based authentication works
fine. In 9iAS Release 2 Oracle has an integerated JAAS implementation with OC4J which you can configure either to authenticate users from a encrypted file or users stored in OID.

Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

I would love some help with this issue. I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0 I have a test account set up with lab.acme.com to use the ACS.
When I log into my site using Windows Auth, everything is great. However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
to use to log in and after 3-5 second
and return me the logon page with error message “Authentication failed”
I base my setup on the technet article
http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
I validated than all my certificate are valid and able to retrieve the crl
I got in eventlog id 300
The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Additional Data
Exception details:
Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
serializationContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
trustNamespace, AsyncCallback callback, Object state)
System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
thx
Stef71

This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
on my case was :
PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ad0001.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
Certificate : [Subject]
CN=domain.AD0001CA, DC=domain, DC=com
[Issuer]
CN=domain.AD0001CA, DC=portal, DC=com
[Serial Number]
blablabla
[Not Before]
22/07/2014 11:32:05
[Not After]
22/07/2024 11:42:00
[Thumbprint]
blablabla
Name : domain.ad0001
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : domain.ad0001
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17164
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ADFS_Signing.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
Certificate : [Subject]
CN=ADFS Signing - adfs.domain
[Issuer]
CN=ADFS Signing - adfs.domain
[Serial Number]
blablabla
[Not Before]
23/07/2014 07:14:03
[Not After]
23/07/2015 07:14:03
[Thumbprint]
blablabla
Name : Token Signing Cert
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : Token Signing Cert
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17184
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.PORTAL>

Error 18452 "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication" on SQL Server 2008 R2 Enterprise Edition 64-bit SP2 clustered instance

Hi there,
I have a Windows 2008 R2 Enterprise x64 SP2 cluster which has 2 SQL Server 2008 R2 Enterprise Edition x64 SP2
instances.
A domain account "Domain\Login" is administrator on both physcial nodes and "sysadmin" on both SQL Server instances.
Currently both instances are running on same node.
While logging on to SQL Server instance 2 thru "Domain\Login" using "IP2,port2", I get error 18452 "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication". This happened in the past
as well but issue resolved post insatllation of SQL Server 2008R2 SP2. This has re-occurred now. But it connects using 'SQLVirtual2\Instance2' without issue.
Same login with same rights is able to access Instance 1 on both 'SQLVirtual1\Instance1' and "IP1,port1" without any issue.
Please help resolve the issue.
Thanks,
AY

Hello,
I Confirm that I encountred the same problem when the first domain controller was dow !!
During a restarting of the first domain controller, i tried to failover my SQL Server instance to a second node, after that I will be able to authenticate SQL Server Login but Windows Login returns Error 18452 !
When the firts DC restart finishied restarting every thing was Ok !
The Question here : Why the cluster instance does'nt used the second DC ???
Best Regards
J.K

Intel Mac OS X can't connect using 802.1x with TTLS authentication

To login at the wireless network on my school I use the following settings:
802.1x connection with TTLS authentication and TTLS inner authentication set to PAP.
My MacBook Pro logs in, but has a self assigned ip-address and I can't use the network.
On my old iBook and my friend's Powerbook with exact the same settings it works perfect. (and gets an assigned ip-address throug DHCP.
Bug in the Intel version of Mac OS X I guess?

Regarding the post about other intel macs being unaffected, I don't have an imac so I don't know for sure, but the connectivity problems seem to be more widely reported for the macbooks. It's certainly possible they are affected as well, but I was under the impression they were using a different chipset and/or firmware. (note to self, check on that).
What I cant understand is why they have changed the
airport express card for the intel macs, albeit the
processor has changed but that shouldn't affect the
card as that should be processor
The intel macs were largely designed by intel. I suspect that apple provided case dimensions and a specifications list which intel then used for the designs. The wireless cards in the powerbooks were based (iirc) on a pc-card bus. The older airports were based on PCMCIA-16.
In the macbooks, it appears to be a mini-PCI-express. (I had to send my back for noise issues. ASP might tell you what bus it connects to). The benefit to this is better speed and the possibility of future expansion. Dell uses the same connector.
Some side-benefits of having the board designed by intel (or with heavy intel involvement) is that we can already dual-boot windows XP. Wireless seems to work fine if you run windows on the macbook. Therefore, I think this is a driver issue likely to be resolved sooner rather than later.

Strange behaviour when using connection pooling with proxy authentication

All
I have developed an ASP.NET 1.1 Web application that uses ODP.NET 9.2.0.4 accessing Oracle Database 8i (which is to be upgraded to 10g in the coming months). I have enabled connection pooling and implemented proxy authentication.
I am observing a strange behaviour in the live environment. If two users (User 1 and User 2) are executing SQL statements at the same time (concurrent threads in IIS), the following is occurring:
* User 1 opens a new connection, executes a SELECT statement, and closes this connection. The audit log, which uses the USER function, shows User 1 executed this statement.
* User 2 opens the same connection (before it is released to the connection pool?), excutes an INSERT statement, and closes this connection. The audit log shows User 1, not User 2, executed this statement.
Is this a known issue when using connection pooling with proxy authentication? I appreciate your help.
Regards,
Chris

Hi Chris,
I tried to reproduce your complaint, but was unable to. I didnt use auditting however, just a series of "select user from dual" with proxy authentication. You might want to see if you can put together a small complete testcase for this and open a sr with support.
Cheers
Greg

Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

Hello,
I have gone through couple of posts regarding this issue but couldn't get the right solution. Could you please help what exactly we are missing here.
Details:
1) we have two SQL instances on one standalone machine (Default Instance (2008 SP3) + Named Instance (SQL 2012 SP1))
2) Both instances are configured to accept SQL+ Windows authentication.
3) when we give access to our users they are getting following exception if they connect with 'windows authentication'. (For both instances)
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
Note: (Being a sys + windows admin I'm able to connect both the instances from same client machine without
any issues)
4) Also, we observed following error in windows application event log,
SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.
The logon attempt failed [CLIENT: 192.168.xxx.xyx]
5) If we create SQL login it is working fine without any issues.
Could someone guide/help me identifying and fixing this issue.
Thank you

Hello,
Are those Windows Logins associated to domain Windows accounts? Windows Logins work for domain accounts and local Windows account created on the server where the SQL Server instance is installed (and used to login locally to the server).
Could you try to delete one of the Windows logins that fail to login , and try to recreate them?
The following resources may help:
http://blogs.msdn.com/b/dataaccesstechnologies/archive/2012/12/19/error-message-quot-login-failed-the-login-is-from-an-untrusted-domain-and-cannot-be-used-with-windows-authentication-quot.aspx
http://support.microsoft.com/kb/555332
Hope this helps.
Regards,
Alberto Morillo
SQLCoffee.com

Pb with 2nd Authentication using form.jsp (authentication example)

Similar Messages

Maybe you are looking for