Pgina - authenticate windows against oid

Similar Messages

• Authentication failing for APEX against OID when uppercase used in password

  We are using Application Express 3.1. I am authenticating against OID 10.1.2.2 and noticed some users were having problems
  logging into APEX. They are getting "Invalid Login Credentials". I eventually workout it was when they were authenticating using a password
  having a uppercase character ... "Blackhawk" is one example. We authenticate discoverer using OID and do not have the same problem.
  Has anyone else encounter this problem please ?
  Cheers Rod
  The Function I use is shown below:
  DECLARE
  V_TEST BOOLEAN;
  V_EXIST NUMBER ;
  BEGIN
  SELECT COUNT(*) INTO V_EXIST FROM BE_MANAGERS
  WHERE MANAGER_CSO_CODE = :APP_USER
  AND FINANCIAL_YEAR_ID = BE_BUDGETS_APEX_PKG.CURRENT_FINANCIAL_YEAR ;
  IF V_EXIST = 0 THEN
  HTMLDB_APPLICATION.G_UNRECOVERABLE_ERROR := TRUE;
  OWA_UTIL.REDIRECT_URL('f?p=' || v('APP_ID') || ':101:' || v('APP_SESSION') );
  END IF ;
  V_TEST := HTMLDB_LDAP.IS_MEMBER
  ( p_username => :APP_USER, p_pass => NULL
  , p_auth_base => 'cn=Users,dc=planforlife'
  , p_host => 'oraapp01'
  , p_port => '389'
  , p_group => 'OID-PilotUsers'
  , p_group_base => 'cn=vaultgroups,cn=Groups,dc=planforlife');
  IF V_TEST = FALSE THEN
  HTMLDB_APPLICATION.G_UNRECOVERABLE_ERROR := TRUE;
  OWA_UTIL.REDIRECT_URL('f?p=' || v('APP_ID') || ':101:' || v('APP_SESSION') );
  END IF;
  EXCEPTION
  WHEN OTHERS THEN
  HTMLDB_APPLICATION.G_UNRECOVERABLE_ERROR := TRUE;
  OWA_UTIL.REDIRECT_URL('f?p=' || v('APP_ID') || ':101:' || v('APP_SESSION') );
  END;

  Rod:
  Are you sure it is not the 'username' which is causing the issue ? If it is the username then to preserve the case in which the username is entered you will need to set the ' p_preserve_case' parameter to true in the call to APEX_CUSTOM_AUTH.LOGIN . This API is invoked in the application's login page as an after-submit page process.
  Varad

• Authenticate windows users via ACS

  Hi,
  Expert insight required for Cisco ACS, Is it possible to authentication windows user via ACS & apply ACL policies over network devices.
  I would appreciate valued inputs.
  Regards,

  Yes, it's possible to authenticate windows users via ACS and push DACL via radius.
  Seems you are looking for DACL. Here is a document that can help you to understand the same
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a9eddc.shtml#user
  Let me know if you need any further help.
  Jatin Katyal
  - Do rate helpful posts -

• Microsoft Windows CPU OID changes between reboots

  On my ACE4710s I'm using least-loaded predictors monitoring Microsoft Windows CPU usage. There are times when the MS Windows CPU OIDs can change between reboots. Is anyone aware of a way for the ACE to automatically adjust to the new CPU OIDs and continue to get accurate CPU usage values?

  Hi Chuck,
  I don't think that is possible. You need to know OID's before you configure them. You can configure multiple OID's but still you need to know them. If they are changing after reboot i don't think ACE can anyway know about it.
  Regards,
  Kanwal

• Authenticate Against OID

  I am new to jDeveloper and java.
  I developed an jsp/adf application using jDeveloper 10.1.2 which runs on Oracle 10g application server.
  The application works using the jazn-data.xml to access the db.
  I need to modify the application to hang off an Oracle portal and access the db is obtained after the user logs into the portal using the portal login.
  The user will access the application from logging into an oracle portal.
  I am not the Unix admin, so we assume the OID/SSO is properly configured.
  How can I pass the portal authentication to the jsp application to access the db without having to log in again.
  Reading the Oracle documentation and looking at the Oracle examples did not provide any clues to how to accomplish this.

  Shay
  I have not seen the document you are referring.
  The document appears to contain information I can utilize.
  I will post my progress on authenticating against the OID.
  Thanks

• Authenticating 10g databases against OID 11g

  Hi.
  Our client currently uses OID 10g to authenticate users on their 10g databases. They intend to begin an upgrade to 11g beginning with the OID upgrade. Some applications though are likely to remain on 10g databases for the foreseeable future.
  Will it remain possible to authenticate existing 10g database installations against the new OID 11g setup?
  If so, will this happen automatically as part of the OID 10g->11g upgrade steps?
  Many thanks.
  Edited by: 893987 on 31-Oct-2011 08:49

  Hi Sridhar
  Did you come right with the Oracle case insensitive connection? I am at a client site and they are asking if I can create an Oracle case insensitive connection and need to know how to do this.
  I have come right now. I have added the following into the parameters in the universe:
  NTS_COMP = LINGUISTIC
  NTS_SORT = BINARY_CI
  When running a query the selection does not have to be case sensitive. eg. In the database it shows as "SOFTWARE" and if I run a query looking for "software" it returns the correct data.
  Thanks
  Sharon

• ACS 4.1 failure to authenticate Windows users.

  Hello.
  We are running Cisco Secure ACS for Windows version 4.1(1)b23p5 on a Windows 2000 member server.
  Starting from today, ACS fails to authenticate users.
  Using the same external user (andrea-meconi) I can verify successfull and failed authentication.
  This is the AUTH.log for a genericRADIUS request...
  AUTH 25/02/2013 15:30:24 I 0396 3900 External DB [NTAuthenDLL.dll]: Starting authentication for user [andrea-meconi]
  AUTH 25/02/2013 15:30:24 I 0396 3900 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user andrea-meconi
  AUTH 25/02/2013 15:30:24 E 0396 3900 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1783L)
  AUTH 25/02/2013 15:30:24 I 0396 3900 External DB [ODBCAuthDll.dll]: Starting 1 odbc workers
  AUTH 25/02/2013 15:30:24 I 0396 3900 External DB [ODBCAuthDll.dll]: DLL initialised OK
  AUTH 25/02/2013 15:30:24 I 0571 3900 AuthenLoadLibrary: Loaded DLL for External ODBC Database
  AUTH 25/02/2013 15:30:24 I 1645 3900 pvAuthenticateUser: authenticate 'andrea-meconi' against External ODBC Database
  This is the log for an EAP request...
  AUTH 25/02/2013 16:23:56 I 1645 4568 pvAuthenticateUser: authenticate 'venezia\andrea-meconi' against Windows NT/2000
  AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: Starting MSCHAP authentication for user [venezia\andrea-meconi]
  AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: Got WorkStation CISCO
  AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user andrea-meconi
  AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: Windows authentication SUCCESSFUL (by RVVMDCC01PW)
  AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: User mapped to ACS group id [20]
  Windows AD running now on Windows 2008 server, migrating from 2003.
  Any idea?
  Thanks.
  Andrea

  Windows authentication FAILED (error 1783L)
  The above error indicates that the migration happened over night. In order to resolve this issue you need to upgrade your ACS to atleast ACS 4.2.0.124 patch 4 or above.
  Supported Operating Systems section
  --Windows Server 2008, Standard Edition
  --Windows Server 2008, Enterprise Edition
  --Japanese Windows Server 2008, Standard Edition, Service Pack 2
  --Japanese Windows Server 2008, Enterprise Edition, Service Pack 2
  NOTE: No version of ACS 4.x support 2008 R2. Only ACS 5.2 support it.
  Regards,
  Jatin Katyal
  - Do rate helpful posts -

• Authenticate windows users accessing os x client using open directory?

  I need to setup an OS X client machine (10.4.6) so that windows users (XP) can access folders based on their open directory credentials. (Using OS X server, open directory, windows PDC). If I turn on windows sharing in system preferences on the mac, it will only share local home folders to users with local accounts - not what I need. Any ideas? thanks.

  Thanks!  So now I see Open Directory, but it seems like it should be listed under the Server app with all the other services...
  Anyhow, I seem to remember a way to administer the users and groups.  This app shows me the status of the services, logs, settings.  The Server app, if I click on Add Users button, then click "connect to it" to supposedly connect to the directory server, it won't take my credentials.  I always get "Cannot authenticate to server.  Please authenticate by entering the name and password of a user account in this server's directory."
  Connect anonymously doesn't seem to do anything, it doesn't even dismiss the dialog.
  So what am I missing?

• Can my AD connected server use kerberos to authenticate windows users?

  Hi,
  I have installed our brand new Xserve with leopard and set it up so that it is connected to a directory service (AD). I have check to see if it kerberized and it does appear so.
  What I want to do is provide SSO for our users when they visit our intranet. Our users will be using Windows XP Pro clients. I have tried using basic authentication but this requires the user to enter their network username and password to authenticate. When I try setting the realm security to be Kerberos it doesn't work.
  Can this be done and if so what am I doing wrong? Surely I am not the only person trying to integrate a mac server into a windows environment and provide windows clients with a seamless experience!
  Please help anyone!!!!

  Ok, we managed to solve this!!!
  It was to do with Active Directory. You need to set the xserve in Active Directory to be trusted for delegation (all kerberos services) and voila! Sorted!

• ACS 4.2 failure to authenticate windows users

  Hi all , we have a bit of a problem which we cannot seem to resolve.
  The ACS can authenticate people using local database , it can also authenticate a single user (using windows database) if you are fast after the service is restarted , however after a few secounds, it fails to authenticate any users , the error we are seeing on the logs appear as authentication failure type : internal error. Also on the log files, the authentication request from the user does not appear in the correct group, it is thrown into the default group.
  Any ideas on where we should look to the problem?

  Hi,
  Its running on windows 2003 server, is running as the system account.
  Auth.log details below on a failed authentication
  AUTH 04/09/2009 17:02:13 A 5789 3000 0x69 Worker 0 waiting for work
  AUTH 04/09/2009 17:02:13 A 5789 1400 0x6 Worker 3 waiting for work
  AUTH 04/09/2009 17:02:13 A 5789 0368 0x4 Worker 1 waiting for work
  AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 0
  AUTH 04/09/2009 17:02:23 A 5821 3000 0x69 Worker 0 established conn 166 with 127.0.0.1:1879
  AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 1
  AUTH 04/09/2009 17:02:23 A 5821 0368 0x4 Worker 1 established conn 167 with 127.0.0.1:1881
  AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 3
  AUTH 04/09/2009 17:02:23 A 5821 1400 0x6 Worker 3 established conn 168 with 127.0.0.1:1883
  AUTH 04/09/2009 17:02:24 A 5853 0236 0x51 Worker 4 error/timeout, forcing API disconnect of connection 165.
  AUTH 04/09/2009 17:02:24 A 5887 0236 0x51 Worker 4 closing conn 165 endpoint. Handled 2 messages.
  AUTH 04/09/2009 17:02:24 A 5789 0236 0x51 Worker 4 waiting for work
  AUTH 04/09/2009 17:02:30 E 2100 4080 0x6d External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1783L)

• Can't authenticate Windows account

  Hi guys. I'm trying to log onto my Windows XP computer over Leopard's SMB share, but whenever I mount the computer share and try to enter my user name and password from the XP computer, all that ever happens is the authentication window disappears, and I end up logged in as a Guest user. I've tried it with a couple of different test accounts on the Windows computer, but no joy. Any suggestions?
  Also, is there any reason why the Windows computer pretty regularly disappears from the Finder sidebar for seemingly no reason?
  Thanks!

  Ah well that's irritating. How do things like this slip through Apple's obviously extensive testing? Another possible bug I've found is that I can't connect to a Vista computer on my network at all. It shows up in the sidebar, but that's as far as connecting goes. Does Vista sharing work in Leopard?

• OEL ldap client setup with SSL against OID using either ldaps or starttls

  Hi, I've got OID 11.1.1.1.0 running with SSL enabled on port 3132. It's running in mode 2, SSL Server Authentication mode (orclsslauthentication is set to 32). I'd like to setup my OEL 5.3 and Solaris 10 ldap clients to connect to OID using SSL for user authentication. I have everything already working on the non-SSL port (3060), but I need to switch over to SSL. So far I can't get it to work on either OEL or Solaris. Does anyone out there know how to configure the client to use SSL?
  Here's my /etc/ldap.conf file on OEL 5.3.
  timelimit 120
  bind_timelimit 120
  idle_timelimit 3600
  nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
  URI ldaps://FQDN:3132/
  port 3132
  ssl yes
  host FQDN
  base dc=DOMAIN,dc=com
  pam_password clear
  tls_cacertdir /etc/oracle-certs
  tls_cacertfile /etc/oracle-certs/oid-test-ca.pem
  tls_ciphers SSLv3
  # filter to AND with uid=%s
  pam_filter objectclass=posixaccount
  #The search scope
  scope sub
  I have /etc/nsswitch.conf set to check for files first, then ldap
  passwd: files ldap
  shadow: files ldap
  group: files ldap
  Here's my /etc/openldap/ldap.conf file
  URI ldaps://FQDN:3132/
  BASE dc=DOMAIN,dc=com
  TLS_CACERT /etc/openldap/cacerts/oid-test-ca.pem
  TLS_CACERTDIR /etc/openldap/cacerts
  TLS_REQCERT allow
  TLS_CIPHERS SSLv3
  The oid-test-ca.pem is a self-signed cert from the OID server. I also have the hash file configured.
  4224de9f.0 -> oid-test-ca.pem
  I can run ldapsearch using ldaps and it works fine.
  ldapsearch -v -d 1 -x -H ldaps://FQDN:3132 -b "dc=DOMAIN,dc=com" -D "cn=user,cn=users,dc=DOMAIN,dc=com" -w somepass -s sub objectclass=* | more
  But when I run the 'getent passwd' command, it only shows me my local user accounts and none of my ldap accounts. I also can't SSH in using a ldap account.
  Solaris 10 is actually a whole other beast...I'm using the native Solaris ldap client (not PADL based) and I don't think it even works with SSL unless you're using the default ports (389/636).
  Does anyone out there know how to setup the client-side for ldap authentication using SSL? Any tips, howto docs, or advice are appreciated. Thanks!

  Hello again...
  after some research and work together with Oracle Support I found out how to get it to work:
  1. You have to create your own ConfigSet in OID using
  SSL-Server-Authentication
  (OpenSSL seems not to support SSL-encryption-only).
  The following link shows on how to do that:
  http://otn.oracle.com/products/oid/oidhtml/oidqs/html_masters/a_port01.htm
  2. Add the following lines to your $HOME/ldaprc
  TLS_CACERT /home/frank/oid-caroot.pem
  TLS_REQCERT allow
  TLS_CIPHERS SSLv3
  ssl on
  tls_checkpeer no
  oid-caroot.pem is the CA-Root Certificate you got
  during step 1
  3. you should now be able to use ldapsearch using SSL
  If you still can't connect using SSL you may have run into another issue with OpenSSL which affects systems using OpenSSL version 0.9.6d and above. The problem seems to be caused by an security fix which may not be compliant with the SSL implementation of Oracle.
  I opened an Bug for that problem with RedHat. This Bug Description also includes an proposal for an Patch which solves the problem (but may introduce some security risks). See the Bug at RedHat:
  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123849
  Bye
  Frank Berger

• How can I authenticate users against a WAS system from third-party app?

  We are looking at developing a third-party standalone web application e.g. in Rails (but it could be on any framework for that matter).
  How would we go about authenticating users against a SAP WAS backend? Are there some standard web services for this? What other means are there for authentication?
  Kind Regards,
  Martin

  From the comment in SUSR_LOGIN_CHECK_RFC you just need to pass user name and it will return if user can still log on. Only your system will know credentials for this user so an attacker won't be able to use this service for cracking passwords.
  This FM is in the same function group as:
  CREATE_RFC_REENTRANCE_TICKET
  SUSR_CHECK_LOGON_DATA
  SUSR_DELETE_OWN_PASSWORD
  SUSR_GENERATE_PASSWORD
  SUSR_GET_ADMIN_USER_LOGIN_INFO
  SUSR_GET_X509CERT_MAPPING_LIST
  SUSR_LOGIN_CHECK_RFC
  SUSR_USER_CHANGE_PASSWORD_RFC
  SUSR_USER_EXTID_DEL
  SUSR_USER_EXTID_GET
  SUSR_USER_EXTID_GET_ALL
  SUSR_USER_EXTID_LOOKUP
  SUSR_USER_EXTID_RENAME
  SUSR_USER_EXTID_SET
  SUSR_USER_EXTID_SET_ALL
  SUSR_USER_FROM_CERTIFICATE_RFC
  SUSR_USER_SETEXTID
  You would need to ensure that only the service exposing the "login check" can be called, and not the FM's in the group.
  BTW: SAP Java WAS can provide SAML 2.0 assersions (technically a component shipped with IdM, but you don't have to use the rst of the IdM if you don't want to..). If your applications are all web enabled ones (WDA?) then that is an option to consider, which is also strategically supported.
  SSO2 Logon tickets are not really a strategy anymore... and installing a double-stack system on all ECC sytems just to have SAML is not strategic either.. 
  I have heard several wishes for SAML authentication for SAPGui, but not seen anything official yet in that direction.
  Cheers,
  Julius

• Linux authentication against OID ldap

  Hi,
  How to use OID as an authentication server for linux users. So when a users logs on the linux machine get's his information from the OID /ldap server?
  What are the step to do this?
  Regards

  This link should help:
  http://www.oracle.com/technology/products/oid/pdf/unix_pam_oid_wp.pdf

• OIF Simple authentication (Form) against OID

  Hello,
  Have installed OIF, and OID without problems, the OID is set as a user repository for OIF, I would like to create a simple form based authentication to create a session on OIF for a given user, but I dont now how to do it, I tried with the sample provided with oif (at .../shareid/login.jsp, http://mydo:8778/shareid/login.jsp) but I am getting errors!!!!
  Could any one help me?

  What are the error messages you see?
  You are not supposed to invoke the login page directly. Did you configure the IdP and SP for Federated SSO? The simplest way to do this is Loopback Testing, where the same OIF is the IdP and SP. The URL for Loopback Testing is:
  http://mydo:8778/shareid/saml/ObSAMLTransferService?DOMAIN=MyDomain&METHOD=artifact&TARGET=http://mydo:8778/shareid/saml/ObSAMLTestTarget
  When you fire this URL, you will hit a form login page. Upon login, a user session will be created. For more information, read this link:
  http://download.oracle.com/docs/cd/E10773_01/doc/oim.1014/b25355/configuring.htm#BCGHGCAB
  -shetty2k