PHP iTunes U authentication issue

I’ve been working with integrating iTunes U with Moodle. On the Moodle site there is an iTunes U block available for integrating the 2 systems. I’ve been trying to use this and I am able to get to the iTunes U site from Moodle, but I am not being signed into the site as an authenticated user. I can’t seem to figure out why. I was however able to authenticate with a Perl script.
The Moodle block has a Setting section where I fill in all my site specific information such as the Shared Secret. This is definitely working fine as I am able to get to my site without issue. But, the passing of the credentials and identity do not seem to be working because I am not being signed in as an authenticated user.
Right now my Credentials are very basic – formatted just like the sample ones – such as:
Adminstrator@urn:mace:itunesu.com:sites:example.edu (where example.edu is my school’s name).
Can anyone review the files below and shed some light on why I am not getting authenticated?
Thanks.
Itunes_redirect.php
<?php // $Id: itunesu_redirect.php,v 1.1 2008/06/06 19:08:49 mchurch Exp $
require_once('../../config.php');
global $USER, $CFG;
require_once($CFG->dirroot.'/lib/weblib.php');
require_once($CFG->dirroot.'/lib/moodlelib.php');
require_once($CFG->dirroot.'/blocks/itunesu/itunes.php');
if (!isloggedin()) {
print_error('sessionerroruser', '' , $CFG->wwwroot);
$destination = required_param('destination', SITEID, PARAM_INT); // iTunes U destination
$name = fullname($USER);
/* Create instance of the itunes class and initalized instance variables */
$itunes = new itunes();
$itunes->setUser($name, $USER->email, $USER->username, $USER->id);
/* more work needs to be done with determining credentials */
$itunes->setAdminCredential($CFG->blockitunesuadmincred);
$itunes->setInstructorCredential($CFG->blockitunesuinsturctcred);
$itunes->addAdminCredentials();
$itunes->setSiteURL($CFG->blockitunesuurl);
$itunes->setSharedSecret($CFG->blockitunesusharedsecret);
$itunes->setDestination($destination);
$itunes->invokeAction();
?>
Itunes.php file:
<?php
# iTunes Authentication Class
# Written by Aaron Axelsen - [email protected]
# University of Wisconsin - Whitewater
# Edited by Ryan Pharis, [email protected] - Texas Tech University
# Class based on the Apple provided ITunesU.pl
# example script.
# REQUIREMENTS:
# PHP:
# - tested with PHP 5.2
# - make sure hash_hmac() works - <a class="jive-link-external-small" href="http://us2.php.net/manual/en/function.hash-hmac.php">http://us2.php.net/m anual/en/function.hash-hmac.php</a>
# - php curl support
#Example Usage:
<?php
include('itunes.php');
$itunes = new itunes();
// show loading screen while processing request
//include(ROOTURL.'/includes/pages/itunesload.php');
// Set User
$itunes->setUser("Jane Doe", "[email protected]", "jdoe", "42");
// Set Admin Permissions
$itunes->addAdminCredentials();
// Set Instructor Permission
//$itunes->addInstructorCredential('uniquename_fromitunes');
// Set Student Credential
//$itunes->addStudentCredential('uniquename_fromitunes');
// Set Handle
// This will direct login to the specific page
#$itunes->setHandle('');
// iTunes U Auth Debugging
$itunes->setDebug(true);
$itunes->invokeAction();
?>
class itunes {
// Oktech - add
var $authtoken;
var $siteURL;
var $debugSuffix;
var $sharedSecret;
var $administratorCredential;
var $instructorCredential;
var $studentCredential;
var $urlonly;
var $urlcredentials;
var $destination;
// Oktech
* Create iTunes Object
public function __construct() {
$this->setDebug(false);
$this->siteURL = 'https://deimos.apple.com/WebObjects/Core.woa/Browse/example.edu';
$this->directSiteURL = 'https://www.example.edu/cgi-bin/itunesu';
$this->debugSuffix = '/abc1234';
$this->sharedSecret = 'STRINGOFTHIRTYTWOLETTERSORDIGITS';
$this->administratorCredential = 'Administrator@urn:mace:itunesu.com:sites:example.edu';
$this->studentCredential = 'Student@urn:mace:itunesu.com:sites:example.edu';
$this->instructorCredential = 'Instructor@urn:mace:itunesu.com:sites:example.edu';
$this->credentials = array();
// Set domain
$this->setDomain();
// Oktech add
public function getInstructorCredential() {
return $this->instructorCredential;
public function setInstructorCredential($credential) {
$this->instructorCredential = $credential;
public function getStudentCredential() {
return $this->studentCredential;
public function setStudentCredential($credential) {
$this->studentCredential = $credential;
public function getAdminCredential() {
return $this->administratorCredential;
public function setAdminCredential($credential) {
$this->administratorCredential = $credential;
public function getSharedSecret() {
return $this->sharedSecret;
public function setSharedSecret($sharedsecret) {
$this->sharedSecret = $sharedsecret;
public function getAuthToken() {
return $this->authtoken;
public function setAuthToken($authtoken) {
$this->authtoken = $authtoken;
public function getDebugSuffix() {
return $this->directSiteURL;
public function setDebugSuffix($debugsuffix) {
$this->directSiteURL = $debugsuffix;
public function getSiteURL() {
return $this->siteURL;
public function setSiteURL($siteurl) {
$this->siteURL = $siteurl;
* Extract the URL from the return html
* block from the iTunes U server. Replace
* Apple's itmss tag with https
private function extractURL($htmlblock) {
$remainder = '';
$pos = 0;
$result = '';
$remainder = strstr($htmlblock, "_open('i");
$remainder = substr_replace($remainder, '', 0, 7);
$remainder = substr_replace($remainder, 'https', 0, 5);
$pos = strpos($remainder, "');");
$result = substr_replace($remainder, '', $pos);
$this->urlonly = $result;
public function getExtractedURL() {
return $this->urlonly;
* Extract the credentials part from the returned URL from
* the iTunes U server
public function extractURLCredentials($url) {
$result = '';
$pos = 0;
$remainder = strstr($url, "gtcc.edu?");
$remainder = substr_replace($remainder, '', 0, 9);
$this->urlcredentials = $remainder;
public function getExtractedURLCredentials() {
return $this->urlcredentials;
public function setDestination($destination) {
$this->destination = $destination;
public function getDestination() {
return $this->destination;
// Oktech add
* Add's admin credentials for a given user
public function addAdminCredentials() {
$this->addCredentials($this->administratorCredential);
* Add Student Credential for a given course
public function addStudentCredential($unique) {
$this->addCredentials($this->studentCredential.":$unique");
* Add Instructor Credential for a given course
public function addInstructorCredential($unique) {
$this->addCredentials($this->instructorCredential.":$unique");
* Set User Information
public function setUser($name, $email, $netid, $userid) {
$this->name = $name;
$this->email = $email;
$this->netid = $netid;
$this->userid = $userid;
return true;
* Set the Domain
* Takes the siteURL and splits off the destination, hostname and action path.
private function setDomain() {
$tmpArray = split("/",$this->siteURL);
$this->siteDomain = $tmpArray[sizeof($tmpArray)-1];
$this->actionPath = preg_replace("/https:\/\/(.+?)\/.*/",'$1',$this->siteURL);
$pattern = "/https:\/\/".$this->actionPath."(.*)/";
$this->hostName = preg_replace($pattern,'$1',$this->siteURL);
$this->destination = $this->siteDomain;
return true;
* Set the Handle
* Takes the handle as input and forms the get upload url string
* This is needed for using the API to upload files directly to iTunes U
public function setHandle($handleIn) {
$this->handle = $handleIn;
$this->getUploadUrl = "http://deimos.apple.com/WebObjects/Core.woa/API/GetUploadURL/".$this->siteDoma in.'.'.$this->handle;
return true;
* Get Identity String
* Combine user identity information into an appropriately formatted string.
* take the arguments passed into the function copy them to variables
private function getIdentityString() {
# wrap the elements into the required delimiters.
return sprintf('"%s" <%s> (%s) [%s]', $this->name, $this->email, $this->netid, $this->userid);
* Add Credentials to Array
* Allows to push multiple credientials for a user onto the array
public function addCredentials($credentials) {
array_push($this->credentials,$credentials);
return true;
* Get Credentials String
* this is equivalent to join(';', @_); this function is present
* for consistency with the Java example.
* concatenates all the passed in credentials into a string
* with a semicolon delimiting the credentials in the string.
private function getCredentialsString() {
#make sure that at least one credential is passed in
if (sizeof($this->credentials) < 1)
return false;
return implode(";",$this->credentials);
private function getAuthorizationToken() {
# Create a buffer with which to generate the authorization token.
$buffer = "";
# create the POST Content and sign it
$buffer .= "credentials=" . urlencode($this->getCredentialsString());
$buffer .= "&identity=" . urlencode($this->identity);
$buffer .= "&time=" . urlencode(mktime());
# returns a signed message that is sent to the server
$signature = hash_hmac('SHA256', $buffer, $this->sharedSecret);
# append the signature to the POST content
return sprintf("%s&signature=%s", $buffer, $signature);
* Invoke Action
* Send a request to iTunes U and record the response.
* Net:HTTPS is used to get better control of the encoding of the POST data
* as HTTP::Request::Common does not encode parentheses and Java's URLEncoder
* does.
public function invokeAction() {
$this->identity = $this->getIdentityString();
$this->token = $this->getAuthorizationToken();
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this->generateURL() . '?' . $this->token);
//curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// Oktech - change
$this->authtoken = curl_exec($ch);
curl_close($ch);
/* Start a new sesstion and send a request for specific content with the appropriate credentials */
$ch = curl_init();
$this->extractURL($this->authtoken);
$this->extractURLCredentials($this->urlonly);
curl_setopt($ch, CURLOPT_URL, $this->siteURL . '.' . $this->destination . '?' . $this->urlcredentials);
//curl_setopt($ch, CURLOPT_POST, 1);
curl_exec($ch);
curl_close($ch);
// Oktech
* Auth and Upload File to iTunes U
* This method is said to not be as heavily tested by apple, so you may have
* unexpected results.
* $fileIn - full system path to the file you desire to upload
public function uploadFile($fileIn) {
$this->identity = $this->getIdentityString();
$this->token = $this->getAuthorizationToken();
// Escape the filename
$f = escapeshellcmd($fileIn);
// Contact Apple and Get the Upload URL
$upUrl = curl_init($this->getUploadUrl.'?'.$this->token);
curl_setopt($upUrl, CURLOPT_RETURNTRANSFER, true);
$uploadURL = curl_exec($upUrl);
$error = curl_error($upUrl);
$http_code = curl_getinfo($upUrl ,CURLINFOHTTPCODE);
curl_close($upUrl);
print $http_code;
print "
$uploadURL";
if ($error) {
print "
$error";
# Currently not working using php/curl functions. For now, we are just going to echo a system command .. see below
#// Push out the designated file to iTunes U
#// Build Post Fields
#$postfields = array("file" => "@$fileIn");
#$pushUrl = curl_init($uploadURL);
#curl_setopt($pushUrl, CURLOPT_FAILONERROR, 1);
#curl_setopt($pushUrl, CURLOPT_FOLLOWLOCATION, 1);// allow redirects
#curl_setopt($pushUrl, CURLOPT_VERBOSE, 1);
#curl_setopt($pushUrl, CURLOPT_RETURNTRANSFER, true);
#curl_setopt($pushUrl, CURLOPT_POST, true);
#curl_setopt($pushUrl, CURLOPT_POSTFILEDS, $postfields);
#$output = curl_exec($pushUrl);
#$error = curl_error($pushUrl);
#$http_code = curl_getinfo($pushUrl, CURLINFOHTTPCODE);
#curl_close($pushUrl);
#print "
#print $http_code;
#print "
$output";
#if ($error) {
# print "
$error";
// Set the php time limit higher so it doesnt time out.
settimelimit(1200);
// System command to initiate curl and upload the file. (Temp until I figure out the php curl commands to do it)
$command = "curl -S -F file=@$f $uploadURL";
echo "
echo $command;
exec($command, $result, $error);
if ($error) {
echo "I'm busted";
} else {
print_r($result);
echo $command;
* Set Debugging
* Enable/Disable debugging of iTunes U Authentication
public function setDebug($bool) {
if ($bool) {
$this->debug = true;
} else {
$this->debug = false;
return true;
* Generate Site URL
* Append debug suffix to end of url if debugging is enabled
private function generateURL() {
if ($this->debug) {
return $this->siteURL.$this->debugSuffix;
} elseif ($this->isHandleSet()) {
return $this->directSiteURL.'.'.$this->handle;
} else {
return $this->siteURL;
* Check to see if the handle is set
private function isHandleSet() {
if (isset($this->handle))
return true;
else
return false;
?>

Janet ... hmmm ... I suppose it could also be "Jane T. Smith" ... ah well, anywho,
One thing to understand when it comes to credentialling is that, even if your transfer CGI (Moodle block) doesn't work ... if you redirect someone to your iTunes U site, that person will -always- carry two credentials ... "Unauthenticated" and "All". You do not have to assign the credentials ... they are automatic.
Put it this way, if I direct you to my site:
https://deimos.apple.com/WebObjects/Core.woa/Browse/uic.edu
if you click on that link, authentication or no, Apple will give you the "Unauthenticated" and "All" credentials. Anywhere on my site where those creds are good, you'll have access.
Hmmm ... maybe I can rephrase it this way ... there are four credentials that are a part of every site ...
All ... everyone who accesses your site gets this cred ... everyone.
Authenticated ... if you pass a valid iTunes U URL request for a user, he/she will get this cred.
Unauthenticated ... this cred is given whenever someone gets to your site -without- a tokenized (credentials, identity, time, signature) URL request. For example, if someone uses your site base URL without any modification.
Administrator ... this cred has total access to a site.
So if you access your site using your admin cred, you'll actually carry three creds ... "Administrator" (of course), but also "All" and "Authenticated".
So why this long discussion of creds? Well, if you're getting in with the "Unauthenticated" credential, it's a sure sign your transfer CGI (Moodle thingy) isn't working ... at all. It's not that you can't pass the admin cred ... or identity info ... you're not passing any info. And because you're not passing any info, iTunes U does the default thing ... give you "All" and "Unauthenticated" access.

Similar Messages

General authentication issues

I have a general issue with authenticating usernames and passwords. starting with remote desktop connection to my win 8 laptop 6 days a go i was able to connect to it from the internet with no problems, now for some reason i can't connect to it i can see the window asking for a log in info so it can see the computer but it doesn't accept my log in info, i also have win 2008 server computer on the same LAN and i can connect to it from the outside.
same thing with my FTP service i can connect to my FTP from the internet using IE but when it asks for username and password it doesn't accept them.
SAME PROBLEM WITH VPN i used to e able to connect to my LAN from the outside internet and now while it's verifying username and password for VPN it doesn't accept them.
Iam basically looking at an authentication issue not a connection because i see that i can connect to these services until authentication level then authentication doesn't work.
Any Ideas?
Thanks

Normally I would use FLAC for quality but since Itunes doesn't support it I use mp3. Good albums I do both. Is there a plugin so I don't need 2 copies of my music?
You can try the Xiph plugins to play your FLAC files. Some people have reported success while others have had problems, but it would be worth trying.
When I drag the music in to the play list Itunes takes between 5-10 minutes to add the songs and do its gap less playback check, etc.. Itunes is hung the entire time and does not respond. Is this normal?
How many tracks do you have in your library? If it's really large (many thousands of tracks), the delay may be normal.
it says it's getting the artwork but it only gets the art work may be 1 out 20 albums I import. Is there a way to select the art work manually?
If you search the web for "iTunes album art" you'll find a lot of methods for getting album artwork into iTunes.
Regards.

Authentication issue getting "UMELoginException"

Dear Guys,
I am facing an authentication issue. The situation is like this,
My NT password was about to expire (had 6 more days for expiry). I was able to login till yesterday and all of the sudden today, when I was trying to login, I was not able to (it gave me password change message). So I went back and changed my NT password and tried to login again into the portal, however I am still not able to. I am pasting the stack trace,
#1.5#001143FDCEA7006700000008000018C40004196E4AD849E8#1153861399615#com.sap.security.core.imp#sap.com/irj#com.sap.security.core.imp.[cf=com.sap.security.core.sapmimp.logon.SAPMLogonLogic][md=doLogon][cl=20282]#Guest#192####fff21cf01c2011dba425001143fdcea7#SAPEngine_Application_Thread[impl:3]_0##0#0#Error##Java###doLogon failed
[EXCEPTION]
#1#com.sap.security.core.logon.imp.UMELoginException
     at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:318)
     at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:344)
     at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:126)
     at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
     at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:312)
     at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:368)
     at com.sap.portal.navigation.Gateway.service(Gateway.java:101)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Please help.
Regards,
Deepak

Hi Deepak,
it is most times that it needs to replicate through your system(s).
Regards,
Kai
PS: Please reward points if that was helpful.

Authentication Issue, When Profile ReCreate

Hi,
i face authentication issue in SQL Server 2012 Evalution after i login in new account.
Take a look situation and what i did.
1) I install SQL Server 2012 in Member Server (Server 2012 Standard).
2). Every Thing i Did i by using AD User name "SP_Farm"
3). I install SQL in Windows Authentication Mode only and i provide User ****\SP_Farm, when Ever Installation Ask.
Note: during the whole process i only use SP_Farm (AD Admin User)
Every thing going working fine till my mistake. By mistake i delete account SP_Farm from AD and i re create it.
after that i cant access Management Studio. :(
Please Guide if is there any other way.
Thanks you
Shariq Ayaz
[email protected]
www.shariqdon.com
www.shariqdon.com/itworld
www.shariqdon.com

Hi,
i face authentication issue in SQL Server 2012 Evalution after i login in new account.
Take a look situation and what i did.
1) I install SQL Server 2012 in Member Server (Server 2012 Standard).
2). Every Thing i Did i by using AD User name "SP_Farm"
3). I install SQL in Windows Authentication Mode only and i provide User ****\SP_Farm, when Ever Installation Ask.
Note: during the whole process i only use SP_Farm (AD Admin User)
Every thing going working fine till my mistake. By mistake i delete account SP_Farm from AD and i re create it.
Creating a user with the same name is
not the same user :-)
A user has a unique ID and you did not create the same ID, but a new user with same name.
after that i cant access Management Studio. :(
Please Guide if is there any other way.
Thanks you
Shariq Ayaz
[email protected]
www.shariqdon.com
www.shariqdon.com/itworld
www.shariqdon.com
You can try to use This solution:
http://blogs.msdn.com/b/raulga/archive/2007/07/12/disaster-recovery-what-to-do-when-the-sa-account-password-is-lost-in-sql-server-2005.aspx
* After the SQL Server Instance starts in single-user mode, the Windows Administrator account is able to connect to SQL Server using the sqlcmd utility using Windows authentication.
[Personal Site] [Blog] [Facebook]

Essbase 6.5 External Authentication Issue!! Urgent Please!!

Hi all,
I am great trouble over an external authentication issue in Essbase 6.5. I request you all to please give me your feedback on the same as soon as possible.
I am in a situation where I need to get my Essbase 6.5 external Authentication converted from LDAP to Active Directory services.
I suppose there has been necessary changes done to the .cfg file for the same. However, I think I am getting an error
"User [vikc]'c external authentication protocol [MSEX]'s password check module is not loaded".
Please let me know if you have come across such an issue earlier and can anybody to able to help me with the same.
Its kinda Urgent. so any replies for the same will be appreciated.
Thanks and Regards,
Vikram

Vikram,
Yes you will have to reconfigure the CSS.xml and cfg file for external auth.
Here is the Sample CSS
<spi>
          <provider>
               <msad name="full360">
                    <trusted>false</trusted>
                    <url>ldap://192.168.1.100:389/DC=full360,DC=com</url>
                    <userDN>CN=Ravinder Singh,DC=full360,DC=com</userDN>
                    <password>full@360</password>
                    <authType>simple</authType>
                    <identityAttribute>dn</identityAttribute>
                    <maxSize>1000</maxSize>
                    <user>
                         <loginAttribute>sAMAccountName</loginAttribute>
                         <nameAttribute>dn</nameAttribute>
                    </user>
                    <group>
                         <nameAttribute>cn</nameAttribute>
                         <objectclass>
                              <entry>group?member</entry>
                         </objectclass>
                    </group>
               </msad>
Download this toll "http://www.ldapbrowser.com/download.htm"
LDAP browser to get the perfact DN information.
Let me know the status
Ravikant

I have itunes 10.5.2 Can I download and update directly to the latest version of itunes without any issues?

I have itunes 10.5.2 Can i download and update directly to the latest version of itunes without any issues?

Yes, but back up the library first. Note that if you're using Mac OS X 10.5.8, you won't be able to update iTunes past 10.6.3.
(96898)

ACS 5.2 Authentication Issue with Local & Global ADs

Hi I am facing authentication issue with ACS 5.2. Below is AAA flow (EAP-TLS),
- Wireless Users >> Cisco WLC >> ADs <-- everything OK
- Wireless Users >> Cisco WLC >> ACS 5.2 >> ADs <-- problem
Last time I tested with ACS, it worked but didn't do migration as there'll be changes from ADs.
Now my customer wants ACS migration by creating new Group in AD, I also update ACS config.
For the user from the old group, authentication is ok.
For the user from the new group, authentication fails. With subject not found error, showing the user is from the old group.
Seems like ACS is querying from old records (own cache or database). Already restared the ACS but still the same error.
Can anyone advice to troubleshoot the issue?
Note: My customer can only access their local ADs (trusted by Global ADs). Local ADs & ACS are in the same network, ACS should go to local AD first.
How can we check or make sure it?
Thanks ahead,
Ye

Hello,
There is an enhacement request open already:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCte92062
ACS should be able to query only desired DCs
Symptom:
Currently on 5.0 and 5.1, the ACS queries the DNS with the domain, in order to get a list of all the DCs in the domain and then tries to communicate with all of them.If the connection to even one DC fails, then the ACS connection to the domain is declared as failed.A lot of customers are asking for a change on this behavior.
It should be possible to define which DCs to contact and/or make ACS to interpret DNS Resource Records Registered by the Active Directory Domain Controller to facilitate the location of domain controllers. Active Directory uses service locator, or SRV, records. An SRV record is a new type of DNS record described in RFC 2782, and is used to identify services located on a Transmission Control Protocol/Internet Protocol (TCP/IP) network.
Conditions:
Domain with multiple DCs were some are not accessible from the ACS due to security/geographic constraints.
Workaround:
Make sure ALL DCs are UP and reachable from the ACS.
At the moment, we cannot determine which Domain Controller on the AD the ACS will contact. The enhacement request will include a feature on which we can specify the appropriate the Domain Controllers the ACS should contact on a AD Domain.
Hope this clarifies it.
Regards.

Wireless Client Authentication issues when roaming Access Points (Local)

I have a Cisco 5508 with Software version 7.4.121.0 and Field Recovery 7.6.101.1.
There are a handful of clients that when roaming between AP's with the same SSID that get an authentication issue and have to restart the wireless to get back on.
From Cisco ISE
Event
5400 Authentication failed
Failure Reason
11514 Unexpectedly received empty TLS message; treating as a rejection by the client
Resolution
Ensure that the client's supplicant does not have any known compatibility issues and that it is properly configured. Also ensure that the ISE server certificate is trusted by the client, by configuring the supplicant with the CA certificate that signed the ISE server certificate. It is strongly recommended to not disable the server certificate validation on the client!
Root cause
While trying to negotiate a TLS handshake with the client, ISE expected to receive a non-empty TLS message or TLS alert message, but instead received an empty TLS message. This could be due to an inconformity in the implementation of the protocol between ISE and the supplicant. For example, it is a known issue that the XP supplicant sends an empty TLS message instead of a non-empty TLS alert message. It might also involve the supplicant not trusting the ISE server certificate for some reason. ISE treated the unexpected message as a sign that the client rejected the tunnel establishment.
I am having a hard time figuring out what is causing this. My assumption is if there were a problem with the Controller or AP configurations then it would happen to everyone. My further assumption is if the client had a problem with their laptop (windows 7) then why does work at other times? So I have checked and the ISE certificate is trusted by client.
Is something happening that the previous access point is holding on to the mac and the return authentication traffic is going to the old AP instead of the new one or something like that which is corrupting the data?
I also had this from Splunk for the same client:
Mar 5 13:44:51 usstlz-piseps01 CISE_Failed_Attempts 0014809622 1 0 2015-03-05 13:44:51.952 +00:00 0865003824 5435 NOTICE RADIUS: NAS conducted several failed authentications of the same scenario
FailureReason="12929 NAS sends RADIUS accounting update messages too frequently"
Any help on this would be appreciated. These error messages give me an idea but doesn't give me the exact answer to why the problem occurred and what needs to be done to fix it.
Thanks

Further detail From ISE for the failure:
11001
Received RADIUS Access-Request
11017
RADIUS created a new session
15049
Evaluating Policy Group
15008
Evaluating Service Selection Policy
15048
Queried PIP
15048
Queried PIP
15004
Matched rule
15048
Queried PIP
15048
Queried PIP
15004
Matched rule
11507
Extracted EAP-Response/Identity
12500
Prepared EAP-Request proposing EAP-TLS with challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12301
Extracted EAP-Response/NAK requesting to use PEAP instead
12300
Prepared EAP-Request proposing PEAP with challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12302
Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
12318
Successfully negotiated PEAP version 0
12800
Extracted first TLS record; TLS handshake started
12805
Extracted TLS ClientHello message
12806
Prepared TLS ServerHello message
12807
Prepared TLS Certificate message
12810
Prepared TLS ServerDone message
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
11514
Unexpectedly received empty TLS message; treating as a rejection by the client
12512
Treat the unexpected TLS acknowledge message as a rejection from the client
11504
Prepared EAP-Failure
11003
Returned RADIUS Access-Reject

Authentication issues

We've had authentication issues with Infinity since the install just over a week ago (BT Business package)
The router will drop the connection and then we have a problem reconnecting (won't). Out of sheer frustration I've discovered a workaround that sometimes works that is to change the user name to the BT test account, connect, and then change the router user name setting back to our own. The BT test account always works, so despite a BT engineer being sent to trace the problem onsite yesterday the issue remains. We've also been sent a new router, and the BT engineer arrived with yet another new one yesterday
The problem seems to be purely authentication. The Technical Helpdesk have changed our password (twice) but we still get the problem. Yesterday I was told that some other users in our area have also had an authentication issue and that over the weekend 'patches' were going to be applied at our local exchange.
When the service works we get quite good speeds (37 down, 8 up) but we're frustrated with the lack of knowledge from the help-desk and have doubts that the 'patches' will resolve the issue
Such is the problem that BT will downgrade us back to ADSL2 (which was rock solid in comparison) next week if we're still unhappy
I did ask if our user name could be changed but told no. I'm curious to know as to what the switch to fibre could cause authentication problems?

hi this is a BT Residential forum as a Business user you may get more help from the BT business forum
http://business.forums.bt.com/t5/Broadband-and-internet/bd-p/Broadband
If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’

Safari 5.1 HTML5 HTTP basic access authentication issue video does not load

I have a .m4v video referenced in a page with the HTML5 video tag in a folder which is in a password protected folder housed on iPage.
Safari 5.0.5 plays the video fine. Safari 5.1 fails to load/play the video in the protected folder. If I move the video to a not protected folder, Safari 5.1 plays it fine.
This is on iPage. Back on MobileMe all is fine with 5.1.
I think this is a HTTP basic access authentication issue with 5.1.
Anyone have similar issue? Work around?

Yes, I can also confirm this behaviour. This is in Safari 5.1.1, but I also see the exact same thing in WebKit nightlies.

FYI! Intego NetBarrier X5 and iTunes App Store Issues

I discovered last night (while attempting to download the iPhone 3.0 update) that my 3rd party firewall, Intego's NetBarrier X5, is preventing App Store application and iPhone software updates.
Back in early March, I upgraded NetBarrier from X4 to X5, importing my settings from the old version into the new. From that point on, I have been unable to update my iPhone applications from within iTunes; I was caught in an endless loop of being asked to log into the App Store, and being denied access (almost as if my credentials weren't making it to Apple's servers). The weird part was, I had no problem downloading music, movies, etc. from the iTunes Store; this issue only affected App Store downloads/updates.
I do not know if this is a problem with Intego or an Apple. I'm inclined to believe that something changed within iTunes 8; a change to the ports used to access the App Store, as opposed to the regular iTunes Store. I say this because, when I turned off NetBarrier completely, I was finally able to access/download my application updates after months of not being able to. As soon as I turned it back on, I got caught up in that endless login loop again. This is definately an issue.
I post this information in the hope that it will resolve similar issues for others. iTunes Support, when contacted numerous times, was completely useless.
It appears that I'm going to have to configure my firewall to allow ALL iTunes traffic to pass. Can someone please tell me where I can find a comprehensive list of ports that must be open for iTunes to function properly? I would greatly appreciate it.

Hello Everyone,
After upgrading to Snow Leopard, and re-installing X5 (10.5.4), it looks like I may have identified the cause of this issue.
It appears that, within X5, if you select the "+Hide my Apple ID when using iTunes MiniStore+" option (Overview --> Privacy --> Data --> Surf), it jacks-up connections to iTunes Store App/iPhone OS Updates.
For now, I have de-selected this option, and everything seems to be functioning as it should.
I cannot believe that something as stupid as this has caused me (and countless others) so many months of aggravation. I will be reporting this as a defect to Intego later today.
Hope this information helps.
Kerry

ITunes & iRadio streaming issues, why?

Hello from Miami,
All this week I have been experianceing issues with either my iTunes Store giving me iTunes store errors windows along with the iRadio player acting up also. I have contacted apple support to clear caches along with anything else that needs clearing out. Well tonight the issues returned, I have to make an educated guess and say it's not at my end.
Has anyone else experianced similar issues, update me.
Thank you

I was the originator of my post the other night.. "iTunes & iRadio Streaming issues, Why?" posted on October 19th. It is that another person chimed in on my topic, paulie74".
I do not feel I was lectured, I was simply stating how you treated this other apple user, "paulie74" by stating the following. You said,
"Also ranting about quality control will not help your cause, I use both and have absolutely no issues as do millions of others."
Being positive and not being unhelpful is not what these forums are about, then you also mentioned,
"perhaps you should read the Terms of Use you agreed to", I know the terms of these forums and those of the Apple company, I am not new to Apple, and would respectfully suggest that you be more constructive regarding your comments and not expresses yourself in a way that upsets others.
And yes, I will forward all this onto Apple, for I trust they will do what's right as always.
Thank you,
Mohegan

Airport-Router authentication issue

Hi - I have a really annoying authentication issue between my MBP (late '06) and my DIR-655 D-Link router (f/w 1.22 b05).
I am getting "disconnection" issues on my MacBook Pro only. We are not seeing any issues on my fiance's Vaio laptop. So I'm thinking maybe the router isn't to blame...?
I put "disonnection" in quotes because airport always shows that there is a connection to the router/network, but there clearly is not. Sometimes I have to disconnect/reconnect airport, but often the connection just comes back after 30 seconds or so. It usually looks like a DNS issue...holding at the "looking up" stage, but I really don't think it is. I've tried various domain name servers.
I thought I had worked around this by allowing the router to accept G in addition to 802.11n connections, but the problem, while not as prevalent, seems to have increased lately even while using 802.11g.
I see that the router's log is replete with messages like this:
*Wireless system with MAC address 0017F2HR7BC6 disconnected for reason: Authentication Failed*
That MAC address is indeed my MBP
I'm also seeing a lot of messages along these lines:
*Blocked incoming TCP connection request from 119.154.75.13:1420 to 173.78.73.92:445*
But I assume these messages are unrelated.
So I turned off WPA-Personal security and, of course, no further authentication errors. Those blocked TCP requests continue.
Of course, I don't want to keep WPA turned off.
Any ideas as to why authentication would be failing on and off with airport? I didn't even realize there was more than a single authentication (i.e. after you first connect), but I still have a LOT to learn about routers!
Any ideas appreciated!

FWIW
119.154.75.13 = an address in Pakistan
173.78.73.92 = an address in Tampa, Florida on the Verizon Network
Have you been using BitTorrent or some other p2p software lately ?
Re your router issue, have you considered using MAC Address Security (not WAP/WEP) ?

ITunes Store Transaction Issue

Can someone tell me how to contact iTunes for Transaction issues?
PROBLEM:
As you know, when we buy something from iTunes, it the "transaction details" says something like:
"OUTSTANDING TRANS#****-****-****-**** MISCELLANEOUS DEBIT DEBIT". (The "****" being the card number).
It has said that for the past several day in my "Transation History".
How do I know its iTunes? My Bank told me + Everytime iTunes stuffs up (as in I buy something, and its not registsredt rpoperly I have to give the security number on the back of your debit card). So this time, I put the Security Number in maybe a few times, thinking I had to, and each time I did. They took $1 debit from me.
Has anyone else encountered this?

Try redownloading it via iCloud.
Downloading past purchases from the App Store, iBookstore, and iTunes Store
If the problem persists, see this article.
How to report an issue with Your iTunes Store purchase
B-rock

Any help troubleshooting iTunes type legibility issues after scrolling

iTunes type is illegible after I scroll down a page. I'm using Chrome on a Window 7 (Pro) machine (64) with an "Intuos 4" Wacom tablet (USB). See image of screen capture below for illustration.
The issue is happening everywhere I browse in iTunes store. It usually happens on several button's type at once effecting the legibility so bad it's unreadable. It is only occuring in the iTunes Store and not in 'Library' or any of the other areas of the application interface. So, I assume it has to do with a browser integration?
When navigating (browsing) in iTunes store, the issue is consistantly happening using my scroll wheel as well as my pen. It's early and I've been up all night, so there is probably something I've left out here, but I will check back later this afternoon.

Jgreg14 you have my sympathies. 36 hours ago while using my iPad I was told that my Apple ID had been disabled. Like you I went to the forums, reset my password, and also like you, nothing changed. I have contacted iTunes support and after 24 hours they responded with this:
Cesar here from the iTunes Store Support Team. Your inquiry is very important to me, so I have requested assistance with the issue you reported. You will receive an email after the matter has been investigated and further information is available.
Thank you for your patience. Apple wants your iTunes experience to be as enjoyable as possible. Take care!
Boy do I feel special. I sat on the phone to the UK helpline for 30 minutes, and have been told my case has been elevated to "URGENT".
Basically I was wondering if you ever got your problem sorted out?

PHP iTunes U authentication issue

Similar Messages

Maybe you are looking for