PKCS#11 Token Middleware problem

Hi all!
I'm trying to reach a smartcard through the PKCS#11 Bridge. The smartcard itselfs has middleware software which has to prompt me with a logon popup. But when I try to run the following code, i get a Exception which tells me the PIN is incorrect. This is reasonalbe because i didn't yet insert the pin. Did someone had the same problem?
I hope someone can tell me why i'm not getting the popup? I dont want to store the pin in my code, because it has to be dynamically.
Java code:
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
public class ReadUZI {
      * @param args
     public static void main(String[] args) {
          String configName = "Pkcs11eToken.properties";
          Provider provider = new sun.security.pkcs11.SunPKCS11(configName);
          Security.addProvider(provider);
          KeyStore.ProtectionParameter pp = new KeyStore.PasswordProtection(new char[]{});
          KeyStore.Builder keyStoreBuilder = KeyStore.Builder.newInstance("PKCS11",provider,pp);
          try {
               KeyStore ks = keyStoreBuilder.getKeyStore();
               Key key = ks.getKey("alias", null);
          } catch (KeyStoreException e) {
               e.printStackTrace();
          } catch (NoSuchAlgorithmException e) {
               e.printStackTrace();
          } catch (UnrecoverableKeyException e) {
               e.printStackTrace();
}The Exception:
java.security.KeyStoreException: KeyStore instantiation failed
     at java.security.KeyStore$Builder$2.getKeyStore(Unknown Source)
     at nl.atosorigin.et.hl7.ReadUZI.main(ReadUZI.java:27)
Caused by: java.io.IOException: load failed
     at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:830)
     at java.security.KeyStore.load(Unknown Source)
     at java.security.KeyStore$Builder$2$1.run(Unknown Source)
     at java.security.AccessController.doPrivileged(Native Method)
     ... 2 more
Caused by: javax.security.auth.login.FailedLoginException
     at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:900)
     at sun.security.pkcs11.P11KeyStore.login(P11KeyStore.java:846)
     at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:821)
     ... 5 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_PIN_INCORRECT
     at sun.security.pkcs11.wrapper.PKCS11.C_Login(Native Method)
     at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:888)
     ... 7 morethe configuration file:
name = uzipas
library = C:\WINDOWS\system32\aetpkss1.dllI hope to hear from you all soon! :)
My regards,
Jan-Martijn

Hi all!
I'm trying to reach a smartcard through the PKCS#11 Bridge. The smartcard itselfs has middleware software which has to prompt me with a logon popup. But when I try to run the following code, i get a Exception which tells me the PIN is incorrect. This is reasonalbe because i didn't yet insert the pin. Did someone had the same problem?
I hope someone can tell me why i'm not getting the popup? I dont want to store the pin in my code, because it has to be dynamically.
Java code:
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
public class ReadUZI {
      * @param args
     public static void main(String[] args) {
          String configName = "Pkcs11eToken.properties";
          Provider provider = new sun.security.pkcs11.SunPKCS11(configName);
          Security.addProvider(provider);
          KeyStore.ProtectionParameter pp = new KeyStore.PasswordProtection(new char[]{});
          KeyStore.Builder keyStoreBuilder = KeyStore.Builder.newInstance("PKCS11",provider,pp);
          try {
               KeyStore ks = keyStoreBuilder.getKeyStore();
               Key key = ks.getKey("alias", null);
          } catch (KeyStoreException e) {
               e.printStackTrace();
          } catch (NoSuchAlgorithmException e) {
               e.printStackTrace();
          } catch (UnrecoverableKeyException e) {
               e.printStackTrace();
}The Exception:
java.security.KeyStoreException: KeyStore instantiation failed
     at java.security.KeyStore$Builder$2.getKeyStore(Unknown Source)
     at nl.atosorigin.et.hl7.ReadUZI.main(ReadUZI.java:27)
Caused by: java.io.IOException: load failed
     at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:830)
     at java.security.KeyStore.load(Unknown Source)
     at java.security.KeyStore$Builder$2$1.run(Unknown Source)
     at java.security.AccessController.doPrivileged(Native Method)
     ... 2 more
Caused by: javax.security.auth.login.FailedLoginException
     at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:900)
     at sun.security.pkcs11.P11KeyStore.login(P11KeyStore.java:846)
     at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:821)
     ... 5 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_PIN_INCORRECT
     at sun.security.pkcs11.wrapper.PKCS11.C_Login(Native Method)
     at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:888)
     ... 7 morethe configuration file:
name = uzipas
library = C:\WINDOWS\system32\aetpkss1.dllI hope to hear from you all soon! :)
My regards,
Jan-Martijn

Similar Messages

  • Middleware problem -Outbound queue is stuck in SAP R/3 system with message

    Hi Middleware gurus ,
    We are stuck with a serious issue . We are trying to download Business partners from SAP R/3 4.6c system to SAP CRM 5.2 system using CRM Middleware
    Previously we did a successful Initial download of 2 Business partners from SAP R/3 to CRM . Their BP numbers in CRM are 001 and 002 . The Delta load is working fine for the both the BPs which are already downloaded
    Now , the real problem is when we are trying to download a new Business partner . When we set the Filter ( BP no 003 ) in MW adaptor object CUSTOMER_MAIN and start the Initial load again , we see that the Outbound queue is getting stuck with message “STOP” .
    There are two queues generated in SAP R/3 system with names “MASS_CRM_CUSTOME” and “R3AD_CUSTOME” . The status for both the queues is “STOP” and when go for details it mentions “sapsuck ..SAPMSSY1 “ -Message no. SR 053.
    Even we checked the txn SMW01, the Bdocs message is "Recived ( Intermediate state) " for Bdoc type BUPA_MAIN.
    We really don’t as to why the Initial load worked fine with 2 BPs  and later when want to do more BP Initial Load the Outbound queue is getting stuck
    Also , by unlocking the 2nd queue “R3AD_CUSTOME” we are able to release it , but the first queue “MASS_CRM_CUSTOME*” is stuck
    Please help us urgently
    Regards
    Dinesh and Ritvij
    Email : [email protected]
    Mobile -+91=9704933315

    Hi Praveen and other Middleware gurus,
    We checked on this . Actually the RFC is used for connecting to SAP R/3 system.
    We also raised an OSS message on this and found a reply that in transaction CRMM_BUPA_MAP, we can map the required BP . But the SAP support guy recived an error received the error:
    An RFC link is not maintained in the Middleware
    Message no. CRM_BUPA_MAPPING051
    We have set the RFC link , but still the problem continues!!!
    Please help further..
    Regards
    Dinesh and Ritvij

  • Sun PKCS#11 NSS Problem with CA Certificates

    There appears to be a problem with the Sun PKCS#11 provider's NSS specific functionality.
    If Firefox 2.x based KeyStore is loaded which contains CA Certificates which have been imported into the the standard "Software Security Device" (and are therefore not in the root store) they are not visible as Certificate Entries when enumerating the KeyStore aliases.
    If a personal key/cert pair is present then the corresponding CA Certs can be obtained via KeyStore.getCertificateChain(alias) but this doesn't help when I have other CA's present that need to be accessed.
    These additional CA Certificates are visible via the FireFox "Certificate Manager" and via the JSS API's - anyone aware of this problem ?

    You need to use the trustanchors nssModule, read the JavaTM PKCS#11 Reference Guide at --
    http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html#Config
    For example, you can write your config file like this --
    name=NSS
    nssSecmodDirectory=path_of_your_dbs
    nssLibraryDirectory=path_of_dll_or_so
    nssModule=trustanchors

  • PKCS#7 Signature problem

    Hi, I have a problem with my PDF files generating PKCS#7 signatures, both adbe.pkcs7.sha1 and adbe.pkcs7.detached.
    PKCS#1 is OK, using the certifcate as /Cert and not /Contents naturally, but I need PKCS#7 for having to insert TimeStamp info.
    Acrobat reports ASN.1 parsing error/ Error encountered while BER decoding.
    I enclose a short extract:
    11 0 obj
    <<
    /Type/Sig
    /Filter/Adobe.PPKLite
    /SubFilter/adbe.pkcs7.sha1
    /Name(Papyrus User)
    /M (D:20080910112551)
    /R 65541
    /Contents(0\202\004\0200\202\003y\240\003\002\001\002\002\011\000\221\202\334`\271a\
    \263l0\015\006\011*\206H\206\367\015\001\001\005\005\0000\201\2671\013\
    0\011\006\003U\004\006\023\002AT1\0310\027\006\003U\004\007\023\020\
    Maria Enzersdorf1+0\)\006\003\
    U\004\012\023"ISIS Papyrus \(Def\
    ault certificate\)1\0330\031\006\
    \003U\004\013\023\022Evaluation Purpo\
    se1\0350\033\006\003U\004\003\023\024www.isis-\
    papyrus.com1$0"\006\011*\206H\206\367\
    \015\001\011\001\026\025info@isis-papyru\
    s.com0\036\027\015070320151112Z\
    \027\015080319151112Z0\201\2671\0130\011\
    \006\003U\004\006\023\002AT1\0310\027\006\003U\004\007\023\020Ma\
    ria Enzersdorf1+0\)\006\003U\004\
    \012\023"ISIS Papyrus \(Defau\
    lt certificate\)1\0330\031\006\003U\
    \004\013\023\022Evaluation Purpose\
    1\0350\033\006\003U\004\003\023\024www.isis-pa\
    pyrus.com1$0"\006\011*\206H\206\367\015\001\
    \011\001\026\025info@isis-papyrus.\
    com0\201\2370\015\006\011*\206H\206\367\015\001\001\001\005\000\003\
    \201\215\0000\201\211\002\201\201\000\256od\026\314Uw\037\\\226M\010\
    Q\006\344\351\033\324f\305\030\314\035S\374\217\2114\362\205\001\203\305\231\
    %u\323\251*\351\364mR\374R\220\367*\220\037K\206\323\270\037\(\
    \312e\01082u\015GIz\212\217\2526\003UGYa6%\234\
    \340\264N\374g\024\260\226\315\)\302\012\033\275\236\203\357\301I\351\225\316\
    !\214\232&\344\213\356\334\220\274\002=\327\013/p|\025\223}V\025\
    \017\323\262\016\220#\002\003\001\000\001\243\202\001 0\202\001\0340\035\006\
    \003U\035\016\004\026\004\024/\326xc$\004\321\332\317\277|\002\220v\
    \202\301\)\034\332\2320\201\354\006\003U\035#\004\201\3440\201\341\200\024\
    /\326xc$\004\321\332\317\277|\002\220v\202\301\)\034\332\232\241\201\
    \275\244\201\2720\201\2671\0130\011\006\003U\004\006\023\002AT1\031\
    0\027\006\003U\004\007\023\020Maria Enzersd\
    orf1+0\)\006\003U\004\012\023"ISIS Pap\
    yrus \(Default certific\
    ate\)1\0330\031\006\003U\004\013\023\022Evaluat\
    ion Purpose1\0350\033\006\003U\004\003\023\024\
    www.isis-papyrus.com1$\
    0"\006\011*\206H\206\367\015\001\011\001\026\025info@is\
    is-papyrus.com\202\011\000\221\202\334`\271\
    a\263l0\014\006\003U\035\023\004\0050\003\001\001\3770\015\006\011*\
    \206H\206\367\015\001\001\005\005\000\003\201\201\000\237\371&\241\273\254\365\326\
    l\363ZC%\217\020\305\3511\340\027:\337\376OU-\331U\222\200\
    g\025B\307\323\331\236\304[P\022\254\363\032j\226KOE"\033\213\
    h\376\242]\363\236\366X\227\235\272\320\366~\373\254UIA\026\243\235\
    Bz\321\356c\316BK\211\355\235\244`a\265t\035\347y\37354\
    H\342\010\235Q\007\337kJ\264\016[\3179Ig\255$\302\025]\272\
    \300\240\254\304\314\225\210\222\3229)
    /ContentInfo<0482008063CFA582E3F41AB66B045C211F49EF940A2A754CC891A132A7BEE5F80F94471048E16 9DDBA739CA6EC3A575B447213E0DBDAB893BE8A67AE9C3D36294524037FB71442D929934F26540EBBA4D7F9851 9325AD2486EC3FBDEE96046C3D6E7C5E1AA4C570A070B8849990D4413FCB2B0A2712286129602075B10BAC81ED 12909E100>
    /ByteRange[0 4973 5241 603 ]
    >>
    endobj

    Thanks for the answer, Leonard, I can generate it in hex mode, it's not accepted alike. Somehow Acrobar doesn't like this certificate
    (now the certificate in Conents as it is generated by adbe.pkcs7.detached subfilter:
    11 0 obj
    <<
    /Type/Sig
    /Filter/Adobe.PPKLite
    /SubFilter/adbe.pkcs7.detached
    /Name(Papyrus User)
    /M (D:20080911172121)
    /R 65541
    /Contents <3082041030820379A0030201020209009182DC60B961B36C300D06092A864886F70D01010505003081B7310B 300906035504061302415431193017060355040713104D6172696120456E7A657273646F7266312B3029060355 040A1322495349532050617079727573202844656661756C7420636572746966696361746529311B3019060355 040B13124576616C756174696F6E20507572706F7365311D301B060355040313147777772E697369732D706170 797275732E636F6D3124302206092A864886F70D0109011615696E666F40697369732D706170797275732E636F 6D301E170D3037303332303135313131325A170D3038303331393135313131325A3081B7310B30090603550406 1302415431193017060355040713104D6172696120456E7A657273646F7266312B3029060355040A1322495349 532050617079727573202844656661756C7420636572746966696361746529311B3019060355040B1312457661 6C756174696F6E20507572706F7365311D301B060355040313147777772E697369732D706170797275732E636F 6D3124302206092A864886F70D0109011615696E666F40697369732D706170797275732E636F6D30819F300D06 092A864886F70D010101050003818D0030818902818100AE6F6416CC55771F5C964D085106E4E91BD466C518CC 1D53FC8F8934F2850183C5992575D3A92AE9F46D52FC5290F72A901F4B86D3B81F28CA65083832750D47497A8A 8FAA36035547596136259CE0B44EFC6714B096CD29C20A1BBD9E83EFC149E995CE218C9A26E48BEEDC90BC023D D70B2F707C15937D56150FD3B20E90230203010001A38201203082011C301D0603551D0E041604142FD6786324 04D1DACFBF7C02907682C1291CDA9A3081EC0603551D230481E43081E180142FD678632404D1DACFBF7C029076 82C1291CDA9AA181BDA481BA3081B7310B300906035504061302415431193017060355040713104D6172696120 456E7A657273646F7266312B3029060355040A1322495349532050617079727573202844656661756C74206365 72746966696361746529311B3019060355040B13124576616C756174696F6E20507572706F7365311D301B0603 55040313147777772E697369732D706170797275732E636F6D3124302206092A864886F70D0109011615696E66 6F40697369732D706170797275732E636F6D8209009182DC60B961B36C300C0603551D13040530030101FF300D 06092A864886F70D0101050500038181009FF926A1BBACF5D66CF35A43258F10C5E931E0173ADFFE4F552DD955 9280671542C7D3D99EC45B5012ACF31A6A964B4F45221B8B68FEA25DF39EF658979DBAD0F67EFBAC55494116A3 9D427AD1EE63CE424B89ED9DA46061B5741DE779FB353448E2089D5107DF6B4AB40E5BCF394967AD24C2155DBA C0A0ACC4CC958892D239>
    /ByteRange[0 2404 4494 603 ]
    >>
    endobj

  • ACS 4.0 and RSA Token Server problem

    Hi,
    We are having a problem trying to get ACS 4.0 for Windows to authenticate wireless users on an RSA Token server.
    Our Cisco 1200 series AP is configured for WPA2 and LEAP authentication. It points at the ACS server for RADIUS authentication. Now this works fine for users with a static password defined on the ACS internal database. However, for obvious security reasons, we?d like the authentication passed to our internal RSA server.
    I have installed the RSA Agent on the same server as the ACS along (after adding the generated sdconf.rec file to the System32 folder). The RSA server has been added to the ACS external databases and a user configured to use the RSA Token server for password.
    When we try to authenticate, the ACS fails the attempt with reason ?External DB password invalid?. The same user can successfully authenticate when using the RSA test authentication tool which is installed on the ACS server as part of the RSA Agent software.
    After running some debugs on a PIX in front of the servers, I can see traffic to/from the servers when using the test tool (which works), however it looks like ACS doesn?t even send traffic to the RSA server when authenticating.
    Any help or advice appreciated.
    Thanks

    Hi,
    The token servers only support PAP. Please make sure that the request are going to the RSA in PAP.
    Following link talks about the same.
    http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs40/user/o.htm#wp824733
    Regards,
    ~JG

  • BO Login token expire problem

    Hi,
    We have few dashboards developed in Xcelsius which we need to run 24/7. We use jsp to create login token and pass the login token to the .swf file. The problem is, the login token expires after 24 hour and the dashboards give error message "Invalid login token". In that case, we have to close the dashbaords and start again.
    Is there anyway to automatically extend the lifetime of the login tokens? Please share your knowledge.
    Regards,
    Tanveer.

    There is a setting in the infoview web.xml for logontoken and value of true will cause the logon token to auto renew.
    If you are looking for a solution in the SDK then you may want to ask this question in the SDK forums. Let me know and I can move the post there.
    Regards,
    Tim

  • Urgent: Middleware problem: Load from R/3 to CRM

    Hi,
    This is with regards to a CRM installation that we have at our office. I have followed all the Best practices steps for establishing connectivity and to activate replication between the backend R/3 and the CRM system.
    However, I am facing the following issues:
    1) When trying to replicate Customizing Objects from R/3 OLTP to CRM System, the execution remains on "Running" status forever. The only option remains to abort the execution.
    2) On running the transaction SMOHQUEUE, I am facing the following error message: "Error during aRFC (SAPCRM_MW_RR_000:Name or password is incorrect. Please re-enter)". Best practices suggests creation of a RFCUSER in client 000. This I have done.
    3) Finally, in the Best practices document, C71, if you kindly refer to page 19 till the end of the section, it has been mentioned that at the time of creating RFC destinations for R/3 and the logical destinations, the logon credentials is that of RFCUSER for all. However, creation of this user is only for client 000. I am trying to understand whether RFCUSER needs to be created in R/3 as well as the application client.
    I would request your expert advice as this is very urgent and assure that points will be awarded.
    Thanks
    Souvik

    I have found a propoer articulation of my problem in SAP note 429423. It goes as follows:
    <i>"No entry exists in one of the queues, but the status in R3AM1 remains 'Running':
    In this case, probably no reply is sent to the CRM Server after the data selection in the source system.If this is the case for an adapter object but not for others, contact the respective application component which can analyze why the source system does not send a reply and correct it.
    If this system response occurs for all adapter objects, create a message for component CRM-MW-ADP."</i>
    However, I am unable to act on the above. Kindly suggest what exactly needs to be done as suggested in the note.

  • SAP CRM middleware problem (sysfail ) The current application has triggered a termination with short dump

    i'm having a proplem during  starting initial load although i'm using the best practice documents C71 and B09 and all the configration was done by them .... could any one help ??

    this is the first dump error for my RFCUSER on the ECC server
    Category               ABAP Programming Error
    Runtime Errors         MESSAGE_TYPE_X
    ABAP Program           SAPLCRMC
    Application Component  CA
    Date and Time          05.03.2014 17:50:47
    Short Text
         The current application has triggered a termination with a short dump.
    What happened?
         The current application program has detected a situation that should
         not occur. A termination with short dump has therefore been triggered
         by the key word MESSAGE (type X).
    What can you do?
         Note down which actions and inputs caused the error.
         To process the problem further, contact you SAP system
         administrator.
         Using Transaction ST22 for ABAP Dump Analysis, you can look
         at and manage termination messages, and you can also
    Error analysis
        Short text of the error message:
        See SAP Note 1498111
        Long text of the error message:
         Diagnosis
         System Response
         Procedure
             Refer to the SAP Note that was mentioned.
         Procedure for System Administration
        Technical information about the message:
        Message class....... C_
        Number.............. 330
        Variable 1.......... 1498111
        Variable 2..........
        Variable 3..........
        Variable 4.......... " "
    How to correct the error
        Probably the only way to eliminate the error is to correct the program.
        If the error occurs in a non-modfied SAP program, you might be able to
        find a solution in the SAP Notes system. If you have access to the SAP
        Notes system, check there first using the following keywords:
        "MESSAGE_TYPE_X"
        "SAPLCRMC" bzw. LCRMCF0C
        "CHECK_CRMATAB"
        If you cannot solve the problem yourself, please send the following
        information to SAP:
        1. This description of the problem (short dump)
        To do this, choose  System -> List -> Save -> Local File (unconverted)
        on the screen you are in now.
        2. A suitable system log
        To do this, call the system log in transaction SM21. Restrict the time
        interval to ten minutes before the short dump and five minutes after
        it. In the display, choose System -> List -> Save -> Local File
        (unconverted).
    3. If these are programs of your own, or modified SAP programs: Source
    code of these programs
    To do this, choose  More Utilities -> Upload/Download -> Download in
    the Editor.
    4. Details regarding the conditions under which the error occurred or
    which actions and input caused the error.
    thanks

  • Gmail Yahoo Token Verification problem

    Previous Version of Firefox enabled us to login Gmail and yahoomail directly after clicking the notification of the incoming mail on Gtalk or Yahoo Messenger but now it does not open the mail.
    == This happened ==
    Every time Firefox opened
    == When I updated to the new version of firefox 3.6.4

    Its nt about remembering passwords mary...
    The thing is there is a token system which works with yahoo messenger and gtalk wherein you get a notification of email received and when you click it your mail is directly opened instead of manual login even if you havent saved any ids or passwords in firefox

  • Initial load of product categories - Middleware issue

    Hello all,
    I need fresh idea regarding middleware problem that I am facing.
    My setup of middleware is done by note 720819, sites (CRM and R/3) are defined, report for product settings is run (service set to inactive), RFC connections set, filters for DNL_CUST_PROD1 set and nothing is happening when I try to transfer material groups for the backend. RFC users have SAP_ALL.
    Object is in status running and that is. I checked RFC connection and it is working, so EBP is entering R/3 and here everything stops.
    I used note 429423 for analysis with no much use because there is no BDocs at all.
    customizing is the same on DEV and QAS but on QAS is doing nothing while on DEV is happily executing.
    Please give some clue what is happening.
    TIA
    Gordan

    So,
    after digging around EBP and R/3 (do you remeber Digger game) I found out two things.
    1. RFC user had wrong authorizations (not SAP_ALL, SAP_NEW) what was different that on other systems. Finally agree with other that this authorizations are possible if user is not dialog.
    2. Because load was started with unproper authorizations it was stuck in OUTBOUND queue of SRM. When I deleted loads in queue and with proper authorizations everything went OK.
    Point: do not look only inbound queue in SRM
    Gordan

  • Trouble with ADFS: SAML tokens sent with missing attribute for most test users

    About two months ago, I set up an ADFS server to authenticate our users for another agency's website. I granted three users access to the website (by adding them to specific combinations of AD groups), and everything seemed to be working quite well.Then last week, my boss asked me to add another user to the required groups to grant them access. I did so, and he called me back about 30 minutes later to say that the newly authorized user was unable to access the website. After entering his credentials, he receives a 'webpage cannot be displayed' error. I have since added several other users, with mixed results: a few can log in with no issue, but most receive the same error.
    After corresponding with the other agency (a torturously slow process), they sent me SAML responses for two of our test users: one working, one failing. The SAML...
    This topic first appeared in the Spiceworks Community

    Hi,
    >> event id 342 "-This user can't sign in because this account is currently disabled "
    For this event, the following article can be referred to as reference.
    Troubleshooting token acceptance problems with AD FS 2.0
    https://technet.microsoft.com/en-us/library/ff641740(v=ws.10).aspx
    Based on the description, for ADFS questions, it's recommended that we ask for advice in the following forum.
    Claims based access platform (CBA), code-named Geneva
    https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
    Best regards,
    Frank Shen
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Java Card headache

    Hi,I am doing my final year project on java card and I have the software installed(java_card_kit-2_2_1, OCF 1.2, j2sdk1.4.1).I'm using Schlumberger Cyberflex Access Toolkit 4.4 and I already have the e-gate USB token.The problem is that I'm not sure how i shld start developing my application.I planned to do online cash withdrawal which can download cash from the bank account directly to the smart card. Anybody can help me with this?Where should i start from?I really need help and plz feel free 2 mail me.my email is [email protected] u very much.

    You are trying to run before you learn to walk. Learn the Java Card architecture. If you don't learn these things first, you'll be asking, how to write the applet, how to generate key pairs, how to create memory in EEPROM, how to send commands to the applet to store large data sizes over 256, etc. Take one step at a time !
    To answer you question: Depends on your solution. If you are using certs for digital signing, you should generate the signing keys on the card and send a CSR with the public key. Store the signing cert on the card. PKCS#15 is the standard, but time consuming to implement on a Java Card, so I recommend just a buffer and handle it off card. For encryption certs, you can generate the key pair off card and store the certificates on the card.
    CA questions should be directed to the Security Forum.
    HTH !

  • Constant refreshing of IE is only way to get site to display after a SharePoint 2010 Content Database Migration to 2013..why?

    Hi,
    I am having an issue of having to refresh my IE to be able to view a migrated SharePoint 2010 site in 2010 mode in SP2013. Is this Token Service Problem, Request Management problem.....
    Any ideas out there - driving me nuts!
    Thanks.
    John.
    P.S> Still think this could be related to over-provisioned host as all SP Machines are virtual. Won't know for sure until Tuesday.
    Thanks.
    JOhn.

    What are you using Request Management for?
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • Most iphone4 have fine horizontal interlace onscreen (with a test picture)

    Hi all,
    I have noticed some very fine horizontal lines on my iphone4 screen with IOS 4.3.5,Its not as silky smooth looking as it was.
    they are very fine unless you look carefully you can see a lot of thin horizontal lines on the entire screen.It is a very persistent flicker with flashing horizontal lines on the whole display.
    Do you guys have this problem?If you can‘t see it ,use this picture to test it.Save this picture( Full-size image with 640*960,not the Thumbnail) to you camera roll or photo libray,then check it without Zoom in or out,you would see the top and bottom bar flickering.
    The test image is using for test screen glitches,it just make you see the interlace flicker more clearly,If the test image flickers on your iphone4 ,you definitely have this issue.Actually,if you are sensitive enough and see carefully at the top bar ,especiall on the lockscreen date bar,you would see fine horizontal lines ,even that you can see the horizontal pixel.The impact is that the screen is not sharp enough as a "retina display"What I am wondering is that they seem to go away after the phone has been in use for a little while and "warms up". Is that a hardware issue?It seems more like software issue.
    I found that some guys have the same problem
    https://discussions.apple.com/message/13236194#13236194
    http://forums.macrumors.com/showthread.php?t=995716
    I suspect a relationship with production batches,the screens from different batches need different refresh rate,maybe very small difference,but apple doesn't take it into account

    Hi,
    >> event id 342 "-This user can't sign in because this account is currently disabled "
    For this event, the following article can be referred to as reference.
    Troubleshooting token acceptance problems with AD FS 2.0
    https://technet.microsoft.com/en-us/library/ff641740(v=ws.10).aspx
    Based on the description, for ADFS questions, it's recommended that we ask for advice in the following forum.
    Claims based access platform (CBA), code-named Geneva
    https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
    Best regards,
    Frank Shen
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Problem signing certificates from external token (smart card)

    I can not sign PDF documents with an external token (smart card) through a card reader of a Cherry keyboard.
    The card drivers perfectly detect the card and certificates in it, however when trying to sign a certificate in Adobe and select the location of the certificate click in the option "A device attached to this computer" ... I get an error indicating that no device is connected to the computer appears.
    I have tried several different card readers, it seems a problem of drives because the middleware card recognizes all tested certificates readers, however it seems that Adobe is not able to find the card reader. It has happened with several teams. In one team made a clone and deploy it to another machine with the same hardware environment, the firm run properly in the pdf that clone, however on the original computer is not working.
    You have any idea what could be the problem? Thank you very much in advance.

    If the digital ID's corresponding public-key certificate is not getting added to either the Windows Certificate Store, or Mac Keychain Access when you plug the card into the card reader, then you need to load the PKCS#11 module via the Acrobat UI. The module will be a DLL on Windows or a bundle file on the Mac. The problem is there is no one file name to look for, you would need to consult the hardware's documentation to find the name of the file. Once you know the name you can add the P11 module from the Security Settings dialog and then Acrobat will then see the digital ID(s) loaded on the smart card.
    Steve

Maybe you are looking for