Portal Kerberos based authentication
Hello,
After I configure kerberos based authentication with spneg, i still have the prompt to enter user & password instead off sso directly to the portal.
Any ideas ?
Thanks
Hello Geko.
Use a diagnostic tool for troubleshooting, refer to Notes [957707|https://service.sap.com/sap/support/notes/957707] and [1257108 - Collective Note: Analyzing issues with Single Sign On (SSO) |https://service.sap.com/sap/support/notes/1257108].
There are a few Blogs, Wiki Pages and forum topics regarding troubleshooting issues with SPnego.
Best regards,
Aliaksandr Zhukau
Similar Messages
-
Kerberos based authentication from AS 10.1.2 to Active Directory 2008
Hello,
just a short question: Has anyone achieved to authenticate via kerberos to a Windows 2008 domain?
Info: We like to continue to use the SSO and Windows Native Authentication feature. It worked with our Windows 2003 domain. But our domainserver was updated and we cannot make a connection from our Oracle application server (10.1.2.0.2) to the new domain via kerberos. The ktpass shows errors (according pType) while creating the sso.keytab. The keytab file is created. The kinit-tool (for testing the keytab file) shows errors again. Also the OPMN log shows during startup an error.
Any hint would be appreciated,
regards
Joergunzip in a new folder and start jdev, it'll ask if you want to copy the configurations from an earlier version. after that you only need to install custom extensions:
copy all files from old_version_jdev\jdev\lib\ext to new_version_jdev\jdev\lib\ext which are in old_version_jdev\jdev\lib\ext but not in new_version_jdev\jdev\lib\ext
better to first shut down jdev!
if everything works in the new version you can delete the old one.
if you are using an OC4J standalone or ias remember to update the adf version there too! -
Cannot create dataset from claims based authentication sharepoint site in report builder 3.0
I have a sharepoint site, which is configured as claims based authentication (ref:
http://ashrafhossain.wordpress.com/2011/05/25/how-to-configure-claim-based-authentication-for-sharepoint-project-server-2010/) . both AD and asp.net members can log in to the site successfully. My user need to use the report build to create report
on this sharepoint site. As a result, the site is also integrated with reporting service. I try to create a report in the sharepoint site by clicking "New Document" -> "Report builder Report". The report builder will comes out and ask for credential to
connect to the report server. I use asp.net member to login and it can let me to create a data source which connect to a the list of the sharepoint site with credential option "Use current Windows user. Kerberos delegation might be required". However, when
I try to create a data set and click the query designer, error "Server was unable to process request. ---> Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" appear as below:
Besides, non of my AD account can be used to login to the report builder. Errors below found in the ULS log:
09/26/2012 14:47:27.75 w3wp.exe (0x116C)
0x11F4 SharePoint Foundation
Claims Authentication fo1t
Monitorable SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated.
(Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
09/26/2012 14:47:27.76 w3wp.exe (0x140C)
0x0F38 SharePoint Foundation
Claims Authentication fsq7
High Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated. at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message
response) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken
rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
524a2f96-f5ff-4c96-80d1-f08d3c7ef14f
09/26/2012 14:47:27.76 w3wp.exe (0x140C)
0x0F38 SharePoint Foundation
Claims Authentication 8306
Critical An exception occurred when trying to issue security token: The security token username and password could not be validated..
524a2f96-f5ff-4c96-80d1-f08d3c7ef14fHi Foxvito,
Claims authentication types supported by SharePoint 2010 are Windows Claims, forms-based authentication Claims, and SAML Claims. In SAML-Claims mode, SharePoint Server accepts SAML tokens from a trusted external Security Token Provider (TST). From the
blog you referenced, it seems to use the SAML Claims authentication.
However, the Reporting Services client applications: Report Builder, the Report Designer in Business Intelligence Development Studio, and Management Studio do not support connecting and authenticating with LiveID or SAML Claims based SharePoint Web applications.
That's because the SAML Claims don't use the Reporting Services authentication endpoint. So, you have to change the Claims authentication type to use Report Builder on the SharePoint site.
References:
Overview of Kerberos authentication for Microsoft SharePoint 2010 Products
Claims Authentication and Reporting Services
Regards,
Mike Yin
Mike Yin
TechNet Community Support -
Claims Based Authentication and Editing User Profiles
Hi All,
I have an interesting issue where I have a SharePoint Farm setup with both the intranet and mysites web applications setup using Claims Based Authentication. While everything seems to work fine, you are able to search for users, view properties and users
can change their own profile properties. However when you configure a profile administration account (an account with the "manage user profiles" permission on the User Profile Service Application) and you attempt to use that account to edit
another users profile you get hit with a generic error page.
Delving deeper you get the following errors:
ULS:
Date Process Thread Id Area Category Event Id Level Correlation Message
5/7/2013 00:31:44:64 App Pool: MySites 0x1DC8 SharePoint Foundation Logging Correlation Data xmnv Medium 4001199c-6bd8-c03d-920f-55177fbff00c
Name=Request (GET:http://mysite.DOMAIN.loc:80/_layouts/15/EditProfile.aspx?UserSettingsProvider=234bf0ed%2D70db%2D4158%2Da332%2D4dfd683b4148&ReturnUrl=http%3A%2F%2Fmysite%2EDOMAIN%2Eloc%2Fperson%2Easpx%3Faccountname%3DDOMAIN%255CAUSER&accountname=DOMAIN%5CAUSER)
5/7/2013 00:31:44:66 App Pool: MySites 0x1DC8 SharePoint Foundation Authentication Authorization agb9s Medium 4001199c-6bd8-c03d-920f-55177fbff00c
Non-OAuth request. IsAuthenticated=True, UserIdentityName=0#.w|DOMAIN\sp_config, ClaimsCount=24
5/7/2013 00:31:44:66 App Pool: MySites 0x1DC8 SharePoint Foundation Logging Correlation Data xmnv Medium 4001199c-6bd8-c03d-920f-55177fbff00c
Site=/
5/7/2013 00:31:44:69 App Pool: MySites 0x1DC8 SharePoint Foundation Files 00000 High 4001199c-6bd8-c03d-920f-55177fbff00c
UserAgent not available, file operations may not be optimized.
at Microsoft.SharePoint.SPFileStreamManager.CreateCobaltStreamContainer(SPFileStreamStore spfs, ILockBytes ilb, Boolean copyOnFirstWrite, Boolean disposeIlb)
at Microsoft.SharePoint.SPFileStreamManager.SetInputLockBytes(SPFileInfo& fileInfo, SqlSession session, PrefetchResult prefetchResult)
at Microsoft.SharePoint.CoordinatedStreamBuffer.SPCoordinatedStreamBufferFactory.CreateFromDocumentRowset(Guid databaseId, SqlSession session, SPFileStreamManager spfstm, Object[] metadataRow, SPRowset contentRowset, SPDocumentBindRequest& dbreq, SPDocumentBindResults&
dbres)
at Microsoft.SharePoint.SPSqlClient.GetDocumentContentRow(Int32 rowOrd, Object ospFileStmMgr, SPDocumentBindRequest& dbreq, SPDocumentBindResults& dbres)
at Microsoft.SharePoint.Library.SPRequestInternalClass.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Int32 iRequestVersion, Byte bMainFileRequest, Boolean& pbCanCustomizePages,
Boolean& pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, Boolean& pbIsWebWelcomePage, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String&
pbstrTimeLastModified, String& pbstrContent, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64&
pllListFlags, Boolean& pbAccessDenied, Guid& pgDocid, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder,
Guid& pgDocScopeId)
at Microsoft.SharePoint.Library.SPRequestInternalClass.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Int32 iRequestVersion, Byte bMainFileRequest, Boolean& pbCanCustomizePages,
Boolean& pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, Boolean& pbIsWebWelcomePage, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String&
pbstrTimeLastModified, String& pbstrContent, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64&
pllListFlags, Boolean& pbAccessDenied, Guid& pgDocid, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder,
Guid& pgDocScopeId)
at Microsoft.SharePoint.Library.SPRequest.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Int32 iRequestVersion, Byte bMainFileRequest, Boolean& pbCanCustomizePages, Boolean&
pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, Boolean& pbIsWebWelcomePage, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String& pbstrTimeLastModified,
String& pbstrContent, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64& pllListFlags, Boolean&
pbAccessDenied, Guid& pgDocid, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder, Guid&
pgDocScopeId)
at Microsoft.SharePoint.SPWeb.GetWebPartPageContent(Uri pageUrl, Int32 pageVersion, PageView requestedView, HttpContext context, Boolean forRender, Boolean includeHidden, Boolean mainFileRequest, Boolean fetchDependencyInformation, Boolean& ghostedPage,
String& siteRoot, Guid& siteId, Int64& bytes, Guid& docId, UInt32& docVersion, String& timeLastModified, Byte& level, Object& buildDependencySetData, UInt32& dependencyCount, Object& buildDependencies, SPWebPartCollectionInitialState&
initialState, Object& oMultipleMeetingDoclibRootFolders, String& redirectUrl, Boolean& ObjectIsList, Guid& listId)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModuleData.FetchWebPartPageInformationForInit(HttpContext context, SPWeb spweb, Boolean mainFileRequest, String path, Boolean impersonate, Boolean& isAppWeb, Boolean& fGhostedPage, Guid& docId,
UInt32& docVersion, String& timeLastModified, SPFileLevel& spLevel, String& masterPageUrl, String& customMasterPageUrl, String& webUrl, String& siteUrl, Guid& siteId, Object& buildDependencySetData, SPWebPartCollectionInitialState&
initialState, String& siteRoot, String& redirectUrl, Object& oMultipleMeetingDoclibRootFolders, Boolean& objectIsList, Guid& listId, Int64& bytes)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModuleData.GetWebPartPageData(HttpContext context, String path, Boolean throwIfFileNotFound)
at Microsoft.SharePoint.ApplicationRuntime.SPVirtualPathProvider.GetCacheKey(String virtualPath)
at System.Web.Compilation.BuildManager.GetVPathBuildResultFromCacheInternal(VirtualPath virtualPath, Boolean ensureIsUpToDate)
at System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)
at System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)
at System.Web.Compilation.BuildManager.GetVPathBuildResult(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean ensureIsUpToDate)
at System.Web.UI.MasterPage.CreateMaster(TemplateControl owner, HttpContext context, VirtualPath masterPageFile, IDictionary contentTemplateCollection)
at System.Web.UI.Page.ApplyMasterPage()
at System.Web.UI.Page.PerformPreInit()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
5/7/2013 00:31:44:69 App Pool: MySites 0x1DC8 SharePoint Foundation Files aiv4w Medium 4001199c-6bd8-c03d-920f-55177fbff00c
Spent 0 ms to bind 33542 byte file stream
5/7/2013 00:31:44:72 App Pool: MySites 0x1DC8 SharePoint Portal Server User Profiles ai7z6 High 4001199c-6bd8-c03d-920f-55177fbff00c
User was not successfully retrieved: i:0#.w|DOMAIN\AUSER in ProfileUI.OnInit. Seeing if this is a system account
5/7/2013 00:31:44:72 App Pool: MySites 0x1DC8 SharePoint Portal Server User Profiles ai7z7 High 4001199c-6bd8-c03d-920f-55177fbff00c
User i:0#.w|DOMAIN\AUSER not found and not a system account.
5/7/2013 00:31:44:72 App Pool: MySites 0x1DC8 SharePoint Portal Server User Profiles ahn7m Unexpected 4001199c-6bd8-c03d-920f-55177fbff00c
ProfileUI: Unhandled exception inside OnInit: Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER
at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)
5/7/2013 00:31:44:72 App Pool: MySites 0x1DC8 SharePoint Portal Server User Profiles ahn7h Unexpected 4001199c-6bd8-c03d-920f-55177fbff00c
ProfileEditor: Unhandled exception inside OnInit: Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER
at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)
at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)
5/7/2013 00:31:44:72 App Pool: MySites 0x1DC8 SharePoint Foundation General 8nca Medium 4001199c-6bd8-c03d-920f-55177fbff00c
Application error when access /_layouts/15/EditProfile.aspx, Error=DOMAIN\AUSER
at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)
at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
5/7/2013 00:31:44:72 App Pool: MySites 0x1DC8 SharePoint Foundation Runtime tkau Unexpected 4001199c-6bd8-c03d-920f-55177fbff00c
Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER
at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)
at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
5/7/2013 00:31:44:72 App Pool: MySites 0x1DC8 SharePoint Foundation General ajlz0 High 4001199c-6bd8-c03d-920f-55177fbff00c
Getting Error Message for Exception System.Web.HttpUnhandledException (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER
at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)
at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
5/7/2013 00:31:44:72 App Pool: MySites 0x1DC8 SharePoint Foundation General aat87 Monitorable 4001199c-6bd8-c03d-920f-55177fbff00c
5/7/2013 00:31:44:73 App Pool: MySites 0x1DC8 SharePoint Foundation Monitoring b4ly Medium 4001199c-6bd8-c03d-920f-55177fbff00c
Leaving Monitored Scope (Request (GET:http://mysite.DOMAIN.loc:80/_layouts/15/EditProfile.aspx?UserSettingsProvider=234bf0ed%2D70db%2D4158%2Da332%2D4dfd683b4148&ReturnUrl=http%3A%2F%2Fmysite%2EDOMAIN%2Eloc%2Fperson%2Easpx%3Faccountname%3DDOMAIN%255CAUSER&accountname=DOMAIN%5CAUSER)).
Execution Time=87.1739285300227
It seems similar to an issue in the blog post here: http://kb4sp.wordpress.com/2012/12/05/user-cannot-be-found-shenanigans-one-way-active-directory-trusts-and-sharepoint-2013/ however I tried what was suggested and it didn't work.
Any help with this is appriciated.This line offers clues about the actual problem:
Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER
According to the MSDN link (http://msdn.microsoft.com/en-us/library/microsoft.office.server.userprofiles.usernotfoundexception.aspx)
it is not able to find the user in the profile store. Additionally the link you mentioned (http://kb4sp.wordpress.com/2012/12/05/user-cannot-be-found-shenanigans-one-way-active-directory-trusts-and-sharepoint-2013)
suggests that the account being used to validate accounts on the production domain may have a problem.
If there a way you can test that account in isolation against the DC?
With Regards Shailen Sukul Entrepreneur/Software Architect/Developer/Consultant/Trainer (BSc | Mct | Mcpd (.Net 2/3.5/SharePoint2010) | Mcts (Sharepoint 2010/MOSS/WSS), Biztalk, Web, Win, Dist Apps) | Mcitp(SharePoint) | Mcsd.NET | Mcsd | Mcad) MSN | Skype
| GTalk Id: shailensukul Twitter: http://twitter.com/shailensukul Website: http://sukul.org Blog: http://shailen.sukul.org/ http://www.linkedin.com/in/shailensukul -
Issue with form based Authentication in three tier sharepoint 2013 environment.
Hi,
We are facing issue with form based Authentication in three tier environment.
We are able to add users to the database and in SharePoint.
But we are not able to login with created users.
In single tier everything working fine
Please help , Its urgent ... Thanks in advance.
Regards,
Hari
Regards, Hariif the environments match, then it sounds like a kerberos double-hop issue
Scott Brickey
MCTS, MCPD, MCITP
www.sbrickey.com
Strategic Data Systems - for all your SharePoint needs -
Certificate based authentication for Exchange ActiveSync in Windows 8.* Mail app
I have a Surface Pro and want to setup access to my company's Exchange server that accepts only Exchange ActiveSync certificate-based authentication.
I've installed server certificates to trusted pool and my certificate as personal.
Then I can connect thru Internet Explorer, but this is not comfortable to use.
I don't have a password because of security politics of our company. When I'm setting up this account on my Android phone I'm using any digit for password and it works perfectly.
Can someone help to setup Windows 8 metro-style Mail application? Does it supports this type of auth? When I'm trying to add account with type Outlook, entering server name, domain name, username, 1 as a password then I've got a message like "Can't
connect. Check your settings."
Is there any plans to implement this feature?For what it's worth we have CBA working with Windows 8.1 Pro. In our case we have a MobileIron Sentry server acting as an ActiveSync reverse-proxy, so it verifies the client cert then uses Kerberos Constrained Delegation back to the Exchange CAS, however
it should work exactly the same to the Exchange server directly. I just used the CA to issue a User Certificate, exported the cert, private key and root CA cert, copied to the WinPro8.1 device and into the Personal Store. Configured the Mail app
to point at the ActiveSync gateway, Mail asked if I would like to allow it access the certificate (it chose it automatically) and mail synced down immediately...
So it definitely works with Windows Pro 8.1. -
Adobe Acrobat X Pro cannot handle claim based authentication
Hi,
The system has licensed 'Adobe Acrobat X Pro' installed successfully. When SharePoint 2010 site collection has NTLM authentication, pdf document can be edited sucessfully using 'Adobe Acrobat X Pro'.
Issue arises when the sharepoint 2010 site collection has claim based authentication.
User logs in and navigate through links as-
Workspace->Document Library.
Selects PDF document->select "Edit Document" link.
This action opens Adobe Acrobat X Pro, but do not open pdf and displays error "There was error opening this document. The filename, directory name, or volume label syntax is incorrect."
In this case, request-response caught as-
OPTIONS http://dev-ms-db-01.devrapdrp.mahadiscom.in/portal/workspace/WS%20Library/89000000 HTTP/1.1
Accept: */*
User-Agent: Mozilla/3.0 (compatible; Acrobat Annots 10.1.1 )
Host: dev-ms-db-01.devrapdrp.mahadiscom.in
Content-Length: 0
Connection: Keep-Alive
Pragma: no-cache
Cookie: SPSESSION=IWyGCxHlHGZr0eWSuEDJvOt7+i2Io81ggZFn+tFAtcuOYqDUjzIINxLXo5V69CSSbTi+UsSjgB8fow/ Gr0UWuGEHRpliqgfRGPsjaPO4vdYVCKJ+HAtMjCgcVx6HuVHUeO4/hpsI7gb47X9s4OmsgXkd6MqTFlVQIIMHxDtuE 6WpZxnSEl47voXnX11FkcIWSk8BqEl4+PnC7Paktct3SEJdgY+lWsazcsMqD3HrEGe0w7Qn0VN2lWglt1N5ejSDNyR oKoPAZKsm7fDqxO+SDHBF+UDEN2VvOhOV/PL5OIwRLKU+niaYolAZyDrASixdMm012NwchcLbqELJPT6sxfYEyMbRB MF2o1W922SYSkfAEKSFZ5ikkRyTCcuMNuI6fMQ6t+Xti6pcX/Vula+qf9q+vqPVxkZ5ACPih6EgvnUqxiNXgzLQ7c/ gYjo0D8ZP79KixoROJPs5VRZhmVKCnMY+SSn/4TNf2vW5eMiJeHdeeciMWpHC7cZ+Z6Uh3w+Aj9n9FTux2N++WTjRx wbIBluqQL1ZuCd3XnXBxlG9C4Wi1dAynp3YSd1axyOciVQmwnPuZg9XgROeqCM0/z4nmKkAYuu1MRH0acgVOu3PL/q C06T+UOxvHUKtU7Qe14TFFioYY8e/Rrfnd2uOIujUZLM/kJEM+kSguvoWeK+ABZHyTvPCw5FRxAsDNCiA2rklzFtUx yoI6SqDDlGidY+TRQaRfLX0xvlTqr7PPuEMLKAoEGwkBPvOV24eUPcVC1+PgKMt2rsbt1tZYn7adS4dZ3aRaj0zp9Q 8Pea2lFTxvsANYklT05kHQt832VsFQ9PGuHPTX7A7z6QUW4P4GOE5dJ5USawOrjxZ/Mi621NZlLaLfTzPTJmxcJu3X cCG8VrkMco9JfbxnM0ZKgD9OI+qjnQpJXpkjNChtrgZ+tYzLPb4TpQgQphBTfKIyhcXwW9Y+Lze/3P0zmjpiTIWWN3 mbyE5W07KpCtwvvECJhCn1cMlPoaEV0ZxWJsPcYNVNqFcWeQiDJugkAe7VlWJsiznjJDioW+98SsFoZWz/4U0KCB0P Ja/4VAMdzRQmm0owEucWBHUUw1//9ufkgk7DqZ75sH28cjfsfiKiBZvLe61Q8yxs5iiXqHBkp6WRaPH93CslYI1sa4 izeScEye2decQObEfVDY7KAOFAQSW95hlqSHcSlm1hgYR+AsMmffnqHcH0ebyjsvYJoI3o7AMXjev7o9qGH9eEd+eU Tpn3lnqvDdbbTYdkjtE8HeOkhqiEIXUj5jX/owYjASbW0Q0l6M+QjRUu/eJaBVNYEG8l3xIbnPTGyEWM3hCCbIvoXA WlN972hL4x+SDGkr7pK+gq/D6+5+FL2qqB7Vr9aRnc1nPSV6nx8oEgX/fcZpPWSACwphq
HTTP/1.1 302 Moved Temporarily
Date: Tue, 16 Jul 2013 10:42:30 GMT
Server: Apache/2.2.15 (Win32) mod_jk/1.2.30
Set-Cookie: SMSESSION=yFelHh2awfWW7yLKZHpSnNHDstixrmkciGIIqfLtwSRrLEQeVdI4R9iO3Q9qynhWDFCk8OIW2HXl+Cl JOdVC5/mwavCdDtHZYn5tL1s6C3BjIGLJowaDVTXUeGZAt0JcyVHEQcsIVgiiFlmkPKPapEOprHPItaa/vZJal5eeK 7NN8s0RrJ+Me1PlBmRQdBSklMxilciwMaLMXAKRwHSstl3kw5n2Qo5VCRmjG34k3gsYWNHh/I5o6buRRszeGpdZLeU 9GLeOdk8r3qXiXwIOvBhkBZrfuPKMAa1IIhftEdeJgKh9XSuCxAHs8wTEGCDzBNSzqZ3Q6S1UhC8/aA8qw1o2lVMbn 3AaYb2LE2/PgW9pN6VctY4XW6O8Dpvri8iXMCHLR28F8KrzLgust3CPBu1D/APPyJpsc1ya/IxdO5FWmCmBvGviEnN m9sNjPZVMSg3rpUgH8C492Kg5k4TzbqRsCvnI7o8ulycpBLvQOoQ97xOO8esCj/jtQAC8Y2bKLCKPqJhSJO4ROCaK7 6cGMihhGDhqE5+IJsW4Wr7Om4l4mO1Ov28hwJiGZVW0NsF0BJDrqPcagMAolIQ8xgTX1wpxPQebt/voTr5+ZjPbUj5 5LRvavod8ePnrE9majS/Fzr1QkHpeZvMxE6UBJ3r32uiEqykcm91nKIZpgBNkwKP9HzbgMSh8KV+y4vxQeOUT2rQo8 8r3vql9d+XCU7jk0jv6J+ugBBxGVaRC99thR6kvolTo7QMn6vsUk6ZC57IpSy84CQHSxp0vtNYdnTRcL8IZUPXyh3L iBnmCmdpRbEpN2l8kR23Jn0Zb1i/BxbMFU5El8xkhxWiZPCRLHctIIoXhv6Mt4amlc84MbawQedaL3ynWQFPg3sgyn 8KbigvV6nKf+rOBeVVU/fwCpLRwHxZ8x5aKWXPTZuT1W3tCkA6OwWIi9fshksawMgzTnNYpP/vz+Yrp/akquH5qb25 ZXsUHaMzR6YC0Lnw7wAMjRoDELznOVg0fgL12mjRkplI2Fg1HjsbmGNtdsCuS5Nt/VAiur40GNPnRG+kYtTVvaTOLw ShaXSqbKc5y0Z2MiQ+sCxXmXueRTtnXYiMKd3dszcGkor3mW2QrJqkFblcTSnIUeYDHhCMK+dt/0xA1jsVVA9Zal4F ISyWTryDUK5BQHVGyAHOoZK7NsYosGabLtvVe777VO4Q3eBSWkEU5QWpe47eAe54o1nfsR+gl0lJjR7q9Ms5LNW9qU NZaBahic1+c4MqhqLY5l+yqrig3CaFm; Domain=.mahadiscom.in; Expires=Tue, 23-Jul-2013 10:42:30 GMT; Path=/
Set-Cookie: SPSESSION=aecQ9bgin1o3zGDHNhZJB8l5o1MmEmOjAMaACmYoXuqvLFak53UjUmMYKSW5VJ6CyOr/ahKrDAhWXja D8f/eFAW6G5oZ/4t6D0TSiozDepGNHdCRJ72Z/mAenAOQI63rkXwnWuCzmOZXGW6ZPIvSjPw3+0GGWnNFkM4ZhBhxs ZBKM2x2v4xy7I2LUTW4vV8IQovBHXIUfGxD38TuqBBfRR1tQu8GsW/q7LFQSSim+arvHSaJwrcNk63pCX539ouCEBi Ng8LUj9NPUF5FwiZwA7hcGNiRWdMae71ccYkVqmWC0WkU06KZETrqotVFGS8azZSPd+/xx6OodV5wxTq43Y/8CwEAL NqCZv/Ye4OJYYmParYAhgdON/PZ4UEuI5+dG/pICSxYA6NJyuswMz7LiIEXaltAhhhK+margc26sMGOf8hpE7M5OpV sU/Fc7ylpg2bmvT0bKOGg1o8h2jJIBx0SRhs6CByjauPdu3rBA0HVTRQnammCiWnjkHgJvyONi7B78HDo2vmQvB9og 7U9xQkhywLwg+ZyCmtx91zV1paP7Sk2pBPnGRQK+/WLdk8zEOG5d9Thmg4X9INZVgt8qwwOTky8mp9wNi48eO670BF DdD4PCM+PpiYAjV8NernCXcREpSD75THtvZNLq5LEzgmwNk6bThLcXHNYt5zhZEo/v559nDrx97r1EceZImKfII0kI QA6RS0MajM1/UvoI+gBjXqnXbybskBhdnt13zeoth6OmIP9DSjahILqOban09bmLXgzspG5t/EmIOdawfy/JKuRNPA H4nExF8Tt2iBRu1mLvcqWOidFKG1Qm/fo0YEalDZe2+m5PF9vCe5nWnqEPyzCOfcSzU4HnTFjyatlnunbexREhDNz7 2/oVfxq9sii+fiJgMM04J83WSwIE2dDhNN1/PU8+TH+WIkkB1r/DkI7ynir9g+5o2pKPyWem+HxRUmWy4AWGlbp+xT gPP7A7ZcOFMcWbzItEIEUpgYOXILk5DIXe8o08910s6bmYlUDZNRPBp/ZsqhI4A1cCQcdKqnCmx8BGkjJ/3VRxFxvx CeBJ6sEJomnUD+mw6Lxy10Q1r0QHAvbv2j4NLOR+XAoxMU2ye9mzrhspyWWEa2S+LgxhV5V563sNFXB57f+WJzIblk ww1iENF2rEhJtTebC3EEy5MkFlXPsacq4OUKsgavAlhO0xDIdhrg233eTZYFvIZ3xOhmjrfiLdkS/XvB2gwq6QRniU QDIY/D0QPtnNJ+GGFM/Mqvciu5K7gi6SK85nWiY08hnBJfiUen7C+KZ0lAEH2zNUhPnIJav0BgA/yIZhNswd3fZXoS ioFFz45isPRMYkZqkNEkoy32wBH5qVSHRJPIGxiGXT1b0ccUiuJx4ptKt7xKDqvsGmnu5; Domain=.mahadiscom.in; Expires=Tue, 23-Jul-2013 10:42:30 GMT; Path=/
Location: http://dev-ms-db-01.devrapdrp.mahadiscom.in/portal/workspace/_layouts/Authenticate.aspx?So urce=%2Fportal%2Fworkspace%2FWS%20Library%2F89000000
SPRequestGuid: 4fb96723-8eaf-4249-9f63-13a3c4d61a25
X-SharePointHealthScore: 5
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6106
Via: HTTP/1.1 dev-ms-db-01.devrapdrp.mahadiscom.in:80
Content-Length: 259
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html;charset=utf-8
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://dev-ms-db-01.devrapdrp.mahadiscom.in/portal/workspace/_layouts/Authenticate.aspx?So urce=%2Fportal%2Fworkspace%2FWS%20Library%2F89000000">here</a>.</h2>
</body></html>
After getting this response, 'Adobe Acrobat X Pro' do not send any more request.
Note, the same site collection(with claim based authentication), opens and allows to edit microsoft document successfully. There is request-response sequence.
Giving one of them for example, because all will flood the page-
OPTIONS http://dev-ms-db-01.devrapdrp.mahadiscom.in/portal/workspace/WS%20Library/89000000/ HTTP/1.1
User-Agent: Microsoft Office Protocol Discovery
Host: dev-ms-db-01.devrapdrp.mahadiscom.in
Content-Length: 0
Connection: Keep-Alive
Pragma: no-cache
Cookie: SMSESSION=yFelHh2awfWW7yLKZHpSnNHDstixrmkciGIIqfLtwSRrLEQeVdI4R9iO3Q9qynhWDFCk8OIW2HXl+Cl JOdVC5/mwavCdDtHZYn5tL1s6C3BjIGLJowaDVTXUeGZAt0JcyVHEQcsIVgiiFlmkPKPapEOprHPItaa/vZJal5eeK 7NN8s0RrJ+Me1PlBmRQdBSklMxilciwMaLMXAKRwHSstl3kw5n2Qo5VCRmjG34k3gsYWNHh/I5o6buRRszeGpdZLeU 9GLeOdk8r3qXiXwIOvBhkBZrfuPKMAa1IIhftEdeJgKh9XSuCxAHs8wTEGCDzBNSzqZ3Q6S1UhC8/aA8qw1o2lVMbn 3AaYb2LE2/PgW9pN6VctY4XW6O8Dpvri8iXMCHLR28F8KrzLgust3CPBu1D/APPyJpsc1ya/IxdO5FWmCmBvGviEnN m9sNjPZVMSg3rpUgH8C492Kg5k4TzbqRsCvnI7o8ulycpBLvQOoQ97xOO8esCj/jtQAC8Y2bKLCKPqJhSJO4ROCaK7 6cGMihhGDhqE5+IJsW4Wr7Om4l4mO1Ov28hwJiGZVW0NsF0BJDrqPcagMAolIQ8xgTX1wpxPQebt/voTr5+ZjPbUj5 5LRvavod8ePnrE9majS/Fzr1QkHpeZvMxE6UBJ3r32uiEqykcm91nKIZpgBNkwKP9HzbgMSh8KV+y4vxQeOUT2rQo8 8r3vql9d+XCU7jk0jv6J+ugBBxGVaRC99thR6kvolTo7QMn6vsUk6ZC57IpSy84CQHSxp0vtNYdnTRcL8IZUPXyh3L iBnmCmdpRbEpN2l8kR23Jn0Zb1i/BxbMFU5El8xkhxWiZPCRLHctIIoXhv6Mt4amlc84MbawQedaL3ynWQFPg3sgyn 8KbigvV6nKf+rOBeVVU/fwCpLRwHxZ8x5aKWXPTZuT1W3tCkA6OwWIi9fshksawMgzTnNYpP/vz+Yrp/akquH5qb25 ZXsUHaMzR6YC0Lnw7wAMjRoDELznOVg0fgL12mjRkplI2Fg1HjsbmGNtdsCuS5Nt/VAiur40GNPnRG+kYtTVvaTOLw ShaXSqbKc5y0Z2MiQ+sCxXmXueRTtnXYiMKd3dszcGkor3mW2QrJqkFblcTSnIUeYDHhCMK+dt/0xA1jsVVA9Zal4F ISyWTryDUK5BQHVGyAHOoZK7NsYosGabLtvVe777VO4Q3eBSWkEU5QWpe47eAe54o1nfsR+gl0lJjR7q9Ms5LNW9qU NZaBahic1+c4MqhqLY5l+yqrig3CaFm; SPSESSION=EHC4LQyCHd29iQYBYn4tZz32xTbluDRCKmE7MfoOvlo4X4bkU2z2+YB3GbbMs99E/nVU/QwCPFaNxTz 6dx9EAHyBo1xhs6fNhkrlFX+m/EZiufmafae/osbzcdx2fWbEsh78UnstGbRPRX5kSx8gCXRnc14vWagr+Y6nufb3w 50c+5u96DQJSR+WhoZOiVnmoeUHq7TIgd9N9dUl+9lBOyFfetYCHjvZNWHKANLMIl3lkbvO5xtMBpGLGZ/m12mitKx TQKJ++dbRcCUM9f8e52nz/soFLjhd3bL9KCln9IsaqBtBW1n/rBtxogQq8CLGl64RT3gW/yIAPPvCKQHKvT/PjsNOQ c4K4vSdN9zSxJFwrC6s1s046wxg707+iHQzChaVI8E/DcQPFn4FkdntwrO9CejVT1qSEkqRbr1XsxONaNWQu2SOyTQ 6vz3fO1j/Y+SH3R9+liZ/Q9HnQyh6DgMkswvbcJDqoVK61B6QGOJECihpMxjrtdHCEFDulMb5rnE70V3hBttLJRj8R 5T5ttHG5geAjync4BaWfIDLoi1hfJtUMPASnZKLzIl/SOwYHxFLIWL/P57T3NkrjiqTkoeqvP63Qf1pnWgh18gOFIF JuncxdnNI2Mg67UlJ+JPxQMPf6tuPWHD78SActM6r0pAnz7tbHmjb14D7ZmPjPN98yORlUxbL4vNzoXJYbYn0f3ZPw Rw6I1pF8cThGuMy7mb+0zwCPrsDCl23yS03l7GFavyk9bGRc4SDh5INslA1TI1rVS4k+9ECZpPKHiEtDDjQKWoO4Pi u/WrXgNWT3wl49qslDfBnHucyXFH6+FWfOBcP82DsbGLXt6+wsDIdOhTXFbweAIPXgsLL1bIjpBPzwR4KwIf0lOKxp O+Bah5ZQs7JtPIBjsnWO/KUfU4vQN3H6lBUBm8+lLEVNA8tBnyDhXhxvLmL3j7eeMCigRQsVtVOAwT9Lbyk+wie6Fa 2JzgNUXDJFL/n3uo/I1U6Z+UFz+oKaP/MPutCGUMFUq1K9zO9g60UD9YaB+OxIfO5vudJ0yrhaVAeSeyWn3bnVCKZi xHTpG1frsQqMm2NkmnMoe3r3KvyqvbdEBiLGVniyBUDRYqOn5vTTnvnRMuxpR+jRiSSg1REarO1IJLEUBX2XDAkuNY 5/ulMUVJXikVpRHE8T4NXVFssFtMYE6ff4Whc1ZrLiIt4QQy85QFszpI4jqVdb5Zrn66JdgY4w168+wHllLZh9iyoK CZKAWNRQzJSqfOmEqbMVMR+dAnBAwDRqydZ8AiE2lhlgqHB2dk3hETwickBvAldOqZdJu3jJ/w6CGL82Tx2W5eyHQU EkHU/gs7Lrpjxyc+fJSPK03LKZlS2Gpy5wHx2LFybBX1FndVbml0axdbX62uIjEOnDvD1; FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+MMe1LnR8c2hhcmVwb2lud HJlYWxtMWZvcmRldnNoYXJlcG9pbnRhZ2VudHw4OTAwMDAwMCwwx7UudHxzaGFyZXBvaW50cmVhbG0xZm9yZGV2c2h hcmVwb2ludGFnZW50fDg5MDAwMDAwLDEzMDE4NDQ5NzYwMjAyMDAwMCxGYWxzZSxlSGZscEVHNDJEK2F3SXRQVFNLa GNXMzR5VU1HZ2hIVVRNT2ppaDJxY2YzcVRtKzcwR3RxblNmQUlQSisxZkhZZXNzaUhsejRWU1owRkJJRExEWDdXZWt 0dXNYUjd5YUtiRzNxdEdzZEVWM0ZXWmp0Y20vdWpkdHhlTTcxd0luRllEQ25ld1oxa3k0MUJ4NVFOanFlSGpaMmdtZ GVWZEdLczdHTGxWV1J0NUVYMWJNT2pnMTBsaGQvV2VQc1dCNGFWUDBXWnlwdEpmUEZHTEV2QjVCdHZpd1ZjekFwQ0d HTGY5bkk5S2IxS285aHhxMXNuUkxKbi9GNi9HdG50M3FMaEl1YnR5ZGwyNHBiaXBVQ2RuZjNldWExeVFxQWdqV25zN mFONFV5VHMrQVpGUlRmcDBUVHNzL0R1d2dGa1IwSlpCZGd5UVpTNlBRTTZhK3J5ejlpZmc9PSxodHRwOi8vZGV2LW1 zLWRiLTAxLmRldnJhcGRycC5tYWhhZGlzY29tLmluLzwvU1A+
HTTP/1.1 200 OK
Date: Tue, 16 Jul 2013 10:49:17 GMT
Server: Apache/2.2.15 (Win32) mod_jk/1.2.30
Set-Cookie: SPSESSION=v9NiXhTOuExWMzaHXx+oFJTtC8w0vd23LS5AQL+js7Z+xCp9rbe1nlErG4kE+MQ1JzYoeF7PQ/h7Jjm l+8Z/qBIeTuO2muL+g/fQAYSAxx7kPlVVkRZ/gwq+2EtkYtQ/5egbPmSvyY/Uba5QndnYpjok3r4qJRY7p48tN4rr+ vcoolRC1bSVZaU7WrjOxnX7YbAeNNWRUIpI9Ut9L4G0tmv5NlGtg6SxnTZ1q+lbAG+/ZEnAxJorBFkq+tZZP9cRLB5 4u67swngb67etK8EVNbFrTXW/8n/XlotfF6dUgiVfD+tAfdsNJO7jsQ4bsAh4dP0frS/XDlPyv7QE1ZbYKC5gw5UOi m4Zw3Fitc0DrrQCEOpDZiWvK/gqxzAHm2PJPMNoM0jYxiuSAU8P6Y76vFsHWTY4Kkdhin9VTdEAxDMweMaEyS1ISbZ CHHxLHsAWyhUm24CFL1fZDcRW0x1DcoMu3y8yAN4tvXz4hn5GC46qI/q83+f3uNn6mdDYoEcEwbrVHP6K2YlErWfox gCz3Us7msXb2eK93fBQDRhUvhm9F300mr7523tWvVioeiNPGX7dl8CQxU67TGkkV9s45F3ShZKTlH0DsWSLJPhtd/D xENhCJR6yG4VkT1nThp6SpT2CuHmnlzYodKsRAtaDx5kCwlo9TKsIezs1FQqxtxZkvKxqaULgRx5ZSK/fJz6PiQwNd lRKUFw9uG5J9EWTRuz0AoWn0WF+32VWIeglhyDaMi/GWaD1pVZffnT68KRQWINVm/r3WPvk+23mPOYUX07Vy5bGO21 sZzCxLjmrhibt1wgF/syg9swcplf46JV61Q6ASMi/tXxRGcaCg75+8PrE7sjYjnxXsutmJJqtvnx6pdgpb4akmWnZF DRvptVxs0d/kMbf2YA7sJRpbNcIIR6tpIgm2FzKtk80Bj5aDM/e+FVfH0mpoqEk9/IwC2SdCoUfg6OFVV9JBowhCkj 17o1saz73pQoAzG5o51m33R1959jrQIwOwsI4t2R27F6jY9RCRzKvbEBPxhwl4hzpZ/LY5cQr1CvOlCPilXGlgKFGx rQl56OVQfsUFwBLEufTrHN5XR4SITUU1PW0IOgjxwems5jNlmsddWIsu08nmVuuagFQUaKwxk0p8jd9S4QBHFbknLv WhSgPfcd7yahHw0oqJ5cAFyjMa/LY1QD8MN8INDIEuY5jvzM5l5Jxn0Tr5i4aqHit89i3n6VeealPDEzS1CSSg0U3y P5K0DTAKMQLyUzFMB9ND63pAeNJaY3+PfmIYZsiQgEprNv+dagHVL3j8iU5kskxsIiRqJxVLt4G6WagnKcbCQt4gmz Enb5LSst1Zhx+MvYfCTwr8wYhrgnBCMNQEuC0i8FH5rM2GrpFDOL1336GX1tgyR5nTSXi; Domain=.mahadiscom.in; Expires=Tue, 23-Jul-2013 10:49:17 GMT; Path=/
Cache-Control: private,max-age=0
Allow: GET, POST, OPTIONS, HEAD, MKCOL, PUT, PROPFIND, PROPPATCH, DELETE, MOVE, COPY, GETLIB, LOCK, UNLOCK
Expires: Mon, 01 Jul 2013 10:49:15 GMT
Accept-Ranges: none
SPRequestGuid: 2f248360-fd85-4fb3-a185-b01dadac3f7a
X-SharePointHealthScore: 4
MS-Author-Via: MS-FP/4.0,DAV
X-MSDAVEXT: 1
DocumentManagementServer: Properties Schema;Source Control;Version History;
X-MSFSSHTTP: 1.0
DAV: 1,2
Public-Extension: http://schemas.microsoft.com/repl-2
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6106
Via: HTTP/1.1 dev-ms-db-01.devrapdrp.mahadiscom.in:80
Content-Length: 0
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/plain
When site is with NTLM authentication, adobe acrobat x pro opens and allow to edit successfully. But when it there is Claim Based authentication, it cannot. It seems Adobe Acrobat X Pro does not have capability to send appropriate headers to handle claim based authentication. Also it is not able handle the sequence of request-response for claim based authentication. When searched on web, there is one product of Acrobat called LiveCycle, which has capability to handle SAML. Does that mean Adobe Acrobat X Pro does not have the capability to handle Claim based authentication so it is depend on LiveCycle for it?
thanks
SharmilaHi MkkLam
The below mentioned link might resolve this issue, kinldy try it:
LInk: http://helpx.adobe.com/creative-suite/kb/acrobat-failed-launch-30-days.html
Other related thread:
http://forums.adobe.com/thread/1021632
Thanks!
Atul Saini -
The previous release (10.1) say: "Support for our other LiveCycle authentication types may appear in future releases, including Kerberos, Smartcard/PKI certificate-based authentication, SAML-based authentication, or other SSO mechanisms."
Now in 11.6 certificate-based authentication is enabled?
ThanksApparently, security programs like Macafee and Norton view Itunes updates as new programs and block then from access. If you add Itunes to the list of exemptions, it solves the problem.
-
Help is needed on form-based authentication
Hi,
form-based authentication is set up to protect OID/SSO resource. Oracle Portal is registered with OID. A reverse proxy server is in DMZ as front-end to Portal. At the new login page, after typing username/password, hit Login button, get original OID/SSO login page, typing username/password can get to Portal landing page.
The problem is that OID/SSO login page shows up after OID/SSO resource is protected by form-based authentication, it appears form-based authentication doesn't work properly with OID/SSO. At the new login page, if typing a wrong password, the page is flashed, and doesn't go to OID/SSO login page, so it seems user authentication with OAM can work.
The form-based authentication works fine to pretect a non-OSSO page and if using Basic Over LDAP scheme to protect the OID/SSO resource, the login also works fine.
Please help, thanksIt looks like the header variable (XXX_REMOTE_USER or whatever you're using) is not getting passed, so that the SSO login page appears. Given that the Basic over LDAP scheme works (I'm assuming that you simply switch schemes in the OAM Policy Domain to verify this?) the only thing I can think of is that you are setting the header variable in the authentication actions only. If this is the case, please try adding the header variable also to the Authorisation Success actions in the Policy Domain that protects /sso/auth/ and see if that makes a difference.
Regards,
Colin -
NetMail,Netlet,NetFile stop after enabling certificate based authentication
I use SunONE Portal6.1+SRA. I have installed the gateway and portal on the same machine and have installed the sample portal also. Everithing works fine (Netlet,NetMail,NetFile) untill I enabled the gateway to use certificate based client authentication. After this step the applications (NetFile,Netlet,NetMail) stopped working. It seems that they can't connect to the gateway after the initial applet download because of the client certificate based authentication.
Is there some workaround or configuration change that I can do in order to allow the applets to communicate with the gateway?At last I have found my mistake. I was using the JPI 1.4.1. If I use JPI 1.3.1 there is no problem because this version of java usesthe browser libraries in order to make the ssl connection and then the certificate that is imported in to the browser is used. Finally I have found the way to tell the JPI 1.4 which certificate to use and how.
Look here if you want more information:
http://java.sun.com/j2se/1.4.1/docs/guide/security/jsse/JSSERefGuide.html#Customization
http://java.sun.com/j2se/1.4.1/docs/tooldocs/tools.html#security
see also:
http://forum.java.sun.com/thread.jsp?forum=2&thread=361995 -
Hello Community
In WS2012 and SharePoint 2013 Server is it possible when creating a
web application to enable both Windows Based Authentication/Negotiate
(Kerberos) and enable Forms Based Authentication or does the web application
use either one or the other?
Thank you
ShabeautYes , you can use dual authentication on same web application. You can use same web application , at OOB login page you will have option to use windows or form login.
Or you can extend your web application to a new web app and configure extended web application to use Form Based Authentication(Note extended web application will also show same content database , so the content will same only url will be different)
http://blogs.technet.com/b/ptsblog/archive/2013/09/20/configuring-sharepoint-2013-forms-based-authentication-with-sqlmembershipprovider.aspx
http://gj80blogtech.blogspot.in/2013/11/forms-based-authentication-fba-in.html
Thanks
Ganesh Jat [My Blog |
LinkedIn | Twitter ]
Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful. -
How does Certificate based authentication work?
We are doing
Certificate based authentication in an enterprise with android phones and exchange 2010.
We are using activesync to talk to exchange over SSL.
It is working.
I am trying to document HOW it works (on a fairly high level).
I have some information, but would like to know what happens when exchange gets the actual client auth cert from the device in the last part of the authentication process.
Does exchange forward it in toto to AD, since AD (and its related PKI service) created the cert?
Thanks.
MacHi Ainm
Exchange ActiveSync supports several types of user authentication. By default, Exchange ActiveSync is configured to use Basic authentication. This transmits the user name and password in clear text. You can configure Exchange ActiveSync to use certificate-based
authentication. This method uses a certificate on both the server and the device to validate the connection from the device to the server.
There are differences between the mobile operating systems as to what format they like their certificates in, but both Windows Mobile and iPhone are happy to use pfx files whereas Android prefers it as a p12 (which can be just a renamed pfx file if you like).
Certificate based authentication is done via kerberos and yes Exchange should perform the lookup with AD for verifying that your certificate is good and valid.
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
(MVP) -
MOBI SSO with trusted authentication and form based authentication
Dear All,
I am trying to configure Trusted authentication based SSO FOR MOBI, here are the details:
- SAP BI 4.1 SP04
- Trusted authentication with HTTP header configurred for BI Launchpad and working fine.
Now to have SSO from Mobile, I plan to leverage the existing configuration of BI Launchpad and at Mobile level, I want to use authentication type as TRUSTED_AUTH_FORM, instead of TRUSTED_AUTH_BASIC, with the approach: Trusted authentication with HTTP header.
And
Provide our app users their X502 certs.
1. Will the above approach work ??
2. As per SAP NOTE: 2038165 - SSO using form based trusted auth gives with the SAP BI app for iOS gives error MOB00920 this does not work and is still under investigation from July last year ? So for any community member, has this been found working ??
I would appreciate your valuable inputs.
Regards,
Sarvjot SinghHi,
According to your post, my understanding is that you want to know the difference of the SharePoint three type user authentications.
Windows claims-based authentication uses your existing Windows authentication provider (Active Directory Domain Services [AD DS]) to validate the credentials of connecting clients. Use this authentication to allow AD DS-based accounts access to SharePoint
resources. Authentication methods include NTLM, Kerberos, and Basic.
Forms-based authentication can be used against credentials that are stored in an authentication provider that is available through the ASP.NET interface
SAML token-based authentication in SharePoint 2013 requires coordination with administrators of a claims-based environment, whether it is your own internal environment or a partner environment.
There is a good article contains all the SharePoint Authentications, including how they work and how to configure.
http://sp77.blogspot.com/2014/02/authentication-in-sharepoint-2013_5.html#.VFcyQ_mUfkJ
Thanks & Regards,
Jason
Jason Guo
TechNet Community Support -
Does iPlanet 5.1 allow for ticket-based authentication (like Kerberos)?
The 5.x versions of the directory sever allows client authentication via GSSAPI over SASL. Details are here
http://docs.sun.com/source/817-7613/ssl.html
There is also an officially unsuppored custom plugin by Duke University that allows a more direct way by allowing directory binds to be authenticated via kerberos. I don't know a lot about this plugin but you can find details and the plugin itself from.
http://www.oit.duke.edu/~rob/krbdirp/
Regards,
-Wajih -
How to pass credentials/saml token exchange to the sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication
Identity provider here is Oracle identity provider
harika kakkireniHi,
The following materials for your reference:
Consuming List.asmx on a claims based sharepoint site
http://social.technet.microsoft.com/Forums/sharepoint/en-US/f965c1ee-4017-4066-ad0f-a4f56cd0e8da/consuming-listasmx-on-a-claims-based-sharepoint-site?forum=sharepointcustomizationprevious
Sharepoint Claims based authentication and Single Sign on
http://social.technet.microsoft.com/Forums/sharepoint/en-US/2dfc1fdc-abc0-4fad-a414-302f52c1178b/sharepoint-claims-based-authentication-and-single-sign-on?forum=sharepointadminprevious
Sharepoint Claim Based Authentication Web Service issuehttp://social.msdn.microsoft.com/Forums/office/en-US/dd4cc581-863c-439f-938f-948809dd18db/sharepoint-claim-based-authentication-web-service-issue?forum=sharepointgeneralprevious
Best Regards
Dennis Guo
TechNet Community Support
Maybe you are looking for
-
How to load a tif image in flex
Hi All, Is it possible to load a tif image in flex. If it's possible anyone guide me or send me some code snippets regarding how to display a tif image in flex. Regards, Dharma
-
CS5.5 Design Premium: installer failed to initialize
Ok, I'm having this problem. This started because I had to perform a system restore. I ended having to go back so far with the system restore that all of my Adobe Products(among others) no longer appeared to be installed. So I downloaded Adobe CS5
-
We got a new iMac, naturally with OS 10.5 for Intel. My qustion is how do you use Mac OS X Leopard ? 1) Photoshop does not work. Note: I mostly use ImageMagic as my photos (hobby/family) mostly need little correction, but once in a while you want to
-
I try to go to itunes to see how much I m spent on itunes and app store and I can not and tries several times! I was told that they charged me wrong and I will return the money as they will do in what way? I need to know how much I have spent urgent
-
In BW 3.5 there is the web item "Query View Selection" where a user has the possibility to create a own local view per template and also to delete it. In the new Java environment for NW2004s I don't see this possibility. I only have the options with