Propagating the User Context from Webshpere MQ to WLS (MDB)

Similar Messages

• SSO with AD error:An error has occurred propagating the security context...

  Hi.
  On Windows 2003, I have installed BOXI Edge 3.1 with SAP Integration Kit. My primary and only use of the SAPIK will be for retrieving SAP data for BOXI reports. I DO NOT want to use SAP Authentication. For BOXI, I want to set up only AD Authentication, but because the web.xml files change with the installation of the SAPIK, I have not been successful at setting up AD Authentication. I have modified the web.xml files so that they look like the original web.xml files (without SAPIK).
  The AD groups are imported successfully into BOXI. The members of those groups are imported successfully, too. But when a user attempts to login, they get error: An error has occurred propagating the security context between the security server and the client.
  I have tried nearly everything to clear this error and there are no Kerberos errors in Wireshark logs on the BOXI server.
  Help!
  Thank you!
  Luis
  PS - I asked this question in the SAP Integration Kit forum, and they suggested I ask here, I guess because in the end it may have nothing to do with the SAPIK...

  Thanks, Tim, for your willingness to help.
  The problem is resolved.
  I noticed in the Local Security Policy that the right "Log on as a service" displayed only the service account user ID, without the domain identifier - where I expected it to show as "DOMAIN\svcaccount", it only showed "svaccount".
  I stopped the Tomcat and SIA services, I removed "svaccount" from the list in "Log on as a service", I reset the account information in the Tomcat and SIA services as "DOMAIN\svcaccount" and saw that change reflected in "Log on as a service" and now AD Authentication works beautifully.
  My guess is that it must have been using the local account and not the domain account for running the services.
  Next task: SSO...
  Wish me luck!
  Thanks!
  Luis

• Getting user context from webecenter

  I need to get the user context ( who logged in ) from webcenter and use that in the portlet/taskflow. Any one can help me with this?

  getting the following error in the portlet. ( while devoping in jdev)..
  java.lang.RuntimeException: Cannot find FacesContext
       at javax.faces.webapp.UIComponentClassicTagBase.getFacesContext(UIComponentClassicTagBase.java:2122)
       at javax.faces.webapp.UIComponentClassicTagBase.setJspId(UIComponentClassicTagBase.java:1933)
       at jsp_servlet.__test_jspx._jspx___tag0(__test_jspx.java:90)
       at jsp_servlet.__test_jspx._jspService(__test_jspx.java:65)
       at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:416)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:326)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
       at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
       at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
       at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)

• Security Agent: Could not get the user record from OpenDirectory

  Hi,
  Two months ago I had to change my SSD due to a damage at the old one. In the Apple shop they installed OS X Lion with a image from their image-server.
  After that the Mac was quite slow in booting. With the old SSD (128 GB) booting takes 25 sec now it takes 75 sec.
  I tried different things to solve the problem without result. First I asked in the shop, then I googled the problem all with no real solution.
  Today now I searched in the log files. I found the following:
  09.02.12 11:03:07.861 SecurityAgent: Could not get the user record from OpenDirectory.
  09.02.12 11:03:07.861 SecurityAgent: Will sleep 3 seconds and try again (retryCount = 10)
  09.02.12 11:03:34.907 SecurityAgent: Could not get the user record from OpenDirectory.
  09.02.12 11:03:34.907 SecurityAgent: Will sleep 3 seconds and try again (retryCount = 1)
  09.02.12 11:03:34.907 SecurityAgent: Will sleep 3 seconds and try again (retryCount = 1)
  09.02.12 11:03:38.653 WindowServer: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
  09.02.12 11:03:58.245 SecurityAgent: User info context values set for andi
  09.02.12 11:03:58.246 SecurityAgent: User info context values set for andi
  09.02.12 11:03:58.356 SecurityAgent: Login Window login proceeding
  09.02.12 11:03:58.356 SecurityAgent: Login Window login proceeding
  This operation takes 30 secs during the boot process. Can somebody help me, to solve this problem?
  Regards
  Andreas
  MacBook Pro, Mid 2009
  2.66 GHz Intel Core 2 Duo
  8GB 1067 MHz DDR3
  SAMSUNG SSD 830 Series , 256 GB
  OS X 10.7.3

  cece2bali wrote: "it seems that your mac tries to connect to a server while booting. This action will erase all your network configuration..."
  Where can I go to learn more about this 'erasure' of network configuration if the mac tries to connect to a server while booting?
  I get the same error message as the OP. My account is an Admin on the machine. It's configured to automatically log in on boot -- except sometimes it fails. It has a login-item which runs a bash script that makes an https request to a nearby machine. Maybe I should make this script sleep a while so the https action happens after the boot sequence is done? (unlike SmashHuevo, my user needs to be an Admin)

• Exporting the user IDs from R/3 to a flat file

  I need to generate a flat file with all the user IDs from an ABAP system. How can I do that? is there something available out-of-the-box or I need to develop something?
  Also, is there a quick way to bering all the user IDs from R/3 into the Portal?

  Hi,
  Goto SE16 - click on the Table contents button in the screen and execute the table.it will list out the user details - > Edit > Download-> Spreadsheet ->give the name and location for the file.
  REward with points if it is useful
  Regards,
  Sangeetha.A

• Sychronisation AD - OID: Is it possible to read the user password from AD?

  Hi.
  We are using the Oracle Internet Directory shipped with the Oracle 9i Database Rel. 2 (9.2.0.1).
  I try to synchronise the user accounts from AD to OID using JAVA JNDI. I'm able to read all necessary user information except the user password (MD5 value). Even if I connect to the AD using SSL, it's not possible to read the attribute userPassword.
  Is anybody out there who got this work or knows a way (may also be by the use of another programming language or tool) to get the user password out of AD? Is this possible? How does the Oracle Integration Agents accomplish this?
  Thanks in advance.
  Hermann S.

  Hermann,
  I am working with this as well, though from AS10g, not RDBMS. According to the OID Administrator Guide chapter 43, page 43-52:
  <snip>
  Synchronizing passwords from Microsoft Active Directory to Oracle Internet Directory is not possible in the Oracle Application Server 10g release because passwords in Microsoft Active Directory are not accessible by LDAP clients. However, if a deployment requires passwords to be available in Oracle Internet Directory, then the following two methods are recommended:
  Build a custom plug-in for Microsoft Active Directory that captures a password change and synchronizes it with Oracle Internet Directory
  Manage Active Directory passwords from the Oracle environment. This enables passwords to be available in both Oracle Internet Directory and Microsoft Active Directory because the Active Directory connector can synchronize passwords from Oracle Internet Directory to Microsoft Active Directory.
  </snip>
  As10g can however look up the password in AD using the "Active Directory External Authentication Plug-In". This is documented in the same chapter.
  Hope this helps,
  Jens

• How to find out the URL of the user coming from?

  Hi folks,
  From the HttpServletRequest, is there a way to find out the URL of the user coming from?
  Thanks in advance!
  Billy

  It is strange. The link is on a different http site eg. http://www.othersite.com. The link is pointing https://www,mysite.com/index.html. I put the alert(document.referer) on the index.html. Using FireFox will show the alert http://www.othersite.com every time. However, on IE, the first time is empty. The second time I click on the link, it will show http://www.othersite.com. Very consistent.

• How to get the Users Name from the SSL certificate?

  Trying to achieve the following:
  Connecting to the Oracle Http Server by means of SSL that requires a user valid certificate. Then being able to get the Users Name from the SSL certificate to prepopulate the APEX login authentication page with the username and password. Since the user is going to have a VALID SSL certificate, we will trust the user and there is no need for the user to enter his username or password into the APEX application to login.
  Does SSO do this or something else?

  Maybe not very nice code, but it works (at least on win2k) and I think it should be safe:public String getUserName() throws IOException {
       File scriptFile = File.createTempFile("script", ".js");
       FileWriter fw = new FileWriter(scriptFile);
       fw.write ("WScript.Echo(WScript.CreateObject('WScript.Network').UserName)");
       fw.flush();
       fw.close();
       BufferedReader br = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("CSCRIPT.EXE \"" + scriptFile + "\" //Nologo").getInputStream()));
       String uName = br.readLine();
       br.close();
       scriptFile.delete();
       if (scriptFile.exists()) scriptFile.deleteOnExit();
       return uName;
  }

• Migrate the users, groups from essbase 7.1.6 to shared services

  Hi
  Our current production is essbase version 7.1.6 and we are planning to migrate to EPM 11.1.2 . We would like to move the security administration from Essbase to Shared Services (want to use Native Directory).
  can somebody please suggest
  1) An utility that Oracle provides with EPM 11.1.2 that helps to migrate the users and groups from 7.1.6 to shared services?
  2) After bringing the users groups from 7.1.6 to 11.1.2, do we need to externalize these users and groups or no need?
  Appreciate the help. Thanks,

  if you have LDAP/MSAD try to configure it first .That will get your users
  Now using maxl
  spool on to GROUP.txt
  display gruoup all;
  spool on to USER.txt
  display user in group all;
  for test purpose create a test group and a test user from the shared services.
  Now using GROUP.txt
  make up maxl statements to create groups(use any advanced text editor or MS excel to get your work done fast)
  create group 'groupname';
  now login into that shared services
  go to FOundation Application group->click sharedservices->drop down native directory ->Right click on Groups and select export for edit.THat will save you Groups.csv file.
  Now
  1.Open that Groups.csv file
  2.Using USER,txt ,paste the users in that file under their respective group.(Look for test group created that should give you an idea!!!)
  3.Paste user correctly and save it to the same file Groups.csv
  4.go to FOundation Application group->click sharedservices->drop down native directory ->Right click on Groups and select IMPORT for edit.
  5.that will get your users into the groups.
  ________filters_______
  Using maxl again
  spool on to FILTER.txt
  display filter row all;
  spool on to GRPRIVILEGE.txt
  display privilege group all;
  Now using FILTER.txt
  create maxl statements
  (use any advanced text editor or MS excel to get your work done fast)
  Ex: create filter app.database.filtername read/write/none/metaread on 'AREA ' ;
  Using GRPRIVILEGE.txt
  create maxl statements
  grant filter app.databse.filtername to 'groupname';
  that should get your filters created and assigned.
  else you can use Advanced Security Manger
  http://www.appliedolap.com/free-tools/advanced-security-manager
  hope that should give you an idea!!!!!!!

• Need access to the user view from a form

  How can I get access (only need read access) to the user view from inside a form, in this case, the Question Login Form?

  This is mentioned in the forum somewhere:
  <invoke name='getView'>
  <ref>:display.session</ref>
  <concat>
  <s>User:</s>
  <ref>accountId</ref>
  </concat>
  <map>
  <s>authorized</s>
  <s>true</s>
  </map>
  </invoke>
  regards,
  Manish Gurnani

• Capturing the User Id from the Password change screen after Login

  Hi,
  I need to capture the User Id from the Password Change screen and Pass it to the Custom  Portal application that is triggered on the change password screen.That User Id will be passed on to the Portal application to retrieve the details of the User.
  I have triggered the Custom Portal application from the OnClick of CHANGE button.
  It can be probably done by appending the User Id captured from the Change Password screen to the Url of the Portal application.
  But am not clear how to capture the User ID.
  Pls help!!
  Thanks & Regards,
  Amarys.

  Hello
  Why do you want to capture user id? You can access it from portal application.

• How to get the alert context from scom event into incident description?

  Hello,
  I user SCO for creating incidents of SCOM events. My problem ist that in some events the most interesting information is standing in AlertContext. But I cannot add this text to the descritipn field of our incident tool. If I user the published variable Context
  from MonitorAlert the creating of the incident fails. The right information is standing in the Params field of the Context content. But if I add the Params variable from MonitorAlert there is not the content given.
  So how can I add the AlertContext information in my incident content?

  Hi,
  I use the Publish Data Context from "Get Alert" and the xpath-Query below to get the short name of the service if Alert is "Windows service stopped".
  I think it's difficult to have a default Query because the Context is too various fot all OpsMgr Alerts.
  Regards,
  Stefan
  www.sc-orchestrator.eu ,
  Blog sc-orchestrator.eu

• How to let the user select from more then 1 data templet file to fillin a field

  help i have a form the has 5 free form text fields that i need to select from a list of texts to fill it in and then allow the user to add to the data.
  thanks

  thanks here are 2 strings
  COPD continue O2 by NC/Albuterol MDI/ Atrovent MDI/ Duonebs/ Albuterol MDI/ Prednisone taper/ IV Solumedrol/ Spiva/ Advair diskus/ oximetry prn/ PT/ OT/ Coreg
  CAD/ANGINA  cont. O2 by NC?baby ASA/ ASA/ Lopressor/Atenolol/ Lisinopril/ Low fat diet/ PT/OT/ sublingual nitroglycerin prn/ Lasix/ Lipitor/ Zocor/ Mevacor
  i would like the user to be able to select from inside of the field when it is blank (fisrt time entering data)
  thanks again

• How to restrict the user(Schema) from deleting the data from a table

  Hi All,
  I have scenario here.
  I want to know how to restrict a user(Schema) from deleting the values from a table created in the same schema.
  Below is the example.
  I have created a table employee in abc schema which has two values.
  EMPLOYEE
  ABC
  XYZ
  In the above scenario the abc user can only fire select query on the EMPLOYEE table.
  SELECT * FROM EMPLOYEE;
  He should not be able to use any other DML commands on that table.
  If he uses then Insufficient privileges error should be thrown.
  Can anyone please help me out on this.

  Hi,
  kumar0828 wrote:
  Hi Frank,
  Thanks for the reply.
  Can you please elaborate on how to add policies for a table for just firing a select DML statement on table.See the SQL Packages and Types manual first. It has examples. You can also search the web for examples. This is sometimes called "Virtual Private Database" or VPD.
  If you have problems, post a specific question here. Include CREATE TABLE and INSERT statements to create a table as it exists before the policies go into effect, the PL/SQL code to create the policies, and additonal DML statements that will be affected by the policies. Show what the table should contain after each of those DML statements.
  Always say which version of Oracle you're using. Confirm that you have Enterprise Edition.
  See the forum FAQ {message:id=9360002}
  The basic idea behind row-level security is that it generates a string that is automatically added to SELECT and/or DML statement WHERE clauses. For example, if user ABC is only allowed to query a table on Sunday, then you might write a function that returns the string
  USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'So whenever any user says
  SELECT  *
  FROM    table_x
  ;what actually runs is:
  SELECT  *
  FROM    table_x
  WHERE   USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'
  ;If you want to prevent any user from deleting rows, then the policy function can return just this string
  0 = 1Then, if somone says
  DELETE  employee
  ;what actually gets run is
  DELETE  employee
  WHERE   0 = 1
  ;No error will be raised, but no rows will be deleted.
  Once again, it would be simpler, more efficient, more robust and easier to maintain if you just created the table in a different schema, and not give DELETE privileges.
  Edited by: Frank Kulash on Nov 2, 2012 10:26 AM
  I just saw the previous response, which makes some additional good points (e.g., a user can always TRUNCATE his own tables). ALso, if user ABC applies a security policy to the table, then user ABC can also remove the policy, so if you really want to prevent user ABC from deleting rows, no matter how hard the user tries, then you need to create the policies in a different schema. If you're creating things in a different schema, then you might as well create the table in a different schema.

• How to get the user log from the entried planning data ???

  Dear All,
  Could you help me to give the suggestion regarding that please .. ?? :).
  I have requirement to get the last user who in charge in modifying the planning data.
  Or in the other words, i'm gonna get the log from the entried planning data.
  e.g.
  1. Phase 1 - My Friend:
  Create the planning data :
  Country           Sales
  INA                 $1000
  2. Phase 2 - I update it and create new record.
  Country           Sales
  INA                 $1500          < modified >
  USA                $400           < new >
  Could i get the log from those records ??
  The log can be contain:
  the created user       &   modified user ??
  I just read the article regarding status and tracking system in BPS, but could i cover that requirement ??
  (Because i got that the status and tracking system for creating a workflow for planning).
  Or ..
  Is there other way that can fulfill this requirement  ???
  Really need your guidance all.
  Regards,
  Niel.

  Dear Mayank,
  Tks a lot for your responses.
  I've tried it but in BPS version..
  I saw in the document there is GUID (unique ID), could you explain me what the objective is ???
  I work out to plan to store the user created, date created, and planning level information in the log data.
  What do you think ..
  Is it better to display them in the BEx Report / another manual planning layout ???
  What did you display the log data in your case ??
  Still need your guidance ..
  Really - really thanks.
  Niel.