Proxy user authentication with BC4J

Similar Messages

• Proxy User Authentication with SQL Developer

  Hello,
  I realized that there are 2 methods for configuring SQL Developer to user Proxy User Authentication.
  1) one-session method with Syntax:
  personaluser[appuser]
  2) two session-method with dialog "Proxy Connection"
  For me it is unclear, why anybody would want to use the two-session-method.
  a. you need username/password for both user acocunts (personaluser and appuser)
  b. it is unclear which operations in SQL Developer are using the personaluser account. It seems that the SQL Window is only using appuser account.
  What was the motivation to implement Two Session Method?
  Best regards,
  Martin

  I found the possibility that proxy authentication of both accounts can be enforced:
  SQL> alter user appuser grant connect through personaluser AUTHENTICATION REQUIRED;
  I guess that this is the motivation for implementing the 2-session proxy connection method in SQL Developer.
  Regards,
  Martin

• Proxy user connectivity with thin driver

  Hi,
  The database I'm working use proxy user authentication. When I select oci8 as driver I can connect using the below login method:
  Host Name : username[proxy user]
  password : password
  but it shows as invalid username/password when I select the driver = THIN.
  What could be the reason behind this?
  thanks
  Edited by: Nadvi on Jul 9, 2010 1:52 PM

  Hi John,
  Thanks for your reply. The documentation says, proxy connectivity method is same both for THIN & OCI8 driver. But what I can see is Jdeveloper is somehow misinterpreting the proxy user name.
  Ie, Username[Proxy user] and the reason why it throws invalid username/password.
  But the same syntax works fine with sqlplus, or any other IDE.
  Can anybody guide me on this.
  Thanks

• Using Proxy User Authentication in Sql Developer

  Hi!
  Is it possible to use proxy user authentication in SQL Developer? I'm thinking that if I'm clever enough, I can craft a custom jdbc URL that will allow my users to proxy authenticate into my Oracle 10gR2 database while using SQL Developer.
  Unfortunately, I'm not feeling all that clever. ;)
  Can anybody help me out here? Is it even in the realm of possibility?
  Thanks!
  Kevin Ferlazzo
  DBA
  VA Department of Juvenile Justice

  I found the possibility that proxy authentication of both accounts can be enforced:
  SQL> alter user appuser grant connect through personaluser AUTHENTICATION REQUIRED;
  I guess that this is the motivation for implementing the 2-session proxy connection method in SQL Developer.
  Regards,
  Martin

• Oracle 10g Rel 2  - Proxy connection authentication with SAP User ID

  Dear Experts,
  We are currently doing some research and planning to upgrade SAP R/3 4.6C to ECC 6 and upgrading Oracle from version 9.2 to 10.2
  In upgrading to Oracle vers. 10g Rel 2, we got advised that Oracle has apparently introduced a new proxy connection authentication, in which the SAP user ID is given limited privileges (create session only) ??
  If you have any information on this or known any impact about this issue, please advise us.
  Thanks in advance.

  Thanks for your help, Kaushal.
  I also found the SAP Note 834917 (Oracle Database 10g: New database role SAPCONN and it seems to be on a right direction to cope with that problem.
  - For Oracle releases earlier than 10gR2, the CONNECT role includes extensive database authorizations and the more restrictive CONNECT as of 10gR2.
  - To overcome this restriction, SAP need to find a way to compensate this, so does it come SAPCONN.
  - SAPCONN is the new SAP-specific database role, which is defined to support the normal SAP applications operations (CONNECT, RESOURCE and SELECT_CATALOG_ROLE).
  Once again, thanks.

• End-to-End user authentication with XI

  Dear community,
  we sit in a situation where the customer wants to have an end-to-end-authentication throughout an integration process.
  The setup is as follows: a dialog-user in a legacy system uses an application that triggers an integration process through XI into SAP ERP. The dialog-user in the legacy system must be used for authentication in XI as well as SAP ERP.
  To avoid having to re-create all users in XI and SAP ERP, ideally an LDAP instance would be used for authentication.
  Based on my knowledge, the above scenario is not possible with XI and there is a 2 year old thread discussing the same without any positive outcome:
  XI and user authentication VS R/3 systems
  Nevertheless I consider this requirement as a pretty standard one. Has there been any development in this area - or how have similar customer requirements been met ?
  Thanks a lot in advance !
  Jochen

  Hi Jochen,
  i've heard rumours saying that credential forwarding will be incorporated in the next XI release as it is a rather frequent requirement by customers and will make live much easier.
  Maybe you can get a statement through your clients SAP account representative on the release date and the planned feature.
  Regards
  Christine

• Machine and User authentication with ISE 1.2.1

  Hi ,
  Can any one tell me in machine authentication what access need to be enable DACL for machine logon?
  Can we enable the access on port level ? direct to tcp/udp or ip level what is the best practice.
  Thanks 
  Pranav

  is this what you are looking for EAP Chaining which uses a machine certificate or a machine username / password locked to the device through the Microsoft domain enrollment process. When the device boots, it is authenticated to the network using 802.1X. When the user logs onto the device, the session information from the machine authentication and the user credentials are sent up to the network as part of the same user authentication. The combination of the two indicates that the device belongs to the corporation and the user is an employee.
  http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_80_eapchaining_deployment.pdf

• Machine Authentication and User Authentication with ACS v5.1... how?

  Hi!
  I'm having trouble setting up Machine Authentication and User Authentication on ACS v5.1 using WinXP SP3 (or SP2) as supplicant.
  This is the goal:
  On wireless (preferably on wired too) networks, get the WinXP to machine authenticate against AD using certificates so the machine is possible to reach via for example ping, and it can also get GPO Updates.
  Then, when the user actually logs in, I need User Authentication, so we can run startup scripts, map the Home Directory and so on.
  I have set up a Windows Sertificate server, and the client (WinXP) are recieving both machine and user certificates just fine.
  I have also managed to set up so Machine Authenticaton works, by setting up a policy rule that checks on certificate only:
  "Certificate Dictionary:Common Name contains .admin.testdomain.lan"
  But to achieve that, I had to set EAP Type in WinXP to Smart Card or other Certificate, and then no PEAP authentication occurs, which I assume I need for User Authentication? Or is that possible by using Certificates too?
  I just don't know how to do this, so is there a detailed guide out there for this? I would assume that this is something that all administrators using wireless and WinXP would like to achieve.
  Thank you.

  Hello again.
  I found out how to do this now..
  What I needed to do was to add a new Certificate Authentication Profile that checks against Subject Alternative Name, because that was the only thing I could find that was the same in both user certificate and machine certificate.
  After adding that profile to the Identity Store Sequences, and making tthe appropriate rule in the policy, it works.
  You must also remember to change the AuthMode option in Windows XP Registry to "1".
  What I really wanted to do was to use the "Was Machine Authenticated" condition in the policies, but I have never gotten that conditon to work, unfortunately.
  That would have plugged a few security holes for me.

• Performing User authentication with php server

  How to perform user authentication and keep track of logged
  in users ? I have the login form saved in one AIR page. I could do
  an ajax request to authenticate the user. However, how to keep
  track of the user after being logged in, so that when moving to
  other pages, he doesn't need to login again ?

  Hi,
  Cookies work in an Adobe AIR HTML application. You can use
  cookies to track your session.

• User authentication with NT

  I am having a problem when trying to connect to an Oracle8i
  Enterprise Server running on a WinNT machine.
  When I connect from inside the server all works fine, Oracle
  looks for the user info in NT, and I can login without having to
  provide a username/password.
  But, when trying to do the same from some Win95 clients with
  have, all attempts fail, returning the error "ORA 12638:
  Credential retrieval failed".
  If I change the sqlnet.ora file in the clients, commenting out
  the line "SQLNET.AUTHENTICATION_SERVICES = (NTS)", I can login in
  the database form the clients, but only as users that are NOT in
  the NT user base (such as SYS or SYSTEM, which work fine without
  the (NTS) option ).
  Is this a configuration problem (I really don't think so) or a
  problem with authentication from a Win95 client in the NT domain
  (I think this is most probable)? Unfortunately, I don't have a NT
  4 Workstation around to test this issue...
  Thanks for any help! (And yes, I tried every step I could find in
  the documentation, and got no results...)
  null

  Notice the error:
  Login failed for user 'Domain\ReplicationUser'. Reason: Attempting to use an NT account name with SQL Server Authentication.
  When you setup your agent security, in the section "Connect to the Publisher and Distributor", you selected the option "Using the following SQL Server login", however, you entered a Windows login and password.
  You need to fix your agent security and specify "By impersonating the process account" if you plan on running under the context of the process account (Windows account), or, specify "Using the following SQL Server login" and enter a valid SQL login.
  Brandon Williams (blog |
  linkedin)

• Oracle Apps User Authentication with Active Directory

  Greetings,
  I am running Oracle Apps 12.1.1 using native login authentication. What I would like to do is set it up so that it uses our Active Directory to authenticate users. Does anyone know if there is an easy way to configure this or do I need to use OIM to accomplish it?
  Thanks

  Have a look here
  http://www.oracle.com/products/middleware/identity-management/docs/db-users-roles-management-whitepaper.pdf

• Any recommendations or templates for User authentication with Flash sites?

  Looking to register, validate email registration and autheticate users to restrict access to individual accounts.  Does anyone have recommendations or templates?  It seems there would be a template out there that is generic for this purpose.

  Looking to register, validate email registration and autheticate users to restrict access to individual accounts.  Does anyone have recommendations or templates?  It seems there would be a template out there that is generic for this purpose.

• Weblogic & JNDI Data Source with proxy user.

  We're trying to use Oracle proxy user authentication on a data source configured in WebLogic 10.3.6, however, we want to approach it in a programatic way. So we want to obtain the DataSource, and set the proxy related properties inside the application.
  We came up with the following snippet:
  Hashtable<String, Object> env = new Hashtable<String, Object>();
  env.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
  env.put(Context.PROVIDER_URL, "t3://10.1.1.10:7003");
  env.put(Context.SECURITY_PRINCIPAL, "weblogic");
  env.put(Context.SECURITY_CREDENTIALS, "weblogic");
  Context context = new InitialContext(env);
  javax.sql.DataSource ds = (javax.sql.DataSource) context.lookup("ds_puser");
  OracleConnection oconn = (OracleConnection) ds.getConnection();
  The problem comes up when we try to cast the connection to OracleConnection, the thing is that the returned type is actually a 1036_WLStub.
  How can we avoid that type or cast to it to something useful? I found this reference on Oracle forums and he's being able to cast it directly:
  Re: My problem in using weblogic Datasource and proxy user
  Can someone help us out?
  Thanks a lot in advance!
  Edited by: 990800 on 27-feb-2013 13:26

  A DataSource is an Interface. What the code gets from the jndi tree is some concrete object that
  the code doesn't need to know the name of, or anything specific about it, as long as it implements
  the DataSource Interface, which it successfully casts to, to allow calling the methods defined in the
  DataSource Interface. If you call for a plumber, you don't need to know his name as long as you
  can get a plumber, and can call the "Fix this leak" method, defined in the Plumber Interface.

• 802.1x PEAP Machine Authentication with MS Active Directory

  802.1x PEAP Machine and User Authentication with MS Active Directory:
  I have a simple pilot-text environment, with
  - Microsoft XP Client,
  - Cisco 2960 Switch,
  - ACS Solution Engine (4.1.4)
  - MS Active Directory on Win 2003 Server
  The Remote Agent (at 4.1.4) is on the same server as the MS AD.
  User Authentication works correctly, but Machine Authentication fails.
  Failed machine authenticaton is reported in the "Failed Attempts" log of the ACS SE.
  The Remote Agent shows an error:
  See Attachment.
  Without Port-Security the XP workstation is able to log on to the domain.
  Many thanks for any indication.
  Regards,
  Stephan Imhof

  Is host/TestClientMan.Test.local the name of the machine? What does the AAA tell for you the reason it fails?

• Simple Authentication with SMP 10.1 and FMS 3.5

  Good day all,
  I am looking to add simple authentication to the SMP player for use with FMS 3.5. I recently came across a technical paper published by Adobe titled, "Video content protection measures enabled by Adobe Flash Media Interactive Server 3.5". Within this document are three examples of user authentication with code samples. I am starting with the "simple" client verification using a unique token authentication key method first.
  I've noticed that SMP doesn't have any FMS security mechanisms built-in at least that I've been able to identify in the documentation or feature specs. Did I miss something? I am looking for assistance in getting started with adding this feature to SMP. So my question is where could I add the client side Actionscript within the SMP structure?
  I'd very much like to hear about others' experiences with adding security mechanisms to SMP used with FMS.
  Thank you.

  Andrian - Thank you for the quick reply. I'm gald SMP has support for the playback of protected content. Is there more documentation than this demo on this topic?
  I'll explain what I'm doing. I am implementing SMP as the default video player application used in online courses at the Savannah College of Art and Design. Identifying the player and implementing its use in our production workflow is the first step in a strategy to deliver a better video experience and leverage the scalibility and flexibility of SMP. On the back end integration with our FMS I have been asked to implement some user authentication. We don't need to re-auth the students as they have already been authenticated through our LMS. What is desired is each player instance authenticates with our server to prevent stream ripping.
  The simple user token authentication key example from the linked document seems to best suit this intial need.