Questions about ADF Authentication

Similar Messages

• Question about ADF BC security

  Frank:
  I was looking at Xtanto's inquiries and your response and this brought up something. I was under the impression that you can use the database to store userid and user information. However, passwords, roles etc have to be defined in system-jazn-data.xml and web.xml for security to work. Am I missing something? I was under the impression that you need system-jazn-data.xml for all the good stuff.
  Please direct me to the section of the doc where this is explained.
  Thanks

  Hi,
  ADF Security requires jazn-data.xml or OID. If you do container managed security where authentication and authorizationis handled by the container then this can be from database tables using custo JAAS LoginModules.
  Xtantos question crossed the two options
  Frank

• SSRS reports inside SPO 2013 - Question about ADFS

  Our SPO 2013 Tenant is secured by ADFS Claims Based.
  I understand SSRS integrated is not available for SPO 2013. 
  We want to allow links from SPO 2013 to SSRS Reports that authenticate with the same ADFS tokens - so no prompting.  
  Possible? If so, what do we need?
  Possible to provision the SSRS server in ADFS? What versions of SSRS will allow this?

  Well, should we move this to the Power Query forum and try it there?
  Thanks!
  Ed Price, Power BI & SQL Server Customer Program Manager (Blog,
  Small Basic,
  Wiki Ninjas,
  Wiki)
  Answer an interesting question?
  Create a wiki article about it!

• A Question about ADF Faces, File Uploading in distributed environment

  Hello,
  I am using ADF Faces for my project. In my project members will be able to create their albums and upload their photos..
  The problem is that i can do upload in a single server enviroment but i dont know what will happen when count of members will grow.. What is the best way
  for managing these photos in clustered enviroment. 1 Server will not be enough if too many people upload their photos.
  I do not have exact server number because i will add additional server nodes when it will be necessary, so i must think how to do that before production.
  Do you advice me to use XML or keep addresses of photos in database? Or anything else? As i mentioned, i dont know how many servers i will have... maybe 1 maybe 5 maybe 10.
  Thanks for your helps..

  Hi,
  First of all, thanks for your replies..
  Actually i do not want to keep all of videos and photos in database. Keeping them in directories will be better for me but i do not know how to share them between multiple server nodes..
  This is the thing that i have never done before..
  Can you please tell me the terms & keywords that i need look for? So i can find some documents about making this happen.
  Thanks again..

• ACS Radius Question about Request Authenticator Field

  Hi, I did a little bit reading about Radius to understand more in deepth
  if I understand correctly the Request-Authenticator-Field in the Radius-Request Packet is just a random number and has nothing to do with the configured shared secret on AAA-Client.
  That would mean that ACS does not check the shared secret in an incoming request.
  So in case of CHAP Authentication the password in the request is not encrypted with the shared secret, ACS can successfully check the credentials from the request , though the shared secret between ACS and AAA-client does not match and will send a Radius Accept packet
  The Response-Authenticator-Field in the Radius-Accept Packet is a MD5 over (Code+ID+Length+RequestAuth+Attributes+SharedSecret)
  So if the the shared secret does not match the AAA-Client will recongize this and will not grant access.
  Is that true so far.
  I always thougth that shared secret must match, otherwise the ACS will not accept any radius-request?
  Thx
  hubert

  Hi Nicholas,
  pls see attached a packet-capture from 6 Radius-request of a AAA-Client (small Radius-Test-SW) and the answer from ACS
  1 PAP wrong key correct Password -> ACS logs failed auth
  2 PAP correct key correct Password -> ACS logs success auth
  3 CHAP wrong key correct Password -> ACS logs success auth
  4 CHAP correct key correct Password -> ACS logs success auth
  5 CHAP wrong key wrong Password -> ACS logs failed auth
  6 CHAP correct key wrong Password -> ACS logs failed auth

• Question about Container Authentication

  I have a very simple question. All the Authentication methods provided by the container requires modification of web.xml or other xml files to add new users, roles etc.lots So it seems unsuitable for a very dynamic application wherein lots of user either join or leave. I wish to know whether it is possible to use database or other sources (other than xml files) in tandem with container authentication thereby eliminating use of xml files for authentication.
  regards,
  nirvan.

  You can use user groups in those XML instead of using directly user names, then even users join or leave you application they will inherite the group autorizations

• Question about ADF Menu Navigation

  i create an adf application, include ADF Menus for Page Navigation.
  i found the URL displayed in the browser always show previous page when switch between different tabs.
  http://dl.dropbox.com/u/6517186/Application14.7z
  this is the application I've created.when click tab1,it shows view2 url. click tab2,it shows view1 url.
  not sure if there is mistake in my configuration? or a adf issue? thanks

  Use redirect option to create a new browser URL for the view activity.
  So try adding a <redirect/> tag in the site-menu.xml as:
  <view id="view1">
  <page>/view1.jspx</page>
  <redirect/>
  </view>
  <view id="view2">
  <page>/view2.jspx</page>
  <redirect/>
  </view>
  Edited by: umesh.agarwal on May 10, 2012 2:06 AM

• Urgent questions about NTLM authentication

  Hi all.
  In our customers side, we have this scenario.
  One windows 2000 active directory as domain controller - server1
  One WAS EP - server2
  WAS EP user database is point to the server1.
  When end user login in windows domain, user open the IE, write on the WAS EP url, user will login in WAS EP automatically and do not needs to input password.
  The problem is now windows AD ldap field - officeName is mapped with WAS EP userid, not windows AD ldap field - userid is mapped with WAS EP userid.
  But currently user login in windows domain using their windows AD ldap field - userid and password, not officeName.
  How can I implement it ?
  When user login in windows domain, the authentication will transfer it to officeName and login in Portal, is this solution can be implemented ?
  Thanks a lot.

  This may not be the exact answer but may put you in the right direction.
  http://help.sap.com/saphelp_nw04/helpdata/en/98/9b2f41893a6e24e10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/0b/d82c4142aef623e10000000a155106/frameset.htm
  Regards
  Juan

• Question about Message Authentication Code (MAC)

  Can a MAC detect if someone altered or replace a message? Also, can someone delete a message?

  A MAC can detect tampering, assuming it's a strong MAC (like SHA1), and assuming you use it correctly.
  Frankly, it's the second part that is most likely to stymy you. It's easy to get strong algorithms; using them well is much, much more difficult.
  A MAC is absolutely useless for detecting if a message has been deleted. In fact, detecting missing messages is an intractible problem. You can increase the odds of noticing a missing message, but you can never guarantee it.

• Question about ADF JClient applications

  I have a View object based on an Entity object that represents an activity done and that has an ID of a worker that does it as a foreign key. I would also like to show the worker's name on the form, but that is an attribute not included in the View object or the Entity object. Is there an equivalent of an Oracle Forms WHEN-VALIDATE-ITEM trigger in a JClient form that would permit me to do so?
  Milos

  Milos,
  a View Object can be based on one or many Entity Objects. You can create a ViewObject that shows content from two tables, including the table containing the name of the worker. Alternatively you could use a query when creating a new attribute for the ViewObject that obtains the name of the worker. This would be a transient attribute.
  You may find the following web page helpful
  http://radio.weblogs.com/0118231/stories/
  Same for
  http://radio.weblogs.com/0118231/stories/2004/09/23/notYetDocumentedAdfSampleApplications.html
  Frank

• Question about ADF Table's detailStamp component..

  Hi,
  I've written a skin... The thing is I want that table placed inside detailStamp component to have a bit lower height rows than the containing table.. but keeping the same skin. Is it possible somehow? It's very urgent..

  Hi
  thank you for reply.
  indeed i used that weblog before , one i used and i am happy with is that tab menu system.
  just create a xml file and your menu with enough security is ready to go.
  but i can not understand how i should use this example method for my own requirement.
  so let me explain what i need to do :
  I have a javascript based menu in my web application.
  one its item is that a user click on it and he /she can see his/her transactions.
  so it is a javascript menu and not a command button or command link.
  and i can not use any java code when user select that item (maybe it is possible to use java code but i do not now how i can do it).
  when user select transactions item , application will open /faces/transactions.jsp .
  now in transactions.jap i have a table that i should user transactions to him . but i do not know how to filter the view object when this page is going to be opened.
  i searched and asked and i found that i should use bind variable and.... .
  now i declared a bind variable for userID in transaction view but i do not know how i can set value of this variable .
  what i thought is :
  1-set the variable in java code of viewObject , for example in its constructor .
  2-write some scriptlet in transactions.jsp to set value of that variable.
  3-maybe jdev has some drag drop / wizard stuff to bind that variable in query to the variable in managed bean.
  as this view is allways filtered with that userID for each session i think if i could bind it to userID property of managed bean my problem will be solved.
  which of the above way is correct way to do ?
  thanks

• Question about setting cookies and custom authentication

  I have a question about setting cookies.
  I have two different 'projects' in HTMLDB - we will call them App1 and App2.
  I also have two different connection configurations setup in the DADs.conf file. - we will call them Connect1 and Connect2.
  App1 is setup to use database authentication (no user is specified in the DAD) and uses Connect1. Once the user successfully logs in, we set a username cookie (this is a persistent connection).
  We created a custom authenticatoin scheme for App2 - this scheme checks for the username cookie (set by App1). We would like for App2 to use Connect2 (HTMLDB_PUBLIC_USER is the default user specified and it uses connection pooling).
  Is it possible to set a cookie from App1, Connect1 for App2, Connect2 - then redirect to App2 and pick up that cookie?
  Here is an example of what we are trying to accomplish:
  A user loggs into App1, we set a cookie, and the user is redirected to App2. If the cookie exists, we allow them access to the home page in App2, if no cookie, we redirect back to a 'Login Failed' page in App1. We don't want App2 to use the same database connection as App1 though, we need App2 to use connection pooling.
  Is this possible? OR...Is there a better way to accomplish what we want to do?
  This is an enhancement to an existing app. Our requirements are to use Database Authentication (setup where pass expires after 60 days or so, cannot reuse last 3 passwords, etc.) - which is already setup and being used by other applications in our organization. All of our users have accounts in the database. We don't want users to have a new username/pass - and we don't want to manage a separate group for HTMLDB apps.
  The existing application uses HTMLDB's built in authentication - which uses database username/pass, and it uses connection pooling, but we cannot handle the pass expire stuff in it, unless there's something we're not seeing or understanding - at least that's how our DBA explained it to us.
  Any help with this will be appreciated so much. I can send you the code we have if needed.
  Thanks!

  Same problem here.  I have so many problems with this remote app.  Is there an iTunes API? I would like to write my own remote app that actually works.

• Question about Tutorial: Developing RIA Web Applications with Oracle ADF

  I'm learning about ADF and JDeveloper:
  According to the tutorial, after I've bound the data controls for the top right panel and bottom right panel, the bottom panel should always show the employee selected from the collection above.
  However when I do the instructions, the employee information in the bottom right employee area never changes regardless if I select a different employee in the top panel collection.
  I can't figure out why the top and bottom panels don't link together. I'm using the same View in both panels....
  I'm using Build JDEVADF_11.1.1.1.0_GENERIC_090615.0017.5407
  Thanks in advance for any suggestions!
  Rob

  The mechanism that synch the two section of the page is called partial page rendering.
  It should work if you follow the instructions in the tutorial, but if it doesn't it is quite easy to fix:
  In the structure pane, select the Form component that surrounds the employees update section
  Then look at the properties inspector for a property call partial trigger
  Click the arrow on the right of it to select edit - and navigate your page hierarchy to choose the table component.
  An example is here:
  http://blogs.oracle.com/shay/2008/05/master_with_two_details_on_the.html

• Questions about using Bitlocker without TPM

  We currently use Bitlocker to encrypt our Windows 7 computers with TPM. Now we are looking at encrypting some Windows 7 computers without a TPM. I see how to change the group policy setting to allow Bitlocker without a TPM. I have looked at a lot of other
  threads and I have a few questions about how the Bitlocker without TPM works.
  1) I see a USB drive containing a key is required for Bitlocker configurations without a TPM, say the end user loses this USB drive, what are the recovery options for their computer? 
  This article seems to indicate that without the USB drive connected, you are unable to even access recovery options http://blogs.technet.com/b/hugofe/archive/2010/10/29/bitlocker-without-tpm.aspx
  We have recovery backed up to AD when Bitlocker is enabled, but how could we do this recovery on a computer on computer where it's USB is lost? Would we have to remove the HD itself and attach it to another computer to access?
  2) After enabling Bitlocker on a computer without a TPM and using the USB Drive for the key, is there a way to also add a PIN or password protection at bootup?

  Hi,
  Sorry for my dilatory reply, 
  Configuring a startup key is another method to enable a higher level of security with the TPM. The startup key is a key stored on a USB flash drive, and the USB flash drive must be inserted every time the computer starts. The startup key is used to provide
  another factor of authentication in conjunction with TPM authentication. To use a USB flash drive as a startup key, the USB flash drive must be formatted by using the NTFS, FAT, or FAT32 file system.
  You must have a startup key to use BitLocker on a non-TPM computer.
  From: http://technet.microsoft.com/de-de/library/ee449438(v=ws.10).aspx#BKMK_Key
  For more Q&A about BitLocker, you can refer to the link above.
  hope this is helpful.
  Roger Lu
  TechNet Community Support

• Few questions about apex + epg and cookie blocked by IE6

  Hi,
  I would like to ask a few questions about apex and epg.
  I have already installed and configured apex 3.2 on oracle 10g (on my localhost - computer name 'chen_rong', ip address -192.168.88.175 ), and enable anonymous access xdb http server.
  now,
  1. I can access 'http://chen_rong' , 'http://localhost' , 'http://192.168.88.175' without input username / password for realm 'XDB' in IE6;
  2. I can access 'http://localhost/apex/apex_admin' , 'http://192.168.88.175/apex/apex_admin' , and I can be redirected into apex administation page after input admin/<my apex admin password> for realm 'APEX' in IE6;
  3. I can access 'http://chen_rong/apex/apex_admin' in IE6, but after input admin/password , I can not be redirected into administation page, because the cookie was blocked by IE6.
  then, the first question is :
  Q1: What is the difference among 'http://chen_rong' , 'http://localhost' , 'http://192.168.88.175' ? I have already include site 'chen_rong' into my trusted stes! why the cookie was blocked by IE6. I have already tried firefox and google browser, both of them were ok for 'chen_rong', no cookie blocked from site 'chen_rong'!
  and,
  1. I have tried to use the script in attachment to test http authentication and also want to catch the cookie by utl_http .
  2. please review the script for me.
  3. I did:
  SQL> exec show_url('http://localhost/apex/apex_admin/','ADMIN','Passw0rd');
  HTTP response status code: 401
  HTTP response reason phrase: Unauthorized
  Please supplied the required Basic authentication username/password for realm XDB for the Web page.
  Web page http://localhost/apex/apex_admin/ is protected.
  MS-Author-Via: DAV
  DAV: 1,2,<http://www.oracle.com/xdb/webdav/props>
  Server: Oracle XML DB/Oracle Database
  WWW-Authenticate: Basic realm="XDB"
  Date: Tue, 04 Aug 2009 02:25:15 GMT
  Content-Type: text/html; charset=GBK
  Content-Length: 147
  ======================================
  PL/SQL procedure successfully completed
  4. I also did :
  SQL> exec show_url('http://localhost/apex/apex_admin/','ANONYMOUS','ANONYMOUS');
  HTTP response status code: 500
  HTTP response reason phrase: Internal Server Error
  Check if the Web site is up.
  PL/SQL procedure successfully completed
  SQL> exec show_url('http://localhost/apex/apex_admin/','SYSTEM','apexsite');
  HTTP response status code: 401
  HTTP response reason phrase: Unauthorized
  Please supplied the required Basic authentication username/password for realm APEX for the Web page.
  Web page http://localhost/apex/apex_admin/ is protected.
  Content-Type: text/html
  Content-Length: 147
  WWW-Authenticate: Basic realm="APEX"
  ======================================
  PL/SQL procedure successfully completed
  my second questions is :
  Q2: After I entered into realm 'XDB', I still need went into realm'APEX'. how could I change the script show_url to accomplish these two tasks and successfully get the cookie from site.
  the show_url script is as following:
  CREATE OR REPLACE PROCEDURE show_url
  (url IN VARCHAR2,
  username IN VARCHAR2 DEFAULT NULL,
  password IN VARCHAR2 DEFAULT NULL)
  AS
  req UTL_HTTP.REQ;
  resp UTL_HTTP.RESP;
  name VARCHAR2(256);
  value VARCHAR2(1024);
  data VARCHAR2(255);
  my_scheme VARCHAR2(256);
  my_realm VARCHAR2(256);
  my_proxy BOOLEAN;
  cookies UTL_HTTP.COOKIE_TABLE;
  secure VARCHAR2(1);
  BEGIN
  -- When going through a firewall, pass requests through this host.
  -- Specify sites inside the firewall that don't need the proxy host.
  -- UTL_HTTP.SET_PROXY('proxy.example.com', 'corp.example.com');
  -- Ask UTL_HTTP not to raise an exception for 4xx and 5xx status codes,
  -- rather than just returning the text of the error page.
  UTL_HTTP.SET_RESPONSE_ERROR_CHECK(FALSE);
  -- Begin retrieving this Web page.
  req := UTL_HTTP.BEGIN_REQUEST(url);
  -- Identify yourself.
  -- Some sites serve special pages for particular browsers.
  UTL_HTTP.SET_HEADER(req, 'User-Agent', 'Mozilla/4.0');
  -- Specify user ID and password for pages that require them.
  IF (username IS NOT NULL) THEN
  UTL_HTTP.SET_AUTHENTICATION(req, username, password, 'Basic', false);
  END IF;
  -- Start receiving the HTML text.
  resp := UTL_HTTP.GET_RESPONSE(req);
  -- Show status codes and reason phrase of response.
  DBMS_OUTPUT.PUT_LINE('HTTP response status code: ' || resp.status_code);
  DBMS_OUTPUT.PUT_LINE
  ('HTTP response reason phrase: ' || resp.reason_phrase);
  -- Look for client-side error and report it.
  IF (resp.status_code >= 400) AND (resp.status_code <= 499) THEN
  -- Detect whether page is password protected
  -- and you didn't supply the right authorization.
  IF (resp.status_code = UTL_HTTP.HTTP_UNAUTHORIZED) THEN
  UTL_HTTP.GET_AUTHENTICATION(resp, my_scheme, my_realm, my_proxy);
  IF (my_proxy) THEN
  DBMS_OUTPUT.PUT_LINE('Web proxy server is protected.');
  DBMS_OUTPUT.PUT('Please supply the required ' || my_scheme ||
  ' authentication username/password for realm ' || my_realm ||
  ' for the proxy server.');
  ELSE
  DBMS_OUTPUT.PUT_LINE('Please supplied the required ' || my_scheme ||
  ' authentication username/password for realm ' || my_realm ||
  ' for the Web page.');
  DBMS_OUTPUT.PUT_LINE('Web page ' || url || ' is protected.');
  END IF;
  ELSE
  DBMS_OUTPUT.PUT_LINE('Check the URL.');
  END IF;
  -- UTL_HTTP.END_RESPONSE(resp);
  -- RETURN;
  -- Look for server-side error and report it.
  ELSIF (resp.status_code >= 500) AND (resp.status_code <= 599) THEN
  DBMS_OUTPUT.PUT_LINE('Check if the Web site is up.');
  UTL_HTTP.END_RESPONSE(resp);
  RETURN;
  END IF;
  -- HTTP header lines contain information about cookies, character sets,
  -- and other data that client and server can use to customize each
  -- session.
  FOR i IN 1..UTL_HTTP.GET_HEADER_COUNT(resp) LOOP
  UTL_HTTP.GET_HEADER(resp, i, name, value);
  DBMS_OUTPUT.PUT_LINE(name || ': ' || value);
  END LOOP;
  -- Read lines until none are left and an exception is raised.
  --LOOP
  -- UTL_HTTP.READ_LINE(resp, value);
  -- DBMS_OUTPUT.PUT_LINE(value);
  --END LOOP;
  UTL_HTTP.GET_COOKIES(cookies);
  dbms_output.put_line('======================================');
  FOR i in 1..cookies.count LOOP
  IF (cookies(i).secure) THEN
  secure := 'Y';
  ELSE
  secure := 'N';
  END IF;
  -- INSERT INTO my_cookies
  -- VALUES (my_session_id, cookies(i).name, cookies(i).value,
  -- cookies(i).domain,
  -- cookies(i).expire, cookies(i).path, secure, cookies(i).version);
  dbms_output.put_line('site:'||url);
  dbms_output.put_line('cookies:');
  dbms_output.put_line('name:'||cookies(i).name);
  dbms_output.put_line('value:'||cookies(i).value);
  dbms_output.put_line('domain:'||cookies(i).domain);
  dbms_output.put_line('expire:'||cookies(i).expire);
  dbms_output.put_line('path:'||cookies(i).path);
  dbms_output.put_line('secure:'||secure);
  dbms_output.put_line('version:'||cookies(i).version);
  END LOOP;
  UTL_HTTP.END_RESPONSE(resp);
  EXCEPTION
  WHEN UTL_HTTP.END_OF_BODY THEN
  UTL_HTTP.END_RESPONSE(resp);
  END;
  /

  I use oracle database enterprise edtion 10.2.0.3. I have already figured out the epg on 10.2.0.3 to support apex 3.2.
  And as I described above, the apex site works fine for ip address , and localhost. but the cookie will be blocked by IE6, if I want to access the site by 'http://computername:port/apex/apex_admin'. This problem does not occured in firefox and google browser. Could someone give me answer?