Replication user node invalidates authentication of user
Hi, we've the following scenario:
1) Users register on pub1 and are automatically logged in
2) The user nodes is reverse replicated to auth (including .token node) to ensure user is created on author and pub2
3) Author replicates back to pub1 and pub2
4) For some reason - still not entirely clear to us - this invalidates the authentication of the user on pub1 and he/she gets timed out
We want to avoid 4. If anyone knows how this can be avoided, please advise. We presume this is happening because the jcr:created date is being overwritten by the replication. I can see a few options but no idea if any of these is feasible:
1) don't overwrite jcr:created with replication
2) don't replicate to originating publisher
3) change authentication such that jcr:created date is not triggering the timeout
Z) we could also just not allow the users to be authenticated right after registration and only allow them to authenticate after replication is finished, but the business requirements are not allowing that. So this is plan Z.
Problem is I have no idea how to implement any of the proposed solutions except z). Anyone with any ideas?
Many thanks,
Katrien
Hi, we've the following scenario:
1) Users register on pub1 and are automatically logged in
2) The user nodes is reverse replicated to auth (including .token node) to ensure user is created on author and pub2
3) Author replicates back to pub1 and pub2
4) For some reason - still not entirely clear to us - this invalidates the authentication of the user on pub1 and he/she gets timed out
We want to avoid 4. If anyone knows how this can be avoided, please advise. We presume this is happening because the jcr:created date is being overwritten by the replication. I can see a few options but no idea if any of these is feasible:
1) don't overwrite jcr:created with replication
2) don't replicate to originating publisher
3) change authentication such that jcr:created date is not triggering the timeout
Z) we could also just not allow the users to be authenticated right after registration and only allow them to authenticate after replication is finished, but the business requirements are not allowing that. So this is plan Z.
Problem is I have no idea how to implement any of the proposed solutions except z). Anyone with any ideas?
Many thanks,
Katrien
Similar Messages
-
Can't start managed server - Authentication for user denied
Greetings,
I have a WebLogic 10.3.6 based domain. The admin server works correctly. Using the admin console, I created a managed server. It is not associated to any machine and I don't use node manager. The managed server listens on localhost:7101 while the admin listens on localhost:7001. Starting the managed server asks for an user/password authentication. Using the same as the one used for the admin console says:
<7 dÚc. 2012 13 h 55 CET> <Critical> <Security> <BEA-090403> <Authentication for
user nicolas denied>
<7 dÚc. 2012 13 h 55 CET> <Critical> <WebLogicServer> <BEA-000386> <Server subsy
stem failed. Reason: weblogic.security.SecurityInitializationException: Authenti
cation for user nicolas denied
weblogic.security.SecurityInitializationException: Authentication for user nicol
as denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.do
BootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:966)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.in
itialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Auth
entication Failed: User nicolas weblogic.security.providers.authentication.LDAPA
tnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.log
in(LDAPAtnLoginModuleImpl.java:251)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(Log
inModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(Log
inModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Truncated. see log file for complete stacktrace
>
<7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
hanged to FAILED>
<7 dÚc. 2012 13 h 55 CET> <Error> <WebLogicServer> <BEA-000383> <A critical serv
ice failed. The server will shut itself down>
<7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
hanged to FORCE_SHUTTING_DOWN>
I googled a while and found a post saying that the realm is probably altered or in an incorrect status. I reset the the admin's credentials using weblogic.security.utils.AdminAccount but this disn't change anything. Of course, upon the managed server creation, I initialized the fierlds user and password in the server starting tab of the admin console.
Many thanks for any help.
NicolasHi,
Have you configured LDAP Authenticator on the server?
If yes, afther the change did you restart both the servers - admin and managed? -
Authentication for user weblogic denied
I am unable to start node managerd server from command prompt.
I installed WebLogic Server Version: 12.1.2.0.0 on Windows 2008 R2 EN Sp1
I started Administration Server succesfully.
C:\Weblogic\Oracle\config\domains\wl_server\bin\startWebLogic.cmd
I created ihale Managed server but I couldn't start Managed Server.
C:\Weblogic\Oracle\config\domains\wl_server\bin
startManagedWebLogic.cmd ihale http://192.168.1.29:7431
I'm getting following error.
####<Dec 25, 2013 12:51:13 AM PST> <Critical> <WebLogicServer> <umman> <ihale> <main> <<WLS Kernel>> <> <> <1387961473813> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:257)
I am able to login administration console same username and password. Username: weblogic Password:xxxxx
I changed the weblogic user password and I tried again. It was unseccesfull.
I created boot.properties file in C:\Weblogic\Oracle\config\domains\wl_server\servers\ihale\security folder.
I put username and password.
After I tried to start ihale managed server, boot.properties file didn't encrypted and managed server also didn't started.
I deleted cache, data, tmp folders except logs folder in \\192.168.1.29\c$\Weblogic\Oracle\config\domains\wl_server\servers\ihale and I tried again. It was unseccesfull.
I found something on https://community.oracle.com/message/10653470
Ganesh says:
Did you restart AdminServer after deleting the LDAP Authentication provider?
I think your managed server is still trying to authenticate user through ldap authentication provider.
Torrado answers:
I found that there was a definition in Security Policy of osb_server1 for an user that belonged to deleted LDAP authenticator.
I deleted it and server started.
Thanks.
How can I delete definition in Security Policy of ihale for an user that belonged to deleted LDAP authenticator?
Could you please help to solve this problem?
Best Regards.Hi,
You can rename the ldap folder in following directory structure.
%Domain_Name% / servers / <servername> / data/
You will find ldap folder try to rename that folder and then please restart the server again.
If you are try to start through nodemanager then rename the nodemanager under following directory.
%Domain_Name% / servers / <servername> / data/.
Try to rename these two folder and restart the nodemanager and start the server again.
It will work for you.
Regards,
Kal -
Secondary Domain Controller Not Authenticating Domain Users
Hi.
I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
DC USA
Installation & replication of AD went fine
India domain users login is damn slow.
When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
Please find the dcdiag results below and any help much appreciated
Performing initial setup:
Trying to find home server...
Home Server = server2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: INDIA\server2
Starting test: Connectivity
......................... server2 passed test Connectivity
Doing primary tests
Testing server: INDIA\server2
Starting test: Advertising
Warning: DsGetDcName returned information for \\server1.tst.mycompany.com, when we were trying to reach
server2.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... server2 failed test Advertising
Starting test: FrsEvent
......................... server2 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after th
replication problems may cause Group Policy problems.
......................... server2 failed test DFSREvent
Starting test: SysVolCheck
......................... server2 passed test SysVolCheck
Starting test: KccEvent
......................... server2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... server2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... server2 passed test MachineAccount
Starting test: NCSecDesc
......................... server2 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\server2\netlogon)
[server2] An net use or LsaPolicy operation failed with error 67,
......................... server2 failed test NetLogons
Starting test: ObjectsReplicated
......................... server2 passed test ObjectsReplicated
Starting test: Replications
......................... server2 passed test Replications
Starting test: RidManager
......................... server2 passed test RidManager
Starting test: Services
......................... server2 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0xA004001B
Time Generated: 02/22/2015 17:10:30
Event String: Intel(R) 82574L Gigabit Network Connection
A warning event occurred. EventID: 0x000727A5
Time Generated: 02/22/2015 17:11:24
Event String: The WinRM service is not listening for WS-Manageme
An error event occurred. EventID: 0x0000271A
Time Generated: 02/22/2015 17:11:24
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not regist
A warning event occurred. EventID: 0xA004001B
Time Generated: 02/22/2015 17:12:41
Event String: Intel(R) 82574L Gigabit Network Connection
A warning event occurred. EventID: 0x000003F6
Time Generated: 02/22/2015 17:19:36
Event String:
Name resolution for the name mycompany.com timed out after none
A warning event occurred. EventID: 0x00001796
Time Generated: 02/22/2015 17:28:54
Event String:
Microsoft Windows Server has detected that NTLM authentication i
his server. This event occurs once per boot of the server on the first time
A warning event occurred. EventID: 0x000727A5
Time Generated: 02/22/2015 17:33:35
Event String: The WinRM service is not listening for WS-Manageme
A warning event occurred. EventID: 0x00001796
Time Generated: 02/22/2015 17:35:54
Event String:
Microsoft Windows Server has detected that NTLM authentication i
his server. This event occurs once per boot of the server on the first time
......................... server2 failed test SystemLog
Starting test: VerifyReferences
......................... server2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValida
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValida
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidat
Running partition tests on : tst
Starting test: CheckSDRefDom
......................... tst passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... tst passed test CrossRefValidation
Running enterprise tests on : tst.mycompany.com
Starting test: LocatorCheck
......................... tst.mycompany.com passed test LocatorChec
Starting test: Intersite
......................... tst.mycompany.com passed test IntersiteHi.
I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
DC USA
Installation & replication of AD went fine
India domain users login is damn slow.
When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
Firstly make sure that you have configured sites and subnets correctly. According to your information which you have two locations, you should have at least 2 sites and 2 subnets associated to them. If you have forgotten to configure subnets of India in your
site and services and assigned them to the India site you are experiencing this issue. Also make sure if clients in India has appropriate network connectivity to the domain controllers in India.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers? -
How to prevent login page in same browser when user is already authenticated
Hello,
I am using Jdev 11.1.1.6 with ADF security implemented in my application.
I have Login.jspx that redirects the user to Home.jspx on successful authentication. User can either enter Login or Home Page URL.
Please consider following scenarios:
a) User is not authenticated in current browser session
a.1) if user enters Home page URL then Login page is displayed and redirected to Home page on authentication
a.2) if user enters Login page URL then Login page is displayed and redirected to Home page on authentication
b) User is already authenticated in current browser session, a new tab is opened and
b.1) if user enters Home page URL then it directly shows Home page (already authenticated)
b.2) if user enters Login page URL then Login page is displayed -- this is the issue, it should either directly take user to Home page or invalidate the existing session and let user proceed with new.
How do I achieve this? Any help is highly appreciated.
Thanks,
JaiThanks Frank and everyone for your help.
I am able to achieve what Frank suggested using phase listener. We don't have a custom phase listener but I created one and instead of configuring at global level, just defined the ControllerClass in the pageDef of my login page.
Code from afterPhase is:
public void afterPhase(PagePhaseEvent pagePhaseEvent) {
if (pagePhaseEvent.getPhaseId() == Lifecycle.INIT_CONTEXT_ID) {
FacesContext fctx = FacesContext.getCurrentInstance();
String viewRootId = fctx.getViewRoot().getViewId();
if ("/pages/login.jspx".equalsIgnoreCase(viewRootId) &&
ADFContext.getCurrent().getSecurityContext().isAuthenticated()) {
try {
String homeViewId = "pages/home.jspx";
ControllerContext controllerCtx = null;
controllerCtx = ControllerContext.getInstance();
String activityURL =
controllerCtx.getGlobalViewActivityURL(homeViewId);
fctx.getExternalContext().redirect(activityURL);
} catch (IOException ioe) {
_logger.logException(ioe);
My only concern here is that I am hardcoding the login and home page url. Is there a better way to implement this?
Thanks,
Jai -
Sudden failed authentications for user@domain
Hello,
We are running 6 ACS 4.1 servers on Windows 2003 Servers. These servers are not the same as the Domain Controllers.
Since many years, we have devices sending their username in the format domain\user and some other use user@domain. Everything was working well in our 6 ACS servers.
Suddenly, this morning, as 06:00:25, on one single server, all the request using user@domain were reported as failed with the follwowing message in the ACS logs: "External DB user invalid or bad password".
We first thought that the DC near the ACS server was the cause of the issue, but we observe that all the other ACS servers could process these user@domain AAA queries without problem. We then rebooted the ACS server and when it went back up, everything was running again like a charm.
We could not find what happened at 06:00:25. There is no Windows Scheduled Tasks at that time, and there is no ACS DB Replication or Backup running at that time neither.
Can someone help us troubleshooting that issue that affected only one single server in an unexpected way ?
Thanks a lot,
David MayorHello Anisha,
I understand that with new installation, such post tasks are required. However, our installation is running in such a state for more than 2 or 3 years. And it is only over the past week that such problem happens twice.
We have also observed one more thing: You know that the main problem started few seconds after 6 AM, in both days when it happened. We observed that between 00:02 (midnight + about 2 minutes) and 01:05 AM, the same problems happens also ! But, at 01:05 AM, the problem automatically goes away without any intervention. However, when it happens again at 6 AM, we have to restart the server, because otherwise it would not automatically recover.
Didn't you find anything else than "error Windows authentication FAILED (error 1326L)" on the full log ?
Thanks a lot,
With my very best regards,
David Mayor -
How to let mmp_smtp support virtual domain authentication by user/pass
my mmp had configured 2 virtual domain ,one is mmp1.soft.com,other is mmp2.soft.com
i can send mail by mmp use the user/pass format : mmp1user/pass , which is sotred in o=mmp1.soft.com,o=isp in ldap,and the format [email protected]/pass which is stored in o=mmp2.soft.com,o=isp in ldap,
but i can't send mail use the format: mmp2user/pass.
the pop is work fine.
the following is my config file:
more PopProxyAService.cfg
default:LdapUrl "ldap://mmp1.soft.com:389/o=internet"
default:LogDir /var/Sun/ims52/mmp-mail2/log
default:LogLevel 10
default:BindDN "cn=Directory Manager"
default:BindPass "soft"
default:BacksidePort 8110
default:ConnLimits 0.0.0.0|0.0.0.0:20
default:VirtualDomainFile /var/Sun/ims52/mmp-mail2/vdmap.cfg
default:DefaultDomain mmp1.oft.com
default:SearchFormat (uid=%U)
default:VirtualDomainDelim @
default:CanonicalVirtualDomainDelim @
default:AuthCacheTTL 1
default:LdapCacheTTL 1
default:HostedDomains yes
more vdmap.cfg
vdmap mmp2 192.192.192.192
mmp2:DefaultDomain mmp2.soft.com
mmp2:BindDN "cn=Directory Manager"
mmp2:BindPass "oft"
mmp2:LdapUrl "ldap://mmp2.soft.com:389/o=internet"
more SmtpProxyAService.cfg
default:LdapUrl "ldap://mmp1.soft.com:389/o=internet"
default:LogDir /var/Sun/ims52/mmp-mail2/log
default:LogLevel 10
default:BindDN "cn=Directory Manager"
default:BindPass "soft"
default:ConnLimits 0.0.0.0|0.0.0.0:20
default:VirtualDomainFile /var/Sun/ims52/mmp-mail2/vdmapsmtp.cfg
default:DefaultDomain mmp2.soft.com
default:SmtpProxyPassword soft..ssl
default:LdapCacheTTL 1
default:SmtpRelays mmp1
more vdmapsmtp.cfg
vdmap mmp2 192.192.192.192
mmp2:DefaultDomain mmp2.soft.com
mmp2:BindDN "cn=Directory Manager"
mmp2:BindPass "soft"
mmp2:LdapUrl "ldap://mmp.soft.com:389/o=internet"
mmp2:LdapCacheTTL 1
mmp2:AuthCacheTTL 1
mmp2:SearchFormat (uid=%s)what's the error with my configuration?
Does the virtual domain is supproted by mmp_smtp,and does user can auth to smtp by user/pass ,but not by user@domain/pass ?
thanks in advance!
nullok,let's discuss with data.
i want to migrate another domain "soft.com" to my current Messaging Server,
i have created the new host domain : soft.com ,and the user "testmail" belongs to that domain.
the following show the process of my login.
220 ESMTP Messaging Multiplexor (iPlanet Messaging Server 5.2 (built Feb 21 2002)
helo soft.com
250 mail2
auth login
334 VXNlcm5hbWU6
dGVzdG1haWw= (which is "testmail" after base64 decode)
334 UGFzc3dvcmQ6
cGFzczR0ZXN0bWFpbA== (which is "pass4testmail" after base64 decode)
535 5.7.8 Bad username or password (Authentication failed).
220 ESMTP Messaging Multiplexor (iPlanet Messaging Server 5.2 (built Feb 21 2002)
helo soft.com
250 mail2
auth login
334 VXNlcm5hbWU6
dGVzdG1haWxAc29mdC5jb20= (which is "[email protected]" after base64 decode)
334 UGFzc3dvcmQ6
cGFzczR0ZXN0bWFpbA== (which is "pass4testmail" after base64 decode)
235 2.7.0 login authentication successful.
mail from:[email protected]
250 2.5.0 Address Ok.
quit
221 2.3.0 Bye received. Goodbye.becase i start the ssl connection for user to send and receive mail ,so i have to use mmp as smtp/pop/imap proxy. i don't want the user of domian "soft.com" need modify any of their mail client after the migration ,that means,the user of domain "soft.com" can login use "testmail",but not "[email protected]".
i don't know whether i have described my question clearly,thanks for endure my lame english~ ! :) -
How to know if user (session) is authenticated in other application (SSO)
Hi folks!
We've deployed various J2EE applications in some OC4J instances. So far the applications used SSO Authentication against OiD (LDAP), but we need a public access application.
The problem is the following: we need a different behaviour in this last application (without authentication characteristics) depending on one user is authenticated within other application that required SSO login.
How could check if current user (session) si authenticated against SSO, for example, in ADF-STRUTS DataAction class?
We tested the gerRemoteUser() method but is only works within the applications requering login.
Please, anyone could guide me?
Mike
Thanks!Hi,
Oracle AS Single Sign ON stores some of the attributes of an authenticated user in a browser cookie - the name of the Cookie is SSO_ID.
You cannot get any information from this Cookie. The Cookie is avaliable only to the Oracle AS Single Sign ON and is meant to be used only by it. You cannot read any useful information from the Cookie as it is higly encrypted.
If you need to know the name of the currently logged in user, your application should be a Partner Application or an External Applciation to Oracle AS Single Sign On.
The reason is simple - you can use your browser to connect to many Websites protected by Oracle AS Single Sign ON. Thus, if your application isn't a Partner or an External Application registered with SSO, your application can't establish a context.
Hence, your application needs to be registered as a Partner Application or an External Application with SSO.
An application which is nto registered with SSO cannot get the User information from SSO. The getRemoteUser() method would always return a null in such cases.
Regards,
Sandeep -
User having all authentication but unable to login in planning why ?
user having all authentication but unable to login why in planning ?
You might need to give some more details.
For example, what kind of provisioning in shared services, under what groups if any, what kind of dimension level access in planning etc? -
How can I tell if a user has already authenticated against AD?
Sorry to begin with if this has been dealt with in another thread already. Ive taken a look around and cant see something that answers my questions exactly. If such a thread exists, please point me in that direction.
We have a product that needs to be installed on a customer site. Its a windows based, web fronted application with a client program on the user's pc and a server side component that handles requests for data. What I need to do is to check if the user has already authenticated against active directory. If so then I dont need to ask for authentication (single sign on).
This is my first look at jndi so Im in the dark about how this should be done. Is there a way to use the user's credentials (is there a token?) to check or do I need a specific login for my application to access the customer AD?
Any tips would be very welcome,
MarkYou may want to refer to the Java Security forum at http://forum.java.sun.com/forum.jspa?forumID=545 for information on Kerberos & JAAS.
There is a also a post in this forum, outlining how to utilise Kerberos, JAAS with JNDI to access Active Directory. JNDI, Active Directory and Authentication (Part 1) (Kerberos)
at http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
Possibly the part you are looking for is the functionality included in the class that implements java.security.PrivilegedAction
Good luck. -
Authenticating a user using JCO
Hi,
I was authenticating a user in SAP using the following code:
System.out.println("\n\nVersion of the JCO-library:\n" + "----
\n"
+ JCO.getMiddlewareVersion());
Properties props = new Properties();
props.put("jco.client.client", "800");
props.put("jco.client.user", "gk1");
props.put("jco.client.passwd", "password");
props.put("jco.client.lang", "EN");
props.put("jco.client.sysnr", "01");
props.put("jco.client.ashost", "172...*");
client = JCO.createClient(props);
// Open the connection
client.connect();
Here, the password for the "gk1" user is "password". Now if I update the password to be "password1" in the code - the user is still authenticated. No matter how many times I add digits towards the end of the password for this user, it still gets authenticated. Any ideas?
ThanksHi Gaurav,
In SAP R/3 system, it takes only 8 digit password for any user. So, it checks upto 8 characters only. No metter how much digits or characters you have appended.
Try to give some other password instead of just appending digits or characters behing "password".
Regards,
Bhavik -
SOA Managed Server "Authentication for user denied" exception
Hello,
I have installed Weblogic and Soa Suite according to the SOA Suite installation "Oracle® Fusion Middleware Quick Installation Guide for Oracle SOA Suite
11g Release 1 (11.1.1)" document.
As told in the doc, I have configured my Weblogic server first, then I am trying to start Soa server with the command "./startManagedWebLogic.sh soa_server1"
But I am getting this error; mucho obrigado!
<Nov 3, 2010 5:35:20 PM EET> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Nov 3, 2010 5:35:20 PM EET> <Critical> <Security> <BEA-090403> <Authentication for user denied>
<Nov 3, 2010 5:35:20 PM EET> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user denied
weblogic.security.SecurityInitializationException: Authentication for user denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User javax.security.auth.login.LoginException: [Security:090301]Password Not Supplied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:250)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
>
<Nov 3, 2010 5:35:20 PM EET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Nov 3, 2010 5:35:20 PM EET> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Nov 3, 2010 5:35:20 PM EET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>Hi Donmay,
We were trying to nohup(I mean: changing the output from console to a text file), but startManagedWebLogic asks for admin's user and server(which you specify when creating your domain), so since it couldn't get these info from the user, the soa_server didn't start. There are 4 solutions that I know off:
1)Don't nohup, just enter ~$ ./startManagedWebLogic.sh soa_server1
2)Specify the user and passwd in startManagedWebLogic. The two variables are WLS_USER and WLS_PW
3)Create a boot.password file in .../domain/bin and in the startManagedWebLogic add this -Dweblogic.system.BootIdentityFile="fileGoesHere" JAVA_OPTIONS (http://blogs.oracle.com/middleware/2010/05/weblogic_not_reading_bootproperties_1111x.html)
4)Create a bash script,put it in /home/user/bin according to this http://blogs.oracle.com/reynolds/2010/03/cold_start.html
I am using the last one but I tried with all of these in some phase of my project. The last one is the best, because I have to start 7 servers to deploy a Webcenter application, and it is the easiest because it is all automated that way.
Sorry for the late reply, I have posted from my phone. -
LDAP Authentication Failed :user is not a member in any of the mapped group
Hi,
I tried to set up the LDAP Authentication but I failed.
LDAP Server Configuration Summary seems to be well filled.
I managed to add a Mapped LDAP member Group: This group appears correctly in the Group list.
But itu2019s impossible to create a User. Although this user is a member of the mapped group (checked with LDAP Brower) , an error message is displayed when I tried to create it (There was an error while writing data back to the server: Creation of the user User cannot complete because the user is not a member in any of the mapped groups)
LDAP Hosts: ldapserverip:389
LDAP Server Type: Custom
Base LDAP Distinguished Name: dc=vds,dc=enterprise
LDAP Server Administration Distinguished Name: CN=myAdminUser,OU=System Accounts,OU=ZZ Group Global,ou=domain1,dc=vds,dc=enterprise
LDAP Referral Distinguished Name:
Maximum Referral Hops: 0
SSL Type: Basic (no SSL)
Single Sign On Type: None
CMS Log :
trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
trace message: LDAP: LdapQueryForEntries: QUERY base: dc=vds, dc=enterprise, scope: 2, filter: (samaccountname=KR50162), attribute: dn objectclass
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 2453 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
trace message: GetParents from plugin for cn=huh\,chen, ou=accounts, ou=users, ou=domain1, dc=vds, dc=enterprise.
trace message: LDAP: De-activating query cache
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
trace message: LDAP: query for DSE root returned 89
trace message: LdapQueryForEntries: incr. retries to 1
trace message: LDAP: Updating the graph
trace message: LDAP: Starting Graph Update...
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
trace message: LDAP: query for DSE root returned 89
trace message: LdapQueryForEntries: incr. retries to 1
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
assert failure: (.\ldap_wrapper.cpp:3066). (pSetAttributes : no message).
trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
trace message: LDAP: LdapQueryForEntries: QUERY base: dc=enterprise, scope: 2, filter: (&(cn=gp-asia)(objectclass=group)(member=cn=huh
, chen, ou=accounts, ou=users, ou=domain1, dc=vds, dc=enterprise)), attribute: objectclass
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
assert failure: (.\ldap_wrapper.cpp:3066). (pSetAttributes : no message).
trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
trace message: LDAP: LdapQueryForEntries: QUERY base: dc=enterprise, scope: 2, filter: (cn=gp-asia), attribute: member objectclass samaccountname cn
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 3109 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
trace message: LDAP: query for DSE root returned 0
trace message: Failed to commit user 'KR50162'. Reason: user is not a member in any of the mapped groups.
trace message: [UID=0;USID=0;ID=79243] Update object in database failed
trace message: Commit failed.+
Can you please help?
JoffreyPlease do this after you verify all permission settings for all the groups the account is associated with. Also, make sure you check the NTFS folder permissions before doing this as well.
Since the same result happens on multiple computers, it is not the profile.
I am recommending you delete the AD account (or rename to backup the account).
It will not effect the users Exchange account, but you will need to link it back to the new AD user account.
You can also delete her profile just to remove it, for the "just in case" scenario.
Don't forget to mark the post that solved your issue as "Answered." By marking the Answer you are enabling users with similar issues to find what helped you. Lewis Renwick - IT Professional -
"Authentication failed. User is already authenticated as a different user."
Hello,
Initially I was not able to log into the Visual Admin. When I logged into the Visual Admin, I got authenication failed. I reset the password of Administrator in the User Administration on the portal. Now I can log into the Visual Admin using the password I just changed on the portal .
I am not able to logon to the portal using "Administrator". I get this message: "Authentication failed. User is already authenticated as a different user."
The URL is somewhat different as this is a production portal: "http://host.com/sld" (/irj/portal)
Does any one have a clue.
Thanks
SrinivasThere were no relevant roles assigned.
-
Hi All,
I have an critical ssue to be solved on Production environemt :(,
we have oim installed on cluster in production(OIM11g installed on server ), the configuration is as mentioned below
cluster 1--oim1,soa1--server1--holds admin server
cluster 2--oim2,soa2--server2--managed server and no admin server
This instance was working fine, we had to restart the server machine for some reason and i am not able to start OIM server :( after that.
following is the exception i get when i start the OIM server , Please help :(
2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.weblogic.listeners.ADFApplicationLifecycleListener] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFApplicationLifecycleListener.preStop. Cleaning up Application caches.
[2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Clean up Application Caches
[2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[*2011-05-13T13:42:30.193+05:30] [wls_oim1] [ERROR] [] [OIM Authenticator] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Error while retrieving user xelsysadm*
*[2011-05-13T13:42:30.224+05:30] [wls_oim1] [ERROR] [IAM-0020011] [oracle.iam.platform.auth.client] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Login Exception encountered when trying to login as admin {0}[[*
*javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied*
at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:199)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:684)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at Thor.API.Security.LoginHandler.weblogicLoginHandler.login(weblogicLoginHandler.java:62)
at oracle.iam.platform.OIMClient.login(OIMClient.java:134)
at oracle.iam.platform.OIMClient.login(OIMClient.java:114)
at oracle.iam.platform.OIMInternalClient.loginAsAdmin(OIMInternalClient.java:69)
at oracle.iam.scheduler.impl.util.SchedulerUtil.getSchedulerService(SchedulerUtil.java:735)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.resetRunningJobStatus(SchedulerStartupServlet.java:247)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.stopScheduler(SchedulerStartupServlet.java:123)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.destroy(SchedulerStartupServlet.java:261)
at weblogic.servlet.internal.StubSecurityHelper$ServletDestroyAction.run(StubSecurityHelper.java:303)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.StubSecurityHelper.destroyServlet(StubSecurityHelper.java:81)
at weblogic.servlet.internal.StubLifecycleHelper.destroyOneInstance(StubLifecycleHelper.java:144)
at weblogic.servlet.internal.StubLifecycleHelper.destroy(StubLifecycleHelper.java:134)
at weblogic.servlet.internal.ServletStubImpl.destroy(ServletStubImpl.java:438)
at weblogic.servlet.internal.WebAppServletContext.destroyServlets(WebAppServletContext.java:3232)
at weblogic.servlet.internal.WebAppServletContext.destroy(WebAppServletContext.java:3192)
at weblogic.servlet.internal.ServletContextManager.destroyContext(ServletContextManager.java:241)
at weblogic.servlet.internal.HttpServer.unloadWebApp(HttpServer.java:461)
at weblogic.servlet.internal.WebAppModule.destroyContexts(WebAppModule.java:1540)
at weblogic.servlet.internal.WebAppModule.deactivate(WebAppModule.java:513)
at weblogic.application.internal.flow.ModuleStateDriver$2.previous(ModuleStateDriver.java:389)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
at weblogic.application.internal.flow.ModuleStateDriver.deactivate(ModuleStateDriver.java:141)
at weblogic.application.internal.flow.ScopedModuleDriver.deactivate(ScopedModuleDriver.java:207)
at weblogic.application.internal.flow.ModuleListenerInvoker.deactivate(ModuleListenerInvoker.java:261)
at weblogic.application.internal.flow.DeploymentCallbackFlow$2.previous(DeploymentCallbackFlow.java:538)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
at weblogic.application.internal.flow.DeploymentCallbackFlow.deactivate(DeploymentCallbackFlow.java:182)
at weblogic.application.internal.flow.DeploymentCallbackFlow.deactivate(DeploymentCallbackFlow.java:175)
at weblogic.application.internal.BaseDeployment$2.previous(BaseDeployment.java:1281)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
at weblogic.application.internal.BaseDeployment.deactivate(BaseDeployment.java:453)
at weblogic.application.internal.EarDeployment.deactivate(EarDeployment.java:58)
at weblogic.application.internal.DeploymentStateChecker.deactivate(DeploymentStateChecker.java:199)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.deactivate(AppContainerInvoker.java:98)
at weblogic.deploy.internal.targetserver.BasicDeployment.deactivate(BasicDeployment.java:263)
at weblogic.deploy.internal.targetserver.BasicDeployment.deactivateFromServerLifecycle(BasicDeployment.java:458)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doDeactivate(DeploymentAdapter.java:74)
at weblogic.management.deploy.internal.DeploymentAdapter.deactivate(DeploymentAdapter.java:215)
at weblogic.management.deploy.internal.AppTransition$6.transitionApp(AppTransition.java:67)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
at weblogic.management.deploy.internal.ConfiguredDeployments.deactivate(ConfiguredDeployments.java:199)
at weblogic.management.deploy.internal.ConfiguredDeployments.undeploy(ConfiguredDeployments.java:191)
at weblogic.management.deploy.internal.DeploymentServerService.shutdownApps(DeploymentServerService.java:195)
at weblogic.management.deploy.internal.DeploymentServerService.shutdownHelper(DeploymentServerService.java:127)
at weblogic.application.ApplicationShutdownService.stop(ApplicationShutdownService.java:106)
at weblogic.t3.srvr.ServerServicesManager.stopInternal(ServerServicesManager.java:495)
at weblogic.t3.srvr.ServerServicesManager.stop(ServerServicesManager.java:316)
at weblogic.t3.srvr.T3Srvr.shutdown(T3Srvr.java:1036)
at weblogic.t3.srvr.T3Srvr.gracefulShutdown(T3Srvr.java:939)
at weblogic.t3.srvr.GracefulShutdownRequest.run(GracefulShutdownRequest.java:41)
at weblogic.work.ContextWrap.run(ContextWrap.java:41)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Thanks in advanceAgreed with all above pointers.
I think you have to raise SR with oracle, because it is prod environment.
If you still want to do some R&D.
1. Also check this URL might help, but not sure.
http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14308/handlinglcm.htm#CIAJCEEF
http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14308/handlinglcm.htm#CIAEFAGF
2. Restart all servers (along with Admin server and DB).
Maybe you are looking for
-
I keep getting a message saying "Canon Quick Menu has stopped working".
To be honest it has always said this since I installed the drivers for my Pixma MG3550. But as I have only done printing to date, I wasn't too bothered. Now I want to scan something and can't do it. I've been on and downloaded the latest drivers too.
-
Please HELP! I am at my wits end!
I keep getting this same email from blackberry and I have been for around 2 months. I get anywhere from 80 to 100 emails per day and I have tried everything to stop it and nothing works. I don't know what else to do and I need help bad! Here is a co
-
URGENT, URGENT - Table not displaying correctly
hi guys I am using a Jtable as a leaf node to a jtree. The table is editable, and displays the cells, but doesnt dislay the header or the left side border of the table. here is my code: Can somebody tell me why ? .. this is urgent. thanks public clas
-
Hi everyone I'm trying to set my ipad to sync via wifi and after following this article http://support.apple.com/kb/PH12314 In step "Disconnect your device from your computer." after I disconnect my device it NOT appear in device pop-up menu and I ha
-
HT4061 my screen went black but it still makes sounds?
my phone out of no where the screen went black yet I still hear text notifications