SAML - USer Principal mapped on a SAML attribute - How to do ???

Dear security experts,
I have configured on my weblogic platform a Sender vouches SAML profile.
I am trying to map the UserPrincipal (the one I get from the webServiceContext in my web service) to a SAML attribute (different from the SAML subject).
I have written a class that implement the interfaces SAMLIdentityAssertionNameMapper and SAMLIdentityAssertionAttributeMapper .
Here is an overview of the simplified implementation :
public String mapNameInfo(SAMLNameMapperInfo info, ContextHandler handler) {
return "user2";
public void mapAttributeInfo(Collection<SAMLAttributeStatementInfo> attribStmts, ContextHandler contextHandler) {
Set<Principal> principals = new HashSet<Principal>();
principals.add(PrincipalFactory.getInstance().createWLSUser("user1"););
((SecurityTokenContextHandler)contextHandler).addContextElement(ContextElementDictionary.SAML_ATTRIBUTE_PRINCIPALS, principals);
After weblogic has loaded my SAML assertion, I can see in the log that my uibject has two User Principal : user1, user2. When I call getUserPrincipal in my webservice, I always get "user1". I need to get "user2".
Why mapNameInfo() always has the priority ? Is it the good way to implement this mechanism ?
Thanks for your help.

Gyan:
How is that possible? If you import the VOImpl inside EOImpl, the import statement is ok. But how would you use that? There is no findViewObject method? The OADBTransaction class that I can use has only findObject method that one can use and I tried that but wasn't successful. Shouldn't you have to import OAApplicationModule and a host of other classes? Is that even possible?
I thought about the entity expert approach but I don't have a need to execute any query. I just need to refer to the view attribute from within the EOImpl. That's what I am looking for. If there is a way to refer to a view attribute from within the EOImpl without having to populate that attribute in a session/transaction variable that would be a better solution for me because there may be more attributes that I need from different VOs later on and everytime I need some VO attribute I don't have to create and populate a session/transaction variable.
Please let me know if it can be done. Can you please elaborate more on your proposal? I really appreciate your time and help. Thanks!
- Muzammil

Similar Messages

  • OIF SAML Attribute Mappings

    Looking for ideas:
    Trading partner requires us to send 4 attributes in our SAML 2.0 assertion (staticID, firstName, lastName, EmployeeID). We will be providing the same value for staticID and EmployeeID.
    When we configure Attribute Mappings within OIF, if we map the same LDAP attribute (employeenumber) for staticID and EmployeeID, only one of the attributes gets included in the SAML assertion. (3 attributes included in assertion rather than 4)
    If I map staticID to employeenumber and EmployeeID to <some other attr> all 4 attributes are included in assertion.
    Is there a way to make this happen? Does this violate a SAML standard?

    I am surprised that it is working. According to the following note:
    314948.1: How can I determine what SAML attribute fields are case sensitivity?
    the LDAP attributes specified should be in lowercase to work. Did you try specifying both fields in lowercase (employeenumber)?
    You should pose this question to Oracle.
    -shetty2k

  • SAML attribute mapper

    Hi,
    I am having an issue developing an attribute mapper for my SAML 1.1 scenario using Sun Access Manager 7.1 patch 1 (war deployment installer) as the IDP. It is deployed on Sun Java System Web Server 7.0U1 (B06/12/2007 21:15) for Solaris 10 x86.
    My class looks something like this:
    package matt.saml.sample;
    import java.util.ArrayList;
    import java.util.List;
    import java.util.Set;
    import com.iplanet.sso.*;
    import com.sun.identity.saml.assertion.*;
    import com.sun.identity.saml.common.SAMLException;
    import com.sun.identity.saml.plugins.PartnerSiteAttributeMapper;
    import com.sun.identity.idm.AMIdentity;
    import com.sun.identity.idm.IdRepoException;
    import com.sun.identity.idm.IdUtils;
    import org.w3c.dom.Document;
    public class TestSiteAttributeMapper implements PartnerSiteAttributeMapper {
        public List getAttributes(SSOToken token, String targetURL) throws SAMLException {
            //...code
            return list;
    }So, I put TestSiteAttributeMapper in the classpath and configured the Site Attribute Mapper. Now when I try SSO with SAML, attributes aren't passed through the assertion plus I get this in the amSAML debug log:
    SAML Service Manager: PartnerUrl List:siteattributemapper=matt.saml.sample.TestSiteAttributeMapper
    10/07/2008 12:14:41:518 PM EDT: Thread[service-j2ee-3,5,main]
    ERROR: SAMLServiceManager:Invalid site attribute mapperI tried compiling the class with the amserver/WEB-INF/lib/am_services.jar(the one AM is using) in the classpath.
    Also, I had to add amserver/WEB-INF/lib/am_services.jar(plus I added a couple other am_*.jar files) to the Web Server classpath, in the JVM settings to get rid of an error I was seeing in the web server logs:
    [05/Oct/2008:19:36:31] failure ( 3746): for host 192.168.200.1 trying to GET /amserver/SAMLPOSTProfileServlet, service-j2ee reports: Stand
    ardWrapperValve[SAMLPOSTProfileServlet]: PWC1406: Servlet.service() for servlet SAMLPOSTProfileServlet threw exception
    java.lang.NoClassDefFoundError: com/sun/identity/saml/plugins/PartnerSiteAttributeMapper
            at java.lang.ClassLoader.defineClass1(Native Method)
            at java.lang.ClassLoader.defineClass(ClassLoader.java:620)
            at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
            at java.net.URLClassLoader.defineClass(URLClassLoader.java:260)
            at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
            at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
            at java.security.AccessController.doPrivileged(Native Method)
            at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
            at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
            at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1461)
            at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
            at java.lang.Class.forName0(Native Method)
            at java.lang.Class.forName(Class.java:164)
            at com.sun.identity.saml.common.SAMLServiceManager.setValues(SAMLServiceManager.java:788)
            at com.sun.identity.saml.common.SAMLServiceManager.init(SAMLServiceManager.java:266)
            at com.sun.identity.saml.common.SAMLServiceManager.getAttribute(SAMLServiceManager.java:1015)
            at com.sun.identity.saml.servlet.SAMLPOSTProfileServlet.getDestSite(SAMLPOSTProfileServlet.java:242)
            at com.sun.identity.saml.servlet.SAMLPOSTProfileServlet.doGet(SAMLPOSTProfileServlet.java:118)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:796)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
            at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
            at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:86)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:217)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
            at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
            at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187)
            at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
            at com.sun.webserver.connector.nsapi.NSAPIProcessor.service(NSAPIProcessor.java:160)
    [05/Oct/2008:19:36:32] warning ( 3746): CORE3283: stderr: Exception in thread "Thread-29" java.lang.NullPointerException
    [05/Oct/2008:19:36:32] warning ( 3746): CORE3283: stderr:       at com.sun.identity.saml.common.SAMLServiceManager.getAttribute(SAMLServic
    eManager.java:1017)
    [05/Oct/2008:19:36:32] warning ( 3746): CORE3283: stderr:       at com.sun.identity.saml.servlet.POSTCleanUpThread.run(POSTCleanUpThread.j
    ava:101)I didn't really think that I should have had to add the jar to the classpath, considering it is in the WEB-INF/lib folder.
    In summary, my questions are:
    1. What am I doing wrong in implementing this attribute mapper that causes it to be invalid?
    2. Why did I have to add that jar to the classpath to remove that NoClassDefFoundError? Isn't it already in the classpath?
    Thanks in advance,
    Matt

    ok i fixed my issue. removing all additional jars from the class path, and putting my class under amserver/WEB-INF/classes got it working.
    I guess it's a classpath context issue

  • Define a SAML Attribute whose value is not in any data store

    I attempting to define a SAML Attribute in Sun OpenSSO Ent 8.x, whose value is not in any data store. I need to assign static text. The SP requires a unique value for all assertions under the same company. This is their method to help ensure an employee and assertion are for the correct data. For example,
    <saml:Attribute Name="AccountID">
    <saml:AttributeValue>ref-193749900</saml:AttributeValue>
    </saml:Attribute>
    I have not found a way with the OpenSSO admin portal. Any assistance would be appreciated.
    Thanks.

    Any response to this? I have the same need.

  • Capturing SAML attribute in OSB proxy

    Hi,
    We have a requirement of extracting one of the SAML attributes sent to our proxy service and send it to the business service as one of the SOAP body elements.
    I have done the following things:
    - Created the business service based on particular WSDL
    - Created the proxy service based on same WSDL and applied the policy oracle/wss10_saml_token_service_policy as per our requirements
    - In the Security tab of proxy service, i have checked the option 'Process WS-Security Header' as i want to restrict the access to my proxy service based on SAML subject that we recieve
    Following is the SAML header that i am using to test the OSB proxy from Soapui 2.0.2. I have to capture the saml:NameIdentifier from the below SAML assertion i receive. When i use $header variable i am unable to get this. But when i uncheck 'Process WS-Security Header' i am able to get the value but authentication is not working. So i think 'Process WS-Security Header' should always be checked.
    Please let me know asap on how can i extract saml:NameIdentifier from the request received in proxy service. Is there anyway to intercept the request to proxy just like SOAP handlers?
    <saml:Assertion AssertionID="Id-00000127f49c1cf3-0000000000900e24-2" IssueInstant="2010-04-19T00:40:24Z" Issuer="www.oracle.com" MajorVersion="1" MinorVersion="1" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <saml:Conditions NotBefore="2010-06-16T00:40:24Z" NotOnOrAfter="2010-06-21T00:40:24Z"/>
    <saml:AttributeStatement>
    <saml:Subject>
    <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">weblogic</saml:NameIdentifier>
    <saml:SubjectConfirmation>
    <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
    </saml:SubjectConfirmation>
    </saml:Subject>
    </saml:AttributeStatement>
    </saml:Assertion>
    Thanks
    Siva

    Hi Siva,
    We have a requirement of extracting one of the SAML attributes sent to our proxy service and send it to the business service as one of the SOAP body elementsI think your requirement is not to do the authentication then why are you checking the option 'Process WS-Security Header'?
    If 'Process WS-Security Header' check-box is selected then it will process and consume the security headers and enforces the message level access control policies on the incoming message (This is called an Active Intermediary Proxy Service). if you don't select it the proxy will be pass-through and OSB will not make any modification to the security headers, encrypted body parts, etc (this is called a Pass-Through Proxy Service)
    I think in your case you require a pass-through proxy service.
    To know more about pass-through/active intermediary proxies and their configuration in OSB, please refer section "Configuring Proxy Service Message-Level Security" on below link -
    http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/security/message_level.html#wp1077884 ()
    Regards,
    Anuj

  • Read SAML attributes in Proxy service

    Hi,
    I need to read SAML attributes in a proxy service in OSB. But the SAML is not available.
    The client call a service with encrypted SAML im Header, but when I read the header in Proxy service, the SAML is no more available.
    Client call with:
    Authorization: Basic MTAyOjw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+CjxzYW1sMnA6UmVzcG9uc2UgSUQ9IlJlc3BvbnNlX2YzY2ZkZjM5NWIyNzI3ZWFhZWEyZDlhYTRkMWNhY2RhNzgzNGMxZWMiIElzc3VlSW5zdGFudD0iMjAxMi0wOC0zMFQwNjoyMDoyMC43MDNaIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5uZXZpc0F1dGg8L3NhbWwyOklzc3Vlcj48c2FtbDJwOlN0YXR1cz48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbDJwOlN0YXR1cz48c2FtbDI6QXNzZXJ0aW9uIElEPSJBc3NlcnRpb25fM2MxYzZlZGM1NWQ4ZDVhN2QzNmQ2NTkzMzlmMzgxNzBhOWU1Mzk0NiIgSXNzdWVJbnN0YW50PSIyMDEyLTA4LTMwVDA2OjIwOjIwLjM4OVoiIFZlcnNpb249IjIuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+PHNhbWwyOklzc3Vlcj5uZXZpc0F1dGg8L3NhbWwyOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KPGRzOlNpZ25lZEluZm8+CjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KPGRzOlJlZmVyZW5jZSBVUkk9IiNBc3NlcnRpb25fM2MxYzZlZGM1NWQ4ZDVhN2QzNmQ2NTkzMzlmMzgxNzBhOWU1Mzk0NiI+CjxkczpUcmFuc2Zvcm1zPgo8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyI+PGVjOkluY2x1c2l2ZU5hbWVzcGFjZXMgUHJlZml4TGlzdD0ieHMiIHhtbG5zOmVjPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybT4KPC9kczpUcmFuc2Zvcm1zPgo8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4KPGRzOkRpZ2VzdFZhbHVlPnRvUzBGM3lxSjdPTXpUZmYzQ05oVFlvQ0x1Yz08L2RzOkRpZ2VzdFZhbHVlPgo8L2RzOlJlZmVyZW5jZT4KPC9kczpTaWduZWRJbmZvPgo8ZHM6U2lnbmF0dXJlVmFsdWU+ClNjTlJBc0cvY2loSFB2cVRPTHhOSkNOQUhjdVNoU0NCZDQ4UTNDK1ZieHQ3OHVoZDZNbHdVdDhuaDVJc1hJK2k4SldWRFJiMnJVMUYKcGxYeUdrcWRDYWRtcVB5bjRUb00wZ2tLRTF3R05wb1lLYkFtaGl5ZDZyai9yK2E0SEVmUUxvQmxxWTQ4TTBzZWRra1dlY0orcGE1NwppbUM3ekNzWlhWbWFSNzdvZEZPVVhsR1FwNFlpbnlBaExrbVk1QjlkNjVZSE91akh3UFhLTURaT3VwSlExMURIcFE3N1p1WjE5WjNWClRWK2ZkRzl1RThBUmpKYVZobnJSdWdETWVEOWNaYnRDbkRyRWdaeFYwanAvWHB2TTg3cTEwYXNuWFZMaDRwWlA5eCtGSkNQQis4MS8KV21PK2VwRVZSZU0rLy85WU1xdlNTaXBaTXJ1N1AxZGs5K3R3eHc9PQo8L2RzOlNpZ25hdHVyZVZhbHVlPgo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlERERDQ0FmU2dBd0lCQWdJR0FUY3dvTzBVTUEwR0NTcUdTSWIzRFFFQkJRVUFNRll4Q3pBSkJnTlZCQVlUQW1Ob01SUXdFZ1lEClZRUUtEQXRVY21sMllXUnBjeUJCUnpFeE1DOEdBMVVFQXd3b2RISnBkbUZrYVhNZ1EwRWdLR3hqYlRBeE1ERXVZMnh2ZFdRdWRISnAKZG1Ga2FYTXVZMjl0S1RBZUZ3MHhNakExTURrd09EQTBNelphRncweU1qQTFNRGt3T0RBME5ERmFNRGd4Q3pBSkJnTlZCQVlUQW1ObwpNUlF3RWdZRFZRUUtEQXRVY21sMllXUnBjeUJCUnpFVE1CRUdBMVVFQXd3S1lYVjBhRk5wWjI1bGNqQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbWhjRTVWQ0JjVXNwTFVaa1JkRkxETFk2VFBjR3JmbUJmSkVFblVCUXF5MTZ5UG5LZmIKRVNFWjEzQnFCSVNKcEQ0aEpFRWJXZTFvY1hUSWJTSTNRaVE0Z1huMzdraXYwVmZkZmdmcGRDeW9zazIwbmRsWEsxbnFQcmdrREQzNwpSU0h5YXhYWW1QOExEWDF0UHNzbTJPT3lBdWtVcXgxVnJtRDc3SGttMHBuVGxKWWhlODVGZndiQnpQaGtJM3pWa0lZYmF5eHh2QkQrCldURjRZa0pQeUNRQmxxRUZGQ0I3enpsVUhRTzBTZngyK0Q0b3MyVSthbThjTHkvUUNQT2F0N0prQkZ0TXJOME5ZbWpOaEFBNWkyYkMKWHNnWldGNXM4bmZTU0Y4R0JYVWdTcXJyMVdKaHg2YVJ0V2xJcUl2ZFpGSStYbmttRHhiNjNtUDBDdVRmMnUwQ0F3RUFBVEFOQmdrcQpoa2lHOXcwQkFRVUZBQU9DQVFFQWF2YXdzMkFJM0NrZzhwclYrcFVOSGxlanV1aE5ZbEFlZGVFaUs3Z09jb29ScjEvV0N6cDA4cFdjCmE5ZThQWEhGTGJPeHJYMUNyeXA1bW9Xc3ZwRXFQMkhVbFZqK3d3ZWtnZERXVzFzaTdYZWI5YURyTmFvSnJQelp6ZzNvK2ZmaXRMM1EKeWYvRTcwemllZTladG5ZQk1Zc1ZIbituWHJzZlVsYVdjMzdYQzNPaWZtajc1WGYrZ0J0MmM1RUJLay8yV1cwaXlEZTJhQVpubisyNwpKTkU2bGE5SHVqWWlWS3pzMUpzRm5lNWJwT1dJZDZ5MW8rUnZSOVpsb1hSMjVMM2tMekd1ajBlRzdjaTE1eXBjY1o1NDlZaTdHRlhPClJxZTlKVnZPZERGcllCQnpEaHE4TWlEZG1aemVZbFEzS3NNNlU1SjE5ODVDRXJLa0NpNUdUTm9yanc9PTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMjpTdWJqZWN0PjxzYW1sMjpOYW1lSUQ+MTAyPC9zYW1sMjpOYW1lSUQ+PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMi0wOC0zMFQwNjoyMDoyMC4zODlaIiBOb3RPbk9yQWZ0ZXI9IjIwMTItMDgtMzBUMDY6MjU6MjAuMzg5WiIvPjxzYW1sMjpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTItMDgtMzBUMDY6MjA6MjAuMzg5WiI+PHNhbWwyOkF1dGhuQ29udGV4dD48c2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDI6QXV0aG5Db250ZXh0Pjwvc2FtbDI6QXV0aG5TdGF0ZW1lbnQ+PHNhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDI6QXR0cmlidXRlIE5hbWU9ImNsaWVudElkIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+MTAwPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIE5hbWU9InJvbGVzIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyIvPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgTmFtZT0ic2Vzc2lkIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyIvPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgTmFtZT0ibG9naW5JZCI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciLz48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIE5hbWU9InByb2ZpbGVJZCI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjEwMjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PC9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sMjpBc3NlcnRpb24+PC9zYW1sMnA6UmVzcG9uc2U+
    Is the security filtered ?
    Thanks
    Yves

    Hi Sura,
    The number of thread-count configured in your proxy-scheme is the number of concurrent client request that you proxy servers can handle. Ideally your (thread-count * proxy servers) = (clients * max requests). Also, you need to check that the byte/message backlog on the proxy servers is close to zero.
    Hope this helps!
    Cheers,
    NJ

  • How to map single context value attribute to multiple value attributes?

    Hello,
    is there any way to map a single value attribute
    from view's context into several value attributes
    in controller's context?
    The business context of what I want to achieve
    is the following: I have a view which can be called
    in two modes: read only (RO) and read-write (RW).
    The input parameters to the view are the same for
    both modes, however when in RO mode, the view calls
    a different set of web services than when called
    in RW mode. Before calling each of the web services
    I need to populate their context value attributes
    with appropriate input values.
    I know I can do it in Java code, but is it possible
    to do it without any programming (doing it in the
    source code is prone to errors)?
    Any help highly appreciated.
    Greetings,
    Tomek.

    Hi Kishore,
    than you very much for your kind help.
    I have already created a value attribute of type
    boolean and mapped it into the read-only property
    of the UI elements. This however does not solve all
    of the problems... I will describe it with an
    example:
    Let's say the form I want to implement will be
    used to: create (read-write mode), update (read-
    write mode) or show (read-only mode) customer's
    data. The customer's data is complex (lots of
    data, including tree structures).
    The problem is that:
    - when the form is called in read-only mode,
      it should populate its fields with values
      provided by the getCustomerData web service,
    - when the form is called to create a new
      customer (in read-write) mode, it should
      not use the getCustomerData web service.
      Instead it should map the input values
      entered by the user into input parameters
      of the createNewCustomer web service,
    - when the form is called to update customer's
      data, it should first display values returned
      by the getCustomerData web service, and then
      it should map the modified values entered by
      the user into input parameters of the
      updateCustomer web service,
    In all the above cases I must map my view's
    context data to different controller's context
    elements. Doing it directly in the source code
    is not a nice solution. Is there any other
    way to achieve this? 
    Calling a form in different modes in not an
    unusual thing, so I was hoping that maybe
    there are any built-in mechanisms that would
    solve the obove problem...
    Greetings,
    Tomek.

  • Principal mapping across domains -help!

    Hi, I am trying to find a way to authenticate users on a WL6 domain
    and then have these users' principal object mapped across to a
    different domain so that I do not have to re-authenticate them (i.e.
    they are trustworthy). Does anyone know how this is done?
    Thanks, Stephen.

    Have you tried making the system password the same under both domains?
    See
    http://edocs.bea.com/wls/docs70/secmanage/domain.html#1171534
    Regards,
    Jon
    "Stephen" <[email protected]> wrote in message
    news:[email protected]..
    Hi, I am trying to find a way to authenticate users on a WL6 domain
    and then have these users' principal object mapped across to a
    different domain so that I do not have to re-authenticate them (i.e.
    they are trustworthy). Does anyone know how this is done?
    Thanks, Stephen.

  • AD User Recon of Terminal Services Profile Attributes

    I am trying to get some of the Terminal Services Profile attributes to Reconcile to OIM during the AD User Reconciliation scheduled task. Other attributes sync fine, but the Remote Manager is never called to run the Recon vbs script. Looking at the Java for the AD User Recon scheduled task, I can find the method that should be called; getBLOBAttributeValues(). Funny thing is I can't find even one call to that method in any of the java code in the xliADRecon.jar file.
    OIM 9.1.0.2 BP07
    AD Connector 9.1.1.4
    Looup.AD.BLOBAttribute.Values is configured with the attributes to sync
    Lookup.ADReconciliation.FieldMap is configured with the attributes
    The Resource Object has the fields defined for Reconciliation
    The Process Definition has the fields mapped to the Process form attributes
    Everything seems to be in place except there is no call to the getBLOBAttributeValues() method to call the reconciliation script via the remote manager.
    What am I missing?
    And BTW ... Provisioning of the attributes works fine, using the RManager.
    Thanks,
    Bill

    Hi,
    Please go through below article might helpful in your case.
    How to read msTSProfilePath, msTSHomeDrive and msTSHomeDirectory properties from AD (VB.NET)
    http://blogs.msdn.com/b/alejacma/archive/2010/10/13/how-to-read-mstsprofilepath-mstshomedrive-and-mstshomedirectory-properties-from-ad-vb-net.aspx
    Hope it helps!
    Thanks.
    Dharmesh Solanki
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • How to create a user using XML and specifying addional attributes that are objects

    I'm trying to create a user using XML and specifying some attributes that are objects and not sure how to do it. How would I set the DirectoryUserAcl to Public?
    Here's the xml file:
    <?xml version = '1.0' standalone = 'yes'?>
    <SimpleUser>
    <UserName>mike2</UserName>
    <Password>abc123</Password>
    <AdminEnabled>false</AdminEnabled>
    <HomeFolderRoot>/home</HomeFolderRoot>
    <HasContentQuota>false</HasContentQuota>
    <DirectoryUserAcl> ??? </DirectoryUserAcl>
    <DefaultAclBundleAcl> ??? </DefaultAclBundleAcl>
    <HomeFolderPolicyBundleAcl> ??? </HomeFolderPolicyBundleAcl>
    </SimpleUser>

    I figured out the answer:
    <?xml version = '1.0' standalone = 'yes'?>
    <SimpleUser>
    <UserName>mike2</UserName>
    <Password>abc123</Password>
    <AdminEnabled>false</AdminEnabled>
    <HomeFolderRoot>/home</HomeFolderRoot>
    <HasContentQuota>false</HasContentQuota>
    <DirectoryUserAcl classname="SystemAccessControlList" refType="name">Public</DirectoryUserAcl>
    </SimpleUser>
    null

  • User Defined Mapping Problem

    Dear SDNs,
    I write a user defined mapping program under a namespace, and I want to use it in other namespaces by drag and drop instead of importing, is that possible?

    Hi,
    <i>>>>Prakash, I'm a little confused, I think mapping program like java and XSLT can only imported in user defined function in Mapping, isn't it?</i>
    No, you will be importing it under Imported Archive. You will find User Defined Function inside the Graphical Mapping.
    Refer this link for UDF
    http://help.sap.com/saphelp_nw04/helpdata/en/22/e127f28b572243b4324879c6bf05a0/content.htm
    <i>>>>What do you mean by the "F4"? Can you explain it to me ?</i>
    F4 is Value request. In the Interface mapping when you are assigning the mapping program you will click on the "?" button which is nothing but F4. You can also press F4 which is equal to pressing "?"
    Thanks,
    Prakash

  • Cannot add users to mapped third party group

    when i try to add a user to a group i get the following message
    "cannot add users to mapped third party group"

    If a group was mapped in via AD/LDAP/SAP then the users must be added in the 3rd party (AD/LDAP/SAP) you cannot create members inthe CMC. This is by product design. If you want to add members to groups in the CMC they must be enterprise groups only (groups created in the CMC not mapped in from 3rd parties).
    Regards,
    Tim

  • Table that stores the business role and user id mapping

    Hi,
    i want to know the table that stores the Business role and the business role and user id mapping in CRM system.
    Thanks in Advance.
    Regards,
    Pricy

    Hi Mary,
    There is no direct table but there is a way to find it.
    HRP1263 is the table where business roles are stored when maintained at org level. These are stored against the Position.
    For getting user ID and position linkage refer table HRP1001.
    In HRP1001 table use below criteria to get the User and Position.
    OTYPE = CP
    SCLAS = US
    SOBID = User ID
    ENDDA = 31.12.9999
    Get the OBJID
    Query the HRP1001 table again with following
    OTYPE = CP
    OBJID = OBJID from above Query
    ENDDA = 31.12.9999
    SCLAS = S
    SOBID = Thats Position.
    Pass the position to HRP1263 as below.
    OTYPE = S
    OBJID = POSITION
    PROFILE - Thats business role assigned for the given position and user.
    Hope this is helpful.
    Regards,
    Naresh

  • GRC AC 10.0 Maintain Master User ID Mapping

    Hi,
    I try to configure "Maintain Master User ID Mapping" in the transaction
    SPRO->GRC->Access Control
    Example:
    SYSTEM: A
    USER ID: B
    MASTER USER ID: C
    If i try to launch the PSS for the C user, also change the password of the B user?
    This, not working.
    Regards

    Hello Prashant,
    I want to talk to you regarding GRC upgrade / Migration.
    Could you please provide me your contact details or email me on my mail id i.e. [email protected]
    I hope you remember me, we had worked together in Mumbai (CG) around 4-5 years back.
    Regards,
    Atul Rajwade

  • How to create mass users and map them to existing  hrms users

    Hi,
    Im running oracle ebusiness suite 12i . I want to create mass users , and map them to existing hrms users.
    The users I want to create exist in an excel spreadsheet with the columns employee id, user name. They will all be granted the same responsibility. I want to map them to existing hrms users using the employee id key.
    I have read about the package FND_USER_PKG.CREATEUSER and I can loop over it by using sql loader to create a temporary table, but I m lost on how to automatically map them to hrms users as part of the script.
    Any help.
    dula

    Thanks a lot Omka,
    I managed to create the users by running the script:
    declare
    Cursor C1 is
    select d.product_code,b.responsibility_key from FND_USER_RESP_GROUPS_ALL a,fnd_responsibility b,fnd_user c,fnd_application d
    where a.user_id = c.user_id
    and a.responsibility_id = b.responsibility_id
    and b.application_id = d.application_id
    and c.user_name ='JOCHIENG';
    Cursor employee is
    SELECT EMPLOYEE_ID,EMPLOYEE_NAME from eldoret_final;
    BEGIN
    for e in employee loop
    fnd_user_pkg.createuser
    x_user_name => e.EMPLOYEE_NAME
    *,x_owner => ''*
    *,x_unencrypted_password => 'welcome123'*
    *,x_start_date => SYSDATE - 10*
    *,x_end_date => NULL*
    *,x_description => 'CBK Employee'*
    *,X_EMPLOYEE_ID => e.EMPLOYEE_ID*
    fnd_user_pkg.addresp(upper (e.EMPLOYEE_NAME),'PER', 'CBK_EMPLOYEE_DIRECT_ACCESS','STANDARD', 'DESCRIPTION', sysdate, null);
    end loop;
    commit;
    end;
    I had first created the user JOCHIENG and assigned it the responsibility for Self service. So the script just assigns the responsibilities by copying from the one assgined to this user.
    Everything seems ok. However, when trying to log in as the new user, the login error: Login failed. Please verify your login information or contact the system administrator.
    is returned. But I can reset the password using the forms under Security > Define. Even with the correct password, the login doesn't go through.
    Any idea?
    dula

Maybe you are looking for

  • My Address Book and Calendar won't sync

    I have configured in my iPhone settings to sync my mail, contacts and Calendars  with my Google account, and it works when I input new data on my computer, but when I enter new contacts or dates on my iPhone, it doesn't translate to my computer.   Ho

  • Moving a folder from one local root folder to another

    I've used Dreamweaver CS4 to build my website, and I've become basically familiar with the way it works. Now I'm just starting to build a second site - and I've run into a baffling problem. I've defined the new site in the normal way, and created the

  • I have lost all my notes data after restore. Anyone know how to retrieve notes after restore?

    I have lost all my notes data after restore. Anyone know how to retrieve notes after restore? I havent' took any backup of my notes in icloud. The moment I enter the password after restore my notes will be empty. The only option to get notes back is

  • File Adapter Polling issue(Is there critical value of File size )?

    Hi I use File adapter as the Activation to initialize a BPEL process instance .The source data is a kind of Delimited file format.On my PC, when the file size is less than 4M ,everything works fine ,But when the size increased. The BPEL process will

  • Error in BDC_INSERT

    Hello Everyone, i have created a BDC in session method, the screens and all are supposed to be correct and still i am getting this error. "BDC_INSERT, screen .&. is invalid" i am using the same screens in many different programs, so i strongly feel t