Security Authentication in LDAP

Similar Messages

• Error in authentication with ldap server with certificate

  Hi,
  i have a problem in authentication with ldap server with certificate.
  here i am using java API to authenticate.
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
  I issued the new certificate which is having the up to 5 years valid time.
  is java will authenticate up to one year only?
  Can any body help on this issue...
  Regards
  Ranga

  sorry i am gettting ythe same error
  javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
  here when i am using the old certificate and changing the system date means i can get the authentication.
  can you tell where we can concentrate and solve the issue..
  where is the issue
  1. need to check with the ldap server only
  2. problem in java code only.
  thanks in advance

• Weblogic security authentication; question to interact with the realm

  Hi, I have a quick question about weblogic security authentication....
  We are using weblogic 81sp3. We have user-group info in an Novell eDirectory LDAP server.
  Currently, a Novell Authenticator provider is configured under : Security > Realms > myRealm > Providers > Authentication This tells Weblogic from where to get the user and groups. Weblogic caches this information of the logged on users for certain time ( example : 60 secs ) after which it cleans the cache for all inactive users. We want to interact with the Weblogic cache. Add more user profile information to this cache and use it in our application .
  Does somebody know how to programmatically interact with Weblogic user-group cache - read , write , update and delete user-group info in cache and control time to live for the cache ?

  already checked
  TTLCache class which weblogic provides. But they seem to depracetd it
  help ?

• Authentication in LDAP

  help me please ,
  I am using SUNONE 8. 2 with LDAP.
  I am wanting to do the more authentication the mistake happens.
  [#|2006-11-14T15:42:12.391-0200|INFO|sun-appserver-pe8.2|javax.enterprise.system.core.security|_ThreadID=13;|SEC5046: Audit: Authentication refused for [p933396].|#]
  [#|2006-11-14T15:42:12.391-0200|WARNING|sun-appserver-pe8.2|javax.enterprise.system.container.web|_ThreadID=13;|Web login failed: Login failed: javax.security.auth.login.LoginException: LDAP bind failed for uid=p933396,ou=People, o=IGP.|#]In SUN ONE I created Realm LdapRealm like this:
  class Name = com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
  directory = ldap://cd0000ux056:489
  base-dn = ou=People, o=IGP
  jaas-context = LdapRealm
  group-base-dn = ou=Groups
  In my web. xml
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>ldapRealm</realm-name>
        <form-login-config>
           <form-login-page>/sistema/jsp/login.jsp</form-login-page>
           <form-error-page>/sistema/jsp/loginInvalido.jsp</form-error-page>
        </form-login-config>
    </login-config>In my sun-web.xml
      <security-role-mapping>
        <role-name>administrador</role-name>
        <group-name>admin</group-name>
      </security-role-mapping>
      <realm>ldapRealm</realm>In My login.jsp
  <form method="post" action="j_security_check">The where this the mistake? Excuse for my English

  see my page
  <html>
  <body>
  <form method="post" action="j_security_check">
  <table>
  <tr><td>Login:</td>
  <td><input size=15 name="j_username">
  </tr>
  <tr><td>Senha:</td>
  <td><input type="password" size=15 name="j_password">
  </tr>
  <tr><td colpsan="2"><input type="submit" value=" Ok ">
  </tr>
  </table>
  </form>
  </body>
  </html>when one makes the submit the mistake happens above according to the first post.

• How can I implement Authentication in LDAP

  How can I implement Authentication in LDAP.

  Hi,
  If ur using JAAS, then use NTLoginModule in ur conf file and your own defined CallbackHandler for validating and obtaining the Subject (user connected to your domain).
  Remember the user is the one which the code obtains when u login to your Domain based machine.
  Apart from this, Apache Http Server also provides you with a popup window asking for the user's credentials when u set the SSPIDomain in the httpd.conf file.
  httpd.conf
  ========
  <Location /Seet/servlet/ >
  SSPIAuth On
  AllowOverride None
  Order allow,deny
  Allow from all
  AuthName "seet190 auth"
  AuthType SSPI
  SSPIAuth On
  SSPIAuthoritative On
  require valid-user
  SSPIDomain seet190
  </Location>
  seet190 is the domain name
  Actually so far in the Security Forum, u might refer to some of the replies posted for more help but actual LDAP authentication can be done by passing the user's info too.
  HTH,
  Seetesh

• [Solved] Setting Security Provider to LDAP during Deployment

  Hi,
  One of our developers has created an ant script that deploys our application to an Oracle Application Server. Our application requires users to be authenticated via OID, and so we modify the security provider accordingly amd restart the application.
  However, everytime we redeploy the application, the security provider is always "reset" to File Based Authentication. Is there a way in ant or in some other else to set the security provider to LDAP so we don't have to keep changing the security provider and bouncing application whenever we redeploy?
  We've tried creating an orion-application.xml file already with jazn entry set to LDAP. What happens is that this file gets included in the ear file, but when it is deployed, it is placed in the OC4J_HOME/applications/myapp/META-INF directory instead of the OC4J_HOME/application-deployments/myapp directory, which is where the proprietary application deployment descriptor should go.
  Is there something we're missing?
  Cheers,
  Rey

  Hi Thanassis,
  I figured out how to deploy using ant with LDAP as security provider! It's a bit of work though.
  1. Create application.xml because application needs to be deployed as an ear file.
  2. Create orion-application.xml because this will contain the entry of using LDAP instead of xml.
  3. Create a Deployment Plan. This is done in JDeveloper by creating a WAR Deployment Profile, then right clicking it and deploying to an Oracle Application Server. Before actual deployment, JDeveloper will show a dialog for the Deployment Plan. Save the file, and cancel the deployment. You can view the contents of the file in JDeveloper. Make sure the line <jazn provider="LDAP"> exists; otherwise, there was something wrong with the orion-application.xml file.
  4. I edited the Deployment Plan and removed the line for data-sources.xml because I don't want to include one. You can create one alterantively if you don't want to remove this line.
  5. Finally, in the ANT script, add some lines to generate the ear file. Then in the oracle:deploy tag, make sure you use the deploymentplan attribute, and set it to the deployment plan you saved in step 3.
  That's it! Works beautifully!
  Cheers,
  Rey

• WSUS Sync is not working Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. --- System.Security.Authentication.AuthenticationException: The remote

  I know there are loads of posts with same issue and most of them were related to proxy and connectivity .
  This was case for me as well (few months back). Now the same error is back. But I've confirmed that FW ports and proxy are fine this time around.
  server is configured on http port 80 
  ERROR
  Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid
  according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS
  I've checked proxy server connectivity. I'm able browse following site from WSUS server
  http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8
  I did telnet proxy server on the particular port (8080) and that is also fine.
  I've doubt on certificates, any idea which are the certificates which we need to look? And if certificate is expired then (my guess) we won't be able open the above mentioned windows update catalog site?
  Any tips appreciated !
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

  Hi Lawrence ! - Many thanks for looking into this thread and replying. Appreciate your help.
  Your reply  ("SSL is enabled/configured, and the certificate being used is invalid
  (or the cert does not exist or cannot be obtained), or the SSL connection could not be established.") is very helpful.
  I've already tested CONTENT DOWNLOAD and it's working fine. WSUS Sync was also working fine for years with proxy server configured on port (8080) and WSUS server on port 80.
  My Guess (this is my best guess ;)) is this something to do with Firewall or Proxy side configuration rather than WSUS. However, I'm not finding a way to prove this to proxy/firewall team. From their perspective all the required port communication open and
  proxy server is also reachable. More over we're able to access internet (Microsoft Update Catalog site) over same port (8080).
  Any other hints where I can prove them it's a sure shot problem from their side.
  Thanks again !!
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

• RSA authentication with LDAP group mapping

  Greetings,
  I'm trying to set up RSA authentication with LDAP group mapping with ACS Release 4.2(1) Build 15 Patch 3.
  The problem I'm having is that my users are in multiple OU's on our AD tree.  When I only put our base DN in for User Directory Subtree on ACS, it fails with a "External DB reports about an error condition" error.  If I add an OU in front of it, then it will work fine.
  As far as I know, you can only use one LDAP configuration with RSA.
  Any thoughts on this?

  @Tarik
  I believe your suggestion is the only way i'm going to get this to work. I ran across a similar method just this week that I have been working on.
  I was hoping for dynamic mapping with the original method, but I haven't found any way to make it happen.  I have resorted to creating a Radius profile on the RSA appliance for each access group I need.  Using the Class attribute, I then pass the desired Group name to the ACS, i.e. OU=Admins, and that seems to work.
  Thankfully, I have a small group of users that I am attempting to map.  I will only map those who need elevated priviliges to narrow down how many profiles I will have to manually create.  Likewise, our Account Admin will have to determine who gets assigned a particular access group.
  I would still prefer to do this dynamically.
  Scott

• Shared Services External Authentication using LDAP in 9.3.1

  Hi,
  I have installed Hyperion Shared Services with native directory. And now planning to setup external authentication using LDAP. I need some guidance to understanding how the external authentication works.
  Questions:
  1. Is it possible to setup Shared Services to use both Native and LDAP user directory? What I mean is some users will be able to login using Native directory, and some others will need to login using User Directory (external authentication).
  2. For User Directory (say we use LDAP), when the user is added into Shared Services, can they be assigned with Groups created in Native directory? We want to explore to use just the external authentication and define all of the groups within shared services.
  If not possible, can we manage the Groups of the User directory using shared services? How is the groups work with external authentication?
  Any feedback would be much appreciated.
  Thanks,
  Lian

  Hi,
  Yes you can use both Native and external authentication. When you add the external provider the native is left by defaut anyway.
  Yes you can add your external users to native groups. You can also provision the groups in the AD if you wish.
  Gee

• Simple Public and Private Security Authentication Authorisation

  Simple question:
  I have an application with public access (No Authentication)
  I want to Authenticate just one administration page with a logon screen. What do I need to do?
  Do I use Page Authentication or Page Authorization on the restricted page?
  Please spell out the steps in clear detail.
  Also what is the difference between Application Authentication and Application level Authorization. They seem identical in function to me.
  regards
  Paul P

  Paul - Building on what Jos said, you might have an application that used SSO for authentication and for which you wanted to block access to certain classes of users during certain time periods. For this, an application-level authorization scheme could be useful, checking the authenticated user's organizational role/job code and the other criteria dictating the application availability.
  For your case, I recommend that you make the application use an authentication scheme that is suitable for controlling access to the admin page(s) and then set the Security (Authentication) attribute of every other page to 'Page Is Public'.
  Scott

• SAP J2EE Engine -Config Tool authentication test(LDAP only)

  Hello. Can i know what causes the directory server authentication test(LDAP only) in the SAP J2EE Engine config Tool to fail to authenticate.
  Error message i got was: authentication failed: Unprocessed Continuation Reference(s).
  Please advise.

  Hi,
  what kind of directory server are you using?
  I'm not sure but it is possible that your ds uses referrals returns a referral to your client and the client does not follow them. Do you have any referrals configured?
  Cheers

• How to verify "security authentication failure rate" command

  i type "security authentication failure rate 2 log" in global configuration mode,then  login authentication failed many times but no the 15-second delay.
  why?Thanks.

  Steven,
  This command did NOT come in play till 12.3.1
  Command History
  Release
  Modification
  12.3(1)
  This command was introduced.
  12.2(27)SBC
  This command was integrated into Cisco IOS Release 12.2(27)SBC.
  12.3(7)T
  The range of the threshold-rate value was changed from 1 through 1024 to 2 through 1024.
  Usage Guidelines
  The security authentication failure rate command provides enhanced security access to the router by generating syslog messages after the number of unsuccessful login attempts exceeds the configured threshold rate. This command ensures that there are not any continuous failures to access the router.
  Regards,
  Alex.
  Please rate useful posts.

• Authentication ACS LDAP PEAP ?

  Hello
  Could you tell me if its possible to do 802.1X authentication with LDAP server using PEAP MS-CHAP v2 (Machine autentication) ?
  in fact, with Windows external database, its work fine.
  We use only machine authentication with vlan assignement over PEAP.
  Another think, we wan't to use Mac authentication Bypass for printers or other laptop... but we wonder if it could be work with an external Windows database or LDAP ?
  Thanks for your help

  No this isnt possible as LDAP servers do not support MSCHAP v1 or v2.
  You'd need something that can carry a plain text password inside the EAP tunnel - like EAP-GTC

• Security authentication failure error

  Dear All:
  I have a FDM application load data to HFM. Sometimes, when I try to login to the FDM web application, I gor error says "FDM security authentication failture".
  I have to go to the FDM application server and restart the IIS Admin Service or reboot the FDM application server. Then I can login. I wonder why I have to do that. Any help is really appreciated.

  Dear Hyperion experts:
  I  also get the following error when I try to login to FDM web application
  Application
  Error
  Description: An exception occurred during the execution of the current
  web request. Please contact the administrator to review the stack trace in the
  event log for more information about the error.
  Re-start IIS Admin server in FDM server and the error went away. However, it comes back in a few days.
  Thank you in advance for any help.

• Interconnect MQSeries adapter exception MQJMS2013: invalid security authentication

  Hi,
  I get the MQJMS2013: invalid security authentication supplied for
  MQQueueManager in my MQ Series adapter for Oracle interconnect. Is there more
  specific information about this error. Maybe in an IBM user manual.
  Has anybody experience with the IBM MQ Series adapter for Oracle interconnect 9.0.2
  Thanx

  That's an MQ JMS exception, so the MQ JMS documentation would be the best place to find out what it means.
            If I recall correctly, when you're using the MQ JMS API in "bindings" mode -- which is what you're probably doing if your queue manager is on the same machine as WLS -- then MQ does not allow you to supply a username and password. It uses your Unix user ID to authenticate itself to the queue manager in this case.