Security & authentication  question

Similar Messages

• Weblogic security authentication; question to interact with the realm

  Hi, I have a quick question about weblogic security authentication....
  We are using weblogic 81sp3. We have user-group info in an Novell eDirectory LDAP server.
  Currently, a Novell Authenticator provider is configured under : Security > Realms > myRealm > Providers > Authentication This tells Weblogic from where to get the user and groups. Weblogic caches this information of the logged on users for certain time ( example : 60 secs ) after which it cleans the cache for all inactive users. We want to interact with the Weblogic cache. Add more user profile information to this cache and use it in our application .
  Does somebody know how to programmatically interact with Weblogic user-group cache - read , write , update and delete user-group info in cache and control time to live for the cache ?

  already checked
  TTLCache class which weblogic provides. But they seem to depracetd it
  help ?

• LDAP security authentication in weblogic sp4 (URGENT)

  We have a web application which interacts to the D/B to authenticate a user during our login process. Now we are trying to change the login to LDAP authentication. Here is the List I did on weblogic configuration correct me if this is correct or if am missing any thing.
  1. Created a Realm
  2. Created a NOVELL LDAP Authenticator (configured user, groups, members, Novell LDAP, Details)
  3. Created a X.509 certificates ????? Do I need to create this one for authentication. The only question is I am confused by these parameters and help me out in figuring out these:
  a. filter attributes = cn=$subj.cn
  b. username attribute = cn
  c. userCertificate;binary ??? ( I have a certificate idmtree.der where do I add configuration about this certificate in the console)>>>>>>>>
  d. certificate mapping : ou=user,ou=$subj.ou,o=$subj.o,c=$subj.c (IS THIS CORRECT)
  4. created a new Weblogic Default Authorizer...
  5. created a new Weblogic Default Role Mapper...
  6. created a new Weblogic Default Credential Mapper ...(Do I need to setup my certificate inside this credential mapper or not.)
  7. I made this realm as the DEFAULT realm and started the server
  I get the following exception.
  Initializing RoleMapper provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift.>
  The RoleMapper provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift>
  Initializing Authorizer provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift.>
  The Authorizer provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift>
  Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>
  Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>
  Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>
  Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>
  Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure.>
  Server failed during initialization. Exception:weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
  [java.lang.reflect.InvocationTargetException - with target exception:
  [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]
  weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
  [java.lang.reflect.InvocationTargetException - with target exception:
  [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]
  at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:205)
  at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:262)
  at weblogic.security.service.SecurityServiceManagerDelegateImpl.doATN(SecurityServiceManagerDelegateImpl.java:581)
  at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:420)
  at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.java:700)
  at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:733)
  at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:876)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:734)
  at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:822)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)
  at weblogic.Server.main(Server.java:32)
  >
  ####<Apr 6, 2006 10:42:55 AM CDT> <Emergency> <WebLogicServer> <DXPCHI029398> <myserver> <main> <<WLS Kernel>> <> <BEA-000342> <Unable to initialize the server: weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
  [java.lang.reflect.InvocationTargetException - with target exception:
  [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]>
  ANY HELP on this would be greatly appreciated am totally exhausted seeing these error messages from morning.
  I would like to know if I need a client for connecting to this LDAP authenticator. As am using the Novell API to access the LDAP directory. Let me know, and if so can some one provide me a snippet code.\
  Waiting for response.
  thanks in advance
  kiran

  Hi Christoper,
  Based on your description, this seems to be more of a security related question than a workshop one.
  Please post to the security newsgroup at http://forums.bea.com/bea/category.jspa?categoryID=2011
  with information on service pack installed
  Thanks
  Raj

• Security Authentication in LDAP

  Hi Chris/Raj/All,
  We have one more generic issue. Please help us if possible.
  I am connecting to LDAP Server(Microsoft ADS) from my weblogic workshop 8.1.We are using DirContext and InitialDirContext(java api) Through the java program I am able to connect to the port 389 by means of simple security authentication.
  Our requirement is for SSL security authentication ie to connect ot port 636.
  From our side we have done the following
  1.We have installed the public certicate in the jre environment(lib/security in both the cacerts and jssecacerts)
  2.We have also installed the cetificate in the ADS Server and enabled the SSL.
  When we try to connect to port 636 with simple authentication we get Communication Exception
  When we try to connect to port 636 with ssl authentication we get AuthenticationNotSupportedException
  We also would like to know whether there is any Authentication Process like password encryption and so on.... to be followed.
  Thanks & Regards,
  Christoper.

  Hi Christoper,
  Based on your description, this seems to be more of a security related question than a workshop one.
  Please post to the security newsgroup at http://forums.bea.com/bea/category.jspa?categoryID=2011
  with information on service pack installed
  Thanks
  Raj

• Simple Public and Private Security Authentication Authorisation

  Simple question:
  I have an application with public access (No Authentication)
  I want to Authenticate just one administration page with a logon screen. What do I need to do?
  Do I use Page Authentication or Page Authorization on the restricted page?
  Please spell out the steps in clear detail.
  Also what is the difference between Application Authentication and Application level Authorization. They seem identical in function to me.
  regards
  Paul P

  Paul - Building on what Jos said, you might have an application that used SSO for authentication and for which you wanted to block access to certain classes of users during certain time periods. For this, an application-level authorization scheme could be useful, checking the authenticated user's organizational role/job code and the other criteria dictating the application availability.
  For your case, I recommend that you make the application use an authentication scheme that is suitable for controlling access to the admin page(s) and then set the Security (Authentication) attribute of every other page to 'Page Is Public'.
  Scott

• Forget security authentication answer!

  iphone6
  Forget security authentication answer, he said you are the frist time to check out in iphone 6, you should answer the security questions,but i forget the answer.
  how i do?

  https://iforgot.apple.com

• Security/session questions

  Hi,
  I have some security/session questions for you guys.
  My application uses flex, blazeds and spring. I use RemoteObjects to initiate calls from flex to java. The application consists of a login screen and 'other screens' available only to authenticated users after login. When the user logs in the server stores user credentials on the FlexContext (FlexContext.getFlexSession().setAttribute). So if the server timeout is reached and the user presses 'refresh' the user is thrown out and the login screen appears.
  Question 1: How can I check if the timeout is reached when the user makes a call to the server, without checking manually against the FlexContext. Are there any config parameters to set?
  Question 2: Is it necesssary to check against the user credentials in the session for every flex-to-server call? (I guess someone can omit the login screen and do a manual call)
  Question 3: If the answer to question 2 is yes, how can I check against the session credentials? The only way I can think of is calling a method which checks the session attribute manually, but then I have to remember to add this method call to each of the methods called from flex through Blazeds. Is it, for example, possible to call the user-logged-in method before the method given in the RemoteObject is called? (If not authenticated, do not run method).
  Hope someone got the time to help me out.

  I appreciate your answer, but as you yourself write, I think there must be a blazeDS way. But as nobody with extensive BlazeDS knowledge answers this post, I probably have to google this topic even more.
  Following are the main changes in my application: (Introducing spring security)
  Everything seems to be working as it should. But as already stated, I'm a newbie. So if anybody see something suspicious, let me know.
  The main problem I had implementing Spring Security was something that should be easy, but somehow it was not: the loading of the context files. Before introducing the spring security I only had one application-context file, and this was loaded by the DispatcherServlet. When introducing security I tried to add this to the same file. It did not work. Then I tried splitting up the files, and loading both using DispatcherServlet. It did not work. Then I tried loading both using ContextLoaderListener. It did not work. Finally I found the solution. Flex settings must be loaded by the DispatcherServlet, and spring security settings must be loaded by ContextLoaderListener. This work. I don't know if this is the only solution.
  On the server:
  web-xml:
  <context-param>
          <param-name>contextConfigLocation</param-name>
          <param-value>
              /WEB-INF/config/web-application-config.xml
              /WEB-INF/config/web-application-security.xml
          </param-value>
      </context-param>
      <filter>
          <filter-name>springSecurityFilterChain</filter-name>
          <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      </filter>
      <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>
      <listener>
          <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
      </listener>
      <servlet>
          <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
          <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
          <init-param>
              <param-name>contextConfigLocation</param-name>
              <param-value>/WEB-INF/config/flex-application-config.xml</param-value>
          </init-param>
          <load-on-startup>1</load-on-startup>
      </servlet>
  flex-application-context:
  <flex:message-broker>
          <flex:secured/>
      </flex:message-broker>
  web-application-context:
  I had to implement my own authentication mechanism. Had to compare the username/password against an object attribute. So this bean is not mandatory, but I think you have to write down username/password/role in flex-application-context if not provided.
  <bean id="customAuthenticationProvider" class="packagename.CustomAuthenticationProvider">
          <security:custom-authentication-provider/>  
  </bean>
  web-application-security:
  <http entry-point-ref="preAuthenticatedEntryPoint" />
      <beans:bean id="preAuthenticatedEntryPoint"
          class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint " />
      <!-- Securing the service layer -->
      <global-method-security>
          <protect-pointcut expression="execution(*package.ServiceImpl.*(..))" access="ROLE_USER"/>
      </global-method-security>
  On the client:
  private function login():void {
      var cs:ChannelSet =  ServerConfig.getChannelSet(loginRemoteObject.destination);
      var token:AsyncToken;
      token = cs.login(username, password);
    // Add result and fault handlers.
    token.addResponder(new AsyncResponder(loginResultHandler, loginFaultHandler));
  private function logout():void {
      var cs:ChannelSet =  ServerConfig.getChannelSet(loginRemoteObject.destination);
      var token:AsyncToken = cs.logout();
    // Add result and fault handlers.
    token.addResponder(new AsyncResponder(logoutResultHandler, logoutResultHandler));

• Seeking confirmation/clarification around "secure authentication"

  Sun Java(tm) System Messaging Server 6.3-3.01 (built Jul 12 2007; 32bit)
  libimta.so 6.3-3.01 (built 20:00:00, Jul 12 2007; 32bit)
  SunOS xxx 5.10 Generic_125101-05 i86pc i386 i86pc
  I have a question about security of passwords.
  My users' mail clients are configured to use SSL with either POP or IMAP. The SSL decryption is done on my load balancer, so my MMP is not configured for SSL.
  It is my understanding that passwords, along with message traffic, are encrypted between the client and the load balancer by virtue of the SSL configuration. Is that correct?
  One user is getting a message (from pine) that "SECURITY PROBLEM: insecure server advertised AUTH=PLAIN". Is there any merit to implementing secure authentication?
  Thanks.

  Hi,
  esb2000 wrote:
  My users' mail clients are configured to use SSL with either POP or IMAP. The SSL decryption is done on my load balancer, so my MMP is not configured for SSL.
  It is my understanding that passwords, along with message traffic, are encrypted between the client and the load balancer by virtue of the SSL configuration. Is that correct?
  IF the client is configured to connect to an SSL port (993/995) and that port is SSL encrypted then this statement is correct.
  One user is getting a message (from pine) that "SECURITY PROBLEM: insecure server advertised AUTH=PLAIN". Is there any merit to implementing secure authentication?These are contradictory statements. First you say that the clients are configured to use SSL and then you say pine complains about an 'insecure server'. You need to determine whether:
  -> Pine is connecting to the load-balancing SSL port directly and not using some kind if SSL tunnelling on the local system so 'Pine the application' doesn't actually see that the connection is encrypted.
  -> Pine is connecting to an SSL port (995/993) and not the unencrypted non-SSL ports (110/143) - perhaps it is configured to contact the MMP's directly and bypass the load-balancer.
  -> Pine is broken and reports issues that don't exist.
  Regards,
  Shane.

• Authentication questions I never answered

  when I try to buy something from my itunes account with my iphone it asks for authentication questions that I have never seen or answered before. How can I fix this?ASu

  You need to ask Apple to reset your security questions. To do this, click here and pick a method; if that page doesn't list one for your country or you're unable to call, fill out and submit this form.
  (120440)

• Authentication Question in SAP IDM 7.1

  Hi All,
  I am currently working on SAP IDM 7.1 , My requirement is to set authentication question in SAP IDM and enforce the same at the first time login of the user. Presently I am setting my authentication question answer in OOB attributes -- MX_AUTH_Q01   - Q05.
  For the first time login user i am getting the default password change screen , thereafter i need to enforce Set Authentication for every user , logged in for first time. Please, suggest if SAP provides any feature like this to  set authentication question, at the time of login. Thanks in advance
  Regards
  Swati Pandey

  Hi Christian,
  I have implemented the security question using the same concept i.e by limiting access to process throgh access control.  Now, my requirement is to store Dynamic question in user profile, i.e users can store his/her own custom question /answer. Do we have any such facility in sap idm, presently the auth question provided are static for each user profile.
  Thanks
  Swati Pandey

• WSUS Sync is not working Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. --- System.Security.Authentication.AuthenticationException: The remote

  I know there are loads of posts with same issue and most of them were related to proxy and connectivity .
  This was case for me as well (few months back). Now the same error is back. But I've confirmed that FW ports and proxy are fine this time around.
  server is configured on http port 80 
  ERROR
  Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid
  according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS
  I've checked proxy server connectivity. I'm able browse following site from WSUS server
  http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8
  I did telnet proxy server on the particular port (8080) and that is also fine.
  I've doubt on certificates, any idea which are the certificates which we need to look? And if certificate is expired then (my guess) we won't be able open the above mentioned windows update catalog site?
  Any tips appreciated !
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

  Hi Lawrence ! - Many thanks for looking into this thread and replying. Appreciate your help.
  Your reply  ("SSL is enabled/configured, and the certificate being used is invalid
  (or the cert does not exist or cannot be obtained), or the SSL connection could not be established.") is very helpful.
  I've already tested CONTENT DOWNLOAD and it's working fine. WSUS Sync was also working fine for years with proxy server configured on port (8080) and WSUS server on port 80.
  My Guess (this is my best guess ;)) is this something to do with Firewall or Proxy side configuration rather than WSUS. However, I'm not finding a way to prove this to proxy/firewall team. From their perspective all the required port communication open and
  proxy server is also reachable. More over we're able to access internet (Microsoft Update Catalog site) over same port (8080).
  Any other hints where I can prove them it's a sure shot problem from their side.
  Thanks again !!
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

• Not able to get rid of security-related questions in runtime

  Hi,
  I am simply using NetBeans 6.0.1 and the emulator QwertyDevice and the emulator platform WTK 2.5.2 for CLDC.
  I have chosen Alias as trusted in the signing option in the project configuration page. however still I am getting security confirmation questions in runtime to access the local files for instance.
  Would anyone please advise me how to get rid of that?
  Also I have deployed the application on SonyEricsson k800i and would like to get rid of the security confirmations on that device as well. What is the guideline?
  Thank you

  Right clicking on it is not even an option, just hovering over it seems to induce a "nuclear" reset of the whole desktop and graphic card on the iMac.
  Have meanwhile found a possible solution by erasing the dock preference file in the user/library/preferences folder to reset the dock to it's default state. Will try this out through a Skype conversation with that Buddy.
  Was seen here :
  https://discussions.apple.com/message/16447109#16447109
  Thank you for stepping in. Good to know that people are still willing to help in this community.
  Greetz to the UK from France

• Security upgrade question - Getting 6.1.6 downloaded to iphone.

  Security upgrade question - I have a 4S phone v6.01 with an upgrade to IOS 7.04 already downloaded and ready for install.  I would like to install the 6.1.6 security upgrade instead. How do I delete the ios7 in the queue or have the 6.1.1 pushed as an option to the phone?

  You can't install iOS 6.1.6 on that device and must update it to 7.0.6.
  (101120)

• How to verify "security authentication failure rate" command

  i type "security authentication failure rate 2 log" in global configuration mode,then  login authentication failed many times but no the 15-second delay.
  why?Thanks.

  Steven,
  This command did NOT come in play till 12.3.1
  Command History
  Release
  Modification
  12.3(1)
  This command was introduced.
  12.2(27)SBC
  This command was integrated into Cisco IOS Release 12.2(27)SBC.
  12.3(7)T
  The range of the threshold-rate value was changed from 1 through 1024 to 2 through 1024.
  Usage Guidelines
  The security authentication failure rate command provides enhanced security access to the router by generating syslog messages after the number of unsuccessful login attempts exceeds the configured threshold rate. This command ensures that there are not any continuous failures to access the router.
  Regards,
  Alex.
  Please rate useful posts.

• IDM Password Reset Authentication Questions

  Hi,
  We are implementing Password Self Service using IDM 7.1, everything is set up and we have tested and were able to reset password for users to connected target systems. we are now doing some cosmetic changes before going live, like
  setting up new authentication questions and changing existing questions from IDM.
  In total we have 10 questions and the way we set it is
  Minimum number of validation questions = 5
  No. of questions to show = 3
  No. of answers required = 3
  After setting all 10 questions, i took a new test id who was never set with a profile and set its profile with 5 random questions answers out of 10 and saved it, went back to   /idm/pwdrest  and entered the unique id which is the user id and the 3 challenge questions it showed up were not the ones i set my answers to.
  Why is it prompting the questions for which i have not set answers to ?
  Can anyone tell me if i am missing any config creating these attributes ?? or its the way IDM works ??
  Thanks.

  Greetings,
  It has been my experience that the system will show any of the available questions when a user has not had any answers set. Sometimes, there is a disconnect with the Unique ID entered and the user ID stored in the identity store and it just cannot find the stored answers. As long as the additional question attributes you created follow the existing convention, they should be fine.
  I would start by looking at what question attributes you have commited for the user and which ones show in the pwdreset task screen for the user. You can also run the guided task several times with the same ID to see what rotation of questions you see to see if it is going through all 10 or only a certain subset.
  Do you have a self-service task configured to set the question answers?
  Thanks,
  Jared