Security related login credentials

Dear Experts,
Right now we are sending some financial data (vendor payment data)  from R/3 to Bank using XI middleware. Here  FI User will send data from R/3 to XI and from SAP XI to bank. The FI user password can be changed by BASIS people.   Here for the security  point of view and finance information regard is there any way that we can incorparate a secured password functionality (or) role which cannot be controlled by Basis people. if so could anyone please guide me in this regard ..if not any alternative in this regard.
Many thanks in advance,
Balu

For the password aspect, you can consider using trusted RFC for the internal connection and then encrypt the data being sent to the bank. In the trusted RFC case, you control the access via authorizations in the target system and not a password in the source.
Which leads into the second aspect... if your basis folks are not responsible for any role maintenance (e.g. in production...) you can switch their access to display for user and role maintenance.
Of course, you will meet some resistance when doing this...  
My recommendation would be to compensate the "anything can happen and basis always has to solve it..." scenarios with an emergency user procedure. There are a number of cool and less cool ways of going about this so that during "normal" operations the access to roles is restricted.
Cheers,
Julius
ps: Do not close this thread by just posting "s". The comment field is not mandatory! I deleted some of your recent posts of this type and there are some nasty mails in your inbox which the system sends automatically. Please read them.
Edited by: Julius Bussche on Nov 2, 2009 10:12 PM

Similar Messages

  • How to pass login credentials dynamically to secured partnerlink in a BPEL

    Hi,
    I am trying to invoke a secured web service from a BPEL.And requirement is to dynamically pass the username and password . I have done the following steps to pass the login credentials to the partner link.
    Infact I have followed one of the oracle forums.BUT ITS NOT WORKING.
    ====================================================================================================
    1. Imported the xml schema "oasis-200401-wss-wssecurity-secext-1.0.xsd"
    2. Created a variable "SecurityContext"
    <variable name="SecurityContext" element="ns2:Security"/>
    3.Created a copy rule.
    <copy>
    <from>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>myusername</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">mypassword</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    </from>
    <to variable="SecurityHeader"/>
    </copy>
    4. Added the following xml to the invoke operation.
    <invoke name="Invoke_1" partnerLink="UnitHealthService"
    portType="ns1:UnitHealth" operation="queryUnitHealthInfo"
    inputVariable="Invoke_1_queryUnitHealthInfo_InputVariable"
    outputVariable="Invoke_1_queryUnitHealthInfo_OutputVariable"
    bpelx:inputHeaderVariable="SecurityContext"/>
    5. Deployed the BPEL sucessfully.
    6. Output message given by BPEL console is
    <Faulthttp://schemas.xmlsoap.org/soap/envelope/>
    <faultcode>env:Server</faultcode>
    <faultstring>com.oracle.bpel.client.delivery.ReceiveTimeOutException: Waiting for response has timed out. The conversation id is a28500bf6f4d1dc9:- 488f4503:1215f79430f:-7d71. Please check the process instance for detail.</faultstring>
    </Fault>
    7. In the VISUAL flow diagram , message generated by the Invoke activity is as below:
    <summary>exception on JaxRpc invoke: HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Bad response: 401 Unauthorized</summary>
    So FINALLY ITS NOT CONNECTING.
    ====================================================================================================
    When I created the properties and hardcoded the username and password like below, its worked.
    <property name="basicHeaders">credentials</property>
    <property name="basicUsername">myusername</property>
    <property name="basicPassword">mypassword</property>
    Can anyone suggest HOW CAN I DYNAMICALLY PASS USERNAME AND PASSWORD to the secured web service via partner link??
    Thanks,
    Kumar

    I have tried it but itwas not working..
    I am not able to set exactly the copy rules given in that blog as that blog has wsse:password king of assignments where as when I try to assign , I have the asignment like /ns2:password .
    Am I mising something here?
    I have imported only oasis-200401-wss-wssecurity-secext-1.0.xsd.
    Thanks,
    Kumar
    Edited by: GenuineOracle on Jun 2, 2009 5:38 PM

  • Bypassing login credentials--OS X security questions

    I just ran across this article from OS X Daily in 2010. It describes three methods to unlock a Mac without a password and with all user files remaining intact.
    1. Assuming that those techniques work--particularly engaging a new setup procedure--and the comments suggest that they do, why wouldn't OS X login credentials become essentially security by obfuscation instead of security by a strong passphrase?
    2. What happens if File Vault 2 has been enabled?

    Very helpful info! Thank you.
    I also found this, which asserts that File Vault inserts an authentication process before the availability of the keyboard procedures described in the article above.

  • Reusing login credentials with multiple wars

    I have 2 web applications (war files) that are deployed to a single managed server. Both web applications use the weblogic security realm for authentication (configured via Security Realm -> Providers) with the same provider. This means that both applications have the same set of users.
    The first application implements a simple web service (using JAX-WS) that provides 3 or 4 functions.
    The second application is a UI that provides inventory operations (saved to a database) and additionally calls functions from the first web service application.
    I would like the following to happen:
    1 - User logs into the UI application
    2 - User performs an action that calls the web service application
    3 - The UI application uses the login credentials from step 1 to login to the web service application
    4 - The web service application executes the function with the user credentials from step 1
    The reason I would like this is that the web service application has an audit trail of who called the function.
    I have a work around but it is not acceptable, which is to configure a username/password in the UI. The issue is that the web service function is always called with the configured user, regardless of who logs in from step 1.
    Anyone have any ideas on how to deal with this problem?
    Does SSO help in this case?
    Is there a way to reuse the session?

    While logged in as User B, open Keychain Access. Find the password entry for connecting to the mini and delete it.
    Then, try to log in again. User B likely used User A's login info at some point, maybe testing, to connect to the mini, so those credentials were saved in the keychain.

  • Authentication - "Invalid Login Credentials" ? ? ?

    Hey guys,
    Need some help regarding Log in.
    I have a table in the database (table name USER_SECURITY) which has the list of users who are authorized to log in to the application.
    I have to incorporate this in the application page
    Could you please help me with the logic how to go about it in APEX
    Thank You for your help and suggestions
    Jesh

    Hi,
    I did try the link and it helped me understand alot, [ http://djmein.blogspot.com/2007/07/custom-authentication-authorisation.html]
    and I tried an example as mentioned in Duncan Mein's Blog and it did work, but then when I try to use it in my application and entered the username and password it says *"Invalid Login Credentials".*
    Here's the code I used:
    The table was already created in the database: ASQ_USER_SECURITY
    has four columns: USER_ID, USER_ROLE, USER_NAME, PASSWORD
    Created an Application Security Package
    CREATE OR REPLACE PACKAGE app_security_pkg
    AS
    PROCEDURE add_user
    p_user_id IN VARCHAR2,
    p_user_role IN VARCHAR2,
    p_username IN VARCHAR2,
    p_password IN VARCHAR2
    PROCEDURE login
    p_uname IN VARCHAR2
    ,p_password IN VARCHAR2
    ,p_session_id IN VARCHAR2
    ,p_flow_page IN VARCHAR2
    FUNCTION get_hash
    p_username IN VARCHAR2
    ,p_password IN VARCHAR2
    RETURN VARCHAR2;
    PROCEDURE valid_user2
    p_username IN VARCHAR2
    ,p_password IN VARCHAR2
    FUNCTION valid_user
    p_username IN VARCHAR2
    ,p_password IN VARCHAR2
    RETURN BOOLEAN;
    END app_security_pkg;
    CREATE PACKAGE BODY
    CREATE OR REPLACE PACKAGE BODY app_security_pkg
    AS
    PROCEDURE login
    p_uname IN VARCHAR2
    ,p_password IN VARCHAR2
    ,p_session_id IN VARCHAR2
    ,p_flow_page IN VARCHAR2
    IS
    lv_goto_page NUMBER DEFAULT 1;
    BEGIN
    IF UPPER(p_uname) = 'ADMIN'
    THEN
    lv_goto_page := 1;
    ELSE
    lv_goto_page := 1;
    END IF;
    wwv_flow_custom_auth_std.login
    p_uname => p_uname,
    p_password => p_password,
    p_session_id => p_session_id,
    p_flow_page => p_flow_page || ':' || lv_goto_page
    EXCEPTION
    WHEN OTHERS
    THEN
    RAISE;
    END login;
    PROCEDURE add_user
    p_user_id IN VARCHAR2,
    p_user_role IN VARCHAR2,
    p_username IN VARCHAR2,
    p_password IN VARCHAR2
    AS
    BEGIN
    INSERT INTO app_users (USER_ID,USER_ROLE,USER_NAME, PASSWORD)
    VALUES (p_user_id,p_user_role,UPPER (p_username),
    get_hash (TRIM (p_username), p_password));
    COMMIT;
    EXCEPTION
    WHEN OTHERS
    THEN
    ROLLBACK;
    RAISE;
    END add_user;
    FUNCTION get_hash (p_username IN VARCHAR2, p_password IN VARCHAR2)
    RETURN VARCHAR2
    AS
    BEGIN
    RETURN DBMS_OBFUSCATION_TOOLKIT.md5 (
    input_string => UPPER (p_username)
    || '/'
    || UPPER (p_password));
    END get_hash;
    PROCEDURE valid_user2 (p_username IN VARCHAR2, p_password IN VARCHAR2)
    AS
    v_dummy VARCHAR2 (1);
    BEGIN
    SELECT '1'
    INTO v_dummy
    FROM ASQ_USER_SECURITY
    WHERE UPPER (USER_NAME) = UPPER (p_username)
    AND PASSWORD = get_hash (p_username, p_password);
    EXCEPTION
    WHEN NO_DATA_FOUND
    THEN raise_application_error (-20000, 'Invalid username / password.');
    END valid_user2;
    FUNCTION valid_user (p_username IN VARCHAR2, p_password IN VARCHAR2)
    RETURN BOOLEAN
    AS
    BEGIN
    valid_user2 (UPPER (p_username), p_password);
    RETURN TRUE;
    EXCEPTION
    WHEN OTHERS
    THEN RETURN FALSE;
    END valid_user;
    END app_security_pkg;
    When I tried to Create a Test User it worked and added a record in the database
    exec app_security_pkg.add_user ('RS','E','jesh','goodone')
    Create your own Authentication Scheme
    Authentication Function Section: RETURN APP_SECURITY_PKG.valid_user
    Switch on your Custom Scheme: made it “My Auth Scheme”
    Also Altered the Login Process on Page 101
    app_security_pkg.login (P_UNAME => :P101_USERNAME, P_PASSWORD => :P101_PASSWORD, P_SESSION_ID => v('APP_SESSION'), P_FLOW_PAGE => :APP_ID );
    This is pretty much what was there in the Duncan Mein's Blog
    Thank you for having a look at the code
    Appreciate your help
    Jesh

  • Invalid login credentials when install oracle xe

    Hi friends,
    I installed oracle xe version 10.2.0.1.0 correctly, but when i tried to login to adminstration via
    http://localhost:8080/apex
    with sys or system and the password (which i have given during the /etc/init.d/oracle-xe configure)
    It says invalid login credentials
    Please Help me out
    Thanks

    Had same login credentials problem today (and pwd was spelt as it always is). No way was I getting in via frontend or SqlPlus or using any online tip.
    Deinstalled and reinstalled several times according to instructions. Note that ¨/etc/init.d/oracle-xe configure¨ doesn´t re-run unless you update ¨/etc/default/oracle-xe¨ file with ¨CONFIGURE_RUN=false¨
    Now I am into a whole host of connection problems and the database service does not start. Any ideas?
    Listener status:
    root@II-laptop1:/usr/lib/oracle/xe/app/oracle/product/10.2.0/server# lsnrctl status
    LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 22-AUG-2007 17:06:11
    Copyright (c) 1991, 2005, Oracle. All rights reserved.
    Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
    STATUS of the LISTENER
    Alias LISTENER
    Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production
    Start Date 22-AUG-2007 16:53:34
    Uptime 0 days 0 hr. 12 min. 36 sec
    Trace Level off
    Security ON: Local OS Authentication
    SNMP OFF
    Default Service XE
    Listener Parameter File /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/admin/listener.ora
    Listener Log File /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/log/listener.log
    Listening Endpoints Summary...
    (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=II-laptop1)(PORT=1521)))
    The listener supports no services
    The command completed successfully
    Listener logfile:
    Started with pid=8156
    Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=II-laptop1)(PORT=1521)))
    Listener completed notification to CRS on start
    TIMESTAMP * CONNECT DATA [* PROTOCOL INFO] * EVENT [* SID] * RETURN CODE
    22-AUG-2007 16:23:12 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=II-laptop1)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169869568)) * status * 0
    22-AUG-2007 16:28:51 * (CONNECT_DATA=(SID=XE)(CID=(PROGRAM=sqlplus)(HOST=II-laptop1)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=59109)) * establish * XE * 12505
    TNS-12505: TNS:listener does not currently know of SID given in connect descriptor
    22-AUG-2007 16:37:51 * ping * 0
    22-AUG-2007 16:38:16 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=II-laptop1)(USER=oracle))(COMMAND=services)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169869568)) * services * 0
    listener.ora:
    LISTENER =
    (ADDRESS_LIST=
    (ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
    # SID_LIST_<lsnr>
    # List of services the listener knows about and can connect
    # clients to. There is no default. See the Net8 Administrator's
    # Guide for more information.
    SID_LIST_LISTENER=
    (SID_LIST=
    (SID_DESC=
    (SID_NAME=PLSExtProc)
    (ORACLE_HOME=/usr/lib/oracle/xe/app/oracle/product/10.2.0/server)
    (PROGRAM = extproc)
    DEFAULT_SERVICE_LISTENER = (XE)
    tnsnames.ora:
    XE= (DESCRIPTION =
    (ADDRESS_LIST=
    (ADDRESS=
    (PROTOCOL=tcp)
    (HOST=127.0.0.1)
    (PORT=1521)))
    (CONNECT_DATA=
    (SID=XE)
    EXTPROC_CONNECTION_DATA =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC_FOR_XE))
    (CONNECT_DATA =
    (SID = PLSExtProc)
    (PRESENTATION = RO)
    Any help would be greatly appreciated, thanks.

  • Pick the login credentials from text file

    I have written a login code in on-logon trigger. Currently the login credentials are hard coded in it. I want to pick them from properties file (text file). How can i do that?

    This solution is too easy.
    Try Single Sign On if it's possible in your environment. Create an Oracle Internet Directory with the informations needed and run your form against it.
    That's the most secure way you can implement. Don't do it hardcoded or use selfwritten encryptings.
    Gerd

  • Invalid Login Credentials

    I am working on my application and can work on the pages but when I try and log in and run them I'm getting the "Invalid Login Credentials" message. It worked fine Friday and when I got to work this morning it wouldn't run. Any ideas? Help!

    We are getting a blade in approx. two week which will be dedicated to Apex and I will be setting up the production environment. I'm curious about how to set up a development vs. production area and security issues as well. I think Craig and Ron will be here tomorrow and I'll broach the subject with them.

  • Com.sun.security.auth.login.ConfigFile.init(Unknown Source)

    Hello,
    Currently am working with Java SDK BI 4.1 to create stand alone application.
    I have Authentication problem though secWnAD for the below code.
    ISessionMgr sessionMgr = CrystalEnterprise.getSessionMgr();
    enterpriseSession = sessionMgr.logon("xxxxx","xxxxx", "xxxxxxx", "secWinAD");
    Error:
    Caused by: java.io.IOException: Unable to locate a login configuration
    at com.sun.security.auth.login.ConfigFile.init(Unknown Source)
    when I tried to implement the same through VBA I am not getting any error for authentication.
    Kindly help me.
    Regards
    Arun

    Now I have created the two files and
    added the below content
    krb5.ini
    [libdefaults]
        default_realm = xx.COM
        dns_lookup_kdc = true
        dns_lookup_realm = true
    [realms]
    XX.com = {
        default_domain = xxxx.xx.COM
        kdc = xx.COM
    bscLogin.conf
    com.businessobjects.security.jgss.initiate {
      com.sun.security.auth.module.Krb5LoginModule required;
    Now am getting
    KrbException: Cannot get kdc for realm XX.COM
    at sun.security.krb5.KrbKdcReq.send(Unknown Source)
    at sun.security.krb5.Credentials.sendASRequest(Unknown Source)
    at sun.security.krb5.Credentials.acquireTGT(Unknown Source)
    Regards
    Arun

  • Oracle 9I JAAS problem: javax.security.auth.login.LoginException

    I have problem with Oracle 9IAS JAAS. I got "javax.security.auth.login.LoginException: unable to find LoginModule class" no matter where I put the classfile, either on JVM options(-cp), WAR file, or add it on the Web Admin, or manually edit 9iAS's configuration file.
    None works, any one can help, I am using JDK1.3
    I had the same problem on Tomcat, but I solved the problem by put the Class in the the JVM's classpath. But for 9iAS, it just ain't work.
    Thank you for the help

    Bet you have solved this, but
    the right place for jaas related stuff is
    as installed extension i.e:
    jre/lib/ext
    where jaas.jar and jars containing login modules should be located.
    /Kullervo

  • Security related information in SOAP thruough BPEL

    Hi all,
    How to pass the security related information in SOAP(UsernameToken) in BPEL
    thanks
    kalyan

    You can also add the username and password as properties to the invoke .
    open the bpel.xml of your bpel process and the below properties where your partner link is defined
    <property name="wsseHeaders">credentials</property>
    <property name="wsseUsername">YOUR USER</property>
    <property name="wssePassword">YOUR PASSWORD</property>
    As an example check this :
    <partnerLinkBinding name="PartnerLink_1">
    <property name="wsdlLocation">DMSBODServiceRef.wsdl</property>
    <property name="wsseHeaders">credentials</property>
    <property name="wsseUsername">marattu</property>
    <property name="wssePassword">wipro@143</property>
    </partnerLinkBinding>

  • HT1277 Mail keeps asking login credentials for a removed Exchange account

    Removing an Exchange account does not seem to be enough to stop Mail from attempting to connect the Exchange server. Every now and then Mail pops up a dialog prompting for login credentials for an Exchange account I have previously removed. This seems to happen very consistently every time I visit the Accounts tab in Settings.
    My question is: How do I get rid of whatever little data there is left of the removed Exchange account?

    Basically, the fix is to put all your mail passwords in a separate, always-unlocked keychain.
    Here is how to do this:
    1) Open keychain access, go to File -> New Keychain. I named mine Mail. Save it in your keychains folder (default), and give it a password.
    2) Right click the new keychain and select "Change Settings for Keychain". Here, uncheck the "Lock after" and the "Lock when sleeping". The latter can be left on if you don't mind re-typing your password every time your computer goes to sleep (can also be more secure if you don't lock your whole machine when sleeping).
    3) Here is the tricky part: you need to find all your mail keys and drag them into the new keychain. Do a search for your mail host or your login username and you might see a list of keys. It will be flagged as an "Internet password", not web form, and when you click on it it should read "imap://your.web.host.tld/" or pop if you use that, and "smtp://your.web.host.tld/" for your outgoing mail. Just drag them all into your Mail keychain, type in your password and click Accept. The keys will stay on the search screen, but clicking on the Mail keychain will confirm that they are in fact moved.
    4) Now lock your primary keychain (the one in bold) and run a test by checking your mail. If no dialog pops up asking for your keychain password then it was a success!

  • Exchange Sync, Login credentials rejected

    I am constantly getting this message from my exchange account after upgrading to 1.3.1: "Login credentials rejected: update your password".  I go into the preferences and leave the same password it will sync once or twice more before giving me this error.  Any ideas?
    Post relates to: Pre p100eww (Sprint)

    Hello mondaypickle and welcome to the Palm forums.
     I have forward this thread on to the Palm support folks who monitor these forums.
    Alan G

  • Login credentials server with multiple users on 1 Mac

    The situation is a MacBook Pro running Mountain Lion connecting to a Mac Mini.
    The MacBook Pro has 3 users with administrator rights:
    A, B and C.
    When user B is logged in and wants to connect to the Mac mini, the login dialog shows the credentials of user A by default.
    This happens also after a re-start and first login by user B.
    How can I have the system forget the login credentials in the above case so that user B can have the correct default user name in the login window?
    Thanks for your help.

    While logged in as User B, open Keychain Access. Find the password entry for connecting to the mini and delete it.
    Then, try to log in again. User B likely used User A's login info at some point, maybe testing, to connect to the mini, so those credentials were saved in the keychain.

  • Can we set up a forum for Security related issues?

    I know many of us think security is a Windows related issue, but from time to time there are security issues that may come up. I had a question so I looked and couldn't find a forum, so I posted in one of the OS X 10.6 sub forums.
    Thanks!

    I am a co-founder of Calendar of Updates http://www.calendarofupdates.com/updates/index.php?act=idx This is a site that is primarily a Windows based security forum (I switched about 4-5 years ago). Over the years, I've tried to grow the Mac side of our forum, but, as you may know, there is little or no interest in security within the Mac community. For many, the feel security is a Windows issue.
    It's a free site, so don't think I have a vested interest in growing the membership, I'm not an owner, either.
    I just created an *Apple OS X Security Issues* forum http://www.calendarofupdates.com/updates/index.php?showforum=209
    Right now it's an empty forum since it was created 10 minutes ago. Please feel free to join the forum and share security related issues and questions.
    I am not aware of any other forums that deal with OS X security issues
    exclusively, so this forum could be a good place to bookmark and visit from time to time.

Maybe you are looking for

  • Emailing a PDF Form

    Hi everyone, I have created a form using Acrobat Pro XI. The form is viewed in Reader by end users which they can complete and save. At the bottom of the form I have 3 buttons. Save Form, Print Form , Clear Form. They are all working fine. I would no

  • Error iOS 7 ocultar aplicaciones

    Al tratar de mover aplicaciones en mi iPhone 4, a la versión final del iOS 7, se me ha ocultado una aplicación. Sólo puedo abrir esta aplicación por buscador. Lo más probable es que sea un error de la versión final del iOS 7. Solicito me puedan ayuda

  • PO, WBS and SO link

    Hello, I am trying to find a transaction or a table in SAP to link the Sales Orders to the Purchase Order and to the WBS. When a the PO is created in SAP, specific for Intercompany tradings, it automatically generates a WBS in the vendor' side and a

  • Error in the module RSQL accessing the database interface

    I have written the following query. SELECT  a~no          a~hist_no          a~chk_stat          a~chk_date          a~user as chk_user          b~name as chk_by          into corresponding fields of table hist          from zhist as a INNER JOIN zus

  • Urgent    error in output determination

    Hi all I’m getting the errors window TITLE is not defined for form RVORDER01 and error during readingTVBUR (return code 4) pls let me know if u have any inputs.