SETTING UP AUTHENTIFICATION

Similar Messages

• Access to WPC Web Pages by Anonymous Users?

  Hello,
  i want to give anonymous users access to Web Pages that were created with the Web Page Composer.
  In did the following:
  1. create the Web Pages,Site Navigation etc....
  2. edited the permissions of the site: grant anonymous users Read Access.
  3.included the site navigation into the navigation of the anoymous users
  When i access the portal as anonymous users and try to open a Web Page, i get a logon screen for Authentification.
  I think that there is a problem, that i didn't find any way to set the Authentification Scheme for these Web Pages to "Anonymous". This is the way it has to be done with other iViews.
  When i am accessing the page with an authenticated users, i have no problem with displaying the same Web Pages.
  Is there anywhere an attribute i need to set? Or is it currently not supported?
  Regards,
  Marcus
  Message was edited by:
          Marcus Böhm

  1. Configuration in PCD - go to Content Administration -> Portal Content-> Portal Content -> Web Page Composer -> Container iViews -> WPC
  Default Containers. All of the iViews in this location should have the
  "anonymous" authentication scheme. The next location which should be
  checked is Content Administration -> Portal Content -> Portal Content ->Web Page Composer -> iView Templates. Again all of the iViews should
  have the "anonymous" authentication scheme. The same applies to all the
  templates which reside in Content Administration -> Portal Content ->
  Portal Content -> Web Page Composer -> Page Layout Templates. Finally
  check if all the pages which reside in Content Administration -> Portal
  Content -> Portal Content -> Web Page Composer -> Page Layouts have the
  "anonymous" authentication scheme.
  2. Configuration in KM - make sure that all the pages, which should be
  displayed to an anonymous user have in their permissions the Anonymous
  Users Group.
  3. Security zones - if you go to System Administration -> Permissions ->Security Zones -> com.sap.nw.wpc -> wpc -> no_safety and you open the
  permissions of this object, the Anonymous Users group must be added in
  the list.
  If all mentioned objects have their setting as described and you still
  experience problems (e.g. you see a browser dialog window for
  authentication), the reason most probably is, that the KM is not
  configured for anonymous access. A full description of the needed steps
  is provided with note 837898.

• User Accounts Disabled For No Apparent Reason

  We're having something where Entourage users are apparently handing off the incorrect user name and password when logging in to read email and thereby disabling their Apple user account on our mail/webmail OSX server.
  I don't know how to stop the accounts from being disabled, nor do I know when the user has been automatically disabled by the server. We only know when the customer contacts us (which can't be by email).
  This has already cost us some accounts and business.
  Users who are not Windows or who are not using Entourage are having no problem. Since the problem also happens with Mac Entourage users, it may have more to do with Entourage than Windows.
  Anyone know how to set the authentification of OSX Server or Entourage to be more tolerant? We do not have disable login after xx failed attempts selected.

  Are you sure it's isolated to Entourage? Is there any other process/program running? Weather Bug did it for me. It had cached my password then I changed my windows password then my account was disable every time I logged in. Maybe they have an incorrect password stored in their keychain that another program is using.

• Errors connecting from windows

  i try and connect from windows and it gives me this:
  [2006/10/24 21:39:25, 0] pdbods.c:odssamgetsampwnam(2327)
  odssam_getsampwnam: [0]getsam_recordattributes dsRecTypeStandard:Users no account for 'XXXX'!
  funny thing is, if i connect using ADMIN and enter propper password, it works fine
  it seems windows is trying to autofill the username (that is logged into windows) in the XXX field, and it doesn't match the server's account name.
  thanks in advance!!

  We're having something similar to this where Entourage users are apparently handing off the incorrect user name and password and thereby disabling their Apple user account on our mail/webmail OSX server.
  I don't know how to stop the accounts from being disabled, nor do I know when the user has been automatically disabled by the server. We only know when the customer contacts us (which can't be by email).
  This has already cost us some accounts and business.
  Users who are not Windows or who are not using Entourage are having no problem. Since the problem also happens with Mac Entourage users, it may have more to do with Entourage than Windows.
  Anyone know how to set the authentification of OSX or Entourage to be more friendly?

• SM59, HTTPs: How to set up certificate based authentification

  We have some HTTP connections configured using SM59.
  These are all Type = G, Using HTTPs and Basic-Authentification.
  Typically we are generating in Trx STRUST a new Client-PSE and upload the public-certificate of the partner there. After that, configurating SM59 is pretty much straigt forward.
  But now, we have to configure certificate based authentification.
  I did it pretty much the same:
  Configured new entry in STRUST and uploaded the public key of the https-server there:
  Now we have to send our client-cerficate to the web-server.
  We thought, the "own certificate" showed in the STRUST will be the right:
  all this worked fine, our partner accepted our certificates.
  But when trying to establish a connection using SM59 nothing worked:
  We had choosen "no authentification" because the other point just creates basic-auth.
  When trying to connect to the server, we got an error:
  So, is it possible to connect via SM59 to a server and using certificate-authentification? Or does SM59 not support that?
  Thanks for your help,
  cu
  REne

  Hi Rene,
  You need to search through the ICM trace file (dev_icm) in order to find more detail about the ICM_HTTP_SSL_ERROR. There you should see what exactly went wrong during the SSL hand shake.
  Best,
  Tobias

• How to set up a HP1102w for wireless use with iPad/Iphone etc

  Hi,
  I purchased the HP P1102w last year and it's certainly not out of the box Airprint compatible, in fact it is very fiddly, but the following takes about 10 minutes using a mac. The besuty of this is it works with my BT homehub also and probably any wireless router including Airport Express and Extreme and no need to have your printer sat near the router or use the USB cable. My iPad3, Wife's iPad2 and both iPhone 4's work beautifully too.
  I spent several hours before discovering this solution and eventually sorted all of this out using the following:
  Firstly you will need to go to the HP Support site and download the HP Driver Software for OS 10.7 Here:
  http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=bi-80684-5 &cc=uk&dlc=en&lc=en&os=219&product=4110396&sw_lang=
  Once this has been installed to the HP 1102w using the USB, you then disconnect the printer from the USB and using your MAC connect to it using Network Connections (Click on the Wireless Icon in the task bar). The printer should be listed here under 'devices', (Note this will disconnect you from the internet!!!).
  Once you are connected directly and wirelessly to the printer the blue light should stop flashing and remain constantly blue!!!
  At this point go and make a cup of tea or leave the printer for about 3 -5 minutes before the next step to allow the printer to initiaite and provide and IP Address.
  Next stage is to print a 'Self Test / Device Configuration' sheet from the printer. Do this by holding the red X button until the green light flashes on the printer (About 10 secs), when you release the printer should print a page with two columns on. The right hand column should state an IP Address. (if the printer is 'not connected' or 'initiating' try again in a few minutes. If the IP Address is 0.0.0.0 then the printer is not connected and recheck the blue light is not flashing (it should be permanently lit).
  Now you have the IP Address, open safari and type in the IP Address eg.... 192.254.1.87 with no http or www. just the plain IP Address.
  This should then open the control pages for the HP Printer Set up. These are green and white web pages.
  Go to the Networking Tab (Nearly there, promise)....  Click on 'Wireless' on the left hand menu and then in the new page that opens do the following:
  Change from 'AdHoc' to 'Infrastructure'
  In the next section 'Network Name (SSID)' - the name will be the HP name.... in the available network box select your home network and then press the little box that looks like this --  [<<]..... this should then change the 'current network name (SSID) to your home network (If your network is not listed just use the refresh button).
  Last stage is to change the 'Authentification'
  Change this to WPA/WPA2 (or other if your router is set otherwise) and in the 'passphrase' box enter the security password for your router and then finally save the changes....
  After this all you then need to do is go to settings on your Mac - Printer and Faxes and remove the HP 1102w from the list using the - sign. Then click the + button to add a new printer and hey presto you will find the HP1102w with Bonjour.... simply add and then you can print from your Mac, Ipad and Iphone with no further tinkering....
  I really hope this helps and you don't get as stressed as I did....
  Happy printing...
  Steve
  ps. Why couldn't HP just tell you this!!!!!!

  Hi pctiger92!
  The WRVS4400N is now being handled by the Cisco Small Business Support Community.
  For discussions about this product, please go here.

• Authentification does not appear

  Dear all,
  have set up the trial version of flash access 2.0. But at the ent I run into a problem: The media I stream into the player does not have an authentification mask. First of all the facts:
  1.) I set up the the REferencimplementation of the license Server - works fine and http://ip.adress.com/flashaccess/license/v1 says License Server is setup correctly
  2.) I created a file test_pol according to the document "protect Content.pdf"
  3.) I packaged a file (xyz.f4v) file with the command line packager.
  4) Now I trying to stream the packaged version (xyz_pack.f4v ) via our web application and the OSMF-Player.
  5.) It is buffering ... and buffering ... and buffering - noithing else happens, but the file is only 5 seconds, so that can't be it.
  6.) The only indication that I have is, that it says in the AdobeFlashAccess.log that the Packager Thread is not started because it doesn't find the *.pfx file.
  - Fisrt of all I do not understand that,cause the path it is looking at the file is there!
  - second I thought the license server is fine since it gaves the right message (according to 1.)
  7.) The setup is based on an earlier trial setup with an older certificate. I needed to reactivate the certificate because it wasn't valid anymore and actually just rebuild the certificates and changed them.
  Is there any log file I need to have a look to. What else could be the reason for that?
  Thans for any help!!
  A

  Dear Wang,
  thanks a lot for your input!
  Here my answers to your questions:
  - Have you ever played any encrypted content on your computer?
  => Yes I did with the older certificates
  If not, please try to play the default content in http://drmtest.adobe.com/SVP/SampleVideoPlayer_FP.html and see what happens. Please remember to check the "show DRM events" check box.
  => I tried that. It didn't play and it said in the messagebox for the events:
  What does that mean?
  BTW, are you using Flash Player? If yes, what is the version number of it?
  => Yes I am using Flashplayer, I have version 10,1,53,64
  I am looking forward to your help!
  Thanks
  Alex

• Need help setting up VPN with OS X Server 2.2

  I just bought OS X Server in the hopes that it would be a simpler way to set up VPN for use with my iPhone.  I've tried a couple third party VPN configuration tools before with older versions of OSX but was never able to get it working.  Now I'm running 10.8.2 and Server 2.2.  I've made some progress, but I'm not quite there yet.
  Here's what I have set up in the VPN window:
  And the user I created:
  The User services show that VPN is selected:
  I let the Server app configure my Airport Extreme, and it looks like it set up the port mapping:
  Here are my iPhone settings
  -Server is set to my iMac's public IP address assigned by my ISP
  -Password is the password I gave the user account
  When I turn the VPN on in the iPhone I get:
  "Connecting..."
  "Starting..."
  "Authenticating..."
  then an error:
  "VPN Connection
  Authentification failed."
  What am I missing?
  Thanks,
  Sean

  Hi,
  1701
  UDP
  L2TP
  l2f
  Mac OS X Server VPN service
  1723
  TCP
  PPTP
  pptp
  Mac OS X Server VPN service
  Try L2TP

• Slim authentification

  Slim authentification doesn't work for me. After entering the password,
  it goes back and prompts me for the username again. This happens for
  the right username/password combination, as well as for wrong passwords
  and/or users.
  I start slim in deamon mode. X itself works, when i start it with startx.
  Another issue: when i try to preview the slim themes as suggested in the
  wiki with
  $ slim -p /usr/share/slim/themes/<theme name>
  i get the following error:
  slim: could not open display ':0.0'
  No X server is running at this point.

  There we go.
  .xinitrc:
  #!/bin/sh
  # ~/.xinitrc
  # Executed by startx (run your window manager from here)
  # exec gnome-session
  # exec startkde
  # exec startxfce4
  # ...or the Window Manager of your choice
  exec awesome
  and slim.conf:
  # Path, X server and arguments (if needed)
  # Note: -xauth $authfile is automatically appended
  default_path ./:/bin:/usr/bin:/usr/local/bin
  default_xserver /usr/bin/X
  xserver_arguments -nolisten tcp vt07
  # Commands for halt, login, etc.
  halt_cmd /sbin/shutdown -h now
  reboot_cmd /sbin/shutdown -r now
  console_cmd /usr/bin/xterm -C -fg white -bg black +sb -T "Console login" -e /bin/sh -c "/bin/cat /etc/issue; exec /bin/login"
  #suspend_cmd /usr/sbin/suspend
  # Full path to the xauth binary
  xauth_path /usr/bin/xauth
  # Xauth file for server
  authfile /var/run/slim.auth
  # Activate numlock when slim starts. Valid values: on|off
  # numlock on
  # Hide the mouse cursor (note: does not work with some WMs).
  # Valid values: true|false
  # hidecursor false
  # This command is executed after a succesful login.
  # you can place the %session and %theme variables
  # to handle launching of specific commands in .xinitrc
  # depending of chosen session and slim theme
  # NOTE: if your system does not have bash you need
  # to adjust the command according to your preferred shell,
  # i.e. for freebsd use:
  # login_cmd exec /bin/sh - ~/.xinitrc %session
  login_cmd exec /bin/bash -login ~/.xinitrc %session
  # Commands executed when starting and exiting a session.
  # They can be used for registering a X11 session with
  # sessreg. You can use the %user variable
  # sessionstart_cmd some command
  # sessionstop_cmd some command
  # Start in daemon mode. Valid values: yes | no
  # Note that this can be overriden by the command line
  # options "-d" and "-nodaemon"
  # daemon yes
  # Available sessions (first one is the default).
  # The current chosen session name is replaced in the login_cmd
  # above, so your login command can handle different sessions.
  # see the xinitrc.sample file shipped with slim sources
  sessions awesome
  # Executed when pressing F11 (requires imagemagick)
  screenshot_cmd import -window root /slim.png
  # welcome message. Available variables: %host, %domain
  welcome_msg Welcome to %host
  # Session message. Prepended to the session name when pressing F1
  # session_msg Session:
  # shutdown / reboot messages
  shutdown_msg The system is halting...
  reboot_msg The system is rebooting...
  # default user, leave blank or remove this line
  # for avoid pre-loading the username.
  #default_user simone
  # Focus the password field on start when default_user is set
  # Set to "yes" to enable this feature
  #focus_password no
  # Automatically login the default user (without entering
  # the password. Set to "yes" to enable this feature
  #auto_login no
  # current theme, use comma separated list to specify a set to
  # randomly choose from
  current_theme archlinux-simplyblack
  # Lock file
  lockfile /var/lock/slim.lock
  # Log file
  logfile /var/log/slim.log

• How to set a Swing component as Modal window on a SWT Component.?

  How to set a Swing component as Modal on a SWT Component.I mean, I have a window (SWT Container) with some menu items.
  When I click on one menu item then i will get one new Swing Window.
  When creating the new frame I had passed Modal value as TRUE in the constructer.Now child is not behaving as Modal Window.I mean I am able to go to parent window even though the child window is opened as a Modal Window.This is only happened when I double click on the Title Bar of the Parent Window.
  If I try to click on any other part of the Parent Window except Title bar ... the child window is working as a Modal Window.
  Can any one suggest me to solve this one !!

  int this case, do this :
  JFrame f = new JFrame("Authentification");
  f.getContentPane().setLayout(new BorderLayout());
  f.getContentPane().add(myJPanel, BorderLayout.CENTER);
  f.setBounds(x,y,w,h);
  f.setVisible(true);
  Where myJPanel is the Panel you developped.

• After disabling Autolock and trying to disable Passcode Authentification, iPad continues to ask for a passcode, but old passcode not accepted

  I wanted to turn off Autolock and Passcode Authentification.
  I set Autolock to "never."
  Then, I set Autolock after Replacing Smart Cover to "off."
  Finally, I tried to turn off Passcode Authentification. My iPad asked for my passcode. I entered it, but my iPad wouln't take it and asked me to re-enter it; perhaps my finger had slipped. So I entered my passcode again -- and this time correctly, I'm nearly certain. Still my iPad wouldn't take it and asked me to re-enter it.
  Not thinking I could have changed my passcode (and how could I have if, according my iPad, I never entered my old one correctly?), I let my iPad go into Sleep mode and returned to work on something else.
  And now I can't unlock my iPad. I put in my passcode, and the thing won't take it. Disabled for 60 minutes at this point.

  Hmm, I did receive an email saying that the thread was deleted, but did not explain why for some reason. It sounds like the Level 7 guy caused this. I will call Apple tomorrow to find out who is responsible. And see if I can lodge a complaint against that user. Maybe it was because of what the Level 7 guy was saying.
  There was useful information posted in that threat that addressed the issue that I am experiencing. I will try to reiterate from the apple website, it says.
  Recovery mode
  If you've never synced your device with iTunes, or haven't set up Find My iPhone, you'll need to put your device in recovery mode. Then you'll restore your device as new or from a backup.
  This will erase the device and its passcode.
  Disconnect all cables from your device.
  Hold down the Sleep/Wake button, then "slide to power off" to turn off your device.
  Press and hold the Home button and plug the device into your computer. If your device doesn't turn on automatically, turn it on. Don't release the Home button.
  Continue holding the Home button until you see the Connect to iTunes screen.
  If iTunes doesn't open automatically, open it. iTunes will alert you that it has detected a device in recovery mode.
  Click OK. Then restore the device.
  If your device doesn't go into recovery mode, try steps 1–4 again.
  They suggested that I try this over again until it works. It did not work for me the first time.

• How do i set up 2-factor authentication security?

  How do I set up the two-factor authentification security on my Apple products - MacBook Pro, iPad 2, iPhone s4?
  thank you.

  Apple only has 2 Factor for your AppleID.  You can read about that here. http://support.apple.com/kb/ht5570
  If you want 2 Factor login for your Mac, you can try Securikey (http://www.securikey.com)  Or just for added protection, you can enable FileVault 2 (http://support.apple.com/kb/ht4790)

• Authentification ldap,pam.d on solaris 11

  Hi,
  I tested ldap authentification on Solaris 11 and I didn't succeed in ssh connection.
  I succeed in viewing ldap users (getent passwd) and i modified /etc/pam.d/login other and passwd
  with "auth required pam_ldap

  Hi,
  Try to change the following two files: /etc/pam.d/login and /etc/pam.d/other
  Change the line that states:
  auth required    
  pam_unix_auth.so.1
  to
  auth binding      
  pam_unix_auth.so.1 server_policy
  auth required     
  pam_ldap.so.1
  Did you also checked the attributemapping for the LDAP client?
  svccfg -s network/ldap/client setprop config/attribute_map= astring: '("shadow:homeDirectory=unixHomeDirectory" "shadow:description=distinguishedName" "shadow:uid=samaccountname" "shadow:gidnumber=primaryGroupID" "shadow:uidnumber=uidNumber" "shadow:gecos=displayName" "passwd:homeDirectory=unixHomeDirectory" "passwd:description=distinguishedName" "passwd:uid=samaccountname" "passwd:gidnumber=primaryGroupID" "passwd:uidnumber=uidNumber" "passwd:gecos=displayName")'
  svccfg -s network/ldap/client setprop config/objectclass_map= astring: '("group:posixGroup=group" "shadow:shadowAccount=person" "shadow:posixAccount=user" "passwd:shadowAccount=person" "passwd:posixAccount=user")'
  what does getent passwd username say? Does it return all the necessary fields (uid, gid etc.)?
  While configuring the LDAP client to point to our Microsoft AD I use the AD property uidNumber which I manually set to the last part of the objectSID property to keep it unique within the domain.
  Kind regards,
  Lambert

• SCCM Internet Based Client Management Client authentification certificate on untrusted forest

  Hi everybody,
  I'm installing a IBCM server of SCCM 2012 and i'm facing a problem related the client authentification certificate. My DMZ server is in another domain of the primary site and the is only a one way trusted between. I'm not able to push the
  client authentification certificate using GPO. Is there a way to get the that certificate?
  Thanks for your help.
  Guillaume

  First, there's no single client auth cert. Each client must have its own unique client auth cert.
  Next, issuing certs to a system can be done in many different ways including the web portal, AD auto-enrollment, and the command-line. In this case, AD auto-enrollment can work if you've set up cross-forest support in your PKI. That is nothing done by default
  though and is something you need to configure. You can certainly use one of the other methods however.
  I highly recommend you engage a more knowledgeable PKI resource though because doing PKI right is not easy.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• SP2013 - ADFS Authentification fails

  Hi there,
  for testing purposes I have set up a sharepoint farm with one sp2013-server, sql 2008R2 and one hostnamed web-application. I have also set up a new certification authority and an adfs-server, both based on windows 2012 r2.
  After setting up sharepoint I created a new authentification provider like this:
  http://technet.microsoft.com/de-de/library/hh305235%28v=office.15%29.aspx
  But after switching my web app to adfs authentification fails with error messages like this:
  error id 364:  
  Exception details: 
  Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '11' seconds. Contact your administrator for details.
  Chrome shows me the ADFS landing page with "an error has occured", but IE just brings up a basic authentification and after entering credentials I see "webpage not found".
  What I did:
  Rechecked my whole config
  Checked the thumbprint of the certificates
  $sts = Get-SPSecurityTokenServiceConfig
  $sts.LogonTokenCacheExpirationWindow = (New-TimeSpan –minutes 1)
  $sts.Update()
  Iisreset
  Verified the time - is ok
  Now I am out of ideas ... can somebody please help me?
  Thanks
  Marcel

  Strange - idpinitiatedsignon.aspx works on chrome and bringt the forms logon - I can log on
  Same URL in IE opens the adfs-page, when I click "login" I see a windows security-window for credentials (guess basic authentification)
  - after entering I get http 400. 
  So I disabled "windows authentification" in my global authentification settings on "intranet" and enabled forms -
  then the login works everywhere but I have to enter credentials manually.
  Switched back to windows auth - doesn't work on the sharepoint-server but works on the adfs-server itself.