Setup OID authenticated users for DB user globally identified users.

Similar Messages

• Want to create a Read Only user for a given app owner user

  Hi Folks,
  We have an application owner schema, lets call it OWNER, which has different objects living under it.
  Now, for certain reasons, the app group wants a read only user which should be able to view objects living only in OWNER. It would only be able to read things, and have no create or alter types of priv to be able to change anything.
  The first idea was to create a new user (e.g. RO) and give this explicit grants (select only) for all objects in OWNER. Though this works, is a maintenance havoc, since everytime there is a new object in OWNER, you have to remember to give explicit grants to all RO (or RW ) kind of users.
  What i am looking forward to is, some sort of privilege or role concept that apply on the user level, and not on object level. something that allows me to say, all objects of this schema (e.g. OWNER) are visible to user RO. Other restrictions on RO would control read or write behaviour.
  Does this thing exist ? please point me to the documentation/example..
  regards
  raghav..

  CREATE OR REPLACE TRIGGER myTest.trg_mytest
  AFTER DDL
  ON myTest.SCHEMA
  DECLARE
       lv_obj_type VARCHAR2(20) := TRIM(UPPER(ora_dict_obj_type));
       lv_evt_type VARCHAR(20)      := TRIM(UPPER(ora_sysevent));
       lv_obj_name     VARCHAR2(30) := trim(UPPER(ora_dict_obj_name));
       lv_role_name     VARCHAR2(30) := 'myTest_RO';
       lv_stmt          VARCHAR2(4000) := NULL;
       ln_job_nr     NUMBER;
  BEGIN
       IF lv_evt_type != 'GRANT' --lv_obj_type <> 'OBJECT PRIVILEGE' --
       THEN
            DBMS_JOB.SUBMIT(ln_job_nr,'begin execute immediate ''grant ' || ' select on ' ||
                                     lv_obj_name || ' to ' || lv_role_name || '''; END;');
       END IF;
     INSERT INTO TB_EVT_LOG(d_date, description)
     VALUES(SYSDATE,  lv_obj_name || '~~~~ created ' || lv_obj_type || '~~~~' || lv_evt_type );
     EXCEPTION
       WHEN OTHERS THEN
         RAISE;
  END trg_mytest;
  /This works. But, my problem is that it is not able to filter out the Grant statement itself, Its logging an entry for the grant (as a ddl operation as well).
  what am I doing wrong here ?
  regards
  raghav..

• Set default value for people picker only when user checks a checkbox (Sharepoint 2010)

  The javescript in below link works for me.
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/2b130f64-3db2-484a-9a53-ccbe18d2c5de/set-default-value-for-people-picker-in-list-template-current-user?forum=sharepointgenerallegacy
  However, I'd like to set default user for people picker only when user checks a checkbox. 
  I am new to  development. Could you please help me on this requirement ?
  Thank you very much. 

  Hello,
  Use this link to to validate checkbox value, if true then set the person or group value (i.e. as posted in your link).
  http://geekswithblogs.net/haniamr/archive/2011/03/10/validate-that-a-checkbox-is-checked-using-javascript.aspx
  Hope it could help
  Hemendra:Yesterday is just a memory,Tomorrow we may never see
  Please remember to mark the replies as answers if they help and unmark them if they provide no help

• [svn] 1754: Add more authentication tests for different channels.

  Revision: 1754
  Author: [email protected]
  Date: 2008-05-15 14:43:20 -0700 (Thu, 15 May 2008)
  Log Message:
  Add more authentication tests for different channels. Fix a couple timing issues in the tests. Some tests were calling logout() and not waiting before running the next test which was failing in some cases.
  Modified Paths:
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/polling-amf/JMSAuthProSendTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/polling-amf/MessagingAuthenticationTest.mxml
  Added Paths:
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/polling-http/
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/polling-http/JMSAuthConSubscribeTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/polling-http/JMSAuthProSendTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/polling-http/JMSAuthSendSubscribeConstraintTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/polling-http/MessagingAuthConSubscribeTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/polling-http/MessagingAuthProSendTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/polling-http/MessagingAuthSendSubscribeConstraintTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/polling-http/MessagingAuthenticationTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/polling-http/MessagingAuthenticationTest2.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/polling-http/MultiTopicMessagingAuthConSubscribeTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-amf/
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-amf/JMSAuthConSubscribeTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-amf/JMSAuthProSendTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-amf/JMSAuthSendSubscribeConstraintTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-amf/MessagingAuthConSubscribeTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-amf/MessagingAuthProSendTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-amf/MessagingAuthSendSubscribeConstraintTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-amf/MessagingAuthenticationTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-amf/MessagingAuthenticationTest2.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-amf/MultiTopicMessagingAuthConSubscribeTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-http/
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-http/JMSAuthConSubscribeTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-http/JMSAuthProSendTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-http/JMSAuthSendSubscribeConstraintTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-http/MessagingAuthConSubscribeTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-http/MessagingAuthProSendTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-http/MessagingAuthSendSubscribeConstraintTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-http/MessagingAuthenticationTest.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-http/MessagingAuthenticationTest2.mxml
  blazeds/branches/3.0.x/qa/apps/qa-regress/testsuites/mxunit/tests/messagingService/securi ty/streaming-http/MultiTopicMessagingAuthConSubscribeTest.mxml

  Hello Emil,
    Thank you for your response.
  We have SAP PI 7.11 and we did get it to work with SPNego (Kerberos token) for an SSO interface from a .Net web client using an ActiveDirectory User. It was NOT an easy task, but it worked.
  The problem we are facing is that when we setup the Authentication Stack for the XISOAPAdapter component in the NWA as instructed by SAP to support BASIC Auth AND SPNego, the old .Net clients that do not FORCE the Basic Auth try to connect with an NTLM Token (and this doesn't work)
  After their first request they receive a response from PI with:
  www-authenticate: Basic realm="XISOAPApps"
  www-authenticate: Negotiate
  Then they choose to send NTLM Token instead of the Basic. This very simple to fix, by forcing the .Net client to send Basic or Kerberos. But we can not change the client side as they are in production env. for some time now, and we have over 200 interfaces with several applications, the impact is quite big...if you know what I mean...
  So I thought that maybe it was possible to do some Z XISOAPAdapter component parallel to the original and have two different Auth Stacks.
  We have opened an OSS with SAP and we are exchanging msgs for some time now. I'll let you all know how this ended...
  Regards.
  PS: Would be great to read Michal Krawczyk thoughts on this topic ! thx !

• How to setup database user for windows NT SSO

  Hi,
  We have a scenario where we have to setup a database user so that SSO can be worked in windows environment.
  We have oracle 10g installed on UNIX server. Now we want to setup a autosys user which will also be a winows user for eg by the name kumaral and domain (which is Logon option in windows) will be FM, so eventually user name will be FM\kumaral. Autosys will be on windows machine and we have installed oracle client on this machine.
  On oracle database we have created two user by following syntax:
  (1) CREATE USER "OPS$FM\KUMARAL" IDENTIFIED EXTERNALLY;
  (2) CREATE USER "OPS$FM\kumaral" IDENTIFIED EXTERNALLY;
  Also we have provided connect grant to these users.
  GRANT CONNECT TO "OPS$FM\KUMARAL".
  GRANT CONNECT TO "OPS$FM\kumaral".
  I am login in windows through FM\kumaral user, but we are not able to connect to oracle through this user, we are trying to connect to oracle from below mentioned query:
  sqlplus /
  but we are not able to connect.
  Can someone please help me on this?
  Thanks in Advance.
  Amit.

  Check MOS note :
  WIN: Setup O/S Authentication [ID 60634.1]
  Regards
  Rajesh

• NoMachine(freenx) Authentication failed for user (MYUSERNAME)

  Hi all,
  I have quite a few experience with freenx on other linux distributions, but this is my first time setting up freenx on archlinux. After following the instructions in the wiki, authentication keeps failing no matter what I do.
  Stuff I've done from the wiki:
  1. install freenx
  2. add RSAAuthentication yes AllowUsers someuser nx to sshd_config
  3. add md5sum to node.conf
  4. pacman -S xdialog xterm
  5. run "/usr/bin/nxsetup --install --setup-nomachine-key"
  6. modify /etc/nxserver/node.conf so that "USER_X_STARTUP_SCRIPT=.xinitrc"
  7. pick the right configurations when connecting to my server
  I have "exec startxfce4" in .xinitrc.
  It always goes up to "Waiting for authentication" and then "Authentication failed for user (MYUSERNAME)" pops up. I think it should not be a XFCE issue since authentication itself didn't even pass. I assume if it is a X window problem, what I would get is something like a blank screen.
  I'm using public key, so I didn't really copy anything from the server to my client.
  I couldn't think of a second reason why this wouldn't work. Is there any thing obvious that I missed? (If so, please move this thread to the newbie corner. lol)
  Any thoughts would be highly appreciated.
  Thanks
  Aweather

  Hi,
  I did update the password in the properties file but still I get the error
  BUILD FAILED
  C:\product\10.1.3.1\OracleAS_1\bpel\samples\utils\CreditRatingService\build.xml:
  79: Authentication failed for user "oc4jadmin" on host
  I am able to deploy from JDEV. and could configure as per documentation
  Thanks in advance,
  Anand
  I had to update the <OH>/bpel/utilities/ant-orabpel.properties file for the password and now I can deploy successfully...information was there in the readme file...
  Anand
  Message was edited by:
  AnandP

• Getting mail authentication errors for outlook user sending mail

  When Outlook 2010 user attempts to use port 587 to send mail (to himself at this point), we see the following in the server logs:
  (User in question can attach to file shares on the same server just fine from his Windows laptop)
  Outlook config for outbound server is "port: 587, encryption TLS"
  When we connect, we get "connection interrupted by server"
  Tried other encryption methods - outlook 2010 states that server does not support the other methods (None, SSL)
  SMTPD Logs
  Jul 29 22:22:58 <servername>.l-n-l.com postfix/smtpd[2306]: connect from <Outlook Client Name>[<Outlook ClientAddr>]
  Jul 29 22:22:58 <servername>.l-n-l.com postfix/smtpd[2306]: error: validate response: error: Authentication server failed to complete the requested operation.
  Jul 29 22:22:58 <servername>.l-n-l.com postfix/smtpd[2306]: error: validate response: authentication failed for user=colin (method=DIGEST-MD5)
  Jul 29 22:22:58 <servername>.l-n-l.com postfix/master[1407]: warning: process /usr/libexec/postfix/smtpd pid 2306 killed by signal 6
  Jul 29 22:22:58 <servername>.l-n-l.com postfix/master[1407]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
  Jul 29 22:24:12 <servername>.l-n-l.com postfix/smtpd[2270]: timeout after END-OF-MESSAGE from localhost[127.0.0.1]
  Jul 29 22:24:12 <servername>.l-n-l.com postfix/smtpd[2270]: disconnect from localhost[127.0.0.1]
  Meanwhile: Mac clients are able to connect to smptd submission port to send mail with no problems. Based on what the logs say, it appears that the Mac mail is using a different authentication mechanism.
  Client config for outbound server is "use custom port: 587, Use SSL:Checked, Authentication: MD5 Challenge-Response"
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/smtpd[2261]: connect from <Mac Client Name>[<MacClientAddr>]
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/smtpd[2261]: 721FCEC991: client=<Mac Client Name>[<MacClientAddr>], sasl_method=CRAM-MD5, sasl_username=<username>@l-n-l.com
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/cleanup[2267]: 721FCEC991: message-id=<[email protected]>
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/qmgr[1800]: 721FCEC991: from=<[email protected]>, size=573, nrcpt=1 (queue active)
  Jul 29 22:19:12 <servername>.l-n-l.compostfix/smtpd[2270]: connect from localhost[127.0.0.1]
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/smtpd[2270]: E722AEC9A0: client=localhost[127.0.0.1]
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/cleanup[2267]: E722AEC9A0: message-id=<[email protected]>
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/qmgr[1800]: E722AEC9A0: from=<[email protected]>, size=994, nrcpt=1 (queue active)
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/smtp[2268]: 721FCEC991: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.55, delays=0.06/0.01/0.01/0.48, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E722AEC9A0)
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/qmgr[1800]: 721FCEC991: removed
  Jul 29 22:19:13 <servername>.l-n-l.com postfix/pipe[2273]: E722AEC9A0: to=<[email protected]>, relay=dovecot, delay=0.13, delays=0/0.01/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
  Jul 29 22:19:13 <servername>.l-n-l.com postfix/qmgr[1800]: E722AEC9A0: removed
  Jul 29 22:20:12 <servername>.l-n-l.com postfix/smtpd[2261]: disconnect from <Mac Client Name>[<MacClientAddr>]
  Running OS X 10.8.4 with Server 2.2.1.
  Any thoughts on what I need to do to make OSX Server mail play nice with Outlook over the submission port?
  Thanks in advance!!

  Ok - so I think I have it almost all sussed. So for all 3 of you who might be reading this, here is what is going on.
  1) As I expected, this has nothing to do with the FQDN/Outlook problem. I actually rejoiced when I finally got far enough to have that problem with my Outlook 2007 and 2010 clients. And I don't like the recommended fix for that either. There is another way - more on that in a minute.
  2) This problem was all about authentication methods. At present, I have OS X Mail Server set for plain text and APOP only. I will be working to fix this soon - but at present I am unable to find any other combination that permits both Mac Mail and Outlook clients to authenticate properly. Mac Mail wants to use CRAM-MD5 by default. Outlook is so incompatible with CRAM-MD5 that even when there are other authentication methods available on the mail server, if CRAM-MD5 is selected on the Server then Outlook fails miserably no matter how you configure the Outlook client. Caveat: this is my own observation and I still have some experimenting to do. If you know otherwise (or can confirm more definitively), then please speak up!
  So here is the working configuration at present:
     A) Mail Server authentication set to Custom with PlainText and APOP selected, all others blank.
     B) Firewall permits inbound from ports 25 (for mail from "outside"), 587 (submission for authenticated users, TLS) 993 (SSL IMAP), and 995 (SSL POP).
     C) Mac POP Clients:
        i) For retrieval (POP) In advanced settings, use Port 995, Check "Use SSL", Select APOP for authentication.
        ii) For submission (SMTP) : Set port 587 (only), Set Authentication to "Password"
      D) Outlook 2007,2010,2013 clients
         i) For retrieval (POP), Set "Require secure logon using SPA"
        ii) In "More Settings/Outgoing Server" set it to require authentication with same credentials as inbound
       iii) In "More Settings/Advanced"
           a) Turn on Encryption for the POP3, this should change the port to 995 automatically. If it does not, fix that too.
           b) Set outgoing server to 587
           c) Set TLS for the encryption type (nothing else will work here)
  Once you do 2.A, 2.B, 2.D, you will THEN, finally encounter the FQDN problem.
  3) So Apple and a lot of folks here in the forums resolve the FQDN problem by removing one of the restrictions:
      Remove "reject_non_fqdn_helo_hostname" from "smtpd_helo_restrictions" in your postfix main.cf file.
  I have at least 2 problems with this:
     A) It removes yet another little bit of security from the setup
     B) It involves non-GUI changes to the config...which is dangerous if you use the GUI, as changes within the GUI will often result in overwrites to your changes outside the GUI. So you can easily lose this fix without being aware of it until one of your Outlook users starts screaming.
  The problem is really with Outlook and Windows not sending the FQDN in the first place. So how about we force them to do that instead? It turns out not to be too hard. I found a thread somewhere that goes into this and it works. Further, the solution remains on through reboots AND also can be made part of an automated deployment of a standard config. The only gotcha is you have to edit the registry...so you have to be careful. You only need to do this ONCE though, and the two entries are easy to find.
    C) Under HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/Tcpip/Parameters
         i) Set Hostname to the FQDN of your host (replace HOST with HOST.domain.com - or .net, or whatever)
        ii) Set NV Hostname to the FQDN of your host
        iii) Close Regedit and Reboot to have the changes take effect
  Once you do this, the FQDN problem for Outlook users goes away.
  So I am looking for suggestions to make the SMTP submission more secure. Aside from that, things are working - and I have had to make ZERO changes to config files outside of the Server GUI - a plus as far as I am concerned.

• URGENT help required : Custom Authentication Plugin for validation of users

  Hi Experts.
  I'm a newbie and am stuck in middle of nowhere.
  I have been asked to develop a custom authentication plug-in which would validate a user using the attributes such as a userid and a shared-userid.
  shared-userid is just a custom id that would be generated on the basis of some logic.
  Currently I'm using OAM 10.1.4.3.0 on WINDOWS server and as everybody, I'm also not able to find any sample files or sample folder structure.
  As per one of the other threads https://forums.oracle.com/forums/thread.jspa?messageID=3838474, sample code and sample folders are removed from this particular version and were present in some previous version.
  So, can anyone please help me out with the following:
  1. How can I proceed to accomplish this task, i.e. to check whether a user-id and a shared-userid both are validated and a user is granted access.
  2. Are all of these files required to create a custom authentication plug-in or can we proceed only with the ".c" file (i.e. make file, authn.c, and a dll file made using the make file and .c file)
  3. Can anybody provide me with a sample file or a sample code written in "C" wherein the plug-in connects to the LDAP and searches for a particular dn for comparison or something. Also a sample make file for windows to convert the .c file to .dll.
  PLEASEEEE help me ASAP.
  Regards
  Edited by: 805912 on Nov 15, 2011 7:18 PM

  Hi,
  Regarding question 2, you also need the header file is supplied in the Access Server installation directory, under ...access\oblix\sdk\authn_api and is called authn_api.h. you need this to build the dll which must then be placed in the Access Server's ...\access\oblix\lib directory.
  Regarding question 3, if you install an earlier version of the Access Server, ie 10.1.4.2 or less, then you will get a \access\oblix\sdk\authentication\samples\authn_api directory that contains a basic sample authentication plugin. However, there is still documented in the 10.1.4.3 Developer Guide another sample plugin, simplapi.c, in the 10.1.4.3 Developer Guide with instructions on how to use it. It does work, but unfortunately requires a couple of edits to get it working after copy&pasting it (no code changes, just fairly obvious case changes eg changing ObanPlugin* to ObAnPlugin*). I used the following commands to get it to compile into a .so file on unix:
  g++44 -c -fPIC -Wno-deprecated -m32 simpleapi.c
  g++44 -shared -nostdlib -lc -m32 simpleapi.o -o simpleapi.so
  but I really would not know if or how these translate into a Windows environment.
  Regards,
  Colin
  Edited by: ColinPurdon on Nov 15, 2011 2:50 PM

• SharePoint Designer workflow gives Claims Authentication error for some users. Problem getting output claims identity. The specified user or domain group was not found.

  We have a SharePoint Enterprise 2013 system at RTM level.  We've installed Workflow Manager 1.0 by following the steps at
  http://technet.microsoft.com/en-us/library/jj658588.aspx.  For the final step of Validating the Installation we created a simple list-level workflow and verified that the workflow
  is invoked successfully.  This is working successfully, but only for a single user.  If other users in the same site collection try to invoke the workflow on this same list we get the ULS Log Error:
  Claims Authentication          af3zp Unexpected STS Call Claims Saml: Problem getting output claims identity. Exception: 'Microsoft.SharePoint.SPException: The specified user or domain group was not found. --->
  System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
  followed by:
  Failed to issue new security token. Exception: Microsoft.SharePoint.SPException: The specified user or domain group was not found. ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
  (as details below).
  All accounts that are attempting to use the Test Workflow (both working and non-working user accounts) are valid AD accounts and are included in the User Profile Sync that runs nightly.  All have Contribute or Design permission level (and for testing,
  Full Control). 
  What could cause the Claims Authentication to fail when certain users attempt to launch the workflow?
  Thank you for your response.
  Jim Mac.
  08/29/2013 10:22:51.94  w3wp.exe (0x2020)                        0x26D8 SharePoint Foundation        
   Claims Authentication          af3zp Unexpected STS Call Claims Saml: Problem getting output claims identity. Exception: 'Microsoft.SharePoint.SPException: The specified user or domain group was
  not found. ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.     at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType,
  Boolean forceSuccess)     at System.Security.Principal.NTAccount.Translate(Type targetType)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity,
  SPClaim loginClaim)     --- End of inner exception stack trace ---     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdent... 94aa5c2d-fa45-9b83-b203-a92b20102583
  08/29/2013 10:22:51.94* w3wp.exe (0x2020)                        0x26D8 SharePoint Foundation        
   Claims Authentication          af3zp Unexpected ...ity, SPClaim loginClaim)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String
  encodedIdentityClaimSuffix)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.CreateTokenCacheReferenceFromTokenSignature(SPRequestInfo requestInfo, IClaimsIdentity identity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentTokenCacheReferenceClaim(SPRequestInfo
  requestInfo, IClaimsIdentity identity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal
  principal, RequestSecurityToken request, Scope scope)'. 94aa5c2d-fa45-9b83-b203-a92b20102583
  08/29/2013 10:22:51.94  w3wp.exe (0x2020)                        0x26D8 SharePoint Foundation        
   Claims Authentication          fo1t Monitorable STS Call: Failed to issue new security token. Exception: Microsoft.SharePoint.SPException: The specified user or domain group was not found. --->
  System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.     at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)    
  at System.Security.Principal.NTAccount.Translate(Type targetType)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity, SPClaim loginClaim)    
  --- End of inner exception stack trace ---     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity, SPClaim logi... 94aa5c2d-fa45-9b83-b203-a92b20102583
  08/29/2013 10:22:51.94* w3wp.exe (0x2020)                        0x26D8 SharePoint Foundation        
   Claims Authentication          fo1t Monitorable ...nClaim)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)    
  at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.CreateTokenCacheReferenceFromTokenSignature(SPRequestInfo requestInfo, IClaimsIdentity identity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentTokenCacheReferenceClaim(SPRequestInfo
  requestInfo, IClaimsIdentity identity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal
  principal, RequestSecurityToken request, Scope scope)     at Microsoft.IdentityModel.Securi... 94aa5c2d-fa45-9b83-b203-a92b20102583
  08/29/2013 10:22:51.94* w3wp.exe (0x2020)                        0x26D8 SharePoint Foundation        
   Claims Authentication          fo1t Monitorable ...tyTokenService.SecurityTokenService.Issue(IClaimsPrincipal principal, RequestSecurityToken request)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.Issue(IClaimsPrincipal
  principal, RequestSecurityToken request) 94aa5c2d-fa45-9b83-b203-a92b20102583

  Hi Aries,
  I am facing issue with work flow where Workflow goes to Suspend mode.
  I am facing an issue with SP2013 Custom Workflow developed using Visual Studio 2012.
  Objective of the Custom workflow: User fills the form and submit, list get updated and workflow will initiate and go for the process.
  Issue: After the deployment of WF, for first time when user is filling the form and submit, list is getting updated. But the Workflow Goes to "Suspend" mode. (
  This Custom Workflow has a configuration file where we are providing other details including ID of Impersonator (farm is running under Claim Based Authentication).
  Work flow works fine once when the Impersonator initiate the workflow (Fill the form and submit for approval) and everything works fine after that.
  Following steps are already performed
  1.Make sure User profile synchronization is started.
  2.Make sure the user is not the SharePoint system user.
  3.Make sure the user by whom you are logged is available in User Profile list.
  4.Step full synchronization of User Profile Application.
  From the ULS logs it seems the user's security token from the STS service and User profile service is not being issued.
  Appreciate any thoughts or solution.
  Following are the log files.
  <-------------------------------Information taken from "http://YYYY.XXXXX.com/sites/xxxx/_layouts/15/wrkstat.aspx" where it is showing workflow status as "Suspend"------->
  http://yyyy.XXXX.com/sites/xxxx/_vti_bin/client.svc/sp.utilities.utility.ResolvePrincipalInCurrentcontext(input=@ParamUser,scopes='15',sources='15',inputIsEmailOnly='false',addToUserInfoList='False')?%40ParamUser='i%3A0%23.w%7CXXXXX%5Csps_biscomdev'
  Correlation Id: f5bd8793-a53c-2127-bfb1-70bc172425e8 Instance Id: 14a985a0-60c8-42db-a42c-c752190b8106
  RequestorId: f5bd8793-a53c-2127-0000-000000000000. Details: RequestorId: f5bd8793-a53c-2127-0000-000000000000. Details: An unhandled exception occurred during the execution of the workflow instance. Exception details: System.ApplicationException: HTTP 401
  {"error_description":"The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug>
  configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs."} {"x-ms-diagnostics":["3001000;reason=\"There
  has been an error authenticating the request.\";category=\"invalid_client\""],"SPRequestGuid":["f5bd8793-a53c-2127-8654-672758a68234"],"request-id":["f5bd8793-a53c-2127-8654-672758a68234"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"SPRequestDuration":["34"],"SPIisLatency":["0"],"Server":["Microsoft-IIS\/7.5"],"WWW-Authenticate":["Bearer
  realm=\"b14e1e0f-257f-42ec-a92d-377479e0ec8d\",client_id=\"00000003-0000-0ff1-ce00-000000000000\",trusted_issuers=\"00000005-0000-0000-c000-000000000000@*,[email protected]79e0ec8d\"","NTLM"],"X-Powered-By":["ASP.NET"],"MicrosoftSharePointTeamServices":["15.0.0.4420"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1;
  RequireReadOnly"],"Date":["Fri, 10 Apr 2015 19:48:07 GMT"]} at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) at System.Activities.CodeActivity.InternalExecute(ActivityInstance
  instance, ActivityExecutor executor, BookmarkManager bookmarkManager) at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation)
  ULS Log
  04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation Authentication Authorization agb9s Medium OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0 f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation Runtime ajd6k Verbose Value for isAnonymousAllowed is : False f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation Runtime ajd6l Verbose Value for checkAuthenticationCookie is : True f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8b Verbose Looking up context  site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8f Verbose Site lookup is replacing
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
  http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8g Verbose Looking up typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8b Verbose Looking up context  site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8f Verbose Site lookup is replacing
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
  http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8g Verbose Looking up typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly)). Execution Time=18.7574119057031 f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8b Verbose Looking up context  site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8f Verbose Site lookup is replacing
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
  http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8g Verbose Looking up typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.73 PowerShell.exe (0x29BC) 0x2B9C SharePoint Foundation General narq Verbose Releasing SPRequest with allocation Id {AF89E1D7-C47F-467B-8FD4-D7DC768820EE} 
  04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context  site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA 
  04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. 
  04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
  http://inetdev. 
  04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. 
  04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. 
  04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly)). Parent No 
  04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context  site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA 
  04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. 
  04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
  http://inetdev. 
  04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. 
  04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. 
  04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly) f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Application Authentication Pipeline). Parent Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly) f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context  site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
  http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Claims Authentication ah25l Medium SPJsonWebSecurityBaseTokenHandler: ValidateActorIsSelfIssuer! Issuer '00000005-0000-0000-c000-000000000000' is not self
  issuer. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Getting Site Subscription Id). Parent [S2S] Getting token from STS and setting Thread Identity f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context  site
  http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
  http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
  http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
  http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Getting Site Subscription Id). Execution Time=0.341314329055788 f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Reading token from Cache using token signature). Parent [S2S] Getting token from STS and setting Thread
  Identity f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.76 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General ajji6 High Unable to write SPDistributedCache call usage entry. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.76 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Reading token from Cache using token signature). Execution Time=7.5931438213516 f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.76 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Application Authentication ajwpx Medium SPApplicationAuthenticationModule: Failed to build cache key for user  f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.76 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Topology aeayb Medium SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel:
  'Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:fd5eba94-c39d-4667-89bd-089411c87f09' f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.77 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Topology aeax9 Medium SecurityTokenServiceReceiveRequest: LocalAddress: 'http://c1vspwfe01.vitas.com:32843/SecurityTokenServiceApplication/securitytoken.svc'
  Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:fd5eba94-c39d-4667-89bd-089411c87f09' f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.77 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Monitoring nasq Medium Entering monitored scope (ExecuteSecurityTokenServiceOperationServer). Parent No f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Claims Authentication ah25l Medium SPJsonWebSecurityBaseTokenHandler: ValidateActorIsSelfIssuer! Issuer '00000005-0000-0000-c000-000000000000' is not self
  issuer. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General narq Verbose Releasing SPRequest with allocation Id {F17590DF-49D9-439D-86BC-5AE6416BB765} f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8b Verbose Looking up  site
  http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
  http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8f Verbose Site lookup is replacing
  http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
  http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8g Verbose Looking up typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General narq Verbose Releasing SPRequest with allocation Id {3847D5A4-15C6-4AF9-B062-E22BB555DF4F} f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Portal Server User Profiles ae0s1 High Identity claims mapped to '0' user profiles. Claims: [nameid: '', nii: 'windows', upn: '', smtp: '', sip: ''], User Profiles: f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Portal Server User Profiles ae0sr Unexpected UserProfileException caught.. Exception Microsoft.Office.Server.Security.UserProfileNoUserFoundException: 3001002;reason=The
  incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator.     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
  upManager, IEnumerable`1 identityClaims)     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.<>c__DisplayClass2.<GetMappedIdentityClaim>b__0() is thrown. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Portal Server User Profiles ae0su High The set of claims could not be mapped to a single user identity. Exception 3001002;reason=The incoming identity is not mapped
  to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator. has occured.  f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Claims Authentication ae0tc High The registered mappered failed to resolve to one identity claim. Exception: Microsoft.Office.Server.Security.UserProfileNoUserFoundException:
  3001002;reason=The incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator.     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
  upManager, IEnumerable`1 identityClaims)     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.<>c__DisplayClass2.<GetMappedIdentityClaim>b__0()     at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass5.<RunWithElevatedPrivileges>b__3()    
  at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)     at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)     at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated
  secureCode)     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetMappedIdentityClaim(Uri context, IEnumerable`1 identityClaims)     at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetClaimFromExternalMapper(Uri
  contextUri, List`1 claims) f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Claims Authentication af3zp Unexpected STS Call Claims Saml: Problem getting output claims identity. Exception: 'Microsoft.Office.Server.Security.UserProfileNoUserFoundException:
  3001002;reason=The incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator.     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
  upManager, IEnumerable`1 identityClaims)     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.<>c__DisplayClass2.<GetMappedIdentityClaim>b__0()     at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass5.<RunWithElevatedPrivileges>b__3()    
  at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)     at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)     at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated
  secureCode)     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetMappedIdentityClaim(Uri context, IEnumerable`1 identityClaims)     at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetClaimFromExternalMapper(Uri
  contextUri, List`1 claims)     at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.ResolveUserIdentityClaim(Uri contextUri, ClaimCollection inputClaims)     at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetIdentityClaim(Uri
  contextUri, ClaimCollection inputClaims, SPCallingIdentityType callerType)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetLogonIdentityClaim(SPRequestInfo requestInfo, IClaimsIdentity inputIdentity, IClaimsIdentity
  outputIdentity, SPCallingIdentityType callerType)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.EnsureSharePointClaims(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity, SPCallingIdentityType callerType)    
  at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal
  principal, RequestSecurityToken request, Scope scope)'. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Claims Authentication fo1t Monitorable STS Call: Failed to issue new security token. Exception: Microsoft.Office.Server.Security.UserProfileNoUserFoundException:
  3001002;reason=The incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator.     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
  upManager, IEnumerable`1 identityClaims)     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.<>c__DisplayClass2.<GetMappedIdentityClaim>b__0()     at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass5.<RunWithElevatedPrivileges>b__3()    
  at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)     at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)     at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated
  secureCode)     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetMappedIdentityClaim(Uri context, IEnumerable`1 identityClaims)     at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetClaimFromExternalMapper(Uri
  contextUri, List`1 claims)     at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.ResolveUserIdentityClaim(Uri contextUri, ClaimCollection inputClaims)     at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetIdentityClaim(Uri
  contextUri, ClaimCollection inputClaims, SPCallingIdentityType callerType)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetLogonIdentityClaim(SPRequestInfo requestInfo, IClaimsIdentity inputIdentity, IClaimsIdentity
  outputIdentity, SPCallingIdentityType callerType)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.EnsureSharePointClaims(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity, SPCallingIdentityType callerType)    
  at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal
  principal, RequestSecurityToken request, Scope scope)     at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.Issue(IClaimsPrincipal principal, RequestSecurityToken request)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.Issue(IClaimsPrincipal
  principal, RequestSecurityToken request) f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.79 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationServer). Execution Time=17.1551132895382 f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Claims Authentication fsq7 High SPSecurityContext: Request for security token failed with exception: System.ServiceModel.FaultException: The server was
  unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in
  order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message
  response)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken
  rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Claims Authentication 8306 Critical An exception occurred when trying to issue security token: The server was unable to process the request due to an internal
  error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to
  the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Application Authentication Pipeline). Execution Time=52.3525336320678 f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Application Authentication ajezs High SPApplicationAuthenticationModule: Error authenticating request, Error details { Header: {0}, Body: {1} }.  Available
  parameters: 3001000;reason="There has been an error authenticating the request.";category="invalid_client" {"error_description":"The server was unable to process the request due to an internal error.  For more information
  about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as
  per the Microsoft .NET Framework SDK documentation and inspect the server trace logs."} . f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 8nca Medium Application error when access /sites/testrpa2/_vti_bin/client.svc, Error=The server was unable to process the request due to an internal
  error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to
  the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.   at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken
  rst, RequestSecurityTokenResponse& rstr)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context,
  Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationAuthentication(Uri context,
  SecurityToken onBehalfOf)     at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.<>c__DisplayClass4.<GetLocallyIssuedToken>b__3()     at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated
  secureCode)     at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.ConstructIClaimsPrincipalAndSetThreadIdentity(HttpApplication httpApplication, HttpContext httpContext, SPFederationAuthenticationModule fam)    
  at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.AuthenticateRequest(Object sender, EventArgs e)     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()    
  at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context  site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
  http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context  site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
  http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
  http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
  04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly)). Execution Time=62.2890618779761 f5bd8793-a53c-2127-8485-418c67f110f6
  Regards
  Sakti

• When i login to MES operator resp..i get a error saying...You must setup an HR employee for this Oracle Application user...how to resolve this?

  when i login to MES operator resp..i get a error saying...You must setup an HR employee for this Oracle Application user...how to resolve this?

  Hey everyone in Apple world!
  I figured out how to fix the flashing yellow screen problem that I've been having on my MBP!  Yessssss!!!
  I found this super handy website with the golden answer: http://support.apple.com/kb/HT1379
  I followed the instructions on this page and here's what I did:
  Resetting NVRAM / PRAM
  Shut down your Mac.
  Locate the following keys on the keyboard: Command (⌘), Option, P, and R. You will need to hold these keys down simultaneously in step 4.
  Turn on the computer.
  Press and hold the Command-Option-P-R keys before the gray screen appears.
  Hold the keys down until the computer restarts and you hear the startup sound for the second time.
  Release the keys.
  I went through the 6 steps above twice, just to make sure I got rid of whatever stuff was holding up my bootup process.  Since I did that, my MBP boots up just like normal.  No flashing yellow screen anymore!!   
  (Note that I arrived at this solution when I first saw this page: http://support.apple.com/kb/TS2570?viewlocale=en_US)
  Let me know if this works for you!
  Elaine

• How to use an authenticated user for a proxy call

  Dear all,
  I am currently working on a JEE application where the user needs to authenticate (for this I have configured the web.xml).
  Now inside this application I need to do a proxy call to a PI webservice.
  I would like to use the user credentials of the already logged in user in order to call the proxy.
  What I don't want to do is to use a service user for the proxy call.
  The code I am trying to call looks something like this:
       private IntegratedConfigurationIn getPort() throws Exception{
            IntegratedConfigurationIn port = null;
            try {
                 IntegratedConfigurationInService service = null;
                 service = new IntegratedConfigurationInService();
                 port = (IntegratedConfigurationIn) service.getIntegratedConfigurationIn_Port();
                BindingProvider bp = (BindingProvider)port;
                bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, user);
                bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);
                if (url.length() != 0)
                     bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, url);
            catch (Exception ex){
                 ex.printStackTrace();
            return port;
  The examples I found to retrieve the userdata pointed to codes similar to this one:
  public HttpServletRequest getHttpRequest() throws Exception {
            // Get runtime context
            Properties props = new Properties();
            props.put("domain", "true");
            Context initialContext = new InitialContext(props);
            ApplicationWebServiceContext wsContext = (ApplicationWebServiceContext) initialContext
                      .lookup(" /wsContext/ApplicationWebServiceContext");
            HttpServletRequest req = wsContext.getHttpServletRequest();
            return req;
  com.sap.security.api.IUser sapUser = com.sap.security.api.UMFactory.getAuthenticator().getLoggedInUser(getHttpRequest(), null);
            IUser ep5User = com.sapportals.wcm.util.usermanagement.WPUMFactory.getUserFactory().getEP5User(sapUser);
  Now I don't know how to bring it togehter and how to use an authenticated user for the BindingProvider.
  I would appreciate any hints or ideas.

  Peter,
  from the first screenshot, what I understood is that, you are calling an inbound PI web service that is intended to create an integrated configuration object (this is used for whole lot of other reason completely) but not actually calling a development web service.
  For this, you would have to generate your client classes from the WSDL provided by the PI developer for that particular service. Once you get those client classes generated, you could used the method provided in the other screenshot to extract the user and password and call the intended web service.
  Vijay Konam

• How to use different (not local) user for NTLM auth in Authenticator?

  Hi All,
  I use custom authenticator to provide user / passwords to connect to .NET Web Services. I overloaded function getPasswordAuthentication() that returns right user / password combination for the requested URL. It all works perfectly for many kinds of HTTP connections: basic, ntlm, ntlm-v2, through proxy, ssl, etc.
  My problem is that during NTLM authentication from Windows computers JVM uses credentials of the currently logged in domain user instead of calling Authenticator to get other user / password provided by the user. In case when local user credentials fail to authenticate, JVM calls my Authenticator but in case authentication is successful it does uses local domain user and never calls my Authenticator. The issue is when this local domain user does not have enough permissions but authenticated correctly there is no way to supply JVM with another user to begin with.
  What can I do to force JVM to ignore local domain user and to use Authenticator to collect credentials during NTLM authentication requested by the server in case the software runs on a Windows box with currently logged in domain user?
  I am looking for the answer for a long time already but found only questions and suggestions to switch server from NTLM authentication which is not an option for me. From the developer's view it has to be pretty simple change for Sun to do in Java networking API. Is there any way to escalate it to Sun support? Maybe there is some property in some JRE patch level that allows to do this?
  Thank you very much!
  Mark

  Thank you for the reply. I have kind of an opposite problem. I can perfectly connect from Linux computers to Microsoft IIS servers using NTLM or even NTLMv2 authentication. My problem is connecting from Windows client computer joined to the same domain as IIS server with the domain user logged in to this computer. In this case this user account will be used in any HTTP connections I initiate to this IIS server instead of the one that I want to supply in my custom Authenticator.
  I have graphical interactive application that connects to IIS Server. When user runs it and connects to IIS server I want to prompt for the user/password regardless whether JRE may correctly authenticate using current user account credentials. The current user may not have enough permissions in IIS application so I want to use different user to login to IIS application.
  Thank you anyway,
  Mark

• Tacacs authentication fails for one user account for only one switch

  Hi,
  I am having an scenario, where as Tacacs authentication fails for one user account for only one switch.
  The same user account works well for other devices.
  The AAA configs are same on every devices in the network.
  Heres the show tacacs output from the switch where only one user account fails;
                Socket opens:        157
               Socket closes:        156
               Socket aborts:        303
               Socket errors:          1
             Socket Timeouts:          2
     Failed Connect Attempts:          0
          Total Packets Sent:       1703
          Total Packets Recv:       1243
            Expected Replies:          0
  What could be the reason ?
  No errors on ACS server; same rights had been given to the user account.
  Thanks to advise.
  Prasey

  Hi there,
  Does the user get authenticated in the ACS logs?
  reports and activity----> failed attempts
  ro
  reports and activity----->  passed authentications
  That will help narrow it down.
  Brad

• Use Microsoft Online Directory Services as a user authentication provider for our own SharePoint farm?

  Hi,
  I've managed to configure my farm so that  Microsoft Online Directory Services (Office 365 etc.) can be used for STS authentication, but what I'm actually trying to do is allow user authentication - that is, I'm hoping to be able to use the user's
  O365 credentials to authenticate them in my own farm so they can view certain parts of it. If I need to write my own login form or authentication provider or whatever that's fine, as long as the user doesn't need to enter anything when they access my farm
  (provided they already have cached O365 credentials in their browser session).
  FWIW I actually need to be able to support the possibility that users are coming from multiple O365 tenancies, whereby each site collection will be configured to allow users from a different O365 tenancy (more or less).
  If it's not possible to do with my own development farm on a PC, it is possible if the farm is hosted in Azure?
  Thanks
  Dylan

  Hi  Dylan,
  According to your description, my understanding is that you want to use Microsoft Online Directory Services as a user authentication provider for your SharePoint farm.
  For your demand, you can configure a hybrid topology for your SharePoint farm:
  http://technet.microsoft.com/en-us/library/jj838715(v=office.15).aspx
  http://technet.microsoft.com/en-us/library/dn197168(v=office.15).aspx
  Thanks,
  Eric
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
  contact [email protected]
  Eric Tao
  TechNet Community Support

• How to setup the access duration for user

  Dear experts,
  As requrement of users, we need to setup the access duration for all users of our company . It's mean users only access into SAP on defined duration
  Ex : Working time is 8h00 am to 17h00 pm, after 17h00 pm, users cannot access into system
  Please help.
  Thanks,
  Neo

  Hi all,
  Thanks for your solution
  We want to set the access duration for end-user but sometimes, we need to flexible to allow user access to system in some special case.
  Let me detail users's requirements
  - Users can access to SAP fom 8h00 to 16h00
  - At 16h00, system will send the warning message to user to inform that system will aunomatic turn offf after 15 minutes, it's mean system will automatic kick out users after 15 minutes
  - From 16h00 to 8h00, users can not access to SAP
  - However, in some special case, we can grant the acess to system to specific user.
  Can we setup these steps on SAP ?
  Thanks,
  Neo