[SOLVED] form based logout

Similar Messages

• Logout Functionality in Form Based Authentication Not Working Properly

  Hi All,
  I am using Form Based Authentication in ADF. In this I followed the following steps:-
  1.Login On Page.
  2.In successful login page ,copy the url
  3.Click on "Logout"
  4.Paste the url in login page and click enter
  5.System taking me back to that page where I can perform all the actions.
  But the Login operation should not happen just by entering the url. Please provide any help how to stop redirecting to my authenticated page just by typing the url. This is a big security constraint.Any Assistance to this is highly appreciated.
  Thanks & Regards
  Lovenish Garg

  Hi BaiG,
  For Login I am using the form based authentication and for logout here is my code:-
  public void logout() {
  ExternalContext ectx =
  FacesContext.getCurrentInstance().getExternalContext();
  HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
  HttpSession session = (HttpSession)ectx.getSession(false);
  session.invalidate();
  response.setHeader("Cache-Control", "no-cache");
  response.setHeader("expires", "0");
  response.setHeader("Pragma", "no-cache");
  try {
  response.sendRedirect("AdminLogin.html");
  } catch (IOException e) {
  logger.severe(e.getMessage());
  //Inform JSF to not take the response in hands
  FacesContext.getCurrentInstance().responseComplete();
  logger.info("session invalidated");
  Thanks,
  Lovenish Garg

• Form-based authentication problem with weblogic

  Hi Everyone,
  The following problem related to form-based authentication
  was posted one week ago and no reponse. Can someone give it
  a shot? One more thing is added here. When I try it on J2EE
  server and do the same thing, I didn't encounter this error
  message, and I am redirected to the homeage.
  Thanks.
  -John
  I am using weblogic5.1 and RDBMSRealm as the security realm. I am having the following problem with the form-based authentication login mechanism. Does anyone have an idea what the problem is and how to solve it?
  When I login my application and logout as normal procedure, it is OK. But if I login and use the browser's BACK button to back the login page and try to login as a new user, I got the following error message,
  "Form based authentication failed. Could not find session."
  When I check the LOG file, it gives me the following message,
  "Form based authentication failed. One of the following reasons could cause it: HTTP sessions are disabled. An old session ID was stored in the browser."
  Normally, if you login and want to relogin without logout first, it supposes to direct you to the existing user session. But I don't understand why it gave me this error. I also checked my property file, it appears that the HTTP sessions are enabled as follows,
  weblogic.httpd.session.enable=true

  Hi...
  Hehe... I actually did implement the way you implement it. My login.jsp actually checks if the user is authenticated. If yes, then it will forward it to the home page. On the other hand, I used ServletAuthentication to solve the problem mentioned by Cameron where Form Authentication Failed usually occurs for the first login attempt. I'm also getting this error occasionally. Using ServletAuthentication totally eliminates the occurence of this problem.
  I'm not using j_security_check anymore. ServletAuthentication does all the works. It also uses RDBMSRealm to authenticate the user. I think the biggest disadvantage I can see when using ServletAuthentication is that the requested resource will not be returned after authentication cause the page returned after authenticating the user is actually hard coded (for my case, it's the home.jsp)
  cheers...
  Jerson
  "John Wang" <[email protected]> wrote:
  >
  Hi Jerson,
  I tried your code this weekend, it didn't work in my case. But
  I solved my specific problem other way. The idea behind my problem is that the user tries to relogin when he already logs in. Therefore, I just redirect the user into another page when he is getting the login page by htting the BACK button, rather than reauthenticate the user as the way you did.
  But, I think your idea is very helpful if it could work. Problems such multiple concurrence logins can be solved by pre-processing.
  In your new code, you solved the problem with a new approach. I am just wondering, do you still implement it with your login.jsp file? In other word, your action in login.jsp is still "Authenticate"? Where do you put the URL "j_security_check"?
  Thanks.
  -John
  "Jerson Chua" <[email protected]> wrote:
  I've solved the problem by using ServletAuthentication. So far I'm not getting the error message. One of the side effects is that it doesn't return the requested URI after authentication, it will always return the home page.
  Jerson
  package com.cyberj.catalyst.web;
  import weblogic.servlet.security.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import java.io.*;
  public class Authenticate extends HttpServlet {
  private ServletAuthentication sa = new ServletAuthentication("j_username", "j_password");
  public void doPost(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, java.io.IOException {
  int authenticated = sa.weak(request, response);
  if (authenticated == ServletAuthentication.NEEDS_CREDENTIALS ||
  authenticated == ServletAuthentication.FAILED_AUTHENTICATION) {
  response.sendRedirect("fail_login.jsp");
  } else {
  response.sendRedirect("Home.jsp");
  public void doGet(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, java.io.IOException {
  doPost(request, response);
  "Jerson Chua" <[email protected]> wrote:
  The problem is still there even if I use page redirection. Grrr... My boss wants me to solve this problem so what are the alternatives I can do? Are there any other ways of authenticating the user? In my web tier... I'm using isUserInRole, getRemoteUser and the web tier actually connects to EJBs. If I implement my custom authentication, I wouldn't be able to use this functionalities.
  Has anyone solved this problem? I've tried the example itself and the same problem occurs.
  Jerson
  "Cameron Purdy" <[email protected]> wrote:
  Jerson,
  First try it redirected (raw) to see if that indeed is the problem ... then
  if it works you can "fix" it the way you want.
  Peace,
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  +1.617.623.5782
  WebLogic Consulting Available
  "Jerson Chua" <[email protected]> wrote in message
  news:[email protected]...
  Hi...
  Thanks for your suggestion... I've actually thought of that solution. Butusing page redirection will expose the user's password. I'm thinking of
  another indirection where I will redirect it to another servlet but the
  password is encrypted.
  What do you think?
  thanks....
  Jerson
  "Cameron Purdy" <[email protected]> wrote:
  Maybe redirect to the current URL after killing the session to let the
  request clean itself up. I don't think that a lot of the request (such
  as
  remote user) will be affected by killing the session until the nextrequest
  comes in.
  Peace,
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  +1.617.623.5782
  WebLogic Consulting Available
  "Jerson Chua" <[email protected]> wrote in message
  news:[email protected]...
  Hello guys...
  I've a solution but it doesn't work yet so I need your help. Because
  one
  of the reason for getting form base authentication failed is if an
  authenticated user tries to login again. For example, the one mentionedby
  John using the back button to go to the login page and when the user logsin
  again, this error occurs.
  So here's my solution
  Instead of submitting the page to j_security_check, submit it to a
  servlet
  which will check if the user is logged in or not. If yes, invalidates its
  session and forward it to j_security_check. But there's a problem in this
  solution, eventhough the session.invalidate() (which actually logs theuser
  out) is executed before forwarded to j_security_check, the user doesn't
  immediately logged out. How did I know this, because after calling
  session.invalidate, i tried calling request.RemoteUser() and it doesn't
  return null. So I'm still getting the error. What I want to ask you guyis
  how do I force logout before the j_security_check is called.
  here's the code I did which the login.jsp actually submits to
  import javax.servlet.*;
  import javax.servlet.http.*;
  import java.io.*;
  public class Authenticate extends HttpServlet {
  public void doPost(HttpServletRequest request, HttpServletResponseresponse)
  throws ServletException, java.io.IOException {
  if (request.getRemoteUser() != null) {
  HttpSession session = request.getSession(false);
  System.out.println(session.isNew());
  session.invalidate();
  Cookie[] cookies = request.getCookies();
  for (int i = 0; i < cookies.length; i++) {
  cookies.setMaxAge(0);
  getServletContext().getRequestDispatcher("/j_security_check").forward(reques
  t, response);
  public void doGet(HttpServletRequest request, HttpServletResponseresponse)
  throws ServletException, java.io.IOException {
  doPost(request, response);
  let's help each other to solve this problem. thanks.
  Jerson
  "Jerson Chua" <[email protected]> wrote:
  I thought that this problem will be solved on sp6 but to my
  disappointment, the problem is still there. I'm also using RDBMSRealm,same
  as John.
  Jerson
  "Cameron Purdy" <[email protected]> wrote:
  John,
  1. You are using a single WL instance (i.e. not clustered) on that
  NT
  box
  and doing so without a proxy (e.g. specifying http://localhost:7001),
  correct?
  2. BEA will pay more attention to the problem if you upgrade to SP6.If
  you don't have a reason NOT to (e.g. a particular regression), then
  you
  should upgrade. That will save you one go-around with support: "Hi,I
  am
  on SP5 and I have a problem.", "Upgrade to SP6 to see if that fixes
  it.
  Call back if that doesn't work."
  3. Make sure that you are not doing anything special before or after
  J_SECURITY_CHECK ... make sure that you have everything configuredand
  done
  by the book.
  4. Email BEA a bug report at [email protected] ... see what they say.
  Peace,
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  +1.617.623.5782
  WebLogic Consulting Available
  "John Wang" <[email protected]> wrote in message
  news:[email protected]...
  Cameron,
  It seems to me that the problem I encountered is different a little
  from
  what you have, evrn though the error message is the same eventually.
  Everytime I go through, I always get that error.
  I am using weblogic5.1 and sp5 on NT4.0. Do you have any solutions
  to
  work
  around this problem? If it was a BUG as you
  pointed out, is there a way we can report it to the Weblogic
  technical support and let them take a look?
  Thnaks.
  -John
  "Cameron Purdy" <[email protected]> wrote:
  John,
  I will verify that I have seen this error now (after having read
  about it
  here for a few months) and it had the following characteristics:
  1) It was intermittent, and appeared to be self-curing
  2) It was not predictable, only seemed to occur at the first
  login
  attempt,
  and may have been timing related
  3) This was on Sun Solaris on a cluster of 2 Sparc 2xx's; the
  proxy
  was
  Apache (Stronghold)
  4) After researching the newsgroups, it appears that this "bug"
  may
  have gone away temporarily (?) in SP5 (although Jerson Chua
  <[email protected]> mentioned that he still got it in SP5)
  I was able to reproduce it most often by deleting the tmpwar and
  tmp_deployments directories while the cluster was not running,
  then
  restarting the cluster. The first login attempt would fail(roughly
  90%
  of
  the time?) and that server instance would then be ignored by the
  proxy
  for a
  while (60 seconds?) -- meaning that the proxy would send all
  traffic,
  regardless of the number of "clients", to the other server in thecluster.
  As far as I can tell, it is a bug in WebLogic, and probably has
  been
  there
  for quite a while.
  Peace,
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  +1.617.623.5782
  WebLogic Consulting Available
  "John Wang" <[email protected]> wrote in message
  news:[email protected]...
  Hi Everyone,
  The following problem related to form-based authentication
  was posted one week ago and no reponse. Can someone give it
  a shot? One more thing is added here. When I try it on J2EE
  server and do the same thing, I didn't encounter this error
  message, and I am redirected to the homeage.
  Thanks.
  -John
  I am using weblogic5.1 and RDBMSRealm as the security realm. I
  am
  having
  the following problem with the form-based authentication login
  mechanism.
  Does anyone have an idea what the problem is and how to solve it?
  When I login my application and logout as normal procedure, it
  is
  OK.
  But
  if I login and use the browser's BACK button to back the login
  page
  and
  try
  to login as a new user, I got the following error message,
  "Form based authentication failed. Could not find session."
  When I check the LOG file, it gives me the following message,
  "Form based authentication failed. One of the following reasons
  could
  cause it: HTTP sessions are disabled. An old session ID was stored
  in
  the
  browser."
  Normally, if you login and want to relogin without logout first,
  it
  supposes to direct you to the existing user session. But I don'tunderstand
  why it gave me this error. I also checked my property file, it
  appears
  that
  the HTTP sessions are enabled as follows,
  weblogic.httpd.session.enable=true

• Form based login, iframes and session time out

  Hi all,
  I'm trying to create a site using form based login.
  The site contains a page protected page, default.jsp that have a logout button/link (clicking it invalidates the session), and a navigation bar with links linking opening them in iframes inside the default.jsp page:
  I have also a login.jsp page and and a error.jsp page
  Everything works fine I can login, I can logout. My problem occurs when the session times out and the user tries to access protected contents in the internal frames. He then is promted for a new login. The problem is that the login,jsp page now turns up inside the jframe designatet for my contents.
  I woud have liked the login page to turn up at the top level i.e. filling the entire browser window (i.e on the same level as the default.jsp page). Is this somehow possible?
  Regards
  Uno Engborg

  Easy answer: use JS to jump out iframe.
  Best answer: don't use iframes, but use server side includes like jsp:include. Iframes have too much disadvangages, topping the extremely bad SEO and UX.

• Populating the Lookup values in AD Child Form based logged in user

  HI,
  Below is the Lookup code(AD Groups) format.
  Codekey , Decodekey
  IT-Development , IT-Development
  IT-Testing , IT-Testing
  IT-Production , IT-Production
  HR-system , HR-system
  HR-Finance , HR-Finance
  My requirement is I need to filter the data being presented in the lookup according to the logged in user in ad child form,
  If i am logged in as xelsysadm the lookup presents all groups.
  If i am logged in as IT administroter the lookup presents only the IT Related groups(EX:IT-Development,IT-Testing....).
  If i am logged in as HR administroter the lookup presents only the HR Related groups(EX:HR-System,HR-Finance...).
  like this we have contains so many administrators.
  We are desiding the administrators based on user form field.
  The Field contains the value like HR-Related,IT-Information Technology.....
  How can i achive this?
  Thanks in advance.
  Edited by: 790561 on 4/12/2011 17:48
  Edited by: 790561 on 5/12/2011 12:02

  Hi Rajiv,
  Thank you for quick reply,
  When i am login as IT administrator and i provisioned user to AD it showing the IT Related groups in ad child form based on your Suggestion.
  If i logout and login as a HR administrator and i edit the child process form of the same user still its showing IT Related Groups only.If I revoke and provision user to ad again with HR administrator this time its showing HR Related groups in AD Child form.
  I think based on the requester its showing the values.
  But i want to filter groups based on logged in user.
  EX:If i login as IT administrator and provision the user to AD in Child form its showing the IT Related groups only its correct.
  If I logout and login as HR administrator and i edit the same user AD Child form its showing the IT related groups only its not correct.this time it shows only HR Related.
  Any solution....
  Thanks in advance.

• How to create a Form based on a dynamic table?

  Hello,
  The Select statement below creates a table based on a string (string is a value of an item):
  select * from table (pkg_util.fn_get_table (:P18_VALUE))I need to create a region on a page with a Form based on this table.
  I was able to create a Report, but not a Form.
  I need to create a Form, which would return updated string to the page item.
  How can I solve this please?

  Hello Gentlemen,
  I have created a Tabular Form, based on APEX_ITEM API, as you suggested, here is the code below:
  SELECT apex_item.checkbox (30,
                             CATALOG_ID,
                             'onclick="highlight_row(this,' || ROWNUM || ')"',
                             NULL,
                             'f30_' || LPAD (ROWNUM, 4, '0')
                            ) delete_checkbox,
         CATALOG_ID,
            apex_item.hidden (31, CATALOG_ID)
         || apex_item.text (32,
                            LANG,
                            80,
                            100,
                            'style="width:100px"',
                            'f32_' || LPAD (ROWNUM, 4, '0')
         || apex_item.hidden (33, wwv_flow_item.md5 (LANG, DESCRIPTION)) LANG,
         apex_item.text (34,
                         DESCRIPTION,
                         80,
                         100,
                         'style="width:255px"',
                         'f34_' || LPAD (ROWNUM, 4, '0')
                        ) DESCRIPTION
    FROM V_SYSTEM_CATALOGS_PR
  UNION ALL
  SELECT     apex_item.checkbox
                            (30,
                             TO_NUMBER(9900 + LEVEL),
                             'onclick="highlight_row(this,' || ROWNUM || ')"',
                             NULL,
                             'f30_' || TO_NUMBER (9900 + LEVEL)
                            ) delete_checkbox,
             NULL,
                apex_item.hidden (31, NULL)
             || apex_item.text (32,
                                NULL,
                                80,
                                100,
                                'style="width:100px"',
                                'f32_' || TO_NUMBER (9900 + LEVEL)
             || apex_item.hidden (33, NULL) LANG,
             apex_item.text
                                             (34,
                                              NULL,
                                              80,
                                              100,
                                              'style="width:255px" '  ,
                                              'f34_'
                                              || TO_NUMBER (9900 + LEVEL)
                                             ) DESCRIPTION
        FROM DUAL
       WHERE :P180_TEMP = 'ADD_ROWS1'
  CONNECT BY LEVEL <= 1however, the update process doe not work on that form:
  DECLARE
    lc_string VARCHAR2(4000);
  BEGIN
    FOR i IN 1..APEX_APPLICATION.G_f*30*.COUNT
    LOOP
        lc_string := lc_string|| '[' ||APEX_APPLICATION.G_f*32*(i) || '|' || APEX_APPLICATION.G_f*34*(i) || ']';
    END LOOP;
    --Database processing using the concatenated string here
  END;Can you please see what's wrong with the code?
  Also, I tried to set a temp. item with the value, to see if the process returns something, like that:
  DECLARE
    lc_string VARCHAR2(4000);
  BEGIN
    FOR i IN 1..APEX_APPLICATION.G_f*30*.COUNT
    LOOP
        lc_string := lc_string|| '[' ||APEX_APPLICATION.G_f*32*(i) || '|' || APEX_APPLICATION.G_f*34*(i) || ']';
    END LOOP;
       :p18_temp := lc_string;
  END;and it did not work.
  Also, it is the second Tabular Form on this page. The first one is created using wizard, and it works perfect, with the same update process:
  DECLARE
    lc_string VARCHAR2(4000);
  BEGIN
    FOR i IN 1..APEX_APPLICATION.G_f*01*.COUNT
    LOOP
        lc_string := lc_string|| '[' ||APEX_APPLICATION.G_f*03*(i) || '|' || APEX_APPLICATION.G_f*04*(i) || ']';
    END LOOP;
    --Database processing using the concatenated string here
  END;Also, both forms are opening in a modal pop-up dialog window.
  I use a Dialog Region plug-in for that.
  May be this is causing a problem?
  But still, the first form works fine!?

• J_security_check in form-based authentication - not checking for blank passwords

  I am using the LDAP Security Realm to authenticate against an iPlanet
  Directory Server. All works as expected when a user-id and password
  are entered for form-based authentication.
  However, when a userid is entered but no password, j_security_check
  logs the user in successfully. Aparently, this is correct LDAP
  behaviour as anonymous login to the LDAP server is permitted. It seems
  that the j_security_check servlet should check for blank passwords
  before trying to authenticate against the LDAP server and fail
  authentication if this is the case.
  Has anyone else experienced this problem?

  Hi Brian,
  I do not believe it is j_security_check's job to check for blank
  passwords.
  In many security realms, it is "legal" for a user to have a blank
  password. j_security_check forwards whatever password was entered so that
  even users with blank passwords can be authenticated by the realm on the
  backend. For this reason I believe that j_security_check is "doing the
  right thing" by just forwarding whatever is presented to it, rather than
  having its own logic. It is best if j_security_check just acts as a very
  dumb middle man.
  If behavior was altered, it is true that your particular problem would be
  solved, but then many other people would have a problem with their users
  with blank passwords authenticating properly...
  Try looking into how to disable anonymous logins on the LDAP end of
  things. Hope this helps.
  Cheers,
  Joe Jerry
  brian wrote:
  I am using the LDAP Security Realm to authenticate against an iPlanet
  Directory Server. All works as expected when a user-id and password
  are entered for form-based authentication.
  However, when a userid is entered but no password, j_security_check
  logs the user in successfully. Aparently, this is correct LDAP
  behaviour as anonymous login to the LDAP server is permitted. It seems
  that the j_security_check servlet should check for blank passwords
  before trying to authenticate against the LDAP server and fail
  authentication if this is the case.
  Has anyone else experienced this problem?

• Form Based authentcation in Sharepoint 2010

  Hi,
     I am Having a problem. everytime i enter the URL for accesing the site i am getting a new page which asks me whether i have to use forms based autherntication or Windows based authentication.Attaching the below screen shot of the same. can some
  one help me to sort out this issue.

  If you implment Forms Based authentication on the same AAM zone where you are using Windows Authentication this is the way it is designed to work.  If you Extend the Web Application to a new Zone and turn on Forms Based authentication there but not
  in the default zone then you won't get the prompt.  Instead you'll use windows authentication when you use the default Zone url and Forms based authentication when you use the extended zone URL.
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• Issues with OSSO ,custom login module and form based authentication

  Hi:
  We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
  authentication and Custom login module.
  Application is going in infinite loop when we we try to login using osso ,from the logs
  what I got is looks like tha when we we try to login from OSSO application goes to the login
  page and it gets the remote user from request so it forwards it to the home page till now
  it is correct behaviour ,but after that It looks like home page find that authentication is
  not done and sends it back to the login page and login page again sends it to the home as it
  finds that remote user is not null.
  Our web.xml form authentication entry looks like this :
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/jsp/login.jsp</form-login-page>
  <form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
  </form-login-config>
  </login-config>
  While entry in orion-application.xml has the following entry for custom login :
  <jazn provider="XML">
       <property name="custom.loginmodule.provider" value="true" />
  <property name="role.mapping.dynamic" value="true" />
  </jazn>
  Whether If I change the authentication type to BASIC and add the following line
  in orion-application.xml will solve the issue :
  <jazn provider="XML">
       <property name="custom.loginmodule.provider" value="true" />
  <property name="role.mapping.dynamic" value="true" />
  <jazn-web-app auth-method="SSO" >
  </jazn>
  Any help regarding it will be appreciated .
  Thanks
  Anil

  Hi:
  We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
  authentication and Custom login module.
  Application is going in infinite loop when we we try to login using osso ,from the logs
  what I got is looks like tha when we we try to login from OSSO application goes to the login
  page and it gets the remote user from request so it forwards it to the home page till now
  it is correct behaviour ,but after that It looks like home page find that authentication is
  not done and sends it back to the login page and login page again sends it to the home as it
  finds that remote user is not null.
  Our web.xml form authentication entry looks like this :
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/jsp/login.jsp</form-login-page>
  <form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
  </form-login-config>
  </login-config>
  While entry in orion-application.xml has the following entry for custom login :
  <jazn provider="XML">
       <property name="custom.loginmodule.provider" value="true" />
  <property name="role.mapping.dynamic" value="true" />
  </jazn>
  Whether If I change the authentication type to BASIC and add the following line
  in orion-application.xml will solve the issue :
  <jazn provider="XML">
       <property name="custom.loginmodule.provider" value="true" />
  <property name="role.mapping.dynamic" value="true" />
  <jazn-web-app auth-method="SSO" >
  </jazn>
  Any help regarding it will be appreciated .
  Thanks
  Anil

• Form Error: form based on a Generic connectivity view

  A view was based on a select from a table in a Syabase database (accessed in Oracle using Generic Connectivity).
  When I built a block in a Form based on that view, I faced the following error:
  ORA-02070: database SYB does not support ROWID in this context.
  Also, the same error appeared in the reports accessing the same view.
  Can anyone give me a clue to solve this problem plz?
  Thanks in advance.

  I later knew that the issue can be addressed by setting the parameter Key Mode to nonupdatable.

• Can you enable both Windows Based Authentication and Forms Based Authenication for the same web application?

  Hello Community
      In WS2012 and SharePoint 2013 Server is it possible when creating a
  web application to enable both Windows Based Authentication/Negotiate
  (Kerberos) and enable Forms Based Authentication or does the web application
  use either one or the other?
      Thank you
      Shabeaut 

  Yes , you can use dual authentication on same web application. You can use same web application , at OOB login page you will have option to use windows or form login.
  Or you can extend your web application to a new web app and configure extended web application to use Form Based Authentication(Note extended web application will also show same content database , so the content will same only url will be different)
  http://blogs.technet.com/b/ptsblog/archive/2013/09/20/configuring-sharepoint-2013-forms-based-authentication-with-sqlmembershipprovider.aspx
  http://gj80blogtech.blogspot.in/2013/11/forms-based-authentication-fba-in.html
  Thanks
  Ganesh Jat [My Blog |
  LinkedIn | Twitter ]
  Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful.

• Form-based Auth for DefaultWebApp

  I'm using WLS 6.0 SP2 on WIN2K. I tested the sample security
  web app that uses form-based auth and am trying to do something
  similar w/ the default web app in mydomain.
  Here's my web.xml:
  <?xml version="1.0" ?>
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 1.2//EN"
  "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
  <web-app>
  <!--
  Authentication
  -->
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Default</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>system</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/login.jsp</form-login-page>
  <form-error-page>/fail_login.html</form-error-page>
  </form-login-config>
  </login-config>
  <!-- Security role which is global to the application -->
  <security-role>
  <role-name>administrators</role-name>
  </security-role>
  </web-app>
  When I try to access a web page, http://localhost:7001/res/hello.html,
  the browser keeps trying to open that
  page. It goes on and on.... I never
  get challenged w/ the login form, nor
  seeing the page. However, when I change
  FORM to BASIC, and delete the "form-login-config"
  settings, I get challenged w/ the HTTP
  basic auth dialog. Enter my credentials
  and I get the page.
  How do I config the default web app to use form-based
  auth?
  Thanks for any help you can provide.
  -Muwon

  Problem solved. The definition of your <url-pattern>
  (within <web-resource-collection>) can't inlcude where
  your logon form is.
  "Muwon" <[email protected]> wrote:
  >
  I'm using WLS 6.0 SP2 on WIN2K. I tested the sample security
  web app that uses form-based auth and am trying to do something
  similar w/ the default web app in mydomain.
  Here's my web.xml:
  <?xml version="1.0" ?>
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application
  1.2//EN"
  "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
  <web-app>
  <!--
  Authentication
  -->
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Default</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>system</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/login.jsp</form-login-page>
  <form-error-page>/fail_login.html</form-error-page>
  </form-login-config>
  </login-config>
  <!-- Security role which is global to the application -->
  <security-role>
  <role-name>administrators</role-name>
  </security-role>
  </web-app>
  When I try to access a web page, http://localhost:7001/res/hello.html,
  the browser keeps trying to open that
  page. It goes on and on.... I never
  get challenged w/ the login form, nor
  seeing the page. However, when I change
  FORM to BASIC, and delete the "form-login-config"
  settings, I get challenged w/ the HTTP
  basic auth dialog. Enter my credentials
  and I get the page.
  How do I config the default web app to use form-based
  auth?
  Thanks for any help you can provide.
  -Muwon

• SSO to Form Based Application

  Has Access Manager yet added the ability to do "form memory" for easy SSO integration to applications performing form based authentication. This is a feature found in products such as Netegrity Siteminder and CA's stuff.
  This is easier for legacy applications with closed code than trying to modify the login sequences for these applications.
  Z

  Hello Romano,
  thank you for assisting so much.
  Yes, the text itself is always new, but when i believe what it is saying, the content following is not new.
  Or do i only mis-interpret the meaning of that text ? Does it perhaps analogously  mean: "He User, the content you see was just fresh constructed and cached in the ApplicationCache and then sent to you" or .
  I also found the "com.sap.portal.httpconnectivity.urlfetcherservice" and played with it, but with that i achieve cache settings for all applications used and not for only the one i would like it for.
  I posted this also in category "Portal Content Development",
  URL iview Cache -> How can i empty the ApplicationCache
  and there are also interesting answers.
  Kind regards
  Andreas

• Forcing specific clients or groups to use forms based authentication (FBA) instead of windows based authentication (WIA) with ADFS

  Hi,
  We are have a quite specific issue. The problem is most likely by design in ADFS 3.0 (running on Windows Server 2012 R2) and we are trying to find a "work-around".
  Most users in the organization is using their own personal computer and everything is fine and working as expected, single sign-on (WIA) internally to Office 365 and forms based (FBA) externally (using Citrix NetScaler as reverse proxy and load
  balancing with the correct rewrites to add client-ip, proxy header and URL-transformation).
  The problem occurs for a few (50-100) users where they are sharing the same computer, automatically logged on to the computer using a generic AD-user (same for all of them). This AD-user they are logged on with does not have any access to Office365
  and if they try to access SharePoint Online they receive an error that they can't login (from SharePoint Online, not ADFS).
  We can't change this, they need to have this generic account logged on to these computers. The issue occurs when a user that has access to SharePoint Online tries to access it when logged on with a generic account.
  They are not able to "switch" from the generic account in ADFS / SharePoint Online to their personal account.
  The only way I've found that may work is removing IE as a WIA-capable agent and deploy a User-Agent version string specific to most users but not the generic account.
  My question to you: Is there another way? Maybe when ADFS sees the generic user, it forces forms based authentication or something like that?
  Best regards,
  Simon

  I'd go with your original workaround using the user-agent and publishing a GPO for your normal users that elects to use a user-agent string associated with Integrated Windows Auth.. for the generic accounts, I'd look at using a loopback policy that overwrites
  that user agent setting, so that forms logon is preferred for that subset of users. I don't think the Netscaler here is useful in this capacity as it's a front-end proxy and you need to evaluate the AuthZ rules on the AD FS server after the request has been
  proxied. The error pages in Windows Server 2012 R2 are canned as the previous poster mentioned and difficult to customize (Javascript only)...
  http://blog.auth360.net

• Help with exporting forms based data to Excel 2007

  I have a user who is attempting to export forms based data to Microsoft Excel 2007 and when he attempts this he receives a message stating that Windows does not recognise this file type (tsv). I am not too familiar with Office 2007 so I am unable to direct this users as to how to correct this issue.
  Is someone able to give me the navigation path to help me to assist this user? thanks

  Did you verify the file type from Windows Explorer?
  1) Right click on My Computer > Explore
  2) Go to Tools > Folder Options
  3) Click on File Types tab
  4) Check if TSV file is defined there or not. If it is not there, click on New and add the File Extension