SPNego authentication to Portal

Similar Messages

• Logoff not working after SPNego Authentication

  Hi Experts,
  Configured SPNego authentication sucessfully.
  But after clicking logoff button again logged in back again.
  As per some advice, done as follows
  Example: Portal SSO URL: http://portal.example.com
  Create a URL like http://nonssoportal.example.com (Create the name in the DNS and point it to the IP of your portal server)
  Changed the logoff paramter to point to the new URL. After restart once logoff clicks went to new URL but still SSO ticket authenticating.
  I need to get the login page again so that i can login with administrator or other test user IDs.
  Please post your suggestions.
  Regards,
  Raja. G

  Hi,
  Created the alias for that server and made the logoff URL as http://<alias of the server>:<port>/irj/portal.
  Now am able to achieve the login page however it is asking for the windows authentication while logging off.
  If we click cancel then we can able to achieve the login page.
  Any idea to avoid the popup for asking windows credentials?
  Regards,
  Raja. G

• UI5 and SPNEGO authentication

  Hi,
  we already use the Netweaver Gateway to provide some OData services.
  These services are consumed by some 3rd party software components.
  To authenticate the user at the Gateway, these applications are using the SPNEGO authentication mechanism.
  Now I wanted to start to develop my first UI5 app. Of course I'd like to consume the OData services from our existing gateway installation.
  The main problem that I'm currently facing is, that I don't know how to use Single Sign On (based on Kerberos tickets) to consume the gateway services from an UI5 app. I would like to use SPNEGO but I didn't find any information on how to implement SPNEGO in an UI5 app.
  Can you please provide me some information (or even some code snippets) on how to use SPNEGO authentication from an UI5 app!?!?
  Thanks in advance
  Holger

  Hi Michael,
  Thanks for that.  My opinion of secondary authentication is the same, but hey ho.  The client insists.  I think the main iview is the payslip iview, so it is on the same server as the portal. 
  My thinking was that as form based logon uses com.sap.portal.runtime.logon.certlogon and basic authentication uses com.sap.portal.runtime.logon.basicauthentication they could have different priorities set in authschemes.xml and consequently it asks for secondary authentication.  However, I see your point that they are both in the ticket logon stack.
  Paul

• JNLP & User Authentication (Application Portal Dilemma)

  There is an interesting article on JavaWorld under the Applied Java Topic about distributed applications and Java Web Start. Recently I have also become a big fan of rapid thick-client deployment using the JNLP framework. However, I (and many others I suspect) have come across a road-block implicit to distributed application (non-applet) development. There is no ability to preserve a session.
  Now in Jonathan Simon's article, in presents the case for "Application Portals" in which one could easily set up an authentication servlet and during run-time construct a list of verified applications. This implementation seems straightforward and but I am confused on one simple point for which I am in "dying-need" of clarity. The JNLP simply provides a link and protocol to deploy and update the client-side application. Upon initial execution or launching, the "link" is unknown making this solution great. However, once launched the link can be determined and the application can be executed without the use of the authentication portal (or if an off-line implementation is also deployed - launched locally).
  Is there a current design pattern to circumvent this limitation? How can I pass session information or even arguments to the client-application when launched? What happens when the application is launched via the desktop integrated icon? At first glance, I would expect the solution to be to invoke a WebService from the application upon execution of main. This service would then authenticate, but still would require its own interface for data (user/pass) capturing - thereby nullifying the entire point of setting up an authenticating application portal.
  Any suggestions or clarity would be well received

  I'm not sure if this will help you guys or not, but there is a guide for deploying JNLP applications from a servlet here: http://java.sun.com/j2se/1.5.0/docs/guide/javaws/developersguide/downloadservletguide.html
  Perhaps you can use this to dynamically specify the JNLP file. If a user accesses the server from the plain URL the servlet assigns a new session id, and places this in the codebase or href of the JNLP file it sends to the user. Later when the user runs the JNLP application from app manager, or an icon, the servlet will see the decorated codebase/href and act accordingly.
  Anyway, like I said, I'm not sure if this is exactly what you are looking for, but I think it has been used in the past for session maintenance.
  As to why JNLP doesn't support portal tech... these two technologies were invented at the same time. Initially they were somewhat competing ideas.
  For the future it might be possible to make JNLP more portal friendly, but in that case, Sun needs to have a better idea from the users what is needed. Simply saying, "make it better" is just to vague. Be specific, and who knows what good ideas might be picked up. (Another possibility is to contribute your own ideas for improvement through http://www.java.net/).
  Mike.

• What is SPNego Authentication Scheme?

  Could anybody please give me overview of SPNego authentication scheme?
  Why its needed??Any docs Available.
  Thanks in advance.
  Any help will be highly appretiated.
  Thanks and Regards
  Gaurav Namdeo

  Hi Gaurav,
  SPNego is Authentication Scheme,And it Ovecomes the limitations of other schems like it works smoothly with Unix And other OS,And many more.
  Go through thease links.
  spnego
  Download ZIP archive from SAP Note 994197
  Unzip the archive
  Deploy EARs
  sap.comtcsecauthjmx~ear.ear
  sap.comtcsecauthspnego~wizard.ear
  ecurity_example.ear
  Active Directory configuration and further more settings have to be done in the Zip file you will get a user guide just refer thet and proceed acording to that.
  Regards
  Vinit

• SPNEGO Authentication Error

  I have a web application monitor that is throwing an odd error.  It tells me that the "Response Body Evaluation Result" is in error and when I check the response body, I get:
  <html><head><title>SPNEGO authentication is not supported.</title></head><body>SPNEGO authentication is not supported on this client.</body></html>
  The odd part is that the monitor is set up woth no authenticatin.  So, why am I getting theis error?
  Thank
  Bert

  It sounds like the server asks for negotiation of authentication (windows auth?) and since your client doesn't use it, it gets an error. Maybe you would have to use windows auth with this site, in your synthetic test?

• SPNego Authentication

  Hi
  I am trying to Implement SPNego Authentication
  I have Installed kerbTray in my System . I am getting Blank Screen.
  The List Tickets dosent Come up anything . Client Pricipal says "No Network Credentials".
  please let me know if anything needs to be done.
  I have created a service User and SPN for the same.
  Thank you
  Regards

  Hi
  I am getting following Error. This analysis is thru Dagtool
  please need solution badly
  6.com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest
  2009/04/08 19:30:30 class com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest
  This test tries to authenticate the J2EE service user against the KDC using
  the Kerberos configuration of the J2EE engine. It copies the "krb5.conf" and
  "keytab" files used by the J2EE engine and generates "jaas.conf" file that
  contains "com.sun.security.jgss.accept" policy configuration with
  "Krb5LoginModule" login module that has the same options like in the J2EE
  engine. The output of the test contains the traces of the Krb5LoginModule.
  Debug is  true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is null KeyTab is null refreshKrb5Config is false principal is j2ee-dep-depportalMWRD.LOCAL tryFirstPass is false useFirstPass is false storePass is false clearPass is false
  >>>KinitOptions cache name is C:\Documents and Settings\depadm\krb5cc_depadm
  *Error creating GSS context.*
  *[EXCEPTION]*
  *GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)*at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)
  at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
  at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
  at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
  at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
  at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
  at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
  at com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest.createGSSContext(Krb5ServerTest.java:104)
  at com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest.execute(Krb5ServerTest.java:75)
  at com.sap.engine.config.diagtool.Task.execute(Task.java:55)
  at com.sap.engine.config.diagtool.Launcher.run(Launcher.java:334)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  at com.sap.engine.config.diagtool.Launcher.main(Launcher.java:385)
  Caused by: javax.security.auth.login.LoginException: java.lang.UnsatisfiedLinkError: C:\j2sdk1.4.2_12-x64\jre\bin\w2k_lsa_auth.dll: %1 is not a valid Win32 application
  at java.lang.ClassLoader$NativeLibrary.load(Native Method)
  at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1586)
  at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1503)
  at java.lang.Runtime.loadLibrary0(Runtime.java:788)
  at java.lang.System.loadLibrary(System.java:834)
  at sun.security.krb5.Credentials$1.run(DashoA12275:585)
  at java.security.AccessController.doPrivileged(Native Method)
  at sun.security.krb5.Credentials.a(DashoA12275:582)
  at sun.security.krb5.Credentials.acquireDefaultCreds(DashoA12275:423)
  at sun.security.krb5.Credentials.acquireTGTFromCache(DashoA12275:277)
  at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:520)
  at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:475)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
  at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)
  at java.security.AccessController.doPrivileged(Native Method)
  at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)
  at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
  at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
  at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
  at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
  at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
  at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
  at com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest.createGSSContext(Krb5ServerTest.java:104)
  at com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest.execute(Krb5ServerTest.java:75)
  at com.sap.engine.config.diagtool.Task.execute(Task.java:55)
  at com.sap.engine.config.diagtool.Launcher.run(Launcher.java:334)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  at com.sap.engine.config.diagtool.Launcher.main(Launcher.java:385)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:730)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
  at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)
  at java.security.AccessController.doPrivileged(Native Method)
  at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)
  ... 15 more
  *Acquire credential failed for realm MWRD.LOCAL* Thank you
  Regards
  Krishna kanth
  Edited by: siddi siddi on Apr 9, 2009 9:05 PM
  Edited by: siddi siddi on Apr 9, 2009 9:05 PM

• Custom SPNEGO Authenticator

  I'm working on developing a custom spnego authenticator to JBoss. I saw a client example in Advanced JGSS Security Programming. But I haven't found if it's possible to develop a program that accepts a browser's token spnego in the server side. Is it possible in Java 6?
  Thanks a lot!!

  http://dev2dev.bea.com/utilitiestools/security.html

• SPNEGO when the Portal Authentication is set to ABAP

  Hi all,
  I have seen documentation (994791) showing how to set up SPNEGO if the authentication is of type DB or ADS. But i cannot see how to do it if the authentication is of type ABAP.
  I have added the krb5principalname in to the config as per note 994791, but with type ABAP the Customized Information field (krb5principalname) is not coming up in User Creation/modification?
  Can anyone help?
  Thanks,
  Guy

  The only thing I know is that this is not officially supported by SAP.
  Up to SP11 there was said to be a workaround which I failed to implement myself as there was no help from SAP via OSS.
  Since SP12 in general SAP supports SpNego config by the new SPNego wizard only so I think the possibilities have become even less.
  But let me say: I have had the same problem as you have and I was not able to solve it.
  Sigi

• Setting up LDAP for authentication to portal:default property set named "ldap

  Hi
  I am trying to implement the LDAP authentication to WebLogic Portal .Iam went
  thru the docmentation ( http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).It
  mentions using the default property set named "ldap" and deploying ldapprofile.jar.My
  quenstion is:
  -Is there a way to look into the property using EBCC
  - Apart from deploying,configuring the ldapprofile.jar,do I have to do any additional
  steps in order to make my portal(say,stockportal) authenticate users from LDAP?
  -If a create my own portal,should I create a similar "ldap" property set?If so,how.
  Any suggestions/help is appreciated.Thanks
  - Mike

  Thanks Dave.
  "David Anderson" <[email protected]> wrote:
  You should be able to view the property set for LDAP through the EBCC
  if you
  have the propertysetws.jar installed in your Portal domain. This provides
  the ability for the EBCC to retrieve property set information from your
  server.
  Dave
  "mike" <[email protected]> wrote in message
  news:[email protected]...
  Hi Adrian
  Thank you for the pointers.Much appreciate it.However,one questionstill
  persists.
  What is the significance of the property set "ldap" mentioned in the
  document(http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).Where
  does this property set feature vis-a-vis setting up LDAP securityrealm;does it
  mater prior to/after the setting up as mentioned in the document pointeryou just
  gave .
  Is it sufficinet that i follow the procedure to set up the LDAP oris
  there more
  to post setting,like creating a property set (similar to "ldap" orcloning
  it)
  apaprt frpom deploying ldapprofile.jar.
  Thanks.
  - Mike
  "Adrian Fletcher" <[email protected]> wrote:
  Mike,
  The documentation that covers LDAP authentication is listed under
  Weblogic
  Server rather than Weblogic Portal.
  See Configuring the LDAP Security Realm in Managing Security
  (http://e-docs.bea.com/wls/docs61////adminguide/cnfgsec.html#1071872)
  Also take a look at the FAQ - Why can't I boot WebLogic Server whenusing
  the LDAP Security Realm?
  (http://e-docs.bea.com/wls/docs61//faq/security.html#25833)
  Hope this helps,
  Sincerely,
  Adrian.
  Adrian Fletcher.
  Senior Software Engineer,
  BEA Systems, Inc.
  Boulder, CO.
  email: [email protected]
  "mike" <[email protected]> wrote in message
  news:[email protected]...
  Hi
  I am trying to implement the LDAP authentication to WebLogic Portal.Iam
  went
  thru the docmentation
  http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).It
  mentions using the default property set named "ldap" and deployingldapprofile.jar.My
  quenstion is:
  -Is there a way to look into the property using EBCC
  - Apart from deploying,configuring the ldapprofile.jar,do I have
  to
  do any
  additional
  steps in order to make my portal(say,stockportal) authenticate usersfrom
  LDAP?
  -If a create my own portal,should I create a similar "ldap" propertyset?If so,how.
  Any suggestions/help is appreciated.Thanks
  - Mike

• SPNego authentication not working

  Hi,
  We are trying to configure SPNego and we are facing issues. We had done the configuration in another environment and it worked fine.
  I have checked the configuration at AD end and portal end multiple
  times and everything looks to be fine. Following is the error message coming in the logs.
  [JGSS_DBG_CTX] Client time Sat Feb 03 13:09:32 GMT 2007 too skewed
  13:04:05:373 Error Guest ~on_Thread[impl:3]_1 System.err org.ietf.jgss.GSSException, major code: 10, minor code: 37
  major string: Defective token
  minor string: Client time 03 February 2007 at 13:09:32 too skewed
  13:04:05:373 Error Guest ~on_Thread[impl:3]_1 System.err at com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java:5)
  at com.ibm.security.jgss.mech.krb5.k.a(k.java:896)
  at com.ibm.security.jgss.mech.krb5.k.a(k.java:6)
  at com.ibm.security.jgss.mech.krb5.k.b(k.java:231)
  at com.ibm.security.jgss.mech.krb5.k.acceptSecContext(k.java:1010)
  at com.ibm.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:30)
  at com.ibm.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:370)
  at com.sap.security.core.server.jaas.SPNegoLoginModule.doHandshake(SPNegoLoginModule.java:614)
  at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:322)
  at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:150)
  at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
  at java.security.AccessController.doPrivileged(AccessController.java:242)
  at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:172)
  at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
  at java.lang.reflect.Method.invoke(Method.java:391)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:699)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:151)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:634)
  at java.security.AccessController.doPrivileged(AccessController.java:242)
  at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:631)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:557)
  at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:142)
  at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:303)
  at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)
  at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
  at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
  at java.security.AccessController.doPrivileged(AccessController.java:242)
  at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
  at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
  at com.sap.portal.navigation.Gateway.service(Gateway.java:126)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
  at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
  at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:160)
  at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
  at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
  at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
  at java.security.AccessController.doPrivileged(AccessController.java:215)
  at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
  at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  Any help is highly appreciated.
  Many Thanks,
  Chandra

  Hi,
  per this part of the exception:
  minor string: Client time 03 February 2007 at 13:09:32 too skewed
  there seems to be a problem with the time syncronizations between the domain controller, the client system and the SAP NetWeaver system. Check that all system clocks are syncronized and have the correct time zone settings.
  Hope this helps,
  Yonko

• Error in visual administrator while implementing Spnego authentication sche

  hi,
  i have under gone all thease steps.
  for implementation of SPnego sceme on my portal.
  >downloaded SPnego wizad file from note specified.
  >unziped it and got .ear files
  >deployed those .ear files on my server.
  >now went for service user J2ee configuration  on visual administrator.
  >when i clicked on deploy and start button .
  >it asked me to browse file .
  >first .ear file was taken sucessfully.
  >in second file it give me this error message .
  ie>The directory D:\usr\.............\.....\   will be used for extracting the EAR file.the directory content will be deleated. please back up all usefullinformation from it
  >shall i click on ok and proceed further or not.
  please suggest me  what to do.

  Hi Sumit Bhargav,
  Based on the error message, it seems that the issue is related to NHivernate and MSBuild, but
  VS General Question forum discusses the usage issue of Visual Studio IDE such as
  WPF & SL designer, Visual Studio Guidance Automation Toolkit, Developer Documentation and Help System
  and Visual Studio Editor. In order to check where the issue is, could you please create a new and simple web application without having NHibernate, build it and clean the project?
  Whether the web application can be built successfully?
  If you get this error when you build or clean any solution, maybe you are experiencing the same issue 
  described here:
  http://stackoverflow.com/questions/26930376/how-to-fix-checkattributes-task-could-not-be-loaded-error-after-installing-v
  Please check whether the Microsoft.Web.Publishing.Tasks.dll assembly is located at
  C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v12.0\Web. If no, please copy it from somewhere else to this path. If you can’t get a copy of this assembly, I suggest uninstalling VS 2013 Update 4 or uninstalling and
  reinstalling all VS components.
  If the issue only occurs in the web app with NHibernate implement, then this issue is more related to the specific NHibernate implement in ASP.NET. I recommend consulting
  your issue on ASP.NET forum: http://forums.asp.net/
  Best regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Provide second level logon / password authentication in Portal.

  I would like to customize our portal using second level logon/password authentication for few of the pages/iviews.
  We have Single Sign on provided to portal so, user is not going to get logon page initially, once he gets into ESS Module where he has to see his /her personal information for which we are planing to ask user to enter his / her password or logout him if that is incorrect.
  please let me know if any one know if there is any inbuilt functionality already available in Portal.
  I am planing to write a Portal Compnent Project using Jspdynpage/PAR project.
  Thanks a lot.

  If you are using windows integrated authentication then what is the purpose of using logoff link.  You can hide it.
  The purpose of windows authentication is to directly logon with out furthur authentication.
  Eventhough you click logoff it will redirect again into the portal.
  If you still want to show logoff link then modify the masthead par file , so that when you click on the logoff button the browser will close. This you can do in Headeriview.jsp
  Otherwise you can redirect to the some other page after clickin the logoff link. Search in SDN for that.
  Raghu

• HTTP/SPNEGO Authentication

  Hi,
  Having read in posting [http://forums.sun.com/thread.jspa?threadID=5362388&tstart=15|http://forums.sun.com/thread.jspa?threadID=5362388&tstart=15] that "Sun's GSSAPI implementation (a.k.a. JGSS) can only generate and consume raw Kerberos tokens and SPNEGO tokens containing Kerberos tokens" I' still wondering why the getPasswordAuthentication() in class MyAuthenticator of Sun's [HTTP/SPNEGO example (2nd case)|http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/part6.html#Example] is not called upon starting the client without giving any arguments, i.e.
  java RunHttpSpnego http://www.ad.local/hello/hello.htmlFrom the server the client receives a
  WWW-Authenticate: Negotiateresponse, and the client should enter the HTTP/SPNEGO challenge/response protocol.
  To summarize, class MyAuthenticator looks like:
  class MyAuthenticator extends Authenticator {
          public PasswordAuthentication getPasswordAuthentication() {
              // I haven't checked getRequestingScheme() here, since for NTLM
              // and Negotiate, the usrname and password are all the same.
              System.err.println("Feeding username and password for "
                 + getRequestingScheme());
              return (new PasswordAuthentication(kuser, kpass.toCharArray()));
      }It should be called as a side effect of openConnection() upon executing the following code:
  Authenticator.setDefault(new MyAuthenticator());
  URL url = new URL(args[0]);
  InputStream ins = url.openConnection().getInputStream();
  ...My client environment is Windows Vista, Java 1.6.0_16, and the client is not a member of an Active Directory.

  Perhaps the issue is with this quote:
  "Sun's GSSAPI implementation (a.k.a. JGSS) can only generate and consume raw Kerberos tokens and SPNEGO tokens containing Kerberos tokens"
  I believe the HttpURLConnection class in JDK 1.6 can handle NTLM.
  Meaning, if you logon to your workstation as a domain user and run the java code, it is probably using NTLM.
  I recall noticing this when I put TCPMon between the workstation and the server.

• RDBMS Authenticator and Portal Admin

  In WLP 8.1, I created a RDBMS Auth and I can see the list of
  users/groups in the Weblogic Console. The Portal Admin's user/group
  page does not show any users except those authenticated by
  DefaultAuthenticator.
  Why is Portal Admin not showing the users ? In the previous version any
  custom auth (federated or non) showed the users/groups list on Portal
  Admin page. Where is the secret switch to add custom auths to the
  Portal Admin ?
  Is jad'n the only way to work with BEA's products ?

  For porting purposes, setting RDBMSAuth as # 1 (per Docs/Greg) and
  adding weblogic/portaladmin::Administrators/PortalSystemAdministrators
  does the needful.
  Gregory Smith wrote:
  Bhupi -
  Thanks for the feedback. We have been looking at this issue specific to
  the portal services for managing users/groups. I'll forward this message
  onto the team looking into this.
  Greg
  Bhupi wrote:
  Thanks Greg.
  Replacing the following element within the Security element in
  config.xml with RDBMS Auth should solve the problem but the default
  users/groups have to be in RDBMS (weblogic/portaladmin/...).
  <weblogic.security.providers.authentication.DefaultAuthenticator
  Name="Security:Name=myrealmDefaultAuthenticator"
  Realm="Security:Name=myrealm"/>
  The following use-case should be supported out-of box.
  If I change the default to RDBMS or LDAP, it should get the
  weblogic/portaladmin from the Default (the export dat from embedded
  LDAP listed them) if it does not find it in the custom ones.
  HOW >> Since the Security Providers can be stacked, a federated
  authenticator which should be the default, consider's the
  AuthenticationProvider's list instead of individual authenticators.
  <weblogic.management.security.Realm
  AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name=myrealmTwicsAuthenticator"
  I know this is another requirement but will make things much easier,
  specially for UUP scenarios.
  Gregory Smith wrote:
  Bhupi -
  The portal User/GroupManager services (which the admin portal
  utilizes) currently only support 1 Authenticator, generally the
  first, most-capable Authenticator listed. That's why you're seeing
  only the DefaultAuthenticator users and groups in the admin portal.
  There is some information about this in the upgrade guide
  (http://e-docs.bea.com/wlp/docs81/upgrade/index.html) under the
  Compability Domain chapter. More documentation is planned for in the
  coming months to better explain this.
  Greg
  Bhupi wrote:
  In WLP 8.1, I created a RDBMS Auth and I can see the list of
  users/groups in the Weblogic Console. The Portal Admin's user/group
  page does not show any users except those authenticated by
  DefaultAuthenticator.
  Why is Portal Admin not showing the users ? In the previous version
  any custom auth (federated or non) showed the users/groups list on
  Portal Admin page. Where is the secret switch to add custom auths
  to the Portal Admin ?
  Is jad'n the only way to work with BEA's products ?