Two-way forest trust between two (single domain) forests with multiple identical user ID's

Similar Messages

• Enabling Trust Between WebLogic Server Domains

  Hi everyone,
  We have two sites, each one running one WL 8.1 instance. The problem is that we have different users in each one, and they need to access both sites (using a RMI call).
  When the user is created in both sites, there is no problem. But we do not want to replicate all users in all sites.
  So this is what we are trying to do:
  Create the user in one site and enable trust between Weblogic Server domains (giving both sites the same password), so once one user is authenticated, the other site will not try to authenticate this user again. But since this user does not exist in the other site, he has no permission to do anything at all. Because of that we receive the following error message: "User a7ax does not have permission on br to perform lookup operation."
  Does anyone have any idea about how we can handle this, and enable the users to use other sites, without creating the user in both sites?
  Thanks in advance.
  Cesar

  In order to debug this issue you need to determine which kind of security has been applied on the web service deployed on remote weblogic server.
  Whether it requires username/password from the calling web service ?
  or it requires any kind of digital certificate from the calling web service etc......
  the most usual secnario where cross-domain security is required is as:
  If a user- Test calls a service- ServiceA on Weblogic Domain-domainA and provides its credentials and is authenticated properly.
  Then if this service requires to call another service -ServiceB on another Weblogic Domain - DomainB which is also secured then there should be a cross-domain trust should be enabled between the domains DomainA and DomainB so that the subject populated in the domainA can be transferred to DomainB.
  Now you should determine whether this is the secnario you are trying to achieve or it is something else.
  Also try to use the following debug flag in the DomainB where the provider service is deployed to get the exact reason why it is failing to verify the security check.
  -Dweblogic.DebugSecurityAtn=true
  This debug flag is enabled as JAVA_OPTIONS.
  Thanks,
  Sandeep

• How do I create a single PDF file with multiple pages?

  Hi, I occasionally need merge several jpg images into a single pdf file with multiple pages (one Jpg per page). I have tried doing this on Preview, and by selecting all the pages I want to include in my document and trying to save to Pdf through the "Print" function, but every time it only saves the first page.
  Can anyone tell me if there is a way to save multple-page pdf files without having to purchase a specific program (i to this too infrequently to justify the cost)?
  Thanks very much,

  This works for me...
  Open first image in Preview View > Sidebar. Drag the other images into Sidebar, then select all.
  From File menu > print selected images. Choose PDF > Save as PDF
  -mj

• Single proforma invoice with multiple deliveries

  Hi
  I would like to know how to create a single proforma invoice with multiple delivery numbers. Please let me know how?
  Thanks

  Apart from the above option, you can also use T-code VF04 i.e. Billing due list
  Regards,
  Sagar

• Using single SMB share with multiple Hyper-V clusters

  Hello,
  I'm trying to find out if I can use a single SMB share with multiple Hyper-V Clusters. Looking at:
  How to Assign SMB 3.0 File Shares to Hyper-V Hosts and Clusters in VMM
  I think it's possible. Since the File Server is going to handle the file locking it shouldn't be a problem.
  Has anyone tried that?
  Thank you in advance!

  Hello,
  I'm not sure that's possible, I get this from this statement:"Assign the share—Assign
  the share to a virtual machine host or cluster."
  Even if it worked I wouldn't do that. Why don't  you just create multiple shares?

• Single step workflow with multiple approvers (without using a group)

  Hi,
  is it possible to have a single step workflow with multiple approvers without using a group? This is for a contract document.
  i want to add a number of users based on particular logic. The approvers are random and do not belong to any particular group.
  DO let me know if it is possible or if any of you have done that.
  thanks in advance.
  regards,
  rubio

  Hi Rubio,
  I believe the behavior would be, if individual users are added as approvers then the system would require each approver to approve the document. However, if you use the user group, you could set the role so that it would be either ALL or ANY.
  Regards,
  Vikram

• Can I communicate single PXI chassis with multiple computer using MXI

  Can I communicate single PXI chassis with multiple computer using multiple MXI cards
  we are using cvi with MXI we want to share channels for other computers Can we do with mxi 

  Yes this is possible when you use a PXI controller.  Attached is a screenshot showing a possible configuration.
  Jacob K || Applications Engineer || National Instruments
  Attachments:
  PXIMaster.png ‏20 KB

• Single Weblogic Process with multiple databases

  Hi,
  Presently we are working with two seperate weblogic processes with for two different
  database schemes. The weblogic properties are defined differently in two weblogic.properties
  files.
  Is there a way to start weblogic in a single process so that it will work with
  two different DB schemes at runtime?
  Thanks,
  Danny.

  You have to use XA Driver which supports Distributed Transactions. This is
  supported from 6.0.
  Weblogic provides Type2 XA driver for Orcale and Oracle's Thin Driver
  Version 817 supports
  XA operations.
  Go through these doc's for more info:
  http://e-docs.bea.com/wls/docs61///adminguide/jdbc.html
  http://e-docs.bea.com/wls/docs61/////jta/thirdpartytx.html
  -krishna
  "Daniel Gordon" <[email protected]> wrote in message
  news:3b680f81$[email protected]..
  >
  Hi,
  Presently we are working with two seperate weblogic processes with for twodifferent
  database schemes. The weblogic properties are defined differently in twoweblogic.properties
  files.
  Is there a way to start weblogic in a single process so that it will workwith
  two different DB schemes at runtime?
  Thanks,
  Danny.

• Using a single itunes library with multiple iphones?

  My wife got an iPhone 3GS recently and I already have a 4S. I plan to use an existing iTunes install on a single PC to manage them both. I see that Apple support articles say it's worth keeping iTunes libaries separate (with separate Windows user accounts) when there are multiple iPhones using iTunes on one PC.
  I like to manually manage music, videos and podcasts in my iTunes library rather than use synching. I like the idea of having a shared pool of music, videos and apps for us both to use. I know apps that are purchased on my iPhone or my wife's are linked to a specific apple ID so that means if she transfers any apps that were bought on my phone originally, her phone will ask her for my apple ID password when they get updates. But sharing passwords with eachother isn't a problem.
  I can create a second user account for my wife easily, but I kind of have the feeling I'd prefer to share a single library as I say.
  Are there any other reasons I need to keep 2 user accounts and 2 iTunes libraries going when I manually manage the transfer of content?
  Cheers.

  MikeBelfast wrote:
  I can create a second user account for my wife easily, but I kind of have the feeling I'd prefer to share a single library as I say.
  Adn this can easily be done.
  Move your /Music/iTunes/ folder to a Shared directory (such as /Users/Public/ folder) and everyone can use this single library.
  Each user must quit iTunes before the other can open it.
  Just hold Shift, launch iTunes, select Choose library... and select the iTunes folder in the shared directory.
  The big advantage with separate Windows user accounts, data such as photos, calendars, emails, and everything else will be separate.

• Is Lightroom supported in a Active Directory domain environment with multiple users logging into a machine?

  We are a school district using an Active Directory environment.  We currently use other Adobe products with multiple users on different machines and it works fine.  If Lightroom does work in a domain environment what are the required local user permissions needed for it tor work properly?  Thanks!

  Lightroom is not a multiuser program. It is required that the catalog is located on a hard drive that is local to the machine accessing it. There are no workarounds.

• GR Printing For Single Line Item With Multiple Account Assignment.

  Hi All,
  There is PO for projects (Account Assignment -P - Network) in which in a single item consist of multiple account assignment.
  Noe while entering the GR I select "Collective Slip" option but when the GR is posted system automatically select option "Individual slip" and seprate line item are printed for each account assignment.
  The printing program is standard SAPM07DR. The SAP version is 4.7. Can anyone tell what is ther any setting in configuration or is it problem in program or smart form
  Thanks & Regards,
  Omkar

  hi
  please check your form and routine used to print.

• Can we bind a single external table with multiple files in OWB 11g?

  Hi,
  I wanted to ask if it is possible to bind an external table with multiple source files at same or different locations? Or an external table has to be bound to a single source file and a single location.
  Thanks in advance,
  Ann.
  Edited by: Ann on Oct 8, 2010 9:38 AM

  Hi Ann,
  Can you please help me out by telling me the steps to accomplish this. Right click on the external table in project tree, from the menu choose Configure,
  then in opened Configuration Properties dialog window right clock on Data Files node and choose from menu Create -
  you will get new record for file - specify Data File Name property
  Also link from OWB user guide
  http://download.oracle.com/docs/cd/B28359_01/owb.111/b31278/ref_def_flatfiles.htm#i1126304
  Regards,
  Oleg

• Single VPP purchase with multiple configurators

  Can a single VPP purchase be used with multiple configurators(each with different apple ids).

  This works for me...
  Open first image in Preview View > Sidebar. Drag the other images into Sidebar, then select all.
  From File menu > print selected images. Choose PDF > Save as PDF
  -mj

• Synchroniz​ing two counter frequency inputs with multiple analog inputs

  Hello all,
  I'm fairly new to LabVIEW and I'm trying to collec​t data from multiple sources with synchronized tim​ing on the acquisition but I'm having trouble figu​ring it out. My problem is that I've got two count​er frequency inputs, one optical tachometer readin​g one pulse per revolution, and a max machinery fl​ow meter with a k factor of 12000. I can't seem to​ figure out how to sync the timing with my multiple analog inputs. I've be​en attempting to get the tachometer  to sync with ​the analog inputs first by following the example l​inked here. (https://decibel.ni.com/content/docs/DOC-10785) So far each time I run it I either get a timeout e​rror on the DAQmx read or a "Multiple sample clock​ pulses were detected" error (see attached image).  It seems if I slow the sampling rate way down to ​say 10 hz and ensure that the tachometer signal is​ over 800-1000 RPM (13-17 Hz) before starting the VI then the program will run without errors until ​the RPM drops below that threshold then the "Multi​ple sample clock pulses" error occurs.  The code is attached below.
  Does anyone know of a more effective way of syncin​g counter frequency inputs with analog inputs?  I'd like to have a VI that can show 0 RPM (and ev​entually 0 flow as well, but I think I need to fig​ure out the timing of one counter before I add ano​ther as it seems I can't have two counters in the ​same task). Any help on this would be greatly appr​eciated.
  LabVIEW version 13.0
  cDAQ-9178 Chassis with NI 9401 for the two counter inputs and NI 9205 for the analog inputs.
  Thanks!
  Richard
  Solved!
  Go to Solution.
  Attachments:
  SimpleDAQ.vi ‏44 KB
  LV_Error.JPG ‏31 KB

  Maybe third times the charm? 
  So I've finally got a good handle on why the VI is having problems at low RPM though I'm somewhat embarassed how long it took me to do that
  Because I have the counter time synced to my Analog input task if it doesn't see at least two pulses between the two clock pulses set by the analog input task I get the -201314 "Multiple sample clock pulses" error. This seems fine at first as it just sets a minimum RPM that I can measure and it's well below the area I'm interested in so no problems there.  I tried a simple error handler that would clear the error when it happend assuming the loop would keep iterating until the RPM went above that minimum at which point I would get a signal again. This is not the case, the read function just continues to spit out the -201314 error even after the RPM is back in the readable range. So then I tried adding two case structures so that when the error occured it would stop the task, clear the error, and then start the task again on the next loop iteration (Code Attached). This also doesn't work as the error shows up again on the stop task and then AGAIN on the start task on the next loop iteration. It seems this error is not actually being cleared and once it happens it stays with the task regardless of what the error cluster is carrying. 
  Anyone have any ideas?  The only solution I can think of is to just clear all tasks and recreate them each loop iteration until the RPM is readable again but that strikes me as a horribly clunky solution.
  Richard 
  Attachments:
  SimpleDAQ_1_Start Stop.vi ‏48 KB

• Single Sign-on with Multiple Servlets and JSPs

  I am in the midst of attempting to logically tie together a number of our
            web applications under a single sign-on "umbrella". What we want is the
            following: for any n applications a user may have access rights for up to n
            of them. Once signed in, she has rights to visit any app to which she has
            permissions as long as her session is valid. Unfortunately, I'm having
            trouble seeing how to make this work given the documentation that I have.
            I've read thru the newsgroup in search of a solution, but I haven't seen
            anything geared toward this specific approach.
            Currently, each "application" (servlet) has a list of valid users via ACLs
            (we've implemented a RealmExtender, so we're not going via props file
            entries), and we let the browser pop-up window enforce the sign-on. This
            has worked exactly as we wish (single sign-on, etc.), for testing, but we'd
            really rather have our own form-based sign-on for production.
            To that end, we've done the following:
            1) implemented a JSP form-based sign-on (basically ripped off from the
            example provided by BEA), which does a "ServletAuthentication.weak()" check
            to confirm identity.
            2) placed the following code (essentially) within the service() method of
            our servlet superclass, which I thought would force another check. My
            intention is to disallow the user from "jumping into" an app thru a
            shortcut, and thereby bypassing security.
            HttpSession session = request.getSession(true);
            if (session.isNew()) {
            response.sendRedirect(welcomeURL);
            However, we can't get the form-based approach to mimic the functionality of
            the default browser pop-up: the sign-in doesn't seem to "follow" the user
            the way it did with the pop-up. Instead, when I come in thru our login
            page, the browser pop-up is still appearing when I click the link for an
            app for which to which I have permissions.
            Is the default browser pop-up doing something different that I should know
            about? Seems like this should be simple to do, but it's surprisingly subtle
            (or maybe I'm just clueless).
            TIA
            

  Well, if you want to hear my personal opinion:
  better stick to the cookie specification (http://wp.netscape.com/newsref/std/cookie_spec.html) and accept the constraint that cookies will only be send to domains that tail-match the domain-constraint specified in the set-cookie http response.
  Although this specification is not an official internet standard most browsers are implementing the cookie mechanism according to this specification.
  Unfortenately there's no option to specify that a cookie should be send to a list of servers and/or sub-domains.
  However one physical server can have multiple (FQDN) hostnames. So if you intend to send the cookie to a group of servers the best approach is to create a new (DNS) (sub-)domain exclusively for those servers.
  Theoretically (and also practically) it is possible to set cookies for multiple domains (by using a webservice that will set cookies on request of a caller). But that approach is dangerous:
  (1) not the server but the http client is defining the content of the cookie (= part of the http server response)
  (2) (unintended) many servers can obtain the cookie which will be send to all servers that reside in all (tail-matching sub-)domains; although most likely only one or two servers of each domain are intended recipients
  Regards, Wolfgang