Use of JAAS in WLS6 for sngle logon

Similar Messages

• Need help with two-factor auth for windows logon using CSS

  Hi all,
  I have been trying for a couple of days now to get two-factor auth for windows logon working on my X1C Type 3443.
  I am running Windows 7 (64-bit) with Lenovo System Update 5.06.0007, Lenovo Solution Center 2.6.001.00, ThinkVantage Fingerprint Software 5.9.9.7282, ThinkVantage Client Security Solution 8.30.0031.00. If it's of any importance, my X1C was originally shipped with Windows 8, but I couldn't stand it and reinstalled Windows 7 instead.
  I have uninstalled and reinstalled the above programs in the following order:
  1) Install System Update and reboot
  2) Install Solution Center and reboot
  3) Install CSS and reboot
  4) Install Fingerprint Software and reboot
  Everything seems to be working fine by itself, except that when I try to configure two-factor auth in CSS, the Fingerprint tab (on the left of the GUI) is greyed out and CSS tells me that I have no fingerprints enrolled. The Fingerprint Software, however, is working just fine and shows me as having a fingerprint enrolled there.
  I have spent all morning searching for a solution, but everything I find dates back to 2011, when ThinkPads still came with ThinkVantage Toolbox. I obviously can't download that anymore, so I'm at a loss. Can someone please help? Thanks!
  Candace

  Hi all,
  I have been trying for a couple of days now to get two-factor auth for windows logon working on my X1C Type 3443.
  I am running Windows 7 (64-bit) with Lenovo System Update 5.06.0007, Lenovo Solution Center 2.6.001.00, ThinkVantage Fingerprint Software 5.9.9.7282, ThinkVantage Client Security Solution 8.30.0031.00. If it's of any importance, my X1C was originally shipped with Windows 8, but I couldn't stand it and reinstalled Windows 7 instead.
  I have uninstalled and reinstalled the above programs in the following order:
  1) Install System Update and reboot
  2) Install Solution Center and reboot
  3) Install CSS and reboot
  4) Install Fingerprint Software and reboot
  Everything seems to be working fine by itself, except that when I try to configure two-factor auth in CSS, the Fingerprint tab (on the left of the GUI) is greyed out and CSS tells me that I have no fingerprints enrolled. The Fingerprint Software, however, is working just fine and shows me as having a fingerprint enrolled there.
  I have spent all morning searching for a solution, but everything I find dates back to 2011, when ThinkPads still came with ThinkVantage Toolbox. I obviously can't download that anymore, so I'm at a loss. Can someone please help? Thanks!
  Candace

• Error in the configuration for sap logon tickets

  Hi Forum,
  I use Tcode crmd_order_bp to see the BP cockpit and the error message displays as
  <b>Error in the configuration for SAP logon tickets</b>
  But if I click "Yes", system displays cockpit.
  How can I avoid this error.
  Thanks in advance
  Regards
  Shridhar

  You will still need to configure SSO (either by logon ticket or username/password). The data source access is done using the username/password configured in the UM Config dialog box.
  I can see where you're coming from with your thinking, however logon-ticket-based SSO is probably the best approach.
  Cheers,
  Darren.

• Report sometimes prompts for database logon prior to execution

  I have installed the Crystal Reports Integration Addon on our system and it works correclty for users on our terminal services server.  But when I installed it on a user's PC running Windows XP, when I go to execute an existing report, the Runtime viewer launches, and then displays a Database logon panel with the Server field filled in, the database field is blank, and the SA user and password fields are populated, and I get an error that says logon failed.  I type in the SA user id and password, but get the same error.
  If the same user logs onto the TS server, the runtime viewer launches correctly and the report prompts for input, then displays the appropriate data (no database logon is requested). But if it runs at that user's workstation, the viewer launches, and then prompts for database logon.
  We are running SAP 2007A SP00 PL47, CR Basic 2008 for SAP Business One, and the runtime viewer is Crystal Reports 2008 Runtime SP1. version 2.0.0.7

  Hi Bruce,
  I am not sure what the problem is.
  The only workaround I can think of is to change the Integrated Security in the report to true. This means that you will be using Windows Authentication as opposed SQL Authentication. This will not prompt for SQL username and password.
  Usually this is NOT an ideal process as you will have to Add each and every Windows user in the SQL Database you are trying to access. For example, you have to add DOMAIN_NAME\User_Name under the Database Properties.
  I am not sure what the minimum security you need to run the report. You will try a few different options and see what works best for you. Avoid permissions that would give users ability to write to the SQL database.
  Again, I know this is not ideal. But I am not sure what else can be done here.
  Krishnan

• Being Asked for Database Logon Twice

  I am using VS2010 and have created a webpage to display a report.  I load up a report using a stored procedure into the Viewer.  When I click to export the report, it wants to open up another window and then asks for the logon information again.
  Below is the code that I am using.  It gets the right results.
              ReportDocument rpt = new ReportDocument();
              rpt.Load(MapPath("CheckReport.rpt"));
              TableLogOnInfo logonInfo = new TableLogOnInfo();
              foreach (CrystalDecisions.CrystalReports.Engine.Table crtable in rpt.Database.Tables)
                  logonInfo = crtable.LogOnInfo;
                  logonInfo.ConnectionInfo.DatabaseName = "BankRec";
                  logonInfo.ConnectionInfo.ServerName = "XXXXX";
                  logonInfo.ConnectionInfo.UserID = "XXXXX";
                  logonInfo.ConnectionInfo.Password = "XXXXX";
                  crtable.ApplyLogOnInfo(logonInfo);
              rpt.SetDatabaseLogon("BankRec", "XXXX", "XXXXX", "XXXX");
              rpt.SetParameterValue("@BankAcct", cboBankAcct.Text);
              rpt.SetParameterValue("@MonthEnd", txtMonthEnd.Text);
              int exportFormatFlags = (int)(ViewerExportFormats.PdfFormat | ViewerExportFormats.ExcelFormat | ViewerExportFormats.ExcelRecordFormat |
                  ViewerExportFormats.XLSXFormat | ViewerExportFormats.CsvFormat);
              CrystalReportViewer.AllowedExportFormats = exportFormatFlags;
              CrystalReportViewer.Visible = true;
              CrystalReportViewer.HasCrystalLogo = false;
              CrystalReportViewer.ReportSource = rpt;

  I may have solved my problem.
  I did not realize that it would call the page load event.
  I added a call to the method and it seems to be working now.
  If there are any ideas or I'm doing this wrong, please let me know.

• Prompting for Database logon

  Hi all,
  I hardcoded the database logon credentials for a report on CMC and selected " Use the same logon Details when you run". But when i am running the report on Infoview it is prompting for Database logon credentials. I dont want the user to be prompted for logon credentials when he runs the report from Infoview. Is there any other configuration do i need to do on CMC side. I have few other reports running on the same database, when we run those reports it is not asking for logon credentials. It is asking for only that specific report.
  Any ideas would be greatly appreciated.
  Environment: BOXI3.1, Crystal Reports 2008 and SQL server 2005.
  Thanks and Regards
  Sudharsan.

  Moving to BOE forums

• Setting the default resolution for sap logon

  Hi, ALL!
  I'm terribly tired of SAP interface. It's so uncomfortable for work.
  For example maybe you know khow to set the default resolution for sap logon to make it use its widgets of proper size. e.g. when i work with transfer rules, it has only half of screen for useful area (i use 1400x1050), and right part is just empty, but on the left very many small fields and you should constantly use scrollbars (i think you know it well). Maybe there is system customizing for this purpose.

  Hello Dmitry,
  There is no customizing for this - atleast to my knowledge.
  However, you should have to redo the settings again and again unless you are continuously re-sizing the main window.
  Cheers
  Aneesh

• Security Approach and Plan for single logon for Essbase and Reports.

  Please any one can suggest me, how can I do the Security Approach and Plan for single logon for Essbase and Reports by using Maxl or Administrator.If any one have code,please forward to my email Id: [email protected]

  Once you are logged in to the "Hyperion Portal" as you call it, your user credentials are automatically passed among all the components. Therefore, a lot of the logic you created to pass credentials between BQY files in a desktop environment are no longer needed.

• How to suppress License Information for multiple logon screen?

  Hi,
  While LOGIN we will get "License Information for multiple logon screen" will displayed.
  How to suppress that screen.
  Regards,
  Bala

  >
  bala virupaksha wrote:
  > Hi,
  >
  > While LOGIN we will get "License Information for multiple logon screen" will displayed.
  > How to suppress that screen.
  >
  > Regards,
  > Bala
  and why would you want to do that?
  does your contract with SAP say, that you may use multiple logins for free? would SAP's contract-issue department agree that -in your case- it's not necessary to record multiple logins?
  have you read this part of the SAP license policy?
  SAP gives express notice that the accessing of a system by more
  than one person using one and the same named user constitutes
  a breach.
  tell me this does not apply to you ...

• Using oc4j Jaas with external user-base

  Hi,
  Im evaluating the possibility of migrating my application from BEA Weblogic 7.00 to Oracle9iAS. I Use OC4j 9.0.3 for the migration proof.
  My Weblogic application uses a LoginModule, written by us which access our existing user-base (stored in an rdbms).
  We use proprietary Principal classes and update the Subject when a login 'transaction' is committed.
  Our EJB code (which is the resource we want to protect) includes role definitions and the specific weblogic deployment-descriptors includes mapping between the roles defined in the ejb dd and the principal names we return with the login-module.
  I have some questions:
  1. How can i perform a similar mapping (propriatary principal names to ejb roles), do i have to declare all those principals in jazn.data?, where do I have to declare them?
  2. Can i disregard the UserManager concept?
  3. Do i have to implement a LoginContext on my own?
  4. Do I need to explicitly call LoginCOntext.login in my login code or is it automatically done (please elaborate)?
  5. Do i have to keep using RealmLoginManager along with my LoginModule?
  6. Where is the preferable place for putting the login module (application’s ear file?)
  7. Can i use any LoginModule which simply implements the JAAS LoginModule interface?, are there any specific oracle behavior/requirement i should know about?
  8. What is the class name for the JAZN class which serves as the default LoginContext?
  Note: I dont want to integrate with OID or manage the user-base using Oracles JAZN-XML, i want to simply integrate with my own existing user authentication data and use it for authorizing calls to EJBS.
  Thanks in advanced,
  Yuval.

  sorry for delay in repsonding.
  I only use my LDAP directory to manage poeple and groups but not organisational units.
  When a user logs in using BPM, you view the details for a person in process administrator or view a groups members etc that information is then stored in the bpm database. That information is refreshed whenever the directory service is polled. The frequency of this is determined by the value of 'Directory Polling Interval' set under the Other tab of your engine.
  I don't belive the user passwords etc are stored in the bpm database only meta information about people and groups and therefore your directory service must be available whenever a user tries to login to workspace etc.
  Hope that helps,
  Mike.

• How to satisfy "Waiting for user logon" requirement for multiple machines

  Let me preface this by saying I know the "real" solution is to make my package run whether or not a user is logged on, but here me out.
  I have some packages that someone else builds where they're set to only run when a user is logged on, which then in Monitoring builds up quite a few "waiting for user logons" since some machines go unused for a week at a time.
  Is there any slick way to get around that?  or to have a script which logs on to a list of machines then logs off after say 10 minutes so the SCCM installs can occur?

  if you are worried about packages deploying to user machines irrespective of logged in or not,why dont go with program settings 'whether or not used logged in' instead of choosing 'only when user logged in' and try for other alternatives to install app
  .'whether or not used logged in' will straight away install the applications for you .
  Eswar Koneti | Configmgr blog:
  www.eskonr.com | Linkedin: Eswar Koneti
  | Twitter: Eskonr

• Check for the logon message server

  Hello All,
  in order to ensure the advantages of the load balancing we want to check if the user has used the message server for the logon to the SAP system. There is the function module EXIT_SAPLSUSF_001 that is called after each logon and we could implement this functionality there.
  The problem is that we can check only the current host (sy-host) of the user session, but we can not distinguish whether the user used the application server directly or was sent to this server within load balancing functionality.
  Do you have an idea / experiences for this issue?
  Any suggestions would be appreciated,
  Best Regards,
  Kirill

  Hi,
  You can develop your own check and use user-exit in CO-PA (COPA0005 enhancement).
  Regards,
  Eli

• Smart card required for interactive logon

  Hi ,
  what is the meaning of these in AD. These options are available in user properties in the Account TAb.
  1-Smart card required for interactive logon.
  2-Account is trusted for delegation
  3-Account is senstive cant be delegated
  4-Use kerberos DES
  5-Dont Require Kerberos
  Regards
  Anil

  Hello,
  You will have to logon to domain using a Smart Card. Interactive logon: Require smart card
  Allows a service running under this account to perform operations on behalf of other user accounts on the network. A service running under a user account (otherwise known as a service account) that is trusted for delegation can impersonate a client to gain
  access to resources on the computer where the service is running or to resources on other computers
  You can use this option if the account, for example a Guest or temporary account, cannot be assigned for delegation by another account.
  Provides support for the Data Encryption Standard (DES). DES supports multiple levels of encryption.
  Provides support for alternative implementations of the Kerberos protocol.
  For a full explanation refer to below links:
  Understanding User Accounts
  Delegating authentication
  Regards.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Use custom JAAS LoginModule without UME - possible?

  Hi all,
  I want to deploy an application that internally makes use of JAAS to authenticate users. There is a LoginModule that authenticates users against some database tables containing all the user data and profile. The application was not designed to be deployed to NetWeaver. So it does not make use of UME or some other NetWeaver specific feature. Actually it handles user management and authoroization issues completely on its own. The only reason for having JAAS is to allow customers to plug in their own LoginModule to use some other kind of user store.
  When deploying the web application to a simple servlet engine like Tomcat, all I have to do is to register my LoginModule in the "jaas.conf" file that is parsed by JAAS default implementation. I also tell the JVM where my jaas.conf file is located by appending a "-Djava..." runtime parameter to the JVM startup script.
  When using other application servers like IBM WebSphere things become a bit different. Normally you use the administration GUI of that server to configure your LoginModules. WebSphere for example keeps the login configuration in an internal database rather than writing everything into a "jaas.conf" text file. But the way the application can use the LoginModule is the same as in Tomcat.
  But when it comes to Netweaver, it seems to me that it's not possible to define a LoginModule that your application can use WITHOUT having to couple it tightly to UME. Or did I get something wrong? Initially I've tried to modify the JVM's parameters (using SAP J2EE Config Tool) to include the location of my "jaas.conf" file containing the my login configuration. But that did not work. The parameter was really passed to the JVM but anyway my LoginModule was not found, I guess that NetWeaver has some own implementation of the JAAS interfaces that just ignore the plain text JAAS configuration files (like WebSphere also does).
  The documentation that I have downloaded from SDN doesn't seem to match the 6.4 sneak preview version that I just downloaded some days ago. They say you should deploy your LoginModule as a library and add a refernce to the application. I tried that out but it did not help. The login configuration that the application wants to access is still not found. Actually there seems to be no way to specify the name for a JAAS Login Configuration in NetWeaver. At least I cound not find that in the documentation.
  So basically my question is: is it possible to deploy an application that wants to use some own LoginModule (either deployed separately or together with the application, that does not matter) without making use of Netweaver specific features like UME? The application has its own user management infrastructure and just needs a way to setup a JAAS Login Configuration to access its own LoginModule.
  Thanks for any reply
  Henning

  http://help.sap.com/saphelp_nw04s/helpdata/en/3f/1be040e136742ae10000000a155106/content.htm

• Facetime keeps asking for my logon when i start up

  Everytime I reboot or start up Facetime asks for my logon .. I have vere used facetime   I have no interest in facetime in fact I would even like to recover the storage space this useless ap takes up

  Never empty the Trash in the shell (Terminal.)
  1. Triple-click the line below to select it:
  ~/.Trash
  2. Right-click or control-click the highlighted line and select
  Services ▹ Show Info
  from the contextual menu.* An Info dialog should open.
  3. The dialog should show "You can read and write" in the Sharing & Permissions section. If that's not what it shows, click the padlock icon in the lower right corner of the window and enter your password when prompted. Use the plus- and minus-sign buttons to give yourself Read & Write access and "everyone" No Access. Delete any other entries in the access list.
  4. In the General section, uncheck the box marked Locked if it's checked.
  5. From the action menu (gear icon) at the bottom of the dialog, select Apply to enclosed items and confirm.
  6. Close the Info window and test.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard (command-C). Open a TextEdit window and paste into it (command-V). Select the line you just pasted and continue as above.