User authentication a good use?

Similar Messages

• User authentication errors

  I have the following set up as a very basic user authentication system (without using databases):-
  * a html file using forms to enter the username and password
  * a jsp file which contains the following:
  <jsp:useBean id="login" scope="page" class="login" >
  <jsp:setProperty name="login" property="*" />
  </jsp:useBean>
  <HTML>
  <head>
  <title>Processing login request</title>
  </head>
  <h1>Login request</h1>
  <%
  String name = request.getParameter("Username");
  String passwd = request.getParameter("Password");
  String result = login.loginUser(name, passwd);
  if (result.equalsIgnoreCase("validuser"))
  %>
  <jsp:forward page="Anypage.htm"/>
  <%
  else
  %>
  <h2>Invalid username / password</h2>
  <%
  %>
  </body></html>
  * and finally a java file which contains the following:
  import java.io.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import java.util.*;
  public class login
  //the arrays names and password should have the same number of entries
  private static String[] names = {"Bob", "Bill"};
  private static String[] password = {"a1357", "b9876"};
  public String loginUser(String name, String passwd)
  boolean user = false; //assume the username is not valid
  int j = 0;
  for (j = 0; j < names.length; j++)
  if (name.equalsIgnoreCase(names[j]))
  user = true;
  break;
  //check for password
  if (user)
  if (passwd.equalsIgnoreCase(password[j]))
  return "validuser";
  return "invaliduser";
  My problem is this. When I enter any username and password, I get the following errors.......
  Error: 500
  Location: /jsp/ass1result.jsp
  Internal Servlet Error:
  org.apache.jasper.JasperException: Unable to compile class for JSPH:\tomcat\work\localhost_8080%2Fexamples\_0002fjsp_0002fass_00031result_0002ejspass1result_jsp_0.java:60: Class jsp.login not found.
  login login = null;
  ^
  H:\tomcat\work\localhost_8080%2Fexamples\_0002fjsp_0002fass_00031result_0002ejspass1result_jsp_0.java:63: Class jsp.login not found.
  login= (login)
  ^
  H:\tomcat\work\localhost_8080%2Fexamples\_0002fjsp_0002fass_00031result_0002ejspass1result_jsp_0.java:68: Class jsp.login not found.
  login = (login) Beans.instantiate(this.getClass().getClassLoader(), "login");
  ^
  3 errors
  can anyone tell what is wrong and recommend how I fix it? Thanks.

  Make sure you that the file login.java is in your WEB-INF/classes directory and then import the class into your jsp page using the <%@page %> directive:
  i.e
  <%@page import="login" %>
  Also, it isn't a good idea to use a variable with the exactly same name as one of your classes. Captialise the first letter in your class names.
  For instance use:
  public class Login()
  rather than:
  public class login()
  So that you can then code:
  Login login = new Login();

• Bypass user authentication

  We have setup Proxy 3.6 for user authentication through LDAP (using Directory Server 5.1). We need to bypass authentication for certain URLs. While we have achieved this using regular expressions, there are some sites using images, scripts etc from other external URLs and so we get prompted to enter username/password. Of course we can create new regex for these external URLs also, but the question is: if there is a more elegant way to avoid this i.e. when we visit such a URL to get all the content without bothering about external links etc.
  Thx

  This is not a security leak but a configuration issue. If the client utility and the ACS, ADS database is correctly configured then you will not see any issues.

• Use Microsoft Online Directory Services as a user authentication provider for our own SharePoint farm?

  Hi,
  I've managed to configure my farm so that  Microsoft Online Directory Services (Office 365 etc.) can be used for STS authentication, but what I'm actually trying to do is allow user authentication - that is, I'm hoping to be able to use the user's
  O365 credentials to authenticate them in my own farm so they can view certain parts of it. If I need to write my own login form or authentication provider or whatever that's fine, as long as the user doesn't need to enter anything when they access my farm
  (provided they already have cached O365 credentials in their browser session).
  FWIW I actually need to be able to support the possibility that users are coming from multiple O365 tenancies, whereby each site collection will be configured to allow users from a different O365 tenancy (more or less).
  If it's not possible to do with my own development farm on a PC, it is possible if the farm is hosted in Azure?
  Thanks
  Dylan

  Hi  Dylan,
  According to your description, my understanding is that you want to use Microsoft Online Directory Services as a user authentication provider for your SharePoint farm.
  For your demand, you can configure a hybrid topology for your SharePoint farm:
  http://technet.microsoft.com/en-us/library/jj838715(v=office.15).aspx
  http://technet.microsoft.com/en-us/library/dn197168(v=office.15).aspx
  Thanks,
  Eric
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
  contact [email protected]
  Eric Tao
  TechNet Community Support

• Using Proxy User Authentication in Sql Developer

  Hi!
  Is it possible to use proxy user authentication in SQL Developer? I'm thinking that if I'm clever enough, I can craft a custom jdbc URL that will allow my users to proxy authenticate into my Oracle 10gR2 database while using SQL Developer.
  Unfortunately, I'm not feeling all that clever. ;)
  Can anybody help me out here? Is it even in the realm of possibility?
  Thanks!
  Kevin Ferlazzo
  DBA
  VA Department of Juvenile Justice

  I found the possibility that proxy authentication of both accounts can be enforced:
  SQL> alter user appuser grant connect through personaluser AUTHENTICATION REQUIRED;
  I guess that this is the motivation for implementing the 2-session proxy connection method in SQL Developer.
  Regards,
  Martin

• Default Privilege Level for ASA users authenticated by Radius or TACACS when using ASDM

  Hello,
  I'm trying to figure out what the default privilege level is for users that are authenticated to the ASA via a remote authentication server when using the ASDM.
  the command "aaa authentication http console TACACS+ LOCAL" is used in the ASA config.
  The remote server is NOT setting any privilege levels for users.  There are also no aaa authorization commands present in the config.
  So what privilege level do the users receive when they login with the ASDM?  I'm being told that the users receive admin access which includes config write, reboot, and debug.  But I cannot find any documentation stating hte default level.
  Please advise.  And providing links to cisco documentation would be great too.
  Thanks,
  Brendan

  Hi Berendan,
  Hope the below exerpt from document clarifies your query. also i have provided the link to refer.
  About Authorization
  Authorization controls access per user after users authenticate. You can configure the security appliance to authorize the following items:
  •Management commands
  •Network access
  •VPN access
  Authorization controls the services and commands available to each authenticated user. Were you not to enable authorization, authentication alone would provide the same access to services for all authenticated users.
  If you need the control that authorization provides, you can configure a broad authentication rule, and then have a detailed authorization configuration. For example, you authenticate inside users who attempt to access any server on the outside network and then limit the outside servers that a particular user can access using authorization.
  The security appliance caches the first 16 authorization requests per user, so if the user accesses the same services during the current authentication session, the security appliance does not resend the request to the authorization server.
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/asdm60/user/guide/usrguide/aaasetup.html
  Regards
  Karthik

• What is the option client certificate for user authentication used for?

  Hi All,
  I have to work on a FTPS - XI -SAP scenario.
  I can see an option for client certificate for user authentication when security is enabled for the FTP adapter. what exactly is this option used for?
  P.S: I went through sap help but couldnt quite understand.

  Thanks a lot Mark.
  So for a FTPS -> XI -> SAP scenario the following settings are required.
  1. I have to create a certificate in Visual Admin for the XI server , send a csr to a CA and get it signed by them, and i have to add this to the ssl_service view.
  2. I have to hand over the public key to the FTPS server & this key will be used for encryption of the file
  the above 2 steps are mandatory.
  If i choose to use the client certificate option , i have to get the client certificate from the FTPS server and add it into the TrustedCAs list. This certificate is just to imply that the client is what it claims to be.
  Will this certificate be used for encryption?
  To make it clear let me put it this way. The certificate created in the XI Server is used for encryption and also for ascertaining that the its what it claims to be.
  The clients certificate option is used only to make sure that the client is what its claiming to be & this is not used for encryption?

• User Authentication using Servlet and JSp

  Hi,
  I am developing a web app where i need to implement user Authentication to allow members to view and upload files on a certain directory say /data
  For this i am using a servlet as a controller which then forwads request to other jsps/servlets based on user response. I tried using servlet mapping in web.xml so that all browser requests would be directed to controller servlet and would branch from there on. However the problem all RequestDispatcher.forward() requests redirected to the servlet putting it in a loop.
  Is there another way to achieve this. (Apart from using form-based Basic Authentication).
  I am using Resin 1.2.8 servlet/jsp container.
  Any response as soon as possible would be appreciated.
  Thanks,
  Kushagra

  RequestDispatcher.forward() cause the HTTP request to be sent through the request processing flow as if the original request for the resource being forwarded to.
  It seems the servlet mapping you are talking about in web.xml should be made more specific. i.e. the mapping should be such that only your so called controller servlet will match up.
  You might want to specify the mapping for the controller servlet to be noticeably/effectively different from the mapping for other servlets and JSPs.

• User!UserID when using custom Authentication in SSRS2012

  We are using FormsAuthentication with SSRS2012 for our custom authentication in SSRS2012.
  What SSRS code determines User!UserID report expressionwhen using a custom authentication provider?
  I ask this because if the FormsAuthCookie.UserName determines the User!UserID value, then I need to use a more unique value than FirstName/LastName when building the forms auth cookie.
  thanks
  scott

  Hi scott,
  UserID is the ID of the user running the report. If you are using Windows Authentication, this value is the domain account of the current user(Domain/username).
  The value of User!UserID is determined by the Reporting Services security extension, which enables the authentication and authorization of users or groups; that is, it enables different users to log on to a report server and, based on their identities,
  perform different tasks or operations.
  By default, Reporting Services uses a Windows-based authentication extension, which uses Windows account protocols to verify the identities of users who claim to have accounts on the system. Reporting Services uses a role-based security system to authorize
  users. The Reporting Services role-based security model is similar to the role-based security models of other technologies.
  WorkFlow about authentication and authorization occur as follows:
  https://msdn.microsoft.com/en-us/library/ms152825.aspx
  The user credentials are submitted to the Reporting Services Web service through the
  LogonUser method.
  This member of the Reporting Services Web service can be used to pass user credentials to a report server for validation. Your underlying security extension implements
  IAuthenticationExtension.LogonUser which contains your custom authentication code. In the Forms Authentication sample,
  LogonUser, which performs an authentication check against the supplied credentials and a custom user store in a database. An example of an implementation of
  LogonUser looks like this:
  https://msdn.microsoft.com/en-us/library/ms152899.aspx
  If you still have any problem, please feel free to ask.
  Regards
  Vicky Liu
  If you have any feedback on our support, please click
  here.
  Vicky Liu
  TechNet Community Support

• Function Module used for user Authentication in B2B webshop

  Hi Gurus,
  Can someone please help me in finding a Function module which is getting called for the user authentication in B2B webshop and where can i find this class file which is getting called in the NWDS?
  Thanks
  Saurabh

  Depending upon if you are coming from Portal (SSO) or B2B logon screen, one of the following function modules is called to authenticate authorize the B2B application usage.
  CRM_ISA_IUSER_LOGIN
  CRM_ISA_LOGIN_CHECKS
  Easwar Ram
  http://www.parxlns.com

• RV120W: The user attempted to connect using a dial-in medium that did not match the restricted dial-in media

    I am trying to configure a Cisco RV120W wireless using RADIUS. The IAS server is Windows 2003. The wireless client can’t access the wireless.  The ISA server keeps getting this error: Event Type: Warning Event Source: IAS Event Category: None Event ID: 2 User: N/A Computer: DEVICES1 Description: User ntdomain\blin was denied access. Fully-Qualified-User-Name = chicagotech.org/Users/Bob Lin NAS-IP-Address = 10.0.30.102 NAS-Identifier = Called-Station-Identifier = Calling-Station-Identifier = Client-Friendly-Name = RV102-Domain Client-IP-Address = 10.0.30.102 NAS-Port-Type = NAS-Port = Proxy-Policy-Name = Use Windows authentication for all users Authentication-Provider = Windows Authentication-Server = Policy-Name = CBG-All Authentication-Type = EAP EAP-Type = Reason-Code = 70 Reason = The user attempted to connect using a dial-in medium that did not match the restricted dial-in media. Check the dial-in constraints for the matching remote access policy. The public wireless and WPA2 work fine. Other Cisco 1240 wireless works fine with this event: Event Type: Information Event Source: IAS Event Category: None Event ID: 1 Date: 10/18/2013 Time: 1:33:19 PM User: N/A Computer: DEVICES1 Description: User blin was granted access. Fully-Qualified-User-Name = chicagotech.org/Users/Bob Lin NAS-IP-Address = 10.0.20.103 NAS-Identifier = WLC2504 Client-Friendly-Name = WLC2504 Client-IP-Address = 10.0.20.103 Calling-Station-Identifier = 90-18-7c-e6-95-aa NAS-Port-Type = Wireless - IEEE 802.11 NAS-Port = 1 Proxy-Policy-Name = Use Windows authentication for all users Authentication-Provider = Windows Authentication-Server = Policy-Name = CBG-All Authentication-Type = PEAP EAP-Type = Secured password (EAP-MSCHAP v2) Can you help?                  

  Dear Customer,
  Thank you for reaching the Small Business Support Community.
  The RADIUS configuration settings are intended to authenticate the wireless clients attempting to connect through a SSID and if this is the problem you have, I first suggest you to check on the RADIUS server IP address (Security>RADIUS Server), make sure it is reachable, and the authentication port number used by this server to send traffic and the shared key used to authenticate to the server which must match on both sides.  If all that is good, try using WAP Enterprise as the wireless security method and not WAP2 Enterprise.
  If the problem persits I then first suggest to to make sure you run the latest firmware release version 1.0.5.6;
  http://software.cisco.com/download/release.html?mdfid=282981372&flowid=796&softwareid=282487380&release=1.0.5.6&relind=AVAILABLE&rellifecycle=&reltype=latest
  Then contact support if the problem persists; (the "dial-in medium" part error I just don't understand what it has to do with the RADIUS wireless client authentication);
  https://supportforums.cisco.com/community/netpro/small-business/sbcountrysupport
  Please do not hesitate to reach me back if there is any further assistance I may assist you with in the meantime.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• ISE - Machine + user authentication

  I've searched forum, community but I couldn't find exactly what I need:
  I have a client that want's to use two step authentication on wireless: first machine authentication to make sure that device is on the domain and then username/password authentication.
  Now, I've read about MAR, EAP chaining, and I understood it all, only thing I didn't understand is:
  If I configure ISE to authenticate machine, it will allow limited access to DC (for example).
  Then, after that AuthZ profile is applied, what will do new authorization? My understanding is once MAR is done, AuthZ profileis applied and authorization is finished.
  Now, I am not asking about turning on laptop, getting PC on the network, then logging in and then providing the user/credentials, etc. I am asking for this scenario:
  How ISE policy and AuthZ profile should look like, for example, I come in the office, my wireless card is disabled, I login to my laptop, then I notice that my wireless card is disabled and now I enable it. I need to have Machine authentciation happening at that point + prompting user for username/password to complete registration on wireless.
  NAM is already refused by client, so I need something that will work on plain Windows 7.
  Thanks.

  Hello Align-
  In your post you are referring to two completely separate and independent solutions:
  1. MAR
  2. EAP-Chaining
  MAR only happens when the machine first boots up and the host presents its machine domain credentials. Then the machine MAC address is saved in ISE. The MAC is preserved in ISE as long as configured in the machine timer. Keep in mind that if let's say a computer was booted while connected on the wired network, only that MAC address will be authenticated. If the user moves to wireless, the connection will be denied as ISE will not have any records of the wireless MAC. Along with all of that, you will need another method (usually PEAP) to perform the user authentication. Usually this method is not a very good one to implement due to the issues listed
  EAP-Chaining on the other hand utilizes EAP-FAST and it s a multi-phase method during which both machine and user information is passed in a secured TLS tunnel. For that you need to implement Cisco AnyConnect as it is the only software supplicant that supports it at the moment. For more info you might wanna look into Cisco's TrustSec guide:
  http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_80_eapchaining_deployment.pdf
  I hope this helps!
  Thank you for rating!

• Setup Java system directory server 6 client for user authentication

  I am trying to set up a native LDAP client for sun directory server 6 for network based user authentication. I checked the sun doc for naming service (LDAP) and the documentation are for setting up LDAP client for directory server 5. Is there any documentation for setting up LDAP client for directory server 6? Or the documents for setting LDAP client for directory server 5 is still good for 6? Particularly, I want to use SSL communication between server and client.

  Hi,
  could be one of the other 'bad jokes' of DS/ldapclient because the documentation describes a lot of stuff about profiles etc. but: you need some special schema files to use the whole stuff and they are not installed with Solaris or DS (and they include the NisDomainObject). I had to search for them in the internet. They are also printed in the documentation. Save them in your server's config/schema directory as i.e. 61DUAConfigProfile.ldif and 62nisDomain.ldif and try idsconf again (maybe you have to cleanup something).
  I test and prepare DS6 here, and we will use it in production too. I hadn't any problem with it and it has some important advantages over DS5.2. But we won't have a huge directory so I can't tell you anything more about it.
  Regards
  Jochem Ippers
  Here are the ldifs:
  61DUAConfigProfile.ldif:
  dn: cn=schema
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'Default LDAP server host address used by a DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'Default LDAP base DN used by a DUA' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC 'Preferred LDAP server host addresses to be used by a DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maximum time in seconds a DUA should allow for a search to complete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximum time in seconds a DUA should allow for the bind operation to complete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'Tells DUA if it should follow referrals returned by a DSA search result' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC 'A keystring which identifies the type of authentication method used to contact the DSA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to live, in seconds, before a client DUA should re-read this configuration profile' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' DESC 'LDAP search descriptor list used by a DUA' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribute mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Identifies type of credentials a DUA should use when binding to the LDAP server' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Objectclass mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC 'Default search scope used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DESC 'Identifies type of credentials a DUA should use when binding to the LDAP server for a specific service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' )
  attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMethod' DESC 'Authentication method used by a service of the DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
  objectClasses: ( 1.3.6.1.4.1.11.1.3.1.2.4 NAME 'DUAConfigProfile' SUP top STRUCTURAL DESC 'Abstraction of a base configuration for a DUA' MUST ( cn ) MAY ( defaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearchScope $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authenticationMethod $ followReferrals $ serviceSearchDescriptor $ serviceCredentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attributeMap $ profileTTL ) X-ORIGIN 'user defined' )
  62nisDomain.ldif:
  dn: cn=schema
  attributeTypes: ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
  objectClasses: ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top STRUCTURAL MUST nisDomain X-ORIGIN 'user defined' )

• User console redirection webpage uses unnecessary browser sniffing

  User console redirection webpage uses unnecessary browser sniffing
  https://ps.palmws.com/palmcsext/console/
  That user console redirection webpage has this piece of JavaScript that uses unnecessary browser sniffing:
  <script type="text/javascript" language="javascript">
  function checkBrowser()
  var agt=navigator.userAgent.toLowerCase();
  var is_mac = (agt.indexOf("mac")!=-1);
  var is_ie = (agt.indexOf("msie")!= -1);
  var is_opera = (agt.indexOf("opera")!= -1);
  var is_firefox = (agt.indexOf("firefox")!= -1);
  var is_window = (agt.indexOf("window")!= -1);
  var is_safari = (agt.indexOf("safari")!= -1);
  if (is_window) {
  if (is_firefox || is_ie || is_safari) {
  window.location = "/palmcsext/console/pages/LoginPage.iface";
  } else {
  window.location = "/palmcsext/console/notfound/notfound.html";
  } else if (is_mac) {
  window.location = "/palmcsext/console/pages/LoginPage.iface";
  } else {
  window.location = "/palmcsext/console/pages/LoginPage.iface";
  </script>
  The browser sniffing is pretty harmful. Remove it.
  Just simply change the script to:
  window.location = "/palmcsext/console/pages/LoginPage.iface";

  XP1 wrote:
  If you look at the logic, even unsupported browsers will pass the test.
  The if statements only check for supported browsers running on Windows or Mac OSes. If the user is using a different OS, regardless of supported or unsupported browser, the webpage will still redirect correctly.
  The script doesn't do a good job of checking for supported browsers either. The user can set a custom user agent, and the code can't rely on the user agent string.
  Checking for browser support should be done by feature detection, not by user agent string checking.
  If the user sets a custom user agent string or uses a browser with which the code works, then it harms the user.
  The concept of the web is that it should work everywhere. Blocking browsers not only harms the user but also harms the web.
  If the code is written to web standards, the webpage should work in all modern browsers.
  Thus, it is pointless, inefficient, and unnecessary to have those if statements there.
  Like I said, the code can be simplified by just using 1 line:
  window.location = "/palmcsext/console/pages/LoginPage.iface";
  I have asked for more specifics here to find out why that logic is in place.  Not saying I can post back anything, but I have asked.
  And unless I'm reading it wrong, the check for unsupported browsers (so anything NOT firefox, ie or safari) only happens if you're running windows.  If you're on Mac or some other OS, it directs to the working page.  I have asked about that, too.

• We have two users that have been using Creative Cloud for almost a year. Recently, sometime in the last 4ish weeks, the users can no longer run Creative Cloud apps. (Yes, our subscription is paid.) Error simply says administrator access is required

  We have two users that have been using Creative Cloud for almost a year. Recently, sometime in the last 4ish weeks, the users can no longer run Creative Cloud apps. (Yes, our subscription is paid.) Error simply says administrator access is required to install. The apps have already been installed. The users cannot run them unless they are in the local admin group.Using "Run as admin" does not work. It gives the same error.
  I have opened a case with adobe support and was basically told to suck it up and put the users in the admin group. Actually, what was said was that it is "mandated that the users have administrative rights". 
  There are a couple of things wrong with this. It was working for both users until recently - a recent required creative cloud update. The users have never been local admins yet the apps were working (poorly, but working).
  We are in an enterprise environment and users simply do not have administrative rights on the computers.
  I have changed permissions on all adobe folders, granting users or authenticated users modify or full control rights, did the same in whatever Adobe registry HKLM keys I could find. Nothing has allowed the users to run the apps - unless they are put in the local admin group.
  Someone has to have a fix for this. Adobe apps have proved to have far too many vunerabilities to even entertain the idea of elevating user rights. I can't imagine that enterprise environments are allowing this.
  Any help or suggestions are greatly appreciated.

  Jeff,
  Thank you for your response. The users in question are "standard" domain users. We do not reduce users permissions below the standard level.
  The apps do not load with their current standard user permissions.
  The thing that makes this odd, is that up until recently they did this issue with cloud apps. The only way I can make it work for them now is to put them in the local administrator group on their pc's - which is not going to happen.
  This is what they now see. As I said before, this was not a problem up until recently they would see all their available apps. If I put them in the local admin group the apps are listed without having to install. Everything is there, just not accessible to the user.