User Authentication in Mobile Access

Similar Messages

• User Authentication for Internet access

  Hi,
  Is it possible to configure authentication for internal (LAN) users to Authenticate (local/RADIUS/LDAP) for any kind of internet access through the ISA550/570? (like cut-through authentication proxy in ASA.)
  And Can the ISA550/570 act as a Web proxy?
  Thanks in advance.

  HI Sulu,
  You can configure captive portal for internal LAN users to authenticate (local/Radius/LDAP) for internet
  access through ISA500. (see attached screenshot)
  ISA500 cannot act as a web proxy. what is your use case ?
  Regards,
  Wei

• How to do user authentication through manually access sql user database

  I have a table of user accounnts in sql, by using tomcat jsp, how can I authenticate users by manually accessing user account in sql ??
  Thanks in advance

  What is there to do?
  - Display page asking for username/password
  - retrieve typed in user name password
  - run query on database - something like "select userid from users where username = ? and password = ?"
  - if a record is returned, you have got a user - forward control to the correct jsp. If not, then it is incorrect - go back to the login page with an error message.
  - Normally on successful login you add something into the session (eg a user object) so you can tell if someone is logged in or not by looking for that object.
  Whats hard about any of this?

• OBIEE Security - How to setup SSO-integrated EBS users & mobile access?

  I'm looking for the best approach to solution my company's OBIEE Security requirements, they are:
  1) Create a standard authentication/security process at an enterprise level
  2) Maintain EBS Roles to provide object-level and data-level security in OBIEE
  3) EBS Users must go through the EBS portal to get to OBIEE (ie. single signon integration)
  4) non-EBS users must go through the OBIEE portal
  5) Both EBS and non-EBS users need ability to use the OBIEE iPad mobile application
  So for the EBS users, I've implemented the SSO integration between OBIEE 11.1.1.5.0 and EBS R11 based on the Oracle white paper [ID 1343143.1]. I've also set up an Authorization session init block to read the user's EBS Roles and set up object/data level security.
  For the non-EBS users, I've kept the default identity store (WLS-LDAP) and authentication provider.
  My question is what's the best approach for providing mobile access to the EBS users? Obviously I can't pass an HTML cookie to the iPad for these guys. Assuming these EBS users are in an corporate-LDAP store, I was thinking to setup a dual authentication store that connects to both corporate-ldap(EBS) and the WLS-integrated LDAP(non-EBS).
  Will this work? Does anyone have a better approach they'd like to share?

  Please post the details of the application release, database version and OS.
  We have a customer, who has upgraded to EBS R12 recently. With EBS R12 there comes a responsibility that enables users to directly open embedded BI in EBS. When people do LDAP authentication to EBS, they can directly open the OBIEE inside the EBS. But, when the EBS is SSO (OAM+WNA) integrated, OBIEE SSO in EBS does not work. What is the error?
  It could be related that OAM generated cookies are not recognized by embedded OBIEE.
  Is there a way to do a setup with both OAM SSO enabled to EBS, and EBS-OBIEE SSO is enabled inside EBS ? I do not think there is a single document that covers all the above (I believe you are aware of the individual docs).
  For urgent issue, please always log a SR.
  Thanks,
  Hussein

• User Authentication Logical Model DB2

  Hi Im attaching a logical model. Experts please take a look an guide for changes or to include more details. This is basically a user authentication logical model ERD
  Eagerly awaiting your reply. I am unable to attach a file if i can share the file it willl be easier... please tell me how to attach a word file .
  Thanks
  Organization
  OrgId PK
  LocId FK Location
  ClientId FK Clients
  Org Desc
  Org Location
  Create Date
  Last Updated By
  Location
  LocId PK
  Loc Desc
  Address
  Create Date
  Last Updated By
  Update Date
  Clients
  ClientID PK
  ClientName
  Department
  DeptId PK
  ClientID FK Clients
  UserId FK Users
  BookId FK
  DeptName
  Location
  Create Date
  Last Updated By
  Update Date
  USERS
  UserId PK
  Password :
  User_Role_Id FK Roles/Grps
  OrgId FK Organization
  Effective Dt
  Status
  Create Date
  Last Updated By
  Update Date
  User Roles ( Groups )
  User_Role Id PK
  UserId FK USERS
  BookId Fk Book_Types
  Role Id FK Roles
  Group Desc
  Create Date
  Last Updated By
  Update Date
  Roles
  Role Id PK
  Role Name
  Create Date
  Last Updated By
  Update Date
  BookTypes
  BookId PK
  BookType
  Create Date
  Last Updated By
  Update Date
  USER_Details
  UserId FK USERS
  DeptId FK Department
  Force Password Change Days
  Secret Question
  User Phone
  User Address
  DOB
  User Email
  User Mobile
  User Status
  User Supervisor
  Last Updated By

  Thanks for your reply Yusef.
  I am actually creating an ERD for authenticating the user when he logs into the database. So I will need a set of tables to identify if user exis and password is correct.
  After this some tables will exist for checking his department, his group. On the basis of his group he will be able to access only relevant parts of application. Its like a role or a privelege thing.
  Please tell me if the database tables that I have identified are correct ? Please ask questions so I may get to the best solution please.
  Thanks

• User Authentication Logical Mode

  Hi Im attaching a logical model. Experts please take a look an guide for changes or to include more details. This is basically a user authentication logical model ERD
  Eagerly awaiting your reply. I am unable to attach a file if i can share the file it willl be easier... please tell me how to attach a word file .
  Thanks
  Organization
  OrgId PK
  LocId FK Location
  ClientId FK Clients
  Org Desc
  Org Location
  Create Date
  Last Updated By
  Location
  LocId PK
  Loc Desc
  Address
  Create Date
  Last Updated By
  Update Date
  Clients
  ClientID PK
  ClientName
  Department
  DeptId PK
  ClientID FK Clients
  UserId FK Users
  BookId FK
  DeptName
  Location
  Create Date
  Last Updated By
  Update Date
  USERS
  UserId PK
  Password :
  User_Role_Id FK Roles/Grps
  OrgId FK Organization
  Effective Dt
  Status
  Create Date
  Last Updated By
  Update Date
  User Roles ( Groups )
  User_Role Id PK
  UserId FK USERS
  BookId Fk Book_Types
  Role Id FK Roles
  Group Desc
  Create Date
  Last Updated By
  Update Date
  Roles
  Role Id PK
  Role Name
  Create Date
  Last Updated By
  Update Date
  BookTypes
  BookId PK
  BookType
  Create Date
  Last Updated By
  Update Date
  USER_Details
  UserId FK USERS
  DeptId FK Department
  Force Password Change Days
  Secret Question
  User Phone
  User Address
  DOB
  User Email
  User Mobile
  User Status
  User Supervisor
  Last Updated By

  Thanks for your reply Yusef.
  I am actually creating an ERD for authenticating the user when he logs into the database. So I will need a set of tables to identify if user exis and password is correct.
  After this some tables will exist for checking his department, his group. On the basis of his group he will be able to access only relevant parts of application. Its like a role or a privelege thing.
  Please tell me if the database tables that I have identified are correct ? Please ask questions so I may get to the best solution please.
  Thanks

• OTP and Mobile Access Server

  Hi Guys,
  We are trying to implement a OTP solution for the Mobile Access page. How can the source code be altered or modified to accept the OTP token?
  I am trying to follow the following module, but where is it supposed to be put in?
  http://code.google.com/p/mod-authn-otp/wiki/Configuration
  Regards
  AJ

  Whoops, forgot to specify that this problem is only for the SMTP portion of MAS. Receiving email through IMAP via the MAS works fine.
  Here's a flow using openssl of a successful SMTP transaction through the MAS, in case anyone sees anything obvious:
  openssl s_client -starttls smtp -crlf -connect <my MAS server>:587
  CONNECTED(00000003)
  <key exchange information>
  250 DSN
  ehlo testing
  250-<my MAS server>
  250-PIPELINING
  250-SIZE 104857600
  250-VRFY
  250-AUTH PLAIN
  250-ETRN
  250-ENHANCEDSTATUSCODES
  250-8BITMIME
  250 DSN
  AUTH PLAIN <user key>
  235 2.7.0 Authentication Succeeded
  mail from: <[email protected]>
  250 2.1.0 Ok
  rcpt to: <[email protected]>
  250 2.1.5 Ok
  data
  354 End data with <CR><LF>.<CR><LF>
  From: Test <[email protected]>
  To: Test <[email protected]>
  Subject: Blah
  Blah!
  250 2.0.0 Ok: queued as <mail ID>
  quit
  221 2.0.0 Bye
  closed

• MFA Server - User portal and mobile app web server should be installed where?

  Hi. We are in the process of testing the Multi-Factor Auth server and are currently using it for two-factor authentication to RDS for a couple of users. At the moment we are only using the phone call/text options but I'd like to get the mobile app portion
  working to test.  Also still need to implement the user self-service portal for testing.
  Currently I have a vm that was dedicated to MFA where the Multi-Factor Authentication Server software was installed.  Now though I'm a bit confused as to if its safe to install the user portal and mobile app web service portion on this same machine
  or if they should go on a different server(s)?  Currently the box is internal but I'm guessing if it has also act as the web server we would stick it behind the TMG for external inbound access.  Is external access to the primary MFA server ok? 
  What's the best practice for separation of the MFA roles; or is there none and its fine to just put it altogether? 
  Thanks.

  Hello Col. Forbin,
  Thanks for posting here!
  You have a dedicated MFA server and if you install User Portal on the same server as the MFA Server, it uses RPC to communicate with the MultiFactorAuth service locally.
  If the User Portal is installed on a different server, it must connect via the Web Service SDK. You can use either a username/password of a service account that is a member of the PhoneFactor
  Admins security group, or you can configure client certificates. If using the username/password, you can encrypt the appSettings section of the web.config file if desired.
  Under Inetpub\wwwroot\MultiFactorAuth when you edit the web.config file you need to make sure these values are set.
  USE_WEB_SERVICE_SDK:
  true
  WEB_SERVICE_SDK_AUTHENTICATION_USERNAME: domain\user
  WEB_SERVICE_SDK_AUTHENTICATION_PASSWORD:
  password
  OVERRIDE_PHONE_APP_WEB_SERVICE_URL: 
  You might want to refer this thread link:
  https://social.msdn.microsoft.com/Forums/en-US/ad1f6fc1-ab3f-482d-a435-e4fd6665f640/mfa-user-portal-issue?forum=windowsazureactiveauthentication
  Additional reference links:
  https://technet.microsoft.com/en-us/library/dn376347.aspx#multifactor
  https://pfweb.phonefactor.net/install/6.2.1.16387/release_notes.txt
  Let me know if you have any further questions!
  Regards,
  Sadiqh Ahmed

• How to implement Oracle user/role security with Access front end?

  Hi,
  We have successfully migrated our Access database tables to Oracle 10g using SQL developer. We've recreated all the users and roles(i.e., access groups) in Oracle and granted rights to tables.
  In the Access front end database, in the Database window we have saved linked Oracle tables which replaced the Access tables. The forms, reports, queries run fine with the linked Oracle tables. All the linked table use one ODBC DSN to the Oracle database with the same Oracle user id.
  We need to be able to authenticate users into the Oracle database and RE-link the tables based on their own unique user id. By during so we can allow users to use the Oracle standard user id/role and system privileges to control select, update, ect. rights to the database.
  I've been able to use the VB code within Access to logon into the database with a unique id, but I have not been able to find out how to RE-link the tables to the unique user id using VB. There should be some way to relink tables dynamically, based on users login into the Access front end.
  I don't know a great deal about Access projects, but I do know with SQL server allows login into your Access project and link tables dynamically.
  Can someone give me some assistance or point me in the right direction?
  Thanks in advance,
  Larry

  We had one of our programmers here come up with a VB code solution for re-linking table within Access. However the relinking takes 3-4 minutes for 100+ tables.
  In an effort to help you understand the situation better, I will attempt to elaborate on the problem:
  We have an Access 2003 application which currently has a front end using Access(forms, reports, queries, & VB code) and a MS Access 2003 backend.
  We have migrated the backend tables to Oracle. However, we still have a need to maintain the front end in Access, since we have over 60 forms, 40 reports, 200+ queries in Access. Its easy to understand, we have a significant investment in the front end(Obviously, the plan is to migrate the front end also at some future date).
  In order to utilized the existing front end, we have to validate and modify the current front end connections to the new Oracle backend. One of the features of Access is that you can "link" tables and save the link for runtime. Each Access table can have its own link which is a separate ODBC/JET connection. As such, each separate link has its own userid/database information.
  The other issue with using the Access front-end is that Access utilizes a workgroup file to implement user and group security. The workgroup file contains all the users and which groups the users belong to in Access. Then within Access, you allow users access to object(tables, queries, ect) by their userid and or group. When users open an Access database with Access security enabled, they are required to log into Access. The login is authenticated by the workgroup file. Once, logged into Access, users have rights to Access objects based on their rights granted to their userid and groups they belong. The problem here is that when you remove the linked Access tables and replace them with linked Oracle tables, Access has knowledge about Oracle table rights granted to users; nor would you expect it to.
  The dilema is the disconnect between Access and the fact Oracle utilizes a similar but much more sophisticated security model. It creates users and roles(which are similar to Access groups), and again this is independent of Access security.
  Our solution was to still use the Access workgroup file security along with the Oracle security model. By using the Access userid and then creating a similar Oracle userid with similar table rights granted in Access, you could apply security within Access and also with the Oracle database.
  For example, a user BOB logs into Access via the workgroup file, using VB code, Access then establishes a Oracle connection logining into Oracle using the same unique userid BOB into Oracle.
  After connecting and validating user BOB into Oracle, then the Access tables are relinked to Oracle using the user BOB userid and table rights.
  This Oracle userid has been granted table rights specific for this userid.This allows the user BOB to use the Access application and still be authenticated into the Oracle database.
  The problem with this solution is that the relinking of the saved Access tables takes 3-7 minutes for about 100+ tables. This is not acceptable for users each time they log into the application.
  Our current alternative is to use one Oracle userid to login each user, and use Access form restrictions/security to allow/prevent users from updating/viewing data. Obviously, this is not the optimal solution in respect to security, but it at least allows us to control access to the data(via the forms) by using one logon required for each user, and quick startup time for the application.
  I understand SQL server does a better job in integration, but we use Oracle which is what I am trying to work with.
  Larry

• User Authentication for subfolder not working in Web Browser

  We are using Oracle Application Server 10.1.2.3 and Database Server 10.2.0.5 for our application.
  One of the functionalities of the Application is to send emails with attachments.
  The logic is that the Application would generate the attachment file on the Application Server.
  Then a database package uses Oracle's utl_http package/procedures(more specifically utl_http.request_pieces where the single argument is a URL) to pick up the file from the Application Server via URL, attach the file and send the email.
  Exchange and Relay Server is also set in the Application.
  The problem is that the folder containing the folder which stores the attachments is having user authentication set.
  Example : The main folder is /apps/interface, this folder requires a valid user when it is accessed via URL on a web browser.
  Alias created in httpd.conf
  Alias /int-dir/ "/apps/interface/"
  The folder /apps/interface/email/ is the folder where the attachment files are generated and stored.
  Application Server : 10.12.213.21
  Database Server : 10.12.213.22
  Email Server : 10.12.213.44
  Configuration as per httpd.conf
  Alias /int-dir/ "/apps/interface/"
  <Location /int-dir/>
  AuthName "Interface folder"
  AuthType Basic
  AuthUserFile "/u01/app/oracle/as10g/oasmid/Apache/Apache/conf/.htpasswd"
  require user scott
  </Location>
  <Location /int-dir/email>
  Options Indexes Multiviews IncludesNoExec
       Order deny,allow
       Deny from all
       Allow from 10.12.213.21
       Allow from 10.12.213.22
       Allow from 10.12.213.44
  </Location>
  Using the above configuration the Application is able to attach the files and send the email, however, when we access the following URL :
  http://10.12.213.21:7778/int-dir/ - it prompts for user authentication
  However if we use the following URL :
  http://10.12.213.21:7778/int-dir/email/ - it does not prompt for user authentication, and all the files in the folder are displayed in the browser.
  I have tried so many things including AllowOverride, .htaccess, but i am not able to get user authentication for the email folder.
  Please help me if you can.
  Thanking you in advance,
  GLad to give any more information that i can.
  dxbrocky

  Thanks for your response.  I fixed the problem by selecting "full site" or "full website" at bottom of the web page.  After making this selection the zoom function returned.  Thanks again for your interest.

• User Authentication Failed error when trying to display a JSP portlet

  The steps carried out are as follows :
  1. Created a JSP file named "c.jsp" and deployed it under 902_MidTier_Home\j2ee\home\default-web-app\examples\jsp
  2. Created a table named USER_TABLE under Scott schema to store the usernames and passwords to validate this JSP application.
  3. Registered this JSP as an external application with the following values :
  Application Name           : RAGHU
  Login URL          : http://hostname:port/j2ee/examples/jsp/c.jsp
  User Name/ID Field Name     : username
  Password Field Name     : password
  Type of Authentication Used : POST
  3. Clicked on the External Application and entered the username as USER1 and password as USER1 ( These values are available
  under USER_TABLE for comparison ). Then it shows the message "Hi User1 .. Welcome message"
  4. Now created a directory named JSPSAMPLE under "WEB-INF\Providers" and put the provider.xml file under this.
  Created a raghu.properties file and placed it under "WEB-INF\deployment".
  5. Now tested the testpage using the URL " http://hostname:port/jpdk/providers/raghu " and it works fine.
  6. Registered this as a provider in Portal and added this portlet onto a page. Assigned this page to a newly created user.
  It gives the message " Authentication Failed - Update Login Information " which is expected. I click on the link and
  it takes me to the external application username password. I enter the credentials but this time it comes back again
  to the page with the same message " Authentication Failed - Update Login Information ".
  7. Basically the values are not passed to the Username and Password in jsp page which is why the problem occurs.
  The JSP Code used is as follows :
  <%@ page import="java.sql.*" %>
  <HTML>
  <HEAD><TITLE>DB Connectivity test</TITLE></HEAD>
  <BODY BGCOLOR="#FFFFFF">
  <CENTER>
  <B>user_table</B>
  <BR><BR>
  <%
  String username = request.getParameter("username");
  String password = request.getParameter("password");
  Connection conn = null;
  try
  Class.forName("oracle.jdbc.driver.OracleDriver");
  conn = DriverManager.getConnection("jdbc:oracle:thin:@hostname:1521:iasdb","scott","tiger");
  Statement stmt = conn.createStatement();
  String query = "SELECT * FROM user_table where userid= '"+ username +"' and passwd = '" + password + "' " ;
  ResultSet rs = stmt.executeQuery(query);
  while(rs.next())
  out.println("<TR>");
  out.println(" <TD> hi " + rs.getString("userid") + ", welcome</TD>");
  out.println("</TR>");
  out.println("</TABLE>");
  catch(SQLException e)
  out.println("SQLException: " + e.getMessage() + "<BR>");
  while((e = e.getNextException()) != null)
  out.println(e.getMessage() + "<BR>");
  out.println("invalid userid,password");
  catch(ClassNotFoundException e)
  out.println("ClassNotFoundException: " + e.getMessage() + "<BR>");
  finally
  //Clean up resources, close the connection.
  if(conn != null)
  try
  conn.close();
  catch (Exception ignored) {}
  %>
  </CENTER>
  </BODY>
  </HTML>
  The Provider.xml file used is as follows :
  <?xml version="1.0" encoding="UTF-8"?>
  <?providerDefinition version="3.1"?>
  <provider class="oracle.portal.provider.v2.http.URLProviderDefinition">
       <providerInstanceClass>oracle.portal.provider.v2.http.URLProviderInstance</providerInstanceClass>
       <session>true</session>
       <authentication class="oracle.portal.provider.v2.security.Authentication">
            <authType>ExternalApp</authType>
            <userFieldName>username</userFieldName>
            <userPwdName>password</userPwdName>
            <errorPageMessages>Raghu,Please sign in,Sign me up!</errorPageMessages>
       </authentication>
       <portlet class="oracle.portal.provider.v2.http.URLPortletDefinition">
            <id>1</id>
            <name>RaghuPortlet</name>
            <title>Raghu Mail Portlet</title>
            <description>This portlet is to test Integration services using mail.yahoo.com</description>
            <timeout>100</timeout>
            <timeoutMessage>Raghu timed out</timeoutMessage>
            <showEdit>false</showEdit>
            <showEditDefault>false</showEditDefault>
            <showPreview>false</showPreview>
            <showDetails>false</showDetails>
            <hasHelp>false</hasHelp>
            <hasAbout>false</hasAbout>
            <acceptContentType>text/html</acceptContentType>
            <registrationPortlet>false</registrationPortlet>
            <accessControl>public</accessControl>
            <renderer class="oracle.portal.provider.v2.render.RenderManager">
                 <showPage class="oracle.portal.provider.v2.render.http.URLRenderer">
                      <pageUrl>http://172.17.24.235:8888/c.jsp</pageUrl>
                      <contentType>text/html</contentType>
                      <filter class="oracle.portal.provider.v2.render.HtmlFilter">
                           <useAuthLinks>true</useAuthLinks>
                           <headerTrimTag>&lt;table width="100%" cellpadding=0 cellspacing=0 border=0>&lt;tr>&lt;td bgcolor=#9bbad6></headerTrimTag>
                           <footerTrimTag>&lt;table width="100%" cellpadding=2 cellspacing=1>&lt;tr>&lt;td bgcolor=#9bbad6></footerTrimTag>
                           <convertTarget>true</convertTarget>
                           <redirectUrlFieldName>.done</redirectUrlFieldName>
                      </filter>
                 </showPage>
            </renderer>
            <securityManager class="oracle.portal.provider.v2.security.URLSecurityManager">
                 <authorizType>registered</authorizType>
            </securityManager>
       </portlet>
  </provider>
  The Contents of raghu.properties file
  serviceClass=oracle.webdb.provider.v2.adapter.soapV1.ProviderAdapter
  loaderClass=oracle.portal.provider.v2.http.DefaultProviderLoader
  showTestPage=true
  definition=providers/raghu/provider.xml
  autoReload=true
  Any inputs regarding why the values are passed properly in case of External Application but not so when registered as
  a portlet in Portal.
  Regards
  Satish G

  As I can see from the information posted, you are trying to
  use URL-based portlet's SSO feature, though not in a correct
  way.
  The SSO feature of URL-based portlets relie on the usage
  of Cookies as authentication tokens. For example, in the
  present context, http://hostname:port/j2ee/examples/jsp/c.jsp
  will write a cookie to the client upon successfull authentication.
  Subsequent access to the same JSP or some other JSP in the same
  workspace should be checking for the existence of this particular
  cookie at the client side and if found should not prompt for
  user information again.
  If you can fine tune your existing applications as per above
  conditions, then everything should work fine. Else you might
  want to use page parameters to pass user information.
  For more information on page parameters, please visit
  http://portalstudio.oracle.com/servlet/page?_pageid=350&_dad=ops&_schema=OPSTUDIO&12678_PDKHOME902_39847486.p_subid=249821&12678_PDKHOME902_39847486.p_sub_siteid=73&12678_PDKHOME902_39847486.p_edit=0#NEW1

• Use Microsoft Online Directory Services as a user authentication provider for our own SharePoint farm?

  Hi,
  I've managed to configure my farm so that  Microsoft Online Directory Services (Office 365 etc.) can be used for STS authentication, but what I'm actually trying to do is allow user authentication - that is, I'm hoping to be able to use the user's
  O365 credentials to authenticate them in my own farm so they can view certain parts of it. If I need to write my own login form or authentication provider or whatever that's fine, as long as the user doesn't need to enter anything when they access my farm
  (provided they already have cached O365 credentials in their browser session).
  FWIW I actually need to be able to support the possibility that users are coming from multiple O365 tenancies, whereby each site collection will be configured to allow users from a different O365 tenancy (more or less).
  If it's not possible to do with my own development farm on a PC, it is possible if the farm is hosted in Azure?
  Thanks
  Dylan

  Hi  Dylan,
  According to your description, my understanding is that you want to use Microsoft Online Directory Services as a user authentication provider for your SharePoint farm.
  For your demand, you can configure a hybrid topology for your SharePoint farm:
  http://technet.microsoft.com/en-us/library/jj838715(v=office.15).aspx
  http://technet.microsoft.com/en-us/library/dn197168(v=office.15).aspx
  Thanks,
  Eric
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
  contact [email protected]
  Eric Tao
  TechNet Community Support

• GRC AC 10.0 - CUP User Authentication

  Hi All
  We have installed GRC AC 10.0 as a part of ramp up implementation. We will soon start with the configuration steps. For user interfacing we have 2 options (1) NWBC (2) Portal. Architecture of GRC AC 10.0 is based on webdynpro ABAP.
  Now we had a question wherein if we choose NWBC as a front end, then how do we integrate the LDAP for CUP user authentication.
  If we need to integrate LDAP as a authentication source for users in CUP, do we have the only option of going with Portal as a user interface.
  Please advise.
  Thank you.
  Anjan pandey

  > That feature in AC 10.0 is called End User Login and will have it's own URL to access via browser.
  Thanks Frank for your response. I did go through the RKT documents and seems that there is a link through which the end users will create request. we have also planned to setup a LDAP connectivity for user authentication.
  Thanks.
  Anjan Pandey

• Javascript errors using Checkpoint Mobile Access VPN: Workaround needed

  Hi,
  We are currently in the process of upgrading from APEX 3.2 to 4.2.1 at our organization. We are done with fixing all applications and tests have been successful so far.
  However we are facing one issue when we use applications by passing through a web proxy called Checkpoint Mobile Access VPN. The issue never occured in APEX 3.2 when using this proxy.
  Before explaining the issue here is a quick description of how this proxy works. I first authenticate through the proxy's login page. Once authenticated, there is a list of shortcuts I can choose to access our Portal.
  From the portal, I then have links to my APEX applications (APEX authentication is done with Oracle Single-sign-on).
  The proxy modifies all URLs to something like this:
  https://my-proxy-host/axess/Web/pls/apex/f,CVPNHost=my-apex-host,CVPNProtocol=http,CVPNOrg=rel?p=10001:101:2345777452066514
  It also modifies HTML content and javascript libraries in order to work with its translated URLs (and maybe for some other reasons which I don't know). In javascript files, it replaces some functions and variables with some of its own.
  Now here is the issue. This javascript rewriting causes a syntax error to occur in desktop_all.min.js , more precisely in the code that concerns apex.security . This causes all apex and jquery functions to break.
  To investigate deeper, I removed the #APEX_JAVASCRIPT# placeholder in a template and included one by one all the uncompressed libraries that are used by desktop_all.min.js .
  This resolved the issue.
  After this I tried to include again all the same libraries but in their minified version. I then got the issue back. After searching a bit I realized that the issue is located in security.min.js .
  The minified version of the library has a syntax error but the uncompressed version works well.
  I analyzed the syntax error and it's caused by the proxy that closes a parenthesis at the wrong place. I've never had this kind of javascript rewriting issue before but the proxy software definitely failed in this case.
  I understand that the error is caused by the proxy software and has nothing to do with APEX. However I need to put a workaround in place since we have no choice of using the proxy in many situations.
  -Does anyone here ever got or heard about this issue? If yes, did you find a workaround?
  -I may have found my own workaround and would like to know your opinion on it:
  I took the uncompressed security.js file and minified it with a tool found on internet. The result code is different from the one bundled with APEX.
  I then refered to this new file in my template and had no error this time.
  What I finally did is edit desktop_all.min.js and replace the line concerning apex.security with my new file. It seems to work quite well.
  I know it's not a good approach to overwrite files provided by APEX like this but I would prefer this than including all the dozens of files.
  I would like to keep #APEX_JAVASCRIPT# so APEX continues controlling which libraries to include.
  What do you think about this? Maybe is there something similar that would be a better approach?
  Thanks in advance

  Hello
  I have similar problem - difference is just in using PPTP instead of VPN client but basicaly it is the same setup.
  Simply ip local policy doesn't work when you have some encrypted traffic.
  Can you post your configuration for the internet-redirect-rmap route map.
  I have tried with match gre protocols and ports 1723 for pptp but it simply doesn't work so I am wondering is this even feasible on cisco router.
  Dusan

• SAP User Authentication via Windows Active Directory

  The non-profit company I work for as an SAP Security Admin has been using SAP since 1999.  We are currently running ECC 6.0, BI 7.0, and CRM 7.0.  With fewer than 300 SAP users, we have not implemented CUA, so each of our multiple clients in these systems is managed independently. 
  The company recently licensed and implemented some non-SAP software to be used by all of our employees (~1200) in keeping track of & catagorizing their work time; a very handy feature of this software is that it depends upon Windows Active Directory for user authentication.  Therefore, each employee logs into this time-keeping package by entering his/her standard PC userID & password.  If you can log onto your PC, you can log into the time-keeping software. 
  That got me thinking & researching, because our SAP users - especially those who have access to three or more SAP clients - must maintain their passwords independently in each SAP client that they hope to access in the future.  I'm certainly not the first person who has thought of how nice it would be to permit SAP users to log into all SAP clients across the landscape in which they have defined userIDs, using the same password that they are using to log into their PCs (i.e., the password that is stored & maintained in Windows Active Directory).  My quest has led me to find presentations on this topic that typically involve modules we aren't using & very complicated configurations that we really lack the time & resources to employ; or, to third-party solution providers who claim to be certified SAP partners who would love to sell us more software to provide this convenience, usually irelated to single sign-on, LDAP, etc.  The lowest pricing tier for such software usually would cover many times the number of SAP users we have to serve here - and it feels like trying to push in a tack using a sledgehammer.  It is true that we have not used the same userID for our PCs that we have defined in SAP, so there would need to be some way to translate from one to the other, but our PC password rules are consistent with those we have configured in SAP clients, so it seems to me it should be very simple.   Can anyone lead me to a more straightforward solution?  If not, can you articulate why this has to be so complicated using SAP software when it seems so simple using relatively inexpensive timekeeping sotware?

  >
  Gagan Deep Kaushal wrote:
  > Hi Tim,
  >
  > Its nice to see video.
  >
  > Is that mean using different username on OS and SAP level still we can achieve SSO.
  >
  > Correct if if am wrong.
  > The only thing we need to maintain SNC name.
  Once installed, yes. This is all you need to maintain when users are added. You can even use LDAP if you like to sync all user info between SAP and MS AD domain, but this cannot sync the password, so using SNC authentication instead of using SAP passwords is ideal.
  >
  > So for user test1 i can manage name as p:test2.....  ??
  Yes, that is correct. The mapping is maintained using standard SAP user management, such as su01. The user in AD domain might have long account name, e.g. "firstname.verylonglastname" which is too big for use as a SAP username so you can map this long AD account name onto a SAP user called FIRSTLAST in one or more SAP clients.
  >
  > I think that is what Ronald is also looking, user name need not to be same.
  >
  > Regards,
  > Gagan Deep Kaushal