User Authentication Logical Mode

Similar Messages

• User Authentication Logical Model DB2

  Hi Im attaching a logical model. Experts please take a look an guide for changes or to include more details. This is basically a user authentication logical model ERD
  Eagerly awaiting your reply. I am unable to attach a file if i can share the file it willl be easier... please tell me how to attach a word file .
  Thanks
  Organization
  OrgId PK
  LocId FK Location
  ClientId FK Clients
  Org Desc
  Org Location
  Create Date
  Last Updated By
  Location
  LocId PK
  Loc Desc
  Address
  Create Date
  Last Updated By
  Update Date
  Clients
  ClientID PK
  ClientName
  Department
  DeptId PK
  ClientID FK Clients
  UserId FK Users
  BookId FK
  DeptName
  Location
  Create Date
  Last Updated By
  Update Date
  USERS
  UserId PK
  Password :
  User_Role_Id FK Roles/Grps
  OrgId FK Organization
  Effective Dt
  Status
  Create Date
  Last Updated By
  Update Date
  User Roles ( Groups )
  User_Role Id PK
  UserId FK USERS
  BookId Fk Book_Types
  Role Id FK Roles
  Group Desc
  Create Date
  Last Updated By
  Update Date
  Roles
  Role Id PK
  Role Name
  Create Date
  Last Updated By
  Update Date
  BookTypes
  BookId PK
  BookType
  Create Date
  Last Updated By
  Update Date
  USER_Details
  UserId FK USERS
  DeptId FK Department
  Force Password Change Days
  Secret Question
  User Phone
  User Address
  DOB
  User Email
  User Mobile
  User Status
  User Supervisor
  Last Updated By

  Thanks for your reply Yusef.
  I am actually creating an ERD for authenticating the user when he logs into the database. So I will need a set of tables to identify if user exis and password is correct.
  After this some tables will exist for checking his department, his group. On the basis of his group he will be able to access only relevant parts of application. Its like a role or a privelege thing.
  Please tell me if the database tables that I have identified are correct ? Please ask questions so I may get to the best solution please.
  Thanks

• User Authentication Logical Model

  Hi Im attaching a logical model. Experts please take a look an guide for changes or to include more details. This is basically a user authentication logical model ERD
  Eagerly awaiting your reply. I am unable to attach a file if i can share the file it willl be easier... please tell me how to attach a word file .
  Thanks
  Organization
  OrgId PK
  LocId FK Location
  ClientId FK Clients
  Org Desc
  Org Location
  Create Date
  Last Updated By
  Location
  LocId PK
  Loc Desc
  Address
  Create Date
  Last Updated By
  Update Date
  Clients
  ClientID PK
  ClientName
  Department
  DeptId PK
  ClientID FK Clients
  UserId FK Users
  BookId FK
  DeptName
  Location
  Create Date
  Last Updated By
  Update Date
  USERS
  UserId PK
  Password :
  User_Role_Id FK Roles/Grps
  OrgId FK Organization
  Effective Dt
  Status
  Create Date
  Last Updated By
  Update Date
  User Roles ( Groups )
  User_Role Id PK
  UserId FK USERS
  BookId Fk Book_Types
  Role Id FK Roles
  Group Desc
  Create Date
  Last Updated By
  Update Date
  Roles
  Role Id PK
  Role Name
  Create Date
  Last Updated By
  Update Date
  BookTypes
  BookId PK
  BookType
  Create Date
  Last Updated By
  Update Date
  USER_Details
  UserId FK USERS
  DeptId FK Department
  Force Password Change Days
  Secret Question
  User Phone
  User Address
  DOB
  User Email
  User Mobile
  User Status
  User Supervisor
  Last Updated By

  You posted this in three different forums!
  Can you explain why.
  Also you seem never ever to mark a question as resolved.
  That is the rude behavior of most newbies here, but then that has to be stopped.
  I'm hard pressed to see whether this model is correct. It is very unlikely a client can have multiple organizations and multiple departments. Likely you erroneously reversed those relationship.
  Also the FK relationship between users and books is almost certainy incorrect, as in the users description you refer to booktypes, which appears to be a fk to the book entity.
  You should redo this design and come up with something better. This one is not correct at all.
  Also you should refrain from cross- and multiposting.
  Sybrand Bakker
  Senior Oracle DBA

• User Authentication for subfolder not working in Web Browser

  We are using Oracle Application Server 10.1.2.3 and Database Server 10.2.0.5 for our application.
  One of the functionalities of the Application is to send emails with attachments.
  The logic is that the Application would generate the attachment file on the Application Server.
  Then a database package uses Oracle's utl_http package/procedures(more specifically utl_http.request_pieces where the single argument is a URL) to pick up the file from the Application Server via URL, attach the file and send the email.
  Exchange and Relay Server is also set in the Application.
  The problem is that the folder containing the folder which stores the attachments is having user authentication set.
  Example : The main folder is /apps/interface, this folder requires a valid user when it is accessed via URL on a web browser.
  Alias created in httpd.conf
  Alias /int-dir/ "/apps/interface/"
  The folder /apps/interface/email/ is the folder where the attachment files are generated and stored.
  Application Server : 10.12.213.21
  Database Server : 10.12.213.22
  Email Server : 10.12.213.44
  Configuration as per httpd.conf
  Alias /int-dir/ "/apps/interface/"
  <Location /int-dir/>
  AuthName "Interface folder"
  AuthType Basic
  AuthUserFile "/u01/app/oracle/as10g/oasmid/Apache/Apache/conf/.htpasswd"
  require user scott
  </Location>
  <Location /int-dir/email>
  Options Indexes Multiviews IncludesNoExec
       Order deny,allow
       Deny from all
       Allow from 10.12.213.21
       Allow from 10.12.213.22
       Allow from 10.12.213.44
  </Location>
  Using the above configuration the Application is able to attach the files and send the email, however, when we access the following URL :
  http://10.12.213.21:7778/int-dir/ - it prompts for user authentication
  However if we use the following URL :
  http://10.12.213.21:7778/int-dir/email/ - it does not prompt for user authentication, and all the files in the folder are displayed in the browser.
  I have tried so many things including AllowOverride, .htaccess, but i am not able to get user authentication for the email folder.
  Please help me if you can.
  Thanking you in advance,
  GLad to give any more information that i can.
  dxbrocky

  Thanks for your response.  I fixed the problem by selecting "full site" or "full website" at bottom of the web page.  After making this selection the zoom function returned.  Thanks again for your interest.

• Limited-access user permission lockdown mode and allowing anon users to view list items

  I'm working on setting up a public-facing SharePoint website that will need to support anonymous user access. I'm using the Enterprise Publishing Portal site collection template, so the Limited-access user permission lockdown mode feature is turned on.
  Everything is working great, except allowing users to view a list item. One of the key features I was hoping to leverage was the ability to display custom lists on a web page using a List View web part. Then they could click on an item and see the DispForm.aspx
  so the item's content was accessible, including any file attachments.
  A real-world example is adding an RSS viewer web part to the home page and allowing anon users to click on one of the events to see the details of it. Currently, in lockdown mode, the users gets an authentication prompt. 
  I toyed with the idea of turning the lockdown feature off. However, I'm uncertain of the full impact that would have on security. For example, I know it will allow anonymous users to see who created and modified an item, which we don't want exposed to the
  public (i.e. our employee names). Seems like opening a can of worms by disabling the lockdown mode... 
  Any ideas on how to tackle this would be greatly appreciated.

  So far, this is the most promising solution I've come across:
  http://soerennielsen.wordpress.com/2012/05/29/how-to-make-list-items-visible-to-anonymous-users-in-search

• Redirect to the jsp page after user authenticated successfully  …

  Here is the requirement …
  I’m using “JAAS – Custom Login Module” for user authentication.
  I have few questions in Portal Logon process …
  1. Exactly at what point I can conclude that the user has been authenticated successfully, because I have to redirect the user to some other page for the first time logon to enter some information, subsequent logins shouldn’t be redirected. (I can update flag upon entering information).
  2. Where should I add my redirection code? Is it in my JASS Custom Login Module?
  If yes, how can I do that ? I’m more consider on “where should I add it”?
  3. Do I need to change my “UmLogonPage.jsp” to complete my requirement?
  4. Once after entering the Logon information, who will call my JASS – Custom Login Module for authentication? If authentication has failed who will return the control back to the “umLogonPage.jsp”?
  5. In my JASS Custom Login Module, I have no redirections except having logic for authentication process, and some Login Exceptions are thrown for failure logins.
  6. Who will catch these exceptions for failure logins to redirect back to the “umLogonPage.jsp”.
  7. Finally I like to know where can I add my redirection logic once the user has been authenticated successfully?
  8. last but not least can any of the experts explain the whole login process (using JASS module)? How the control goes from one component to another?
  Any kind of help is appreciated.
  Points can be awarded for useful answers.
  Thanks
  MMK

  Thanks a lot for your valuable reply.
  yes what you said was correct, storing information in R/3 System and getting the details from FM using Connector framework.
  You said i have to modify "header.jsp", can you please tell which .par file should i get to modify?
  one more question to you ... i have provide custom logon error messages to the user ... i did all the modification in logon.par and deployed in EP 6 .. working fine .. i can able to see "User ID Missing" , "Password Missing" etc ..
  when i place same peace of code in EP 7 it always displaying "User Authentication failed". can u guess what whould be the problem?
  Thanks
  MMK

• Cisco ISE (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out)

  Hi,
  I have a setup ISE 1.1.1. Users are getting authenticate against AD. Everything is working fine except some users report disconnection. I see in the ISE that (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out). Users are using Windows 7 OS.
  Error is enclosed & here is the port configuration.
  Port Configuration.
  interface GigabitEthernet0/2
  switchport access vlan 120
  switchport mode access
  switchport voice vlan 121
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 120
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab dot1x
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 60
  spanning-tree portfast
  ip dhcp snooping limit rate 30 interface GigabitEthernet0/2
  switchport access vlan 120
  switchport mode access
  switchport voice vlan 121
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 120
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab dot1x
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 60
  spanning-tree portfast
  ip dhcp snooping limit rate 30
  Please help.

  The error message means that Active Directory server Reject the authentication attempt
  as for some reasons the user account got locked.I guess, You should ask your AD Team to check in the AD
  Event Logs why did the user account got locked.
  Under Even Viewers, You can find it out
  Regards
  Minakshi (Do rate the helpful posts)

• 802.1x eap-tls machine + user authentication (wired)

  Hi everybody,
  right now we try to authenticate the machines and users which are plugged to our switches over 802.1X eap-tls. Works just fine with windows.
  You plug a windows laptop to a switchport and machine authenticates over eap-tls with computer certificate. Now the user logsin and our RADIUS (Cisco ACS) authenticates the user as well, with the user certificate. After eap-tls user-authentication the RADIUS checks if the workstation on which the user is currently logged in is authenticated as well. If yes = success, if no the switchport will not allow any traffic.
  Now we have to implement the same befaviour on our MacBooks Pro. Here the problems start. First of all I installed user and computer certificates issued by our CA (Win 2008 R2). So far so good. Now I have no idea how to implement the same chain of authentication. I was reading countless blogs, discussions, documentations etc. about how to create .mobileconfig profiles. Right now im able to authenticate the machine, and _only_ if I login. As soon as I logout eap-tls stops to work. It seems that loginwindow does not know how to authenticate.
  1) how do I tell Mavericks to authenticate with computer certificate while no user is loged in ? already tried profiles with
  <key>SetupModes</key>
  <array>
      <string>System</string>
      <string>Loginwindow</string>
  </array>
  <key>PayloadScope</key>
      <string>System</string>
  but it does not work
  2) How do I tell Mavericks to reauthenticate with user certificate when user logs in ?
  Thanks

  Unfortunatelly this documents do not describe how to do what I want.
  I already have an working 802.1x. But the mac only authenticates when the user is loged in. I have to say that even this does not work like it should. If Im loged in sometimes i need to click on "Connect" under networksettings and sometimes it connects just automatically. Thats really strange.
  I set the eapolclient to debugging mode and see following in /var/log/system.log when I logout.
  Feb 20 18:39:09 MacBook-Pro.local eapolclient[734]: [eaptls_plugin.c:189] eaptls_start(): failed to find client cert/identity, paramErr (-50)
  Feb 20 18:39:09 MacBook-Pro.local eapolclient[734]: en0 EAP-TLS: authentication failed with status 1001
  Feb 20 18:39:22 MacBook-Pro.local eapolclient[734]: [eaptls_plugin.c:189] eaptls_start(): failed to find client cert/identity, paramErr (-50)
  Feb 20 18:39:22 MacBook-Pro.local eapolclient[734]: en0 EAP-TLS: authentication failed with status 1001
  this are only debugging messages I get. Looks to me like eapolclient is not able to find a certificate (?)
  The certificates are in my System keychain.
  Unfortunatelly apple also changed the loging behaviour of eapolclient, I dont see any eapolclient.*.log under /var/log
  Any ideas ?

• Navigation handlers and user authentication

  I've implemented a system to force user logins based on the code demonstrated here: http://www.jsftutorials.net/jsfNavigation/jsf-login-navigation-redirect.html but I've come across a problem.
  It seems the navigation handler is called only when JSF needs to resolve the outcome of an action and this means that in certain cases a user can view a secure page without having to log in. For example, using the example app from the above link, if a user goes to the start page of the project and clicks on the command buttons to access the protected pages, they are re-directed to the login page as expected. However, if they go to the url of the protected page directly (eg http://localhost:8080/jsf-loginRedirect/secure/editUserProfile.jsf ) it still displays the page.
  Currently I've got a filter in place that re-directs the user to the login page of the web app if there isn't a valid user logged in, but as this runs outside a Faces context I can't track the user's requests.
  Is there some way I can force JSF to call the navigation handler for normal get requests?

  Chops,
  There are 2 things related to this issue,
  1. When the user goes out of the application, you must invalidate the session. So that the userid will not be present in the session.
  2. You can have a phase listener that checks for User Id in session, if the user id is empty, you can re-direct the user to login page. If user id is present automatically the control will go to the navigation rule page.
  Phase Listener will enforce the user authentication.
  Hope this logic helps you to solve the issue.
  Thanks
  Prakash

• User Authentication possible???

  Greetings all.
  I'm working on a contract where the client is taking a first step at SOA, mainly for
  automating now manual processes. Part of the requirement is to implement a user interface to
  input/view data. The user interface is to be a web-app and any new business logic is to be
  done using JEE/Java web services. CAC's (Common Access Cards) (PKI certificates) are to be
  used for user authentication along with SSL.
  The problem is that while the client has stated that the user
  interface is to be made available as a thin-client (web browser), they have also stated that
  the server is NOT to be certifcate enabled, only the application.
  Is this even possible?
  This client is extremely fustrating as they have tasked many of there own people with JEE
  design and project management, yet not a single one of them has ever done any JEE
  developement, and very little, if any, other programming, and are very lacking in the
  area of project management and meeting organization.
  If it is possible, I suspect it would either be a huge amount of work, or require purchasing
  a third party product, which again, is something they have said they do not want to get
  locked into.
  Any thoughts.
  -Ed.
  To clarify, the question is, is it possible to do 2-way mutual client-cert authentication without having to configure it at the server?
  Edited by: Ed_Ward on Nov 12, 2009 3:20 PM

  I have seen a couple solutions to the problem that you are facing. I unfortunately have seen situations such as yours more than once.
  In the passed I usually simply tell them that they are incorrect in their requirments the server will be certificate enabled as "they know" this is the normal scenario. This strategy is usually "employment limiting". But i like it.
  If you are useing SSL then it is likely that personal information or personally identifiable information is being transfered. Many areas have laws about this with a little research you could make the case they must allow certificates on the server for legal compliance. (which may actually be true)
  If the server is not to be certificate enabled then perhaps enable certificates on another server.
  I have seen authentication done for applications deployed on glassfish in which the user had a user name, password and a dongle (which contained a client cert) that plugged into the USB port. In this case they where using OpenSSO. Plug-in and features and profiles in open sso handled all the login issues
  You could try mutual-authentication at a reverse proxy server in front of the application. ie set-up apache with a mutual auth ssl virtual host which passes through to the application with mod_jk. just keep the application server well fire-walled.
  Unfortunately most cases like this that I have been in are projects designed to fail. Which in my opinion is also a legal issue. Either way I would like to hear how things turn out.

• Getting the value from a StationGlobal reference variable in TestExec User Interface Editor Mode.

  Hi,
  I am using the TestExec User Interface editor mode, in the SequenceFileLoad callback from my sequence an instance is made from a C# code module
  (the code module is located in another dll) , this reference is stored into a station global variable.
  Now I want to retrieve the reference from the station global variable in my TestExec User Interface code.
  So, is it possible to get this reference back from the station global variable?
  Best regards

  Reading the StationGlobal is not a problem. But the problem maybe that your reference contained in your StationGlobal is probably not valid once the SequenceFileLoad has completed its execution which it will have done once the SequenceFile has loaded.
  Any references you wish to pickup are best down via one of the ProcessModel callbacks such as ProcessSetup. 
  Regards
  Ray Farmer
  Regards
  Ray Farmer

• User Authentication failed

  Hi all,
  I like to share one of my peculiar issue with you and like to get a solution as well.
  I am trying to install a portal server with r3load based method. I did a java export of mssql Portal server and suceefully imported in the newly installed server.The server is up and running.I also completed the post installation activites like SLD ,SSO and Jco creation. I am not able to log in to the java page using administrator user and also other users..It keep on saying that user authentication is failed.
  But the beauty is that using the same adminsitrator user i am logging in the visaul administrator .
  I dont know where the problem and also i verified the log files under cluset/server nodes. There i found the log as  follows  --- > Connection is already closed and no longer associated with a managed connection,,
  I dont know where i am missing. Due to this I reinstalled the server and imported again..But the same problem is existing to me. Anyone have suggestion on this please do reply.
  Thanks and Regards
  Vijay

  Hi,
  Thnaks for reply. Its only a java system ,, So no activity needs to be done in SU01. I checked the table in database..the users are exisitng as well in the table.
  FYI: I am able to log in visaul admin but not in the java pages like
  http://<hostname>:port/
  http://<hostname>:port/irj
  Hope i explained  my problem it in right way
  Regards
  Vijay

• Email Receiver Dynamic User Authentication, is it possible?

  Hello Experts,
  I have a scenario SAP ECC->SAP PI->Gmail Mail Server, now the interface is working fine, the thing is that I want to configure the user Authentication in a dynamic way, I tried to doit in a UDF in the Message Mapping, using the dynamic values for:
  TServerLocation
  TAuthKey
  fields, but is not working, am I using the correct header fields?, or is there another way to change this parameters?, thanks in advance for your answers.
  Regards,
  Julio Cesar

  Hello Gopal,
  Im using Plain, it works fine if I fill up the fields for User and Password in the comm channel, but if I try using the fields in a Dynamic way is not working, thanks for your answer.
  Regards,
  Julio

• 'authentication control-direction in' in authentication CLOSED mode

  Switch: 4510R+E, running a DEV version based off 3.6.0
  ISE: 1.2.0.899 patch 7
  Hi, I have been working on a weird issue where some of my clients would randomly drop their IP address and the only way I could get it back was to move their port to authentication open mode. I need to run in closed mode because I change VLANs via MAB. 
  I have been working with TAC, and they suggested I add the command 'authentication control-direction in' to my switchport config (below). With the couple tests Ive done, this seems to help. But I would like to understand why. Doesn't the control-direction command somewhat nullify the premise of running in closed mode? I.E. It allows some communication before the device is authorized. Thanks.
  interface GigabitEthernet2/18
   switchport access vlan 34
   switchport mode access
   switchport voice vlan 66
   logging event link-status
   authentication event fail action next-method
   authentication event server dead action authorize vlan 34
   authentication event server dead action authorize voice
   authentication event server alive action reinitialize 
   authentication host-mode multi-auth
   authentication order mab dot1x
   authentication priority dot1x mab
   authentication port-control auto
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   service-policy input QoS-Input-Policy
   service-policy output QoS-Host-Port-Output-Policy
  end

  I also needed to use this command to keep devices authenticated. It was happening with a CCTV system that was an embedded Linux OS. It was on MAB and because it wasn't transmitting any traffic (unlike a noisy windows box) then the switch wouldn't be able to reauth it as it had no mac address to be able to auth, so would show up with an 'unknown' in the MAC field.
  Basically it allows traffic to flow out of the port. This enabled the device to be able to receive HTTP traffic and made it respond and then the switch could auth it again once the device sent a frame.
  when you do a show authentication sessions you will notice a Oper control dir: both will change to Oper control dir: in

• Use Microsoft Online Directory Services as a user authentication provider for our own SharePoint farm?

  Hi,
  I've managed to configure my farm so that  Microsoft Online Directory Services (Office 365 etc.) can be used for STS authentication, but what I'm actually trying to do is allow user authentication - that is, I'm hoping to be able to use the user's
  O365 credentials to authenticate them in my own farm so they can view certain parts of it. If I need to write my own login form or authentication provider or whatever that's fine, as long as the user doesn't need to enter anything when they access my farm
  (provided they already have cached O365 credentials in their browser session).
  FWIW I actually need to be able to support the possibility that users are coming from multiple O365 tenancies, whereby each site collection will be configured to allow users from a different O365 tenancy (more or less).
  If it's not possible to do with my own development farm on a PC, it is possible if the farm is hosted in Azure?
  Thanks
  Dylan

  Hi  Dylan,
  According to your description, my understanding is that you want to use Microsoft Online Directory Services as a user authentication provider for your SharePoint farm.
  For your demand, you can configure a hybrid topology for your SharePoint farm:
  http://technet.microsoft.com/en-us/library/jj838715(v=office.15).aspx
  http://technet.microsoft.com/en-us/library/dn197168(v=office.15).aspx
  Thanks,
  Eric
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
  contact [email protected]
  Eric Tao
  TechNet Community Support