Username/password token question... wss4j

Similar Messages

• CallbackHandler  - username and password token

  Hi,
  I use a CallbackHandler and server_security_config.xml on the server to authenticate and authorize the user.
  I get the correct username and password token on the server and do my validation directly in:
  public class AuthenticationValidator implements PasswordValidationCallback.PasswordValidator
  public boolean validate(PasswordValidationCallback.Request request)
  throws PasswordValidationCallback.PasswordValidationException
  System.out.println("AuthenticationValidator public boolean validate");
  PasswordValidationCallback.PlainTextPasswordRequest req = (PasswordValidationCallback.PlainTextPasswordRequest) request;
  System.out.println("Username: " + req.getUsername());
  System.out.println("Passowrd: " + req.getPassword());
  // check with database!
  // return false; // not OK
  return true; // OK
  I don't want to use a JAAS Login module.
  The auth works fine.
  Now I have a big and a little problem.
  1.) I need the username (String username = req.getUsername();) from xwss in my service implementation class. But how can I transfer this value??
  I have a javax.security.auth.callback.CallbackHandler class and no Logicalhandler with a MessageContext object.
  2.) My second question:
  If the authentication fails AuthenticationValidator returns return false; and the client gets a SoapFault Exception. It is possible to catch this exception and throw a user defined exception?
  Please helped me, thanks!!
  Please see also here:
  https://xwss.dev.java.net/servlets/ReadMsg?list=users&msgNo=54
  Regards,
  Rocci

  Hi,
  thanks for your fast answer and sorry for my late answer.
  I tried it and now nothing is working any more.
  I get with the new libraries the following exception:
  22.06.2006 11:28:36 com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher receive
  SCHWERWIEGEND: java.lang.IllegalArgumentException: Illegal use of setScope() on non-existant property :javax.security.auth.Subject
  java.lang.RuntimeException: java.lang.IllegalArgumentException: Illegal use of setScope() on non-existant property :javax.security.auth.Subject
       at com.sun.xml.xwss.SystemHandlerDelegateImpl.processRequest(SystemHandlerDelegateImpl.java:274)
       at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.receive(SOAPMessageDispatcher.java:144)
       at com.sun.xml.ws.server.Tie.handle(Tie.java:88)
       at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.handle(WSServletDelegate.java:333)
       at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:288)
       at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:77)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
  I have in my validator class:
  Subject subject = new Subject();
  subject.getPrincipals().add(new X500Principal("CN=" + userName));
  subject.getPrivateCredentials().add(password);
  and in my service implementation class:
  Object o = messageContext.get("javax.security.auth.Subject");
  With the old libs o was null. Now with the new libsI get ealier the above mentioned exception.
  Any further help would be very nice.
  Regards,
  Rocci

• Username and password token retrieval from SOAP web services

  We are implementing one JAX-WS Web services which requires to retrieve the username and password in SOAP header elements and use those for further use/processing.
  When we are retrieving username/password it’s coming as null. Please help ...
  if (Boolean.FALSE.equals(context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY))) {     
  try {
  SOAPMessage sm = context.getMessage();
  //SOAPEnvelope envelope = context.getMessage().getSOAPPart().getEnvelope();
  SOAPEnvelope envelope = sm.getSOAPPart().getEnvelope();
  SOAPHeader sh = envelope.getHeader();
  System.out.println("Message: "+envelope);
  System.out.println("Envelope: "+envelope);
  System.out.println("Header: "+sh.toString());
  Iterator it = sh.examineAllHeaderElements();
  while(it.hasNext()){
  System.out.println(it.next());
  String username;
  username = sh.getAttribute("Username");
  // username = sh.getAttributeValue("Username");
  //String password = sh.getAttribute("Password");
  System.out.println("uid:"+username);
  //System.out.println("pass: "+password);
  context.put("Username", username);
  //context.put("Passsword", password);
  // default scope is HANDLER (i.e., not readable by SEI
  // implementation)
  context.setScope("Username", MessageContext.Scope.APPLICATION);

  <S12:Envelope xmlns:S11="..." xmlns:wsse="..." xmlns:wsu= "...">
  <S12:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>TestUser</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">TestPassword</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </S12:Header>
  </S12:Envelope>

• Dont know my username password or security questions

  I have offered my wife my old iphone 4 but I set it up on email account I no longer use and has been closed. additionally I don't know my security questions or the apple id password.
  any ideas

  Log out of that account and create a new AppleID for your wife.
  You may want to start fresh with the phone by plugging it into iTunes and restoring it.
  If you do not know your username and password or any of the security questions, and you are unable to restore the phone, you may want to contact AppleCare, but keep in mind that now knowing username, password and security questions is extremely suspicious and makes it difficult to ensure you are the owner of the account/device, so you might have a hard time with that.

• I get an error message when trying to email photos. It says "The email server didn't recognize your username/password combination." Yet I have reset my password and was able to log in to this Support Community. Can anybody help me?

  I get an error message when trying to email photos. It says "The email server didn't recognize your username/password combination." Yet I have reset my password and was able to log in to this Support Community. Can anybody help me?

  See my answer to your previous duplicate question. What happened when you tried my answers?
  LN

• The email server didn't recognize your username/password combination.

  OS: OS X Mavericks
  iPhoto: iPhoto v9.5.1 (902.17)
  I choose a photo, select Share, select Email, enter an email address to send to and click Send - then I get this error: "The email server didn’t recognize your username/password combination."
  In iPhoto preferences I have "Email photos using" set to "iPhoto"; I have an account added for Gmail (outgoing mail server: smtp.gmail.com; Port: 587; User Name and Password are correct for my gmail account, Use SSL is checked - basically everything is default for when I chose to add a gmail account and I'm positive my user name and password are entered correctly). I do not have 2-step verification enable for my gmail account (I've been searching for a solution online and noticed others mentioned this - this does not apply to my situation).
  Please help! What is going on? I just want to send an email from iPhoto using my gmail account.
  Thanks!

  Thanks again for responding, MrHoffman; my responses to your questions are below in italics:
  Have you tested the Gmail account via Apple Mail.app, and does both sending and receiving work?
  Yes, I have tested the Gmail account via the Apple Mail.app - sending and receiving work just fine.
  Have you confirmed that the Gmail user and password work with the Gmail web interface?
  Yes, I am sure it is the correct username and password; I am able to access the Gmail account via the Gmail web interface.
  Are you aware of and familiar with both sets of credentials present within each account within Mail.app?  In particular, have you gotten to the configuration displays the SMTP server settings?  (Mail > Preferences > Accounts > Account Information > Outgoing Mail Server (SMTP) > select Edit SMTP Server List > select the SMTP server account > edit the SMTP server settings.)
  I'm not sure what you mean by both sets of credentials, but yes, in the Mail.app I have set the Outgoing Mail Server (SMTP) to Gmail (and used the Edit SMTP server list... option to set the smtp server to use default ports, use SSL, and use "Password" authentication (again with my correct username and password for the Gmail account). I also have the Account Information in Mail.app set for the incoming mail server (maybe that's what you mean by both). Either way, I believe having these settings for incoming mail server and outgoing mail server are allowing me to send and receive email for this Gmail account through Mail.app.
  I've also had some success by launching Keychain Access.app and finding all passwords associated with the account — specifically and only the Gmail account, in this case — and removing them from your keychain.  This does mean you'll have to re-add those passwords — using Mail.app and no other applications — and see if things start working.
  I just tried this - I launched Keychain Access.app and removed all entries associated with Gmail. I opened Mail.app, re-entered my password info, and sent a test email to another account - this worked. I opened iPhoto.app, re-entered my password via the Preferences, selected a photo, selected share, selected email, entered a to: address and clicked send - this didn't work (same error message as before (The email server didn't recognize your username/password combination).

• Can username, password have unicode(non english) characters

  Does Oracle allow a username, password to have non english characters.

  I found the answer to my own question. In essence it looks like the answer is Yes for UserName and a little confusing for the Password. Password has to be in Single byte characterset, not clear whether 7 bit or 8 bit. 8 bit from my understanding is Ascii + some Western European characters.
  Following is from Oracle 10G Database SQL reference
  user
  Specify the name of the user to be created. This name can contain only characters from your database character set and must follow the rules described in the section "Schema Object Naming Rules". Oracle recommends that the user name contain at least one single-byte character regardless of whether the database character set also contains multibyte characters.
  Note:
  Oracle recommends that user names and passwords be encoded in ASCII or EBCDIC characters only, depending on your platform.
  BY password
  The BY password clause lets you creates a local user and indicates that the user must specify password to log on to the database. Passwords can contain only single-byte characters from your database character set regardless of whether the character set also contains multibyte characters.
  Passwords must follow the rules described in the section "Schema Object Naming Rules", unless you are using the Oracle Database password complexity verification routine. That routine requires a more complex combination of characters than the normal naming rules permit.

• Testing a secured Web Service (Basic -Username/Password)

  Hello,
     I configured security for a custom web service using [this |https://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/e08627de-9816-2a10-02b7-cbd60f7e4b2c&overridelayout=true] . I configured section
  3.2 Configuring Document Authentication
                 Basic (Username/Password)
  How should I go about testing this. I tried using Web Service Navigator, I get this error:
  00118565098B00220000011400001D8C00047182FEC71535 : Authentication using a wsse:Username token failed. The error was com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration..

  Please download tutorial bundle from:
  http://java.sun.com/javaee/5/docs/tutorial/information/download.html
  some details about it:
  http://docs.sun.com/app/docs/doc/819-3669/gfiud?a=view
  You can try examples after downloading zip file :
  The zip file also contains a documentation e.g. pdf file.
  There you can find more info.
  Here is one chapter from doc.
  Example: Basic Authentication with JAX-WS
  This section discusses how to configure a JAX-WS-based web service for HTTP basic
  authentication. When a service that is constrained by HTTP basic authentication is requested,
  the server requests a user name and password from the client and verifies that the user name
  and password are valid by comparing them against a database of authorized users.
  Regards Miro

• Logon failure with username/password authentication in WLE 5.1

  Hi,
  I have WLE 5.1 configured and running on a Win2K system. I am able to
  build and run the simpapp sample program. I am also able to build the
  interceptor_cxx sample and run with all interceptors other than the
  security interceptor. What I realised in this case was that the
  PersonQueryClient did not perform any login of a user from which the
  security interceptor could extract user ID information (have I missed
  something? I am a WLE and CORBA newbie) so I modified the ubb config
  file to define SECURITY as USER_AUTH and add the AUTHSVC, modified
  personqueryclientc.cpp to get access to the SecurityLevel2 principal
  authenticator, built the app, created a user with the tpussradd command,
  and ran the app (the AUTHSVC successfully starts).
  The Tobj::AuthType returned by the get_auth_type method of the
  PrincipalAuthenticator is Tobj::TOBJ_APPAUTH as I expect. I call the
  logon method with the parameters (user_name, argv[0], sys_password,
  password, 0) where user_name is the same as the user I created with the
  tpusradd command, argv[0] is personqueryclient (I've tried tpusradd'ing
  the user both with the "-c personqueryclient" argument and without),
  sys_password is the password I specified when tmloadcf was run against
  the modified ubb config file, password is the password I specified when
  I ran tpusradd. The logon always fails returning
  Security::SecAuthFailure. In the ULOGxxxx file the following message is
  displayed:
  181605.NUMBAT!TMSYSEVT.2180: LIBTUX_CAT:1484: WARN: .SysClientSecurity:
  User tbartley on SITE1 authentication failure
  I've tried running in the following manners all with the same result:
  1. With or without the security_cxx interceptor registered
  2. With the user in or not in a group
  3. With the the user created using the "-c personqueryclient" arg to
  tpusradd or not
  If I change the security level down to APP_PW then everything works and
  the security_cxx interceptor sees a client name of personqueryclient and
  a username of personqueryclient. The logon fails if I use a sys_password
  other than the one specified to tmloadcf and succeeds if I use the
  correct password.
  Can anyone tell me what I might be doing wrong in the username/password
  authentication case?
  Here's the code I inserted to personqueryc.cpp to perform the logon:
  // Get SecurityCurrent object
  CORBA::Object_var var_security_current_oref
  = bootstrap.resolve_initial_references("SecurityCurrent");
  SecurityLevel2::Current_var var_security_current_ref =
  SecurityLevel2::Current::_narrow(var_security_current_oref.in());
  // Get the principal authenticator
  SecurityLevel2::PrincipalAuthenticator_var
  var_principal_authenticator_oref =
  var_security_current_ref->principal_authenticator();
  char user_name[100] = "";
  char password[100] = "";
  char sys_password[100] = "";
  // Narrow to a BEA Principal Authenticator
  Tobj::PrincipalAuthenticator_var v_bea_pa =
  Tobj::PrincipalAuthenticator::_narrow(var_principal_authenticator_oref.in());
  // See what level of logon has been turned on
  Tobj::AuthType auth_type = v_bea_pa->get_auth_type();
  cout << "Auth type: ";
  switch (auth_type) {
  case Tobj::TOBJ_APPAUTH: cout << "TOBJ_APPAUTH"; break;
  case Tobj::TOBJ_SYSAUTH: cout << "TOBJ_SYSAUTH"; password[0] = '\0';
  break;
  case Tobj::TOBJ_NOAUTH: cout << "TOBJ_NOAUTH"; break;
  default: cout << "TOBJ_<unknown>"; break;
  cout << endl;
  cout << "Username: ";
  cin >> user_name;
  switch (auth_type) {
  case Tobj::TOBJ_APPAUTH: {
  cout << "User password: ";
  cin >> password;
  // fall through
  case Tobj::TOBJ_SYSAUTH: {
  cout << "App password: "; cin >> sys_password;
  break;
  default: {
  break;
  // now that we've got all the data necessary, logon
  Security::AuthenticationStatus status =
  v_bea_pa->logon(user_name,
  argv[0],
  sys_password,
  password,
  0); // user data
  cout << "Logon result: ";
  switch (status) {
  case Security::SecAuthSuccess: cout << "SecAuthSuccess"; break;
  case Security::SecAuthFailure: cout << "SecAuthFailure"; break;
  case Security::SecAuthContinue: cout << "SecAuthContinue"; break;
  case Security::SecAuthExpired: cout << "SecAuthExpired"; break;
  default: cout << "SecAuth<unknown>"; break;
  cout << endl;
  if (status != Security::SecAuthSuccess) {
  cerr << "Invalid password." << endl;
  exit(1);
  Here are the entries I added to the ubb config file:
  *RESOURCES
  SECURITY USER_AUTH
  AUTHSVC AUTHSVR
  *SERVERS
  AUTHSVR SRVGRP=SYS_GRP SRVID=6 RESTART=Y GRACE=600 MAXGEN=2 CLOPT="-A"
  I do not have the WLE Security Services installed (i.e. the package
  that provides SSL and crypto). Is this required? It's not clear to me
  from the documentation if this is required for username/password based
  authentication or not.
  Thanks for any help,
  Tim Bartley

  Hi Michael
  I am using SSL in my application. So that it asks for the certificate username
  and password while startup. But now i want to mention the username and password
  in weblogic.properties file itself. So that the client need not have to provide
  the username and password everytime. I am using weblogic server 5.1 version.
  How do i do this?
  Hope my question is clear. Please help.
  with regds
  siva
  Michael Young <[email protected]> wrote:
  Hi.
  It's not 100% clear to me what you are asking for. Do you want authentication
  turned off for
  your application? That will certainly turn off prompting for authentication
  information. You
  can set your ACL for your application (in your properties file) to allow
  everyone to execute
  it. Something like:
  weblogic.allow.execute.<myApplication>=everyone
  But maybe you want some kind of silent authentication so that not everyone
  can execute your
  app? I suppose you could pass authentication info in a cookie. I really
  don't know enough
  about your application, though.
  I suggest you post this question in weblogic.developer.interest.security
  - you have a better
  chance of getting an answer there for security related questions.
  Hope this helps.
  Michael
  siva wrote:
  Hi all,
  I have the following requirements. I have an application which asksfor the authentication
  information like username and password at first. The application isrunning in
  weblogic5.1 server. Is there a way where in weblogic.properties file,i mention
  the username and password so that the application will not ask forin the browser.
  please help. It's urgent.
  with regds
  siva--
  Developer Relations Engineer
  BEA Support

• How to pass username/password through WebService proxy client to E-BS.

  Hi
  We are using ADF Webservice proxy client to integrate E-Business suite with ADF. It asks for username/password to access details from E-BS. In the generated webservice XSD file, a method is available with 2 parameters.
  1) SOAP header( Contains Username, responsibility and 2 more fields)
  2) Class object(Nested Object)
  However i didn't find "*Password*" field anywhere in it. Then how can I pass "*Password*" along with username to invoke this method?
  When i checked SOAP, the password is defined like this
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXX</wsse:Password>a
  Thanks
  Raja

  hi Dario
  Thank you for your post. It is really helpful. Now I got stuck with a doubt, in this piece of code
  final Binding binding = ((BindingProvider) servicePort).getBinding();
  List<Handler> handlerList = binding.getHandlerChain();
  if (handlerList == null)
  handlerList = new ArrayList<Handler>();
  They didn't mention properly about "*servicePort*". What object is this?
  I checked in Oracle document, even in that I was not clear with that piece of code.
  public class HandlerWS{ 
  @Resource WebServiceContext ctx;
  @WebMethod()
  public String getProperty(String propertyName) {  
  return (String) ctx.getMessageContext().get(propertyName);
  public class Main {
  public static void main(String[] args) {
  HandlerWS test;
  try {
  test = new HandlerWS(new URL(args[0] + "?WSDL"), new
  QName("http://example.org", "HandlerWS") );
  } catch (MalformedURLException murl) { throw new RuntimeException(murl); }
  HandlerWSPortType port = test.*getHandlerWSPortTypePort*();
  What is this HandlerWSPortType object???. Can you give me little more explanation about it?
  Thanks

• ORA-01017: invalid username/password; logon denied error...Help Please!!!

  when I log into either a Unix server or a windows server, I use the same account GILLR, and as such I created an account in the DB as OPS$GILLR and issued the follwing command:
  CREATE USER OPS$GILLR IDENTIFIED EXTERNALLY DEFAULT
  GRANT CREATE SESSION TO "GILLR"
  then when I run:
  GILLR@csc08> sqlplus /
  SQL*Plus: Release 9.2.0.4.0 - Production on Wed Aug 3 08:19:52 2005
  Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
  ERROR:
  ORA-01017: invalid username/password; logon denied
  Enter user-name:
  Now I followed steps that were provided to me from the ASKTOM site and I even found some solutions to this error, but nothing worked. Does anyone know why I can not use OS_AUTH on any of the servers here?

  WOW!!!!! Adding in the DOMAIN into the OPS$DOMAIN\USER worked....Thanks for your help. Now I have one other question. You stated "ypur client computer and Oracle server computer should be in the same domain" What is I have users in Domain X and some users in Domain Y. When they hit some website, they have the option to select the Domain and enter their credentials. If the user has the ability to select the domain then does it really matter if the client machine is on the same domain as the DB server. I mean, the user maybe from Domain X but the DB server might be on Domain Z. The client machine and web server might be both Windows server, but when the webb app makes a call to the DB using proxxy connection, the proxxy account will take the user OPS$DOMAIN'X'\USER and make a call to the DB. How can I handle this problem?

• How to get the username/password of the current owner of the running code

  Dear friends,
  Our product is running on the App Server(weblogic/websphere...) and we also use security provider(OpenLDAP) and kerberos to support SSO. Before, when a user tyies to login in the first time, the way we use to authenticate the user is:
  1) Accept the username/password
  2) Query the security provider(OpenLDAP) to get the principles.
  3) verity if the username/password is corrent or not.
  As we know, to query the principles, we need to provide a search user(both username and password) if we configured the access control of the ldap server:
  I have configured my envirioment as follows
  1) In the LDAP server, configured the Middle Tire user(The Operating System user running the App Server) to have the permission to query principles.
  2) The server is configured to runing on SSO envirioment.
  My question is could I get the username/password of the OS user running the App Server at runtime so that I can query the ldap server without explicitly providing the search user?
  Thanks,
  RR
  Edited by: Ricky Ru on Oct 9, 2011 1:50 AM

  Thanks EJP.
  I have made some progress on this. But I have met another issue.
  *1) Using JAAS to login.*
  loginContext.login();
                 Subject subject = loginContext.getSubject();
                 ldapContext = (LdapContext) Subject.doAs(subject, this);
  *2) Init the ldapContext to use the GSSAPI authentication*
  // this is called automatically by login()
       public Object run() {
            Hashtable ldapEnv = new Hashtable();
            ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            ldapEnv.put(Context.PROVIDER_URL, "ldap://9.30.215.197");
            ldapEnv.put(Context.SECURITY_AUTHENTICATION,"GSSAPI");
            ldapEnv.put(Context.SECURITY_PRINCIPAL,"");
            ldapEnv.put(Context.SECURITY_CREDENTIALS,"");
            //System.setProperty("sun.security.krb5.debug", "false");
            // This tells the GSS-API to use the cached ticket as
            // credentials, if it is available
            System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");     
            try {
                 InitialLdapContext ctx = new InitialLdapContext(ldapEnv,null);
  But I got the following exception when excuting new InitialLdapContext(ldapEnv,null);
  Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
  Acquire TGT from Cache
  Principal is [email protected]
  Commit Succeeded
  javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Integrity check on decrypted field failed (31))]]
       at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:150)
       at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
       at javax.naming.InitialContext.init(InitialContext.java:223)
       at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
       at LDAPKerbService.run(LDAPKerbService.java:66)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.Subject.doAs(Subject.java:337)
       at LDAPKerbService.login(LDAPKerbService.java:40)
       at LDAPKerbService.main(LDAPKerbService.java:82)
  Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Integrity check on decrypted field failed (31))]
       at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:194)
       at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:105)
       ... 16 more
  Caused by: GSSException: No valid credentials provided (Mechanism level: Integrity check on decrypted field failed (31))
       at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:663)
       at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230)
       at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162)
       at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:175)
       ... 17 more
  Caused by: KrbException: Integrity check on decrypted field failed (31)
       at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:61)
       at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:185)
       at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:294)
       at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:106)
       at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:562)
       at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:594)
       ... 20 more
  Caused by: KrbException: Identifier doesn't match expected value (906)
       at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
       at sun.security.krb5.internal.TGSRep.init(TGSRep.java:58)
       at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:53)
       at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:46)
       ... 25 more
  Do you have any clue on this? Thanks.

• Lost all autofill usernames & password after migration & upgrade to leopard

  I recently got a new imac, migrated all my old info to the new machine, then upgraded to leopard. now safari has none of my previous usernames & passwords stored in autofill preferences. can i go back to my old machine and find a prefernce list or something to put on my new imac so i don't have to go refigure all my usermanes & passwords?
  i transferred from the old half-dome imac to a new 24" imac, which i LOVE!!

  Be sure to use software update to get the latest version of Leopard 10.5.1. Then, if the passwords still do not appear, try this:
  I found this answer on another discussion question.
  Open Utilities:Keychain Access
  Click on Passwords in left column
  Scroll down to "Safari Forms Autofill" and double-click
  Open access control window
  Click radio button that says "Allow all applications to access this item"
  Close window--you will be prompted for your password.
  Note: this works for other items in the password window.

• How should my clients supply username + password ?

  Hi,
  I need to write a webService with authentication.
  Namely: client applications must supply username + password ( which will be checked against our LDAP server ).
  I'm new to this, so I'd appreciated it if someone could tell: how should my clients supply the password ?
  - Is it customary to supply the username+password through standard HTTP headers (say, 'basic authentication') ?
  - Or, is it handled by the webServices/security spec ? Does the < soap:Envelope > message structure keep a dedicated tag for user/password info ? Something like:
  <soap:Envelope...>
  < ! -- dummy tag! -- >
  <login user='jelly' password='secret' />
  </soap:Envelope...>
  Thanks very much.

  I have the same question. Have you figured this out yet?

• Check if username/password is valid in database

  In this old thread:
  HTMLDB Connection Pooling with Oracle usernames
  sspadafo mentions that it is possible (at least for apex when processing a database account authentication) to check if a given username/password is valid in the current database. Look for " the login API will call a new function in the database to check a username/pw combination." in the above thread.
  Question: is this "function in the database" available to developers? if so, how to use it?

  Hello,
  and thanks for your answer. I'm aware of that old trick with 'alter user identified by values' but wish to avoid that, exactly for its drawbacks. I'm not creating a custom authentication solution, DB account is fine for me.
  I wish to provide users the ability to change their (database) password in the apex application (which of course uses database account authentication). Changing the password is trivial; but usually in a 'change ypur password' form the users are prompted for their current password too (it is for security reasons). So:
  1.user enters their current password and desired new password (twice)
  2.app checks if current password is valid <-here I hope to use the beforementioned DB function
  3.app issues the 'alter user identified by' statement