Using Identity Server to get userid

Similar Messages

• Using Identity Server as a JAAS authentication provider

  My client wants to use Identity Server to provide JAAS authentication for the Java application they're developing.
  The JAAS tutorial shows how the name of the Java class that provides the authentication service is provided, then an instance of this class is instantiated and the .login method invoked to actually perform the authentication.
  The stated principle behind the tutorial is one of using a pluggable authentication framework, and one should not care how authentication is performed. As long as the callbacks to allow the authentication framework to ask for the credentials required, it should not matter.
  The example of how to do LDAP authentication using Identity server requires using some identity server classes. ie the com.sun.identity.authentication.AuthContext class. They specifically want to use pure JAAS authentication rather than creating a dependance in their application on Identity Server.
  Is a Java class available which provides this functionality?
  Thanks

  In Apache you can specify the authentication parameters in the virtual host configuration

• Protect ad odument using identity server

  How can i protect a *.html that it is deploy in the application server using the identity server?
  I mean if you got a html en /sp1/hoja.html and you want to ask for the auth to see the person who wants to access it, what can i do?
  I must only create a policy in the identity or i must install a police agent web o j2ee.

  To secure a resource that has been deployed to the application server (let say as an EAR file) you need to do the following:
  - define the secured resources in your web.xml file
  - define the authentication method in your web.xml file
  - in the sun-application.xml file link the role to a group that represents a group in Ldap for example

• OAM : Which identity server is used by Password Policy?

  Hi,
  The OAM setup has two identity servers (ois1, ois2), two webpass (wp1, wp2) on two web servers. wp1 is pointing to ois1 only and wp2 is pointing to ois2.
  We have two sets of Policy manager, Access server and WebGate. wg1 is pointing to aaa1 and wg2 is pointing to aaa2.
  Now, when a user tries to access a OAM webgate protected page and the password policy gets applied, do the identity server comes into picture? if yes, which identity server is used here, ois1 or ois2?
  I want to use ois1 for all the requests coming to webserver with wg1. How do I do it?
  Thanks in advance.

  Hi Colin,
  Thanks for your reply.
  The reason I put this question was - in a scenario when I dont have Access Server (any access component), then also Password Polices work. So, I understand identity server is used here. When we have access side components, what makes OAM not to use identity server at all. Or is it the feature of OAM - when the accessed resource is ptotected by WebGate the Password policies are taken care of by Access Server, otherwise by identity server or is it because of the 'obReadPasswdMode' and 'obWritePasswdMode' in the authentication scheme?
  I stopped my identity server and I saw the password policy working - so I know the behavior; still asking the above question for my better understanding of OAM.
  Thanks for your help!

• I cannot use any server therefore I cannot get on the internet. My ipad can get on the internet. I reset my foxfire to default and now i must have messed it u

  I cannot get online from foxfire. My wifi is working since i have it on my ipad. is foxfire locked up so it cannot allow me to use a server to get on the internet. there is no connection. when i reset firefox to default maybe it did not set up right.

  It is possible that your security software (firewall, anti-virus) blocks or restricts Firefox or the plugin-container process without informing you, possibly after detecting changes (update) to the Firefox program.
  Remove all rules for Firefox and the plugin-container from the permissions list in the firewall and let your firewall ask again for permission to get full, unrestricted, access to internet for Firefox and the plugin-container process and the updater process.
  See:
  *https://support.mozilla.org/kb/Server+not+found
  *https://support.mozilla.org/kb/Firewalls
  *https://support.mozilla.org/kb/fix-problems-connecting-websites-after-updating
  *http://kb.mozillazine.org/Error_loading_websites

• Identity Server has not been configured for this new user/group suffix

  Hi all
  I am having a problem trying to configure the Directory Server (5.2) for Messaging Server.
  My configuration is as follows:
  SJES Q12005
  Server 1 - Directory Server 5.2
  Server 1 - Access Manager (formerly Identity Server)
  Server 1 - Web Server 6.1
  I have successfully installed the above and can login to Access Manager.
  I next installed Calendar & Messengar Server on "Server 1". Upon running "comm_dssetup.pl" from /opt/SUNWcomds/sbin, I get the following error:
  "Identity Server has not been configured for this new user/group suffix"
  Copy and paste of what I entered:
  bash-2.05# perl comm_dssetup.pl
  Welcome to the Directory Server preparation tool for
  Sun Java(tm) System communication services.
  (Version 6.3 Revision 1.0)
  This tool prepares your directory server for use by the
  communications services which include Messaging, Calendar and their components.
  The logfile is /var/tmp/dssetup_20050830165940.log.
  Do you want to continue [y]:
  Please enter the full path to the directory where the Sun ONE
  Directory Server was installed.
  Directory server root [var/opt/mps/serverroot] : /opt/mps/serverroot
  Please select a directory server instance from the following list:
  [1] slapd-sunldap
  Which instance do you want [1]:
  Please enter the directory manager DN [cn=Directory Manager]: cn=DirMan
  Password:
  Detected DS version 5.2
  Will this directory server be used for users/groups [Yes]:
  Please enter the Users/Groups base suffix [dc=samplecompany-dev,dc=co,dc=uk] : ou=infrastructure,o=sampletown,dc=samplecompany-dev,dc=co,dc=uk
  There are 3 possible schema types:
  1 - schema 1 for systems with iMS 5.x data
  1.5 - schema 2 compatibility for systems with iMS 5.x data
  that has been converted with commdirmig
  2 - schema 2 native for systems using Identity Server
  Please enter the Schema Type (1, 1.5, 2) [1]: 2
  Identity Server has not been configured for this new user/group suffix
  You can opt to continue, but you will not be able to use
  features that depend on Identity Server
  Are you sure you want this schema type? [n]:
  I have entered my user group suffix exactly as specified during the Access Manager install (hence I am able to login as "amadmin").
  Looking at the LDAP logs to try and figure out whats going wrong I see its not getting hits on all searches it is performing:
  [30/Aug/2005:16:41:18 +0100] conn=299 op=159 msgId=161 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
  dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(obj
  ectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netscape
  Resource)(objectClass=domain))" attrs="dn"
  [30/Aug/2005:16:41:18 +0100] conn=299 op=159 msgId=161 - RESULT err=4 tag=101 nentries=1 etime=0
  [30/Aug/2005:16:41:18 +0100] conn=299 op=160 msgId=162 - ABANDON targetop=NOTFOUND msgid=161
  [30/Aug/2005:16:41:18 +0100] conn=299 op=161 msgId=163 - SRCH base="ou=people,ou=infrastructure,o=northampton,dc=dataforce-de
  v,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(objec
  tClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netscapeRe
  source)(objectClass=domain))" attrs="dn"
  [30/Aug/2005:16:41:18 +0100] conn=299 op=161 msgId=163 - RESULT err=0 tag=101 nentries=0 etime=0
  [30/Aug/2005:16:41:18 +0100] conn=299 op=162 msgId=164 - SRCH base="ou=clientdata,ou=infrastructure,o=northampton,dc=dataforc
  e-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(o
  bjectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netsca
  peResource)(objectClass=domain))" attrs="dn"
  [30/Aug/2005:16:41:18 +0100] conn=299 op=162 msgId=164 - RESULT err=0 tag=101 nentries=1 etime=0
  [30/Aug/2005:16:41:18 +0100] conn=299 op=163 msgId=165 - ABANDON targetop=NOTFOUND msgid=164
  [30/Aug/2005:16:41:20 +0100] conn=299 op=164 msgId=166 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
  dev,dc=co,dc=uk" scope=1 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates ref aci"
  [30/Aug/2005:16:41:20 +0100] conn=299 op=164 msgId=166 - RESULT err=0 tag=101 nentries=41 etime=0
  [30/Aug/2005:16:41:28 +0100] conn=299 op=165 msgId=167 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
  dev,dc=co,dc=uk" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="objectClass numSubordinates ref aci"
  [30/Aug/2005:16:41:28 +0100] conn=299 op=165 msgId=167 - RESULT err=0 tag=101 nentries=1 etime=0
  [30/Aug/2005:16:41:28 +0100] conn=299 op=166 msgId=168 - SRCH base="ou=services,ou=infrastructure,o=northampton,dc=dataforce-
  dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectClass=ldapsubentry)))(obj
  ectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServer)(objectClass=netscape
  Resource)(objectClass=domain))" attrs="objectClass numSubordinates ref aci"
  [30/Aug/2005:16:41:29 +0100] conn=299 op=166 msgId=168 - RESULT err=0 tag=101 nentries=41 etime=1
  [30/Aug/2005:16:41:29 +0100] conn=299 op=167 msgId=169 - SRCH base="ou=iplanetamauthservice,ou=services,ou=infrastructure,o=n
  orthampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(objectC
  lass=ldapsubentry)))(objectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscapeServ
  er)(objectClass=netscapeResource)(objectClass=domain))" attrs="dn"
  [30/Aug/2005:16:41:29 +0100] conn=299 op=167 msgId=169 - RESULT err=0 tag=101 nentries=1 etime=0
  [30/Aug/2005:16:41:29 +0100] conn=299 op=168 msgId=170 - ABANDON targetop=NOTFOUND msgid=169
  [30/Aug/2005:16:41:29 +0100] conn=299 op=169 msgId=171 - SRCH base="ou=iplanetamauthldapservice,ou=services,ou=infrastructure
  ,o=northampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)(obj
  ectClass=ldapsubentry)))(objectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=netscape
  Server)(objectClass=netscapeResource)(objectClass=domain))" attrs="dn"
  [30/Aug/2005:16:41:29 +0100] conn=299 op=169 msgId=171 - RESULT err=0 tag=101 nentries=1 etime=0
  [30/Aug/2005:16:41:29 +0100] conn=299 op=170 msgId=172 - ABANDON targetop=NOTFOUND msgid=171
  [30/Aug/2005:16:41:29 +0100] conn=299 op=171 msgId=173 - SRCH base="ou=iplanetampolicyconfigservice,ou=services,ou=infrastruc
  ture,o=northampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(objectClass=*)
  (objectClass=ldapsubentry)))(objectClass=referral)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=nets
  capeServer)(objectClass=netscapeResource)(objectClass=domain))" attrs="dn"
  [30/Aug/2005:16:41:29 +0100] conn=299 op=171 msgId=173 - RESULT err=0 tag=101 nentries=1 etime=0
  [30/Aug/2005:16:41:29 +0100] conn=299 op=172 msgId=174 - ABANDON targetop=NOTFOUND msgid=173
  [30/Aug/2005:16:41:29 +0100] conn=299 op=173 msgId=175 - SRCH base="ou=iplanetamauthenticationdomainconfigservice,ou=services
  ,ou=infrastructure,o=northampton,dc=dataforce-dev,dc=co,dc=uk" scope=1 filter="(|(&(numSubordinates=*)(numSubordinates>=1)(|(
  --More--(83%)
  The list goes on.
  Can anyone give me any pointers?
  Thanks

  Hi
  Thanks for your reply!
  I did mis-type, my mistake - sorry about that.
  If I dont over-ride the default it works, I've pretty much got the whole setup working now but I'm not particularly over the moon about the way the ldap tree is setup, I'd like finer granuality as we are going to attempt to get syncronization working with AD.
  I have an idea about how I'd like to set up our Mail/Calendar/LDAP infrastructure the 2nd time around (I'm just testing at the mo) - so I might have a question or two for you if you dont mind taking a look when you have a minute?
  Thanks Jay

• How to get USERID system parameter in the report

  I can pass the user id, password and connect string through the USERID parameter, but how do I get it in the report? (I need to pass the USERID to a different report, I got a error when I use :USERID). Thanks.
  WJ

  There are two steps I used with which to get USERID into the report.
  1) Create a user parameter, P_USER, datatype CHARACTER, width 20
  2) in Report Trigger AFTER PARAMETER FORM (could also be BEFORE REPORT), insert the following line of code:
  :P_USER := USER;
  Now you can create an F_USER variable with P_USER as its source and place it in the report as you would with any other user parameter.
  Regards,
  Steve

• Security solution with Identity server for SOX compliance

  Hi all,
  Has anybody used Identity Server as security solution to achieve SOX compliance? i want to know general view, opinions , experiance of ppl while implementing such solution.
  Just a little background of SOX: It is Created by US Congress in the wake of corporate scandals like Enron in 2001 and 2002.it is an attempts to tighten controls over corporate financial reporting and transparency.
  I am basically interested in implementing security solutions using Identity server for SOX compliance. Section 404 of this act deals with internal controls, which essentially requires organizations to provide following facilities -
  1. User Identification, authorization and access
  2. User control of user accounts
  3. Central identification and access rights/permissions management
  4. Violation and security activity report
  Has anybody developed such solution? What are your general experiance, problems , issues etc? Please share your view....

  Just too quick to draw conclusion: See below FAQ
  If you are not in the same AS container, let me know. Jerry
  Copy from J2EE agent FAQ
  Question - Is it possible to install a J2EE 2.1agent and Identity Server on the same instance of the application server ?
  Installing the IS60SP1/IS61 server and J2EE 2.1 policy agent on the sameninstance of Application server is not a supported configuration. We do support the 21 J2EE agent and IS installed on different instances of the application server. So, users can install theJ2EE 2.1 agent on a one instance of the application server and install IS on a different instance of the apps server.

• Role Delegation in Identity Server 5.1

  Have anyone try to set two adminitrators in Identity Server 5.1 say Admin-A & Admin-B so that Admin-A can only add/del Role-A to all user and Admin-B can only add/del Role-B to all user?
  Moreover, is it possible that users created by Admin-A can only remove by Admin-A and users created by Admin-B can only remove by Admin-B given that all users is in the same people container?
  Thanks,
  Clive Chan

  Yes it is possible to setup a delegation model like that ..
  This documentation should have been added to that identity server unfortunately it had been left out.
  Anyway the same documentation is provided in the link below ..
  http://docs.sun.com/source/816-6359-10/dadmadm.html#26847
  Note: this documentation is for portal server but portal server uses identity server as its infrastructure and is actually a service that sits on the identity server ..
  HTH ..

• Does URL Policy Agent of SunONE Web Server 6.1 works with Identity Server 6

  Hi,
  I'm using URL Policy Agent of SunONE Web Server 6.1, and using Identity Server 6.1 to configure policy to access web resource such as http://myweb.org.cn/test/*
  After configyration, I try to access the resources http://myweb.org.cn/test/test.html
  The redirection is ok, the IS login appear, but after login successfully, it still tell me that I don't have permission to view this web page.
  Is this because of URL policy agent don't support IS 6.1?
  Many thanks,

  Can anybody help me with the steps to generate core for this issue.. I followed the steps as said in http://blogs.sun.com/meena/entry/troubleshooting_server_crashes_enabling_core but I don't see any core generated when server crashes..
  Setup Info:
  - OS is RHEL 4.0
  - Sun ONE Web Server 6.1SP7
  - Policy Agent 2.2

• How to get UserId by WD from different EP server

  Hey guys:
                 I deploy my WD application to EP1, and I need to use WD iview to show the same application on the other server, EP2.
  Everything goes fine on EP1, but the web dynpro iview on EP2 cannot get UserID. Is there any solution to get userid when the application and iview are not on the same EP server?
  Any suggestion, please.
  ps. I cannot just deploy the application on both EP to solve this problem. Don't ask me why, that's the command from my boss.

  The problem is that when a text file is sent to a browser, it will generally display the text file in the browser, depending on the type of browser of course.
  You need to set the Content-disposition header that tells the browser to dowload the file, this will open the typical "File Save As" dialogue in the browser. See the following link for more detailed information, or search the JDCs for "Content-disposition".
  http://www.javaworld.com/javaworld/javatips/jw-javatip94.html
  -Derek

• Getting remote file using FTP Server Issue in OSB

  Hi Guys,
  I have configured a FTP server on my local system and I created a proxy service to get file from ftp location to some other location but it fails . I used ftp protocol for getting file
  and my ftp location is D:\host\ftp and it has another folder called osb . I used ftp as protocol and EndPointURI is ftp://localhost/. It fails to get files and shows error message like
  com.bea.wli.sb.transports.TransportException: <user:osb>Unable to list files for
  directory: .
  at com.bea.wli.sb.transports.ftp.connector.FTPWorkPartitioningAgent.exec
  ute(FTPWorkPartitioningAgent.java:218)
  In case of Business Service, writing a file to ftp location (i.e ftp://localhost/ means D:\host\ftp\osb) working.
  I used service account for both proxy,BS to connect . osb is username and same as password.
  Can Any one please suggest me How to solve this issue?
  Thanks,
  Srinivas.
  Edited by: 863597 on May 22, 2012 1:06 AM

  Hi Vijay Thank you,
  Can we do the pooling directly using FTP protocol like JMS protocol in OSB with out using FTP JCA Adapter.I did in such a way but it fails. For pooling files the mentioned endpoint uri is as ftp://localhost/ and it actual path is D:\host\ftp and ftp has another folder called osb here i have to get the files from this osb Can any one suggest me if there is any problem with the ftp protocol end point.
  Thank You,
  Srinivas.

• Getting error in starting identity server and access server in OAM

  Hi all,
  Am new to OAM . now am try to do sso for two different resources . i completed installations but now the error is the while starting the identity server the error is "*oracle access manager identity server services on local computer started and then stopped .some services stop automatically if they have no work to do , for example, the performance logs and alters service* ". and while starting access server the error is "*could not start the oracle access manager access server service on local computer. error 1067: the process terminated unexpectedly* " any one please give me solution for this error

  Hi Pokuri,
  Perhaps the Identity Server's oblog.log file has some helpful information in it. One possibility: is the ldap server that the Identity Server uses up and running (and visible on the network)?
  Regards,
  Colin

• We use the Apple mail server to get e-mails from our gmail and comcast mail accounts. Recently we have been getting spam that claims to be sent to a gmail address, but when I check that address directly, there is no such e-mail. ???

  We use the Apple mail server to get e-mails from our gmail and comcast mail accounts. Recently we have been getting spam that claims to be sent to a gmail address, but when I check that address directly, there is no such e-mail, either in the inbox or in the spam folder. Is it possible to bypass the gmail account and send directly to the Apple mail server, spoofing the gmail address?

  Maybe some info here for you about spoofing. (and much additional info)
  http://www.thesafemac.com
  Hope this helps

• In windows cmd lueo used \ \ server and get to the pc but mac as done

  in windows cmd lueo used \ \ server
  and get to the pc but mac as done

  Your question (if it is one) makes no sense whatever.
  Please describe your problem in greater detail, and include details of what Mac you have and what version of OS X.