Using owa_cookie to manage user browser sessions

Similar Messages

• Using smc to manage users in a different container or suffix

  I am running Sun directory server 6.2 on Solaris 10. (This was a migration from DS 5.2.) When I initially set up the directory server, the default suffix was "dc=mydomain,dc=com." I later created a new top-level container (suffix) called "o=mydomain.com."
  I am attempting to use smc to manage users. As per the following docs:
  http://www.sun.com/bigadmin/content/misc/smc20_faq.html
  SMC 2.0 Frequently Asked Questions
  http://docs.sun.com/app/docs/doc/819-7314/6n994bt7i?a=view
  (SolarisTrustedExtensions InstallationandConfiguration)
  I did the following:
  # /usr/sadm/bin/dtsetup storeCred
  Administrator DN:cn=Directory Manager
  Password:xxxxxx
  Password (confirm):xxxxxx
  # /usr/sadm/bin/dtsetup scopes
  Getting list of managable scopes...
  Scope 1 file:/myserver.mydomain.com/myserver.mydomain.com
  Scope 2 ldap:/myserver.mydomain.com/dc=mydomain,dc=com
  # svccfg -s wbem setprop options/tcp_listen=true
  # svcadm disable wbem
  # svcadm enable wbem
  I can create a toolbox in smc to manage LDAP users under dc=mydomain,dc=com but no where else. How can I configure my scopes? How can I change the default suffix? Where does dtsetup read its config? The directory server is not configured as an LDAP client.
  (This was never an issue with DS 5.2 which had, in my opinion, a more feature rich console when it came to adding users.)
  Thanks

  Hi,
  in regards of option 3, this is a standard scenario supported by SAP provisioning framework. You would also get additional benefits from IdM but cost will be higher.
  in step 2 you could create empty role for each ECC role and assign it to positions. The background program in ECC would read all role assignments and replicate them in ECC. A good naming convention to identify HR and ECC roles would be really helpful in this case.
  Cheers

• Howto monitor a DPS wihtout using the proxy manager user by ldapsearch

  Hi,
  I want to provide some monitoring scripts to our monitoring team, but don't want to give them the Proxy manager user credentials to bind to the cn=monitor tree.
  I was wondering if there is some kind of work-around for this.
  I tried to create a datasource that references localhost, but that doesn't seem to work ... Or I'm failing to do so.
  Anyone get a clue ?
  DPS v6.3.1
  regards,
  Vincent

  Assuming that your middle tier is using a connection pool (the norm), the problem is that there is no relationship between a particular user's logical session and a physical database session. Each page the user hits in the application, for example, is potentially going to use a different connection from the connection pool and thus a different database session. And different users may be using the same database session just before and just after your user.
  In general, when you have this sort of architecture, you need to have instrumentation built into the middle tier application in order to get anything useful done, at least to the point that the middle tier can enable and disable tracing when it gets a connection from the pool for a particular logical user session. Otherwise, you could enable tracing for the entire database, which is going to be a significant overhead, and try to comb through dozens of trace files to figure out what sessions were related to your particular user, which is at a minimum likely to be a substantial undertaking.
  Justin

• Email profile uses Device Enrollment Manager user?

  Hello,
  I have an iOS device that was enrolled via the Apple Device Enrollment Program, using a Device Enrollment Manager account, and I have since deployed an email profile configuration policy to it.  After it received the policy now the account
  of the Device Enrollment Manager is locked in as the user in the email profile.  Is that normal behavior?  I thought that enrolling a device using a user who is a member of the Device Enrollment Management group would leave the device open for another
  user?
  Thanks!

  Hello, I was looking through TechNet a little more about this and unless I'm reading this wrong, which is certainly possible, it seems to suggest that you should be able to access company data as the end user using CYOD enrollment or a device enrollment
  manager enrollment scenario:
  User affiliation – Specifies how devices are enrolled.
  Prompt for user affinity – The device can be affiliated with a user during initial setup and could then be permitted to access company data and email as that user. This mode supports a number of scenarios:
  Corporate-owned personal device – “Choose Your Own Device” (CYOD) Similar to privately owned or personal devices but the administrator has certain privileges including permission to wipe, reset, administer, and unenroll the device. The
  device’s user can install apps and has most other permissions for device use where not blocked by management policy.
  Device enrollment manager account – The device is enrolled using a special Intune administrator account. It can be managed as a private account, but only a user who knows the enrollment manager credentials can install apps, wipe, reset,
  administer, and unenroll the device. For information about enrolling a device shared by many users through a common account, see
  Enroll corporate-owned devices with the Device Enrollment Manager in Microsoft Intune.
  No user affinity – The device is user-less. Use this affiliation for devices that perform tasks without accessing local user data. Apps requiring user affiliation are disabled or won’t work.
  With this in mind, since accessing corporate data as the user is supported with CYOD and device enrollment manager, I can't imagine that the intention of the device enrollment managers (DEM) group was designed so when a device is enrolled with a DEM
  user that only data for that DEM user is available, right?  That just wouldn't make sense.  Also, if enrolling a device using a DEM user account is only for devices that don't need access to corporate data, then what's the difference between enrolling
  a device using a DEM user, or enrolling a device with "No user affinity"?  Also, when I've enrolled a device using a DEM account, I was later easily able to install apps with no prompt for DEM credentials, TechNet seems to imply that credentials
  are needed for functions like that.  Shouldn't something have asked me for permission to install an app?

• Connect JavaFx(Applets) to J2EE - best practice & browser session

  Hi there,
  I’m new to JavaFX and Applet programming but highly interested.
  What I don’t get at the moment is how you connect the locally executed code of the applet to your system running on a server (J2EE).
  Of course there seem to be different ways but I would like to avoid using RMI or things like that because of the problem with firewalls and proxies.
  So I would like to prefer using HTTP(s) connection.
  And here my questions:
  1.) Is there any best practice around? For example: using HTTP because of the problems I mentioned above. Sample code for offering java method via HTTP?
  2.) Is there a possibility to use the browser session? My J2EE applications are normally secured. If the user opens pages he has to login first and has than a valid session.
  Can I use the applet in one of those pages and use the browser environment to connect? I don’t want the user to input his credentials on every applet I provide. I would like to use the existing session.
  Thanks in advance
  Tom

  1) Yes. If you look at least at the numerous JavaFX official samples, you will find a number of them using HttpRequest to get data from various servers (Flickr, Amazon, Yahoo!, etc.). Actually, using HTTP quite insulates you from the kind of server: it doesn't matter if it run servlets or other Java EE stuff, PHP, Python or other. The applet only knows the HTTP API (GET and POST methods, perhaps some other REST stuff).
  2) It is too long since I last did Java EE (was still J2EE...), so I can't help much, perhaps somebody will shed more light on the topic. If the Web page can use JavaScript to access this browser session, it can provide this information to the JavaFX applet (JS <-> JavaFX communication works as well as with Java applets).

• Why I can't connect to Oracle Enterprise Manager via browser after install?

  I've installed Oracle9iAS Release2(9.0.2) with Windows 2000 server (servicepack3) and Oracle9i database on the same host.After installation, I can use Oracle enterprise manager(via browser) by connect as "ias_admin" and "12345" for password (It's a password that I input at installing). But 2 days later, I cannot connect it!, what's happen to my 9iAS. I try to change my password in command line by "emctl set password <old_pwd> <new_pwd>, But I've got a message that is incorrect password. By the way, I use command line to start OC4J and HTTP Server instead. Please help me for this problem. Thank you very much.
  Ps. I've got this problem for 2 time, but the first time I delete all of oracle products and install it again .

  If you have installed the Oracle AS 10.1.3 using an Apache in front the default port is 7777 as far as I know.
  You wrote that the main page is accessible, that's why I would suspect that you might have a problem with your hostname. Are you accessing the mainpage via the full qualified hostname or via ip?
  Please ensure that you can reach the server using the full qualified hostname!
  If you are not sure about it, add an entry to your local hosts-file.
  Please tell us if this was your problem!
  Regards,
  Eric

• I need your help with a decision to use iPhoto.  I have been a PC user since the mid 1980's and more recently have used ACDSee to manage my photo images and Photoshop to edit them.  I have used ProShow Gold to create slideshows.  I am comfortable with my

  I need your help with a decision to use iPhoto.  I have been a PC user since the mid 1980’s and more recently have used ACDSee to manage my photo images and Photoshop to edit them.  I have used ProShow Gold to create slideshows.  I am comfortable with my own folder and file naming conventions. I currently have over 23,000 images of which around 60% are scans going back 75 years.  Since I keep a copy of the originals, the storage requirements for over 46,000 images is huge.  180GB plus.
  I now have a Macbook Pro and will add an iMac when the new models arrive.  For my photos, I want to stay with Photoshop which also gives me the Bridge.  The only obvious reason to use iPhoto is to take advantage of Faces and the link to iMovie to make slideshows.  What am I missing and is using iPhoto worth the effort?
  If I choose to use iPhoto, I am not certain whether I need to load the originals and the edited versions. I suspect that just the latter is sufficient.  If I set PhotoShop as my external editor, I presume that iPhoto will keep track of all changes moving forward.  However, over 23,000 images in iPhoto makes me twitchy and they are appear hidden within iPhoto.  In the past, I have experienced syncing problems with, and database errors in, large databases.  If I break up the images into a number of projects, I loose the value of Faces reaching back over time.
  Some guidance and insight would be appreciated.  I have a number of Faces questions which I will save for later. 

  Bridge and Photoshop is a common file-based management system. (Not sure why you'd have used ACDSEE as well as Bridge.) In any event, it's on the way out. You won't be using it in 5 years time.
  Up to this the lack of processing power on your computer left no choice but to organise this way. But file based organisation is as sensible as organising a Shoe Warehouse based on the colour of the boxes. It's also ultimately data-destructive.
  Modern systems are Database driven. Files are managed, Images imported, virtual versions, lossless processing and unlimited editing are the way forward.
  For a Photographer Photoshop is overkill. It's an enormously powerful app, a staple of the Graphic Designers' trade. A Photographer uses maybe 15% to 20% of its capability.
  Apps like iPhoto, Lightroom, Aperture are the way forward - for photographers. There's the 20% of Photoshop that shooters actually use, coupled with management and lossless processing. Pop over to the Aperture or Lightroom forums (on the Adobe site) and one comment shows up over and over again... "Since I started using Aperture/ Lightroom I hardly ever use Photoshop any more..." and if there is a job that these apps can do, then the (much) cheaper Elements will do it.
  The change is not easy though, especially if you have a long-standing and well thought out filing system of your own. The first thing I would strongly advise is that you experiment before making any decisions. So I would create a Library, import 300 or 400 shots and play. You might as well do this in iPhoto to begin with - though if you’re a serious hobbyist or a Pro then you'll find yourself looking further afield pretty soon. iPhoto is good for the family snapper, taking shots at birthdays and sharing them with friends and family.
  Next: If you're going to successfully use these apps you need to make a leap: Your files are not your Photos.
  The illustration I use is as follows: In my iTunes Library I have a file called 'Let_it_Be_The_Beatles.mp3'. So what is that, exactly? It's not the song. The Beatles never wrote an mp3. They wrote a tune and lyrics. They recorded it and a copy of that recording is stored in the mp3 file. So the file is just a container for the recording. That container is designed in a specific way attuned to the characteristics and requirements of the data. Hence, mp3.
  Similarly, that Jpeg is not your photo, it's a container designed to hold that kind of data. iPhoto is all about the data and not about the container. So, regardless of where you choose to store the file, iPhoto will manage the photo, edit the photo, add metadata to the Photo but never touch the file. If you choose to export - unless you specifically choose to export the original - iPhoto will export the Photo into a new container - a new file containing the photo.
  When you process an image in iPhoto the file is never touched, instead your decisions are recorded in the database. When you view the image then the Master is presented with these decisions applied to it. That's why it's lossless. You can also have multiple versions and waste no disk space because they are all just listings in the database.
  These apps replace the Finder (File Browser) for managing your Photos. They become the Go-To app for anything to do with your photos. They replace Bridge too as they become a front-end for Photoshop.
  So, want to use a photo for something - Export it. Choose the format, size and quality you want and there it is. If you're emailing, uploading to websites then these apps have a "good enough for most things" version called the Preview - this will be missing some metadata.
  So it's a big change from a file-based to Photo-based management, from editing files to processing Photos and it's worth thinking it through before you decide.

• Can you restrict APEX users to a single browser session?

  I'm using APEX3.2.1
  Is there a package,function, view or table in APEX that can be checked to see if a user_id
  already has an active session (one that hasn't been purged yet).
  I wish to restrict each user to a single active browser session.
  Cheers
  dfrost

  Hi Roel
  I've had a look at the views and it looks to be exactly what I'm after thanks very much for your help.
  I've only been working on APEX a short while the info on the forum and all the expert blogs are of huge help.
  Thanks
  Derek
  Australia

• How to disable Refresh,Reload in browser and user should not allow to multiple browser sessions ?

  Dear All,
  How to disable Refresh,Reload in browser and end user should not allow to multiple browser sessions in portal.Where we need to configure the settings or any code in masthead or any other component. My server version is 7.4 - SP5 .Please help us.
  Thanks for advance,
  BR,
  Durga Rao.

  Dear all,
  i am able to logoff the click refresh button on keyboard.I am using this code to log off the user into the portal.
  document.onkeydown = function(e)
    var key;
    if (window.event) key = event.keyCode
    else
    var unicode = e.keyCode ? e.keyCode : e.charCode
    key = unicode
    switch (key)
    { //event.keyCode
    case 116: //F5 button
      LSAPI.sessionPlugin.logoff();
    event.returnValue = false;
    key = 0; //event.keyCode = 0;
    return false;
    case 82: //R button
    if (event.ctrlKey)
  LSAPI.sessionPlugin.logoff();
    event.returnValue = false;
    key = 0; //event.keyCode = 0;
    return false;
    case 91: // ctrl + R Button
  LSAPI.sessionPlugin.logoff();
    event.returnValue= false;
    key=0;
    return false;
  Thanks.
  But i am unable to control the multiple windows opening the browser.So any one can tell me the how to block the new window and new tab/duplicate tab option.
  BR,
  Durga Rao.

• Manage User Sessions

  I know how to manage user sessions from Visual Administrator using Security Provider Service - Login Sessions. How can I do the same using SAP Netweaver Administrator?

  HI,
  What do you mean? usualy you use users ....... by going to T-CODE su01..
  Your question is not clear. There is such nothing called using SAP NETWEAVER Administrator. or I dont have knowledge.
  Hope You got the work done by going to su01..
  Thanks,

• "Manage User Data" option is not available in browser.

  HI Experts,
  I am trying to create a user for my organization using one documentation available with me in SRM from web browser.
  It says that we have to select "Manage Business Data" in the launch pad, but my problem is that,This option is not available in the web browser when i login.
  Kindly let me know the roles requires for the same.
  Also any settings need to be done in SICF to run it successfully.
  Thanks In Advance.

  The wordings in the Document is "Manage User Data" and not "Manage Employee Data",
  I know that its completely on roles thats why i have given that user almost all the roles which i am aware.
  Here is the list of it.
  SAP_BBP_STAL_ADMINISTRATOR
  SAP_BBP_STAL_EMPLOYEE
  SAP_BBP_STAL_MANAGER
  SAP_BBP_STAL_OPERAT_PURCHASER
  SAP_BBP_STAL_PURCHASER
  SAP_BBP_STAL_STRAT_PURCHASER
  SAP_EC_BBP_EMPLOYEE
  SAP_EC_BBP_MANAGER
  SAP_EC_BBP_RECIPIENT
  SAP_EC_BBP_SECRETARY
  In fact there are many other roles which is given but this option is not visible.

• VZ access manager is already running in another user's session

  Help! My parents currently use an USB Modem - I think the 551 L - for their internet access. They have been receiving the following message:
  VZ access manager is already running in another user's session
  They do not have a wireless router installed.
  Help please!

  VZAccess can only connect one user/session at a time.  Either your parents did not properly shutdown VZA the last time they used it or the USB Modem is not hanging up its previous connection.
  The easiest thing to do would be to reinstall VZA on that computer and see if the problem goes away.  Ask your parents to disconnect the Modem before logging off or shutting down the computer to reduce the chance of the problem coming back.

• SSO and how to Managing User Roles/Privileges with Forms using Oracle db

  We are in the process of implementing Oracle Application Server SSO with our custom Forms application using Oracle database -- all 10.2.0.1.0 version.
  In our Forms Applications, we have about a dozen roles we have assigned to various users. We need to identify each user using our Forms because we are using the GLOBAL USER throughout the application.
  Questions:
  -- Do we have to create users/passwords in both OID and application database?
  -- Is there a way to easily manage the user and passwords between SSO and Forms App/database in one place? For example, how does a user change their password once, but actually change it in both the database and SSO?
  Any advice and/or direction would be greatly appreciated.
  Thank you,
  Mika
  Edited by: user11846198 on Sep 1, 2009 1:41 PM
  Edited by: user11846198 on Sep 1, 2009 1:53 PM

  Yes, you can have global roles in the DB and assign this roles to specific OID users, and the will heritage the privilages, you can do this using Oracle Identity Management Web Tool http://hostname:7777/oiddas is not complicated.
  Greetings.

• How to Identify database sessions used by forms sso user sessions?

  Hi:
  When using forms with SSO, all database sessions are opened by the same OSUSER (usually oracle), from the same machine (usually the forms server) and by the same program (usually [email protected] [TNS V1-V3]).
  I need a way to identify the database session (v$session) that is beeing used by a specific SSO user. By using SSO, we say implicitly that all users using that SSO resource will be connect to the database by a specific database user.
  So, what can I do to identify the database session that a specific forms user is using ?
  Thanks
  Joao Oliveira

  You could try something like the following in a when new form instance trigger:
  declare
  authenticated_username varchar2(30);
  begin
  authenticated_username := get_application_property(`sso_userid');
  DBMS_APPLICATION_INFO.SET_CLIENT_INFO (
  client_info IN VARCHAR2);
  end;
  This will store the sso userid in the client_info field of v$session.
  I hope this works for you.
  Randy McGregor

• How can I use Windows IAS to validate WLC management users?

  I am having a problem using my Windows IAS radius server to validate management users for my 2112 Wireless Lan Controller.
  I have defined the radius server and it works ok with the policy for validating wireless clients but not for WLC management users.
  The Remote access policy seems to be set up correctly as the event viewer on the server shows:-
  Event Type: Information
  Event Source: IAS
  Event Category: None
  Event ID: 1
  Date:  09/02/2011
  Time:  11:06:06
  User:  N/A
  Computer: UK01DC07
  Description:
  User xxxxxx was granted access.
  Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxx
  NAS-IP-Address = 10.10.45.210
  NAS-Identifier = UK03NM01
  Client-Friendly-Name = UK03NM01
  Client-IP-Address = 10.10.45.210
  Calling-Station-Identifier = <not present>
  NAS-Port-Type = <not present>
  NAS-Port = <not present>
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server = <undetermined>
  Policy-Name = UK03NM01 - login
  Authentication-Type = PAP
  EAP-Type = <undetermined>
  But, the WLC log shows:
  *Feb 09 11:06:06.612: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed. User:xxxxxx. Service-Type is not present or it doesn't allow READ/WRITE permission..
  The WLC just returns the login screen
  Any thoughts?
  Thanks in advance
  Richard

  Event viewer shows :
  Event Type: Information
  Event Source: IAS
  Event Category: None
  Event ID: 1
  Date:  10/02/2011
  Time:  08:49:39
  User:  N/A
  Computer: UK01DC07
  Description:
  User xxxxxxxx was granted access.
  Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx
  NAS-IP-Address = 10.10.45.210
  NAS-Identifier = UK03NM01
  Client-Friendly-Name = UK03NM01
  Client-IP-Address = 10.10.45.210
  Calling-Station-Identifier =
  NAS-Port-Type =
  NAS-Port =
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server =
  Policy-Name = UK03NM01 - login
  Authentication-Type = PAP
  EAP-Type =
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  Data:
  0000: 00 00 00 00               ....   
  and IAS log shows:
  "UK01DC07","IAS",02/10/2011,08:49:39,1,"xxxxxxxx","TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx",,,,,"UK03NM01","10.10.45.210",,0,"10.10.45.210","UK03NM01",,,,,,7,1,"UK03NM01 - login",0,"311 1 10.10.45.254 12/04/2010 23:56:59 1987",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
  "UK01DC07","IAS",02/10/2011,08:49:39,2,,"TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx",,,,,,,,0,"10.10.45.210","UK03NM01",,,,,,2,1,"UK03NM01 - login",0,"311 1 10.10.45.254 12/04/2010 23:56:59 1987",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
  It appears to me that IAS checks and passes the username/password as being valid but this response is ignored by the WLC
  Richard