Using PAP authentication for 3G stick

Honestly, I have no idea what this PAP authentication actually does and I don't really care about it but I need this setting for my 3G modem. The stick (ZTE MF180) is already working but only by using a little program which needs a surprisingly large amount of system resources (an amount that this program does not deserve and it's even messing up my dock with a ridiculous icon). So I'm trying to get this thing working with the network settings of SL but the authentication seems to be a problem. I can not change it directly in the network settings thats why I'd like to know: How do I change the authentication to PAP?

This is all I got:
The one thing I had to do was to create the /etc/ppp/options file with the following contents:
refuse-chap
refuse-mschap
refuse-mschap-v2
This obviously disables CHAP so that it uses PAP authentication, which is perfect for authenticating against the Virgin Broadband servers.
From:
http://www.mactalk.com.au/2009/09/03/thursday-how-to-huawei-mobile-broadband-sno w-leopard/
Good luck!

Similar Messages

Error when using SAP authentication for Designer

my error is:
[repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(The
secSAPR3 DLL could not be found or does not exist(hr=#0x80042a01)
can you help me?
regards

hi,
pls refer the link
Error when using SAP authentication for Designer
try re-installing BOE and check
hope it helps,
sundar

Using Network Authentication for logging Forms9i?

Is it possible to use network authentication for logging into Forms9i? If so, is there documentation on what needs to be done/set up?
Thanks,
Peggy

Yes you can call a DLL on the client machine using WebUtil. See: http://otn.oracle.com/products/forms/htdocs/webutil/webutil.htm
There is a new how to that shows you how to call to c on the client on that page.

Problem using PAPI-WS for external process notifcation

Hello,
I'm trying to have an external Java application send a process notification using PAPI-WS.
I have a process instance currently sitting at a notifcation wait step (configured to wait for an external notification) but each time I call processSendNotification I get the an unspported operation exception. I'm not even sure this is the correct ws operation to use but looking at the PAPI API reference it seemed the most likely.
Below is a snippet from the code I'm testing this with and the corresponding output including the exception:
for (InstanceInfoBean instance : instances.getInstances())
String waitStep = "WaitForDelivery";
System.out.println("-> process id = " + instance.getId());
// find which instance are waiting on delivery
if (waitStep.equals(instance.getActivityName()))
System.out.println(" -> " + instance.getAuthor() + " is waiting on delivery!");
papiWebServicePort.processSendNotification(instance.getId(), waitStep, null, null);
Process: WhatToHave
-> process id = /WhatToHave#Default-1.0/2/0
-> process id = /WhatToHave#Default-1.0/1/0
-> Andy is waiting on delivery!
Could not perform the requested operation
stubs.OperationException_Exception: The BEA AquaLogic® BPM Engine version does not support the required operation.Please ask BEA AquaLogic® BPM Administrator for assistance.
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
     at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:127)
     at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:254)
     at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:224)
     at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:117)
     at $Proxy31.processSendNotification(Unknown Source)
I'm doing this all using BPM Studio 6.0.2 (build 85749) on Linux.
Any help or pointers greatly appreciated,
Thanks,
Mike

Hello,
I'm trying to have an external Java application send a process notification using PAPI-WS.
I have a process instance currently sitting at a notifcation wait step (configured to wait for an external notification) but each time I call processSendNotification I get the an unspported operation exception. I'm not even sure this is the correct ws operation to use but looking at the PAPI API reference it seemed the most likely.
Below is a snippet from the code I'm testing this with and the corresponding output including the exception:
for (InstanceInfoBean instance : instances.getInstances())
String waitStep = "WaitForDelivery";
System.out.println("-> process id = " + instance.getId());
// find which instance are waiting on delivery
if (waitStep.equals(instance.getActivityName()))
System.out.println(" -> " + instance.getAuthor() + " is waiting on delivery!");
papiWebServicePort.processSendNotification(instance.getId(), waitStep, null, null);
Process: WhatToHave
-> process id = /WhatToHave#Default-1.0/2/0
-> process id = /WhatToHave#Default-1.0/1/0
-> Andy is waiting on delivery!
Could not perform the requested operation
stubs.OperationException_Exception: The BEA AquaLogic® BPM Engine version does not support the required operation.Please ask BEA AquaLogic® BPM Administrator for assistance.
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
     at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:127)
     at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:254)
     at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:224)
     at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:117)
     at $Proxy31.processSendNotification(Unknown Source)
I'm doing this all using BPM Studio 6.0.2 (build 85749) on Linux.
Any help or pointers greatly appreciated,
Thanks,
Mike

Authentication error using PAPI-WS for BPM Studio 10.3

I followed the steps laid out in the material from this thread using SOAP UI:
PAPI Web Service (PAPI-WS) Example for Oracle BPM Studio
It seems that BPM Studio does not recognize the default credentials user: "test" and password: "test"
I receive the following error when I try to make any call:
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<S:Fault xmlns:ns3="http://www.w3.org/2003/05/soap-envelope">
<faultcode>S:Client</faultcode>
<faultstring>Participant could not be authenticated. A wrong username or password might have been specified.</faultstring>
<detail>
<oens:OperationException xmlns:oens="http://bea.com/albpm/PapiWebService">
<exceptionName>fuego.papi.webservice.handlers.AuthenticationException</exceptionName>
<message>Participant could not be authenticated. A wrong username or password might have been specified.</message>
<technicalInfo>fuego.papi.webservice.handlers.AuthenticationException: Participant could not be authenticated. A wrong username or password might have been specified.
     at fuego.papi.webservice.handlers.AuthenticationHandler.processAuthentication(AuthenticationHandler.java:144)
     at fuego.papi.webservice.handlers.AuthenticationHandler.handleMessage(AuthenticationHandler.java:74)
     at fuego.papi.webservice.handlers.AuthenticationHandler.handleMessage(AuthenticationHandler.java:46)
     at com.sun.xml.ws.handler.HandlerProcessor.callHandleMessage(HandlerProcessor.java:292)
     at com.sun.xml.ws.handler.HandlerProcessor.callHandlersRequest(HandlerProcessor.java:135)
     at com.sun.xml.ws.handler.ServerSOAPHandlerTube.callHandlersOnRequest(ServerSOAPHandlerTube.java:133)
     at com.sun.xml.ws.handler.HandlerTube.processRequest(HandlerTube.java:116)
     at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
     at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
     at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
     at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
     at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
     at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
     at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
     at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
     at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:129)
     at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:160)
     at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:75)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
     at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
     at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)
     at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:50)
     at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
     at java.security.AccessController.doPrivileged(Native Method)
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
     at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:667)
     at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
     at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
     at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
     at java.lang.Thread.run(Unknown Source)
Caused by: fuego.papi.exception.AuthenticationException: Cannot authenticate participant 'test'.
     at fuego.papi.impl.ProcessServiceImpl.authenticatePassport(ProcessServiceImpl.java:297)
     at fuego.papi.webservice.pool.ProcessServiceSessionPoolManager.getSession(ProcessServiceSessionPoolManager.java:185)
     at fuego.papi.webservice.WebServiceManager.getProcessServiceSession(WebServiceManager.java:156)
     at fuego.papi.webservice.handlers.AuthenticationHandler.processAuthentication(AuthenticationHandler.java:141)
     ... 45 more
Caused by: fuego.directory.AuthenticationException: Login incorrect.
Detail:Verify that the information provided is correct.
If you cannot solve the problem, check with your administrator.
ID [default] PARTICIPANT [test] REASON [Login incorrect.
Detail:Verify that the information provided is correct.
If you cannot solve the problem, check with your administrator.
ID [Project:Test] PARTICIPANT [test] REASON [invalid username or password].
     at fuego.directory.AuthenticationException.wrap(AuthenticationException.java:104)
     at fuego.directory.project.engine.EmbeddedEngineAuthenticationAccessor.connect(EmbeddedEngineAuthenticationAccessor.java:69)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at fuego.directory.provider.DirectorySessionImpl$AccessorProxy.invoke(DirectorySessionImpl.java:756)
     at $Proxy12.connect(Unknown Source)
     at fuego.directory.provider.DirectorySessionImpl.connect(DirectorySessionImpl.java:250)
     at fuego.directory.provider.Factory.startSession(Factory.java:405)
     at fuego.directory.Directory.startSession(Directory.java:268)
     at fuego.papi.impl.ProcessServiceImpl.authenticatePassport(ProcessServiceImpl.java:287)
     ... 48 more
Caused by: fuego.directory.AuthenticationException: Login incorrect.
Detail:Verify that the information provided is correct.
If you cannot solve the problem, check with your administrator.
ID [Project:Test] PARTICIPANT [test] REASON [invalid username or password].
     at fuego.directory.project.engine.ProjectFullParticipantsAccessor.fetchHumanParticipant(ProjectFullParticipantsAccessor.java:82)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at fuego.directory.provider.DirectorySessionImpl$AccessorProxy.invoke(DirectorySessionImpl.java:756)
     at $Proxy15.fetchHumanParticipant(Unknown Source)
     at fuego.directory.project.engine.EmbeddedEngineAuthenticationAccessor.connect(EmbeddedEngineAuthenticationAccessor.java:66)
     ... 58 more</technicalInfo>
</oens:OperationException>
</detail>
</S:Fault>
</S:Body>
</S:Envelope>
Like I said above, it seems that BPM Studio does not recognize the default credentials user: "test" and password: "test"
Is there anyway to change these default credentials?
Thanks!
Edited by: user9001687 on Feb 10, 2010 2:14 PM
Edited by: user9001687 on Feb 10, 2010 2:16 PM

Thanks so much Dan. I changed as you mentioned and then added WSS-Username Token as while processing BPM process as web service I have used the same opetion. Still I am getting the same error for Authorization Failure.
SOAP Requests look like :
<soapenv:Envelope xmlns:pps="http://bea.com/albpm/ProLogisBPM/PPSFTProcess" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>Paul</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Paul</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">AlmoI4QkO2hp9z10BQGA0A==</wsse:Nonce>
<wsu:Created>2010-03-17T15:48:04.843Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
Adter
<ns1:stackTrace xmlns:ns1="http://xml.apache.org/axis/">fuego.webservices.security.AuthorizationException: Authorization Failed.
     at fuego.soaptype.ProcessWebServiceAuthorization.authorize(ProcessWebServiceAuthorization.java:57)
     at fuego.soaptype.AxisSoapService$HttpBasicAuthentitcationHandler.invoke(AxisSoapService.java:888)
     at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
     at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
     at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
     at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
     at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
     at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
     at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
     at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
     at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
     at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:453)
     at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
     at fuego.soaptype.AxisSoapService.invoke(AxisSoapService.java:357)
     at fuego.soaptype.AxisSoapService.invoke(AxisSoapService.java:122)
     at fuego.webservices.HttpSoapListener.process(HttpSoapListener.java:206)
     at fuego.http.HttpExecution$1.run(HttpExecution.java:71)
     at fuego.component.Message.process(Message.java:576)
     at fuego.component.ExecutionThread.processMessage(ExecutionThread.java:780)
     at fuego.component.ExecutionThread.processBatch(ExecutionThread.java:755)
     at fuego.component.ExecutionThread.doProcessBatch(ExecutionThread.java:142)
     at fuego.component.ExecutionThread.doProcessBatch(ExecutionThread.java:134)
     at fuego.http.HttpExecution$HttpPrincipal.processBatch(HttpExecution.java:190)
     at fuego.component.ExecutionThread.work(ExecutionThread.java:839)
     at fuego.component.ExecutionThread.run(ExecutionThread.java:408)
Caused by: java.lang.IllegalArgumentException: user: null
     at fuego.components.WebServiceSessionManager.createSession(WebServiceSessionManager.java:88)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at fuego.lang.JavaClass.invokeMethod(JavaClass.java:1410)
     at fuego.lang.JavaObject.invoke(JavaObject.java:227)
     at fuego.lang.Invokeable.invokeImpl(Invokeable.java:234)
     at fuego.lang.Invokeable.invokeDynamic(Invokeable.java:188)
     at fuego.lang.Invokeable.invoke(Invokeable.java:160)
     at fuego.fengine.FEngineWebServiceExecutor$2.execute(FEngineWebServiceExecutor.java:133)
     at fuego.server.execution.DefaultEngineExecution$AtomicExecutionTA.runTransaction(DefaultEngineExecution.java:304)
     at fuego.transaction.TransactionAction.startBaseTransaction(TransactionAction.java:470)
     at fuego.transaction.TransactionAction.startTransaction(TransactionAction.java:551)
     at fuego.transaction.TransactionAction.start(TransactionAction.java:212)
     at fuego.server.execution.DefaultEngineExecution.executeImmediate(DefaultEngineExecution.java:123)
     at fuego.server.execution.EngineExecution.executeImmediate(EngineExecution.java:66)
     at fuego.fengine.FEngineWebServiceExecutor$1.run(FEngineWebServiceExecutor.java:65)
     at fuego.component.Message.process(Message.java:576)
     at fuego.component.ExecutionThread.processMessage(ExecutionThread.java:780)
     at fuego.component.ExecutionThread.processBatch(ExecutionThread.java:755)
     at fuego.component.ExecutionThread.doProcessBatch(ExecutionThread.java:142)
     at fuego.component.ExecutionThread.doProcessBatch(ExecutionThread.java:134)
     at fuego.fengine.FEngineProcessBean.processBatch(FEngineProcessBean.java:244)
     at fuego.fengine.FEngineWebServiceExecutor$WebServiceExecutorPrincipal.processBatch(FEngineWebServiceExecutor.java:168)
     ... 2 more
Caused by: fuego.directory.AuthenticationException: Login incorrect.
Detail:Verify that the information provided is correct.
If you cannot solve the problem, check with your administrator.
ID [default] PARTICIPANT [null] REASON [participant is empty].
     at fuego.directory.AuthenticationException.error(AuthenticationException.java:50)
     at fuego.directory.AuthenticationException.participantIdIsWrong(AuthenticationException.java:94)
     at fuego.components.WebServiceSessionManager$SessionImpl.<init>(WebServiceSessionManager.java:220)
     at fuego.components.WebServiceSessionManager.createSession(WebServiceSessionManager.java:79)
     ... 26 more</ns1:stackTrace>
Any help or guiding pointer would be deeply appreciated. TIA

WLS 10.3.4: How to use OS authentication for JDBC Data Source

Hello all,
As a preface, I've tried searching the forum/Google for "OS authentication" and reading the WLS JDBC doc to no avail - if it's documented somewhere, a RTFM link would be much appreciated.
I'm trying to set up a JDBC data source on WLS that leverages the OS Authentication capability of the Oracle database. If it would help, I can go into the reasoning behind why I want to do this, but basically, it's to simplify the config/deployment of a COTS application. What I have in the database is an "identified externally" user that corresponds to the OS user that is running the WebLogic Server. Normally, in tools such as SQL*Plus, I would use "/@db" as the username/password (in other words, no username and no password specified), and I would be logged in as the "idenfitied externally" user. I want to configure the same thing for a WebLogic Data Source, but if I leave the username/password blank, testing the connection in the WLS console gives me "invalid username/password, login denied" I've also tried using "/" as the username, as was documented in a quite old WLS faq, but that gives me the same result.
Is there some magic switch I need to flip?
Thanks,
John

Hi John, there's no way to do that with connection pools, which is how WLS datasources get their
connections, or middleware in general. WebLogic would have no way of knowing which if any of the
pooled connections was appropriate for the current 'user', which is not the application user, but
instead is the OS identity of the person who started the WebLogic server! If you start up your
WebLogic server, and people start pointing their browsers to it, doing various stuff, the OS knows
you started WebLogic, and maybe with the help of OCI, Oracle's JDBC might know it was you who
started WebLogic's OS process, but what does the OS know about any user that may be running
a browser or application elsewhere (even if on this same machine), when that browser or application
connects to your WebLogic server process?
HTH,
Joe

Can we use AD authentication for SPoint users to access Portal behind OID?

Hi,
We have Oracle Portal with OID-AD sychronization set up, and are currently implementing SharePoint in our organization.
We would like to provide links to a few pages on our Portal to some of the SharePoint users.
The SharePoint users are authenticated by the Active Directory SSO and the Portal users are authenticated by our OID SSO setup.
What we want to do is to let some SharePoint users access our Portal using their AD login. The SharePoint users should not have to login again to get to our Portal pages.
Is there a way to let the AD authentication to pass through the OID setup so that SharePoint users can directly access our Portal?
We don't have any external authentication plug-ins set up for our Portal.
Currently we are on Portal version 9.0.4.1 but may be upgrading to version 10.1.4.2 in the near future.
Any help would be greatly appreciated.
Thanks.
CV

Hi,
Thanks for the quick reply.
But I have a different scenario.
I want to establish it in such a way that certain users are stored in the LDAP and certain users are stored in the Portal Database.

Error when using SAP authentication for Business object Designer

my error is: [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(The secSAPR3 DLL could not be found or does not exist(hr=#0x80042a01) can you help me? regards

Hello Barbella,
Might be firewall problem...
This link might help you resolve the issue.. kindly go through it..
Connection between Universe Designer and BO Server can't be established,&nbsp;PROTS&nbsp;|&nbsp;ABAP,&nb…
Let us know the result.
Regards
Subbarao M

OS-Authentication for a Oracle 10g Express Edition

I want to use OS-Authentication for an Oracle 10g Express Edition. What value must be set in sqlnet.ora ? Where are the possible authentcation modes described ? I only found the description KERBEROS5.
I tryed the value all, but with all no connect is possible.
Tanks for help
Josef Springer

>
Thanks for your link.
A special username with prefix is needed. This user must be created for external authentication. This user must be known by the OS. Am i right ?
>Right.
>
As i understand, to login with OS-Authentication i need a new windows user. This is not usable, because my users have their login and do not want to use another, when working with the database.
Is there another way to use OS-Authentication ?As far as I know, this is not possible especially with Oracle XE which has not all features of Entreprise Edition.
>
Must the prefix be used in any case ?
>You can have an empty prefix: you should use OS_AUTHENT_PREFIX init. parameter http://download.oracle.com/docs/cd/B19306_01/server.102/b14237/initparams147.htm#REFRN10152

Radius authentication for the browser-based webtop

Hiya all,
With help of the radius-authentication module for apache (http://www.freeradius.org/mod_auth_radius/) and web-authentication it is possible to use radius-authentication for the classic-webtop. Has anyone got Radius authentication working for the browser-basedwebtop?
SSGD version:
Sun Secure Global Desktop Software for Intel Solaris 10+ (4.30.915)
Architecture code: i3so0510
This host: SunOS sgd1.<removed> 5.10 Generic_118855-36 i86pc i386 i86pc
I have the radius-module running for authentication of a single directory with the apache-config-lines:
SetEnvIf Request_URI "\.(cab|jar|gif|der)$" sgd_noauth_ok
<LocationMatch "/secure">
Order Allow,Deny
Allow from env=sgd_noauth_ok
AuthName "Radius authentication for SGD"
Authtype Basic
AuthRadiusAuthoritative on
AuthRadiusCookieValid 540
AuthRadiusActive On
Require valid-user
Satisfy any
</LocationMatch>
When changing the line <LocationMatch "/secure"> to <LocationMatch "/sgd"> the browser asks for a authentication and then a 'Not Found' page is being displayed.
When using the config-lines from http://docs.sun.com/source/819-6255/webauth_config_browser.html the login-page is being displayed normally and SSGD works.
The main difference I can find between the location /secure and /sgd is: /secure is a simple directory and /sgd is a JkMount to Tomcat.
Changing the JkLogLevel to debug gives the following info in the JkLogFile:
Radius authentication:
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (449): Attempting to map URI '/sgd' from 5 maps
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/examples/*'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/axis/*'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/sgd/*'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/axis'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/sgd'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (486): Found an exact match tta -> /sgd
With the password-authentication file:
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (449): Attempting to map URI '/sgd/' from 5 maps
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/examples/*'
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/axis/*'
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/sgd/*'
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (475): Found a wildchar match tta -> /sgd/*
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_get_worker_for_name::jk_worker.c (111): found a worker tta
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_maintain::jk_worker.c (301): Maintaining worker axis
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_maintain::jk_worker.c (301): Maintaining worker tta
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_maintain::jk_worker.c (301): Maintaining worker examples
It seems that the JkMount is not being evaluated correctly after using the radius-authentication.
Any help will be usefull since I am allready stuck on this problem for a couple of days :(
Thanks,
Remold | Everett

I got response from the Fat Bloke on the mailing list.
Adding the following line in the apache httpd.conf seams to help and resolved my problem:
Alias /sgd "/opt/tarantella/webserver/tomcat/5.0.28_axis1.2final_jk1.2.8/webapps/sgd"
Thanks The Fat Bloke !!
- Remold
These instructions are for a 4.2 SGD installation using SGD's third
party web authentication with mod_auth_radius.so (www.freeradius.org).
With 4.2 Sun didn't distribute enough of the Apache configured tree
to enable the use of axps to build the mod_auth_radius module, 4.3 is
better - Sun now install a modified axps and include files, I haven't
tried this with 4.3 yet though.
I built the mod_auth_radius module for Apache 1.3.33 (shipped with 4.2)
So, this is how we got this working with Radius (tested with SBR
server and freeradius.org server.)
Install SGD in the usual way.
Enable 3rd party authentication:
According to:
http://docs.sun.com/source/819-4309-10/en-us/base/standard/
webauth_config_browser.html
Configure the Tomcat component of the Secure Global Desktop Web
Server to
trust the web server authentication. On each array member, edit the
/opt/tarantella/webserver/tomcat/version/conf/server.xml file. Add the
following attribute to the connector element (<Connector>) for the
Coyote/JK2 AJP 1.3 Connector:
tomcatAuthentication="false"
# cat /opt/tarantella/webserver/tomcat/5.0.28_axis1.2final_jk1.2.8/
conf/server.xml

<Connector port="8009" minProcessors="5" maxProcessors="75"
tomcatAuthentication="false"
enableLookups="true" redirectPort="8443"
acceptCount="10" debug="0" connectionTimeout="0"
useURIValidationHack="false"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
"By default, for security reasons, Secure Global Desktop
Administrators can't
log in to the browser-based webtop with web server authentication.
The standard
login page always displays for these users even if they have been
authenticated
by the web server. To change this behavior, run the following command:"
# tarantella config edit --tarantella-config-login-thirdparty-
allowadmins 1
Without this, after authenticating via webauth, the user will be
prompted for a
second username and password combination.
# /opt/tarantella/bin/tarantella objectmanager &
# /opt/tarantella/bin/tarantella arraymanager &
In Array Manager:
Select "Secure Global Desktop Login" on left side and click
"Properites" at bottom
Under "Secure Global Desktop Login Properties"
cd /opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/conf
edit httpd.conf:
### For SGD Apache based authentication
Include conf/httpd4radius.conf
at the end of httpd.conf add:
Alias /sgd "/opt/tarantella/webserver/tomcat/
5.0.28_axis1.2final_jk1.2.8/webapps/sgd"
# cat httpd4radius.conf
LoadModule radius_auth_module libexec/mod_auth_radius.so
AddModule mod_auth_radius.c
# Add to the BOTTOM of httpd.conf
# If we're using mod_auth_radius, then add it's specific
# configuration options.
<IfModule mod_auth_radius.c>
# AddRadiusAuth server[:port] <shared-secret> [ timeout [ : retries ]]
# Use localhost, the old RADIUS port, secret 'testing123',
# time out after 5 seconds, and retry 3 times.
AddRadiusAuth radiusserver:1812 testing123 5:3
# AuthRadiusBindAddress <hostname/ip-address>
# Bind client (local) socket to this local IP address.
# The server will then see RADIUS client requests will come from
# the given IP address.
# By default, the module does not bind to any particular address,
# and the operating system chooses the address to use.
# AddRadiusCookieValid <minutes-for-which-cookie-is-valid>
# the special value of 0 (zero) means the cookie is valid forever.
AddRadiusCookieValid 5
</IfModule>
<LocationMatch /radius >
Order Allow,Deny
AuthType Basic
AuthName "RADIUS Authentication"
AuthAuthoritative off
AuthRadiusAuthoritative on
AuthRadiusCookieValid 5
AuthRadiusActive On
Require valid-user
Satisfy any
</LocationMatch>
SetEnvIf Request_URI "\.(cab|jar|gif|der)$" sgd_noauth_ok
<LocationMatch /sgd >
Order Allow,Deny
Allow from env=sgd_noauth_ok
AuthType Basic
AuthName "RADIUS Authentication"
AuthAuthoritative off
AuthRadiusAuthoritative on
AuthRadiusCookieValid 5
AuthRadiusActive On
Require valid-user
Satisfy any
</LocationMatch>
Put appropriate mod_auth_radius.so into
/opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/libexec
# mkdir /opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/htdocs/radius/
# cat /opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/htdocs/htpasswd/index.html
<HTML>
<HEAD>
<TITLE> Test Page for RADIUS authentication </TITLE>
</HEAD>
<BODY>
<B> You have reached the test page for RADIUS authentication.
</BODY>
</HTML>
I hope this helps!
-FB

Regarding Kerberos authentication for webservices.

Hi,
I need to use kerberos authentication for my receiver webservice. I am working in PI7.1 . Which adapter I can use for this ( WS-RM adapter or SOAP adapter) and How to configure it for kerberos. I mean, which value of authentication parameter refers to kerberos authentication.
Regards,
Reyaz hussain

Hi Reyaz,
To tell you frankly i never come across this kerberos protocol but since you would like to use there is certainly a chance after the launch of PI 7.1. The launch has Opened the Door to the World of Web Services Reliable Messaging. "The Integration Directory enables you to easily configure scenarios where the Integration Server acts as a message hub between WS-RM-enabled applications and any other application or technical system. Thus, you can configure scenarios where either a Web Service client calls the Integration Server and the message is then routed to any other application, or the other way around where any application calls a Web Service provider via the Integration Server. In the Integration Directory you can do the complete configuration of the Integration Server inbound or outbound processing."
https://www.sdn.sap.com/irj/scn/wiki?path=/display/profile/2007/07/25/new+news&focusedcommentid=44360
Regards
joel

Certificate authentication for Cisco VPN client

I am trying to configure the cisco VPN client for certificate authentication on my ASA 5512-X. I have it setup currently for group authentication with shared pass. This works fine. But in order for you to pass pci compliance you cannot allow aggresive mode for ikev1. the only way to disable aggresive mode (and use main mode) is to use certificate authentication for the vpn client. I know that some one out there must being doing this already. I am goign round and round with this. I am missing some thing.
I have tried as I might and all I can get are some cryptic error messages from the client and nothing on the firewall. IE failed to genterate signature, invalid remote signature id. I have tried using different signatures (one built on ASA and bought from Godaddy, and one built from Windows CA, and one self signed).
Can some one provide the instructions on seting this up (asdm or cli). Can this even be done? I would love to just use the AnyConnect client but I believe you need licensing for that since our system states only 2 allowed. Thank you for your help.

Dear Doug ,
          What is asa code your are running on ASA hardware , for cisco anyconnect you need have Code 8.0 on your hardware with cisco anyconnect essential license enabled .Paste your me show version i will help you whether you need to procure license for your hardware . By default your hardware will be shipped with any connect essential license when you have order your hardware with asa code above 8.0 .
With Any connect essential you are allowed to use upto total VPN peers allowed based on your hardware
1) What is the AnyConnect Essentials License?
The Anyconnect Essentials is a license that allows you to connect up to your 'Total VPN Peers" platform limit with AnyConnect. Without an AnyConnect Essentials license, you are limited to the 'SSLVPN Peers' limit on your device. With the Anyconnect Essentials License, you can only use Anyconnect for SSL - other features such as CSD (Cisco Secure Desktop) and using the SSLVPN portal page for anything other than launching AnyConnect are restricted.
You can see your limits for the various licensing by issuing the 'show version' command on your ASA.
Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 150
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 2
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 750
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled
Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 150
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 2
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 750
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Enabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled
Any connect VPN Configuration .
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

Claims Authentication Error connecting to BCS - but we're using Windows Authentication

We currently have an External List with a SQL Server SProc as a source in a SharePoint 2010 site. It has been working great for months now. I need to make a change to the External Content Type - and I have made changes in the past - but now strange things
are happening.
I can't view the external content type (or any) in SPD. I can create a new Secure Store Service Target Application in SPCentralAdmin and everything seems fine, but I can't consume the application in SPD. I get an error that BCS has rejected the
request. This is new and curious; I'm a Farm Administrator.
Looking at the logs, I find I get a Claims Authentication error that my ID can't be found (the error is below). This is also new and is very, very curious as we're not using Claims authentication for any of our sites. They all use Windows authentication.
I am also getting recent reports from users who are repeatedly challenged for credentials and wonder if this is related.
In my research, I've found suggestions from starting the CWTS Service (I was dubious, I can start the service, and it doesn't resolve the problem) to setting Metadata Store Permissions in SPCentralAdmin (I was again dubious as I'm a farm administrator -
and I get the same error when I try to make this assignment!) So I'm at a loss.
Here is the error (the X'd out information was correct in the trace):
SPSecurityContext.WindowsIdentity: Could not retrieve a valid windows identity for NTName='XXXXX\XXXXXX', UPN='[email protected]'. UPN is required when Kerberos constrained delegation is used. Exception: System.ServiceModel.EndpointNotFoundException:
There was no endpoint listening at net.pipe://localhost/s4u/022694f3-9fbd-422b-b4b2-312e25dae2a2 that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.IO.PipeException:
The pipe endpoint 'net.pipe://localhost/s4u/022694f3-9fbd-422b-b4b2-312e25dae2a2' could not be found on your local machine. --- End of inner exception stack trace --- Server stack trace:
at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeNam...
We're not using Kerberos at all. We're using good, old-fashioned Windows Authentication. The only changes made to the platform recently have been updates. The error could, of course, be erroneous and I may be charging down the wrong path.
But although I find many links when I Bing the error, all the links pertain to sites using Claims authentication - even the Error Category in my log is "Claims Authentication" - but we're not using Claims Authentication...
Again, any help at all will be appreciated. Thanks!

Hi Kevin,
From the error message, we might be missing user permissions to the BCS Metadata Store. Please perform the steps below and test the issue again:
1. Open the SharePoint Central Administration website with either a Farm administrator account or an account that has been delegated permissions to administer the Business Data Connectivity Service Applications.
2. On the Quick Launch, click Application Management.
3. On the Application Management page, under Service Applications, click Manage service applications.
4. In the list of services, select the row of the Business Data Connectivity Service Application that you created in Create the Business Data Connectivity service application and then click Manage and then Set Metadata Store Permissions.
5. Enter the Farm Administrator account and any other delegate administrators if you have them and then click Add.
6. For each account or group that you added that is an administrator of the Business Data Connectivity Service Application, select the Edit, Execute, Selectable In Clients, and Set Permissions checkboxes.
7. Select the Propagate permissions to all BDC Models, External Systems and External Content Types in the BDC Metadata Store. Doing so will overwrite existing permissions checkbox.
8. Click OK.
Also, make sure your account is added as local administrator.
Regards,
Rebecca Tu
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]

How to use an authenticated user for a proxy call

Dear all,
I am currently working on a JEE application where the user needs to authenticate (for this I have configured the web.xml).
Now inside this application I need to do a proxy call to a PI webservice.
I would like to use the user credentials of the already logged in user in order to call the proxy.
What I don't want to do is to use a service user for the proxy call.
The code I am trying to call looks something like this:
     private IntegratedConfigurationIn getPort() throws Exception{
          IntegratedConfigurationIn port = null;
          try {
               IntegratedConfigurationInService service = null;
               service = new IntegratedConfigurationInService();
               port = (IntegratedConfigurationIn) service.getIntegratedConfigurationIn_Port();
              BindingProvider bp = (BindingProvider)port;
              bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, user);
              bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);
              if (url.length() != 0)
                   bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, url);
          catch (Exception ex){
               ex.printStackTrace();
          return port;
The examples I found to retrieve the userdata pointed to codes similar to this one:
public HttpServletRequest getHttpRequest() throws Exception {
          // Get runtime context
          Properties props = new Properties();
          props.put("domain", "true");
          Context initialContext = new InitialContext(props);
          ApplicationWebServiceContext wsContext = (ApplicationWebServiceContext) initialContext
                    .lookup(" /wsContext/ApplicationWebServiceContext");
          HttpServletRequest req = wsContext.getHttpServletRequest();
          return req;
com.sap.security.api.IUser sapUser = com.sap.security.api.UMFactory.getAuthenticator().getLoggedInUser(getHttpRequest(), null);
          IUser ep5User = com.sapportals.wcm.util.usermanagement.WPUMFactory.getUserFactory().getEP5User(sapUser);
Now I don't know how to bring it togehter and how to use an authenticated user for the BindingProvider.
I would appreciate any hints or ideas.

Peter,
from the first screenshot, what I understood is that, you are calling an inbound PI web service that is intended to create an integrated configuration object (this is used for whole lot of other reason completely) but not actually calling a development web service.
For this, you would have to generate your client classes from the WSDL provided by the PI developer for that particular service. Once you get those client classes generated, you could used the method provided in the other screenshot to extract the user and password and call the intended web service.
Vijay Konam

2 Factor Authentication for Anyconnect VPN using ISE

We are planning to implement dual factor authentication for Anyconnect VPN.
The end users will be authenticated using domain name in machine certificates and username password with
ISE used as radius server.
We have the following approaches to achieve this :-
1. Use primary and secondary authentication with user credentials as primary authentication
and CN field of the certificate as secondary authentication.However this option prompts users for password for
both the fields while we want the machine certificate to authenticate itself without a password.
2. Second approach is to authenticate using user credentials and authorize the user to access the network if
the machine certificate has a domain name in CN field which we are able to validate from the AD using
Dynamic Access Policy.
We are looking forward for discussions on the above approaches and are open to any other
solution.

Hi Umahar,
Not sure I understood correct. You would like to authenticate the user using machine certificate for anyconnect and want to extract CN attribute the client's certificate and send it to the ISE server for further authenticate with AD. And also you don't want an additional password prompt to be produced to the user.
If my understanding is correct. Then user would get a prompt for the password atleast because in the machine certificate there won't be password, but to authenticate with RADIUS/TACACS , we need both username and password. So how will the user gets authenticated without password.
If you are looking a way to just see if the user is present under AD, not exactly and authentication then this might not be possible.

Using PAP authentication for 3G stick

Similar Messages

Maybe you are looking for