Web Service Authentication using Microsoft Active Directory

Hi
Is there a way to create Oracle Java Web Services that requires authentication using Active Directory?
Regards,
Néstor Boscán

If you use the SOA Suite the Oracle Web Service Manager is included in there. Using this you can add steps that will authenticate against an AD.
cu
Andreas

Similar Messages

Errors creating a Web Service Proxy using Microsoft WSDL.exe tool

I have deployed a BPEL process using JDeveloper. This process can be invoked from the BPEL console and completes as expected. I am trying to create a Web Service Proxy using the Microsoft WSDL.exe tool so that the process can be invoked from a Microsoft Word document. This process is based on the AutoLoan example in the Developer's Guide for Microsoft Office Interoperability B25781-01.
WSDL.exe returns the following error message
Error: There was an error processing 'http://erp.template.co.uk:8889/orabpel/default/HonorariumSmartDoc/1.0/HonorariumSmartDoc?wsdl'.
- The document at the url http://erp.template.co.uk:8889/orabpel/default/HonorariumSmartDoc/1.0/HonorariumSmartDoc?wsdl was not recognized as a known document type. The error message from each known type may help you fix the problem:
- Report from 'WSDL Document' is 'There is an error in XML document (19, 7).'.
- A schema with the namespace '' has already been added.
- Report from 'DISCO Document' is 'Discovery document at the URL http://erp.template.co.uk:8889/orabpel/default/HonorariumSmartDoc/1.0/HonorariumSmartDoc?wsdl could not be found.'.
- The document format is not recognized.
- Report from 'XML Schema' is 'Expected Schema root. Make sure that the root element is <schema> and the namespace is 'http://www.w3.org/2001/XMLSchema' for an XSD schema or 'urn:schemas-microsoft-com:xml-data' for an XDR schema. An error occurred at , (2, 2).'.
How do I resolve this error?

The WSDL file is below.
<?xml version="1.0" encoding="UTF-8" ?>
- <definitions name="HonorariumSmartDoc" targetNamespace="http://xmlns.oracle.com/HonorariumSmartDoc" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://xmlns.oracle.com/HonorariumSmartDoc" xmlns:wsa="http://schemas.xmlsoap.org/ws/2003/03/addressing" xmlns:plnk="http://schemas.xmlsoap.org/ws/2003/05/partner-link/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:client="http://xmlns.oracle.com/HonorariumSmartDoc">
- <types>
- <schema xmlns="http://www.w3.org/2001/XMLSchema">
<import namespace="http://xmlns.oracle.com/HonorariumSmartDoc" schemaLocation="HonorariumSmartDoc.xsd" />
</schema>
- <schema xmlns="http://www.w3.org/2001/XMLSchema">
<import namespace="http://schemas.xmlsoap.org/ws/2003/03/addressing" schemaLocation="http://erp.template.co.uk:8889/orabpel/xmllib/ws-addressing.xsd" />
</schema>
</types>
- <message name="HonorariumSmartDocResponseMessage">
<part name="payload" element="tns:HonorariumSmartDocProcessResponse" />
</message>
- <message name="HonorariumSmartDocRequestMessage">
<part name="payload" element="tns:HonorariumSmartDocProcessRequest" />
</message>
- <message name="WSARelatesToHeader">
<part name="RelatesTo" element="wsa:RelatesTo" />
</message>
- <message name="WSAReplyToHeader">
<part name="ReplyTo" element="wsa:ReplyTo" />
</message>
- <message name="WSAMessageIDHeader">
<part name="MessageID" element="wsa:MessageID" />
</message>
- <portType name="HonorariumSmartDocCallback">
- <operation name="onResult">
<input message="tns:HonorariumSmartDocResponseMessage" />
</operation>
</portType>
- <portType name="HonorariumSmartDoc">
- <operation name="initiate">
<input message="tns:HonorariumSmartDocRequestMessage" />
</operation>
</portType>
- <binding name="HonorariumSmartDocBinding" type="tns:HonorariumSmartDoc">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
- <operation name="initiate">
<soap:operation style="document" soapAction="initiate" />
- <input>
<soap:header message="tns:WSAReplyToHeader" part="ReplyTo" use="literal" encodingStyle="" />
<soap:header message="tns:WSAMessageIDHeader" part="MessageID" use="literal" encodingStyle="" />
<soap:body use="literal" />
</input>
</operation>
</binding>
- <binding name="HonorariumSmartDocCallbackBinding" type="tns:HonorariumSmartDocCallback">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
- <operation name="onResult">
<soap:operation style="document" soapAction="onResult" />
- <input>
<soap:header message="tns:WSARelatesToHeader" part="RelatesTo" use="literal" encodingStyle="" />
<soap:body use="literal" />
</input>
</operation>
</binding>
- <service name="HonorariumSmartDocCallbackService">
- <port name="HonorariumSmartDocCallbackPort" binding="tns:HonorariumSmartDocCallbackBinding">
<soap:address location="http://set.by.caller" />
</port>
</service>
- <service name="HonorariumSmartDoc">
- <port name="HonorariumSmartDocPort" binding="tns:HonorariumSmartDocBinding">
<soap:address location="http://erp.template.co.uk:8889/orabpel/default/HonorariumSmartDoc/1.0" />
</port>
</service>
- <plnk:partnerLinkType name="HonorariumSmartDoc">
- <plnk:role name="HonorariumSmartDocProvider">
<plnk:portType name="tns:HonorariumSmartDoc" />
</plnk:role>
- <plnk:role name="HonorariumSmartDocRequester">
<plnk:portType name="tns:HonorariumSmartDocCallback" />
</plnk:role>
</plnk:partnerLinkType>
</definitions>

Lion Server 10.7.4 VPN service not using my Active Directory domain for authentication

I have Lion Server 10.7.4 setup on a Mac Mini and I have enabled the VPN service for both L2TP and PPTP. The Mac Mini is joined to my Windows Domain at a functional level of Server 2008 R2. I have set the authentication paths to point to my domain in Directory Utility.
What I would like to have happen is for my laptop to be able to VPN into my office network remotely using domain credentials and not local account credentials on the Mac Mini itself. This is a process I have done numerous times on Windows boxes, but for some reason the only way I can get the VPN to work on this instance of Lion Server 10.7.4 is by authenticating using local accounts only.
Does Lion Server 10.7.4 only authenticate VPN users based on it's local account schema? Or can it truly authenticate against an active directory domain?
Any suggestions or help is greatly appreciated. Thanks,

Hi g-pirtle,
Yes, I had already done that a few days ago. I was able to add the desired AD group to the allowed users/groups for the VPN service. Thats exactly what is so weird about this...it allows me to search for and add an AD user or group to the list of allowed users/groups, but then when I actually try to use a domain account to authenticate to the VPN is just gives me the "cannot authenticate" error. Very strange.
I wondered if for some reason Apple is only allowing local accounts to be authenticated against. Sounds crazy, but I cannot for the life of me get this to work. I also wondered if Kerberizing the server would help, but when I go to join a Kerberos realm in Open Directory inside of Server Admin, it just has no realm listed in the drop down menu.
Other than that, all other aspects of the Mac Mini being joined to the AD domain seems to be good. I'm really stumped here...
Thanks again,

APEX_LDAP.AUTHENTICATE - using Microsoft Active Directory

Application Express 4.1.1.00.23
Internet Explorer - 8
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
Hi very new to Apex and trying to get the authenticaqtion to work against our active directory. I have setup an authentication scheme for my application chossing the schema type as LDAP Directory...my settings are as follows:
Host : ****
Port : 389
Use SSL: No SSL
Distinguished Name (DN) String : domain\%LDAP_USER%
Use Exact Distinguished Name (DN) : Yes
This works perfectly and authenticates the user against active directory. The problem is when I try do the following in the database as I really want to setup a custom authentication scheme, it just does not work.
Begin
IF apex_ldap.authenticate(
p_username => 'testusername',
p_password => 'testpassword',
p_search_base => 'domain\%LDAP_USER%',
p_host => '*****',
p_port => 389) THEN
dbms_output.put_line('True');
Else
dbms_output.put_line('False');
End If;
End;
No matter what I do this always returns false. I have created a function based on same code and created a custom authentication scheme that calls the function but I always get a false. Not sure why it works one way and not the other. Also would really appreciate if someone could help me get the code above to work or help correct it.
I have looked through the forum and tried many different search base strings but nothing seems to work.
Regards
Ash

Hi Ash,
Microsoft AD allows "domain\%LDAP_USER%" instead of a real distinguished name (DN), but this does not work with apex_ldap.authenticate. The authenticate function tries to create a DN from username and search base. It does not substitute the "%LDAP_USER%" pattern with the username. Based on the parameters I see in your example, it would try to authenticate with "cn=testusername,domain\%LDAP_USER%", which is clearly wrong, hence the authentication failure.
What you could do is use another package, although it's not in the official API docs, like this (untested):
Begin
    IF wwv_flow_custom_auth_ldap.authenticate(
           p_dn => 'domain\testusername',
           p_password => 'testpassword',
           p_ldap_host => '*****',
           p_ldap_port => 389)
    THEN
        dbms_output.put_line('True');
    Else
        dbms_output.put_line('False');
    End If;
End;Regards,
Christian

Oracle Database Authentication against Microsoft Active Directory

Hello
Does anyone know if it is possible or can point me in the right direction of some documentation that discuss Oracle database user authentication against and Enterprise Directory Service, in my cases MS AD?
My environment consists of Oracle RDBMS 10.2.0.3 on Linux Red Hat AS 4. Our users connect in from Window clients. I would like to know if there is a way to autheticate users from Windows to the database using LDAP based (AD) authentication. In oters words how do I configure authentication to be done for "identified globally accounts"? I know that the identified by globally accounts require the use of the CN which I have done, but it seems like there is some piece missing. Perhaps an Oracle schema or modification to Active Directory??
So my questions are
1. Is it possible to authenticate users against AD without the implementation of OID?
2. Is there documentation someone has or can point me to that outlines the required steps?
3. Anything I should know?
I appreciate any help. The documentation I have found so far doesn't seem to be what I need... So I am looking for some advice.
Thanks.

Sure, two methods to auth from Oracle DB to MSAD:
OID and OVD
I am working on our own proof of concept configuring EUS connect to OVD with an MSAD as auth at the moment. OVD basically is presenting the database with OracleSchema and OracleContext info. And when you connect via netca (ldap.ora), you assign it as OID directory authentication type.
Here's an OVD manual on Integrating with EUS (chapter 7 is for MSAD)http://www.oracle.com/technology/products/id_mgmt/ovds/pdf/e10286.pdf
And this would be what the EUS config should look like:
http://www.oracle.com/technology/deploy/security/database-security/howtos/eus-how-to.html
If you've done everything in the first doc...
Hope this answers your questions.

Calling web service -authentication using passwordtext

Hi,
My requirement is to call a web service . WS which I consume need password type as Passwordtext.
I did following step
1.From SE80 created Enterprise Services using WSDL file.
2.In SOAMANAGER select my consumer proxy.
3.Created Logical port ZXYZ by selecting WSDL based configuration and gave WSDL url.
When I execute this proxy Iu2019m getting login error.
I check the blog /people/wolfgang.bauer2/blog/2009/07/08/call-wcf-service-net-from-sap-with-usernametoken-and-ssl
If use web.config file then I'm getting error in Method: IF_SIDL_DESERIALIZER~DESERIALIZE of program CL_SIDL_DESERIALIZER==========CP. Reason is this method check for url http://schemas.xmlsoap.org/wsdl/ in the file.
When checked the soapui using the password type as passwordtext, Soap header is formed like below and it work fine without any issue.
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>USERNAME</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">5oHK2KjEop8a6OPsl3pw6Q==</wsse:Nonce>
<wsu:Created>2011-08-17T17:58:50.068Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
Can any one help me how to pass password type as passwordtext. And also can you help me on custom binding.
Thanks in advance

Hi Pradeep,
My Abap skills are really limited but I can offer a suggestion to start with, you will need to explicitly add these WS-Security nodes to the SOAP header before the consumer proxy initiates the runtime call.
You do this by using the IF_WSPROTOCOL_WS_HEADER interface. Follow this thread (as well as the referenced thread where Thomas Jung gives a code example) for more detail on how to implement this in the consumer proxy:
[External Web Service Requires - WS-Security Header (calling from ABAP);
Regards, Trevor

Problem with Oracle external procedures and Microsoft Active Directory

Hi,
Our server was recently updated to use Microsoft Active Directory. However, we noticed that all external procedure calls keeps on failing with ORA-28575: unable to open RPC connection external procedure agent. Everything was working fine before we migrated to Active Directory which is why we can say that the listener is configured correctly.
Any idea on how we can make extproc calls with Active Directory?
thanks.

Michael,
Oracle Forms does support Single Sign-On (SSO). Take a look at Oracle Containers for J2EE Security Guide: OC4J Java Single Sing-On. Also take a look at the Oracle Forms 10g Sample Code and scroll to the SSO demo under the Forms Services Demo section. There are also, numerous other documents available via Google. ;-)
Craig B-)
If someone's response is helpful or correct, please mark it accordingly.

Use Microsoft Online Directory Services as a user authentication provider for our own SharePoint farm?

Hi,
I've managed to configure my farm so that Microsoft Online Directory Services (Office 365 etc.) can be used for STS authentication, but what I'm actually trying to do is allow user authentication - that is, I'm hoping to be able to use the user's
O365 credentials to authenticate them in my own farm so they can view certain parts of it. If I need to write my own login form or authentication provider or whatever that's fine, as long as the user doesn't need to enter anything when they access my farm
(provided they already have cached O365 credentials in their browser session).
FWIW I actually need to be able to support the possibility that users are coming from multiple O365 tenancies, whereby each site collection will be configured to allow users from a different O365 tenancy (more or less).
If it's not possible to do with my own development farm on a PC, it is possible if the farm is hosted in Azure?
Thanks
Dylan

Hi Dylan,
According to your description, my understanding is that you want to use Microsoft Online Directory Services as a user authentication provider for your SharePoint farm.
For your demand, you can configure a hybrid topology for your SharePoint farm:
http://technet.microsoft.com/en-us/library/jj838715(v=office.15).aspx
http://technet.microsoft.com/en-us/library/dn197168(v=office.15).aspx
Thanks,
Eric
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
contact [email protected]
Eric Tao
TechNet Community Support

Use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature?

Dear all,
I am looking to setup the use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature. We SSO to the backened ABAP AS via an SAP NW Portal to which SPNEgo kerberos authentication is setup. Today we specify R3 user id/password to digitally approvae a lot release. The idea is to have users maintain one AD password and don't have to remember the R/3 password anymore and also our Security team to avoid password maintenance.
I know there are 3 options for digital signature and
System signature with authorization by user ID and password (We use this currently)
Digital User signature with verification - (We would like to use this with AD userid/password, so the system still ask the users their AD userid/password for the authentication when they try to "sign" a document.)
User signature without verification
Do you think there is a way to configure the system in order to ask and check the active directory userid/password instead of SAP R/3 password? Where can I found documentation about it ?
I have several different versions of AS ABAP starting from NW 7.02 to NW 7.31.
My active directory is based on Windows 2008.
Thanks in advance!!
Dhee

Actually enabling Kerberos for SSO purposes and enabling Kerberos for digital signatures are two different topics although the latter is because of the former. I'm interested in the topic as well and I'm currently looking at different options. SAP provides a BAdI for the digital signature API which can be used for external authentication but they do not provide the solution to invoke Kerberos authentication based on username and password. SAP provides a semi solution with NWSSO 2.0 SP2 which works only on Windows with classic dynpros meaning SAP GUI for Windows is assumed. The solution is based on an ActiveX component which does the actual Kerberos authentication using the Secure Login Client which is part of the NWSSO suite. Extending that implementation to non-Windows and non-GUI applications would require some sort of web enabled service that could be used to authenticate the user with username and password. In case authentication is successful, a Kerberos token would be returned to SAP which would then be validated. All the required pieces are there since SAP has Kerberos support now in both stacks of the NetWeaver Application Server, some bits are still missing though which leaves customers looking at 3rd party or custom solutions.

SharePoint 2013 profile service account requirements when using "Use SharePoint Active Directory Import" option

Hi All,
I am trying to configure SharePoint Profile service. We would like a straightforward profile import from Active Directory.
On the "Configure Synchronization Settings" page, we have chosen the option "Use SharePoint Active Directory Import" option.
We have created a connection to the Active Directory using Configure Synchronization Connections page. We have specified the account that would be used for the import process.
Question:
I would like to confirm whether the account configured for the profile import need any special privileges when using "Use SharePoint Active Directory Import" option ?
Thanks,
Saurabh

Grant Replicate Directory Changes permission on a domain
To do this please follows below procedure
On the domain controller, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
In Active Directory Users and Computers, right-click the domain, and then click Delegate Control.
On the first page of the Delegation of Control Wizard, click Next.
On the Users or Groups page, click Add.
Type the name of the synchronization account, and then click OK.
Click Next.
On the Tasks to Delegate page, select Create a custom task to delegate, and then click Next.
On the Active Directory Object Type page, select This folder, existing objects in this folder, and creation of new objects in this folder, and then clickNext.
On the Permissions page, in the Permissions box, select Replicating Directory Changes (select Replicate Directory Changes on
Windows Server 2003), and then click Next.
Click Finish.
Thanks & Regards
ShivaPrasad Pola
SharePoint Developer

How i use OEM 12c to monitor Microsoft Active directory.

Hi,
How i use OEM 12c to monitor Microsoft Active directory.Please assist me on this.
Thanks,
Sagar

Hi,
The fundamental problem with this scenario is that you have non-failover capable modules in a failover chassis - think of the ASA failover pair as one device and the IPS modules as two completely separate devices.
Then, as already mentioned, add only the primary ASA. (The secondary will never be passing traffic in standby mode so it's not actually needed in MARS) Then, with the first IPS module you can add it as a module of the ASA or as a standalone device (MARS doesn't care). With the second IPS module the only option is to add it as a separate device anyway.
In a failover scenario the ASA's swap IP's but the IPS's don't so whereas you'll only ever get messages from the active ASA you'll get messages from both IPS IP's depending on which one happens to be in the active ASA at the time.
Don't forget that you have to manually replicate all IPS configuration every time you make a change.
HTH
Andrew.

How to authenticate Username and password in MVC using Azure Active Directory

Need a sample application where in need to authenticate user entered logindetails using Azure Active directory.

Hi,
Kindly go through beneath article which helpful to understand the procedure.
How to Authenticate Web Users with Azure Active Directory Access Control
http://azure.microsoft.com/en-in/documentation/articles/active-directory-dotnet-how-to-use-access-control/
Developing ASP.NET Apps with Windows Azure Active Directory
http://www.asp.net/identity/overview/getting-started/developing-aspnet-apps-with-windows-azure-active-directory
Adding Sign-On to Your Web Application Using Azure AD
https://msdn.microsoft.com/en-us/library/azure/dn151790.aspx
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

E-Business suite r12 login through Microsoft Active Directory

I integrated E-business suite release 12.1 with SSO and OID and i want to integrate OID with Microsoft Active Directory. how is this possible?

804050 wrote:
I integrated E-business suite release 12.1 with SSO and OID and i want to integrate OID with Microsoft Active Directory. how is this possible?Yes, it is possible. The basic idea is EBS 12.1 will use OID, which will be configured to use third party external authentication, like Microsoft AD.
Please see this document:
Oracle® Identity Management Integration Guide
10g (10.1.4.0.1)
Part Number B15995-01
Chap 19 Integrating with Microsoft Active Directory
HTH
AMN

Oracle account and microsoft active directory password synchronisation

Hi
We are migrating our application to use windows active directory authentication. We have separate oracle account for
each logged in user in the application, and these oracle credentials have to be the same as the windows active directory
credentials.
Also, a password change on windows Active directory should change the oracle account password.
Is there a tool available to manage and synchronize the microsoft active directory and oracle account.
We use oracle 10g and application is hosted on Windows 2008 server.
Thanks
Karthik

There's an OOTB connector for Password Synch between AD -> OIM. Please use that.
http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html
For password synch, OIM- AD/Oracle, you can use triggers.
Enabling update for provisioned user in OIM11g

Integrate Oracle Apps R12 with Microsoft Active Directory

Dear Friends,
I am using Oracle Apps R12.1.3 and alsoo we have Microsoft Activity Directory.
we need to integrate both so that any employee cretaed in Oracle Apps HRMS will be replicated in Microsoft Directory.
Please let us know the oracle 10g and 11g products we have to use to achieve this.
Please let us know both 10g and 11g products and is 10g products covered in Oracle support?
Regards,
DB

Please see these docs/links.
Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On 10gR3 (10.1.4.3) [ID 376811.1]
Using the Latest Oracle Internet Directory 11gR1 Patchset with Single Sign-on and Oracle E-Business Suite [ID 876539.1]
Registering Oracle E-Business Suite Release 12 with Oracle Internet Directory 11gR1 and Single Sign-On [ID 1370938.1]
External Authentication To Active Directory Integration With E-Business Suite [ID 429020.1]
Re: Integrating Active directory with oracle EBS 12.1.3 with 11g R2 database
Re: Oracle EBS with SSO
Re: Need to integrate AD with R12.1.3 with the most simplest architecture.
Re: EBS R12,how to use OID implement SSO without OAM/OID(with 3rd product)?
Thanks,
Hussein

Web Service Authentication using Microsoft Active Directory

Similar Messages

Maybe you are looking for