Web users/security

Similar Messages

• Web service security with active directory

  Hi,
  i want to protect my webservice by using active directory for authentication.
  (i am using jdeveloper 10.1.3.1 and bundled OC4J)
  i follow the document web service developer guide (section External LDAP Security Providers) and set up the LDAP security provider...
  in the OC4J web admin security page...i have press the 'test ldap authorization'
  button to CONFIRM the ldap connection is correctly set.
  but when i call the web service, deployed in that OC4J container,
  operation fail with the following message :
  javax.xml.rpc.soap.SOAPFaultException: UnsupportedCallbackException: oracle.security.jazn.callback.IdentityCallback@19f410 not available to gather authentication information from the user
  at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
  at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
  at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
  at test.proxy.ws1.runtime.MyWebService1SoapHttp_Stub.getUserNameYY(MyWebService1SoapHttp_Stub.java:134)
  at test.proxy.ws1.MyWebService1SoapHttpPortClient.getUserNameYY(MyWebService1SoapHttpPortClient.java:50)
  at test.proxy.ws1.MyWebService1SoapHttpPortClient.main(MyWebService1SoapHttpPortClient.java:33)
  could anybody help me?
  thank you very much

  actually i use the default setting provided by oracle's configuration
  wizard for active directory
  User:
  LDAP User Name Attribute: sAMAccountName
  LDAP User Object Class : inetOrgPersion
  User Search Scope: subtree
  User Search Base: dc=xxx, dc=com
  Groups:
  LDAP Group Name Attribute: cn
  LDAP Group Object Class: group
  LDAP Group Member Attribute: member
  Group Search Scope: subtree
  Group Membership Search Scope: direct
  Group Search Base: dc=xxx, dc=com
  using the same user, user searchbase, i can search the AD using other
  tools.
  could anybody help me ?
  thank yous.

• Web app security ... i don't get it

  I do not get it how do one configure web.xml
  I want every page to be protected against unlogged user and some pages only to some of them
  From what I read it's only necessary to have only one root role that every user is part of and then any sub-role is recognized
  My use case:
  every page should be protected against unauthorized user
  <security-constraint>
          <display-name>Restrictie de vizualizare pe orice pagina jsf</display-name>
          <web-resource-collection>
              <web-resource-name>JSF Pages</web-resource-name>
              <url-pattern>/faces/*</url-pattern>
              <http-method>GET</http-method>
              <http-method>POST</http-method>
          </web-resource-collection>
          <auth-constraint>
              <role-name>fullaccess</role-name>
          </auth-constraint>
          <user-data-constraint>
              <transport-guarantee>NONE</transport-guarantee>
          </user-data-constraint>
      </security-constraint>and I want that managers only to have access to /managers so I guess that a new </security-constraint> must be issued to allow the users that have managers role to access the resource.
  <security-constraint>
          <display-name>Restrictie de vizualizare pe orice pagina jsf</display-name>
          <web-resource-collection>
              <web-resource-name>JSF Pages</web-resource-name>
              <url-pattern>/faces/manager/*</url-pattern>
              <http-method>GET</http-method>
              <http-method>POST</http-method>
          </web-resource-collection>
          <auth-constraint>
              <role-name>managers</role-name> ????
          </auth-constraint>
          <user-data-constraint>
              <transport-guarantee>NONE</transport-guarantee>
          </user-data-constraint>
      </security-constraint> What are the roles that must be declared in web.xml knowing that
  <security-role-assignment>
           <role-name>fullaccess</role-name>
           <principal-name>public</principal-name>
       </security-role-assignment>
  </weblogic-web-app> and in the realm public group has a member 'managers' (that in my opp must not be mapped)?
  ..on the moment there is only
    <security-role>
          <description>acces pe toate paginile web</description>
          <role-name>fullaccess</role-name>
      </security-role>thanks, Florin POP

  Hi guys.
  A username and password info to connect to BC is the following:
  Username - Your adobe ID email
  Password - Your password.
  To connect to SFTP its...
  Server: Just the address (yoursite.businesscatalyst.com)
  username - yoursite.businesscatalyst.com/[email protected]
  Password - your password.

• Web service security in PI

  Mine is PROXY to SOAP asynchronous.
  PI consumes the service, my requirement is when PI calls the service I need to pass web service security in SOAP header.
  so that at receiver statem they can validate the user using these.
  When i am calling webservice from soapui with the header parameters
  Username , Password and Password Type - PasswordText , it is able to get results. The soapui tool automatically adds the following in the soap header -
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken wsu:Id="UsernameToken-9368150" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>xxxxx</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password>
  <wsse:Nonce>aOA1P6t2hJPRyuraQ/IliQ==</wsse:Nonce>
  <wsu:Created>2009-07-10T14:58:33.781Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  What configuration needs to be done in PI.

  I got this in Runtime work bench
  <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
  - <SOAP:Header>
  - <sap:Main xmlns:sap="http://sap.com/xi/XI/Message/30" versionMajor="3" versionMinor="0" SOAP:mustUnderstand="1" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-main-92ABE13F5C59AB7FE10000000A1551F7">
    <sap:MessageClass>ApplicationMessage</sap:MessageClass>
    <sap:ProcessingMode>asynchronous</sap:ProcessingMode>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:TimeSent>2009-07-15T15:46:10Z</sap:TimeSent>
  - <sap:Sender>
    <sap:Party agency="" scheme="" />
    <sap:Service>test2310</sap:Service>
    </sap:Sender>
  - <sap:Receiver>
    <sap:Party agency="" scheme="" />
    <sap:Service>test_serivce</sap:Service>
    </sap:Receiver>
    <sap:Interface namespace="urn:Publish">msgIF_publish_I_Async</sap:Interface>
    </sap:Main>
  - <sap:ReliableMessaging xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    <sap:QualityOfService>ExactlyOnce</sap:QualityOfService>
    </sap:ReliableMessaging>
  - <sap:Diagnostic xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    <sap:TraceLevel>Fatal</sap:TraceLevel>
    <sap:Logging>On</sap:Logging>
    </sap:Diagnostic>
  - <sap:HopList xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
  - <sap:Hop timeStamp="2009-07-15T15:46:10Z" wasRead="false">
    <sap:Engine type="BS">test_serivce</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:Info>3.0</sap:Info>
    </sap:Hop>
  - <sap:Hop timeStamp="2009-07-15T15:46:11Z" wasRead="false">
    <sap:Engine type="IS">is.68.devai020</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:Info>3.0</sap:Info>
    </sap:Hop>
  - <sap:Hop timeStamp="2009-07-15T15:46:12Z" wasRead="false">
    <sap:Engine type="AE">af.dxi.devai020</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XIRA</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    </sap:Hop>
    </sap:HopList>
    </SOAP:Header>
  Edited by: Vamsi on Jul 15, 2009 7:06 PM

• Web Service Security using OpenSSO

  Hi,
  I have a question regarding the usage of the OpenSSO in order to secure web services.
  I have read the documentation and it states the OpenSSO enables web service security.
  However, in the docs the main scenario is where the WSC and WSP are protected by the agent.
  In my scenario, I would like to use agents only on the WSP side, but leave the implementation of the client side open to the partners. Partners will have the interface from the OpenSSO for the authentication and saml token retrieval. The client will have to create soap by itself. This is the case since the WSC are to be standalone applications on client computers.
  To set the actual question; what are web service interfaces that OpenSSO as a STS offers for authentication and saml token issuance. Is there same sort of a referential architecture for this case where only the STS and WSP can be configured and the WSC implementation of the WSS left to the partner. Any pointers and directions would be appreciated.
  Thanks!

  Hi
  Thanks for your reply
  I downloaded OC4J 10.1.2.0.2 and ran it as as a standalone server.
  I read the blog you linked and made the changes to the web.xml for the webservice. All of which I was able to do using the property palette in jdev 10.1.2.1.0.
  I deployed my webservice to my oc4j standalone server and it appeared as a new application. I editied the orion-web.xml for the new application manually.
  When I point my browser at the webservice I get the test page which allows me to pass parameters to the webserive. I invoke the webservice (which does a HTTP GET according to the test page) and the webservice runs. No user and password is needed though.
  What is the expected behaviour? I was hoping that the webservice wouldn't run until I supplied the admin user name and password
  paul

• Crystal Report + Web Services Security Help!

  Hello all,
  I am trying to design a Crystal Report (using CR XI 2 and/or CR 2008) and using a web service as a data source.  I've developed the web service in .NET and have control over the IIS directory it is hosted on.  I've set the authentication for the folder with "Anonymous Access" turned off and Integrated Windows Authentication.
  I'd like Crystal to pass the current user id (NT Id) over to the web service when the report is created.  My web service will take the user id and return only the data that the user is allowed to view (security is all in the web service).
  The problem I am having is after setting up my connection in Crystal Designer, when I click preview, I am getting an unauthorized (401) error. 
  It seems that CR isn't passing any type of user credentials to IIS.  Does anyone know if there is a way to do this so I can test this in the designer?
  Thanks!

  Nope, nothing yet.  The problem seems to be that Crystal doesn't currently allow SSO or the SSO credentials to be passed through to IIS.  Therefore, IIS never gets any security tokens for validation.  Maybe you can do this with an SDK?  I don't know.
  The only half solutions I can think of are:
  1.  Allowing "Anonymous Access" authentication to your web service on IIS.  The downside is that the user token doesn't get passed through, so if you are looking to use the current user security context, you're outta luck.  You'll get the impersonated IIS account instead.
  2.  Hosting your crystal report file behind IIS in your vritual directory.  I think this works since by the time you get to the report, it has already been authenticated via IIS.  However, you don't get the luxury of the BOE servers.
  So sadly, no answer yet.  I've decided to just code everything into my stored procedures as I am short on time.  It seems odd that CR doesn't seem to support this yet, but who knows what the future holds
  If you find anything out, please let me know.  Thanks!

• CMC tool raise http 404 error when viewing user security on server object.

  Description of Problem or Question:
  In investigating an issue promoting an LCM job, I attempted to use the CMC tool to look at the user security on a server object. When I executed the command the tool raised an error.
  HTTP Status 404 - /CmcAppActions/jsp/Shared_Rights/rights.face.
  type: Status Report
  message: /CmcAppActions/jsp/Shared_rights/rights.face
  description: The requested resource (/CmcAppActions/jsp/Shared_Rights/rights.face) is not available.
  Product\Version\Service Pack\Fixpack (if applicable):
  Business Objects XI 3.1 SP2
  Apache Tomcat 5.5.20
  Java 6.0.170
  Relevant Environment Information (OS & version, java or .net & version, DB & version):
  WIN Server 2003  Enterprise SP2
  Sporadic or Consistent (if applicable):
  Consistent error
  What has already been tried (where have you searched for a solution to your question/problem):
  I have done some research in service.sap.com and on the Web, but have found nothing concrete other than it appears to be an error in the install of the Tomcat server.
  Edited by: Jon Russell on Jul 9, 2010 12:20 AM

  Hi Alvaro,
  Forgot this thread was open as of yet. There was a solutio but nothing concrete I can offer to th user community. The reason i that this devolved into a Note to SAP and, as I recall, the solution was for a BO consultant to remotely access our development server for BO an bsically do "brain surgery" in the SQL Server db we had supporting BO. It was a difficult issue an eventually required direct intervention from SAP-BO.

• Visual Admin: error on loading service Web Services Security ?  HELP

  I wanted to consume a webservice to a remote R3 ECC 5 webservice with Visual Composer.
  I added a web service client for VComposer using visual admin as:
  Cluster->services->webServicesSecurity->
     SecurityConfiguration->WebServiceClients->DynamicWSProxies->New
  Added the remote host to R3 ECC5
       <b>http://<host>:8000/inspection.wsil</b>
  I keyed in the SID, client and language as per /people/community.user/blog/2007/04/04/consuming-webservice-in-visual-composer-1  .
  I changed the security authentication to Basic and keyed in right user and password,  saved the data.
  It worked fine.
  After I changed few values for SID, user, password on this properties, it gave me ERROR on loading service Web Services Security.
  Can you please help to reset and put back the old config.
  Thanks;

  Thanks, I restarted it after an hour, it is working fine.

• "Define Web Service" - Security Issues

  Hello all,
  I have successfully defined a Web service with the wizard in ID. So I already have my WSDL file.
  Now, I need to use this WSDL file from a Web Application that exposed to all public internet. 
  Now my question is, how is security managed for this web service? I mean, if the web service is exposed to any user of the web application in the internet, how can I assure that, the information in the WSDL file will not be used to access the XI Server with out authorization?
  Who should be in charge of the security, the web application? the web service? or xi?
  Thanks,
  Felipe

  If you are using the SOAP Adapter for receiving the information it provides the features like
  1. HTTP without Client Authentication
  2. HTTP with Client Authentication
  Even you can select Security Prameters like
  1. Web Service Security
  2. S/MIME
  If you configure all this then which other kind of security you are looking for.
  Gaurav Jain
  Reward Point if answer is helpful

• How to set Max Rows Retrieved by user security profile in CMC?

  Hi
  As we know, it is possible to set Max Rows Retrieved with query property (in the area 'Limits').
  However, it is mentioned in official documents that this setting can be overwritten by the BOE administrator in user security profile. Could any one tell me how this is done in CMC?
  Thanks in advance!
  Qing

  Hi Rishit,
  Thanks for your answer!
  Had a long holiday, so didn't give a feedback in time. Sorry for that!
  There is a tab 'Controls' in Universe Parameter, where there is a setting used to limit the size of result set.
  Then what's the priority between this setting and the similar setting in WebI query properties?
  However, acutally my question is how to set the limitation by user security profile in CMC.
  Do you have any idea about it?
  Qing
  Edited by: Qing Zhou on Jun 21, 2010 11:12 AM

• Web cache security

  Hi,
  I'm looking for some specific information on Web Caches security features. Interested in finding out how to configuring Web Cache to sit behind an Apache Server that handles single sign on and authentication.
  Any help would be gratefully received.
  Thanks.

  Web Cache can sit in front of OHS/mod_osso. Mod_osso controls the caching policies of responses, basically making sure that protected content is never cached. There is a way to override this behavior for applications that need mod_osso for authentication but prefer to control caching policies themselves.
  Web Cache has not been tested with 3rd-party authentication/authorization solutions.
  Some applications use Web Cache like a repository. In order to generate a response, the app logic queries the cache to fetch objects (page metadata, login metadata, whatever) before assembling the final response and sending it back to the user.
  Anyway, future releases of Web Cache will be able to deal with authorized/authenticated content in a much more sophisticated manner. But I can't go into details about that at this time.

• How to make my Portal Web Service SECURED?

  Hi Experts,
  I created one portal Service and exposed it as Portal Web Service.
  Everything is working fine, as i deployed my Portal Web Service on to the SAP J2EE Engine ie SAP Server.
  I m able to access functions of Web Service from my StandAlone Java Application.
  but the problem is my Web Service is not SECURED.
  How can i make my Portal Web Service SECURED?
  Please help me out.
  Help will be appreciated and rewarded!!!!!

  user13046122 wrote:
  I have an old pl/sql "helper" package, originally written to make SOAP Web Service calls from the database - it uses UTL_HTTP to invoke the target services.
  I now need to make SOAP Web Service calls - from an 8.1.7.4 database
  But the version of UTL_HTTP inside 8.1.7.4 does not contain the functions needed in the helper package
  Can anybody suggest a means of making SOAP Web Service calls from an 8.1.7.4 database ?I think you'll be very lucky to find anyone here who still has access to a version of Oracle that is that old.... I mean... that's like what? 15 years old at least? I'm surprised you've still got hardware that can run that.
  It would probably help if you could post what code you've got and explain which function(s) it's complaining about, as I doubt people will want to guess.

• Web Service Security Question

  I have created a web service in the NetWeaver portal using a Portal Service.  I have marked the service as requiring basic http authentication.  However, when I call the web service from the Enterprise Portal Web Services Checker in NWDS it just let's me supply the params of the web service and no authentication.  Any ideas?
  I also noticed that my web service does not appear under the Web Services Container or Web Services Security section in Visual Administrator.  Anybody have any idea why this is?
  Thanks in advance.
  Curtis

  Hi Curtis,
  My guess is that since you are logged into the Portal while calling this web service, it will use the current session cookie to authenticate automatically. I'm not sure on the second question, tried a restart?
  Regards,
  Raj

• Web Service Security with SAML - Invalid XML signature

  Hello together,
  we want to build a scenario where we want to use Web Service Security  with SAML.
  The scenario will be
  WS Client (Java Application) -> WS Adapter -> Integration Engine ->  WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
  SAP PI release is 7.11 (SP Level 4)
  We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
  The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
  But we get following error at calling the CRM system when we want to communicate with SAML:
    <E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
  Has somebody an idea of the possible reason for the error.
  Thanks in advance
  Stefan

  Error Messages in the Trace/Log Viewer:
  CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
  A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48  with internal error id 1001  and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1  ).
  Invalid XML signature

• Web App Security Firewall Using Catalyst 6500 w/ CSM

  We are evaluating web application security firewalls. The other products can recognize application level attacks such as SQL insertion and deranged parameters. Some of my colleagues believe that the CSM (which we already have deployed) has these sorts of capabilities.
  While the CSM has some layer 7 capabilities, my read of the specs does not suggest that it is suited to this function.
  Anyone have experience or input?
  Thanks!

  The same as a SYN attack protection feature.
  That's all.
  It does not have content analysis for intrusion detection.
  Regards,
  Gilles.