WebApp Authentication

Similar Messages

• Webapp authentication failed when using chinese characters as login name

  Hello,
  I have tried webapp authentication on tomcat and oc4j, via BASIC and FORM auth-method. All failed when the login name contains non-English characters. It seems an encoding issue, therefore, I also tried to change the page encoding of the login form to utf-8. None of the above is successful. Is there any solution? I really appreciate any help!
  Thanks in advance!!

  Enterprise support:
  Call enterprise support  (866) 752-7753  to create  a case ID number
  Get an account at
  http://developer.apple.com/  then submit a bug report to http://bugreporter.apple.com/
  Once on the bugreporter page,
     -- click on New icon
     -- See if you need to attach a log file or log files, clicking on Show instructions for gathering logs.  Scroll down to find the area or application that matches the problem.
     -- etc.
  Developers:
  "Submitting Bugs and Feedback
  Your feedback goes a long way towards making our products even better. With Apple Bug Reporter, you can submit bug reports or request enhancements to APIs and developer tools."
  https://developer.apple.com/bug-reporting/

• J2EE Policy Agent

  I have read about a J2EE policy agent for the identity server. Does such thing exist?
  I am thinking about the scenario where I register a service with the identity server, assign the service and policy to users, and then deploy my service as a webapp to the sunone appserver. Whenever a client attempts access to my webapp, they would be redirected from the appserver to the Identity server login page for SSO and then forwarded back to my webapp, authenticated. The application could then read the users service properties and policy from the identity server to personalize the app.
  How can this be achieved? Would it involve creating a custom JAAS LoginModule for the appserver? I had issues with trying to install some of the identity server Servlets in a normal webapp running in tomcat due to the amserver.propries and the cryto libs for the JAAS.

  Hi Aaron,
  Let me take a stab at this and answer to the best of my ability.
  Currently J2EE agents are available only for web logic, in future will be available for other servers as well based on customer requirements.
  I am thinking about the scenario where I register a service with the identity server, assign the service and policy to users, and then deploy my service as a webapp to the sunone appserver. Whenever a client attempts access to my webapp, they would be redirected from the appserver to the Identity server login page for SSO and then forwarded back to my webapp, authenticated. The application could then read the users service properties and policy from the identity server to personalize the app. ** This sounds possible though you might have to run the identity server sdk from the app server machine.
  ** The next release of identity server would be supporting JAAS authentication module.
  ** In the next two or three months Identity Server and Portal Server will be available with support for App Servers instead of just running it on top of the web server as it is today.

• J2EE policy agent notice

  Please note that as of July 27,2005; Sun JCE 1.2.1 has expiried. Detail see following url.
  http://jp.sunsolve.sun.com/search/document.do?assetkey=1-26-101796-1&searchclause=
  We have evaluated the impact and the following J2EE agents will stop functioning as of this date.
  1. J2EE policy agent for BEA WebLogic Server 6.1 SP2 : Solaris/HP-UX/Win2000 [version 2.1 and 2.1.1]
  2. J2EE policy agent for PeopleSoft 8.3/8.4/8.8 : Solaris/Win2000/AIX 5.1,5.2 [version 2.1 and 2.1.1]
  Both these agents should stop fully functioning as of 27th July/05. Please follow the steps listed below to rectify the situation :
  1. Download JCE 1.2.2 from URL : http://java.sun.com/products/jce/index-122.html
  2. Once you download the zip file, extract the following jar files
  * US_export_policy.jar
  * local_policy.jar
  * jce1_2_1.jar
  * sunjce_provider.jar
  3. Replace the four JCE lib jars in the agent installation with the jars downloaded from JCE 1.2.2
  Please note that excepting the two agents mentioned above will be affected; all other agent installations should not be impacted with the expiration of Sun JCE 1.2.1. Thanks, Jerry

  Hi Aaron,
  Let me take a stab at this and answer to the best of my ability.
  Currently J2EE agents are available only for web logic, in future will be available for other servers as well based on customer requirements.
  I am thinking about the scenario where I register a service with the identity server, assign the service and policy to users, and then deploy my service as a webapp to the sunone appserver. Whenever a client attempts access to my webapp, they would be redirected from the appserver to the Identity server login page for SSO and then forwarded back to my webapp, authenticated. The application could then read the users service properties and policy from the identity server to personalize the app. ** This sounds possible though you might have to run the identity server sdk from the app server machine.
  ** The next release of identity server would be supporting JAAS authentication module.
  ** In the next two or three months Identity Server and Portal Server will be available with support for App Servers instead of just running it on top of the web server as it is today.

• J2EE Policy Agent Jars

  Hi,
  Could anyone who has installed a J2EE Policy Agent please send me the following jar files zipped up. My email address is [email protected] thanks for your help.
  /opt/SUNWam/j2ee_agents/lib/am_agent_sdk_2_1.jar
  /opt/SUNWam/j2ee_agents/lib/am_agent_filter_2_1.jar
  /opt/SUNWam/j2ee_agents/lib/am_as81_agent_2_1.jar

  Hi Aaron,
  Let me take a stab at this and answer to the best of my ability.
  Currently J2EE agents are available only for web logic, in future will be available for other servers as well based on customer requirements.
  I am thinking about the scenario where I register a service with the identity server, assign the service and policy to users, and then deploy my service as a webapp to the sunone appserver. Whenever a client attempts access to my webapp, they would be redirected from the appserver to the Identity server login page for SSO and then forwarded back to my webapp, authenticated. The application could then read the users service properties and policy from the identity server to personalize the app. ** This sounds possible though you might have to run the identity server sdk from the app server machine.
  ** The next release of identity server would be supporting JAAS authentication module.
  ** In the next two or three months Identity Server and Portal Server will be available with support for App Servers instead of just running it on top of the web server as it is today.

• Applet re-required user authentication on webapp realm

  I have developed a webapp restricted to known users via BASIC authentication realm. one of these html pages contains an APPLET which is loaded correctly,
  but then asks the user for userid and password again (i have to enter the same username password as i logged onto the webapp before).
  I assume this comes because the applet is located within the restricted webapp context - is there any chance to turn off the duplicate authentication via applet??????

  Think java version 1.4.0 could do some authentication but did not share it with
  the browser. A later version should share auth with the browser, meaning if
  the browser authenticates then so does the jre. They also share the session
  so forms auth would work as well.
  Try to open the java control panel General -> network -> network settings -> use browser settings

• JAAS-authentication and wls-authorization in a webapp

  Hi,
  I am developing a webapp with jsp, servlets and ejbs.
  My question:
  Is it possible to use JAAS-authentication together with wls-authorization in a
  webapp?
  thanks
  /Chriz

  Hi, Office 365 tenants indeed include an Azure AD tenant in the background and you can implement Single Sign-On against that. The authentication scenario for this case is documented
  here. For the code samples (with steps to create them) see the
  samples' Github repository, especially the
  WebApp-WSFederation-DotNet sample. 
  For the SQL database it's a bit different. Azure SQL Database connection can't be authenticated like this - there's no integration to the "domain" accounts there. So you should create one service account for the SQL connection and use that for
  all the traffic in your web app. If you need authorization for accessing certain data in SQL, you have to implement that on your web application side.

• How to use rdbms as users data store in a form authentication webapp?

  Hi,ALL!
  WLS 10.3
  This is part of web.xml:
  <security-constraint>
       <web-resource-collection>
            <web-resource-name>secureweb</web-resource-name>
            <url-pattern>/secureweb/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
            <role-name>Users</role-name>
       </auth-constraint>
  </security-constraint>
  <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
            <form-login-page>/login.htm</form-login-page>
            <form-error-page>/login_fail.jsp</form-error-page>
       </form-login-config>
  </login-config>
  Every time I want to access web page in /secureweb/,it takes me to /login.htm,and when I want to login on from /login.htm,it takes me to /login_fail.jsp,so I think there is nothing wrong with web.xml but WLS's configuration.
  There is only one Security Realm called "myrealm" in my domain,and besides the DefaultAuthenticator and DefaultIdentityAsserter,I created a new SQL Authencator called sql_auth in front of them,after that,I created tables(USERS,GROUPS,GROUPMEMBERS) in my Oracle database accordding to the configurations in sql_auth,and insert some user data.
  But it never successed when I used the data in the database to test the authentication,it allways go to the /login_fail.jsp page...
  What's wrong there?
  Best Regards!
  Edited by: Linyin.Huang on Jun 18, 2009 5:02 AM

  Hello,these are the SQLs from the "provider specific" configuration tab in my SQLAuthenticator,in fact,it's provided by WLS,and I have never modified them:
  SQL Get Users Password:SELECT U_PASSWORD FROM USERS WHERE U_NAME = ?
  SQL Set User Password:UPDATE USERS SET U_PASSWORD = ? WHERE U_NAME = ?
  SQL User Exists:SELECT U_NAME FROM USERS WHERE U_NAME = ?
  SQL List Users:SELECT U_NAME FROM USERS WHERE U_NAME LIKE ?
  SQL Create User:INSERT INTO USERS VALUES ( ? , ? , ? )
  SQL Remove User:DELETE FROM USERS WHERE U_NAME = ?
  SQL List Groups:SELECT G_NAME FROM GROUPS WHERE G_NAME LIKE ?
  SQL Group Exists:SELECT G_NAME FROM GROUPS WHERE G_NAME = ?
  SQL Create Group:INSERT INTO GROUPS VALUES ( ? , ? )
  SQL Remove Group:DELETE FROM GROUPS WHERE G_NAME = ?
  SQL Is Member:SELECT G_MEMBER FROM GROUPMEMBERS WHERE G_NAME = ? AND G_MEMBER = ?
  SQL List Member Groups:SELECT G_NAME FROM GROUPMEMBERS WHERE G_MEMBER = ?
  SQL List Group Members:SELECT G_MEMBER FROM GROUPMEMBERS WHERE G_NAME = ? AND G_MEMBER LIKE ?
  SQL Remove Group Memberships:DELETE FROM GROUPMEMBERS WHERE G_MEMBER = ? OR G_NAME = ?
  SQL Add Member To Group:INSERT INTO GROUPMEMBERS VALUES( ?, ?)
  SQL Remove Member From Group:DELETE FROM GROUPMEMBERS WHERE G_NAME = ? AND G_MEMBER = ?
  SQL Remove Group Member:DELETE FROM GROUPMEMBERS WHERE G_NAME = ?
  SQL Get User Description:SELECT U_DESCRIPTION FROM USERS WHERE U_NAME = ?
  SQLSet User Description:UPDATE USERS SET U_DESCRIPTION = ? WHERE U_NAME = ?
  SQL Get Group Description:SELECT G_DESCRIPTION FROM GROUPS WHERE G_NAME = ?
  SQL Set Group Description:UPDATE GROUPS SET G_DESCRIPTION = ? WHERE G_NAME = ?
  And these are the SQLs for creating tables(Oracle 11G):
  CREATE TABLE USERS(
  U_NAME VARCHAR2(50) PRIMARY KEY,
  U_PASSWORD VARCHAR2(50) NOT NULL,
  U_DESCRIPTION VARCHAR2(50) NOT NULL);
  CREATE TABLE GROUPS(
  G_NAME VARCHAR2(50) PRIMARY KEY,
  G_DESCRIPTION VARCHAR2(50) NOT NULL);
  CREATE TABLE GROUPMEMBERS(
  G_NAME VARCHAR2(50) NOT NULL,
  G_MEMBER VARCHAR2(50) NOT NULL,
  CONSTRAINT PK_GROUPMEMBERS PRIMARY KEY(G_NAME,G_MEMBER));
  INSERT INTO USERS(U_NAME,U_PASSWORD,U_DESCRIPTION)VALUES('usera','passworda','userdesa');
  INSERT INTO GROUPS(G_NAME,G_DESCRIPTION)VALUES('groupa','groupdesa');
  INSERT INTO GROUPMEMBERS(G_NAME,G_MEMBER)VALUES('groupa','usera');
  COMMIT;
  I still can't see any users or groups in my SQLAuthenticator...
  Thank you!
  Edited by: Linyin.Huang on Jun 18, 2009 1:39 PM

• NT Authentication from UNIX in WebApp

  Hi,
  I'm working on a webapplication which has to authenticate it's users against a NT domain.
  Can anybody give me hints how to do that?
  Thanx in advance
  Spieler

  To start, I would check out the:
  Java Authentication and Authorization Service (JAAS)
  Also, this will be a standard feature in the next release (JDK 1.4).
  http://java.sun.com/products/jaas/

• Two factor authentication iCloud webapps

  A few weeks ago Apple introduced two-factor authentication (TFA) in the Netherlands . I configured TFA according to the instructions but i noticed it works but not when logging in to the iCloud web apps.  Even after extensive troubleshooting I couldn't get it to work. On Macosrumors.com I found an article about this and it says that :
  "Update juni 30 3:30 PM PT: Apple appears to have disabled two-factor verification for some iCloud.com accounts that previously had access to the feature, suggesting it may have seen an accidental early launch."
  Does anyone know the exact status of TFA for iCloud web apps in the Netherlands and why it doesn't work in the Netherlands yet? (or doesn't it work in other places too?)

  2-step verification is not required to access your iCloud applications. I quote:
  What is two-step verification for Apple ID?
  Two-step verification is an additional security feature for your Apple ID that's designed to prevent anyone from accessing or using your account, even if they know your password.
  It requires you to verify your identity using one of your devices before you can take any of these actions:
  Sign in to My Apple ID to manage your account
  Make an iTunes, App Store, or iBooks Store purchase from a new device
  Get Apple ID related support from Apple

• Form-based authentication in a non-webapp

  Using Weblogic 5.1 SP8. Our application is not packaged as a web
  application. It is configured via weblogic.properties.
  I want to have form-based authentication that forces the user to login if he
  attempts to access any page in the site. It looks to me like I could easily
  do this using if I were using a web application by using the <login-config>
  settings.
  Is there some way to get the same behavior without converting to a web
  application?
  Thanks!

  John Lindwall wrote:
  Is there some way to get the same behavior without converting to a web
  application?If you roll your own security mechanism that reads the specified XML
  descriptor, sure.
  Cheers,
  Alexander Petrushko
  mailto:[email protected]
  Consulting Services available
  Freemarker vs JSP:
  http://javaworld.com/javaworld/jw-01-2001/jw-0119-freemarker.html

• Authentication users without groups with LDAP Realm in WebApp

  I would like to authenticate a user in WLS 5.1 SP9 that are in the ldap
  directory, but do not belong to any particular group. How would I
  configure a web.xml to allow this. In the Servlet API 2.3, I would use
  a * symbol.
  Thanks
  Ken
  Ken Young
  V.P. IS
  Orent Graphics
  4805 G Street
  Omaha, NE 68117
  402-733-6400
  Fax: 402-733-7270
  mailto:[email protected]
  mailto:[email protected]
  [kyoung.vcf]

  I hate to ask this question: How do you do this within a web app? Any
  examples? I don't think that I can just type in objectclass=person into the
  web.xml --- or can I?
  Thanks
  Ken
  "Stephan Zdunczyk-Kohn" <[email protected]> wrote in message
  news:3b0e03eb$[email protected]..
  >
  Ken Young <[email protected]> wrote:
  I would like to authenticate a user in WLS 5.1 SP9 that are in the ldap
  directory, but do not belong to any particular group. How would I
  configure a web.xml to allow this. In the Servlet API 2.3, I would use
  a * symbol.
  Make the membership-filter always true e.g. (objectclass=person)
  Stephan
  Thanks
  Ken
  Ken Young
  V.P. IS
  Orent Graphics
  4805 G Street
  Omaha, NE 68117
  402-733-6400
  Fax: 402-733-7270
  mailto:[email protected]
  mailto:[email protected]
  Content-Description: Card for Ken Young
  begin:vcard
  n:Young;Ken
  tel;fax:402-733-7270
  tel;work:402-733-6400 ext 265
  x-mozilla-html:FALSE
  url:http://www.orent.com
  org:Orent;Information Systems
  adr:;;4805 G Street;Omaha;NE;68117;USA
  version:2.1
  email;internet:[email protected]
  title:VP - Information Systems
  fn:Ken Young
  end:vcard

• Getting AADSTS50020 error on microsoft login page when using Azure Active Directory Authentication

  We have implemented Azure Ad single sign on using auto generated code from Visual studio 2013 with organization account authentication and its working fine.
  The problem is when user is logged in in azure management portal with his live account and in other tab he try to open our app, then he directly gets below error on Microsoft login page.
  Additional technical information:
  Correlation ID: 78e13474-6f92-40ec-b463-91e36a6dae84
  Timestamp: 2015-04-14 12:27:20Z
  AADSTS50020:
  User account '[email protected]' from external
  identity provider 'live.com' is not supported for application
  'https://xxxxx.onmicrosoft.com/xxxx'. The account needs to
  be added as an external user in the tenant. Please sign out and sign in
  again with an Azure Active Directory user account.
  It works fine if I log out from management portal. Is there any way to resolve this issue without forcing user to log out from live account(management portal)?

  I assume you created a web application using VS2013 which uses the WS-Federation protocol.
  The behavior that you are seeing is expected Single-sign-on because you are logged in using the live account in the management portal.
  For WS-Federation, there is no current way for a caller to specify they want to force a fresh login, so the behavior is always the equivalent of LoginBehavior.Normal.
  The user will need to either sign-out or use an in-private session in the browse.
  If you switch to openID connect(sample at
  https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet) and use the “prompt=login” query paramerter in the sign in request, this will force a fresh login.

• Problem with URL iView regarding fetch mode and SSO to non-sap webapps

  Hi,
  I have created an URL iView which opens an internal webapp. When the fetch mode is set to client-side the page is displayed for the user. But when I set the fetch mode to server-side, the page cannot be displayed by the user.
  No proxy is needed. I tried to open the wepapp direcly on the portal server without any problem. Are there any additional points to be considered?
  On the other hand I want to realize SSO to this webapp (form based authentication) with user mapping. Is it correct, that I have to user server-side fetch mode, when I want to use the POST request method?
  Thanks ahead,
  Bernd

  >
  Bernd Speckmann wrote:
  > On the other hand I want to realize SSO to this webapp (form based authentication) with user mapping. Is it correct, that I have to user server-side fetch mode, when I want to use the POST request method?
  Yes.
  >Are there any additional points to be considered?
  Have a look at System Administration - System Configuration - Service Configuration - Applications - com.sap.portal.ivs.httpservice
  This is used to do the Server side fetch.
  Have fun
  Johannes

• Help needed for using BASIC authentication through JDBCRealm

  Help needed.
  Hello,
  I am doing a degree project, so far it works fine in my local machine, I need to try it on my virtual hosting (as it is a live server).
  My project requires JDBCRealm, that is BASIC authentication loading access data from mysql database. Normally this setup can be done in Server.xml file, because my Tomcat hosting is a virtual one, I only have permission to access the web.xml file.
  My question is: is it possible to get it done in an alternative way? In web.xml? Some properties file maybe?
  Thank you very much.

  You can set this up for your context using META-INF/context.xml instead of working with server.xml.
  Make a directory called META-INF under your webapp ( it'll be at the same level as WEB-INF ). Under this, add a context.xml with all your context specific configuration including the realm. A sample is below
  <?xml version="1.0" encoding="UTF-8"?>
  <Context path="/myApp" reloadable="true">
      <Realm
          className="org.apache.catalina.realm.JDBCRealm"            
          driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"         
          connectionURL="jdbc:microsoft:sqlserver://127.0.0.1:1433;DatabaseName=myDB;SelectMethod=Cursor;"
          connectionName="username" connectionPassword="password"
          digest="MD5" userTable="users" userNameCol="userid" userCredCol="userpassword"
          userRoleTable="user_roles" roleNameCol="rolename"
      />
  </Context>Hope this helps.
  People on the forum help others voluntarily, it's not their job.
  Help them help you.
  Learn how to ask questions first: http://faq.javaranch.com/java/HowToAskQuestionsOnJavaRanch
  ----------------------------------------------------------------