Webservice authentication using plaintext password

Similar Messages

• OAM 11gR2 Authentication using username/password/additional ldap field

  I want to add additional credential parameter along with username and password to be validated against LDAP.
  Is there any out of the box solution for authentication using username/password/additional ldap field in OAM 11gR2?
  This solutions exist in 10g and could not find any OOB feature in 11g.

  Do you need to accept additional parameter from user via login form & then use it in credential mapping step
  Not sure if %% syntax would work .. havent tried it. next option is to develop custom authentication plugin
  Additional ldap attribute against static value
  If you need to add additional ldap attribute (check against static value) that you can specify in LDAP search filter in "User Identification plugin" configuration
  Take a look at "MTLDAPPlugin" under custom authentication modules
  Hope this helps

• OSB Authentication using username and password (plaintext or digest)

  Hi,
  I want to implement a simple osb authentication using username/password (plain text or digest) , so that client required to provide username password token in soap header (message Level security) to access our webservices. I have read some of articles which shows how to create custom ws policy, but received following error during deployment.
  weblogic.wsee.ws.init.WsDeploymentException: The WebLogic Server 9.x-style policy is not supported in JAX-WS web services
  Please note - I can not install OWSM as part of my requirement
  =======
  <?xml version="1.0"?>
  <!-- WS-SecurityPolicy -->
  <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
  xmlns:wssp="http://www.bea.com/wls90/security/policy"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:wls="http://www.bea.com/wls90/security/policy/wsee#part">
  <!-- Identity Assertion -->
  <wssp:Identity>
  <wssp:SupportedTokens>
  <!-- Use UsernameToken for authentication -->
  <wssp:SecurityToken IncludeInMessage="true"
  TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken">
  <wssp:UsePassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"/>
  </wssp:SecurityToken>
  </wssp:SupportedTokens>
  </wssp:Identity>
  </wsp:Policy>

  You can use the default Auth.xml WS policy in OSB and be able implement the authentication using username and plain text password.
  Just assign the Auth.xml on the Request Policies of the Proxy Service (under Policies).
  Then use any user credentials that has access to the domain for testing.
  If you want to restrict access for each operation then in the Security tab, under Message Access Control, specify a Role.
  Then in the OSB > Security Configuration, create the appropriate role with the specific role conditions like User is User1 or User is User2 etc ...
  Hope this helps.
  Thanks,
  Patrick

• Authentication failing for APEX against OID when uppercase used in password

  We are using Application Express 3.1. I am authenticating against OID 10.1.2.2 and noticed some users were having problems
  logging into APEX. They are getting "Invalid Login Credentials". I eventually workout it was when they were authenticating using a password
  having a uppercase character ... "Blackhawk" is one example. We authenticate discoverer using OID and do not have the same problem.
  Has anyone else encounter this problem please ?
  Cheers Rod
  The Function I use is shown below:
  DECLARE
  V_TEST BOOLEAN;
  V_EXIST NUMBER ;
  BEGIN
  SELECT COUNT(*) INTO V_EXIST FROM BE_MANAGERS
  WHERE MANAGER_CSO_CODE = :APP_USER
  AND FINANCIAL_YEAR_ID = BE_BUDGETS_APEX_PKG.CURRENT_FINANCIAL_YEAR ;
  IF V_EXIST = 0 THEN
  HTMLDB_APPLICATION.G_UNRECOVERABLE_ERROR := TRUE;
  OWA_UTIL.REDIRECT_URL('f?p=' || v('APP_ID') || ':101:' || v('APP_SESSION') );
  END IF ;
  V_TEST := HTMLDB_LDAP.IS_MEMBER
  ( p_username => :APP_USER, p_pass => NULL
  , p_auth_base => 'cn=Users,dc=planforlife'
  , p_host => 'oraapp01'
  , p_port => '389'
  , p_group => 'OID-PilotUsers'
  , p_group_base => 'cn=vaultgroups,cn=Groups,dc=planforlife');
  IF V_TEST = FALSE THEN
  HTMLDB_APPLICATION.G_UNRECOVERABLE_ERROR := TRUE;
  OWA_UTIL.REDIRECT_URL('f?p=' || v('APP_ID') || ':101:' || v('APP_SESSION') );
  END IF;
  EXCEPTION
  WHEN OTHERS THEN
  HTMLDB_APPLICATION.G_UNRECOVERABLE_ERROR := TRUE;
  OWA_UTIL.REDIRECT_URL('f?p=' || v('APP_ID') || ':101:' || v('APP_SESSION') );
  END;

  Rod:
  Are you sure it is not the 'username' which is causing the issue ? If it is the username then to preserve the case in which the username is entered you will need to set the ' p_preserve_case' parameter to true in the call to APEX_CUSTOM_AUTH.LOGIN . This API is invoked in the application's login page as an after-submit page process.
  Varad

• Problems with symbol characters in WIKI using plaintext authentication

  Hi!
  I have a Lion Server with Wiki service enabled, and using plaintext to authenticate against third provider LDAP server (Oracle/SUN ldap server).
  The authentication fails if the password has a at least & character inside (I do not test another symbols).
  If the password has just letters and number it does not fails.
  Any Idea how to fix it?
  It is a new "feature" in the Wiki service???
  Thanks in advance
  H.

  Same problem when I use Chinese.
  The only thing we can do now is to wait for an update! Which is hopefully make the Playbook worth something!

• Outlook 2010 cannot use Secure Password Authentication

  I am the administrator of the server running Microsoft Windows 2003 Server POP3 service since 2008. It hosts my email account. Nobody but me manages the settings of the server and the client side. Until the moment I decided to install Microsoft Outlook
  2010 as a client there was Secure Password Authentication working between Outlook 2003 and Windows 2003 Server. After installing of Outlook 2010, when I try to sync, the SPA authentication doesn't work. Nothing is changed on the server side.
  Enabling the SPA authentication on the both sides results a communicaton problem between Microsoft Windows 2003 Server POP3 service and Microsoft Outlook 2010 client. When I disable SPA on both sides the connection works but password is sent
  as plain text. Actually I started a discussion on
  http://answers.microsoft.com/en-us/office/forum/office_2010-outlook/outlook-2010-cannot-use-secure-password/66dafd66-1b00-43b5-96fb-b8a26254fc77 but I didn't receive an answer with a solution.

  Snefels,
  This is actually a known issue that Outlook 2010 doesn't work well with Windows Server 2003 POP services.
  Here is the blog post for the issue:
  http://blogs.msdn.com/b/jjameson/archive/2010/04/26/outlook-2010-does-not-work-with-windows-server-2003-pop3-service.aspx
  If you read the comments below, you'll found that some readers' shared some workaround/solutions, which reportedly works for others. So you might want to have a look.
  Disable SPA on the Windows 2003 POP3 server and do the same in Outlook 2010 POP setup.. using the full email address, "[email protected]" instead of just doug (if using the Secure Password Authentication).
  Aravindhan Battepati

• Invoking webservice-Authentication issue

  Hi All,
  I need a help to solve the given below issue.
  Scenario is to use the Webservice concept for the integration between  non SAP system ( webservice) with the non SAP System( webservice) via PI using SOAP Adapter.
  I have generated the WSDL file from PI and given it to the Source System.When I tried testing with the SOAP Client (Altova  XML Spy) to PI , the establishment of connection is fine for HTTP (the userID and Password is given in the prompt window of XMLSpy tool).Getting the message as "Webservice has sent an empty response".
  But the problem occur when the Java Client tries to invoke the webservice from their desktop(within the network).
  Error message from Java client while connecting is given below( pasted few lines):
  org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
  INFO: basic authentication scheme selected
  Jan 15, 2008 9:56:13 AM org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge
  INFO: No credentials available for BASIC 'XISOAPApps'@192.85.27.136:50800
  Jan 15, 2008 9:56:13 AM org.codehaus.xfire.transport.http.HttpChannel sendViaClient
  I also tried giving the user ID and Password in the URL of SOAP Address .But still it did not work out.I have gone through so many blogs ( How to remove the authentication in sender SOAP Adapter).But that option is not accepted as we are changing the SAP Standard code.
  I would like to know whether the user/password authentication is to be done in the visual administrator in PI or Java webclient should write any code from their side for authentication ( user Id/Password).
  If the code is to be written in Java ,Can you give me the piece of code written for authentication.
  Right now I am only  testing the interface between  the Source and the PI System.
  Please provide your assistance.
  Regards
  B.Dheepa

  The Java Cient has to provide the user name and password.
  You can use the folowing snippet
  connection = url.openConnection();
  if( connection instanceof HttpURLConnection )
  ((HttpURLConnection)connection).setRequestMethod("POST");
       connection.setRequestProperty("Content-Type","text/xml");
       connection.setDoOutput(true);
       String password = User + ":" + Password ;
       String encodedPassword = new String(new BASE64Encoder().encode(password.getBytes()));
       connection.setRequestProperty ("Authorization", "Basic " + encodedPassword);
       connection.connect();
  Please award points if you find the message useful
  Edited by: Kanwaljit Singh on Jan 22, 2008 11:03 PM

• WebService authentication problems

  I am trying to use a web service that serves over https, has wsdl that is accessible using account name and password, and then when I actually call methods, requires basic authentication using account name and API key.
  I have tried to work with Flex WebService generated by the Data import capability of flex builder 3 and flash builder 4. They both DO NOT handle the authentication...
  When I construct the webService object, it loads the wsdl (I don't understand why, because flash builder already imported it to build the service classes). This fails, because I can't specify the required authentication info.
  Since I do not use a proxy I can't use the "setCredentials" methods.
  What should I do ?

  The Flash Builder generated code still uses the underlying WebService class and it requires wsdl to be available during run time too. As discussed in a separate post, I have filed a enhancement request to exclude this during run time, pls. feel free to vote for it
  http://bugs.adobe.com/jira/browse/SDK-21811
  With regards to authentication support for WebServices, The WebService class has the following properties to set your authentication details
  headers : Array
  Returns the array of SOAPHeaders registered for the WebService. AbstractWebService
  httpHeaders : Object
  Custom HTTP headers to be sent to the SOAP endpoint.
  Currently the Data Menu - > Connect to Web Service Wizard does not support authenticated web services and those on https, the bug id for that is
  http://bugs.adobe.com/jira/browse/FB-20632

• Use of password file?

  good day !
  i am confused and still cannot digest the need to use a password file!
  can anyone provide me with links or any explaination on why we need a password file!
  i need the password file so that i can setup dataguard!
  thnx

  You can Oralce administration guide,
  Database Administrator Authentication
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14231/dba.htm#i1006534

• Oracle ADF 11g – Authentication using Custom ADF Login Form Problem

  Hi Guys,
  I am trying to Authenticate my adf application using custom Login Form.
  following this..
  http://www.fireboxtraining.com/blog/2012/02/09/oracle-adf-11g-authentication-using-custom-adf-login-form/#respond
  But my Login Page is not Loading.I think its sending request in chain.my jdev version is 11.1.1.5.Any Idea.
  Thanks,
  Raul

  Hi Frank,
  I deleted bounded code and In another Unit Test I created a simple login.jspx page and applied form based authentication but still facing same problem means something wrong in starting.
  My login.jspx page is
  <?xml version='1.0' encoding='UTF-8'?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"
            xmlns:f="http://java.sun.com/jsf/core"
            xmlns:h="http://java.sun.com/jsf/html"
            xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
    <jsp:directive.page contentType="text/html;charset=UTF-8"/>
    <f:view>
      <af:document id="d1" >
        <af:form id="f1" >
          <af:panelFormLayout id="pfl1">       
            <af:inputText label="USERNAME" id="it1"
                          />       
            <af:inputText label="PASSWORD" id="it2"
                            />
            <af:commandButton text="LOG IN" id="cb1" />
            <f:facet name="footer">       
            </f:facet>                 
          </af:panelFormLayout>
        </af:form>
      </af:document>
    </f:view>
  </jsp:root>
  Don't know wht real problem is

• Oracle 9i/10G DB authentication using Active Directory (with out OID)

  Hello All,
  We want to use a Single-Password authentication scheme using the Active
  Directory as the primary source for userId/Password.
  We don't want to use the Active Directory and OID bridge.
  As we have many databases and would like to configure all Databases to use Active
  Directory for Authentication. Our goal is to have single id/password across all
  the databases and any user should be able to login from any computer using their
  windows id/password, note that we don't want to use the OSAuthentication.
  We have read the documents provided by oracle for authentication using Active
  Directory, we were able to create Oracle Schema in Active Directory and were
  also able to register a DB with Active Directory and then created user as global
  user in Oracle Database and provided the DN of the user. When we tried
  authenticate with all this setup it comes back and says invalid ID/Password !!!
  And with 10G database we get the Oracle Error ORA-03113: end-of-file on communication channel !!
  Has any one tried or have information on Integrating Oracle to Auth against Active Directory?
  Envoirnment:
  Oracle DB Version: 9.2.0 and also tried on 10.0.1 with same results
  Operating System: Windows 2000/ Windows 2000 Server
  Constraint: We don't want to user OID ( as we don't have license for this
  product ! )

  I have a thread started similar to your request.
  OS Authenication on Windows
  Somewhere I read this. It works on Oracle 9i on Linux, but I have not tried it with Oracle 9i on Windows.
  SHOW PARAMETER OS_AUTHENT_PREFIX;
  SHOW PARAMETER REMOTE_OS_AUTHENT;
  CREATE USER OPS$SOMEUSER IDENTIFIED EXTERNALLY;
  GRANT CREATE SESSION TO OPS$SOMEUSER;
  For the username, I wonder if we are supposed to put the Windows Domain name as part of the username? Such as, for a Windows domain user MyDomain\SomeUser
  CREATE USER OPS$MYDOMAIN\SOMEUSER IDENTIFIED EXTERNALLY;
  I really wish Oracle or somebody created a guide or book on how to do this.

• Outgoing Mail - Authentication grayed-out, password not saving

  I am running into a strange problem since having to restore my iPhone after the 1.1.3 software update.
  I am unable to send mail. What I am finding is that the mail accounts that I have set up are not using the password I need to authenticate my outgoing mail. There are two more detailed symptoms, and I'm wondering if anyone else has seen them...
  1.) When I enter a password into the "Optional" area, it isn't staying-- when I go right back to the config screen for that account, it is already gone. Not surprisingly, I am then failing to authenticate when trying to send mail.
  2.) I notice that the "Authentication >" button on the Advanced screen of email account config is greyed-out. I suspect this is somehow related.
  I have tried re-creating the accounts a number of times. Eventually accounts are created, but outgoing email isn't working. This was working before the update, but I also deleted and re-created the accounts after first seeing problems. My provider has ports 25 and 587 open, and requires password authentication to send.

  I may have found my own solution for this, so I am posting it here in case anyone runs into the same thing.
  I removed all Email Accounts from my iPhone. Then I recreated them one at a time, from scratch. If the Add Account screen came up with previous info in it, I started over until it started blank. I was sure to enter the server addresses, passwords, etc. correctly the first time. I didn't specify ports at all. I had to click past a "Do you want to retry without SSL?" message a couple of times for each.
  Once all of that was done properly (took a few tries) the accounts appeared with the password already saved rather than blank. Sending email then worked. The "Authentication" on the Advanced tab now shows up with "Password".
  This looks like a subtle bug to me, even though it has a work-around.

• Login authentication using jbuilder 7 personal

  can anyone show a sample application of login authentication using jdbc and interface jbuilder 7 personal.A program which authenticates data against entry in database and corresponding error/success messages.
  Thanks.

  Hi: just to add on....
  I'm using j_security_check to authenticate my system login and I'm facing a problem with the redirection after verifying the user credentials.
  When the user enters a valid userid and correct password, the system hangs at j_security_check. The displayed URL is something like "/cst/LoginMainServlet/j_security_check". It fails to authenticate and re-direct to the AuthError.html page as defined as error page in the web.xml
  May I know where the problem does lays and how I can resolve this?

• Using LDAP in 9.3.1, I can got the user list but can not use their password

  Hey guys, I need your help.
  I am using msad for Shared Services External Authentication.
  I configurate the msad successfully.
  And I could find the user in local domain. But I can not use their password in workspace.
  That mean's I could find the user in local domain and do the provision job.
  But I can not use their password in localdomain to login on workspace.
  Is there any thing I missed when configurate the Shared Services?
  Need your help.

  you may have trouble -
  if password use NATIONAL character, such letters like (я ч ъ ю )
  if user, who's have access from SS to AD under "NATIONAL" folder
  p.s. my settings for AD
  Name: NTLM Domain NAME
  Hostname: x.x.x.x
  Port: 389
  Base DN: DC=NAME,DC=domain suffix
  User DN: CN=user_name, CN=Users Catalog
  Login: sAMAccountName
  Email: mail

• User cannot log in using Opendirectory password but can log in using Crypt

  Hi,
  We have an Xsan environment with Opendirectory authentication. Most of the users are created in Workgroup manager and home folders are stored on an Xsan volume.
  We have noticed (this has happened to two users recently) that sometimes user cannot log in using his password stored in Opendirectory Password server. This is permanent to some specific User/Workstation combination. Other users can log in to the same workstation and this user can log in to other workstations.
  Also, if I change password type to Crypt in Workgroup manager, user can log in to this workstation. In past this happened to another user/workstation combination.
  I tried to create a new Opendirectory password (password ID has changed in WM), with no success.
  Any ideas?
  Thanks,
  Darius

  You say you can log in the web browser right? You can find your username in the following url: https://play.spotify.com/user