Workspace stuck at Authenticating User

Similar Messages

• Workspace Credential Conflict between Logged-in User and the Authenticated User

  Hi there,
  I am running LiveCycle ES Update1 SP2 with Process Management component on WIN/JBoss/SQL Server 2005.
  I have been encountering user credential conflicts from time to time, but it has not been consistent and the problem manifested in various ways, such as:
  - problem when logging in with error "An error occurred retrieving tasks." on the login screen
  - user logs in successfully but is showing somebody else queue(s) with his/her own queue with no task in there
  - fails to claim task from group queue.
  The stacktrace from the server.log file I collected from a production system shows the exception below.
  Has anybody else encountered the similar problem?
  It looks to me that it doesn't log out cleanly and some kind of caching is done on the authenticated session and is not cleaned up properly on user logout.
  2009-07-10 15:05:13,955 ERROR [com.adobe.workspace.AssemblerUtility] ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
  2009-07-10 15:05:13,955 INFO  [STDOUT] [LCDS] [ERROR] Exception when invoking service 'remoting-service': flex.messaging.MessageException: ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
    incomingMessage: Flex Message (flex.messaging.messages.RemotingMessage)
      operation = submitWithData
      clientId = F3D2CDD0-330F-F00B-C710-5AF3F7CB4138
      destination = task-actions
      messageId = 7E385A6B-E4E6-3A81-CD6A-630DF4FAE5BB
      timestamp = 1247202313955
      timeToLive = 0
      body = null
      hdr(DSEndpoint) = workspace-polling-amf
      hdr(DSId) = F3C38977-171B-7BED-3B16-F3A5FE419479
    Exception: flex.messaging.MessageException: ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
      at com.adobe.workspace.AssemblerUtility.createMessageException(AssemblerUtility.java:369)
      at com.adobe.workspace.AssemblerUtility.checkParameters(AssemblerUtility.java:561)
      at com.adobe.workspace.tasks.TaskActions.callSubmitService(TaskActions.java:788)
      at com.adobe.workspace.tasks.TaskActions.submitWithData(TaskActions.java:773)
      at sun.reflect.GeneratedMethodAccessor941.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at flex.messaging.services.remoting.adapters.JavaAdapter.invoke(JavaAdapter.java:421)
      at flex.messaging.services.RemotingService.serviceMessage(RemotingService.java:183)
      at flex.messaging.MessageBroker.routeMessageToService(MessageBroker.java:1495)
      at flex.messaging.endpoints.AbstractEndpoint.serviceMessage(AbstractEndpoint.java:882)
      at flex.messaging.endpoints.amf.MessageBrokerFilter.invoke(MessageBrokerFilter.java:121)
      at flex.messaging.endpoints.amf.LegacyFilter.invoke(LegacyFilter.java:158)
      at flex.messaging.endpoints.amf.SessionFilter.invoke(SessionFilter.java:44)
      at flex.messaging.endpoints.amf.BatchProcessFilter.invoke(BatchProcessFilter.java:67)
      at flex.messaging.endpoints.amf.SerializationFilter.invoke(SerializationFilter.java:146)
      at flex.messaging.endpoints.BaseHTTPEndpoint.service(BaseHTTPEndpoint.java:278)
      at flex.messaging.MessageBrokerServlet.service(MessageBrokerServlet.java:315)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:252)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at com.adobe.workspace.events.RemoteEventClientLifeCycle.doFilter(RemoteEventClientLifeCycle .java:138)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:202)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:202)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
      at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:159)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11P rotocol.java:744)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
      at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
      at java.lang.Thread.run(Thread.java:595)
  Kendy

  I am having the same server issue and i cant get hold of SP3 to fix it. can anyone tell me how to fix this problem or provided a link where i can get SP3 from? Ive spent most of the day on the phone to Adobe Support and they have been unable to provide me with a link to the service pack.

• Periodically Hyperion Workspace Will Hang with msg "Authenticating  User.."

  Hi,
  Periodically Hyperion Workspace Will Hang with the Message "Authenticating User.." after Supplying the Username and Password for the Login. But FDM, Smartview are working fine. The problem is only with workspace.
  No errors has been recorded in HSvevent log and workspace logs.
  We are using Weblogic application server and the version is 11.1.1.3.
  It is working fine once we restart the Hyperion workspace- Agent service.
  Please advice the possible root causes for this, so that we can put a permanent fix for this issue.
  Thanks

  Hi-
  I've encountered this issue in my slow network environment, and it was rectified after we've done the following:
  Enable IE ActiveX controls:
  1. Open Internet Explorer
  2. Click the Tools menu, and then click Internet Options
  3. On the Security tab, click the Custom level button
  4. Scroll down the Security Settings list until you see ActiveX controls and plug-ins
  5. Enable Automatic prompting for ActiveX controls
  6. Scroll down to Download signed ActiveX controls and click Enable or Prompt
  7. Scroll down to Run ActiveX controls and plug-ins and click Enable or Prompt
  8. Scroll down to Script ActiveX controls marked safe for scripting and click Enable or Prompt
  9. Click OK, and then click OK again
  Add 3 DWord items to the registry under
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  ReceiveTimeout 900000
  KeepAliveTimeout 900000
  ServerInfoTimeout 900000
  These values are in milliseconds. So, 900000 is 15 minutes
  Access URL using the pop-up: http://server:19000/workspace, not the http://server:19000/workspace/index.jsp <-- not sure what's the differences on how this works, but apparently it worked well in my slow network environment.
  Increase the workspace server timeout settings.
  Use supported browsers in the Oracle certification matrix.
  -William

• Cannot log into Business Process Workspace using Custom Authenticator

  Hello,
  I have set-up a SQLAuthenticator on my WL10.3.5 and defined a number of users which can successfully login to console and em.
  My problem is that these users are not able to login to Oracle BP workspace.
  Note 1: Control flags are all set to sufficient (In addition to DefaultAuthenticator I have only the custom SQLAuthenticator in providers list).
  Note 2: Ordering of Authenticators is: SQLAuthenticators, DefaultAuthenticator
  Note 2: user 'weblogic' can login to workspace without any problem.
  Any help would greatly be appreciated as this problem has taken more than a week of my time.
  Regards
  Edited by: user3106291 on Feb 23, 2013 4:27 AM

  Hi
  1. I hope workspace you are refering is: http://soahost:soaport/bpm/workspace.
  2. User "weblogic" can login. And I hope he can see adminstrator link on top right hand corner etc.
  3. Others Users say "userxyz" CANNOT login. NOW what do you mean with this. What Error do they get.
  a) Does it say invalid username/password. If so, check the user account and verify the details.
  b) Do they login, BUT do NOT see any link on Left Side to initiate a new instance. If so, is this User in the Role of Initiator. See below notes
  NOW, what application is Deployed and what exactly are you trying to test
  1. For any BPM Application, you will have a Start Node and End Node. Usually there will be a first Human Task (generally but not always) who can Instantiate or create a new prrocess Instance. And there are Swimlanes where we put all Tasks.
  2. Then we map these Swimlanes to bunch of Users or AD Groups or Roles etc etc. Quick test is, create some users in Default Authenticator itself like weblogic1, weblogic2, weblogic3 etc and map these Users to these Roles.
  3. If you have EXTERNAL Authenticator, that is also fine. This is how most of the times. Within JDeveloper itself, for Each Role you can Map users or groups from this External Authenticator. this means your application should be deployed and SOA Server is Up and Running. Only theny you can fetch the list of users and groups. Generally I do NOT recommend this. Do not do any mapping at JDeveloper side.
  4. Instead, after you Deploy your application say to bpmDomain1. Go to EM Console and there under application BPMProcessRoles, map the application roles to each User or AD Group from your SQL Authenticator. See docs for detailed steps.
  In EM Console, if you do NOT see your Swimlanes or Roles thats ok. You should see them by default after deployment. If not, create manually Each Role and name should Match exactly with what you gave in JDeveloper BPM Application. Find it under Organization.xml file under your soa project folder. And for each Role map users or ad groups. Also, Initiator Role should have a Human Task of type like Initiator.
  So have you done anyof the above things. But most important, what Errors or Exceptions are you facing. Look at the log files and specially the output file or log where you start your soa server.
  Thanks
  Ravi Jegga

• View procedures, functions for OS authenticated user

  Hello,
  Using JDeveloper 9.0.3.3 on HPUX 11i.
  User 'oroot' is a OS authenticated user. Using the JDBC url in the connection wizard I was able to login to the database with a /. The URL is shown below: "jdbc:oracle:oci8:/@".
  Now, if I expand the "Procedures", "Functions", Packages", "Tables" etc. under this connection tree, nothing is listed, but from sqlplus I could see all these informations for user 'oroot'.
  For a Database authenticated user it works fine.
  -murali

  Hi,
  Are you saying what are the roles/privileges required for this user to access cubes in global AW?
  The user must have read permission to the workspace and user should have OLAP_USER role as a default role assigned.
  If accessing through Discoverer for OLAP(D4O) then D4OPUB role should also be given.
  What is the front end tool u r using to create reports?
  Thanks
  Brijesh

• E17 lock screen: stuck at authenticating

  Hello,
  as of yesterday the E17 lock screen is stuck at authenticating(doesn't reject password nor unlocks the screen) and i have to kill and restart X to get around it. Note that happens with version 0.17 and 0.17.1, so doesn't look like it is related to the update. It used to work in the past though.
  After reading the wiki i created  /etc/pam.d/enlightenment:
  $:cat /etc/pam.d/enlightenment
  auth required pam_unix_auth.so
  but that doesn't help. I guess being stuck at authenticating is some different problem than not accepting the password.
  Any ideas where to look now? I still guess it is PAM related, but i never had to manually configure PAM, so any help is appreciated.
  Edit:
  I removed my .e configuration folder and let E17 recreate everything, authenticating works now. Weird... but now the mixer module settings freeze E17... sigh...
  Last edited by henny (2013-02-01 13:40:16)

  We had a similar issue and opened an SR with Oracle Support. Their recommendation was to turn usage and event tracking off. These are under the Administer menu in Workspace:
  http://download.oracle.com/docs/cd/E12825_01/epm.111/bpmui_user/ch01s16s01.html
  Since turning these off, we haven't had the issue. However, we'd like these to be turned on and I believe the SR is still open for this purpose. Try the same and see if it resolves your issue. I will send another update with Oracle's recommendation.
  Cheers,
  Mehmet

• How to use an authenticated user for a proxy call

  Dear all,
  I am currently working on a JEE application where the user needs to authenticate (for this I have configured the web.xml).
  Now inside this application I need to do a proxy call to a PI webservice.
  I would like to use the user credentials of the already logged in user in order to call the proxy.
  What I don't want to do is to use a service user for the proxy call.
  The code I am trying to call looks something like this:
       private IntegratedConfigurationIn getPort() throws Exception{
            IntegratedConfigurationIn port = null;
            try {
                 IntegratedConfigurationInService service = null;
                 service = new IntegratedConfigurationInService();
                 port = (IntegratedConfigurationIn) service.getIntegratedConfigurationIn_Port();
                BindingProvider bp = (BindingProvider)port;
                bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, user);
                bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);
                if (url.length() != 0)
                     bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, url);
            catch (Exception ex){
                 ex.printStackTrace();
            return port;
  The examples I found to retrieve the userdata pointed to codes similar to this one:
  public HttpServletRequest getHttpRequest() throws Exception {
            // Get runtime context
            Properties props = new Properties();
            props.put("domain", "true");
            Context initialContext = new InitialContext(props);
            ApplicationWebServiceContext wsContext = (ApplicationWebServiceContext) initialContext
                      .lookup(" /wsContext/ApplicationWebServiceContext");
            HttpServletRequest req = wsContext.getHttpServletRequest();
            return req;
  com.sap.security.api.IUser sapUser = com.sap.security.api.UMFactory.getAuthenticator().getLoggedInUser(getHttpRequest(), null);
            IUser ep5User = com.sapportals.wcm.util.usermanagement.WPUMFactory.getUserFactory().getEP5User(sapUser);
  Now I don't know how to bring it togehter and how to use an authenticated user for the BindingProvider.
  I would appreciate any hints or ideas.

  Peter,
  from the first screenshot, what I understood is that, you are calling an inbound PI web service that is intended to create an integrated configuration object (this is used for whole lot of other reason completely) but not actually calling a development web service.
  For this, you would have to generate your client classes from the WSDL provided by the PI developer for that particular service. Once you get those client classes generated, you could used the method provided in the other screenshot to extract the user and password and call the intended web service.
  Vijay Konam

• How to set "Allow external users who accept sharing invitations and sign in as authenticated users" programmatically?

  Sharepoint 2013 online/office 365.
  I am creating site collection programmatically using sharepoint Auto hosted app.
  Now i want to set "Allow external users who accept sharing invitations and sign in as authenticated users" programmatically after site collection creation.
  Is it possible through code? If yes please let me know how to do it?
  Najitha Sidhik

  For SharePoint 2013 Online, check below links:
  http://office.microsoft.com/en-us/office365-sharepoint-online-small-business-help/manage-sharing-with-external-users-HA102849862.aspx
  http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/manage-external-sharing-for-your-sharepoint-online-environment-HA102849864.aspx
  https://www.nothingbutsharepoint.com/sites/eusp/Pages/SharePoint-Online-2013-Sharing-with-External-Users.aspx
  http://blogs.office.com/2013/11/21/sharepoint-online-improves-external-sharing/
  Please ensure that you mark a question as Answered once you receive a satisfactory response.

• EA2 - Cannot connect LDAP-authenticated users in 10.1 and 10.2, OK in 9.2

  First, the relevant versions and such:
  SQL Developer 1.5.0.52.03 (aka EA2)
  Oracle client 10.2.0.1
  Oracle database 9.2.0.6, 9.2.0.7, 10.1.0.5, 10.2.0.2, 10.2.0.3.
  Hosts: Linux x86, Solaris
  Most of the users in my databases are set up as global users (i.e. authenticated via LDAP). I've found that in 9.2.0.6 and 9.2.0.7, I can make connections of the basic type for global users as well as database-authenticated users.
  In any 10g database I've tried (see the versions above), database-authenticated users work fine, but for connections with the global users in the same databases I receive ora-01017. I've tried both basic connections and advanced connections, supplying a thin JDBC string, with the same result. I have verified that the password is correct. The pattern persists across server OSs (Linux and Solaris).
  I cannot make TNS connections at all, but that seems to require an 11g client and has been documented in an enhancement request separately.
  If anyone has advice on this I would be happy to hear it. Thanks.

  I should probably add that I am able to make successful connections via sqlplus and other tools (SQL Navigator) with the users that fail to connect in SQL Developer.

• Reporting Services through ISA server for All Authenticated Users

  Hello colleagues.
  I have MS SQL 2012 server with Reporting Services and it work via link:
  https://reports2.domain.com/reports
  In LAN all work fine, but I want publish this resource via ISA for All Authenticated Users.
  When in publish rule I configure (in Condition) "All users" - all work fine, but when I configure "All Authenticated Users" - I have trouble on web form on
  https://reports2.domain.com/reports/Pages/Report.aspx?ItemPat...  - scripts not work, because it run how "anonymous" (I see on ISA logging) and ISA block scripts.
  I can't use "All Users", because it's not secure.
  Maybe somebody publish Reporting Services through ISA server for All Authenticated Users?
  OR maybe - how on Reporting Services configure Negotiate authenticated for scripts?

  Hi Alexander,
  All users or applications who request access to report server content or operations must be authenticated using the authentication type configured on the report server before access is allowed. The AuthenticationType named RSWindowsNegotiate is supported
  by Reporting Services. To configure Windows Authentication on the Report Server, please see:
  http://msdn.microsoft.com/en-us/library/cc281253(v=sql.110).aspx
  Besides, we can publish report server via ISA server. Please note that you should use a new web port number with a new listener which shouldn’t be used by other web site for report server. Reference:
  http://social.technet.microsoft.com/Forums/forefront/en-US/1cc68996-1ce6-4d88-a30d-2bfd13fba06e/how-to-publish-ssrs-2008-through-isa-2006?forum=Forefrontedgegeneral
  Hope this helps.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support
  Katherine thanks for answer.
  Report Server service started as Domain account.
  I have in RSReportServer.config this:
  <Authentication>
  <AuthenticationTypes>
  <RSWindowsNegotiate />
  </AuthenticationTypes>
  <RSWindowsExtendedProtectionLevel>Allow</RSWindowsExtendedProtectionLevel>
  <RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>
  <EnableAuthPersistence>true</EnableAuthPersistence>
  </Authentication>
  In web.config I have this:
  <authentication mode="Windows" />
      <identity impersonate="true" />
  I can go (from Internet through ISA) to
  https://reports2.domain.com/reports  and LogOn Authentication is work, but scripts not work, because it run how "anonymous" (I see this on ISA logging) and ISA block scripts.
  Do you know where in Reporting Services configure run scripts with Negotiate authentication?

• How to redirect a first time OAM authenticated user to a custom page

  We are using OAM 11.1.1.5 with OVD. If user logs in for the first time thru OAM, we wanted to collect few more additional information about the user. To do this, we wanted to redirect the user to the collect-additional-data.jsp page immediately after OAM authentication. This will be only one time operation for the user. How to do this in OAM.
  Thanks!
  Kabi

  Just set additional-data.jsp in your authentication policy success url. So always after authentication user req is redirected to the success url. You can also set the requested url in the response in case you want to retrieve it in your additional-data.jsp.

• How can I stop authenticated users from getting other user's information?

  We recently discovered that it is possible for authenticated users, via KMu2019s details view, to view details about the other users that have access to the same resource as you.  Our portal (7.0 sp15) is used for an external facing web site.  We have secured it against anonymous users but the problem still remains for authenticated users.  Here is an example:
  The KM folder documents\Public Documents has been assigned read permissions for the group Everyone.  An authenticated user can open the URL https://<host>/irj/go/km/navigation/documents/Public%20Documents and a list of folders are shown.  The user can then select the Details from the menu for one of the folders and the Details iview is displayed.  They then select the menu item Settings > Permissions and the users/groups/roles assigned to this folder are shown.  The user can then select a user and view that users name and email address or the user could select a group and view for each member of the group the user id, name, and email address which could then be used to help attack the site.
  So I thought it would be easy enough to disable the details view for all users but content managers or administrators but I seem to running into difficulty. 
  I tried disabling the Details KM command with limited success.  Even with it disabled, if you know the URL for the details component you can still access it.  So it seems the better option is to take away access to the details component.  It seems that the users are getting access to the Details iView from the standard eu_role.  If I remove the iView from this role then all user have no access to the Details in KM.  I tried to add the iView to another role that content managers would have but when logged in with a user that had that other role I still was not able to access the Details iView. 
  This SAP Help document [http://help.sap.com/saphelp_nw70/helpdata/en/47/f0f7415e639c39e10000000a155106/frameset.htm |http://help.sap.com/saphelp_nw70/helpdata/en/47/f0f7415e639c39e10000000a155106/frameset.htm ]discusses the eu_role(Standard User role) and it states that
  By default, the Everyone group is assigned to the Standard User role. If you choose to use the other every user roles instead, you need to remove these assignments from the Standard User role and apply them to the Every User Core and Control Center User roles.
    But, when I look at what groups the role is assigned to or what roles are assigned to the Everyone group they donu2019t appear to be linked contrary to what the documentation says.  So, what Iu2019m thinking here is that I can create a copy of this role and remove the Details iView from the original and then assign the copy to the content managers and administrators.  Doing this causes all users to lose access, even the content managers.
  I thought Iu2019d give the Security Zones a try to see if this could help me but when I take away rights from here it still allows access.
  Iu2019m stumped.  Iu2019m sure there is some key piece that eludes me.  What can I do to allow users read only access to some KM folders and files while preventing them from viewing the permission/user details?

  The only 3d party apps are Hazel...
  And that's your problem!
  From the Hazel site's description:
  Hazel watches whatever folders you tell it to, automatically organizing your files according to the rules you create.
  Hazel, is a prefPane so you must have some rule (or it supplied the rule as a default) to put pictures (jpg's) from your Desktop (folder) into your Pictures folder.
  Open your System Preferences and Hazel in there and either turn off Hazel or change or delete the appropriate rule covering this situation.

• Authenticated User not showing up in access log

  Hello all,
  I am trying to get authenticated users to show up in the access log of SunOne Web Server 6.1 SP4 and it doesn't work. It is a default paramter to show up in the access log but doesn't show in the log. In fact, when I set the log to only show the authenticated user in the log, the log is empty and only shows dashes. As you can in the part of the log file below, after the IP address the log should show the authenticated user but doesn't
  Any help? Do I need to modify something else in a configuration file?
  Thanks
  Richard
  10.64.8.62 - - [15/Jul/2007:00:42:28 +0200] "GET / HTTP/1.1" 200 202
  10.64.8.62 - - [15/Jul/2007:00:43:43 +0200] "GET / HTTP/1.1" 200 202
  10.64.8.62 - - [15/Jul/2007:00:44:58 +0200] "GET / HTTP/1.1" 200 202
  10.64.8.62 - - [15/Jul/2007:00:46:14 +0200] "GET / HTTP/1.1" 200 202
  10.64.8.62 - - [15/Jul/2007:00:47:29 +0200] "GET / HTTP/1.1" 200 202
  10.64.8.62 - - [15/Jul/2007:00:48:44 +0200] "GET / HTTP/1.1" 200 202
  10.64.8.62 - - [15/Jul/2007:00:49:59 +0200] "GET / HTTP/1.1" 200 202
  10.65.1.63 - - [15/Jul/2007:00:51:14 +0200] "GET /Windchill/ HTTP/1.1" 200 402
  10.65.1.63 - - [15/Jul/2007:00:51:15 +0200] "GET /Windchill/wtcore/js/com/ptc/core/ca/web/misc/content.js HTTP/1.1" 200 4132
  10.65.1.63 - - [15/Jul/2007:00:51:15 +0200] "GET /Windchill/netmarkets/images/cut.gif HTTP/1.1" 200 104
  10.65.1.63 - - [15/Jul/2007:00:51:15 +0200] "GET /Windchill/netmarkets/images/newdoc.gif HTTP/1.1" 200 215
  10.65.1.63 - - [15/Jul/2007:00:51:15 +0200] "GET /Windchill/netmarkets/images/details.gif HTTP/1.1" 200 214
  10.65.1.63 - - [15/Jul/2007:00:51:14 +0200] "GET /Windchill HTTP/1.1" 302 0
  10.65.1.63 - - [15/Jul/2007:00:51:15 +0200] "GET /Windchill/netmarkets/javascript/util/calendar.js HTTP/1.1" 200 29580
  10.65.1.63 - - [15/Jul/2007:00:51:15 +0200] "GET /Windchill/netmarkets/images/contract_comp.gif HTTP/1.1" 200 79
  10.65.1.63 - - [15/Jul/2007:00:51:15 +0200] "GET /Windchill/netmarkets/images/newfoldertl.gif HTTP/1.1" 200 221
  10.65.1.63 - - [15/Jul/2007:00:51:15 +0200] "GET /Windchill/netmarkets/images/ptclogo.gif HTTP/1.1" 200 1284
  10.64.8.62 - - [15/Jul/2007:00:51:14 +0200] "GET / HTTP/1.1" 200 202

  You didn't say how the server is authenticating the user. Is it succesful? ACLs or Java?
  6.1sp4 is obsolete, update to the latest 6.1 service pack first. If you're using Java, I believe there was a bug years ago that was along the lines of your description. Update to the latest 6.1 service pack and if that doesn't solve the problem, provide more details on how the authentication is configured.

• Username not showing up in access log for authenticated users

  I'm using form-based authentication in a Java web application on Sun One Web Server v6.1 to restrict access to authenticated users. However, even after the users authenticate and access the application, the username field in the access log is showing them as anonymous.
  request.getRemoteUser() is reporting the correct username, so it just seems to be the access log that is in error. Right now it is set to the default but changing formats to custom doesn't seem to help in displaying the username.
  Here's an excerpt from the access log:
  // anonymous access attempt, redirects to login page...
  10.100.168.110 - - [01/May/2006:14:34:42 -0400] "GET /profile/index.jsp HTTP/1.1" 302 0
  10.100.168.110 - - [01/May/2006:14:34:42 -0400] "GET /profile/login.jsp HTTP/1.1" 200 3355
  10.100.168.110 - - [01/May/2006:14:34:47 -0400] "POST /profile/j_security_check HTTP/1.1" 302 0
  // at this point they are logged in and their username should be reflected in the access log, but is not:
  10.100.168.110 - - [01/May/2006:14:34:47 -0400] "GET /profile/index.jsp HTTP/1.1" 200 3532 And the relevant code from the web application's web.xml:
  <security-constraint>
      <web-resource-collection>
        <web-resource-name>AllFiles</web-resource-name>
        <description>
                   Restricts anonymous access.
                </description>
        <url-pattern>/*</url-pattern>
        <http-method>POST</http-method>
        <http-method>GET</http-method>
      </web-resource-collection>
      <auth-constraint>
        <description>
                 Authenticated Users
                </description>
        <role-name>user</role-name>
      </auth-constraint>
    </security-constraint>I've searched the forums and the manuals but can't see anything showing that the access log's username field doesn't work with form-based authentication. Can anyone shed some light on this?

  Some background:
  The Java Servlet container has its own authentication infrastructure (which is what you configure in web.xml) which is separate from the non-Java authentication infrastructure (ACLs, etc.). If you set up authentication via ACLs the resulting user identity can (though you may configure it not to) propagate to the Java Servlet container such that request.getRemoteUser() will return it, even though no web.xml-driven authentication occurred. The coverse is not true, however: if you authenticate via a Java Realm, based on web.xml configuration, that user identity is not available to non-Java code.
  (Your web.xml snippet doesn't show you using FORM auth - but it doesn't matter, the explanation above applies in any case.)
  That is why the log file (generated from non-Java code) doesn't have access to that user. It probably should, but there's no config option today for you to make that happen.
  If you're using BASIC auth you may consider moving the authentication configuration from web.xml to ACLs as a possible workaround. It will then show up in the access logs.
  If you prefer web.xml-based authentication, consider the <SECURITY audit="true"> option in server.xml. It won't be in the access log but you'll have an audit trail of authentications, which may help.

• Externally Authenticated User

  Hi, My application is a Pro C / Oracle 8i based application. I was using hardcoded user ids and passwords which we removed thru externally authenticated user. Now my application is stable in production but users are complaining of very slow performance of Oracle database.
  Is this due to externally authenticated user id ? Does it impact the system performance ?
  Edited by: user594301 on Jan 21, 2009 3:01 AM

  Were you using lightweight sessions or connection pooling before and now initiating a new connection for each user?