Change password with a custom authentication

Similar Questions

• Apex 4.1 - Websheets with the custom authentication scheme

  Apex v4.1 (as seen on the hosted apex.oracle.com) - Websheets do not always seem to work with a custom authentication scheme. Database applications work very well with a function of sentry page, but when the same page sentry function is used for a websheet, running, it gives an error the requested page was not found
  
  One of the Apex team can consult? Thank you

  Hi Vikas,

  Websheet Sentinels have slight differences of sentinels of the application.
  I created a sentinel websheet for you which should operate (see below).

  Christian

  create or replace function sample_page_sentry return boolean
  is
      l_username   varchar2(512);
      l_session_id number;
      l_ws_app_id  number;
  begin
      -- check to ensure that we are running as the correct database user.
      if user != 'APEX_PUBLIC_USER' then
          return false;
      end if;
      -- get sessionid in cookie
      l_session_id := wwv_flow_custom_auth_std.get_session_id_from_cookie;
      if wwv_flow_custom_auth_std.is_session_valid then
          -- the session still exists. we configure the APEX engine to use
          -- this session id and the session's username.
          --
          -- NOTE: it is more secure to also check if this is the session id from
          --       the URL!
          --
          apex_application.g_instance := l_session_id;
          l_username                  := wwv_flow_custom_auth_std.get_username;
          if nvl(l_username,'nobody') != 'nobody' then
              wwv_flow_custom_auth.define_user_session(
                  p_user       => l_username,
                  p_session_id => l_session_id);
              return true;
          end if;
      else
          -- session can not be reused, create a new one
          l_session_id := apex_custom_auth.get_next_session_id;
      end if;                                                                                 
  
      -- the current session is unauthenticated. we have to determine the user
      -- and log in.                                                                          
  
      -- get the username from somewhere, e.g. a cgi variable. it is hard-coded
      -- here for simplification.
      l_username := 'VANJ';
      -- configure the engine to use this username and session.
      apex_custom_auth.define_user_session(
           p_user       => l_username,
           p_session_id => l_session_id );
      -- build a deep link to the websheet start page
      l_ws_app_id  := apex_util.get_session_state ('WS_APP_ID');
      wwv_flow_custom_auth.remember_deep_link (
           p_url=>'ws?p='||l_ws_app_id||'::'||l_session_id );
      -- register the session in apex sessions table, set cookie, redirect back.
      apex_authentication.login(
           p_username => l_username,
           p_password => null );
      return true;
  end sample_page_sentry;
  /                                                                                           
  

  Published by: Christian Neumueller November 15, 2011 07:07 (a wiki format error corrected)

• Change password with the password token does not work

  My mother lost her password. So, we asked an e-mail with a password token and clicked on the link in the mail. Responses from the site sorry this token of password is not recognized, please try retyping or get password another token. Then we have copied and pasted the token giving the same result.

  We did this three days after another. So every day we ask you an email with a password token, and every day the site said us sorry this token of password is not recognized, please try retyping or get password another token.

  The system of resetting password with a token does not, at least not in the Netherlands. Does anyone have an idea how to solve this problem?

  Sorry, but the mentioned page asks you to connect with your name Skype and password, so that we cannot further. My mother has a balance of Skype credit that she doesn't use anymore.

  What is the problem with the password reset procedure?

  OK, after a very good conversation with Cherry B we discovered that the account is a Windows Live account, then we should change the password in Windows Live. The password reset procedure could mention this...

• Change password with IOM api using already defined password plocy: 11 G R2

  Hello
  
  When the user is created with a recon trust I want to change the password that is generated based on the default policy. With IOM api can generate the password by using a password Plocicy defined on IOM?
  
  To be more clear, I want to do something like that;
  
  1. download the strategy defined with IOM api
  2. generate the password with it
  3. configure the password generated recently in postporocess with the changePassword method eventhandler api IOM (this part I am able to do by the generation of password on my way, the thing I want is to generate the password using the phases 1 and 2)
  
  
  Is this possible?
  
  ARO
  Aliye

  Use this method to check your generated password:

  PasswordMgmtService validatePasswordAgainstDefaultPolicy()

  Or

  PasswordMgmtService validatePasswordAgainstPolicy()

  http://docs.oracle.com/cd/E27559_01/apirefs.1112/e28159/oracle/iam/passwordmgmt/api/PasswordMgmtService.html#validatePasswordAgainstDefaultPolicy_char___oracle_iam_identity_usermgmt_vo_User__java_util_Locale_

• Force the user to change password with the authentication of Shared Services

  Hello world
  
  is there a way to set a property that the user must change his password when he connect is the first web analytics?
  Version is 9.3
  
  Thank you much in advance.
  
  Best regards
  nois

  They will be able to change a password within the workspace, just inform them of their new password and then they can change in the workspace.

  See you soon

  John
  http://John-Goodwin.blogspot.com/

• Custom authentication tokens

  "Adobe Flash Access Overview on protected streaming" white paper States the following:

  Flash Access supports the business logic of the licensing stage decoupling based on the chips in use with Flash Media Server deployments. For example, when users visit a web portal for rental or to subscribe to the content, they may need to authenticate by providing a user ID and password to confirm their registration. They might also need a financial transaction. The web portal enters the results of these operations in an authentication token that is sent to the client application. The customer can then include the token in the licence application. The license server checks the authenticity of the token before issuance of the licence. Check token is stateless and was completed independently by each server without reference to a database or another shared state. Token is based on a secret or public key shared infrastructure (PKI).

  This raises the following questions:

  • How the web portal must generate the token?  This is a serialized AuthenicationToken or some other binary token?
  • If it's an AuthenicationToken, then how the web portal must generate a token such as this feature is part of the license server?
  • How the chips are based on a shared secret or PKI? What is incorporated into the class AuthenticationToken ?

  As I read, the paragraph refers to the regime "of custom authentication", not the authentication scheme name of user/password supported and as such, it is not to use serialized Flash Access AuthenticationTokens.  What is meant by "custom authentication" is quite honestly, not very clear in the documentation. I believe that the following scenerios should work, if I would be interested in your comments from anyone:

  In the first scenario, the "portal" should generate a custom binary token and pass this token to the client flash in response. How the token is passed is an exercise left to the reader. It could be loaded via a cookie, JavaScript or ActionScript. It doesn't really matter. Nevertheless, the token is eventually read by the Flash client and applied using the DRMManager.setAuthenticationToken (...) method. The license server must then retrieve the token by using RequestMessageBase.getRawAuthenticationToken (...).  In this case, the token format is completely defined by the developer or provider. The flash never access client issues a query for the authentication License Server Manager (/flashaccess/authentication/v1 / *).

  A second case, which I am not sure would work, would be the flash client requests a token for authorization as usual, using DRMManager.authenticate (...), but the license server authentication requests handler returns a token custom instead of a serialized AuthenticationToken. The workflow would then proceed as described in the first case.

  A third case, the Flash client is able to authenticate with the name of user and password standard schema, but the license server may ignore the username/password real name (data can be same passwords and usernames dummy). The license server would generate an AuthenticationToken, but would benefit from ApplicationProperies to store its information "custom token. The token would be then sent back to the customer and in turn transmitted to the same license server. The license server then inspect AuthenticationToken.getCustomProperties to determine the appropriate course of action.

  No matter what scenario is used, I have a few concerns with custom authentication tokens:

  First of all, this forum has several questions about custom authentication tokens. The documentation is not clear on what is intended and how exactly these tokens must be produced, transferred and consumed. It would be very useful for Adobe to provide an example with its reference implementation code.

  Second, as developers of server Flash Access License remain to design their own authentication scheme customized, there is a real concern that the invented approach can be precarious, allowing re-use of authentication tokens. A published set of best practices would help to ensure custom tokens are generated in a way that does not leak the information, allow attacks by replay or session hijacking.

  Finally, there seems to be some confusion about the use of tokens for authentication and authorization. The reference implementation clearly only use them for authentication, as the RefImplLicenseReqHandler makes additional checks the database for the authenticated user is allowed (subscriber) to access the content.  However, the paragraph quoted above suggests using these tokens for authentication and authorization. At least, that's what I understand by the notion that "audit token is stateless and was completed independently by each server without referring to a database or other shared state. I don't see how that's possible, unless the token contains authentication and authorization information. I'm wrong?

  I appreciate the thoughts of someone else on the custom authentication tokens. Thank you.

  -Aaron J

  The workflow for "custom authentication" is exactly what you described in your first scenario.  Namely, the client application gets a token through certain channels and calls DRMManager.setAuthenticationToken (...) to provide the token. When the client requests a license from the license server, this token is included in the request. The server application calls RequestMessageBase.getRawAuthenticationToken (...) for the access token and perform any validation is required for this type of token before issuing the permit. With a custom authentication, the SDK AuthenticationToken class is not used - this class is only used to represent the authentication tokens issued by using the name of user and password Flash Access authentication scheme.  A custom authentication token can be binary data - the Flash Access SDK is not involved in the generation or to consume these chips - it's your server implementation to manage the following steps.

  The motivation behind the 'custom authentication' scheme is not to force content providers to invent a new way to authenticate users, but to allow you to take advantage of all infrastructure you already have in place.  For example, if you are already running the SAML tokens to authenticated users, you can continue to do so, and you would just plug the SAML validation code in your license server. As a general rule, an authentication token is signed to prevent tampering. It would be possible to generate a signature using a symmetric key or with a private key. Then, checking on the server would involve checking the signature, either by using the same shared symmetric key or with the public key corresponding to the private key. (This is what is meant by 'token is based on a secret or public key shared infrastructure (PKI) ")

  Although the API reference to "authentication tokens", it would also be possible to take advantage of this authorization mechanism. For example, if you have a web portal to access the information on which a user is allowed to access the content, the Portal could issue an authorization token that says that the user X is allowed to play the content Y and Z. When the license server receives this token in a license application for content, simply, check the token is still valid and that the token States it is allowed to grant access to the content Y. This workflow, the license server doesn't have access to the database that contains authorization information, making it easier to deploy the server in a highly scalable way.

  Is this address your questions and concerns?

• How can I change an icon with a custom icon that is downloaded from the internet (i.e. not already in the file "bowse icon")

  I want to customize my desktop icons to make it easier to read. When I right click, select Change icon, select Browse, I see all the icons I want to use. I downloaded a custom on the internet and saved on my desktop icon, but I don't know how to replace the old icon by this news.

  Tried to drag on the old icon without success.

  Hi Larry,

  Thanks for posting your query in Microsoft Community.

  I understand from your description, that you cannot change the folder icon with a custom icon uploaded to the Internet.

  I'll be happy to help you. This problem could be caused because you may not have selected the right path or the location of the file that you downloaded or the downloaded file may be damaged or does not work or does not exist.

  I suggest to follow the steps below and we update on the State of the question.

  I recommend you to check or find the location of the file or path where exactly you downloaded and to check whether the file is actually present in the location and also check the file is fully downloaded and work very well.

  a. Subsequently, navigate to the folder that you change the icon and right-click on the folder.

  b. click Properties, click the Customize tab, click change icon, and click Browse.

  c. Select the correct path inside the menu drop-down or enter the correct path manually from the exact location of the downloaded file.

  d. open the file downloaded for the icon, choose the name of the file and click Open to select the file, and check to see if it helps you.

  If the problem persists, then I suggest you to download the file once more on the Internet and save it in a new folder and check the issue.

  For reference:

  How to change the default icons for folders in Windows XP:

  http://support.Microsoft.com/kb/310192

  For all windows questions do not hesitate to contact us and we will be happy to help you.

• Administrators password has expired and I can't seem to change even with a backup drive

  original title: password expiration

  OK so my administrators password has expired and I can't seem to change even with a backup disk can anyone help me pleasssseeee!

  Hello

  ·         Your computer is on a domain?

  If the computer is on a domain, you may need to contact the system administrator for the renewed password.

  Microsoft cannot help you recover passwords for Microsoft who are lost or forgotten products. You can go through the article below.
  "Microsoft's strategy concerning lost or forgotten passwords"

  Amrita M

  Microsoft Answers Support Engineer
  Visit our Microsoft answers feedback Forum and let us know what you think.

• Impossible to logon to share the folder with "User must change password at the next logon" in Windows Server 2003

  I use Windows Server 2003 R2 SP2 as a file server.  I create new user 'A' in Windows Server 2003 as well with the option "user must change password at the next logon" selected and give way under the group users and users in the domain for this user.  I then share an output folder.  User 'A' is using Windows XP SP3 to connect to this shared folder.  However, when I try to connect, Windows reappear to enter user name and password.  I think it is the limitation in Windows that the user 'A' will be unable to change the password at the next logon or change password at any point in time at all.  Correct me if I heard wrong.

  If possible, can someone enlighten me what is wrong or what I need to do for user to access folder and change the password on the first logon.

  If what I described is not possible, is there another way for me to configure for the user to access share folder so that the user doesn't have to join domain or user of the AD?

  http://TechNet.Microsoft.com/en-us/WindowsServer/default.aspx

  You will need to repost the above Server forums.

  Here is the Vista Forums.

  See you soon.

  Mick Murphy - Microsoft partner

• Error when connecting with the new announcement of account in windows 8 client as "User must change password at the next logon"

  Windows Server 2003 R2 Standard Server
  Client-side: Windows 8

  The problem:

  I create a new user and let the "user must change password at the next logon' checked. When I try to log in with the newly created user I get an error saying "User must change password at the next logon" after ptoviding the new password.

  At this point if I uncheck the "user must change password at the next logon', then the user can connect properly.

  Can someone help me. Please let me know any problem OS compatibility between the server and the OS cleint.

  Jaril

  Hi Jaril,

  Thanks for posting your query in Microsoft Community.

  According to the description of the issue, I recommend you post your query in the TechNet Forums. TechNet is watched by other computing professionals who would be more likely to help you.

  TechNet Forum

  Hope this information is useful.

• Problem with changing password to adapter

  Hello
  We need to change password user IOM after AD account creation. I use following my adapter code:
  
  * public class PassswordGenerator {* +}
  
  Public Shared Sub NewPassword (String usrID, boolean isUserLogin) throws all AccessDeniedException,+.
  NoSuchUserException,+.
  UserLookupException,+.
  SearchKeyNotUniqueException,+.
  * UserManagerException {* +}
  
  UserManager userService = Platform.getService (UserManager.class); +
  User user = userService.getDetails ("User Login", usrID, null); +
  RandomPasswordGeneratorImpl randomPasswordGenerator = new RandomPasswordGeneratorImpl(); +
  char [] nouveau_mdp = randomPasswordGenerator.generatePassword (user); +
  Pass string = new String (new_pwd); +
  System.out.println ("new password:" + pass); +
  userService.changePassword (usrID, pass.toCharArray (), isUserLogin); +
  
  *}*
  
  *}*
  
  
  but when I try to perform tasks on the user ad process I get special suite:
  
  java.lang.reflect.InvocationTargetException
  at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
  +........+
  Caused by: oracle.iam.identity.exception.UserManagerException: the password change operation failed.
  at oracle.iam.identity.usermgmt.impl.UserManagerImpl.changePassword(UserManagerImpl.java:3027)
  at oracle.iam.identity.usermgmt.impl.UserManagerImpl.changePassword(UserManagerImpl.java:2962)
  at oracle.iam.identity.usermgmt.api.UserManagerEJB.changePasswordx (unknown Source)
  +........+
  
  I need to change my code to use OIMClient? Password is generated according to the password policy, I can't test my external customer code, so I have no idea what is wrong.
  The best
  MP
  
  Published by: J23-2012-05-28 04:12

  Approach is very good. You can call the task of password change to the success of creating the task from the user.
  You can have a simple code like this:

  Import oracle.iam.passwordmgmt.api.PasswordMgmtService;
  public String changePassword (Long usr_key, String password) {}
  UPOS tcPasswordOperationsIntf = Platform.getService (tcPasswordOperationsIntf.class);
  upos.setXelleratePassword (usr_Key, password);
  }

  I hope this helps.

  Kind regards
  GP

• Custom authentication fails with PLS-00306: wrong number or types of argume

  Hello
  
  I wrote a custom authentication scheme. I have a function that returns a BOOLEAN. Now, when I tried to test it, he throwed the following error.
  
  < pre >
  ORA-06550: line 2, column 8: PLS-00306: wrong number or types of arguments in the call to 'AUTH_ON_MY_USERS' ORA-06550: line 2, column 1: PL/SQL: statement ignored
  ERR-10460 error cannot perform the function of verification of the authentication credentials.
  Ok
  < / pre >
  
  The function is
  < pre >
  create or replace function auth_on_my_users (p_username_in in varchar2
  p_password_in in varchar2)
  return a Boolean value
  is
  Start
  Returns true;
  end;
  < / pre >
  
  I have an Oracle 10 g XE on windows. Apex 3.2.1. When I tried the same thing in apex.oracle.com, it worked. Is there something to do with XE and 3.2.1?
  
  Any idea? Thanks in advance.
  
  Concerning
  Guru
  
  Published by: guru Perrin on November 23, 2009 19:44 - Typo

  Hello

  Try

  create or replace function auth_on_my_users( p_username in varchar2, p_password in varchar2)
  return boolean is
  begin
   return true;
  end;
  

  The engine requires Express provides this function to have the signature (p_username in varchar2, p_password in varchar2) return a Boolean value.
  >

  BR, Jari

• How to activate the "Change Password" on the page "my account"?

  Hi all
  
  I log on using "Administrator" on the page "My account", there is no "Change Password" link on the page.
  Can someone tell me what I need to do to activate it?
  
  Thank you
  Dan.

  With 11g, OBIEE essentially uses the notion of 10g of external authentication.

  By default, this is done by the LDAP WLS (Weblogic) identity store, but it can be done by an another supported authenticator WLS, or OBIS (custom authenticator or LDAP) metadata. As a result, OBIEE has control over user passwords; This is why the steps mentioned in the notes 1102353.1 do not apply to OBIEE 11 g, but only to users internal/repository-defined in OBIEE 10 g.

  So, as for the maintenance of password in OBIEE 10 g when an external authenticator is used, it is in this authentication system external this password is changed, not in OBIEE 11 g. There is no option in OBIEE 11 g to allow users to change passwords.

  There are two alternatives with which you can change your password:
  (1) from the Weblogic/WLST administration console.
  You must give this user in the Weblogic console access or access to browse the hierarchy of involved MBean and other change permissions. Change the password using WLST instance statement here:

  Ideally, the console and WLST approaches are used by administrative accounts to manage other users. But the console and WLST possible to allow other users to change the passwords (which will be more or less as an administrative task by the users themselves)

  (2) with the help of a programmatic approach.
  Here, the application that intends to provide the users with the password change functionality must implement this functionality on its own (GUI more appeal to the relevant Weblogic API). WebLogic provides an MBean that the application can use to achieve this. See here for more information.

  An enhancement request is for this feature. It is unpublished bug 11836170 - allow non-admin users to change passwords in obiee 11 g.

• Need help-&gt; custom authentication scheme

  Hey,.
  
  I am working on a custom authentication scheme.
  
  First, I create a test table:
  

  CREATE TABLE TBL_USER
    (
      USR_EMAIL VARCHAR2(40 BYTE) NOT NULL ENABLE,
      USR_ID    NUMBER NOT NULL ENABLE,
      USR_PW    VARCHAR2(255 BYTE) NOT NULL ENABLE,
      USR_ROLLE VARCHAR2(20 BYTE),
  CONSTRAINT "TBL_USER_PK" PRIMARY KEY ("USR_ID")
  );

  Then a function to hash the email and pw:

  create or replace
  function app_hash_test (p_email in varchar2, p_passwort in varchar2)
  return varchar2
  is
    l_passwort varchar2(4000);
    l_salt varchar2(4000) := 'DFS2J3DF4S5HG666IO7S8DJGSDF8JH';
                              
  begin
    l_passwort := utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5
    (input_string => p_passwort || substr(l_salt,10,13) || p_email ||
      substr(l_salt, 4,10)));
    return l_passwort;
  end;

  Then, a function of authentication:

  create or replace
  function app_auth_test (p_email in VARCHAR2, p_passwort in VARCHAR2)
  return number
  is
    l_passwort varchar2(4000);
    l_stored_passwort varchar2(4000);
    l_expires_on date;
    l_count number;
  begin
    select count(*) 
      into l_count 
      from tbl_user 
     where upper(usr_email) = upper(p_email);
  
    if l_count > 0 
    then
      select usr_pw 
        into l_stored_passwort
        from tbl_user 
        where upper(usr_email) = upper(p_email);
  
      l_passwort := app_hash_test(p_email, p_passwort);
  
      if l_passwort = l_stored_passwort 
      then
        return 1;
      else
        return 0;
      end if;
    else
      return 0;
    end if;
  end;

  After this, I create a form on the table tbl_user to insert the users by e-mail, password and rol (drop-down).
  
  On this Page (3), I create a new process to generate the hash value.
  

  begin
  :P3_usr_email := upper(:P3_usr_email);
  :P3_usr_pw := app_hash_test(:P3_usr_email,:P3_usr_pw);
  :P3_usr_email := lower(:P3_usr_email);
  end;

  After completing my page reg., I insert some users to test it later.
  
  The next step was to create a new authentication scheme in the shared components.
  Share components
  1. create
  2 starting at zero
  3. name-> TBL_USER
  4 JUMP
  5 JUMP
  6. the Page of this Application-> Page 1
  7 JUMP
  8 use my custom function to authenticate. -> return app_auth_test
  9 JUMP
  10 JUMP
  11 LOGOUT URL-> wwv_flow_custom_auth_std.logout? p_this_flow = APP_ID. & amp; p_next_flow_page_sess = & APP_ID.:1
  12. create schema
  
  My next step is to set the new regime as current-> current change
  
  I'm trying to open a session to my existing page with an e-mail and password in the tbl_user table.
  
  But all I got, is an error message:
  
  ORA-06550: line 2, column 8: PLS-00306: wrong Anzahl oder Typen von illuminated by von call 'APP_AUTH_TEST' ORA-06550: 2 line, column 1: PL/SQL: statement ignored
  
  ERR Fehler - 10460 implement von Funktion zum Prufen der Authentifizierungs-ID-Daten nicht possible.
  
  Translattion:
  Wrong number or type of argument in the call to 'APP_AUTH_TEST' ORA-06550: 2 line, column 1: PL/SQL: statement ignored
  
  Error ERR-10460 perform the function of evidence authentication-ID data - is not possible.
  
  I have check the operation, but it seems ok!
  does anyone know, what I forgot? Perhaps some parameters in the Login Page?
  
  NEDO
  
  Edited by: Mr.Nedo the 12.04.2011 07:55

  Your authentication (app_auth_test) matching mist signature exactly as shown in the window help or documentation.

  function app_auth_test (p_email in VARCHAR2, p_passwort in VARCHAR2) RETURN NUMBER

  differs from the documentation

  (p_username in varchar2, p_password in varchar2) return a Boolean value

  Change function app_auth_test so that it matches with the signature expected (return type and the parameter names and types) or write a wrapper for him with this signature and use that work more like authentication.

• 4.0.1 custom authentication

  Hello
  
  I am trying to create a custom authentication scheme based on my own auth function.
  The function already exists and works very well in APEX 3.2.1.
  
  4.0.1 it seems that the function is not called at all.
  
  If someone has recognized the same? Solved?
  
  Is it still 'return my_authfunction' in the schema definition?
  
  
  Thanks in advance.
  Carsten

  Hi Carsten,

  I was not able to know the workspace CPESPACE the connection and user PATRICK with the password [email protected]
  Can you reset again once, maybe someone else connected and changed the password.

  Concerning
  Patrick
  -----------
  My Blog: http://www.inside-oracle-apex.com
  APEX 4.0 Plug-Ins: http://apex.oracle.com/plugins
  Twitter: http://www.twitter.com/patrickwolf