Have OAM authenticate/authorize users on servers of dir diff
Hi people,Is it possible to have OAM authenticate/authorize users against diff server under single instance OAM dir?
We have autonomous OAM 10_1_4_3_0 w OHS11g installed on linux and connected to a particular directory server (ldap sun). We have also an application protected by OAM authenticates / allowing users on the same server dir. Pouvons we somehow configure the rules/policies/etc, so that the users who access the app B will be authenticated and authorized against dir Server B; users accessing the app C will be authenticated and authorized against dir server c; etc., without having multiple instances OAM?
Any help is greatly appreciated
Thank you, novel
The best way to do this is to set up a common directory OVD namespace under which each backend directory is represented as a different OU. For example, suppose you have two directories - one for internal users, that is AD and one for external users who is OID. Configure a common namespace, dc = yourcompany, dc = com. Then configure OUS for each directory, OU = external pointing to the OID and OU = internal who showed up at AD.
Then in your authentication schemes, create a credential mapping plugin for the bases of the different mapping (authentication scheme a for internal users, the other for external users).
And in your strategy for each application, configure the rule of authentication for the application to use the appropriate authentication scheme. If this is an application for internal users, use the user authentication schema internals and if an application external users, use the external authentication scheme.
Tags: Fusion Middleware
Similar Questions
-
BlackBerry smartphones cannot authenticate the user at this time.
I have a new Blackberry "BOLD" and I want to get the applications I already bought on an old "BOLD".
I go to My World and select Connect. I certainly get my Paypal account information correctly.
I click on Login...
I get the message "Please wait while we retrieve your MyWorld Applications... »
A few seconds later, I get: "unable to authenticate the user at this time. Please try again later. »
Any ideas? I searched the web and can't seem to get an answer, but I don't see many people with the same issue.
THX
I tried this again the PST last night, and it now seems to work.
-
Unable to authenticate the user.
Hello
I have configured the SSP of Hyperion and workspace and configuration went very well and when I tried to connect, giiving error below.
Database: SQL Server 2008 R2
FYI... Manager of the Foundation Server is up and works fine
Can you please share your ideas how to fix this...
Thanks in advance for your help.
Best regards
UB
EPMCSS-00301: unable to authenticate the user. Invalid credentials. Enter valid credentials.
URI: http://servername:28080/interoperability/logon
Code: 1000
Description: An error occurred the result from the process server.If you are under windows, then there should be services created for the EPM products, you should be able to start foundation and other products to use the service without having to start the weblogic administration server.
See you soon
John
http://John-Goodwin.blogspot.com/ -
I have currently the application works a lot using a combination of authentication of users/roles with username, password and roles hard coded into my cfproperty below.
MY QUESTION: I use Flex 2 with ColdFusion MX 7.02 and MS SQL Server Express 2005. I wish I could take my component below and query my MembershipInfo table in my database to authenticate my users against my login form. My data source is "myDatabase" and the table with the connection information is called "MembershipInfo." Also in my login form, my username textinput id is 'usernameTextInput' and my password textinput id is "passwordTextInput." My login form component name is "LoginHBox.mxml" which, in a folder called 'view '.
MY QUESTION: How the query must be written correctly connect to my database to check the user authentication AGAINST my login form? I know that it is possible, but I'm having a hard time finding the logic. Any help would be greatly appreciated.
NOTE: I am successfully able to query the same database to populate a DataGrid control, so I am able to connect to my database using the remote control blinks.
< cfproperty >
< name cffunction = "loginUser" access = "remote" returntype = "WebsiteApplication.cfc.UserCFC" >
< cfargument = 'user name' name type = "string" required = "true" >
< name cfargument = "password" type = "string" required = "true" >
< cfset var user = createObject ("component", "UserCFC") >
<!-the CFIF and CFELSE below contain roles, passwords and username hardcoded
I would like to replace them with the news of my database, but need help to understand the logic->
< cfif arguments.username is "admin" and "password" arguments.password >
< cfset user .loggedin = true >
< cfset user .username = "admin" >
< cfset user .roles = "SeniorAdministrator" >
< cfreturn user >
< arguments.username cfelseif's "user" and arguments.password is "password" >
< cfset user .loggedin = true >
< cfset user .username = "user" >
< cfset user .roles = "Visitor" >
< cfreturn user >
< cfelse >
< cfreturn user >
< / cfif >
< / cffunction >
< / cfproperty >
paross1,
Thank you very much for your message! Thanks to you I could understand our logic for all workers. Here's what my CFC looks like now...
SELECT the name of user, password, AccessLevelID, FirstName, LastName
FROM dbo. MembershipInfo
WHERE
Username = "#username #
AND password = ' #password #
You're my HERO for the week!
John
-
How to authenticate the user using oracle user
Hello
I do some piece of my apex application login authentication and what I want to do is to let people connect with the user Oracle (schema) and the password also, in the system. I know that we have a dba.users table that contains the usernames and respective encrypted passwords for users of Oracle. But using this table is not the right way for my solution. Is there another way I can authenticate the user if he uses the username/password Oracle (as sys/respective password)?Hello:
You might want to consider 'DAD authentication' for your application as described here
http://download.Oracle.com/docs/CD/E14373_01/AppDev.32/e11838/sec.htm#CHDJBAIF
CITY
-
Hello
I implement security ADF, was able to authenticate the user. In my home page, I have a link to log out.
If clicked it the follwing method is executed
ExternalContext ectx =
FacesContext.getCurrentInstance () .getExternalContext ();
HttpServletRequest request = (HttpServletRequest) ectx.getRequest ();
HttpServletResponse response = (HttpServletResponse) ectx.getResponse ();
HttpSession session = (HttpSession) ectx.getSession (false);
session. Invalidate();
String temp =
request.getContextPath () + ' / adfAuthentication? Logout = true & end_url=/faces/logout.jsp ";
try {}
response.sendRedirect (temp);
FacesContext.getCurrentInstance () .responseComplete ();
} catch (Exception ex) {}
System.out.println ("Exception in logout())");
}
but the problem is it of not accessing the page to disconnect its redirected to the login page.
logout page is public page, still transmitted sound to the login page.
any help would be appreciatedHello
Hey this is not possible it is cause to happen when you invalidate the session, you have configured in the Web.XML when the session is not committed go you to the login page if you want it redirect to the mention of logout page this page as error page when you set up the configuration of the connection in the web.xml file
Concerning
Rohit -
I disabled the administrator since the since the link "my computer / manage / local user and groups / user / administrator / properties." Now I am not been able to start my laptop. When I try to start the laptop, it shows the administrator user is disabled.
Please help with a solution
BijuNew DelhiYou must restore your registry to a point in time before that you have disabled the administrator user. It is not easy if there is any left on the system administrator user.
One way to do this is to start your computer from a CD rescue-style such as BartPE and UBCD4Win or Linux Livecd such as Knoppix. You can then follow the steps in the following article from part 2, step 6, using GUI to copy and rename the files rather than orders from command-line specified in article.
"How do I recover from a corrupted registry that prevents Windows XP startup"
<>http://support.Microsoft.com/kb/307545 >If you are not experienced, I recommend to get help.
HTH,
JW -
ERROR: You don't have the right of user manage auditing.
I copied the files on my computer to work on a USB device using robocopy. When I try to use robocopy to copy these files the USB device on my computer at home I get the following error message; "ERROR: you do not have the right of user manage audit."
How can I get this error message and copy the files?
Thank youI'm glad that you were able to understand. Thanks for sharing your solution. In Windows Vista and Windows 7, even if your user account is an administrator (and this is not optimal, see why below), you still need to raise the true administrator to make global changes. In your case, that would by running high cmd ("run as Administrator").
User - recommended configuration (Vista and Win7) accounts
You absolutely don't want to have only one user account. As XP and all the other modern operating systems, Vista and Windows 7 are OS multi-user with system built-in accounts such as administrator, by default, all users and guest. These accounts should be left alone because they are part of the structure of the operating system.
In particular, you do not want account only one user with administrator privileges on Vista and Windows 7 because the administrator account integrated (normally only used in emergencies) is disabled by default. If you use as an administrator for your daily work, and this account is corrupt, things will be difficult. It is not impossible to activate the built-in administrator to rescue things, but it will take third-party tools and work outside the operating system.
The user account that is for your daily work must be a Standard user, with the extra administrative user (call it something like 'CompAdmin' or 'Tech' or similar) only it for elevation purposes. As a user Standard is recommended for security reasons and will help protect your computer against infections. After you have created "CompAdmin", connect to it and change your normal user account Standard. Then log on to your regular account.
If you want to go directly to the desktop and ignore the Welcome screen with the icons of the user accounts, you can do this:
Start Orb > Search box > type: netplwiz [Enter]
Click continue (or provide an administrator password) when you are prompted by UACUncheck "users must enter a user name and password to use this computer". Select a user account to connect automatically by clicking on the account you want to highlight and press OK. Enter the password for this user account (when it exists) when you are prompted. Leave blank if there is no password (null). MS - MVP - Elephant Boy computers - don't panic!
-
I can't access the Control Panel on our user, I have recentley found another user named Ben on my pc in safe mode, I think I have a trojan or virus, I get a windows message have found another registry file
I can't access the Control Panel on our user, I have recentley found another user named Ben on my pc in safe mode, I think I have a trojan or virus, I get a windows message have found another registry file
Hello, tounsya,
What antivirus do you use? AVG, McAfee, BitDefender, Norton?
http://www.howtogeek.com/HOWTO/Windows-Vista/disable-System-Restore-in-Windows-Vista/
Turn off System Restore and download either of the following.
Run a full scan to ensure that your system is not infected.
Malicious software removal tool
http://www.Microsoft.com/security/PC-Security/Malware-removal.aspx
TrendMicro Housecall
-
I can't open any programs. All the icons are changed (it looks like the value by default when windows does not recognize the program). When I click on the program, it has an error saying that I can't have the proper authorization. Right click and selecting run to do the same thing. Everything seems to work in safe mode, but it won't let me run System Mechanic. I'm currently logged in safe mode. Any help would be appreciated.
Hi rob251,
Remember to make changes to the computer before that happened?
Step 1 : Click right on any program icon, click Properties, click the compatibility tab, check the box run this program as an administrator and try again to run the program.
Check if this is useful
Given that the programs work very well as expected in safe mode, the issue could be software or related materials
Step 2: Put the computer to clean and test start
Follow step 1 in the link below,
How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
http://support.Microsoft.com/kb/929135
If everything works well after a clean boot, you can deduce that some third-party services are at the origin of the problem.
Continue with the remaining steps to pin-point on the third party service.
After find you the program that is causing the problem, you will have to perhaps to update or install a newer version of the program, if you rarely use that you should consider uninstalling the software.
Important: n ' forget not the computer to start normal follow step 7 in the link.
If you started facing this problem lately, recent changes to the computer could cause this problem
Step 3: System Restore: System Restore to put the computer's system files to an earlier point in time.
Search the steps mentioned in the link below:
http://Windows.Microsoft.com/en-us/Windows-Vista/what-is-system-restore
Thank you, and in what concerns:
Ajay K
Microsoft Answers Support Engineer
Visit our Microsoft answers feedback Forum and let us know what you think.
-
Need a script powercli on behalf of user ESXi servers list
Need a script powercli on behalf of user ESXi servers list
My mistake, try something like this
$user = "root" $pswd = "password" Get-VMHost | %{ $esx = Connect-VIServer $_.Name -User $user -Password $pswd Get-VMHostAccount -Server $esx | Select @{N="Host";E={$esx.Name}},@{N="Uid";E={$_.ExtensionData.Id}},Id,@{N="Name";E={$_.ExtensionData.FullName}} Disconnect-VIServer -Server $esx -Confirm:$false}
-
Someone told me to make sure I have run as root user to unlock all the features?
I have installed on my machine at home creative Cloud applications. Someone told me to make sure I have run as root user to unlock all features. What does that mean?
Hi pgodkin,
Can you please confirm the operating system on which you installed creative cloud.
If you are able to install all the applications successfully there is not need to run as 'Administrator' in 'root' on Mac and windows.
Thank you
Kapil Malik
-
Ray used to authenticate the users by default
I use free RADIUS on ubuntu 12.04 LTS.
AAA configs I have, I used all my devices in layer 2 and it works properly, however I can't have users to authenticate on a layer 3 device... Here is some info... I can ping to and from my server, I got some rules on devices of allowing to the asa 5510 to talk... radius server but also permits access-list on the router... What don't get me.
Cisco Internetwork Operating System software
Software s72033_rp of iOS (TM) (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2 (18) SXF13, RELEASE SOFTWARE (fc1)configs-
AAA new-model
RADIUS AAA server group RadiusGrp
Server auth-port 1812 acct-port 1813 X.X.X.X
!
Group AAA authentication login default RadiusGrp
default AAA authorization exec RadiusGrp group
AAA exec by default start-stop accounting RadiusGrp group
AAA default start-stop group accounting RadiusGrp system
RADIUS-server host X.X.X.X auth-port 1812 acct-port 1813 secret key
RADIUS server retransmit 3
Debug AAA authentication-
On May 1, 13:22:24: AAA/AUTHENTIC/START (3020837816): port = "tty1" list = "action = LOGIN = LOGIN service
On May 1, 13:22:24: AAA/AUTHENTIC/START (3020837816): by using the "default" list
On May 1, 13:22:24: AAA/AUTHENTIC/START (3020837816): method = RadiusGrp (RADIUS)
On May 1, 13:22:24: AAA/AUTHENTIC (3020837816): status = GETUSER
On May 1, 13:22:26: AAA/AUTHENTIC/CONT (3020837816): continue_login (user = '(undef)')
On May 1, 13:22:26: AAA/AUTHENTIC (3020837816): status = GETUSER
On May 1, 13:22:26: AAA/AUTHENTIC (3020837816): method = RadiusGrp (RADIUS)
On May 1, 13:22:26: AAA/AUTHENTIC (3020837816): status = GETPASS
On May 1, 13:22:30: AAA/AUTHENTIC/CONT (3020837816): continue_login (user = 'Taylor')
On May 1, 13:22:30: AAA/AUTHENTIC (3020837816): status = GETPASS
On May 1, 13:22:30: AAA/AUTHENTIC (3020837816): method = RadiusGrp (RADIUS)
On May 1, 13:22:51: AAA/AUTHENTIC (3020837816): status = ERROR
On May 1, 13:22:51: AAA/AUTHENTIC/START (2366780039): port = "tty1" list = "action = LOGIN = LOGIN service
On May 1, 13:22:51: AAA/AUTHENTIC/START (2366780039): restart
On May 1, 13:22:51: AAA/AUTHENTIC/START (2366780039): some methods left to try
On May 1, 13:22:51: AAA/AUTHENTIC (2366780039): status = ERROR
On May 1, 13:22:51: AAA/AUTHENTIC/START (2366780039): failed to authenticate
On May 1, 13:22:53: AAA/MEMORY: free_user_quiet (0x44BFCBB8) user = 'Taylor' ruser = port 'NULL' = 'tty1' rem_addr = 'X.X.X.X' authen_type = 1 = 1 = 1 private service
On May 1, 13:22:53: AAA: analyze name = tty1 BID type =-1 ATS = - 1
On May 1, 13:22:53: AAA: name = tty1 flags = 0 x 11 type = 5 shelf = 0 = 0 = 0 = 1 0 = channel port adapter slot
On May 1, 13:22:53: AAA/MEMORY: create_user (0x44BFCBB8) user = ruser 'NULL' = 'NULL' ds0 = 0 port = "tty1' rem_addr = 'X.X.X.X.' 100authen_type = service ASCII = CONNECTION priv = 1 initial_task_id = '0', vrf = (id = 0)
On May 1, 13:22:53: AAA/AUTHENTIC/START (1597653700): port = "tty1" list = "action = LOGIN = LOGIN service
On May 1, 13:22:53: AAA/AUTHENTIC/START (1597653700): by using the "default" list
On May 1, 13:22:53: AAA/AUTHENTIC/START (1597653700): method = RadiusGrp (RADIUS)
On May 1, 13:22:53: AAA/AUTHENTIC (1597653700): status = GETUSER
It seems that your radius server is not listening on the udp port 1812. Try to use port 1645 and 1646 for RADIUS accounting and authentic/author respectively and also to apply the rules of the firewall to allow traffic on these ports udp.
HTH
"Please note useful posts.
-
Apple G3 TV - I have to re - authorize third party applications regularly
I have several Apple TV G3 with Time Warner Cable in New York. Applications of third party seems to lose the authorization for my TWC on a regular basis - every 2 to 3 months. Given that this is happening on several Apple TV I thought it is a question of TWC, but their support said that hey can not help. I can't find much info with web search on that, but what I found suggested it could happen every time Apple (or provider) updates the applications. Any help on this would be appreciated. Thank you!!
Don't worry about updates; the last one for ATV 3 was safety only in February. The 'apps' on ATV 3 are integrated into the system and can not be updated by the providers. Users have more and more require repeated authorisation. It seems that the content providers or cable companies require that you reconfirm your right of access to these resources.
-
Impossible to authenticate the user to ACS 5.1 with LDAP as identity outdoor store
Hi, I have a server and Open-LDAP running ACS on my corporate network.
Now, I'll set up a new linksys WAP - 54G and select WPA2-Enterprise with ACS as radius server.
the first thing first, I created new internal user to ACS and trying to join the network wireless from my computer. I did it...then I move on an external entity (LDAP server). I set up the sequence of configuration and the LDAP identity, also select the access service. but when I tried to authenticate from my computer, an error has occurred. I received:
the following error 22056 object was not found in the store identities applicable (s)Ask me ' bout this thing, I implemented a cisco router 1841 to become customer of AAA. and surprise... it works!
Yes, there is problems to authenticate to the windows of ACS (pointing to LDAP) platform?
any suggestion?
Thank youHello
Looks like you haven't mschap authentication is enabled on the ldap server. You can use eap - gtc instead, but need you:
1 enable eap - gtc under protocols allowed on your ACS access policy
2. install an eap - gtc "supplicant" on the windows box - if you have a wireless network card intel, the intel proset client supports eap - gtc
This could mean a fair bit of work according to the number/type of wireless clients you have - could be useful on the LDAP mschap authentication activation.
HTH
Andy
Maybe you are looking for
-
We have an iPod Nano 1.0.4 and it does not connect via bluetooth to any device; even apple devices. I finished a software update, reset the unit to the factory settings and rebooted it. The nano is not even connect. The Nano can see other devices a
-
I have a problem with the laptop microphone.
I built in laptop computer microphone and earlier today, that it worked, but for some reason when I go on teamspeak, he tried to register but don't want to, but on my cpu itself, it does not record the sound of the microphone, but I hear it in my hel
-
How can I increase the virtual memory of my pc?
How can I increase the virtual memory of my PC. ?
-
disconnecting from the ad hoc wireless network
I have problems with the ad-hoc wireless network connection. Internet connection is not necessary, I want to just connect two laptops vista to play Civilization4. We had two laptops connected properly for a few days and enjoyed the game. But now the
-
What is the difference between SATA and regular cables?
I am a student in the article so I have a small doubtWhat is the difference between sata cables and normal