Secure ACS Authentication and Authorization with SecurID

I am able to authenticate connection attempts using an external database (RSA SecurID).  The problem is that everyone with a token is authorized to connect on any switch with priv15 or whatever I put (but no way to control who gets what access).  How can I allow users based on a certain type of belonging to a group?  The SecurID server is already integrated with LDAP, it only checks to see if the user exists in the database.

I need to create two groups, or even only allow a single group and deny everyone, but anyone in the organization with a token is allowed to connect.  I can't find guides who do anything beyond authentication when you use a SecurID token.

Thank you.

Hello

Have routers and switches, you given the command "authorization exec default group aaa GANYMEDE", it seems that you have only defined authentication on devices. When the control is in place, user access privileges may be governed by the ACS. In network administrator access by default policy (if you are using the default strategy for GANYMEDE), to set the authorization rule to verify membership in a user group and provide the appropriate profile of shell. Make the default rule to give DenyAccess shell profile to other users.

Tags: Cisco Security

Similar Questions

  • Urgent - Custom authentication and authorization for the application of the ADF

    Hi friends,

    Custom implementation for authentication and authorization for the application of the ADF

    My project to use the OID , authentication and authorization, we will need to support both OAM and DB tables ( according to the preferences of the client during the installation ).

    I am new to this and do not have a clue about the same.

    Please guide me how to set up both in JDeveloper 11 g + ADF

    Thanks in advance.

    The answers you got up to present every point in the right direction. ADF security see the authentication of WLS, even for business authorization with respect to user roles defined on the WLS server. During the deployment, ADF security defined application roles are mapped to the user enterprise groups

    Application developed using Jdeveloper ADF +.

    This would use WLS for authentication

    Users of authentication - LDAP (OID) - are stored in LDAP

    Use the OID authentication provider in WLS

    Authorization - OAM or database (authorization details are stored in the DB or OAM tables)

    You can't allow users without authentication. If you need create authentication providers additional if they exist for OAM and RDBMS (there is a supplier of existing RDBMA, that you can use to identify users and to assign membership user groups). Then, you set the optional flag so that when authentication fails for additional providers you can always start the application.

    When running Admin users - create users from roles to create and assign permission privileges to the role (for pages and workflows)
    assign (or remove) the roles to/to leave users.

    ADF security uses JAAS to permissions that you can change using Enterprise Manager when running. Permissions are granted to the application roles and application roles are granted to business roles that which then has users become members of the. If you want to change the status of user account, then you don't do this the ADF or EM, but use a direct access to the provider of the user (for example, access OID, RDBMS access etc.) There is no unified administration API available that would allow you to do this via WLS (which uses OPSS).

    If your question is in the context of the ADF, the documentation, with that you should follow is OPSS and WLS authentication providers.

    Frank

  • authentication and authorization

    Hello

    We currently lack of several Oracle databases in 2 separate servers - with APEX installed in each database. About authentication (authorization) and we have created a pattern 'user' for each of these databases, then one or more tables for requests for authorization under the table "user". In each of these tables in different databases user, we have a single column to store the name of each user Oracle database account, also 2 columns (username and hashed password) and another column to record his Microsoft Active Directory account name for custom authentication. In this way, different applications using the same schema can use a different way to the authentication method.

    The problem is that, for different databases, we had to create at least a 'user' table or the schema for each database because there are a lot of other tables that refer to the PERS_PK. Is an elegant solution for implementing a solution of a store for the repository of user? Again, we must not only authentication and authorization, we also have tables in the different schema and different databases that refer to these PERS_PK.

    Thank you.
    Andy

    Hello Andy,

    That is right. As previously mentioned, a FK works only with objects that are located in the same database instance.
    Regarding option 2, bi-directional updates are usually difficult to manage. If you can't make it master / slave somehow, you better use the first option.

    -Udo

  • packages and custom DB for authentication and authorization tables

    I would like to build custom for my APEX 4.1 application authentication.
    I need only a few basic actions and features.
    My idea:
    on these tables the tables USER, ROLES, the USER_ROLES and some package of action and pages (create user, grant the role, authenticate, change password, activate/deactivate the account etc...)

    Before starting to write this litle "authentication framework", that I would like to ask you if you know existing solutions.

    I would use some existing framework, checked the solution and save time :-)

    Thanks for some tips...

    No. I have not found an existing solution. I have developed my own simple solution for authentication and authorization.

    I recommend you do the same thing.

  • GANYMEDE + authentication and authorization on IOS XR

    Hi all

    I tried to connect several devices IOS - XR on our laboratory (ASR, RSG and CRS) to our server GANYMEDE + (Cisco Secure ACS, release 4.2 (0)). The objective is that the GANYMEDE would achieve authentication authorization and control the user for all CLI connection non-console (telnet and SSH) types. I don't use any HTTP server to access devices and I want to keep the connection to the console to the powers the.

    I have several devices connected to this GANYMEDE with the following configuration related to AAA. I would like to implement the same principles on the IOS - XR, but given that the command structure is different and I could not understand how to do this using the Manuel, I need your expert help:

    AAA new-model

    !

    !

    AAA Ganymede Server + acs servers group

    Server

    !

    AAA authentication login default local

    AAA authentication login local_vty local

    AAA authentication local console connection

    AAA authentication login acs acs-servers-group local group

    AAA authorization exec default group Ganymede +.

    AAA authorization commands 15 acs_cmds group Ganymede +.

    AAA authorization commands 15 local_cmds no

    !

    !

    !

    !

    !

    AAA - the id of the joint session

    !

    Saute...

    !

    username * secret privilege 15 5 *.

    !

    Saute...

    !

    GANYMEDE server host 7 key

    RADIUS-server application made

    !

    Saute...

    !

    Line con 0

    StopBits 1

    line to 0

    StopBits 1

    line vty 0 4

    exec-timeout 0 0

    privilege level 15

    authorization orders 15 acs_cmds

    DCC connection authentication

    preferred transport telnet

    transport of entry all

    line vty 5 15

    exec-timeout 0 0

    * Note: Device to IOS - XR run versions 4.1.2 and 4.2.0

    Many thanks for any help that you could provide

    Lior

    Lior,

    You must return the task ID and/or groups of task in order to make this work. According to my experience, working with these platforms is it is really unnecessary to proceed with approval of order if you trust the task-ID/groups, which are integrated in the ASR.

    The flow for Ganymede command auth for these devices is a bit different than your IOS essentially traditional (unless something has changed in the last 6 months), if the user tries to run a command, the Ganymede auth command is triggered if the user executes a command that falls under the umbrella of task. If she's not here command permission is never triggered.

    Here are some documents that I feel will help you:

    https://supportforums.Cisco.com/docs/doc-15944

    Thank you

    Tarik Admani
    * Please note the useful messages *.

  • Secure ACS unit and Remote Agents

    Hello

    We test Secure ACS 3.2 device and authentication against AD via remote agents. When two or more remote agents are registered with the device in the network menu, is the pretty smart device to try the second machine remote agent if she can't talk to the first? We tested this failover by stopping the service of the remote agent on the first domain controller where it has been installed. However, failover does not occur. We want to know if this failover is supposed to work, and if so what we need to do to make it work.

    Yoshi Nagase

    Hello

    I implement a solution similar to yours... 2 ACS unit with 2 Remote Agent...

    I set the remote agents on the Network Configuration and the external user DB - database of Windows - Windows Remote selection of the Agent.

    In this menu the value primary and secondary Remote Agent

    HTH

    Omar

  • order of the authentication and authorization air ISE

    Hello

    I am looking to configure ISE to authenticate joined AD PC (Anyconnect NAM help for user authentication and the machine with the EAP chaining) and profile Cisco IP phones. The Pc and phones connect on the same switchport. The switchport configuration was:

    switchport
    switchport access vlan 102
    switchport mode access
    switchport voice vlan 101
    authentication event fail following action method
    multi-domain of host-mode authentication
    authentication order dot1x mab
    authentication priority dot1x mab
    Auto control of the port of authentication
    MAB
    added mac-SNMP trap notification change
    deleted mac-SNMP trap notification change
    dot1x EAP authenticator

    The configuration above worked well with authentication sessions 'show' of the switch showing dot1x as the method to the field of DATA and mab for VOICE. I decided to reverse the order of authentication/priority on the interface of the switch so that the phone would be authenticated first by mab. As a result, the authentication sessions 'show' of the switch showing mab as a method for both VOICE and DATA.

    To avoid this I created a permission policy on ISE to respond with an "Access-Reject" when the "UseCase = Lookup host" and the endpoint identity group was unknown (the group that contains the PC AD). This worked well worked - the switch would attempt to authenticate the PC and phone with mab. When an "Access-Reject" has been received for the PC, the switch would pass to the next method and the PC would be authenticated using dot1x.

    The only problem with this is that newspapers soon filled ISE with denys caused by the authorization policy - is possible to realize the scenario above without affecting the newspapers?

    Thank you
    Andy

    Hi Andy -.

    Have you tried to have the config in the following way:

     authentication order mab dot1x authentication priority dot1x mab

    This "order" will tell the switchport always start with mab , but the keyword 'priority' will allow the switchport to accept the authentications of dot1x to dot1x devices.

    For more information see this link:

    http://www.Cisco.com/c/en/us/products/collateral/iOS-NX-OS-software/identity-based-networking-service/application_note_c27-573287.html

    Thank you for evaluating useful messages!

  • Authentication and authorization JPSUserProvider at the University Complutense of MADRID 11g

    Hello

    Can someone direct me on where I can find more information on JPSUserProvider. Documentation of the Complutense University of MADRID just mentions that JPSUserProvider is configured in the UCM by default and used for authentication, the authorization. In another document that it is mentioned that UCM 11 g has nothing to do with the authentication of the user, all the authentication will be supported by Weblogic and SSO must be configured against weblogic. If SSO is configured and an external LDAP is used as a user store in weblogic, I need to make changes to the AAU? I want to know the role JSPUserProvider plays in the University Complutense of MADRID and the series of events that take place after the user enters the credentials to < Server >: < port > / cs/login/login.htm.
    Any help in pointing the right resources is appreciated.

    Thank you
    Shyam

    Sometimes, you don't have no need to make changes, but other times, you may need to update the map attribute, the delimiter of account permissions, default roles and/or accounts. Occasionally, an ID card is applied to translate incoming AD group names to match the role names and/or account UCM.

    Meet real external LDAP permissions is made via the WLS, but the JPSProvider does the work of extracting data from WLS in object UserData of the AAU.

    -ryan

  • Cisco ACS 5.2 authentication and authorization processes

    I am designing a network and I asked me a few questions that I don't know how respond to those so I thought putting it in the forum to see if I can get help.

    First, thank you very much for reading this post and thank you if you can add comments to help out me.

    installation program:

    Two ACS on each center data in Server and application to the switches by dc + hybrid mode the Ganymede and fold to the other on the failure scenario.

    ACS - version 5.2 planning upgrade to 5.8, if she is stable.

    Result of the will

    If users fails authentication AD then it should be rejected.

    If defective AD on ACS and ACS needs to check the other ACS and other ACS has connection AD, then it should demand more diver ACS...

    I'm sure it is not possible, but that it was the main application... I disputed so now the new request

    If AD fails ACS should fall back to the local database. If the local database is not authenticte then it should allow to switch to interrogate the same request of ACS secondary rather then to reject the application.

    Litt: local database is reserved for the network admin but maybe some contractor need to access switches and other devices and they will have the entry in listing so if fails AD, they can always authenticates agaist DC2 AD via DC2 ACS.

    I think to set up

    Authentication rule 1 - authenticate again AD,

    If authentication failed - Reject

    If usernot has been found - reject

    If the process failed - continue

    This should take by default which will be the internal database.

    If authentication failed - Reject

    If the user has not found - drop

    If the process failed - drop

    This should give no answer to switch and then switch should try the second radius server in the list...

    Please someone explain this flow chart for me... and it's correct assumptions...

    I would like to know if there are a few good diagram that I can refer to see the whole process and can use in my presentation...

    Thank you very much for reading and you answer it...

    Hello

    I'm not sure I get your question, but I will try to answer in the way that I understood.

    If you send a drop as a result, this means that ACS deposited the request, causing the AAA client to try again another failure on toward another AAA server.

    A tree had fallen on the community a few years ago:

    (https://supportforums.cisco.com/discussion/11811801/aaa-servers#3931298)

    I hope that's what you are pregnant.

  • 4.2 ACS authentication and exec flank on router Test mode.

    The goal is to have GBA authenticate my username via ssh and let me go once authenticated privileged exec mode. Details below.

    I have ACS Solution engine 4.2 and I have a router to test with the following commands:

    AAA new-model

    AAA authentication login default group Ganymede + local

    AAA - the id of the joint session

    RADIUS-server host 10.4.4.21 single-connection

    RADIUS-server key $# $& $* #.

    The problem is the following. I can't SSH and login to the router using a user in the database of the CSA but the router does not allow me to use the enable command in exec mode. The error it gives me is:

    AAA_ROUTER_CLIENT > activate

    % Authentication failure.

    AAA_ROUTER_CLIENT >

    I must be missing something in the ACS. Any help would be appreciated.

    You are missing this command

    AAA authorization exec default group Ganymede + authenticated if

    That's what you need on router

    Router (config) # username [username] password]

    GANYMEDE-host [ip]

    radius-server [key] key

    AAA new-model

    AAA authentication login default group Ganymede + local

    AAA authorization exec default group Ganymede + authenticated if

    The GBA

    Bring to users/groups at level 15

    1. go to the user or to set up groups of ACS

    2 down until "settings GANYMEDE +".

    3. check "Shell (Exec).

    4 check 'Privilege level' and enter '15' in the adjacent field

    Kind regards

    ~ JG

    Note the useful messages

  • ACS 5.3 authorization with Juniper ROB-3400

    In the process of migrating to ACS 4.1 to 5.3 ACS. Authentication works fine, but problems with permission on devices from Juniper ROB-3400. ACS 4.1 we were passing of custom attributes GANYMEDE + Shell (exec) privilege level = 15, which allows the user to open a session with read/write privileges. ACS 5.3 tried defining the common task of profiles of Shell at 15 for default and Maximum (a both and together), but also to define the custom attributes for priv-lvl = 15 (with or without set of common tasks).

    A capture shows Auth status: 0 x 11 (ERROR).

    Any ideas?

    Thanks in advance!

    I see...

    If you look at the request for leave... He is only sending Arg [0] value: service = shell and did not send "cmd =" arg. According to project T + if the service is shell, 'cmd' attribute must be sent in Q.

    http://tools.ietf.org/html/draft-grant-tacacs-02

    cmd

    a shell (exec) command. This indicates the command name for a shell

    command to be executed. This attribute MUST be specified if ser-

    Vice is equal to the "shell". A NULL value indicates that the tank itself is

    being referred to.

    Now you must think why she works with GBA 4.x and all simply not with ACS 5.x

    ACS 4.x is not check the presence of cmd and process cmd = and not cmd as even, ACS 5.x is stricter

    I've seen what happens with various devices of party 3rd as bluecoat, store area and now Juniper.

    You need to involve the support or development of Juniper team to get a fix for that Q permission should contain cmd =

    It will be useful.

    Jatin kone

    -Does the rate of useful messages-

  • Different authentication and authorization providers

    JDeveloper 11.1.1.7

    Hello

    Not sure if I'm posting in the right forum but here goes.

    We use ADF security and so far we have always had the user and roles in the same AD / LDAP.

    We now have a requirement for authentication via the AD / LDAP but approval of our application.

    We believe that we should be able to use SQL permission but we do not know how to configure things for authentication via AD / LDAP and

    authorization via SQL or something.

    Can anyone help?

    TIA

    Paul

    This should be possible. Look at http://www.onjava.com/excerpt/weblogic_chap17/index1.html , which gives an overview of the various suppliers.

    You should ask this question in the web space of logical security WebLogic Server - security

    Timo

  • separate authentication and authorization for Active directory groups

    Hi all

    After a long search and failure, I write the question.

    I use apex oracle 4.2 on windows server 2012 on oracle 12 c, all 64 bits.

    We have configured Microsoft Active directory with LDAP.

    in LDAP, we have a core group which is say A and an is down there students and the two groups.

    According to the staff, there are many other groups and students, there are a lot of groups.

    I created a mobile application, it has a main page that is publicly accessible without username and password.

    in this home page, I have a list that contains two elements, personnel and another is a student.

    When one of the list item, the login screen appears.

    now I want to control when the user clicks on the staff list, only personnel should be authenticated.

    If the end user is a student, it doesn't have to be authenticated.

    the same goes for the student list item, if the end-user click on list of students, only students must be authenticated.

    someone please guide me, I'm failed in research and testing.

    Thank you.

    Kind regards.

    Hi Maahjoor,

    Try this (it is written all the attributes for the user) by logging in to your schema to SQL Developer:

    DECLARE

  -- Adjust as necessary.
  l_ldap_host    VARCHAR2(256) := 'hct.org';
  l_ldap_port    VARCHAR2(256) := '389';
  l_ldap_user    VARCHAR2(256) := 'cn=hct\itnew';
  l_ldap_passwd  VARCHAR2(256) := 'itnew';
  l_ldap_base    VARCHAR2(256) := 'DC=hct,DC=org';

  l_retval       PLS_INTEGER;
  l_session      DBMS_LDAP.session;
  l_attrs        DBMS_LDAP.string_collection;
  l_message      DBMS_LDAP.message;
  l_entry        DBMS_LDAP.message;
  l_attr_name    VARCHAR2(256);
  l_ber_element  DBMS_LDAP.ber_element;
  l_vals         DBMS_LDAP.string_collection;

BEGIN

  -- Choose to raise exceptions.
  DBMS_LDAP.USE_EXCEPTION := TRUE;

  -- Connect to the LDAP server.
  l_session := DBMS_LDAP.init(hostname => l_ldap_host,
                              portnum  => l_ldap_port);

  l_retval := DBMS_LDAP.simple_bind_s(ld     => l_session,
                                      dn     => l_ldap_user||','||l_ldap_base,
                                      passwd => l_ldap_passwd);

  -- Get all attributes
  l_attrs(1) := '*'; -- retrieve all attributes
  l_retval := DBMS_LDAP.search_s(ld       => l_session,
                                 base     => l_ldap_base,
                                 scope    => DBMS_LDAP.SCOPE_SUBTREE,
                                 filter   => l_ldap_user,
                                 attrs    => l_attrs,
                                 attronly => 0,
                                 res      => l_message);

  IF DBMS_LDAP.count_entries(ld => l_session, msg => l_message) > 0 THEN
    -- Get all the entries returned by our search.
    l_entry := DBMS_LDAP.first_entry(ld  => l_session,
                                     msg => l_message);

    << entry_loop >>
    WHILE l_entry IS NOT NULL LOOP
      -- Get all the attributes for this entry.
      DBMS_OUTPUT.PUT_LINE('---------------------------------------');
      l_attr_name := DBMS_LDAP.first_attribute(ld        => l_session,
                                               ldapentry => l_entry,
                                               ber_elem  => l_ber_element);
      << attributes_loop >>
      WHILE l_attr_name IS NOT NULL LOOP
        -- Get all the values for this attribute.
        l_vals := DBMS_LDAP.get_values (ld        => l_session,
                                        ldapentry => l_entry,
                                        attr      => l_attr_name);
        << values_loop >>
        FOR i IN l_vals.FIRST .. l_vals.LAST LOOP
          DBMS_OUTPUT.PUT_LINE('ATTIBUTE_NAME: ' || l_attr_name || ' = ' || SUBSTR(l_vals(i),1,200));
        END LOOP values_loop;
        l_attr_name := DBMS_LDAP.next_attribute(ld        => l_session,
                                                ldapentry => l_entry,
                                                ber_elem  => l_ber_element);
      END LOOP attibutes_loop;
      l_entry := DBMS_LDAP.next_entry(ld  => l_session,
                                      msg => l_entry);
    END LOOP entry_loop;
  END IF;

  -- Disconnect from the LDAP server.
  l_retval := DBMS_LDAP.unbind_s(ld => l_session);
  DBMS_OUTPUT.PUT_LINE('L_RETVAL: ' || l_retval);

END;
/

    NOTE: The DN parameter on line 29 requires exact unique name for the user. In addition, on line 37 to filter, you can use username i.e. "cn = firstname.lastname."

    You can specify a specific attribute must be extracted from the user in order by changing line 33 of the:

    l_attrs(1) := '*';

    TO

    l_attrs(1) := 'title';

    Then you can write a function based on above the code to extract the attribute LDAP user as follows:

    create or replace function fnc_get_ldap_user_attr_val ( p_username in varchar2
                                                      , p_password in varchar2
                                                      , p_attrname in varchar2 )
return varchar2
as

  -- Adjust as necessary.
  l_ldap_host    VARCHAR2(256) := 'hct.org';
  l_ldap_port    VARCHAR2(256) := '389';
  l_ldap_user    VARCHAR2(256) := 'cn='||p_username;
  l_ldap_passwd  VARCHAR2(256) := p_password;
  l_ldap_base    VARCHAR2(256) := 'DC=hct,DC=org';

  l_retval       PLS_INTEGER;
  l_session      DBMS_LDAP.session;
  l_attrs        DBMS_LDAP.string_collection;
  l_message      DBMS_LDAP.message;
  l_entry        DBMS_LDAP.message;
  l_attr_name    VARCHAR2(256);
  l_attr_value   VARCHAR2(256);
  l_ber_element  DBMS_LDAP.ber_element;
  l_vals         DBMS_LDAP.string_collection;

BEGIN

  -- Choose to raise exceptions.
  DBMS_LDAP.USE_EXCEPTION := TRUE;

  -- Connect to the LDAP server.
  l_session := DBMS_LDAP.init(hostname => l_ldap_host,
                              portnum  => l_ldap_port);

  l_retval := DBMS_LDAP.simple_bind_s(ld     => l_session,
                                      dn     => l_ldap_user||','||l_ldap_base,
                                      passwd => l_ldap_passwd);

  -- Get specific attributes
  l_attrs(1) := p_attrname;
  l_retval := DBMS_LDAP.search_s(ld       => l_session,
                                 base     => l_ldap_base,
                                 scope    => DBMS_LDAP.SCOPE_SUBTREE,
                                 filter   => l_ldap_user,
                                 attrs    => l_attrs,
                                 attronly => 0,
                                 res      => l_message);

  IF DBMS_LDAP.count_entries(ld => l_session, msg => l_message) > 0 THEN
    -- Get all the entries returned by our search.
    l_entry := DBMS_LDAP.first_entry(ld  => l_session,
                                     msg => l_message);

    << entry_loop >>
    WHILE l_entry IS NOT NULL LOOP
      -- Get all the attributes for this entry.
      DBMS_OUTPUT.PUT_LINE('---------------------------------------');
      l_attr_name := DBMS_LDAP.first_attribute(ld        => l_session,
                                               ldapentry => l_entry,
                                               ber_elem  => l_ber_element);
      << attributes_loop >>
      WHILE l_attr_name IS NOT NULL LOOP
        -- Get all the values for this attribute.
        l_vals := DBMS_LDAP.get_values (ld        => l_session,
                                        ldapentry => l_entry,
                                        attr      => l_attr_name);
        << values_loop >>
        FOR i IN l_vals.FIRST .. l_vals.LAST LOOP
          DBMS_OUTPUT.PUT_LINE('ATTIBUTE_NAME: ' || l_attr_name || ' = ' || SUBSTR(l_vals(i),1,200));
          l_attr_value := l_vals(i);
        END LOOP values_loop;
        l_attr_name := DBMS_LDAP.next_attribute(ld        => l_session,
                                                ldapentry => l_entry,
                                                ber_elem  => l_ber_element);
      END LOOP attibutes_loop;
      l_entry := DBMS_LDAP.next_entry(ld  => l_session,
                                      msg => l_entry);
    END LOOP entry_loop;
  END IF;

  -- Disconnect from the LDAP server.
  l_retval := DBMS_LDAP.unbind_s(ld => l_session);
  DBMS_OUTPUT.PUT_LINE('L_RETVAL: ' || l_retval);
  DBMS_OUTPUT.PUT_LINE('Attribute value: ' || l_attr_value);

  return l_attr_value;

END fnc_get_ldap_user_attr_val;
/

    Then create an Application AI_USER_AD_TITLE tell you item request-> shared components.

    Create following procedure to define the point of application on the connection of the user in your APEX application:

    create or replace procedure ldap_post_auth
as

  l_attr_value varchar2(512):

begin

  l_attr_value := fnc_get_ldap_user_attr_val ( p_username => apex_util.get_session_state('P101_USERNAME')
                                             , p_password => apex_util.get_session_state('P101_PASSWORD')
                                             , p_attrname => 'title' );

  apex_util.set_session_state('AI_USER_AD_TITLE', l_attr_value);

end ldap_post_auth;

    Change the "name of procedure after authentication' in your 'ldap_post_auth' authentication scheme

    Then modify the process in charge on your homepage to your application of PORTALS to:

    begin

    if :AI_USER_AD_TITLE = 'Student' then
        apex_util.redirect_url(p_url=>'f?p=114:1');
    else
        apex_util.redirect_url(p_url=>'f?p=113:1');
    end if;

end;

    I hope this helps!

    Kind regards

    Kiran

  • What is the authentication and authorization mechanism in Oracle EBS 12.2?

    12.2 EBS is based on weblogic server, does this mean that he uses the weblogic users?

    The purpose of the use of Weblogic is explained in:

    Installation guide for Oracle E-Business Suite

    https://blogs.Oracle.com/stevenChan/entry/glimpses_of_e_business_suite

    Authentication is done via the FND_USER and FND_ORACLE_USERID tables.

    http://ETRM.Oracle.com/pls/ETRM/etrm_pnav.show_object?c_name=FND_USER&c_owner=APPLSYS&c_type=table

    http://ETRM.Oracle.com/pls/ETRM/etrm_pnav.show_object?c_name=FND_ORACLE_USERID&c_owner=APPLSYS&c_type=table

    Thank you

    Hussein

  • After authentication and authorization modules?

    I created the RDBMS on WLS security provider. Political roles are defined in the file jazn-"Data.xml" of the application. But after cutting (the login page is plain html) how to know which user is connected? How to get the user information (user name could do)

    Hello

    Try

    #{securityContext.userName}
{code}
Pedja

Maybe you are looking for

  • Password lost - HELP...

    Hi all Several years ago I subscribed to a family with 5 e-mail addresses Pack and connect to iTunes etc, things have changed since then, but my wife was still able to use his e-mail address and connection iTunes until February 15 when she tried to g

  • Please wait while windows configures the microsoft broadband network

    Whenever I turn my laptop on a Microsoft Broadband Networking window appears saying "Please wait while windows configures microsoft broadband networking" and then the green status bar stops about 1/3 of the way and if I try to open any programs that

  • Hi HP Touchsmart screen empty even not the up cursor shows, please help

    I have a HP touch smart pc, when I got to turn on tonight looks like it's going to load, but just gray screen, nothing shows at all, the cursor is not visible. I tried pressing F8 to try to start in safe mode, but nothing showed up, I then tried to l

  • material withdrawal safely now show removal of the hub, but not every hard drive

    I have windows 7 64 bit, recently installed on my laptop. I use a D - link DUB-7 (7 ports hub) to fix the keyboard, pen, and hard drives. At first 'Safe hardware removal' has allowed the removal of each hard drive and also powered the hub down when t

  • dynamic measures do not work on specific pages on Firefox or Chrome

    I have a situation where I have dynamic actions on multiple pages of an application.  I found that the dynamic actions work very well on all browsers for some pages, but for 2 pages, the work of the dynamic actions in Internet Explorer, but do not wo