Search Results

Search found 6525 results on 261 pages for 'restful authentication'.

Page 102/261 | < Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >

  • Can I use IIS to do ActiveDirectory single-sign-on for another website?

    - by brofield
    I'm trying to add Active Directory single-sign-on support to an existing SOAP server. The server can be configured to accept a trusted reverse-proxy and use the X-Remote-User HTTP header for the authenticated user. I want to configure IIS to be the trusted proxy for this service, so that it handles all of the Active Directory authentication for the SOAP server. Basically IIS would have to accept HTTP connections on port X and URL Y, do all the authentication, and then proxy the connection to a different server (most likely the same X and Y). Unfortunately, I have no knowledge of IIS or AD (so I am trying my best to learn enough to build this solution) so please be gentle. I would assume that this is not an uncommon scenario, so is there some easy way to do this? Is this sort of functionality built into IIS or do I need to build some sort of IIS proxy program myself? Is there a better option for getting the authentication done and the X-Remote-User HTTP header set than requiring IIS? Update: For example, what I am trying to create is: [CLIENT] [IIS] [AD] [SOAP-SERVER] 1. |---------------->| 2. |<--------------->|<---------->| 3. |--------------------------->| 4. |<---------------------------| 5. |<----------------| 1. POST to http://example.com/foo/bar.cgi 2. Client is not authenticated, so do authentication 3. Once validated, send request to server (X-Remote-User: {userid}) 4. Process request, send response 5. Forward response to client I need to know how to configure IIS to do the automatic authentication of the user using AD, and then to proxy the request to the actual server, sending the userid in the X-Remote-User HTTP header.

    Read the article

  • Cisco ASA dropping IPsec VPN between istself and CentOS server

    - by sebelk
    Currently we're trying to set up an IPsec VPN between a Cisco ASA Version 8.0(4) and a CentOS Linux server. The tunnel comes up successfully, but for some reason that we can't figure out, the firewall is dropping packets from the VPN. The IPsec settings in the ASA sre as follows: crypto ipsec transform-set up-transform-set esp-3des esp-md5-hmac crypto ipsec transform-set up-transform-set2 esp-3des esp-sha-hmac crypto ipsec transform-set up-transform-set3 esp-aes esp-md5-hmac crypto ipsec transform-set up-transform-set4 esp-aes esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map linuxserver 10 match address filtro-encrypt-linuxserver crypto map linuxserver 10 set peer linuxserver crypto map linuxserver 10 set transform-set up-transform-set2 up-transform-set3 up-transform-set4 crypto map linuxserver 10 set security-association lifetime seconds 28800 crypto map linuxserver 10 set security-association lifetime kilobytes 4608000 crypto map linuxserver interface outside crypto isakmp enable outside crypto isakmp policy 1 authentication pre-share encryption aes hash sha group 2 lifetime 28800 crypto isakmp policy 2 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto isakmp policy 3 authentication pre-share encryption aes-256 hash md5 group 2 lifetime 86400 crypto isakmp policy 4 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto isakmp policy 5 authentication pre-share encryption aes-192 hash md5 group 2 group-policy linuxserverip internal group-policy linuxserverip attributes vpn-filter value filtro-linuxserverip tunnel-group linuxserverip type ipsec-l2l tunnel-group linuxserverip general-attributes default-group-policy linuxserverip tunnel-group linuxserverip ipsec-attributes pre-shared-key * Does anyone know where the problem is and how to fix it?

    Read the article

  • Test A SSH Connection from Windows commandline

    - by IguanaMinstrel
    I am looking for a way to test if a SSH server is available from a Windows host. I found this one-liner, but it requires the a Unix/Linux host: ssh -q -o "BatchMode=yes" user@host "echo 2>&1" && echo "UP" || echo "DOWN" Telnet'ing to port 22 works, but that's not really scriptable. I have also played around with Plink, but I haven't found a way to get the functionality of the one-liner above. Does anyone know Plink enough to make this work? Are there any other windows based tools that would work? Please note that the SSH servers in question are behind a corporate firewall and are NOT internet accessible. Arrrg. Figured it out: C:\>plink -batch -v user@host Looking up host "host" Connecting to 10.10.10.10 port 22 We claim version: SSH-2.0-PuTTY_Release_0.62 Server version: SSH-2.0-OpenSSH_4.7p1-hpn12v17_q1.217 Using SSH protocol version 2 Server supports delayed compression; will try this later Doing Diffie-Hellman group exchange Doing Diffie-Hellman key exchange with hash SHA-256 Host key fingerprint is: ssh-rsa 1024 aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa Initialised AES-256 SDCTR client->server encryption Initialised HMAC-SHA1 client->server MAC algorithm Initialised AES-256 SDCTR server->client encryption Initialised HMAC-SHA1 server->client MAC algorithm Using username "user". Using SSPI from SECUR32.DLL Attempting GSSAPI authentication GSSAPI authentication initialised GSSAPI authentication initialised GSSAPI authentication loop finished OK Attempting keyboard-interactive authentication Disconnected: Unable to authenticate C:\>

    Read the article

  • Remote Desktop Services Gateway Issue

    - by AVandelay05
    Alright fellow techies here's the rundown. I have installed Server 2008 r2 Remote Dekstop Services on a VM in my network. I installed the following RD role services: RD Session Host, Licensing, Connection Broker, Gateway, Web Access. When I set things up originally, the gateway server and RDWeb worked as it should locally. After getting things running locally (remoteserver.domainname.local) I wanted to test things externally. From the outside, I couldn't get things running (meaning I could connect to rdweb access externally, but when I tried to run an app I would get the message "can't connect/find computer"). Here's my setup for external access The VM has every RD Services role services installed on it, meaning it acts as gateway, rd web access, session host, licensing, the whole bit. I made a self-signed certificate on the gateway server (gateway.domainname.net is the cert name). Internally, I have a secondary forward-lookup zone called domainname.net with an A record gateway pointing to the local IP of the gateway server. On our public DNS (domainname.net) I have an A record gateway. This is to access the RDWeb externally. In IIS I have the following authentication settings RDWeb: All disabled except for anonymous authentication Rpc: All disabled except for basic and windows RpcWithCert: All disbled except for windows authentication I have the necessary web access config in our sonicwall tz210 (https and rdp, external ip pointing to local ip of rds server) RAP and CAP have the correct user and computer groups, authentication, and allowed devices After all of this, here's what happens accessing externally. I can login correctly to RDWeb Access (I've tried a bogus login, I can't login to it so that's working properly). I see the Apps for use. I click on an app, click connect, the credential window opens, I put in the correct user creds, it tries to connect to the gateway server, but then the cred window comes back in view. I tried to reach a limit of failed logins, but never reached one, haha. So from the same external client machine I try to connect to the gateway through a Remote Desktop connection. I put in the correct gateway settings in the RD window, try to connect and get the same results as I did in RDWeb access. I checked the event logs on the RD Services machine and saw the following event IDs around the time I tried to login externally: ID 6037 with the message "The program svchost.exe, with the assigned process ID 2168, could not authenticate locally by using the target name host/gateway.domainname.net. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name. Try a different target name." ID 10 RADWebAccess "RD Web Access was unable to access gateway.domainname.net, which is the server that is specified as running the RemoteApp and Desktop Connection Management service. Ensure that the computer account of the RD Web Access server is a member of the TS Web Access Computers security group on gateway.domainname.net" ID 4625 "An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: Administrator Account Domain: gateway.domainname.net Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: USER-LAPTOP Source Network Address: External IP Source Port: 63125 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols." I don't think the VM has a null SID. The SID of the VM and it's physical host have different SIDS. I can access the blank page for rpc externally using the external gateway name. It seems like authentication is a problem. Also, is it a problem that the external name of the gateway server doesn't match the local name? The external name (which the cert is based on) is gateway.domainname.net and the internal name is remoteserver.domainname.local. That's the only thing I can think of that would be the problem, but the external name has to be different from the local right? Internally, I ping gateway.domainname.net and it gives me the correct local IP of the server. Now, there isn't an actual computer name in AD, but I don't know how I would achieve that? I hope I've been clear....any help would be appreciated. I think I'm close to achieving this. :)

    Read the article

  • Can't access shared drive when connecting over VPN

    - by evolvd
    I can ping all network devices but it doesn't seem that DNS is resolving their hostnames. ipconfig/ all is showing that I am pointing to the correct dns server. I can "ping "dnsname"" and it will resolve but it wont resolve any other names. Split tunnel is set up so outside DNS is resolving fine So one issue might be DNS but I have the IP address of the server share so I figure I could just get to it that way. example: \10.0.0.1\ well I can't get to it that way either and I get "the specified network name is no longer available" I can ping it but I can't open the share. Below is the ASA config : ASA Version 8.2(1) ! hostname KG-ASA domain-name example.com names ! interface Vlan1 nameif inside security-level 100 ip address 10.0.0.253 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address dhcp setroute ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns domain-lookup outside dns server-group DefaultDNS name-server 10.0.0.101 domain-name blah.com access-list OUTSIDE_IN extended permit tcp any host 10.0.0.253 eq 10000 access-list OUTSIDE_IN extended permit tcp any host 10.0.0.253 eq 8333 access-list OUTSIDE_IN extended permit tcp any host 10.0.0.253 eq 902 access-list SPLIT-TUNNEL-VPN standard permit 10.0.0.0 255.0.0.0 access-list NONAT extended permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0 pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 ip local pool IPSECVPN-POOL 10.0.1.2-10.0.1.50 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-621.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list NONAT nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp interface 10000 10.0.0.101 10000 netmask 255.255.255.255 static (inside,outside) tcp interface 8333 10.0.0.101 8333 netmask 255.255.255.255 static (inside,outside) tcp interface 902 10.0.0.101 902 netmask 255.255.255.255 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication enable console LOCAL aaa authentication http console LOCAL aaa authentication serial console LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL http server enable http 10.0.0.0 255.255.0.0 inside http 0.0.0.0 0.0.0.0 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set myset esp-aes esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map dynmap 1 set transform-set myset crypto dynamic-map dynmap 1 set reverse-route crypto map IPSEC-MAP 65535 ipsec-isakmp dynamic dynmap crypto map IPSEC-MAP interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 65535 authentication pre-share encryption aes hash sha group 2 lifetime 86400 telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh 0.0.0.0 0.0.0.0 inside ssh 70.60.228.0 255.255.255.0 outside ssh 74.102.150.0 255.255.254.0 outside ssh 74.122.164.0 255.255.252.0 outside ssh timeout 5 console timeout 0 dhcpd dns 10.0.0.101 dhcpd lease 7200 dhcpd domain blah.com ! dhcpd address 10.0.0.110-10.0.0.170 inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 63.111.165.21 webvpn enable outside svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1 svc enable group-policy EASYVPN internal group-policy EASYVPN attributes dns-server value 10.0.0.101 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn split-tunnel-policy tunnelspecified split-tunnel-network-list value SPLIT-TUNNEL-VPN ! tunnel-group client type remote-access tunnel-group client general-attributes address-pool (inside) IPSECVPN-POOL address-pool IPSECVPN-POOL default-group-policy EASYVPN dhcp-server 10.0.0.253 tunnel-group client ipsec-attributes pre-shared-key * tunnel-group CLIENTVPN type ipsec-l2l tunnel-group CLIENTVPN ipsec-attributes pre-shared-key * ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect icmp ! service-policy global_policy global prompt hostname context I'm not sure where I should go next with troubleshooting nslookup result: Default Server: blahname.blah.lan Address: 10.0.0.101

    Read the article

  • Remote desktop in XP?

    - by vineth
    hi, I have enabled remote desktop in my xp sp3 system, (My problem) if my friend take my system in remote with out my authentication my system is connected to him.but few day before i get authentication message(attached in the below link) but nowadays i am not receiving this dialog box... please provide help to get this authentication dialog box.. Link : http://www.freeimagehosting.net/image.php?f9f04c5e0a.jpg Thanks in advance

    Read the article

  • Authenticate Teamcity against LDAP using StartTLS

    - by aseq
    I am running a 6.5 version of Teamcity on a Debian Squeeze server and I use OpenLDAP to authenticate users. I know I can use LDAPS to be able to use encrypted password authentication, however this has been deprecated by the OpenLDAP developers, see: http://www.openldap.org/faq/data/cache/605.html I would like to know if there is a way to configure LDAP authentication in Teamcity to use StartTLS on port 389. I can't find anything about it here: http://confluence.jetbrains.net/display/TCD65/LDAP+Integration Or here: http://therightstuff.de/2009/02/02/How-To-Set-Up-Secure-LDAP-Authentication-With-TeamCity.aspx

    Read the article

  • how to manage credentials/access to multiple ssh servers

    - by geoaxis
    I would like to make a script which can maintain multiple servers via SSH. I want to control the authentication/authorization in such a manner that authentication is done by gateway and any other access is routed through this ssh server to internal services without any further authentication/authorization requirements. So if a user A can log into server_1 for example. He can then ssh to server_2 without any other authentication and do what ever he is allowed to do on server_2 (like shut down mysql, upgrade it and restart it. This could be done via some remote shell script). The problem that I am trying to solve is to come up with a deployment script for a JavaEE system which involves databases and tomcat instances. They need to be shutdown and re-spawned. The requirement is to have a deployment script which has minimal human interaction as possible for both developers and operation.

    Read the article

  • Cannot access Nagios Web Interface

    - by Dominiqs
    After successfully installing Nagios core 3.4.1 (i also installed plug-in1.4.11) on our linux rhel 5.3 server i cannot login to the nagios web interface.I am running apache 2.2.3 I am using internet explorer 8 and also firefox 3.6.3 When i try to enter the url http//localhost/nagios/ on a desktop (on the same network as the Nagios server)it does seem to like it but if i try http//x.x.x.x/nagios/ (where x.x.x.x is the IP address of my nagios server) it likes it but then the authentication popup appears after entering the password and username(nagiosadmin) it throws the errors below The server x.x.x.x at Nagios access requires a username and password Warning this server is requesting that your username and password be sent in an insecure manner(basic authentication without a secure connection) After a few attempts i get error 401 authentication required error from internet explorer ;this server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials or your browser doesnt understand how to supply the credentials required. Help Please anyone..seems like an authentication issue

    Read the article

  • How to call Office365 web service in a Console application using WCF

    - by ybbest
    In my previous post, I showed you how to call the SharePoint web service using a console application. In this post, I’d like to show you how to call the same web service in the cloud, aka Office365.In office365, it uses claims authentication as opposed to windows authentication for normal in-house SharePoint Deployment. For Details of the explanation you can see Wictor’s post on this here. The key to make it work is to understand when you authenticate from Office365, you get your authentication token. You then need to pass this token to your HTTP request as cookie to make the web service call. Here is the code sample to make it work.I have modified Wictor’s by removing the client object references. static void Main(string[] args) { MsOnlineClaimsHelper claimsHelper = new MsOnlineClaimsHelper( "[email protected]", "YourPassword","https://ybbest.sharepoint.com/"); HttpRequestMessageProperty p = new HttpRequestMessageProperty(); var cookie = claimsHelper.CookieContainer; string cookieHeader = cookie.GetCookieHeader(new Uri("https://ybbest.sharepoint.com/")); p.Headers.Add("Cookie", cookieHeader); using (ListsSoapClient proxy = new ListsSoapClient()) { proxy.Endpoint.Address = new EndpointAddress("https://ybbest.sharepoint.com/_vti_bin/Lists.asmx"); using (new OperationContextScope(proxy.InnerChannel)) { OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = p; XElement spLists = proxy.GetListCollection(); foreach (var el in spLists.Descendants()) { //System.Console.WriteLine(el.Name); foreach (var attrib in el.Attributes()) { if (attrib.Name.LocalName.ToLower() == "title") { System.Console.WriteLine("> " + attrib.Name + " = " + attrib.Value); } } } } System.Console.ReadKey(); } } You can download the complete code from here. Reference: Managing shared cookies in WCF How to do active authentication to Office 365 and SharePoint Online

    Read the article

  • How to call Office365 web service in a Console application using WCF

    - by ybbest
    In my previous post, I showed you how to call the SharePoint web service using a console application. In this post, I’d like to show you how to call the same web service in the cloud, aka Office365.In office365, it uses claims authentication as opposed to windows authentication for normal in-house SharePoint Deployment. For Details of the explanation you can see Wictor’s post on this here. The key to make it work is to understand when you authenticate from Office365, you get your authentication token. You then need to pass this token to your HTTP request as cookie to make the web service call. Here is the code sample to make it work.I have modified Wictor’s by removing the client object references. static void Main(string[] args) { MsOnlineClaimsHelper claimsHelper = new MsOnlineClaimsHelper( "[email protected]", "YourPassword","https://ybbest.sharepoint.com/"); HttpRequestMessageProperty p = new HttpRequestMessageProperty(); var cookie = claimsHelper.CookieContainer; string cookieHeader = cookie.GetCookieHeader(new Uri("https://ybbest.sharepoint.com/")); p.Headers.Add("Cookie", cookieHeader); using (ListsSoapClient proxy = new ListsSoapClient()) { proxy.Endpoint.Address = new EndpointAddress("https://ybbest.sharepoint.com/_vti_bin/Lists.asmx"); using (new OperationContextScope(proxy.InnerChannel)) { OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = p; XElement spLists = proxy.GetListCollection(); foreach (var el in spLists.Descendants()) { //System.Console.WriteLine(el.Name); foreach (var attrib in el.Attributes()) { if (attrib.Name.LocalName.ToLower() == "title") { System.Console.WriteLine("> " + attrib.Name + " = " + attrib.Value); } } } } System.Console.ReadKey(); } } You can download the complete code from here. Reference: Managing shared cookies in WCF How to do active authentication to Office 365 and SharePoint Online

    Read the article

  • IIS Not Accepting Active Directory Login Credentials

    - by Dale Jay
    I have an ASP.NET web form using Microsoft's boilerplate Active Directory login page, set up exactly as suggested. Windows Authentication is activated on the "Default Website" and "MyWebsite" levels, and Domain\This.User is given "Allow" access to the site. After entering the valid credentials for This.User on the web form, a popup window appears asking me to enter my credentials yet again. Despite entering valid credentials for This.User (after attempting Domain\This.User and This.User formats), it rejects the credentials and returns an unauthorized security headers page (error 401.2). Active Directory user This.User is valid, the IP address of the AD server has been verified and SPN's have been set up for the server. Error Code: 0x80070005 Default Web Site security config: <system.web> <identity impersonate="true" /> <authentication mode="Windows" /> <customErrors mode="Off" /> <compilation debug="true" /> </system.web> Sub web site security <authentication mode="Windows"> <forms loginUrl="~/logon.aspx" timeout="2880" /> </authentication> <authorization> <deny users="?" /> <allow users="*" /> </authorization>

    Read the article

  • Config import on network-manager-openvpn

    - by Toki Tahmid
    I'm trying to use a free service using the OpenVPN protocol using OpenVPN's GUI module in the network manager. The config worked perfectly well as .ovpn on Windows. The behavior in Windows is such that I ran OpenVPN GUI and chose to connect to this particular VPN. It would then show the activity in the attempt to connect and opens a dialog box for username/password authentication. I've successfully imported all the configurations by changing the file type to .conf and using the import feature in network manager. However, attempting to connect would simply display the network manager's attempting to connect animation, but ultimately end with a notification of connection timing out. No prompt asking for authentication would appear at all, nor can I find any feature to prefix the authentication details. client dev tun proto tcp remote miami.proxpn.com 443 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key cipher BF-CBC keysize 512 comp-lzo verb 4 mute 5 tun-mtu 1500 mssfix 1450 auth-user-pass reneg-sec 0 # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] Needless to say, but I've downloaded all the required packages for setting up OpenVPN connections. By the way, as you can see above, .key and .crt files location are specified to be in the same directory as the config file. After importing the config file, if were to remove them, would it cause any problem? Note, I haven't removed them, so the problem I'm facing is not due to the absence of these files.

    Read the article

  • SSO between multiple Flex applications

    - by KarthiPk
    We have three applications developed in Flex and all these use BlazeDS. These applications have their own authentication implementations (Database). Also they will be deployed in tomcat. Deploying all these applications in the same tomcat instance is acceptable for us. We want to bring the authentication credentials of all these applications into a single place and also provide SSO feature between these applications. We also want the authentication module to be configurable. Something like the system administrator can decide if the authentication should be done against a database or LDAP. Say, if the user successfully logs into app1, and when he access app2 in the same browser he should be automatically logged in. Same goes for logout as well. We have been exploring OpenAM, jGuard and JOSSO. I'm not sure if these require lot of customization to work with Flex. I would like to know how people are implementing SSO for Flex applications. Is there a common and simple SSO solution available for Flex based applications ?

    Read the article

  • Gnome shell not starting at login, but can start from terminal (Ubuntu 12.04)

    - by Mat Leonard
    I upgraded to Ubuntu 12.04 recently and for some reason it broke Gnome 3. The shell doesn't start up at login. My .xsession-errors looks like this right after I log in: gnome-session[1689]: WARNING: Session 'gnome' runnable check failed: Timed out (gnome-settings-daemon:1744): color-plugin-WARNING **: failed to get edid: unable to get EDID for output (gnome-settings-daemon:1744): color-plugin-WARNING **: unable to get EDID for xrandr-default: unable to get EDID for output (gnome-settings-daemon:1744): color-plugin-WARNING **: failed to reset xrandr-default gamma tables: gamma size is zero ** Message: applet now removed from the notification area ** Message: using fallback from indicator to GtkStatusIcon ** Message: moving back from GtkStatusIcon to indicator Then I can run gnome-shell --replace, the shell starts up and everything works. This is what I get immediately after: Window manager warning: Log level 16: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: An authentication agent already exists for the given subject Window manager warning: Log level 16: Error registering polkit authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: An authentication agent already exists for the given subject (polkit-error-quark 0) (gnome-shell:2442): folks-WARNING **: Failed to find primary PersonaStore with type ID 'eds' and ID 'system'. Individuals will not be linked properly and creating new links between Personas will not work. The configured primary PersonaStore's backend may not be installed. If you are unsure, check with your distribution Also, if I run /usr/lib/nux/unity_support_test -p, everything comes back as Yes and this checks out: OpenGL vendor string: NVIDIA Corporation OpenGL renderer string: GeForce 8300 GS/PCIe/SSE2 OpenGL version string: 3.3.0 NVIDIA 295.40 It isn't a huge problem since I can get gnome shell to work, but it is a little annoying. So, I'd like to fix this. Thanks for your help.

    Read the article

  • Can't mount USB devices, shut down etc. as a user

    - by Alok
    I tried gnome3 and gnome3-staging ppas to test running Gnome 3.8. After a while I decided that Gnome 3.8 wasn't for me, so I did a ppa-purge of both the ppas. As described in gnome3-staging ppa page, I also did: $ sudo apt-get purge libpam-systemd $ sudo apt-get install libpam-xdg-support The trouble is, I can't mount my external USB device anymore. When I try to mount it as a user, it fails: $ udisks --mount /dev/sdc1 Mount failed: Not Authorized I am logged in an XFCE session, but the same thing happens in a fallback Gnome session, or from a Unity session. Also, in XFCE, "suspend" and "shut down" menus are grayed out. I can't also open synaptic package manager from XFCE menus (sudo synaptic works). After a lot of searching, it seems like it is a policykit issue. I see the following in my ~/.xsession-errors: (polkit-gnome-authentication-agent-1:5805): polkit-gnome-1-WARNING **: Unable to determine the session we are in: No session for pid 5805 PID 5805 doesn't exist. If I try to start polkit-dnome-authentication-agent-1 from an xterm, I get the same error (different PID): $ /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 ... (polkit-gnome-authentication-agent-1:15971): polkit-gnome-1-WARNING **: Unable to determine the session we are in: No session for pid 15971 (the ... lines are warnings from GTK about missing css files etc.). polkitd is running: $ pidof polkitd 1495 Is there something I am missing?

    Read the article

  • Spring security - Reach users ID without passing it through every controller

    - by nilsi
    I have a design issue that I don't know how to solve. I'm using Spring 3.2.4 and Spring security 3.1.4. I have a Account table in my database that looks like this: create table Account (id identity, username varchar unique, password varchar not null, firstName varchar not null, lastName varchar not null, university varchar not null, primary key (id)); Until recently my username was just only a username but I changed it to be the email address instead since many users want to login with that instead. I have a header that I include on all my pages which got a link to the users profile like this: <a href="/project/users/<%= request.getUserPrincipal().getName()%>" class="navbar-link"><strong><%= request.getUserPrincipal().getName()%></strong></a> The problem is that <%= request.getUserPrincipal().getName()%> returns the email now, I don't want to link the user's with thier emails. Instead I want to use the id every user have to link to the profile. How do I reach the users id's from every page? I have been thinking of two solutions but I'm not sure: Change the principal to contain the id as well, don't know how to do this and having problem finding good information on the topic. Add a model attribute to all my controllers that contain the whole user but this would be really ugly, like this. Account account = entityManager.find(Account.class, email); model.addAttribute("account", account); There are more way's as well and I have no clue which one is to prefer. I hope it's clear enough and thank you for any help on this. ====== Edit according to answer ======= I edited Account to implement UserDetails, it now looks like this (will fix the auto generated stuff later): @Entity @Table(name="Account") public class Account implements UserDetails { @Id private int id; private String username; private String password; private String firstName; private String lastName; @ManyToOne private University university; public Account() { } public Account(String username, String password, String firstName, String lastName, University university) { this.username = username; this.password = password; this.firstName = firstName; this.lastName = lastName; this.university = university; } public String getUsername() { return username; } public String getPassword() { return password; } public String getFirstName() { return firstName; } public String getLastName() { return lastName; } public void setUsername(String username) { this.username = username; } public void setPassword(String password) { this.password = password; } public void setFirstName(String firstName) { this.firstName = firstName; } public void setLastName(String lastName) { this.lastName = lastName; } public University getUniversity() { return university; } public void setUniversity(University university) { this.university = university; } public int getId() { return id; } public void setId(int id) { this.id = id; } @Override public Collection<? extends GrantedAuthority> getAuthorities() { // TODO Auto-generated method stub return null; } @Override public boolean isAccountNonExpired() { // TODO Auto-generated method stub return false; } @Override public boolean isAccountNonLocked() { // TODO Auto-generated method stub return false; } @Override public boolean isCredentialsNonExpired() { // TODO Auto-generated method stub return false; } @Override public boolean isEnabled() { // TODO Auto-generated method stub return true; } } I also added <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %> To my jsp files and trying to reach the id by <sec:authentication property="principal.id" /> This gives me the following org.springframework.beans.NotReadablePropertyException: Invalid property 'principal.id' of bean class [org.springframework.security.authentication.UsernamePasswordAuthenticationToken]: Bean property 'principal.id' is not readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter? ====== Edit 2 according to answer ======= I based my application on spring social samples and I never had to change anything until now. This are the files I think are relevant, please tell me if theres something you need to see besides this. AccountRepository.java public interface AccountRepository { void createAccount(Account account) throws UsernameAlreadyInUseException; Account findAccountByUsername(String username); } JdbcAccountRepository.java @Repository public class JdbcAccountRepository implements AccountRepository { private final JdbcTemplate jdbcTemplate; private final PasswordEncoder passwordEncoder; @Inject public JdbcAccountRepository(JdbcTemplate jdbcTemplate, PasswordEncoder passwordEncoder) { this.jdbcTemplate = jdbcTemplate; this.passwordEncoder = passwordEncoder; } @Transactional public void createAccount(Account user) throws UsernameAlreadyInUseException { try { jdbcTemplate.update( "insert into Account (firstName, lastName, username, university, password) values (?, ?, ?, ?, ?)", user.getFirstName(), user.getLastName(), user.getUsername(), user.getUniversity(), passwordEncoder.encode(user.getPassword())); } catch (DuplicateKeyException e) { throw new UsernameAlreadyInUseException(user.getUsername()); } } public Account findAccountByUsername(String username) { return jdbcTemplate.queryForObject("select username, firstName, lastName, university from Account where username = ?", new RowMapper<Account>() { public Account mapRow(ResultSet rs, int rowNum) throws SQLException { return new Account(rs.getString("username"), null, rs.getString("firstName"), rs.getString("lastName"), new University("test")); } }, username); } } security.xml <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"> <http pattern="/resources/**" security="none" /> <http pattern="/project/" security="none" /> <http use-expressions="true"> <!-- Authentication policy --> <form-login login-page="/signin" login-processing-url="/signin/authenticate" authentication-failure-url="/signin?error=bad_credentials" /> <logout logout-url="/signout" delete-cookies="JSESSIONID" /> <intercept-url pattern="/addcourse" access="isAuthenticated()" /> <intercept-url pattern="/courses/**/**/edit" access="isAuthenticated()" /> <intercept-url pattern="/users/**/edit" access="isAuthenticated()" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <password-encoder ref="passwordEncoder" /> <jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username, password, true from Account where username = ?" authorities-by-username-query="select username, 'ROLE_USER' from Account where username = ?"/> </authentication-provider> <authentication-provider> <user-service> <user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans> And this is my try of implementing a UserDetailsService public class RepositoryUserDetailsService implements UserDetailsService { private final AccountRepository accountRepository; @Autowired public RepositoryUserDetailsService(AccountRepository repository) { this.accountRepository = repository; } @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { Account user = accountRepository.findAccountByUsername(username); if (user == null) { throw new UsernameNotFoundException("No user found with username: " + username); } return user; } } Still gives me the same error, do I need to add the UserDetailsService somewhere? This is starting to be something else compared to my initial question, I should maybe start another question. Sorry for my lack of experience in this. I have to read up.

    Read the article

  • Setting PIdgin up for Lync2013

    - by Stu2000
    I having difficulty setting up pidgin to work with my company's microsoft 365's communicator lync 2013 (not 2010) account. I either receive a message stating authentication failed, or Incompatible authentication scheme chosen: NTLM depending upon the user agent values used from this wiki It appears that both the user agent values that start with UCCAPI provide authentication failed error, which I'm guessing is "closer" to the solution. I have triple checked that the password is correct. Below are some images of my settings (I have changed the company name to "company" for annonymity. I am running pidgin with a script in order to fix a write error issue: export NSS_SSL_CBC_RANDOM_IV=0 pidgin -d I am also using the latest version of SIPE (1.10.1) by using this ppa: https://launchpad.net/~aavelar/+archive/ppa What settings do I need to change/add to get it to work?

    Read the article

  • HTTP Basic Auth Protected Services using Web Service Data Control

    - by vishal.s.jain(at)oracle.com
    With Oracle JDeveloper 11g (11.1.1.4.0) one can now create Web Service Data Control for services which are protected with HTTP Basic Authentication.So when you provide such a service to the Data Control Wizard, a dialog pops up prompting you to entry the authentication details:After you give the details, you can proceed with the creation of Data Control.Once the Data Control is created, you can use the WSDC Tester to quickly test the service.In this case, since the service is protected, we need to first edit the connection to provide username details:Enter the authentication details against username and password. Once done, select DataControl.dcx and using the context menu, select 'Run'. This will bring up the Tester.On the Tester, select the Service Node and using context menu pick 'Operations'. This will bring up the methods which you can test:Now you can pick a method, provide the input parameters and hit execute to see the results.

    Read the article

  • Sesame update du jour: SL 4, OOB, Azure, and proxy support

    I've just published a new version of Sesame Data Browser. Here's what's new this time: Upgraded to Silverlight 4 Can run out-of-browser (OOB), with elevated permissions. This gives you an icon on your desktop and enables new scenarios. Note: The application is unsigned for the moment. Support for Windows Azure authentication Support for SQL Azure authentication If you are behind a proxy that requires authentication, just give Sesame a new try after clicking on "If you are behind a proxy that...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • NX/SSH remote access with Remmina

    - by Niklas
    After many days and a lot of frustration, I managed to get freenx to work on my home server. I can connect to it with nomachine's linux client, but I want to use Remmina for this purpose. The problem is that I don't exactly know how to connect to a NX-server with the program. In the connection dialog, I've chosen SSH as the protocol, and I've correctly added the IP and port. Under "SSH Authentication" I've added my user name on the server, and I choose "identity file" and selected the ssh-key I generated (which works with nxclient). (When am I supposed to provide my password for the user on the server?) When I try to connect I get the message: SSH public key authentication failed: Public key file doesn't exist Why do I get this message? How shall I proceed correctly to get the authentication working? Thank you for your time!

    Read the article

  • Secure Yourself by Using Two-Step Verification on These 16 Web Services

    - by Chris Hoffman
    Two-factor authentication, also known as 2-step verification, provides additional security for your online accounts. Even if someone discovers your password, they’ll need a special one-time code to log in after you enable two-factor authentication on these services. Notably absent from this list are banks and other financial institutions. It’s a shame that you can use two-factor authentication to protect your in-game currency in an MMORPG, but not the real money in your bank account. Secure Yourself by Using Two-Step Verification on These 16 Web Services How to Fix a Stuck Pixel on an LCD Monitor How to Factory Reset Your Android Phone or Tablet When It Won’t Boot

    Read the article

  • ejabberd won't look at my host_config option

    - by John
    I'm new with ejabberd. What I want is to have a host myhost.domain.com which has an ldap authentication method. This all works fine if i modify the global options in AUTHENTICATION section in my ejabberd.cfg file. I am able to create two clients( defined in my LDAP directory ), and comunicate between them. Like i said, this works fine. But by aplying this authentication method globaly, it means that every hostname that i declare must use that. So i'm looking at {host_config, "myhost.domain.com" ...} But somehow i can't get ejabberd to look at that configuration, it just skips it. If i declare it like: {xhost_config, ...}, than in my ejabberd.log file i get a bad return error( so it knows that the configuration is there, but it won't look at it). Any suggestions? Thanks.

    Read the article

  • Access Control Service v2: Registering Web Identities in your Applications [concepts]

    - by Your DisplayName here!
    ACS v2 support two fundamental types of client identities– I like to call them “enterprise identities” (WS-*) and “web identities” (Google, LiveID, OpenId in general…). I also see two different “mind sets” when it comes to application design using the above identity types: Enterprise identities – often the fact that a client can present a token from a trusted identity provider means he is a legitimate user of the application. Trust relationships and authorization details have been negotiated out of band (often on paper). Web identities – the fact that a user can authenticate with Google et al does not necessarily mean he is a legitimate (or registered) user of an application. Typically additional steps are necessary (like filling out a form, email confirmation etc). Sometimes also a mixture of both approaches exist, for the sake of this post, I will focus on the web identity case. I got a number of questions how to implement the web identity scenario and after some conversations it turns out it is the old authentication vs. authorization problem that gets in the way. Many people use the IsAuthenticated property on IIdentity to make security decisions in their applications (or deny user=”?” in ASP.NET terms). That’s a very natural thing to do, because authentication was done inside the application and we knew exactly when the IsAuthenticated condition is true. Been there, done that. Guilty ;) The fundamental difference between these “old style” apps and federation is, that authentication is not done by the application anymore. It is done by a third party service, and in the case of web identity providers, in services that are not under our control (nor do we have a formal business relationship with these providers). Now the issue is, when you switch to ACS, and someone with a Google account authenticates, indeed IsAuthenticated is true – because that’s what he is! This does not mean, that he is also authorized to use the application. It just proves he was able to authenticate with Google. Now this obviously leads to confusion. How can we solve that? Easy answer: We have to deal with authentication and authorization separately. Job done ;) For many application types I see this general approach: Application uses ACS for authentication (maybe both enterprise and web identities, we focus on web identities but you could easily have a dual approach here) Application offers to authenticate (or sign in) via web identity accounts like LiveID, Google, Facebook etc. Application also maintains a database of its “own” users. Typically you want to store additional information about the user In such an application type it is important to have a unique identifier for your users (think the primary key of your user database). What would that be? Most web identity provider (and all the standard ACS v2 supported ones) emit a NameIdentifier claim. This is a stable ID for the client (scoped to the relying party – more on that later). Furthermore ACS emits a claims identifying the identity provider (like the original issuer concept in WIF). When you combine these two values together, you can be sure to have a unique identifier for the user, e.g.: Facebook-134952459903700\799880347 You can now check on incoming calls, if the user is already registered and if yes, swap the ACS claims with claims coming from your user database. One claims would maybe be a role like “Registered User” which can then be easily used to do authorization checks in the application. The WIF claims authentication manager is a perfect place to do the claims transformation. If the user is not registered, show a register form. Maybe you can use some claims from the identity provider to pre-fill form fields. (see here where I show how to use the Facebook API to fetch additional user properties). After successful registration (which may include other mechanisms like a confirmation email), flip the bit in your database to make the web identity a registered user. This is all very theoretical. In the next post I will show some code and provide a download link for the complete sample. More on NameIdentifier Identity providers “guarantee” that the name identifier for a given user in your application will always be the same. But different applications (in the case of ACS – different ACS namespaces) will see different name identifiers. This is by design to protect the privacy of users because identical name identifiers could be used to create “profiles” of some sort for that user. In technical terms they create the name identifier approximately like this: name identifier = Hash((Provider Internal User ID) + (Relying Party Address)) Why is this important to know? Well – when you change the name of your ACS namespace, the name identifiers will change as well and you will will lose your “connection” to your existing users. Oh an btw – never use any other claims (like email address or name) to form a unique ID – these can often be changed by users.

    Read the article

  • Product Support Webcast for Existing Customers: Security Scenarios with Oracle WebCenter Content

    - by John Klinke
    Learn how user authentication and authorization is now implemented in Oracle WebCenter Content by attending this 1-hour Advisor Webcast "Security Scenarios with WebCenter Content" on September 27, 2012 at 11:00am Eastern (16:00 UK / 17:00 CET / 8:00am Pacific / 9:00am Mountain) This 1-hour session is recommended for technical and functional users of Oracle WebCenter Content. In this session, we will explain how user authentication and authorization is implemented in WebCenter Content 11g as well as ways that single sign-on (SSO) can be used. Topics will include: - How authentication and authorization was handled in previous WebCenter Content Server versions - The WebLogic Server mechanisms now used to provide user access and content security - Dealing with external and internal users - Overview of the WebLogic Server LDAP provider configuration - How to differentiate Roles and Accounts - WebCenter Content credential mapping - Single Sign-on (SSO) - SAML and Kerberos Register now at http://bit.ly/PH7zDj

    Read the article

< Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >