Search Results

Search found 3150 results on 126 pages for 'administrator'.

Page 21/126 | < Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28  | Next Page >

  • MSI Arguments for installation

    - by Alex Zmaczynski
    Does anyone know where to find various arguments for msi's, such as installing/running as administrator, or restart after installation. I am trying to push out an msi update through group policy, but after testing the msi I found out that it needs to be run as administrator to install, and that for it to begin working fully the computer needs to be rebooted. Any help would be greatly appreciated. Thank you.

    Read the article

  • File permissions in Windows XP

    - by user23950
    Is there any software that can be installed in Windows XP to set file permissions for guest accounts? So that they would have to input a valid administrator password first before they can access the file? I've seen a feature like this in Ubuntu, wherein even the administrator has to input the password over and over just to access a certain drive. But I need it in Windows XP.

    Read the article

  • Not able to access the server after changing the password? [closed]

    - by cyrilsebastian
    While accessing the server, the error comes: Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again. I am logging in from Administrator in XP machine, able to access server from other machines. Is there any problem with administrator profile??

    Read the article

  • Joomla's extplorer + SSL seems to be broken

    - by Mike
    Our corp site lives on top of Joomla 1.5.3. In order to secure the administrative access, we implemented a redirect that when asking for the admin login page, you are redirected to the same URL, via SSL (http://site/administrator -- https://site/administrator ) Everything seems to work just fine, login and admin session is encrypted, but when running the extPlorer extension, the left sidebar loads, the main frame sticks at "Loading..." for ever. Removing SSL redirection works fine, but isn't what we desire.

    Read the article

  • Visual Studio has insufficient privileges to debug this process. To debug this process, Visual Studi

    - by ritu-kothari
    I have developed a windows service and this is service is running on my local computer under my account. When I try to debug this service by attaching this as a process in visual studio 2008 I get “Unable to attach to the process. Visual Studio has insufficient privileges to debug this process. To debug this process, Visual Studio must be run as an administrator.” I have logged in to my system as administrator and so when VS 2008 is launched it is running as administrator not sure why I get this error. I am using Windows XP Pro sp3

    Read the article

  • TeamCity GitHub Private Key Access Denied

    - by Chance Robertson
    Does anyone know of a tutorial for using TeamCity with github with ssh private keys. I have tried to set up git hub to connect and I either get a authentication error or get access denied. I am running TeamCity on Windows 2003. I am running the build agent as a custom account. I am running the web server under the administrator account. I have create a key for the custom account and administrator account. I now get an error that: The connection test failed: com.jcraft.jsch.JSchException: java.io.FileNotFoundException: C:\Documents and Settings\Administrator.ssh (Access is denied) If anyone has successfully set this up please help. I am going on 3 hours into this and want to get it solved. Thanks.

    Read the article

  • Calling IPrincipal.IsInRole on Windows 7

    - by adrianbanks
    We use NTLM auth in our application to determine whether a user can perform certain operations. We use the IPrincipal of their current Windows login (in WinForms applications), calling IsInRole to check for specific group memberships. To check that a user is a local administrator on the machine, we use: AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); ... bool allowed = Thread.CurrentPrincipal.IsInRole(@"Builtin\Administrators") This works if the current user is the Administrator user, or is another user that is a member of the Builtin\Administrators group. In our testing on Windows 7, we have found that this no longer works as expected. The Administrator user still works fine, but any other user that is a member of the Builtin\Administrators group returns false for the IsInRole call. What could be causing this difference? I have a gut feeling that a default setting has changed somewhere (possible in gpedit), but cannot find anything that looks like the culprit.

    Read the article

  • How to get Content types

    - by Gaby
    Hi, I'm developing a windows application, that talks to SharePoint via its built in web services, and i want to get all content types available on a SharePoint site, I'm trying to use Web.Webs WebsService = new Web.Webs(); WebsService.Credentials=credentials; WebsService.Url="url of the web service"; XmlNode listOfContentTypes = WebsService.GetContentTypes(); If credentials have administrator privileges i can get the list of all the content types available, But if credentials don't have administrator privileges a 401 exception is thrown (not enought permission). My question is: How can i get all content types available on a SharePoint site if i don't have administrator priviliges?

    Read the article

  • security roles in grails portlets

    - by srinath
    Hi, How to include security roles in grails portlets for liferay ? After deploying war in tomcat i added manually these lines for roles liferay-portlet.xml : <role-mapper> <role-name>administrator</role-name> <role-link>Administrator</role-link> </role-mapper> portlet.xml : <security-role-ref> <role-name>administrator</role-name> </security-role-ref> But How to add these roles settings in grails app before creating war ?? Please suggest me . thanks in advance sri..

    Read the article

  • ASP.Net MVC elegant UI and ModelBinder authorization

    - by SDReyes
    We know authorization stuff is a cross cutting concern, and we do anything we could to avoid merge business logic in our views. But I still not found an elegant way to filter UI components (e.g. widgets, form elements, tables, etc) using the current user roles without contaminate the view with business logic. same applies for model binding. Example Form: Product Creation Fields: Name Price Discount Roles: Role Administrator Is allowed to see and modify the Name field Is allowed to see and modify the Price field Is allowed to see and modify the Discount Role Administrator assistant Is allowed to see and modify the Name Is allowed to see and modify the Price Fields shown in each role are different, and model binding needs to ignore the discount field for 'Administrator assistant' role. How would you do it?

    Read the article

  • List service and services status under Win-7

    - by Ronaldo Junior
    I have a service monitor app that monitors the status of three other servers app - you know those kind of green, red status stuff, start, stop, etc. The problem is that it shows the wrong state in Windows 7 even if the user is the administrator. The start, stop buttons are disabled and the install button enabled, the status color is grey which is also wrong. The start button should be enabled with the service status showing green - the apps are running. If the application is run with the setting "run as administrator" then it behaves normally. The application is written in Delphi 7 and works perfectly in other versions of Windows. This line of code: OpenSCManager(PChar(sMachine),Nil,SC_MANAGER_ALL_ACCESS) always return 0 under Win7, causing the problem. Any ideas and if possible, any workaround apart from "run as administrator". Regards Ronaldo

    Read the article

  • VB.NET - ASP.NET - MS-Access - SQL Statement

    - by Brian
    I have a button which when pressed, sets the user's rights in the db. (If Administrator UserTypeID is set to '2' and if Customer it is set to '1'). However when I run the below code, everything remains the same. I think it's from the SQL statement but I;m not sure. Can anyone help please? Protected Sub btnSetUser_Click(sender As Object, e As System.EventArgs) Handles btnSetUser.Click Dim conn As New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Brian\Documents\Visual Studio 2010\WebSites\WebSite3\db.mdb;") Dim cmd As OleDbCommand = New OleDbCommand("UPDATE [User] SET [UserTypeID] WHERE Username=?", conn) conn.Open() cmd.Parameters.AddWithValue("@Username", txtUser.Text) If ddUserType.SelectedItem.Text = "Administrator" Then cmd.Parameters.AddWithValue("@UserTypeID", "2") cmd.ExecuteNonQuery() lblSetUser.Text = txtUser.Text + "was set to Administrator." ElseIf ddUserType.SelectedItem.Text = "Customer" Then cmd.Parameters.AddWithValue("@UserTypeID", "1") cmd.ExecuteNonQuery() lblSetUser.Text = txtUser.Text + "was set to Customer." End If conn.Close() End Sub End Class

    Read the article

  • Have the default security settings changed in Windows 7 that would affect IPrincipal.IsInRole?

    - by adrianbanks
    We use NTLM auth in our application to determine whether a user can perform certain operations. We use the IPrincipal of their current Windows login (in WinForms applications), calling IsInRole to check for specific group memberships. To check that a user is a local administrator on the machine, we use: AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); ... bool allowed = Thread.CurrentPrincipal.IsInRole(@"Builtin\Administrators") This works if the current user is the Administrator user, or is another user that is a member of the Builtin\Administrators group. In our testing on Windows 7, we have found that this no longer works as expected. The Administrator user still works fine, but any other user that is a member of the Builtin\Administrators group returns false for the IsInRole call. What could be causing this difference? I have a gut feeling that a default setting has changed somewhere (possible in gpedit), but cannot find anything that looks like the culprit.

    Read the article

  • workflow assign task to multiple users

    - by Artru
    I have MOSS. I want to make a page where a user, say administrator, could send some instructions to a server, for example using standard library and make task for a group of users forcing them to read files. After the reading users would press "already read it" and administrator would know who did it/who did not. I created simple workflow in office designer and choose assigne task to Group1, which is in the sharepoint server. After WF run everyone who is in Group1 get message about a task, that's great. However this task is general for group and if we go to the site section "current tasks", we can see it, while I want this task for every person in Group1. Futher question, is it possible to create form where administrator will choose users for this task, 'cause now I munualy set group in WF.

    Read the article

  • Huh? Android Preferences page refuses to load after adding SDK 1.6

    - by Android Eve
    This one is really weird. I had a perfectly working Eclipse + Android 2.2 SDK working in both Administrator account and LUA (Limited User Account) under Windows XP. Then I decided to add the Android 1.6 SDK (I could do it from an Administrator account only). It seemed to have gone well, since it still works perfectly -- but only in that Administrator account! When I try to start Eclipse under a LUA, I receive the following error message box: Which disappears within 2-3 seconds and replaced with: I then tried to check the Preferences page, but again, all I receive is error messages: and: Any idea why this is happening and how to fix this? (I would love to be able to continue working from a LUA)

    Read the article

  • How to run a command on a remote Windows system as a non-admin user with WMI?

    - by John
    I have a script written in Visual Basic that starts a process (given to the script as an argument) on a remote system (again, given as an argument) using WMI. This script works fine when using an Administrator account on the remote system, but when using a non-administrator account, I get the following error: ConnectServer Failed w/ (-2147024891) Access is denied. I'd like to be able to run processes on remote systems as a non-administrator user with this script, and I'm pretty sure the problem is due to security settings on the remote system, but I've not been able to reset the right ones.

    Read the article

  • How to find that 'runas' execution finished?

    - by Radek
    I use ruby 1.9.3p194 (2012-04-20) [i386-mingw32] on Windows7 To do mySQL backup I run runas /savecred /user:yogurt\administrator "cmd.exe /k mysqldump --user=#{dbuser} --password=#{dbpassword} #{dbname} > #{dump}" - mysqldump must be executed as administrator. I do not run my ruby scripts under administrator account. runas starts new cmd.exe and ruby doesn't wait for it to finish. Dump process takes about one minute to finish. After that I zip the dump file and delete it. But I have to make sure that the dump process already finished before I do any other action on that file. Right now I use sleep(60) that works but I wonder if there any better more systematic solution.

    Read the article

  • How to fix “Add Host to Workflow Farm problem” when installing Windows Azure Workflow in SharePoint2013 Preview

    - by ybbest
    Problem: When I try to configure the windows Azure workflow in SharePoint2013 preview, I got the following error see screenshot below. Detailed log can be found here. Solution: I asked the question in SharePoint StackExchange , Rajat’s help me to fix the problem .The solution for this is quite simple, instead of using the short form for your RunAs account, you should use the fully qualified name. So change administrator@YBBEST to [email protected] make the problem go away as shown below. Having other problems , check out AC’S blog on trouble-shooting the installation. References: How to: Set up and configure SharePoint 2013 workflows

    Read the article

  • Microsoft, please help me diagnose TFS Administration permission issues!

    - by Martin Hinshelwood
    I recently had a fun time trying to debug a permission issue I ran into using TFS 2010’s TfsConfig. Update 5th March 2010 – In its style of true excellence my company has added rant to its “Suggestions for Better TFS”. <rant> I was trying to run the TfsConfig tool and I kept getting the message: “TF55038: You don't have sufficient privileges to run this tool. Contact your Team Foundation system administrator." This message made me think that it was something to do with the Install permissions as it is always recommended to use a single account to do every install of TFS. I did not install the original TFS on our network and my account was not used to do the TFS2010 install. But I did do the upgrade from 2010 beta 2 to 2010 RC with my current account. So I proceeded to do some checking: Am I in the administrators group on the server? Figure: Yes, I am in the administrators group on the server Am I in the Administration Console users list? Figure: Yes, I am in the Administration Console users list Have I reapplied the permissions in the Administration Console users list ticking all the options? Figure: Make sure you check all of the boxed if you want to have all the admin options Figure: Yes, I have made sure that all my options are correct. Am I in the Team Foundation administrators group? Figure: Yes, I am in the Team Foundation Administrators group Is my account explicitly SysAdmin on the Database server? Figure: Yes, I do have explicit SysAdmin on the database Can you guess what the problem was? The command line window was not running as the administrator! As with most other applications there should be an explicit error message that states: "You are not currently running in administrator mode; please restart the command line with elevated privileges!" This would have saved me 30 minutes, although I agree that I should change my name to Muppet and just be done with it. </rant>   Technorati Tags: Visual Studio ALM,Administration,Team Foundation Server Admin Console,TFS Admin Console

    Read the article

  • Ich bin jetzt Oracle Certified Associate!

    - by britta.wolf
    Jan Peuker, Absolvent der Hochschule Augsburg und University of Melbourne, hat vor kurzem das Zertifikat Oracle Database 10g Administrator Certified Associate erworben. Er hat uns netterweise mit diesem kleinen Text versorgt: "Die Oracle Zertifizierung beginnt üblicherweise mit dem Oracle Certified Associate. Für diese Zertifizierung ist noch keine tiefgehende Praxiserfahrung notwendig. Um den Titel des Oracle Database 11g Administrator Certified Associate zu erlangen, muss man eine Prüfung zu SQL (z.B. 1Z0-051) sowie eine Prüfung zur Administration (1Z0-045) ablegen. Beide Prüfungen dauern 2 Stunden und haben ca. 80 Fragen von denen etwa drei Viertel richtig beantwortet werden müssen, um zu bestehen. Eine Note gibt es nicht. Die Prüfungen finden immer elektronisch statt, die Software erlaubt das Überspringen und Markieren von Fragen. Während meiner Arbeitszeit nach meinem ersten Studium hatte ich häufig mit dem Oracle Datenbanksystem zu tun. Als ich mein Aufbaustudium an der University of Melbourne absolvierte, wurde mir von der Studienberaterin vorgeschlagen, den Kurs „Advanced Database Administration" zu belegen. Dieser beruht vollständig auf den offiziellen Oracle Trainings-Unterlagen zur Prüfung in Oracle Administration und erlaubt daher die Teilnahme an der offiziellen Zertifizierung. Im Gegensatz zur SQL Prüfung, deren Inhalt man sich gut selbst aneignen kann, hilft bei der Administrator-Zertifizierung ein echter Kurs mit Seminar ungemein. Viele Konzepte lassen sich schwer aus einem Buch lernen. Die Bestandteile der SGA oder das Anlegen von Benutzern mögen leicht zugänglich sein, Redo- und Undo-Management sowie Backup und Recovery kann man nur verstehen, wenn man Beispiele hat und diese an einem Testsystem (keine "kleine" XE-Datenbank, sondern eine "richtige" Datenbank mit Enterprise Manager) ausprobieren kann. Übermäßig viel Zeit habe ich keinesfalls investiert, weil das Grundsystem sehr logisch ist. Für die weniger nachvollziehbaren Bereiche, besonders die neuen Features, habe ich mir Fachbegriffe auf Lernkarten geschrieben und die Trainingsunterlagen am System durchgespielt. Die Prüfung war für mich überraschend schwer, weil das einfache "Tagesgeschäft" deutlich unterrepräsentiert ist. In den Multiple-Choice-Fragen werden viele Besonderheiten und Use-Cases abgefragt (online findet man viele Beispielfragen). Da beide Tests in Englisch sind, sollte man nicht nur in der Terminologie des Oracle Datenbanksystems sondern auch in Fachbegriffen der Datenbankwelt allgemein bewandert sein. Oft machen einzelne Wörter (z.B. redundant oder synchronized, redo log oder redo log buffer) die richtige Antwort aus, ein signifikanter Anteil der Fragen beruht auf Zeichnungen oder Diagrammen, die beschrieben werden müssen. So muss man z.B. anhand eines Log-Auszugs beurteilen, warum die Datenbank nicht sauber geschlossen wurde. Allgemeines Wissen über Datenbanksysteme hilft leider nicht viel, da überproportional viele Fragen zu Oracle-spezifischen Themen gestellt werden, wie z.B. Optimierungs-Dienste (ADDM), Flashback, SQL Loader und ein wenig PL/SQL. Die SQL Prüfung ist dagegen sehr geradlinig - was aber nicht einfacher heißt. Hier kommt es mehr auf Auswendiglernen von Syntax an, was mir persönlich nicht liegt. Vor allem als Anwendungsprogrammierer kennt man oft proprietäre SQL-Funktionen nicht, es fällt schwer, sich einzelne Datumsberechnungsfunktionen, Typkonvertierungen, Namespaces oder krude Join-Methoden zu merken. Auf all dies wird in der Prüfung aber sehr viel Wert gelegt. Auch hier wird man wieder mit zweideutigen Multiple-Choice Fragen konfrontiert, bei denen sich z.B. nur die Reihenfolge der Parameter unterscheidet. Zudem sind die Parameter auch nicht ausgeschrieben, sondern in einem Entity-Relationship-Diagramm gegeben, wobei man auf die richtigen Datentypen achten muss. Mir persönlich war die Zeit fast zu knapp bemessen, weil man bei vielen Fragen erst ein Diagramm, einen Datenauszug oder einen längeren Text lesen muss, um dann die richtigen Statements zu finden. Hier helfen Lernkarten also nur bedingt - stattdessen üben, üben, üben. Durch den relativ niedrigen Pass-Score von 70% kann man es sich leisten, unsichere Fragen zuerst zu überspringen und erst nachdem alle sicheren beantwortet sind, zu überdenken. Die Prüfung ist auf jeden Fall fair. Ich habe durch das Oracle-Zertifizierungsprogramm viel gelernt. Die Datenbanken unter meiner Aufsicht laufen deutlich performanter und liefern höhere Verfügbarkeit, weil ich Probleme eliminieren konnte, die mir vorher nicht klar waren. Eine klassische Misskonfiguration, volle Archive Logs, weil diese mit zu lange gehaltenem Flashback-Speicher kollidieren, konnte ich bereits in einer der ersten Stunden meines Kurses an der Uni Melbourne mit Hilfe meines Professors klären. Beide Prüfungen waren problemlos parallel zu anderen Prüfungen zu absolvieren. Empfehlen kann ich eine gründliche Online-Recherche aber auch die Oracle Press-Bücher, welche mit Prüfungsfragen am Ende jedes Kapitels aufwarten. So spart man sich Zeit und ist trotzdem gut vorbereitet. Auch wenn ich keine Laufbahn als Administrator einschlagen werde, bin ich froh die zugrundeliegende Technologie vieler Anwendungen besser zu verstehen. Für meine tägliche Arbeit als Anwendungsentwickler hat es mir vor allem geholfen, Oracle-Konzepte z.B. im Bereich der Transaktionssteuerung und Wiederherstellung zu verstehen und damit viele Open Source Produkte jetzt sinnvoller bewerten und empfehlen zu können." Eine Übersicht der Zertifizierungspfade finden Sie auf der Oracle University Webseite (dann einfach "Deutschland""auswählen und anschließend auf den Punkt "Zertifizierungen" klicken).

    Read the article

  • How To Replace Notepad in Windows 7

    - by Trevor Bekolay
    It used to be that Notepad was a necessary evil because it started up quickly and let us catch a quick glimpse of plain text files. Now, there are a bevy of capable Notepad replacements that are just as fast, but also have great feature sets. Before following the rest of this how-to, ensure that you’re logged into an account with Administrator access. Note: The following instructions involve modifying some Windows system folders. Don’t mess anything up while you’re in there! If you follow our instructions closely, you’ll be fine. Choose your replacement There are a ton of great Notepad replacements, including Notepad2, Metapad, and Notepad++. The best one for you will depend on what types of text files you open and what you do with them. We’re going to use Notepad++ in this how-to. The first step is to find the executable file that you’ll replace Notepad with. Usually this will be the only file with the .exe file extension in the folder where you installed your text editor. Copy the executable file to your desktop and try to open it, to make sure that it works when opened from a different folder. In the Notepad++ case, a special little .exe file is available for the explicit purpose of replacing Notepad.If we run it from the desktop, it opens up Notepad++ in all its glory. Back up Notepad You will probably never go back once you switch, but you never know. You can backup Notepad to a special location if you’d like, but we find it’s easiest to just keep a backed up copy of Notepad in the folders it was originally located. In Windows 7, Notepad resides in: C:\Windows C:\Windows\System32 C:\Windows\SysWOW64 in 64-bit versions only Navigate to each of those directories and copy Notepad. Paste it into the same folder. If prompted, choose to Copy, but keep both files. You can keep your backup as “notepad (2).exe”, but we prefer to rename it to “notepad.exe.bak”. Do this for all of the folders that have Notepad (2 total for 32-bit Windows 7, 3 total for 64-bit). Take control of Notepad and delete it Even if you’re on an administrator account, you can’t just delete Notepad – Microsoft has made some security gains in this respect. Fortunately for us, it’s still possible to take control of a file and delete it without resorting to nasty hacks like disabling UAC. Navigate to one of the directories that contain Notepad. Right-click on it and select Properties.   Switch to the Security tab, then click on the Advanced button. Note that the owner of the file is a user called “TrustedInstaller”. You can’t do much with files owned by TrustedInstaller, so let’s take control of it. Click the Edit… button. Select the desired owner (you could choose your own account, but we’re going to give any Administrator control) and click OK. You’ll get a message that you need to close and reopen the Properties windows to edit permissions. Before doing that, confirm that the owner has changed to what you selected. Click OK, then OK again to close the Properties window. Right-click on Notepad and click on Properties again. Switch to the Security tab. Click on Edit…. Select the appropriate group or user name in the list at the top, then add a checkmark in the checkbox beside Full control in the Allow column. Click OK, then Yes to the dialog box that pops up. Click OK again to close the Properties window. Now you can delete Notepad, by either selecting it and pressing Delete on the keyboard, or right-click on it and click Delete.   You’re now free from Notepad’s foul clutches! Repeat this procedure for the remaining folders (or folder, on 32-bit Windows 7). Drop in your replacement Copy your Notepad replacement’s executable, which should still be on your desktop. Browse to the two or three folders listed above and copy your .exe to those locations. If prompted for Administrator permission, click Continue. If your executable file was named something other than “notepad.exe”, rename it to “notepad.exe”. Don’t be alarmed if the thumbnail still shows the old Notepad icon. Double click on Notepad and your replacement should open. To make doubly sure that it works, press Win+R to bring up the Run dialog box and enter “notepad” into the text field. Press enter or click OK. Now you can allow Windows to open files with Notepad by default with little to no shame! All without restarting or having to disable UAC! Similar Articles Productive Geek Tips Search and Replace Specific Formatting (fonts, styles,etc) in Microsoft WordHow to Drag Files to the Taskbar to Open Them in Windows 7Customize the Windows 7 or Vista Send To MenuKill Processes from the Windows Command LineChange Your Windows 7 Library Icons the Easy Way TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips Revo Uninstaller Pro Registry Mechanic 9 for Windows PC Tools Internet Security Suite 2010 PCmover Professional Use My TextTools to Edit and Organize Text Discovery Channel LIFE Theme (Win7) Increase the size of Taskbar Previews (Win 7) Scan your PC for nasties with Panda ActiveScan CleanMem – Memory Cleaner AceStock – The Personal Stock Monitor

    Read the article

  • AuthnRequest Settings in OIF / SP

    - by Damien Carru
    In this article, I will list the various OIF/SP settings that affect how an AuthnRequest message is created in OIF in a Federation SSO flow. The AuthnRequest message is used by an SP to start a Federation SSO operation and to indicate to the IdP how the operation should be executed: How the user should be challenged at the IdP Whether or not the user should be challenged at the IdP, even if a session already exists at the IdP for this user Which NameID format should be requested in the SAML Assertion Which binding (Artifact or HTTP-POST) should be requested from the IdP to send the Assertion Which profile should be used by OIF/SP to send the AuthnRequest message Enjoy the reading! Protocols The SAML 2.0, SAML 1.1 and OpenID 2.0 protocols define different message elements and rules that allow an administrator to influence the Federation SSO flows in different manners, when the SP triggers an SSO operation: SAML 2.0 allows extensive customization via the AuthnRequest message SAML 1.1 does not allow any customization, since the specifications do not define an authentication request message OpenID 2.0 allows for some customization, mainly via the OpenID 2.0 extensions such as PAPE or UI SAML 2.0 OIF/SP allows the customization of the SAML 2.0 AuthnRequest message for the following elements: ForceAuthn: Boolean indicating whether or not the IdP should force the user for re-authentication, even if the user has still a valid session By default set to false IsPassive Boolean indicating whether or not the IdP is allowed to interact with the user as part of the Federation SSO operation. If false, the Federation SSO operation might result in a failure with the NoPassive error code, because the IdP will not have been able to identify the user By default set to false RequestedAuthnContext Element indicating how the user should be challenged at the IdP If the SP requests a Federation Authentication Method unknown to the IdP or for which the IdP is not configured, then the Federation SSO flow will result in a failure with the NoAuthnContext error code By default missing NameIDPolicy Element indicating which NameID format the IdP should include in the SAML Assertion If the SP requests a NameID format unknown to the IdP or for which the IdP is not configured, then the Federation SSO flow will result in a failure with the InvalidNameIDPolicy error code If missing, the IdP will generally use the default NameID format configured for this SP partner at the IdP By default missing ProtocolBinding Element indicating which SAML binding should be used by the IdP to redirect the user to the SP with the SAML Assertion Set to Artifact or HTTP-POST By default set to HTTP-POST OIF/SP also allows the administrator to configure the server to: Set which binding should be used by OIF/SP to redirect the user to the IdP with the SAML 2.0 AuthnRequest message: Redirect or HTTP-POST By default set to Redirect Set which binding should be used by OIF/SP to redirect the user to the IdP during logout with SAML 2.0 Logout messages: Redirect or HTTP-POST By default set to Redirect SAML 1.1 The SAML 1.1 specifications do not define a message for the SP to send to the IdP when a Federation SSO operation is started. As such, there is no capability to configure OIF/SP on how to affect the start of the Federation SSO flow. OpenID 2.0 OpenID 2.0 defines several extensions that can be used by the SP/RP to affect how the Federation SSO operation will take place: OpenID request: mode: String indicating if the IdP/OP can visually interact with the user checkid_immediate does not allow the IdP/OP to interact with the user checkid_setup allows user interaction By default set to checkid_setup PAPE Extension: max_auth_age : Integer indicating in seconds the maximum amount of time since when the user authenticated at the IdP. If MaxAuthnAge is bigger that the time since when the user last authenticated at the IdP, then the user must be re-challenged. OIF/SP will set this attribute to 0 if the administrator configured ForceAuthn to true, otherwise this attribute won't be set Default missing preferred_auth_policies Contains a Federation Authentication Method Element indicating how the user should be challenged at the IdP By default missing Only specified in the OpenID request if the IdP/OP supports PAPE in XRDS, if OpenID discovery is used. UI Extension Popup mode Boolean indicating the popup mode is enabled for the Federation SSO By default missing Language Preference String containing the preferred language, set based on the browser's language preferences. By default missing Icon: Boolean indicating if the icon feature is enabled. In that case, the IdP/OP would look at the SP/RP XRDS to determine how to retrieve the icon By default missing Only specified in the OpenID request if the IdP/OP supports UI Extenstion in XRDS, if OpenID discovery is used. ForceAuthn and IsPassive WLST Command OIF/SP provides the WLST configureIdPAuthnRequest() command to set: ForceAuthn as a boolean: In a SAML 2.0 AuthnRequest, the ForceAuthn field will be set to true or false In an OpenID 2.0 request, if ForceAuthn in the configuration was set to true, then the max_auth_age field of the PAPE request will be set to 0, otherwise, max_auth_age won't be set IsPassive as a boolean: In a SAML 2.0 AuthnRequest, the IsPassive field will be set to true or false In an OpenID 2.0 request, if IsPassive in the configuration was set to true, then the mode field of the OpenID request will be set to checkid_immediate, otherwise set to checkid_setup Test In this test, OIF/SP is integrated with a remote SAML 2.0 IdP Partner, with the OOTB configuration. Based on this setup, when OIF/SP starts a Federation SSO flow, the following SAML 2.0 AuthnRequest would be generated: <samlp:AuthnRequest ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ID="id-E4BOT7lwbYK56lO57dBaqGUFq01WJSjAHiSR60Q4" Version="2.0" IssueInstant="2014-04-01T21:39:14Z" Destination="https://acme.com/saml20/sso">   <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sp.com/oam/fed</saml:Issuer>   <samlp:NameIDPolicy AllowCreate="true"/></samlp:AuthnRequest> Let's configure OIF/SP for that IdP Partner, so that the SP will require the IdP to re-challenge the user, even if the user is already authenticated: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the configureIdPAuthnRequest() command:configureIdPAuthnRequest(partner="AcmeIdP", forceAuthn="true") Exit the WLST environment:exit() After the changes, the following SAML 2.0 AuthnRequest would be generated: <samlp:AuthnRequest ForceAuthn="true" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ID="id-E4BOT7lwbYK56lO57dBaqGUFq01WJSjAHiSR60Q4" Version="2.0" IssueInstant="2014-04-01T21:39:14Z" Destination="https://acme.com/saml20/sso">   <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sp.com/oam/fed</saml:Issuer>   <samlp:NameIDPolicy AllowCreate="true"/></samlp:AuthnRequest> To display or delete the ForceAuthn/IsPassive settings, perform the following operatons: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the configureIdPAuthnRequest() command: To display the ForceAuthn/IsPassive settings on the partnerconfigureIdPAuthnRequest(partner="AcmeIdP", displayOnly="true") To delete the ForceAuthn/IsPassive settings from the partnerconfigureIdPAuthnRequest(partner="AcmeIdP", delete="true") Exit the WLST environment:exit() Requested Fed Authn Method In my earlier "Fed Authentication Method Requests in OIF / SP" article, I discussed how OIF/SP could be configured to request a specific Federation Authentication Method from the IdP when starting a Federation SSO operation, by setting elements in the SSO request message. WLST Command The OIF WLST commands that can be used are: setIdPPartnerProfileRequestAuthnMethod() which will configure the requested Federation Authentication Method in a specific IdP Partner Profile, and accepts the following parameters: partnerProfile: name of the IdP Partner Profile authnMethod: the Federation Authentication Method to request displayOnly: an optional parameter indicating if the method should display the current requested Federation Authentication Method instead of setting it delete: an optional parameter indicating if the method should delete the current requested Federation Authentication Method instead of setting it setIdPPartnerRequestAuthnMethod() which will configure the specified IdP Partner entry with the requested Federation Authentication Method, and accepts the following parameters: partner: name of the IdP Partner authnMethod: the Federation Authentication Method to request displayOnly: an optional parameter indicating if the method should display the current requested Federation Authentication Method instead of setting it delete: an optional parameter indicating if the method should delete the current requested Federation Authentication Method instead of setting it This applies to SAML 2.0 and OpenID 2.0 protocols. See the "Fed Authentication Method Requests in OIF / SP" article for more information. Test In this test, OIF/SP is integrated with a remote SAML 2.0 IdP Partner, with the OOTB configuration. Based on this setup, when OIF/SP starts a Federation SSO flow, the following SAML 2.0 AuthnRequest would be generated: <samlp:AuthnRequest ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ID="id-E4BOT7lwbYK56lO57dBaqGUFq01WJSjAHiSR60Q4" Version="2.0" IssueInstant="2014-04-01T21:39:14Z" Destination="https://acme.com/saml20/sso">   <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sp.com/oam/fed</saml:Issuer>   <samlp:NameIDPolicy AllowCreate="true"/></samlp:AuthnRequest> Let's configure OIF/SP for that IdP Partner, so that the SP will request the IdP to use a mechanism mapped to the urn:oasis:names:tc:SAML:2.0:ac:classes:X509 Federation Authentication Method to authenticate the user: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the setIdPPartnerRequestAuthnMethod() command:setIdPPartnerRequestAuthnMethod("AcmeIdP", "urn:oasis:names:tc:SAML:2.0:ac:classes:X509") Exit the WLST environment:exit() After the changes, the following SAML 2.0 AuthnRequest would be generated: <samlp:AuthnRequest ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ID="id-E4BOT7lwbYK56lO57dBaqGUFq01WJSjAHiSR60Q4" Version="2.0" IssueInstant="2014-04-01T21:39:14Z" Destination="https://acme.com/saml20/sso">   <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sp.com/oam/fed</saml:Issuer>   <samlp:NameIDPolicy AllowCreate="true"/>   <samlp:RequestedAuthnContext Comparison="minimum">      <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">         urn:oasis:names:tc:SAML:2.0:ac:classes:X509      </saml:AuthnContextClassRef>   </samlp:RequestedAuthnContext></samlp:AuthnRequest> NameID Format The SAML 2.0 protocol allows for the SP to request from the IdP a specific NameID format to be used when the Assertion is issued by the IdP. Note: SAML 1.1 and OpenID 2.0 do not provide such a mechanism Configuring OIF The administrator can configure OIF/SP to request a NameID format in the SAML 2.0 AuthnRequest via: The OAM Administration Console, in the IdP Partner entry The OIF WLST setIdPPartnerNameIDFormat() command that will modify the IdP Partner configuration OAM Administration Console To configure the requested NameID format via the OAM Administration Console, perform the following steps: Go to the OAM Administration Console: http(s)://oam-admin-host:oam-admin-port/oamconsole Navigate to Identity Federation -> Service Provider Administration Open the IdP Partner you wish to modify In the Authentication Request NameID Format dropdown box with one of the values None The NameID format will be set Default Email Address The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress X.509 Subject The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName Windows Name Qualifier The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName Kerberos The NameID format will be set urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos Transient The NameID format will be set urn:oasis:names:tc:SAML:2.0:nameid-format:transient Unspecified The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified Custom In this case, a field would appear allowing the administrator to indicate the custom NameID format to use The NameID format will be set to the specified format Persistent The NameID format will be set urn:oasis:names:tc:SAML:2.0:nameid-format:persistent I selected Email Address in this example Save WLST Command To configure the requested NameID format via the OIF WLST setIdPPartnerNameIDFormat() command, perform the following steps: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the setIdPPartnerNameIDFormat() command:setIdPPartnerNameIDFormat("PARTNER", "FORMAT", customFormat="CUSTOM") Replace PARTNER with the IdP Partner name Replace FORMAT with one of the following: orafed-none The NameID format will be set Default orafed-emailaddress The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress orafed-x509 The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName orafed-windowsnamequalifier The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName orafed-kerberos The NameID format will be set urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos orafed-transient The NameID format will be set urn:oasis:names:tc:SAML:2.0:nameid-format:transient orafed-unspecified The NameID format will be set urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified orafed-custom In this case, a field would appear allowing the administrator to indicate the custom NameID format to use The NameID format will be set to the specified format orafed-persistent The NameID format will be set urn:oasis:names:tc:SAML:2.0:nameid-format:persistent customFormat will need to be set if the FORMAT is set to orafed-custom An example would be:setIdPPartnerNameIDFormat("AcmeIdP", "orafed-emailaddress") Exit the WLST environment:exit() Test In this test, OIF/SP is integrated with a remote SAML 2.0 IdP Partner, with the OOTB configuration. Based on this setup, when OIF/SP starts a Federation SSO flow, the following SAML 2.0 AuthnRequest would be generated: <samlp:AuthnRequest ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ID="id-E4BOT7lwbYK56lO57dBaqGUFq01WJSjAHiSR60Q4" Version="2.0" IssueInstant="2014-04-01T21:39:14Z" Destination="https://acme.com/saml20/sso">   <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sp.com/oam/fed</saml:Issuer> <samlp:NameIDPolicy AllowCreate="true"/></samlp:AuthnRequest> After the changes performed either via the OAM Administration Console or via the OIF WLST setIdPPartnerNameIDFormat() command where Email Address would be requested as the NameID Format, the following SAML 2.0 AuthnRequest would be generated: <samlp:AuthnRequest ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ID="id-E4BOT7lwbYK56lO57dBaqGUFq01WJSjAHiSR60Q4" Version="2.0" IssueInstant="2014-04-01T21:39:14Z" Destination="https://acme.com/saml20/sso">   <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sp.com/oam/fed</saml:Issuer> <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/></samlp:AuthnRequest> Protocol Binding The SAML 2.0 specifications define a way for the SP to request which binding should be used by the IdP to redirect the user to the SP with the SAML 2.0 Assertion: the ProtocolBinding attribute indicates the binding the IdP should use. It is set to: Either urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST for HTTP-POST Or urn:oasis:names:tc:SAML:2.0:bindings:Artifact for Artifact The SAML 2.0 specifications also define different ways to redirect the user from the SP to the IdP with the SAML 2.0 AuthnRequest message, as the SP can send the message: Either via HTTP Redirect Or HTTP POST (Other bindings can theoretically be used such as Artifact, but these are not used in practice) Configuring OIF OIF can be configured: Via the OAM Administration Console or the OIF WLST configureSAMLBinding() command to set the Assertion Response binding to be used Via the OIF WLST configureSAMLBinding() command to indicate how the SAML AuthnRequest message should be sent Note: the binding for sending the SAML 2.0 AuthnRequest message will also be used to send the SAML 2.0 LogoutRequest and LogoutResponse messages. OAM Administration Console To configure the SSO Response/Assertion Binding via the OAM Administration Console, perform the following steps: Go to the OAM Administration Console: http(s)://oam-admin-host:oam-admin-port/oamconsole Navigate to Identity Federation -> Service Provider Administration Open the IdP Partner you wish to modify Check the "HTTP POST SSO Response Binding" box to request the IdP to return the SSO Response via HTTP POST, otherwise uncheck it to request artifact Save WLST Command To configure the SSO Response/Assertion Binding as well as the AuthnRequest Binding via the OIF WLST configureSAMLBinding() command, perform the following steps: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the configureSAMLBinding() command:configureSAMLBinding("PARTNER", "PARTNER_TYPE", binding, ssoResponseBinding="httppost") Replace PARTNER with the Partner name Replace PARTNER_TYPE with the Partner type (idp or sp) Replace binding with the binding to be used to send the AuthnRequest and LogoutRequest/LogoutResponse messages (should be httpredirect in most case; default) httppost for HTTP-POST binding httpredirect for HTTP-Redirect binding Specify optionally ssoResponseBinding to indicate how the SSO Assertion should be sent back httppost for HTTP-POST binding artifactfor for Artifact binding An example would be:configureSAMLBinding("AcmeIdP", "idp", "httpredirect", ssoResponseBinding="httppost") Exit the WLST environment:exit() Test In this test, OIF/SP is integrated with a remote SAML 2.0 IdP Partner, with the OOTB configuration which requests HTTP-POST from the IdP to send the SSO Assertion. Based on this setup, when OIF/SP starts a Federation SSO flow, the following SAML 2.0 AuthnRequest would be generated: <samlp:AuthnRequest ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ID="id-E4BOT7lwbYK56lO57dBaqGUFq01WJSjAHiSR60Q4" Version="2.0" IssueInstant="2014-04-01T21:39:14Z" Destination="https://acme.com/saml20/sso">   <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sp.com/oam/fed</saml:Issuer>   <samlp:NameIDPolicy AllowCreate="true"/></samlp:AuthnRequest> In the next article, I will cover the various crypto configuration properties in OIF that are used to affect the Federation SSO exchanges.Cheers,Damien Carru

    Read the article

  • SQL SERVER – 3 Simple Puzzles – Need Your Suggestions

    - by pinaldave
    Last Month, I have posted three Simple Puzzles and I got very good response. I think there can be many interesting answers there. I would like to request all of you to take part the puzzles and provide your answer. I plant to consolidate answers and publish all the valid answers on this blog with due credit. SQL SERVER – Challenge – Puzzle – Usage of FAST Hint SQL SERVER – Puzzle – Challenge – Error While Converting Money to Decimal SQL SERVER – Challenge – Puzzle – Why does RIGHT JOIN Exists I am also thinking that after such a long time we should have word Database Developer (DBD) just like Database Administrator (DBA) in our dictionary. I have also created pole where I talk about this subject. SQL SERVER – Are you a Database Administrator or a Database Developer? ?Reference: Pinal Dave (http://blog.SQLAuthority.com) Filed under: SQL, SQL Authority, SQL Puzzle, SQL Query, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • What are the definitive guidelines for custom Error Handling in ASP.NET MVC 3?

    - by RyanW
    The process of doing custom error handling in ASP.NET MVC (3 in this case) seems to be incredibly neglected. I've read through the various questions and answers here, on the web, help pages for various tools (like Elmah), but I feel like I've gone in a complete circle and still don't have the best solution. With your help, perhaps we can set a new standard approach for error handling. I'd like to keep things simple and not over-engineer this. Here are my goals: For Server errors/exceptions: Display debugging information in dev Display friendly error page in production Log errors and email them to administrator in production Return 500 HTTP Status Code For 404 Not Found errors: Display friendly error page Log errors and email them to administrator in production Return 404 HTTP Status Code Is there a way to meet these goals with ASP.NET MVC?

    Read the article

  • Dynamic Data Connections

    - by Tim Dexter
    I have had a long running email thread running between Dan and David over at Valspar and myself. They have built some impressive connectivity between their in house apps and BIP using web services. The crux of their problem has been that they have multiple databases that need the same report executed against them. Not such an unusual request as I have spoken to two customers in the last month with the same situation. Of course, you could create a report against each data connection and just run or call the appropriate report. Not too bad if you have two or three data connections but more than that and it becomes a maintenance nightmare having to update queries or layouts. Ideally you want to have just a single report definition on the BIP server and to dynamically set the connection to be used at runtime based on the user or system that the user is in. A quick bit of digging and help from Shinji on the development team and I had an answer. Rather embarassingly, the solution has been around since the Oct 2010 rollup patch last year. Still, I grabbed the latest Jan 2011 patch - check out Note 797057.1 for the latest available patches. Once installed, I used the best web service testing tool I have yet to come across - SoapUI. Just point it at the WSDL and you can check out the available services and their parameters and then test them too. The XML packet has a new dynamic data source entry. You can set you own custom JDBC connection or just specify an existing data source name thats defined on the server. <pub:runReport> <pub:reportRequest> <pub:attributeFormat>xml</pub:attributeFormat> <pub:attributeTemplate>0</pub:attributeTemplate> <pub:byPassCache>true</pub:byPassCache> <pub:dynamicDataSource> <pub:JDBCDataSource> <pub:JDBCDriverClass></pub:JDBCDriverClass> <pub:JDBCDriverType></pub:JDBCDriverType> <pub:JDBCPassword></pub:JDBCPassword> <pub:JDBCURL></pub:JDBCURL> <pub:JDBCUserName></pub:JDBCUserName> <pub:dataSourceName>Conn1</pub:dataSourceName> </pub:JDBCDataSource> </pub:dynamicDataSource> <pub:reportAbsolutePath>/Test/Employee Report/Employee Report.xdo</pub:reportAbsolutePath> </pub:reportRequest> <pub:userID>Administrator</pub:userID> <pub:password>Administrator</pub:password> </pub:runReport> So I have Conn1 and Conn2 defined that are connections to different databases. I can just flip the name, make the WS call and get the appropriate dataset in my report. Just as an example, here's my web service call java code. Just a case of bringing in the BIP java libs to my java project. publicReportServiceService = new PublicReportServiceService(); PublicReportService publicReportService = publicReportServiceService.getPublicReportService_v11(); String userID = "Administrator"; String password = "Administrator"; ReportRequest rr = new ReportRequest(); rr.setAttributeFormat("xml"); rr.setAttributeTemplate("1"); rr.setByPassCache(true); rr.setReportAbsolutePath("/Test/Employee Report/Employee Report.xdo"); rr.setReportOutputPath("c:\\temp\\output.xml"); BIPDataSource bipds = new BIPDataSource(); JDBCDataSource jds = new JDBCDataSource(); jds.setDataSourceName("Conn1"); bipds.setJDBCDataSource(jds); rr.setDynamicDataSource(bipds); try { publicReportService.runReport(rr, userID, password); } catch (InvalidParametersException e) { e.printStackTrace(); } catch (AccessDeniedException e) { e.printStackTrace(); } catch (OperationFailedException e) { e.printStackTrace(); } } Note, Im no java whiz kid or whizzy old bloke, at least not unless Ive had a coffee. JDeveloper has a nice feature where you point it at the WSDL and it creates everything to support your calling code for you. Couple of things to remember: 1. When you call the service, remember to set the bypass the cache option. Forget it and much scratching of your head and taking my name in vain will ensue. 2. My demo actually hit the same database but used two users, one accessed the base tables another views with the same name. For far too long I thought the connection swapping was not working. I was getting the same results for both users until I realized I was specifying the schema name for the table/view in my query e.g. select * from EMP.EMPLOYEES. So remember to have a generic query that will depend entirely on the connection. Its a neat feature if you want to be able to switch connections and only define a single report and call it remotely. Now if you want the connection to be set dynamically based on the user and the report run via the user interface, thats going to be more tricky ... need to think about that one!

    Read the article

< Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28  | Next Page >