I'm using Oracle 11gR2 OAM-OAAM integrated environment.
Test Case for 2 factor user:
Access Protected URL.
Once Login page is presented, enter username and password.
After successful authetication, instead of redirecting to OTP page, its redirecting back to Login page with error - Invalid Username or Password.
It's not the issue with credentials because if I change the factor to 1 and use the same credentials, authentication is successful and user is redirected to home page.
Note - Its same behaviour for all the 2 factor users.
This issue is in 2 environments only:
Environment 1 - It was working fine from last 3 years until last week.
Environment 2 - It was never working from the beginning.
But its working fine in other 4 environments.
What I have done until now:
Compare OAAM configuration and properties with other working environments.
Result - It's the same
Analysis: I have checked OAAM Admin console session details, below is triggered:
Policy - OAAM Challenge Policy
Rule - Questions Active
Rule notes - User failed to answer question more than specified number of times.
But all the users have questions registered in the system.
Sounds like this particular user account is locked out from OTP.
Verify the value of the OTP failure counter as follows:
In OAAM console > Session tab > Click on user > Summary > Profile Data > Failure Counter Data > OTP Challenge, Failure Count = 4 (for example)
To unlock / reset the counter:
In OAAM console > Session > Link to Case > Create New Case > Customer resets > User Item = Unlock OTP
Related
I have a site dashboard on GAE standard node.js environment that uses login: admin option in handlers: element in my app.yaml file. This option makes google login window appear before accessing the site. Is it possible to get email and profile of user logged in?
Updates on Feb 2
Tested on my local server
I added login:required in app.yaml; it's a Python3 App but I did not use users api; I start the app with dev_appserver.py to make sure it uses the app.yaml file in the development environment; When I loaded the home page, it prompted me to sign in with test#example.com
I dumped the header output and it included the following
X-Appengine-User-Email: test#example.com
X-Appengine-User-Id: XXXXX
Original Answer
You can use the 'users' Api and call the function GetCurrentUser()
Example, if your code was in python, you'd have something like
from google.appengine.api import users
# Get information about the currently logged in user
users.GetCurrentUser()
# Extra - if you wanted to confirm this is an admin user
users.IsCurrentUserAdmin()
Since you're not using Python, see if the environment variable for USER_EMAIL exists. The source code for users api has the snippet below (so see if it works for you)
email = os.environ.get('USER_EMAIL', email)
_user_id = os.environ.get('USER_ID', _user_id)
Hello there i am learning node.js and got stuck in a scenario.The flow is that in website user register himself and after successfully registering i will be sending him to route named create_profile which in is post request and also i want to send userId to create_profile route.In case if user close the website then if he agains open it and login then if profile is incomplete then i will be taking his userId and send to create_profile route.And after that to home page.What i was thinking to store session for user authentication in create profile page and login.This is because if login there can be tow cases : If user has successfully completed his profile then take him to home and store a global session there and second case it to take him to create profile as its incomplete then after successfully creating take him to home store global session for user authentication.But my confusion is to how to pass userId from login to create profile which is post request.Do i need to make temp session ? Please solve my issue i am confused how to solve this .
You can create a "profile_completed" coloumn in DB and set it as "false" (default), update it to "true" if user has completed the profile. While user login check if his profile is updated ,if yes send him to home else ask him to update.
You can pass user I'd to create_profile via request or get it from session storage you saved earlier
I have liferay open office integration. My problem is when I preview any document after login first time it is logout and ask to login again. Next time it is working fine the problem persist while document preview generation and after user log first time. suppose there are 5 page of document only 2 page display other while show processing image.
Below are logs come while logout.
06:55:17,743 ERROR [ajp-bio-8009-exec-88][PollerServlet:63] No channel exists with user id 1810503
06:55:17,782 ERROR [ajp-bio-8009-exec-88][status_jsp:752] No channel exists with user id 1810503
06:55:26,360 ERROR [ajp-bio-8009-exec-95][PollerServlet:63] No channel exists with user id 1810503
06:55:26,403 ERROR [ajp-bio-8009-exec-95][status_jsp:752] No channel exists with user id 1810503
Above logs come each time when i log in.
I am using Liferay 6.2 CE GA3 + Mysql + Openoffice + xuggler.
I have seen liferay issues related with No channel exists with user id but it does not answer my question
I have 3 site.
Site A : Just a login form.
Site B : an Icewarp webmail
Site C : Lotus domino mail
For now, i dont want include Site C in my question. It just for Site A and Site B
I want when a user login to Site A and then, automatically redirected to Site B. How do i pass the credential safely without the username and password being displayed?
My current script is below : This is the script when user login to Site A, and then passing the credential.
if ($mailhost == "icewarp")
{
Header("refresh:0;url=Site B icewarp URL/webmail/index.html?!#$pid:$credential");
exit;
}
elseif ($mailhost == "domino")
{
Header("refresh:0;url=Site C Domino URL/mail/domadmin.nsf?Login&Username=$pid&Password=$credential");
exit;
}
The system is working fine, but the problem is user credential is being displayed on address bar. How do i send user credential in alternate way?
You might want to encrypt the credentials. Probably is the only truly secure way.
You can encrypt it with: mcrypt-encrypt.
Then, decrypt with: mcrypt-decrypt
You could try and POST the values to the Domino login form as opposed to placing them in the address bar which forms a GET request.
For PHP - Three different was to make a POST request.
http://www.lornajane.net/posts/2010/three-ways-to-make-a-post-request-from-php
I installed a clean jboss 7.1.Final Server.
after running it, I made an sh add_user.sh in the bin folder
I chose a) for Management User
I entered:
Realm (ManagementRealm) : joerg
Username : joerg
Password : superpassword
Re-enter Password : superpassword
when I entered then http://localhost:9990/console/ it was forwarded to http://localhost:9990/console/App.html
the problem is, that if I go to the URL http://localhost:9990/console/App.html I can't log in, because i get the typical HTTP-Basic Authentication promt for username and password (looks like there is a .htaccess but i never made one)
If I try
login: joerg
password: superpassword
it is not working
(on the shell the username and password works with the jboss diagnostic reporter jdr.sh)
In your example, you will need to enter the ManagementRealm as the realm that your primary user account will resolve to. Your example would be:
Realm (ManagementRealm) : ManagementRealm
Username : joerg
Password : superpassword
Re-enter Password : superpassword
From the official documentation, this is explained as follows:
It is important to leave the name of the realm as 'ManagementRealm' as
this needs to match the name used in the server's configuration, for
the remaining fields enter the new username, password and password
confirmation.
Provided there are no errors in the values entered you will then be
asked to confirm that you want to add the user, the user will be
written to the properties files used for authentication and a
confirmation message will be displayed.
With JBoss Application Server 7.1.x being so customisable, you can build your own realm configurations as required, but for the initial instance, make sure you use the ManagementRealm.
Folow these steps:
open jboss-as-x.x.x.Final\standalone\configuration\mgmt-users.properties and delete the user (i.e delete the line which has the username you want to use, such as admin=2c7123264278731425d1f53aeb55da1e)
open jboss-as-x.x.x.Final\domain\configuration\mgmt-users.properties and delete the user (i.e delete the line which has the username you want to use, such as admin=2c7123264278731425d1f53aeb55da1e)
run jboss-as-x.x.x.Final\bin\add-user.bat and add user in the following way:
Select user type a
Realm (ManagementRealm) : ManagementRealm
Username : admin
Password : password
Re-enter Password : password
If you get JBAS015243: The user ‘admin’ already exists in at least one properties file. error, then you didn't complete steps 1 and 2.