Hi there, I am trying to implement a radius client which authenticates via EAP-SIM. The radius client is using the JRadius framework (a requirement of the guys I'm working with), however it seems that JRadius doesn't have an authenticator for EAP-SIM. Does anybody have any advice on how I might implement it myself (anybody with knowled...
I need to retrieve a JSON resource which requires HTTP Basic authentication. Therefore, I need to set a request header for a DataSource.IO object. I see that the IO utility itself supports a header key in its configuration object. However, since I'm new to YUI, I can't figure out how to set this configuration value through the mediation...
Hi All, First of all i should say when i used IIS 6.0 and i escaped windows authentication popup, i gave 401 error and i redirected weblogin page. Now i use IIS 7 with similar system but i can't get windows authentication popup, so directly go weblogin page. What is the difference between IIS 6 and IIS 7, why cant i get windows authent...
Is it possible to limit the users who can sign in with open id on my site. I have clients that I want to give access to a client area on my website. I don't want anyone with a open id to be able to login just my clients. Is this possible? ...
I'm trying to setup a connection to a webservice from VB.NET I'm totally clueless on how to perform this. I receive an overview of what their Soap can do and i also received a securitykey. I'm however not sure how to call this webservice using the securitykey in VB.NET. Hope someone can help me a bit further using the layout of the servi...
Hi. I'm using Spring Security 2 with Spring MVC. The tomcat container I will be using already has NTLM support and will provide access to only authenticated users, before forwarding their username in the header of the request. I tried writing a custom AutenticationEntryPoint with the idea that no form/ http-basic login would be required...
I am sourcing some info from the OWASP (open application security community) web site (http://owasp.org) and came across some info in their Authentication section. CAPTCHA (Completely automated Turing Tests To Tell Humans and Computers Apart) are illegal in any jurisdiction that prohibits discrimination against disabled citiz...
I am trying to get a Java app using spring-security to talk to a local ADAM instance that I have setup. I have successfully installed ADAM and setup as follows.... Instance running on localhost:389 Root is O=Company A child called OU=Company Users (orgnizationalUnit) A granchild called CN=Mike Q (user) uid = mike and password = welc...
Spring Security for us uses an email as the username and a password. To log someone in through code I call: securityContext.setAuthentication(objectWithUsername); How do I then allow facebook connect users to login who don't have an email or password with us? I can't call the above method because it requires a username. ...
I need to pull data from a REST web service in my android app. The web service requires authentication. I need to first call a login method, which will return me an authToken and JSESSIONID as part of the response header. I need to pass these items back with every request. I'm currently using: org.apache.http.impl.client.DefaultHttpCl...
I have a small website with about 10 members. 5 of those are now banned. I have ensured that they cannot login through the login page. However because the authentication cookie is persistent and is set to expire after a few months if they return to the site they will still be logged in. A simple solution is just to expire all authenti...
Hi everyone. Now I know that I should not try to reinvent the wheel and try to write an authentication system, since I don't understand the security issues well enough. However, I need to add a basic authentication system to my site, so I can limit access to certain resources. How do you recommend that I do this? Edit: I am not trying...
Its easy enough to install/configure something like ShareThis but what about the social "log-in" plug-ins that are increasingly popular? e.g. "sign in with"... Facebook Twitter OpenID My questions are this: Does the development of each of these three have to be done separately or can it essentially be replicated for each. If a us...
Hi I have a simple WCF service hosting on IIS6 on a server on the network. When I use the following binding on a server in my network I got 404, if just made clientCredentialType None, it works, also it works on my machine, why Windows authentication fails on server, 404 actually means it cannot even see the endpoint, if it is a proxy ...
I am in the process of customizing the default.ctp file and I am trying to display the currently logged on user's name on the top of the page. In app_controller.php, I have the following: function beforeFilter() { $user = $this->Auth->user(); if($user != null) { $this->Session->write('user_name',$user['User']['user...
I have two types of roles [Admin, HelpDeskAdmin]. I have a single logon view(both users go to same link to login) and I want to check their role once logged in and redirect to their respective admin pages once authenticated. The code below doesn't identify the logged in user as being in the role the first time and reloads the logon pa...
I am trying to login to a site and then call numerous URLs to get the source and scrape for images. It works fine using regular curl but when I try to use multi_curl I am getting back the exact same response. So that I only have to login once I am resuing the curl resource (this works fine with regular curl) and I think this may be the r...
Hi, We want to use OpenSSO for our authentication and authorization needs but would prefer it talking to database instead of the default LDAP datastore. We found that there is an experimental Database datastore present in the OpenAM 9.0 release. However, it seems to be just concerned with authentication and user lifecycle managemen...
I'd like to know what would be the best "practise" to use: Authentication Authorization Facebook connect I have seen authlogic has an Facebook Connect plugin. But the roles (authorization) haven't been described there. How would i do this? ...
Hi All, For windows there is integrated windows authentication. We can configure active directory and join the cleint to the domain. Then all the services on the client that communicates with the iis on the server can use the integrated authentication transparently. Is there something similar for java, linux and some application server...