I have an application that connects to integrity through the java mks api. To test the application functionalities I hardcoded the user and the password for my computer, but now after testing I want to make the app generic so more users can use it.
Normally, each user has a user (this information I can get it from ENV) and a password configured in the Integrity interface. Is there a possibility to tell the mksapi to get the password from those preferences?
There is no option to get the password from Client preferences.
You don't need to have the password if the connection already exist and you are using localintegration.
e.g.
si projects --hostname={SI_HOST} --port={SI_PORT} --user={USERNAME}
The previous command will work without password if there is an active connection for the provided info: {USERNAME}#{SI_HOST}:{SI_PORT}
Another option is to use a user with impersonate permission.
if you cannot use any of this option, the only way is to prompt the user for a password.
Related
I am trying to use java code mention on link: http://www.nexttutorial.com/faq/azureAD/1/Azure-active-directory-graph-api-user-authentication-in-java - but I get below error:
java.util.concurrent.ExecutionException: com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS50055: Force Change Password.\r\nTrace ID: 7596cf92-f3d6-4baf-a0c9-d166a92d1500\r\nCorrelation ID: 8cccb074-4ae4-4c9b-932b-1f4ddcb514cb\r\nTimestamp: 2017-05-05 08:20:28Z","error":"user_password_expired"}
I haven't used the Java APIs, but I can tell you two things that are the core of the problem:
The user's password has expired
You are using Resource Owner Password Grant flow
You need to change the application to instead show a browser window so the user can reset their password. If you just want to test the code as is, you can open a new Incognito/private/InPrivate window and sign in to e.g. portal.azure.com with the user. That will allow you to make sure they have a working password.
But I would advise against using that sign in flow because of potential problems like this one.
The reason you get the error is that the user needs to set a new password, but the flow you are using cannot support that scenario. It also cannot support the scenario where the user account has MFA enabled/is a Microsoft account etc.
And by the way, if this app is intended not to be used by a user, but just run as is, I would suggest making it a daemon with application permissions on the necessary APIs and then use client credentials flow for authentication. No user account needed then, since the app has the needed rights.
I have been trying to use the java jdk to Couchbase. sdk v 3.2.3
However I find it strange that the examples provided never supply any password while connecting. Also I created a read-only user, and I see that the there is nowhere to provide the user-name while opening a bucket from a cluster, you only provide the password. I tried using the password for the admin and for the read-only user that I created. But it would fail with couchbase.client.java.error.InvalidPasswordException: Passwords for bucket "myBucket" do not match. It is the same password that I use when I login to the admin console, yet this password doesnot work. Only the empty password works.
I am confused and don't get the hang of it?
Anybody knows about this?
My aim was to create a read-only user and use this user credentials to only read data from couchbase for a specific module which is only supposed to read data.
At this moment, there is no read only data access to a bucket in Couchbase. Stay tuned as there will be lots of security changes in the coming versions of Couchbase.
I have excel which connects to analysis service by http://localhost:port/xmla that connect to jetty server which is running on diff server. I want to enable window authentication that will user details for window active directory send to the server to validate.
But the problem if I using radio button that is "use window auth" it is not sending the credential to the server.
To do that we need to enable window integrated security.
I want to know in which layer the credential will be authenticated do we need to write ntlm protocol logic at server side or do we have to write any code to windows level.
Thanks in advance, please help me on this.
You need to have the SSAS to use AD for users. Then you need to add the active directory users to the Cube you are trying to access. You can either create a role and add the users there or you can add the directly to the cube security. The users are added with domain\sAMAccountName to the SSAS. Then to authenticate you use the sAMAccountName and the password (if you created the users manually the username and the sAMAccountName are usually the same).
In excel you write the credentials either in the connection string or in the dialog that it shows. And you input something like
Server: http://localhost/xmla
User: Domain\sAMAccountName (from the AD)
Password: the password :)
I have to make an application after a login, take you to a window with a few options, which change according to the type of user you been logged (administrator, manager, normal user), I've created the login dialog and connected to the database, but do not know how to do that: 1.Java distinguish a user is admin, manager or normal. 2.You take a different window by type .. If you could help me would be very grateful, as I'm quite lost ... Thank you!
Okey, as you don't tell the application base (if web application, desktop application, used framework etc) then I will need to be very simple in my answer.
Install your database
Install your logintable and your data (e.g. admin / adminpwd; user / userpwd etc)
If Swing:
Create a login-window that asks for username and password
If admin then load admin-frame, if user load user-frame otherwise show error.
If Web application:
Create a simple login html form, asking for username and password
Do a user check in your Jsp/Servlet, put user-info in session and redirect to user-page if user, to admin-page if admin, otherwise error-page (you could make a simple check in pages to verify that user-info exists in session, in case of...)
This is a very very basic flow, you could of course make a group/role table/column that connects each user to a group. Which makes it easier when you have plenty of users.
There are many frameworks out there that makes this easier, but the basics are the same! ;)
I am building a java web application that will automatically grant users Administrative Rights to their Windows PC's when a manager approves their request.
In order to accomplish this, I am going to write a script to automatically remote into the users computer and add them to the computer's administrative group. I figured in order to do this though, I will need to have an Administrative Service Account to access all computers.
My question would be, how can I go about securely storing the Administrative Service Account information? The application will need the credentials every time it needs to go and give a user admin-rights, so how can I go about letting the application use the Service Account without human interaction? Obviously I cant just put admin credentials in a plain-text properties file. The credentials shouldn't be open for any developers to see who might go in and change the application later.
Could there be a better way to do this? Someone mentioned to me once maybe having an account in Active Directory to impersonate, but I wasn't able to follow up for more details on that.
There is one method of protecting service account passwords that is occasionally used for services that use databases is based on the concept of inversion of control.
Here the service can call a stored procedure, which has anonymous access, that prompts the database to generate, set, and send the password to the service, whose address it knows, via a separate call.
While the anon call is normally IP limited to prevent DoS attacks, it doesn't matter if some other process calls it, because the stored procedure will only send the password to the service regardless of who calls it.