Authentication to XML DB via WebDAV and SSO

Hi,
Is there any way to be authentified by XML DB via WebDAV and SSO ?
If the access to our infrastructure of database servers is controled by SSO, once I'm authentified by OID (SSO), is it possible to pass that authentification to XML DB through standard port 8080 ?
Thank you for your help

This is planned for a future (not 10g) release

Similar Messages

Send XML Message via HTTP and Receive Response

Hello,
We have a scenario where we need to update Currency Exchange Rates in R/3 via a 3rd party called Oanda. I'd like to use XI for this Interface, if possible.
Basically, we need to send XML over HTTP. Here's the URL and the XML we need to use for our POST (I'll need to perform the look-up for about 15 currency codes - I plan on using a BPM process to loop through each currency code specified in a flat file):
http://www.oanda.com/cgi-bin/fxml/fxml?fxmlrequest=<CONVERT><CLIENT_ID>TestAccount1</CLIENT_ID><EXCH>USD</EXCH><EXPR>CAD</EXPR><DATE>03/25/2008</DATE></CONVERT>
And the reponse looks like this:
<RESPONSE>
<EXPR>CAD</EXPR>
<EXCH>USD</EXCH>
<AMOUNT>1</AMOUNT>
<NPRICES>1</NPRICES>
<CONVERSION>
    <DATE>Mon, 24 Mar 2008 20:00:00 GMT</DATE>
    <ASK>1.0257</ASK>
    <BID>1.0251</BID>
</CONVERSION>
</RESPONSE>
I plan on mapping each reponse to BAPI_EXCHRATE_CREATEMULTIPLE, using BPM.
So my question is this: Should I use the HTTP adapter for the out going POST to Oanda? If so, would the HTTP adapter be consider the sender or the receiver? Also, how would the XML message be automatically appended to the end of the URL (i.e., after the fxmlrequest parameter)? I guess I'm a little confused on how to use the HTTP adapter... Are there any blogs that discuss this type of scenario?
Thanks,
Matt

Hi guys,
I have few concerns for setting up this scenario.
1). I have created a data type for request mapping, and teste the mapping.
The output looks like below:
<?xml version="1.0" encoding="UTF-8" ?>
<ns1:MT_CONVERT xmlns:ns1="http://test.com/ExchngRate">
   <CONVERT>
     <CLIENT_ID>test</CLIENT_ID>
     <EXPR>CAD</EXPR>
     <EXCH>USD</EXCH>
     <DATE>10/21/2009</DATE>
     <AMOUNT>1</AMOUNT>
   </CONVERT>
</ns1:MT_CONVERT>
How to pass only
<CONVERT>
     <CLIENT_ID>test</CLIENT_ID>
     <EXPR>CAD</EXPR>
     <EXCH>USD</EXCH>
     <DATE>10/21/2009</DATE>
     <AMOUNT>1</AMOUNT>
   </CONVERT>
to the receiver HTTP adapter.
2) I am using URL address in the receiver HTTP adapter.
Target Host: www.oanda.com
Path Prefix: cgi-bin/fxml/fxml?fxmlrequest=
What is will be Service Number?
Looking forward for you help. Your help is greatly appreciated.
Thanks,
Namadev
Edited by: Namadev Chillal on Oct 21, 2009 5:35 PM

Publish files via WebDav stored in BLOB

Hi,
is it possible to publish files (PDF, DOC ...) stored in a table with column datatype BLOB via XMLDB/WebDav?
If yes, does exists somewhere an how to do?
Many thanks in advance.
Regards,
Martin

Currently XML DB can only publish non-xml content via WebDAV etc if it's stored in the XML DB repository. We looking at this for a future release. For the moment you'd have to move the documents from the column into the repository. If you can you might want to consider simply storing the path or resid in the application table and the content in the repository. Depending on the application you might be able to create a new table that contains a path or RESID inplace of the BLOB column and then create a new view to replace current table with a view that includes a BLOB column based on xdburitype(),

SAP authentication and SSO into BI4 with multiple SAP systems

We have already setup SAP authentication and SSO between ECC6 and BI4, e.g. to run CR 2011 reports with data based on ECC infosets, or BEx (operational BI on ECC). ECC is the main point of entry for users, so ECC user accounts and role imports are used in BI4.
Now if we add BW to this, with Crystal or WebI or Analysis OLAP sourcing data from BW, can we still leverage detailed authorizations in BW on the corresponding BW user - with user accounts and role imports in BI4 still being ECC-based?

Hi,
Let's say the trust relationship is setup between those systems. Then the simple example is to use Enterprise authentication in BI4, and assertion tickets are issued when making requests to ECC or BW. I assume LDAP/AD authentication would work as well.
>> You also have to setup trust between the BI 4 and ECC & between BI4 and BW. Thats part of the setup for the SSO Token Service.
But does this scenario rule out SAP authentication or not? I was hoping that I can still logon to BI4 with an ECC-issued logon ticket, and then BI4 would nevertheless issue assertion tickets for my BW alias.
>> And that is still possible. Setup the SSO Token Service, setup the aliases for the users. then you could logon with ECC credentials and run a BW report because the token service would then generate the token towards the BW system.
ingo

XML tag with attributes and one value via XSU

I need to generate a XML structure with attributes in the opening tag, and just one value in the body, like this:
<PRODUCT-LIST-PRICE NET-PRICE="0" CURRENCY="USD">9.99</PRODUCT-LIST-PRICE>
Without an object type, I can just create tags like this
XML3
<PRODUCT-LIST-PRICE>9.99</PRODUCT-LIST-PRICE>
(with no attributes, but a single value) via the followig statement
SELECT sys_xmlgen ('9.99',
sys.xmlgenformattype.createFormat('PRODUCT-LIST-PRICE')
).getClobVal() "XML3"
FROM DUAL;
Having an object "productlisteprice_type", defined by
CREATE OR REPLACE TYPE productlisteprice_type AS OBJECT
"@NET-PRICE" VARCHAR2(10),
"@CURRENCY" VARCHAR2(10),
"PRICE" VARCHAR2(20)
I just get XML like this
XML2
<PRODUCT-LIST-PRICE NET-PRICE="0" CURRENCY="USD">
<PRICE>9.99</PRICE>
</PRODUCT-LIST-PRICE>
(with attributes, but no direct value beneath the "PRODUCT-LIST-PRICE" tag) via the following statement
SELECT sys_xmlgen ( productlisteprice_type(0,'USD','9.99'),
sys.xmlgenformattype.createFormat('PRODUCT-LIST-PRICE')
).getClobVal() "XML2"
FROM DUAL;
Not what I need :-(
Are there any possibilities in XSU to get the needed XML code? Or do I have to do some post-production via XSQL???
Another question: Is it possible to use specific keywords like "online" as XML tagnames, via objects? The objects don't allow "online" as a field name...
Thanks in advance,
Holger

I need to generate a XML structure with attributes in the opening tag, and just one value in the body, like this:
<PRODUCT-LIST-PRICE NET-PRICE="0" CURRENCY="USD">9.99</PRODUCT-LIST-PRICE>
Without an object type, I can just create tags like this
XML3
<PRODUCT-LIST-PRICE>9.99</PRODUCT-LIST-PRICE>
(with no attributes, but a single value) via the followig statement
SELECT sys_xmlgen ('9.99',
sys.xmlgenformattype.createFormat('PRODUCT-LIST-PRICE')
).getClobVal() "XML3"
FROM DUAL;
Having an object "productlisteprice_type", defined by
CREATE OR REPLACE TYPE productlisteprice_type AS OBJECT
"@NET-PRICE" VARCHAR2(10),
"@CURRENCY" VARCHAR2(10),
"PRICE" VARCHAR2(20)
I just get XML like this
XML2
<PRODUCT-LIST-PRICE NET-PRICE="0" CURRENCY="USD">
<PRICE>9.99</PRICE>
</PRODUCT-LIST-PRICE>
(with attributes, but no direct value beneath the "PRODUCT-LIST-PRICE" tag) via the following statement
SELECT sys_xmlgen ( productlisteprice_type(0,'USD','9.99'),
sys.xmlgenformattype.createFormat('PRODUCT-LIST-PRICE')
).getClobVal() "XML2"
FROM DUAL;
Not what I need :-(
Are there any possibilities in XSU to get the needed XML code? Or do I have to do some post-production via XSQL???
Another question: Is it possible to use specific keywords like "online" as XML tagnames, via objects? The objects don't allow "online" as a field name...
Thanks in advance,
Holger

EFS Encrypted Files over home workgroup network via WebDAV avoiding Active Directory fixing Access Denied errors

This is for information to help others
KEYWORDS:
- Sharing EFS encrypted files over a personal lan wlan wifi ap network
- Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
- transfer encryption keys / certificates
- set trusted delegation for user + computer for EFS encrypted files via
Kerberos
- Windows Active Directory vs network file share
- Setting up WinDAV server on Windows 7 Pro / Ultimate
It has been a long painful road to discover this information.
I hope sharing it helps you.
Using EFS on Windows 7 pro / ultimate is easy and works great. See
here and
here
So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
won't work (unless you follow below steps).
Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
Why such a EFS drama when a network is involved?
Assume a home peer-to-peer network with 2pc: \\fileserver and \\clientpc
When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
(on behalf of the clienpc's data request).
This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
Solutions
There are two main approaches to solve this:
     1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
          EFS operations occur on the computer storing the files.
          EFS files are decrypted then transmitted in plaintext to the client's computer
          This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
     2) SOLVE by setting up WebDAV (efs files accessed through web folders)
           EFS operations occur on the client's local computer
           EFS files remain encrypted during transmission to the client's local computer where it is decrypted
           This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
           BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
         READ BELOW as this does
Create new encrypted file / folder on a network file share - via Active Directory
It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
Although this info is NOT for setting up EFS on an active directory domain [server],
for those interested here is the gist:
Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
EFS.
NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
Create new encrypted file / folder on a network file share - via WebDAV
For home users it is possible to make it all work.
Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
Setting up a wifi AP (for those less technical):
   a) START ... CMD
   b) type (no quotes): "netsh wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
   c) type (no quotes): "netsh wlan start hostednetwork"
Set up a WebDAV server on Windows 7 Pro / Ultimate
-----ON THE FILESERVER------
   1 click START and type "Turn Windows Features On or Off" and open the link
       a) scroll down to "Internet Information Services" and expand it.
       b) put a tick in: "Web Management Tools" \ "IIS Management Console"
       c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
       d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
       e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
       f) click ok
       g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
KB892211 here ONLY for XP + Server 2003 (made in 2005)
KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
2 Click START and type "Internet Information Services (IIS) Manager"
3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
       a) on the right side, under Actions, click "Enable WebDAV"
4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
       a) on the "Anonymous Authentication" and click "Disable"
       b) on the "Windows Authentication" and click "Enable"
      NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
        It can be by changing registry key:
           [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
           BasicAuthLevel=2
       c) on the "Windows Authentication" click "Advanced Settings"
           set Extended Protection to "Required"
       NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
       a) on the right side, under Actions, click "Add Allow Rule"
       b) set this to "all users". This will control who can view the "Default Site" through a web browser
       NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
clientpc.
       NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
       a) on the right side, under Actions, click "Enable"
HOTFIX - double escaping
7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
       a) on the right side, under Actions, click "Edit Feature Settings"
       b) tick the box "Allow double escaping"
     *THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
     These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
     This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
       a) set the Alias to something sensible eg "D_Drive", set the physical path
       b) it is essential you click "connect as" and set
this to a local user (on fileserver),
       if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
             NB: the user account selected here must have the required EFS certificates installed.
                        See
here and
here
        NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
      This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
       The work around is on the \\fileserver create an NTFS symbollic link
          e.g. to share the entire contents of "D:\",
                on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
                in cmd in this folder create an NTFS symbolic link to "D:\"
                so in cmd type "cd c:\inetpub\wwwroot"
                then in cmd type "mklink /D D_Drive D:\"
        NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
         NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
clientpc
9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
       a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
       b) if some exist review existing allow or deny.
           Take care to not only review the "allow access to" settings
           but also review "permissions" (read/write/source)
       NB: this can be set here for all added virtual directories, or can be set under each virtual directory
10 Open your firewall software and/or your router. Make an exception for port 80 and 443
       a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
             choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
          NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
below, specifically "Cant find server due to network location"
       b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
HOTFIX - MAJOR ISSUE - fix KB959439
11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
      a) On Windows 7 you need only change one tiny registry value:
           - click START, type "regedit", open link
           -browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
           -on the EDIT menu click NEW, then click DWORD Value
           -Type "DisableEFSOnWebDav" to name it (no speech marks)
           -on the EDIT menu, click MODIFY, type 1, then click OK
           -You MUST now restart this computer for the registry change to take effect.
      b) On Windows Server 2008 / Vista / XP you'll FIRST need to
download Windows6.0-KB959439 here. Then do the above step.
         NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
      a) make sure WebClient Service is running
            (click START, type "services" and open, scroll down to WebClient and check its status)
      b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
            It should show the default "IIS7" image.
            If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"
      c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
                e.g. http://localhost/D_drive
            If nothing is listed, check "Directory Browsing" is enabled
13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
      a) make sure WebClient Service is running
            (click START, type "services" and open, scroll down to WebClient and check its status)
      b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
              eg if your server's computer name is "fileserver" go to "http://fileserver:80"
              It should show the default "IIS7" image. If not, check firewall and port blocking.
              Any issue ie if (12) works but (13) doesn't, will indicate a possible firewall issue or router port blocking issue.
     c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
               eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
               A directory listing of files should appear.
--- ON EACH CLIENT ----
HOTFIX - improve upload + download speeds
14 Click START and type "Internet Options" and open the link
      a) click the "Connections" tab at the top
      b) click the "LAN Settings" button at the bottom right
      c) untick "Automatically detect settings"
HOTFIX - remove 50mb file limit
15 On Windows 7 you need only change one tiny registry value:
      a) click START, type "regedit", open link
    b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
       c) click on "FileSizeLimitInBytes"
       d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
16 On each clientpc click START, type "Internet Options" and open it
         a) click on "Security" (top) and then "Custom level" (bottom)
         b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
         SUCH an easy fix. SUCH an annoying problem on a clientpc
   NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
explorer.
TEST SETUP
17 On the client use the normal "map network drive"
            e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
            e.g. CMD: net use * "http://fileserver:80/C_drive"
         If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
"manage network passwords") has NTFS permissions.
18 Test that EFS is now working over the network
       a) On a clientpc, map network drive to http://fileserver/
       b) navigate to a folder you know on the \\flieserver is encrypted with EFS
       c) create a new folder, create a new file.
           IF it throws an error, check carefully you mapped to the WebDAV and not file share
              i.e. mapped to "http://fileserver" not "\\fileserver"
           Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
       d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
       e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
clientpc decrypted it then copied it).
        If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
        If this is not readable check step (11) and that you restarted the \\fileserver computer.
19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
      a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
            If a prompt for user+pass then check hotfix (16)
20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
      a) see the last comment at the very bottom of
this page:
Points to consider:
   - NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
either.
- CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
MORE INFO: HOTFIX: RAW DATA TRANSFERS
More info on step (11) above.
Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
There is a fix:
      It is implimented above, see (11) above
      Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
Other problems + fixes
PROBLEM: Can't find server due to network location.
     This one took me a long time to track down to "network location".
     Win 7 uses network locations "Home" / "Work" / "Public".
     If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
     This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
     FIX = either set IP address manually and specify a gateway
     FIX = or force "unidentified" network locations to assume "home" or "work" settings -
read here or
here
     FIX = or change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
login to gain file access.
PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
       By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
      Read
here (i've posted a batch script to automatically make the required reg files)
I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.

What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?

Problem in connecting to beehiveonline via WebDAV

Hi,
I am seeing a strange behavior when connecting to beehiveonline via WebDAV. Need your help to sort out the same.
If I try to connect to https://beehiveonline.oracle.com/content/dav using internet explorer, the browser automatically redirects me to the SSO login page. After I login, it moves back to the workspace listing page successfully.
But if I try to connect to the same URL via "Add Network Location" or "Map Network Drive" the system is failing to connect. I am using the same SSO credentials. I am using Windows 7 laptop (not sure if that matters).
I have been using this (beehiveonline via WebDAV) for a some time now; this was working perfectly alright before last ~10 days. For the last ~10 days, this does not seem to work.
Can you please review and help.
Thanks, Raja

Raja,
I have some troubleshooting tips for webdav - see if any of these work and if not we can have a call and talk through the options.
Troubleshooting Tips
@ 1. While connecting to Webdav using web folders, the login prompt keeps appearing.
Try connecting to the webdav server using https url: @ http://beehive.oracle.com/content/dav
If above doesn't help, try below steps:
Stop "Webclient" service (Go to Start-> Control Panel-> Administrative Tools -> Services. Select "Web Client" and stop the service)
Set 'Startup Type' of Webclient service to 'Manual' Set up web folder using url: http://beehive.oracle.com/content/dav
(without specifying port)
2. My web folder was working properly. Now suddenly dav operations don't go thru and can not access stbeehive. I deleted the mapped network place and re-mapped, it still does not work.
This happens when the webdav server is bounced and your dav cookie on the client is not expired. Delete all cookies in Internet Explorer browser (Tools-> Internet Options - > Delete -> Delete cookies) and try reconnecting.
3. Through web folders, I created a new folder, but the folder did not appear and when I try to create it again, it says it already exists.
Stop "Webclient" service (Go to Start-> Control Panel-> Administrative Tools -> Services. Select "Web Client" and stop the service). Set up web folder using url: http://beehive.oracle.com/content/dav (without specifying port).
4. After copying a file from one folder to another within Web folder, it shows the file size as 0 bytes.
This is a known issue with the web folders client. After the copy/move operation, it does not issue a PROPFIND to get the details of the newly copied/moved file. Refresh your folder (press F5) and the correct sizes should be displayed.
5. In web folders, I double-click a jpeg file. The MS Picture Viewer application opens but it does not display the jpeg file.
The MS Picture Viewer application is not webdav enabled. Try opening the file in Internet Explorer instead.
6. I did some dav operations through the browser. After leaving idle for about an hour, it asked me for username/password again.
This is due to the dav session timeout.
7. I did some dav operations through Internet Explorer (IE). Then, I did some operations through web folders. After leaving idle for about an hour, I tried to access through IE. It did NOT ask me for username/password.
Sessions involving non-browser dav client like web folders are intended to be longer (default timeout value is 16 hours). Since you last did an operation using web folders, your dav session has been extended.
8. I have uploaded a document with a non-English name. When the document is listed, the file name is garbled.
or I have uploaded a document with non-English contents. When I open them, they are garbled.
Your dav client is not sending the encoding information correctly. Please try setting your "Content" user preferences ("document_uri_encoding", "document_character_encoding") to the encoding used by your dav client.
9. I am not logged into Web Folders. Now, I login through IE and click on a MS Office document (word/excel etc). I am prompted for my credentials again.
This can be resolved by opening the MS word document inline in Internet Explorer. Steps required to configure are available at:
http://support.microsoft.com/kb/162059.
10. I have opened a MS Office document inline in the browser. I click "Back" or close the web browser window. I am prompted to enter credentials again.
This can be resolved by following the steps given at: @ http://support.microsoft.com/kb/822128
Known Issues
Generic Issues:
@ There is no support for non-ascii username/password. Windows Vista Web folder is not supported.
Navigation through browser into URLs containing characters [ or ] may result in 404 error.
Windows Web Folders:
It throws a common error dialog box for all the error scenarios. It does not pick the message sent by the webdav server
If you create/update/delete a document and it has to go through a workflow process, Web Folders doesnt interpret the response status code correctly and throws an error.
Cadaver:
Copying/moving fails for files/folders which have spaces in their names Use cadaver ver 0.22.5 or later. Earlier versions have encoding issues.
Mac OS:
Lot of files whose name starts with the dot character like ".DS_Store" are created implicitly by Mac Finder
I uploaded a document to my personal workspace Documents folder. Then Get Info on that document in the webdav folder. There is a checkbox for "Lock". If you click the checkbox, it immediately gets de-selected. This is because this client does not send a webdav lock request.
Maybe one of these will do the trick
Phil

Form-based authentication in JBoss using a database and JAAS

I am trying to set up simple authentication using a database. I am initially trying to secure all web resources, since my application accesses the EJBs via servlets (and is working fine without security). Later I will tighten things down so that the EJB's business methods will also have security in place.
It seems that everything is in place but I am unable to authenticate a user when I use a valid login/password combination (I am being redirected to the login error page). No exceptions appear in the JBoss console, and the database tables are populated with proper values. I'm clueless as to why this isn't working -- hopefully someone reading this can give me a clue as to what is going wrong.
Here is what I have done so far:
1) I have two tables in my database, one for the username and password, and another for roles. The database tables look like this:
table name: principals
column: principal_id VARCHAR(64) primary key
column: password VARCHAR(64)
table name: roles
column: principal_id VARCHAR(64)
column: user_role VARCHAR(64)
column: role_group VARCHAR(64)
2) I have added an entry in $JBOSS/server/default/conf/login-config.xml to declare an application policy which uses a DatabaseServerLoginModule. In this entry I have specified the SQl to be used by the module for selecting the password and role, following the example in the JBoss Getting Started Guide (p. 57):
    
    <application-policy name="HIM-client-login">
        <authentication>
            <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
                          flag="required">
                <module-option name="dsJndiName">java:/OracleDS</module-option>
                <module-option name="principalsQuery">select password from principals where principal_id=?</module-option>
                <module-option name="principalsQuery">select user_role, role_group from roles where principal_id=?</module-option>
            </login-module>
        </authentication>
    </application-policy>
     ...3) I have added a security domain entry in the jboss-web.xml file:
    
    <security-domain>java:/jaas/HIM-client-login</security-domain>
    ... 4) I have declared a security constraint in the web.xml file:
    
    <security-constraint>
        <display-name>Server Configuration Security Constraint</display-name>
        
        <web-resource-collection>
            <web-resource-name>Secure Resources</web-resource-name>
            <description>Security constraint for all resources</description>
            
            <url-pattern>/*</url-pattern>
            
            <http-method>POST</http-method>
            <http-method>GET</http-method>
        </web-resource-collection>
        
        <auth-constraint>
            <description>Only allow those users that are in the following role</description>
            <role-name>user</role-name>
        </auth-constraint>
        
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    ... 5) I have a simple login form (LoginForm.jsp) which encodes j_security_check:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
    <head>
        <title>HIM Client Login</title>
    </head>
    <body>
        <form method="POST"
              action='<%= response.encodeURL( "j_security_check" ) %>'>
            Username: <input type="text"
                             name="j_username"><br/>
            Password: <input type="password"
                             name="j_password"><br/>
            <br/>
            <input type="submit"
                   value="Login">
            <input type="reset"
                   value="Reset">
        </form>
    </body>
</html>
    Can anyone see from the above that I have missed something, or that I have done something wrong ?
Is there a way to get more information ? All I see in the access log file are logs of the requests for the servlet, j_security_check, and the login and error pages, and it might be helpful to have a little more information as to what is going on.
Thanks in advance for any insight.
-James

Hi,
I have exactly followed your configurations. However, I dont have the same database tables in my database. I used the following:
<module-option name="principalsQuery">select password from s_users where username=?</module-option>
<module-option name="rolesQuery">select role from s_users where username=?</module-option>However, when I try to logon I get the following error message from jboss:
"ERROR [org.jboss.security.auth.spi.UsersRolesLoginModule] Failed to load users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found" although I do not want to use property files as I want to use the oracle database.
Any help appreciated!

NTLM authentication fails to connect using webdav on osX

We are having problems in our organization getting our macs connected via webdav using NTLM authentication.
Our structure is as follows:
Netapp/IBM nSeries gateway/filer model n6040 which is our FTP/CIFS/Webdav host.
Windows Server 2008 R2 Domain Controller with Active Directory
Windows 7, Mac osX clients (various versions).
From the windows side, we are able to connect to our filer via FTP, CIFS, and http/Webdav after we authenticate using our AD credentials. From the Mac side, we can authenticate and connect to our filer using FTP, CIFS (using Connect to Server "smb://ourfiler.com") and through a browser using the address of http://ourfiler.com. This type of connection using webdav works with Firefox but not using Safari or Chrome but isn't adequate enough for our users since the browser based connection is read only. However, when we try to Connect to Server via webdav using our server address of http://ourfiler.com:80, we never get past the "Enter your name and password for the server "ourfiler.com."
We tried a third party webdav client on our macs: Cyberduck, which also fails to connect using webdav. We also tried a separate linux client and were able to connect without any problems.
Since authetication for webdav works on windows and linux, we're thinking there is problem with osX itself. Has anyone else had this problem or can anyone suggest any workarounds/solutions?

Sorry for the late replies gentleman... for some reason I didn't get email alerts when you guys posted....
Anyways, yes the DC is on a different subnet and no we don't have WINS. The way I understand it is the client will contact the master browser in it's local subnet... all the master browsers in all other subnets contacts the Domain master browser ...
and they share the server list this way... I mean it's a little more complicated than that....well to me at least...
Can you try resolving the short name with the domain controller being on another subnet and you having a different master browser in your client subnet?
What is the process the client goes thru when looking up Domain netbios name? LIke for DNS, it's straight forward... the client looks at DNS server, then for the SRV records for the Site the client is in and get's domain controller....... How
does this work for netbios domain name? There is NO WINS in the environment.
Chau

OBIEE 11g and SSO with Browser Cookie

In OBIEE 10g we were able to configure the Presentation Server to accept a browser cookie. The cookie value would be passed to the BI Server as the :USER variable. A BI Server Repository Initialization Block would execute a SQL SELECT statement which would return the PeopleSoft username based on the cookie value.
We added the following to the 10g instanceconfig.xml:
<CredentialStore>
<CredentialStorage type="file" path="D:\oracle\OBIEE_UD\Data\web\config\credentialstore.xml" passphrase="another_secret" />
</CredentialStore>
<Auth>
<SSO enabled="true">
<ParamList>
<Param name="IMPERSONATE" source="cookie" nameInSource="PS_TOKEN"/>
</ParamList>
</SSO>
</Auth>
The Initialization Block SQL is:
SELECT mGetTokenUserid(':USER') FROM DUAL
mGetTokenUserid is a PL/SQL function which invokes a PeopleSoft web service. The web service simply returns the username for a valid PS_TOKEN cookie.
The Initialization Block works fine in OBIEE 11g.
Unfortunately the instanceconfig.xml settings from 10g do not work in 11g. There is also nothing in the OBIEE 11g documentation which discusses how to tell the system to use a specific cookie value for authentication.
Any guidance as to where in the Fusion Middleware or WebLogic security documentation we might find details on how to get the system to pass the PS_TOKEN cookie to the BI Server in 11g?
Thanks,
Mark Johnson
State of Minnesota

Not a full answer but....
, WebLogic can accept third party tokens as defined here:
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13718/ia.htm#DEVSP258

Creating XML file via sql in 10g database

Hi
I am using an Oracle 10g database and via a procedure that is called from Forms 10g, I want to output data in XML format so that this file can be fed into an accounting system that uses XML.
How do I go about doing this?

How do I go about doing this?The most flexible way is via SQL/XML publishing functions.
And use DBMS_XSLPROCESSOR.CLOB2FILE to write the result to a file in a single call :
DECLARE
xmlresult      clob;
BEGIN
select xmlelement("Departments",
           xmlagg(
             xmlelement("Department",
               xmlattributes(
                 d.deptno as "id"
               , d.dname as "name"
             , xmlelement("Employees",
                 xmlagg(
                   xmlelement("Employee",
                     xmlattributes(e.empno as "id")
                   , xmlforest(
                       e.ename as "Name"
                     , e.job as "Job"
                     , e.mgr as "ManagerId"
                   ) order by e.empno
             ) order by d.deptno
         ).getclobval()
into xmlresult
from scott.dept d
       join scott.emp e on e.deptno = d.deptno
group by d.deptno, d.dname
dbms_xslprocessor.clob2file(xmlresult, 'TEST_DIR', 'departments.xml');
END;
/Output : departments.xml in Oracle directory TEST_DIR :
<Departments>
<Department id="10" name="ACCOUNTING">
    <Employees>
      <Employee id="7782">
        <Name>CLARK</Name>
        <Job>MANAGER</Job>
        <ManagerId>7839</ManagerId>
      </Employee>
      <Employee id="7839">
        <Name>KING</Name>
        <Job>PRESIDENT</Job>
      </Employee>
      <Employee id="7934">
        <Name>MILLER</Name>
        <Job>CLERK</Job>
        <ManagerId>7782</ManagerId>
      </Employee>
    </Employees>
</Department>
<Department id="20" name="RESEARCH">
    <Employees>
      <Employee id="7369">
        <Name>SMITH</Name>
        <Job>CLERK</Job>
        <ManagerId>7902</ManagerId>
      </Employee>
      <Employee id="7566">
        <Name>JONES</Name>
        <Job>MANAGER</Job>
        <ManagerId>7839</ManagerId>
      </Employee>
      <Employee id="7902">
        <Name>FORD</Name>
        <Job>ANALYST</Job>
        <ManagerId>7566</ManagerId>
      </Employee>
    </Employees>
</Department>
<Department id="30" name="SALES">
    <Employees>
      <Employee id="7499">
        <Name>ALLEN</Name>
        <Job>SALESMAN</Job>
        <ManagerId>7698</ManagerId>
      </Employee>
      <Employee id="7521">
        <Name>WARD</Name>
        <Job>SALESMAN</Job>
        <ManagerId>7698</ManagerId>
      </Employee>
      <Employee id="7654">
        <Name>MARTIN</Name>
        <Job>SALESMAN</Job>
        <ManagerId>7698</ManagerId>
      </Employee>
      <Employee id="7698">
        <Name>BLAKE</Name>
        <Job>MANAGER</Job>
        <ManagerId>7839</ManagerId>
      </Employee>
      <Employee id="7844">
        <Name>TURNER</Name>
        <Job>SALESMAN</Job>
        <ManagerId>7698</ManagerId>
      </Employee>
      <Employee id="7900">
        <Name>JAMES</Name>
        <Job>CLERK</Job>
        <ManagerId>7698</ManagerId>
      </Employee>
    </Employees>
</Department>
</Departments>(formatted for display purpose)

Repository event handler doesn't work when inserting an xml-doc via ftp

Hi,
I want to add a 'schemaLocation'-attribute to an XML-document when I load it in the repository. Therefore, I use the precreate-repository event and created a Repository Event Handler (see code extract below).
Everything works fine if I type the following code in SQL Plus:
Declare
v_return BOOLEAN;
Begin
v_return:=DBMS_XDB.createresource('/public/xml/test.xml', XMLType(bfilename('XMLDIR', 'test.xml'),nls_charset_id('AL32UTF8')));
end;Unfortunately, when I try to insert an XML-document via ftp into the /public/xml folder it doesn´t work as expected and no 'schemaLocation'-attribute is added to the new resource.
What's the reason for this strange behavior and how can I solve it?
For your information: I use the Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
Thank you very much for your help!!!
Repository Event Handler code extract:_
create or replace
PACKAGE BODY schemalocation AS
PROCEDURE handlePreCreate (eventObject DBMS_XEVENT.XDBRepositoryEvent) AS
XDBResourceObj DBMS_XDBRESOURCE.XDBResource;
var XMLType;
l_return BOOLEAN;
l_xmldoc dbms_xmldom.DOMDocument;
l_docelem dbms_xmldom.DOMElement;
l_attr dbms_xmldom.DOMAttr;
c1 clob;
node     dbms_xmldom.DOMNode;
txid varchar2(100);
dDoc DBMS_XMLDOM.DOMDocument;
nlNodeList DBMS_XMLDOM.DOMNodeList;
BEGIN
XDBResourceObj := DBMS_XEVENT.getResource(eventObject);
dbms_lob.createTemporary(c1,TRUE);
var:=DBMS_XDBRESOURCE.getcontentxml(XDBResourceObj);
l_xmldoc := dbms_xmldom.newDOMDocument(var);
l_docelem := DBMS_XMLDOM.getDocumentElement(l_xmldoc);
------ add schemaLocation attribute
l_attr := DBMS_XMLDOM.createAttribute(l_xmldoc, 'xsi:schemaLocation');
DBMS_XMLDOM.setValue(l_attr, 'urn:iso:std:iso:20022:tech:xsd:sese.023.001.01 http://www.test.com/Testswift.xsd');
l_attr := DBMS_XMLDOM.setAttributeNode(l_docelem, l_attr);
DBMS_XMLDOM.WRITETOCLOB(l_xmldoc, c1);
------- get the value of the TxId-tag
dDoc := DBMS_XMLDOM.NEWDOMDOCUMENT(c1);
nlNodeList := DBMS_XMLDOM.GETELEMENTSBYTAGNAME(dDoc, 'TxId');
node := DBMS_XMLDOM.ITEM(nlNodeList, 0);
txid:= dbms_xmldom.getnodevalue(dbms_xmldom.getfirstchild(node));
l_return:=DBMS_XDB.createresource('/public/ok/'||txid||'.xml', XMLType(c1));
END;

Marco,
Here's an example of the problem :
create or replace package handle_events
as
procedure handlePreCreate(p_event dbms_xevent.XDBRepositoryEvent);
end;
create or replace package body handle_events
is
procedure handlePreCreate (p_event dbms_xevent.XDBRepositoryEvent)
is
XDBResourceObj dbms_xdbresource.XDBResource;
doc XMLType;
res boolean;
begin
XDBResourceObj := dbms_xevent.getResource(p_event);
doc := dbms_xdbresource.getContentXML(XDBResourceObj);
select insertchildxml(
    doc
, '/root'
, '@xsi:schemaLocation'
, 'urn:iso:std:iso:20022:tech:xsd:sese.023.001.01 http://www.test.com/Testswift.xsd'
, 'xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"'
into doc
from dual;
res := dbms_xdb.CreateResource('/public/xml/result.xml', doc);
end;
end;
declare
res boolean;
begin
res := dbms_xdb.CreateFolder('/public');
res := dbms_xdb.CreateFolder('/public/tmp');
res := dbms_xdb.CreateFolder('/public/xml');
end;
declare
res            boolean;
resconfig      xmltype;
my_schema      varchar2(30) := 'DEV';
resconfig_path varchar2(300) := '/public/ResConfig.xml';
resource_path varchar2(300) := '/public/tmp';
begin
resconfig := xmltype(
'<ResConfig xmlns="http://xmlns.oracle.com/xdb/XDBResConfig.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/xdb/XDBResConfig.xsd http://xmlns.oracle.com/xdb/XDBResConfig.xsd">
<event-listeners set-invoker="true">
    <listener>
      <description>My event handler</description>
      <schema>'||my_schema||'</schema>
      <source>HANDLE_EVENTS</source>
      <language>PL/SQL</language>
      <events>
        <Pre-Create/>
      </events>
      <pre-condition>
        <existsNode>
          <XPath>/r:Resource[r:ContentType="text/xml"]</XPath>
          <namespace>xmlns:r="http://xmlns.oracle.com/xdb/XDBResource.xsd"</namespace>
        </existsNode>
      </pre-condition>
    </listener>
</event-listeners>
<defaultChildConfig>
    <configuration>
      <path>'||resconfig_path||'</path>
    </configuration>
</defaultChildConfig>
</ResConfig>'
res := dbms_xdb.CreateResource(resconfig_path, resconfig);
dbms_resconfig.addResConfig(resource_path, resconfig_path, null);
end;
/Giving the following input XML file :
<?xml version="1.0" encoding="utf-8"?>
<root xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>This works :
SQL> declare
2    res boolean;
3 begin
4    res := dbms_xdb.CreateResource('/public/tmp/test.xml',
5               xmltype(bfilename('TEST_DIR','test.xml'), nls_charset_id('AL32UTF8')));
6 end;
7 /
PL/SQL procedure successfully completed.
SQL> select XMLSerialize(document xdburitype('/public/xml/result.xml').getXML()
as clob indent size = 2) result
2 from dual
3 ;
RESULT
<root xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
urn:iso:std:iso:20022:tech:xsd:sese.023.001.01 http://www.test.com/Testswift.xsd
"/>With the same document loaded via FTP, we get :
SQL> select XMLSerialize(document xdburitype('/public/xml/result.xml').getXML()
as clob indent size = 2) result
2 from dual
3 ;
ERROR:
ORA-31011: XML parsing failed
ORA-19202: Error occurred in XML processing
LPX-00283: document encoding is UTF-16-based but default input encoding is not
Error at line 1
no rows selectedand the content looks like :
< ? x m l   v e r s i o n = " 1 . 0 "   e n c o d i n g = " u t f - 8 " ? >
< r o o t   x m l n s : x s i = " h t t p : / / w w w . w 3 . o r g / 2 0 0 1 / X M L S c h e m a - i n s t a n c e " / >As a workaround, I've found that serializing and re-parsing the document solves the problem :
select insertchildxml(
    xmltype(doc.getclobval())
, '/root'
, '@xsi:schemaLocation'
, 'urn:iso:std:iso:20022:tech:xsd:sese.023.001.01 http://www.test.com/Testswift.xsd'
, 'xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"'
into doc
from dual;
...We then get the expected result after FTP transfer :
SQL> select XMLSerialize(document xdburitype('/public/xml/result.xml').getXML()
as clob indent size = 2) result
2 from dual
3 ;
RESULT
<?xml version="1.0" encoding="UTF-8"?>
<root xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
urn:iso:std:iso:20022:tech:xsd:sese.023.001.01 http://www.test.com/Testswift.xsd
"/>The workaround also works for the DOM version presented above.
Any ideas?

Purchase order replication – extended classic scenario using XML proxy via PI

Hi Experts
Question:
In case of extended classic deployment is it possible to use XML proxy to
transfer SRM purchase orders to ECC? As we know as of SRM 7.01 its via RFC
whether SRM 7.02 onwards does SAP support XML for ECS too?
Has
anyone read about this in any of the SAP forums?
Background: In our project, client have invested
heavily on XI and XI monitoring and troubleshooting, integrated to SAP SOLMAN.
And would like to opt for XML mode of transfer and reuse existing solution.
This is the main reason we would like to be very clear in our understanding
before we go back to client.
We appreciate your time and support.
Regards
Prashanth

Dear Rahul,
Thanks for you input
Let me give you an example of the behaviour:
in PPOMA_BBP TOG assigned to user has : DQ with $1000 and upper percentage 5%.
User orders a PO with quantity=1000, price $100;
No additional tolerances assigned in the PO itself
User tries to enter confirmation with quantity 1001 (so qty variance converted to currency amount results in $100 over delivery) So the confirmation is under both the 5% and the $1000 limit.
In that case I donu2019t receive an error message from the SRM, but the error message u201CBackend Purchase Order quantity exceeded by 1 EAu201D from ECC still prevents me from posting the Confirmation. And this is the problem I havenu2019t been able to solve so far.
So I want the TOG tolerance to be used. And I am also happy with the absolute limit always having priority over percentage limit...
But I am trying to find a way to get rid of the back end message (with assigning a tolerance to the PO itself as the will get rid of the absolute limit see my previous post.)
Cheers
Ulrike

Problems with creating XML file via Call Transformation

Hi,
When creating a XML file via Call transformation an extra character '#'is placed at the beginning of the file.
This problems occurs since the upgrade to ECC6.0 and the Unicode conversion.
When opening the XML file the following error message appears:
Invalid at the top level of the document. Error processing resource 'file ....
Has anybody an idea why this extra character is placed at the beginning of the file. Has it something to do with the unicode conversion and how can we solve the problem?
thanks for your help
kind regards,
Maarten van IJzendoorn

Hello Marteen,
Can you please share the solution to this issue and let me know.
Our Issue:
1) We are executing a report which generates an XML file on FTP.
2) The FTP file is always in Error when executed thorugh JAPANESE login but not thorugh EN login.
3) The XML files generated have always an extra character in the end ( which can be space,#,$%^&, etc.) when this extra character is removed from XML file with opening it in NOTEPAD then XML works OK in JA login as well.
4) In the PROGRAM everything has been checked with respect to OPEN dataset statement , XML ports UNICODE etc.
5) THIS issue has been reported only after upgrading to ECC 6.0 from 4.6C.( in older version it works fine).
Various OPEN dataset statments are :
OPEN DATASET path_fil
FOR OUTPUT
Thanks to reply.

OS authentication in Oracle 10g via jdbc:oracle:oci

I'm very much a newbie to Java / JDBC and I am trying, but failing, to connect with the database using OS authentication via jdbc, and hoping someone may help.
My questions are:
1. Is OS authentication supported for jdbc:oracle:oci with Oracle 10g ? I couldn't find a general statement of whether it works or not.
(NB.The only information I managed to find, on another forum, is that it should be supported but there is a bug and so it does not work, but the author did not post all of his/her platform details, so the bug may only affect his/her situation. )
2. If it is supported and works, could some one suggest what is wrong with my syntax . I could not find an example in any Oracle 10g/JDBC documentation.
The details are as follows: -
Database : - Oracle 10g Enterprise Edition 10.2.0.2.0 running on Solaris.
Development platform : - NetBeans 6.1, JDK 1.6.
Runtime environment: - JRE1.6 on Windows XP professional.
OPS$ authentication : - the OPS$ accounts have been set-up and we use these successfully for PL/SQL and SQL Plus access.
JDBC : - I can connect to the database with both jdbc:oracle:thin ( linking in ojdbc14.jar) and jdbc:oracle:oci by using username and password, so I know my JDBC library linkage is OK, eg. this works fine :
final String url = new String("jdbc:oracle:oci:" + uname + "/" + pword + "@" + environment);
where environment is the SID
I have trawled the Oracle documentation which tells me that OS authentication is not supported for Oracle 10g for the jdbc:oracle:thin driver, so I have tried to connect with jdbc:oracle:oci driver using the following code :
final String url = new String("jdbc:oracle:oci:/@" + environment);
final Driver driver = new oracle.jdbc.OracleDriver();
DriverManager.registerDriver(driver);
final Properties props = new Properties();
conn = DriverManager.getConnection(url);
but this gives the following error :
java.sql.SQLException: ORA-01017: invalid username/password; logon denied
Other info: - The tnsnames.ora file contains nothing but there are entries in the ldap.ora and sqlnet.ora files.
My questions are:
1. Is OS authentication supported for jdbc:oracle:oci with Oracle 10g ? I couldn't find a general statement of whether it works or not.
(NB.The only information I managed to find, on another forum, is that it should be supported but there is a bug and so it does not work, but the author did not post all of his/her platform details, so the bug may only affect his/her situation. )
2. If it is supported and works, could some one suggest what is wrong with my syntax . I could not find an example in any Oracle 10g/JDBC documentation.

If you specify the SID/service_name in the url, you are attempting to connect via SQL*NET and REMOTE_OS_AUTHENT must be set to true in the database. If you are connecting from the same host the database runs on, then just leave the SID off and make sure the ORACLE_SID environment variable is set.
You can reproduce the same error you get in java with
sqlplus /@SID
SQL*Plus: Release 10.2.0.2.0 - Production on Fri Nov 7 12:14:08 2008
Copyright (c) 1982, 2005, Oracle. All Rights Reserved.
ERROR:
ORA-01017: invalid username/password; logon deniedSample Code:
import oracle.jdbc.pool.OracleDataSource;
import java.sql.Connection;
import java.sql.SQLException;
public class conn {
public static void main(String[] args) throws SQLException {
    OracleDataSource ods = new OracleDataSource();
    ods.setURL("jdbc:oracle:oci:/@");
    Connection conn = ods.getConnection();
    conn.close();
}

Authentication to XML DB via WebDAV and SSO

Similar Messages

Maybe you are looking for