Do I have to configure realm policy in Access Manager for IDM SPML Request
Hi all,
I wanted to run a SPML request from my application to the IDM which is presently protected by an AM server. Somehow, I get the following error, while I run a search using SpmlClient:
org.openspml.util.SpmlException: Unsupported response content type "text/html", must be: "text/xml".
Do I have to set a policy in Sun Access manager for the realm? Guys, pls help.
Thanks,
Aneesh.
> I believe as long as you have access to the above two you can turn the CA off if you want.
Enterprise CAs are not intended to be offline. Therefore, you should not turn off them. If these root CAs issue certificates only to subordinate CAs, then you should consider to implement offline Standalone (not Enterprise) Root CAs.
> I believe the location of the CRL is detailed in the CDP which is detailed on the Certs issued but a given CA, so the client can look in the Cert and see what it states about the CDP and thereby get the list of revoked certs.
this is correct.
> to place its CDP at a location other than the default location in case it overwrites the existing CRL at the default location
no, CDP locations should be defined in the post-installation script.
> does the fully qualified X500 name of the CDP include the CA Name (and therefore be unique) and it will not over write the original
yes, LDAP URL includes CA server's NetBIOS name to differentiate between CAs.
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell FCIV tool.
Similar Messages
-
J2ee policy agent + Access Manager sample
Hello,
i would like to secure my j2ee application by using j2ee policy agent in combination with Sun Indentity Manager 6.1 (Access Manager).
I am new in this area, so i would like to ask if somebody know any SAMPLE application / example / turorial that shows step-by-step, how to cover this area.
Thank you very much for any advise or link.
-Eugen...\jstudioE704Q4\AppServer7\domains\domain1\server1\logs\server.log
[26/Sep/2005:18:59:11] INFO ( 1356): CORE3282: stdout: IN WebContainer>>moduleDeployed: customerinfoabout to close all connections
[26/Sep/2005:18:59:12] INFO ( 1356): CORE3276: Installing a new configuration
[26/Sep/2005:18:59:17] INFO ( 1356): WEB0100: Loading web module [CustomerInfo] in virtual server [server1] at [CustomerInfo]
[26/Sep/2005:18:59:17] INFO ( 1356): WEB0121: Enabling no persistence for web module [CustomerInfo]'s sessions: persistence-type = [memory]
[26/Sep/2005:18:59:17] INFO ( 1356): WEB0100: Loading web module [customerinfo] in virtual server [server1] at []
[26/Sep/2005:18:59:21] INFO ( 1356): CORE3280: A new configuration was successfully installed
[26/Sep/2005:18:59:21] INFO ( 1356): WEB4004: Closing web application environment for virtual server [server1]
[26/Sep/2005:18:59:33] SEVERE ( 1356): HTTP3068: Error receiving request from 192.168.1.222 (Overlapped I/O operation is in progress.)
[26/Sep/2005:18:59:33] SEVERE ( 1356): HTTP3068: Error receiving request from 192.168.1.222 (Overlapped I/O operation is in progress.)
[26/Sep/2005:18:59:33] SEVERE ( 1356): HTTP3068: Error receiving request from 192.168.1.222 (Overlapped I/O operation is in progress.)
[26/Sep/2005:18:59:33] INFO ( 1356): CORE3282: stdout: LENGTH_OF_GENERATED_UUID = 29
[26/Sep/2005:19:00:29] INFO ( 1356): CORE3282: stdout: IN WebContainer>>moduleRedeployed: /customerinfoabout to close all connections
[26/Sep/2005:19:00:29] INFO ( 1356): CORE3276: Installing a new configuration
[26/Sep/2005:19:00:30] INFO ( 1356): WEB0100: Loading web module [CustomerInfo] in virtual server [server1] at [CustomerInfo]
[26/Sep/2005:19:00:30] INFO ( 1356): WEB0121: Enabling no persistence for web module [CustomerInfo]'s sessions: persistence-type = [memory]
[26/Sep/2005:19:00:30] INFO ( 1356): WEB0100: Loading web module [customerinfo] in virtual server [server1] at []
[26/Sep/2005:19:00:31] INFO ( 1356): CORE3280: A new configuration was successfully installed
[26/Sep/2005:19:00:31] INFO ( 1356): WEB4004: Closing web application environment for virtual server [server1]
[26/Sep/2005:19:09:30] INFO ( 1356): CORE3282: stdout: IN WebContainer>>moduleRedeployed: /customerinfoabout to close all connections
[26/Sep/2005:19:09:31] INFO ( 1356): CORE3276: Installing a new configuration
[26/Sep/2005:19:09:31] INFO ( 1356): WEB0100: Loading web module [CustomerInfo] in virtual server [server1] at [CustomerInfo]
[26/Sep/2005:19:09:31] INFO ( 1356): WEB0121: Enabling no persistence for web module [CustomerInfo]'s sessions: persistence-type = [memory]
[26/Sep/2005:19:09:31] INFO ( 1356): WEB0100: Loading web module [customerinfo] in virtual server [server1] at []
[26/Sep/2005:19:09:33] INFO ( 1356): CORE3280: A new configuration was successfully installed
[26/Sep/2005:19:09:33] INFO ( 1356): WEB4004: Closing web application environment for virtual server [server1]
[26/Sep/2005:19:09:49] SEVERE ( 1356): HTTP3068: Error receiving request from 192.168.1.222 (Overlapped I/O operation is in progress.)
[26/Sep/2005:19:10:43] INFO ( 1356): CORE3282: stdout: IN WebContainer>>moduleRedeployed: /customerinfoabout to close all connections
[26/Sep/2005:19:10:43] INFO ( 1356): CORE3276: Installing a new configuration
[26/Sep/2005:19:10:44] INFO ( 1356): WEB0100: Loading web module [CustomerInfo] in virtual server [server1] at [CustomerInfo]
[26/Sep/2005:19:10:44] INFO ( 1356): WEB0121: Enabling no persistence for web module [CustomerInfo]'s sessions: persistence-type = [memory]
[26/Sep/2005:19:10:44] INFO ( 1356): WEB0100: Loading web module [customerinfo] in virtual server [server1] at []
[26/Sep/2005:19:10:45] INFO ( 1356): CORE3280: A new configuration was successfully installed
[26/Sep/2005:19:10:45] INFO ( 1356): WEB4004: Closing web application environment for virtual server [server1]
I found no LOG file neither in
...\jstudioE704Q4\PolicyAgent\IdentityServer\j2ee_agents\logs
nor in
...\jstudioE704Q4\PolicyAgent\IdentityServer\j2ee_agents\logs\D__Sun_jstudioE704Q4_AppServer7_domains_domain1_server1_config\
Do you know any other log files to chek ?
Thanks.
--Eugen -
Configure Dymamic Domain in Access Manager . . .
Hi,
I have a two question :
1. If i configured policies that protected resources as :
http://my.test.domain.com:8080/webapplication/manager/*
http://my.test.domain.com:8080/webapplication/employee/*
http://my.test.domain.com:8080/webapplication/officer/*
and so on.
If i change domain that i deployed above webapplication to other domain as : http://example.com.com:8888/ .
Have i configure again All policies above ?
It is very bad. If We want to change other domain.
Do you have a way to resolve this problem ?
2. When i configure JDBC authentication.
Field password store in database, it encode by SHA algorithm.
How to configure in Access Manager that i can login into my web application that i security.
Thank for very help.
Nguyen
Edited by: nguyenlikejava on Jan 25, 2008 1:36 AM
Edited by: nguyenlikejava on Jan 25, 2008 1:37 AMHi,
Were you successful in configuring a landing page in the Authentication Policies.
I have similar requirement, but it doesnot work somehow the login page goto parameter seems to take preference.
Any help is higly appreciated
thanks -
Have loaded lion and now can't access office for mac or apple works as it says it does not support power pc applications, how can I acces them or better still reinstate them please?
MS-Office for Mac versions 2004 and older do not run in Lion since these are PPC-apps for which Apple has dropped support.
Free alternatives to open Word and Excel files:
NeoOffice http://www.neooffice.org/neojava/en/index.php
OpenOffice http://www.openoffice.org/
Or get the 2011 MS-Office -
Configuration of APEX applications to use Oracle Access Manager for Login
Is there Oracle documentation on configuring an APEX application to accept a login id passed by Oracle Access Manager? Would someone please help with some instructions on how to do it. Thanks.
Hi Ravi,
this looks like a WLS issue.
1-You can try as a workaround to remove this validator configuration in taglib definition file: .tld and see the behavior.
2-Or you are missing something into url.
I hope this helps,
Thiago Leoncio. -
Error while configuring IWA in Oracle Access Manager
This is the error that I get:
"The credentials (REMOTE_USER=MyUser Resource=/edm/ RequesterIP=172.25.164.82 Operation=GET) used in the login do not correspond to a user profile in the Identity System."
I definitely have this user in AD as well as Netscape DS. My OAM configuration points to Netscape Directory. While the IWA login happens successfully, the WebGate is not able to identify this user in Netscape. What could be the possible reasons for this error?
Kindly let me know.
Thanks,
Prashant.Thanks Boland. That solved the problem. I was using samaccountname from AD, instead of uid from Netscape.
-Prashant. -
How to Configure Landing pages in Access Manager
On successful authentication, I need to redirect every user to to a specific page - Landing page. Which property I shoud set in AMagent.properties file to do that ?
Thanks
Abhijeet_tcsHi,
Were you successful in configuring a landing page in the Authentication Policies.
I have similar requirement, but it doesnot work somehow the login page goto parameter seems to take preference.
Any help is higly appreciated
thanks -
I now have CC, when I downloaded the Application Manager for it, its only listing CS6 programs
I just subscribed to CC and downloaded the application manager which lists all the adobe programs I can now have on my Win7 machine. Every one of them shows CC. I ran it on my Vista machine also and its shows everything there also but as CS6. Why doesnt it show CC as well?
Hi Kellyjaye1,
Please refer to the system requirement of Creative Cloud applications.
http://www.adobe.com/in/products/creativecloud/tech-specs.html
Please let me know if you have any other question.
Regards,
Sumit Singh -
Exporting Access Manager configuration
Is there a way that one can import and export Access Manager configurations (i.e. realms, datastores, policy configs, etc) from an existing installed instance?
We have a number of environments planned to host Access Manager for different project phases (e.g. test, staging, production). We want to configure one AM instance only, and then simply apply all configs in other environments in an easy manner. At the moment we have to manually enter all configuration details through the Access Manager web console; huge hassle!Hi,
You need to user "amadmin" script for this to export xml configuration files ( amPolicyConfig.xml, amAuthDataStore.xml ).
You can also try something "brute-force" like exporting configurations from LDAP server to ldif, modifying the necessary stuff ( server-names etc, platform id ) and then importing them to another environment with AM installed. I have done this for AM 7.1 before discovering the export tools, it works.
Hope it helps,
Andrei -
Policy Agent doesn't reset Sun Access Manager session time idle value
Hi,
We have the following setup in our environment:
- apache web server/web and policy agent 2.2 for apache 2.0.54
- webmethods portal server (jetty)
-Sun Access Manager (with Sun Directory Server)
We use policy agent for authentication purpose only (via Sun Access Manager/LDAP) when the users access the portal. We have custom code that creates session in Sun Access Manager for custom LDAP services. For testing purpose, we configure SAM session to have Max Session Timeout at 120mins and Time Idle at 15mins. I would assume that, after the initial login request, for all subsequent accesses to the portal the policy agent should intercept the request and reset the Time Idle value of SAM session. However, when I monitor time idle value using SAM console, session tab, the time idle value didn't change when the portal user access pages, submit actions, etc. I can see in the debug log of policy agent that requests are being intercepted/processed, but the time idle didn't get reset.
Does anyone know if this is a bug in configuration or in policy agent itself or am I making the wrong assumption?
Thanks a lot for the help.Thanks for the reply, Shivaram. The issue appears to occur at random time, not accurately at the 3 min interval as you mention. I tested changing this value to 1, theoretically, after one 1 minute of idle time, accessing a link would make the agent reset the time idle value for the user session in SAM, but it didn't even after 3 minutes. This seems to be either a policy agent or system access manager bug.
We performed a 'vanilla' test using the apache server manual pages (only plain HTML, no POST requests), the pages are protected by the policy agent. At the first login, rwe were prompted to enter credential to be validated by SAM/LDAP, and then a user session is created in SAM session table. We browse around the manual pages, once in a while, certain pages cause the policy agent to reset the time idle. However, revisiting these links after a few minutes doesn't reset the idle value. Caching setting has been disable as well. Could there be or lack of some settings in AMConfig.properties or AMAgent.properties that might have caused this behavior?
Thanks for all your help, -
NSAPI in Access Manager & Policy Agent
Hi all,
May I know is it possible to use NSAPI to be a communication channel between policy agent and access manager?
I have installed Sun One Web Server together with policy agent, access manager is installed in another machine.
I've looked through all related documentation but could not find NSAPI for policy agent or access manager.
Thanks in advance!Hi all,
May I know is it possible to use NSAPI to be a communication channel between policy agent and access manager?
I have installed Sun One Web Server together with policy agent, access manager is installed in another machine.
I've looked through all related documentation but could not find NSAPI for policy agent or access manager.
Thanks in advance! -
Configuring Content Manager for artesia
Does anyone have experience configuring the WL PS Content Manager to use a 3rd party content management system? Specifically, I'm trying to configure it to work with artesia's TEAMS product.I'd like to know if anyone has done this successfully before and, if so, what updates had to be made to the defualt configuration.Thanks,Don
That's quite the question. Before even attempting to answer, what do you know about OIM? Have you configured any connectors to understand how OIM works and the objects that make up a connector?
-Kevin -
Configure the tcode SCOT and SMTP for the SPM module in the R/3
Hello,
I want to know if I have to configure the tcode SCOT and SMTP for the SPM module (SAP GRC AC 5.3 SP5) in the R/3 if I want to send information toe the owner & controller.
Best Regards.
Pablo Mortera.Pablo,
This would normally be a basis function. Be very careful as this is not specific to GRC.
This will impact any external notifications using email / fax etc.
It will also depend on your version and infrastructure.
If you have web application servers, you will be able to do a lot more than if you have standard (older) application servers.
You need to create a node under the INT and assign the appropriate tcp / ip rfc connection to direct it to your email server.
You will then need to define the types of communications to be sent via that method and any appropriate email domain settings.
You also need to create and set the appropriate send jobs to run periodically which will then automatically call the rfcs to process the waiting documents.
Simon -
How to configura multiple ldap server to the sun access manager
Hi,
please help how to configure multiple ldap server to the sun access manager, for example access manager does't find the user in ldap1 then it should search in ldap2.
Thanks
MouliThere�s no need for deleting the default amSDK based datastore because it�s needed for some default accounts.
You may try to create the datastore using the commandline (amadmin)
Have a look /etc/opt/SUNWam/config/xml/idRepoService.xml
You may also try to create amadmin account in the external ldap directory.
(Un)fortunately i�ve never tried to remove the default datastore.
-Bernhard -
CONFIGURE RETENTION POLICY TO REDUNDANCY 0
Our database is 11g R2, below is our RMAN script
Presently our retention policy is 1, so 1 backup is retained along with the current backup.
I Just want to have 1 backup, i.e RMAN should take the backup and delete the old bacup.
Will it work if i change the retention policy to 0 ?
RUN
ALLOCATE CHANNEL ch1 DEVICE TYPE DISK;
ALLOCATE CHANNEL ch2 DEVICE TYPE DISK;
ALLOCATE CHANNEL ch3 DEVICE TYPE DISK;
DELETE NOPROMPT OBSOLETE;
BACKUP DATABASE INCLUDE CURRENT CONTROLFILE format 'G:\Oracle\flash_recovery_area\BACKUPSET\tmp\rman_backup\df_%d_%s_%p_%T';
SQL "ALTER SYSTEM ARCHIVE LOG CURRENT";
BACKUP ARCHIVELOG ALL DELETE INPUT format 'G:\Oracle\flash_recovery_area\BACKUPSET\tmp\rman_backup\df_%d_%s_%p_%T';
RMAN> show all
2> ;
using target database control file instead of recovery catalog
CONFIGURE RETENTION POLICY TO REDUNDANCY 1;
CONFIGURE BACKUP OPTIMIZATION OFF; # defaultEdited by: user10243788 on Apr 24, 2012 1:14 AMuser10243788 wrote:
Our database is 11g R2, below is our RMAN script
Presently our retention policy is 1, so 1 backup is retained along with the current backup.
I Just want to have 1 backup, i.e RMAN should take the backup and delete the old bacup.
Will it work if i change the retention policy to 0 ?You cannot set the retention policy to redundancy 0 because redundancy count must be greater than zero.
>
RUN
ALLOCATE CHANNEL ch1 DEVICE TYPE DISK;
ALLOCATE CHANNEL ch2 DEVICE TYPE DISK;
ALLOCATE CHANNEL ch3 DEVICE TYPE DISK;
DELETE NOPROMPT OBSOLETE;
BACKUP DATABASE INCLUDE CURRENT CONTROLFILE format 'G:\Oracle\flash_recovery_area\BACKUPSET\tmp\rman_backup\df_%d_%s_%p_%T';
SQL "ALTER SYSTEM ARCHIVE LOG CURRENT";
BACKUP ARCHIVELOG ALL DELETE INPUT format 'G:\Oracle\flash_recovery_area\BACKUPSET\tmp\rman_backup\df_%d_%s_%p_%T';
}Just switch the order of operation:
use
BACKUP DATABASE INCLUDE CURRENT CONTROLFILE format 'G:\Oracle\flash_recovery_area\BACKUPSET\tmp\rman_backup\df_%d_%s_%p_%T';
DELETE NOPROMPT OBSOLETE;
instead of
DELETE NOPROMPT OBSOLETE;
BACKUP DATABASE INCLUDE CURRENT CONTROLFILE format 'G:\Oracle\flash_recovery_area\BACKUPSET\tmp\rman_backup\df_%d_%s_%p_%T';
You can also exclude the operation SQL "ALTER SYSTEM ARCHIVE LOG CURRENT" because BACKUP ARCHIVELOG ALL implicitly switch logfile before archiving.
Maybe you are looking for
-
Unable to open Mail. Home directory is full.
Suddenly I can no longer open my Mail program. The error message I am confronted with is: "Mail cannot update your mailboxes because your home directory is full. You must free up space in your home folder before using Mail. Delete unneded documents o
-
Calendar Crashing in OS X Mavericks
Hi. After upgrading to Mavericks, cannot use Calendar. Crashes with below message seconds after launch. Tried all the work arounds in the forum and internent. None working for me. Is there any working solution for this? Thanks Amin Process: C
-
I just replaced my second monitor (Studio Display 17") with a new Apple Cinema Display (20" flat panel) and now when I select a file on my Desktop and hit the space bar the window opens in the second monitor, but when I open a new finder window and s
-
Hi, My requirement is to update the table EBAN(Purchase Requisition). Let us suppose that there are 3 items in the purchase requisition. If I make any changes to any of the item, the other two items need to be updated with the same changes. I am usin
-
Video does not play: "Either windows doesn't support the item's file format......"
Error message "Either windows doesn't support the item's file format or the content doesn't match the extension" I have both a Yoga and a Thinkpad 2. The Yoga is running Win 8 and the Thinkpad 2 has 8.1 Preview. I have copied multiple video files whi