OIM: Extending Security Outside of the Enterprise

o.k., long story short, we have an installation of OIM 10.1.4 governing our enterprise security. we have many custom Java J2EE applications registered as Partner Applications on the domain, some using the SSO SDK, and others using MOD_OSSO. everything is working just fine within the enterprise, on our primary security domain. so, pretending our domain is "secure.com", we have "https://app1.secure.com", "https://anotherapp.secure.com", etc., and everyone is playing nicely together.
however, as our company grows and expands, we are starting to get requests from external organizations to integrate via SSO with our security enterprise. again, they are outside of our enterprise, with completely different servers and applications, and would not / could not be on our "secure.com" domain. i don't know all the details, but their applications have their own internal user base, security, etc...
now, i do understand there would be issues around synchronizing user stores, etc., but putting that aside for a minute... is there any way to "extend the reach" of our enterprise security (using Oracle technologies or other...), such that once someone has presented valid credentials on our "secure.com" server, i could return them to "othercompany.com" as a valid user...?
obviously, i can think of Java code i could write that passes an encrypted value around, like Oracle does, but writing my own security code doesn't necessarily sound like a promising option, especially when experts have already written software like this.
so, given a primary user store at our location, and federated user stores elsewhere on other domains, how might i extend our enterprise security and SSO infrastructure safely outside our network?
thanks,
.rich

Hi rhoward,
In most cases, I would say, from a practical standpoint, the answer to your question is "yes".
I suppose that it might be possible to cobble together your own federation endpoint :)...
The thing is that OASIS specifies a number of different "profiles" (=~usage scenarios), and some of them can get pretty complicated, with re-directs going all over the place.
The benefit of using a commercial federation "product" would be that assuming you picked the right one, it would provide the pieces for all of the profiles that you need to support (I don't know which ones, because that will depend on what you need).
It's been awhile since I've worked directly in the federation space, but there were basically 3 "players" awhile ago, Oracle (OIF), RSA (FIM) and Ping Identity. Sun had a federation product as part of their "FAM" product line, but I don't know what the status of that is now.
So, it all depends on what you need. FYI, among the OASIS profiles, the XASP is probably the least complicated, basically just a request-response, but integrating that into a WAM can be a challenge.
Jim

Similar Messages

My CEO forgot the Enterprise Security passcode.

My CEO has forgotten the Enterprise security passcode that he set up on his iPhone 4. iTunes gives me an error saying that it can't connect to the phone because of the passcode even when it is in restore mode. Any suggestions from the community how to unlock this phone?

It may be possible to sync the device with the computer it normally syncs with, restoring from backup and removing the security code.
If that does not work, place the device in DFU mode and restore as new.

OIM (11.1.2.0.0) Enterprise Application is in 'failed' state

Problem Summary
OIM (11.1.2.0.0) Enterprise Application is in 'failed' state after the installation and configuratio
Problem Description
We have installed IDM suite relese2, as part of this Oracle SOA, OIM is installed and configigured; All the manage server and Admin server are up and running. When i look into OIM manage server -> deployments one of the application 'OIM (11.1.2.0.0) ' is in failed state.
Below are the errors it thrown
<BEA-149205> <Failed to initialize the application 'oim [Version=11.1.2.0.0]' due to error java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword" "read").
java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
at java.security.AccessController.checkPermission(AccessController.java:560)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
Truncated. see log file for complete stacktrace
Caused By: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
at java.security.AccessController.checkPermission(AccessController.java:560)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
Truncated. see log file for complete stacktrace
Edited by: 1000558 on Apr 17, 2013 1:25 AM

No,
The OIM 11.1.2.1 is PS1.
You can apply BP of PS1 on OIM 11.1.2.1 only.
You can not apply BP of PS1 to 11.1.2.0.10. Oracle some times provide PSA(Patch set assitance) to upgrade to PS1. You can better check with Oracle about uses on this.
~J

Apex use in the enterprise?

Any Apex experts care to respond to the list of advantages / disadvantages that we have come up with - while doing due diligence for potential rollout of Apex as a development platform for the enterprise?
Many thanks in advance.
Please note that we know little to nothing about Apex. But we do know the database. I have read other threads in this forum where it is mentioned that all database utilites (dbms_*) are available to be used in apex - and this is a major plus point - agreed. Do know that metalink is apex based.
Would love to have oracle apex developers respond.
Oracle Application Express Architecture - Due Diligence
Advantages
(1)     RAD development for data centric Web applications.
(2)     Out of box support for some HTML page templates. For example, sort, search, save data to CSV, ...
(3)     Reduce required skill sets for PL/SQL developers on web application development.
(4)     Performance boost on a small scale non-enterprise Web applications.
(5)     Single vendor within integrated Oracle administration environment.
(6)     Out of box charting and reporting supports.
Disadvantages
(1)     Application operates within Oracle instance which imposes considerable resource overheads due to HTTP session tracking and JVM environment.
(2)     APEX supports through discussion forum not a formal support channel.
(3)     This two tier non-SOA data centric configuration requires high end machines to power up Oracle instances for mission critical applications. N-tier SOA architecture can easily scale up and scale out by using economic efficient hardware.
(4)     A non-traditional security configuration requires either database accounts or APEX accounts.
(5)     It requires very specific skill sets if future application enhancements does not fall into out of box APEX templates.
(6)     Single Sign On (SSO) requires add-on SDK which makes it quite difficult and sometimes impossible to integrate with other applications.
(7)     It operates under Oracle HTTP server with J2EE environment. This requires a different technology expertise for performance tuning.
(8)     APEX application is vendor specific and offers no portability at all.
Summary
(1)     APEX is targeted to replace MS Access like applications to provide better security, scalability and stability.
(2)     APEX is well suited for web RAD development by DBAs.
(3)     APEX is suited for data centric application such as maintain some database records….
(4)     APEX is not suited for provisioning services.
(5)     APEX is not suited for high volume transaction Web applications.
(6)     APEX is not suited for any applications required LDAP typed security or SSO.
(7)     APEX does not provide any portability outside of Oracle.

I think you need to review some of these comments..
Any Apex experts care to respond to the list of
advantages / disadvantages that we have come up with
- while doing due diligence for potential rollout of
Apex as a development platform for the enterprise?
Many thanks in advance.
Please note that we know little to nothing about
Apex. But we do know the database. I have read other
threads in this forum where it is mentioned that all
database utilites (dbms_*) are available to be used
in apex - and this is a major plus point - agreed. Do
know that metalink is apex based.
Would love to have oracle apex developers respond.
Oracle Application Express Architecture - Due
Diligence
Advantages
(1)     RAD development for data centric Web
applications.
(2)     Out of box support for some HTML page templates.
For example, sort, search, save data to CSV, ...
(3)     Reduce required skill sets for PL/SQL developers
on web application development.
(4)     Performance boost on a small scale non-enterprise
Web applications.
(5)     Single vendor within integrated Oracle
administration environment.
(6)     Out of box charting and reporting supports.
Disadvantages
(1)     Application operates within Oracle instance which
imposes considerable resource overheads due to HTTP
session tracking and JVM environment.What exactly is the point in this comment? APEX applications run in the database, they do NOT rely on the JVM...
(2)     APEX supports through discussion forum not a
formal support channel.APEX DOES get support from the standard Oracle tech support. However, I would think it is faster to post a message HERE and get a response from the actual developers of the product than having to go through channels..
(3)     This two tier non-SOA data centric configuration
requires high end machines to power up Oracle
instances for mission critical applications. N-tier
SOA architecture can easily scale up and scale out by
using economic efficient hardware.However hearty a db server you have now should suffice for using APEX. YOu are in reality running SQL statements against the database.
(4)     A non-traditional security configuration requires
either database accounts or APEX accounts.NOT TRUE. Please review documents again.. YOu can BUILD internal security in application, or rely on LDAP or Single Sign on from Oracle..
(5)     It requires very specific skill sets if future
application enhancements does not fall into out of
box APEX templates.HTML and CSS development skills. If you develop web sites, you should be comfortable with this..
(6)     Single Sign On (SSO) requires add-on SDK which
makes it quite difficult and sometimes impossible to
integrate with other applications.Wrong here again. Please refer to documentation.
(7)     It operates under Oracle HTTP server with J2EE
environment. This requires a different technology
expertise for performance tuning.Sorry, what again?
(8)     APEX application is vendor specific and offers no
portability at all.Unlike ASP or ASP.NET from M$? Or what vendor independent products are you thinking of? Pearl? Ruby on Rails? APEX RUNS in the database, so you'd think it just MIGHT be specific to an Oracle database and Oracle product..
>
>
Summary
(1)     APEX is targeted to replace MS Access like
applications to provide better security, scalability
and stability.More than that actually..
(2)     APEX is well suited for web RAD development by
DBAs.NOT Even close.. Developers DO use it.. DBA's support the database end..
(3)     APEX is suited for data centric application such
as maintain some database records….Not even going to try and get into this.. Data centric applications? What would a non data centric application be again?
(4)     APEX is not suited for provisioning services.Explain this one, please..
(5)     APEX is not suited for high volume transaction
Web applications.Hmm, you mean like Oracle Metalink? Or Ask Tom? These ARE high traffic sites, and gooly gee, they ARE built using APEX..
(6)     APEX is not suited for any applications required
LDAP typed security or SSO.Wrong here, please read the documentation.
(7)     APEX does not provide any portability outside of
Oracle.And how could it, it is based in the database.....
Shesh, does that mean because I can't use a fishing pole to catch deer it has no purpose?
Tony Miller
UTMB/EHN

Airprint in the Enterprise across subnets [Solution]

This is a message to help folks figure out how to setup
Airprint across wired/wireless subnets. Hopefully it will help a few people.
Airprint was designed to work with Bonjour on a local subnet/broadcast domain.
To print in the enterprise where we have wired/wireless infrastructure,
we need to use a DNS server to find the printer resources
Assumptions:
Our internal domain is: foocompany.com
We create a new subdomain: bonjour.foocompany.com
Creating a new subdomain allows up to apply DNS views so we can show print/bonjour services in
close proximity of the user.
You have a CUPS printer server (linux/apple) running at printserver.bonjour.foocompany.com
1. Setup a DNS server
If you setting up a test domain server, you can setup forwarding to your primary production server.
This way all DNS queries continue to work
In your named.conf file setup forwarding
options {
forwarders { YOURTOPNAMESERVER_IPADDR; YOURTOPNAMESERVER_IPADDR2; };
forward first;
allow-query-cache { any; }; // Allow client queries from other subnet to query from cache
Create a new zone, "bonjour.foocompany.com"
zone "bonjour.foocompany.com." { type master; file "/etc/bind/db.home"; };
zone "foocompany.com" { type forward; forward only; forwarders { YOURTOPNAMESERVER_IPADDR; YOURTOPNAMESERVER_IPADDR2; }; };
Create the following entries to support bonjour browsing
#=======DNS====Begin======
lb.dns-sd.udp IN PTR @
b.dns-sd.udp IN PTR @
dr.dns-sd.udp IN PTR @
db.dns-sd.udp IN PTR @
cf.dns-sd.udp IN PTR @
printserver IN A 10.47.203.188
# For every printer queue defined at the printer server you need to create a TXT and SRV entry
# The visual printer name that show up in the iOS listbox will be the part before .ipp.tcp, example "hpv8a", "hpv8acolor"
# _ipp and _printer seem to be equivalents, either seem to work on iOS.
# Printer 1
cups._sub._ipp.tcp IN PTR hpv8a.ipp.tcp
universal._sub._ipp.tcp IN PTR hpv8a.ipp.tcp
#Printer 2
cups._sub._ipp.tcp IN PTR hpv8acolor.printer.tcp
universal._sub._ipp.tcp IN PTR hpv8acolor.printer.tcp
hpv8a.ipp.tcp IN SRV 0 0 631 printserver
hpv8acolor.printer.tcp IN SRV 0 0 631 printserver
# The "adminurl" points to the printer queue url on the CUPS server
# The "rp" key points to the queue name as well
hpv8a.ipp.tcp IN TXT ( "txtvers=1" "qtotl=1" "rp=printers/V8A08A246LJ" "adminurl=http://printserver:631/printers/V8A_08A24
6_LJ" "ty=HP Laserjet V8A" "product=(HP LaserJet 4200)" "transparent=t" "copies=t" "duplex=t" "color=f" "pdl=application/octet-stream,
application/pdf,application/postscript,image/jpeg,image/png,image/urf" "URF=W8,SRGB24,CP1,RS600" )
hpv8acolor.printer.tcp IN TXT ( "txtvers=1" "qtotl=1" "rp=printers/V8A08A246_ColorLJ" "adminurl=http://printserver:
631/printers/V8A08A246_ColorLJ" "ty=HP Laserjet V8A Color" "product=(HP color LaserJet 4650)" "transparent=t" "copies=t" "duplex=t" "
color=t" "pdl=application/octet-stream,application/pdf,application/postscript,image/jpeg ,image/png,image/urf" "printer-type=0x801046" "URF=
W8,SRGB24,CP1,RS600" )
####Printer TEMPLATE
#cups._sub._ipp.tcp IN PTR NAMEX.printer.tcp
#universal._sub._ipp.tcp IN PTR NAMEX.printer.tcp
#NAMEX.ipp.tcp IN SRV 0 0 631 PRINTSERVERDNSNAME
#NAMEX.ipp.tcp IN TXT ( "txtvers=1" "qtotl=1" "rp=printers/QUEUENAME"
# "adminurl=http://PRINTSERVERDNSNAME:631/printers/QUEUENAME"
# "ty=Printer name"
# "product=(Printer PPD model line)" "transparent=t" "copies=t" "duplex=t" "color=f"
# "pdl=application/octet-stream,application/pdf,application/postscript,image/jpeg ,image/png,image/urf"
# "URF=W8,SRGB24,CP1,RS600" )
#=======DNS====End======
2. Setup CUPS
Add printers to the CUPS server.
Enable access to the printer queue from remote machines,
GUI: "System->Admin->Printing->Server->Server Setting: Allow printing from the internet"
Also make sure the following lines are present in /etc/cups/cupsd.conf
# Allow remote access
Port 631
Listen /var/run/cups/cups.sock
AccessLog syslog
AccessLogLevel all
LogLevel debug
MaxLogSize 0
SystemGroup lpadmin
# Enable printer sharing and shared printers.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseRemoteProtocols CUPS
BrowseAddress @LOCAL
BrowseLocalProtocols CUPS dnssd
BrowseProtocols all
DefaultAuthType Basic
3. Change iPAD configs
Add your DNS server as the first DNS server in the network settting page.
Add "bonjour.foocompany.com" to the DNS domains to search
4. Test printing
Open up Photos application.
Select a picture
Select "Send To->Print"
Select "Printer", now a list of printer names should show up as defined in the DNS server
Select a printer and hit "Print"
Fast task switch to Print Center to verify print job is being sent
Thanks
Ashish Desai
Security Architect
Fidelity Investments
email: [email protected]

Update for ios 8:
With ios 8 it appears that _printer and _ipp are no longer equivalent. For this to work it looks like you have to use _ipp._tcp
Also - the underscore characters are important and they are missing from the example above.
Last - you can use the "note" field to add a second line that is displayed in smaller text below the printer name in ios 8.
Here is an updated template:
####Printer TEMPLATE
cups._sub._ipp._tcp IN PTR NAMEX._ipp._tcp
universal._sub._ipp._tcp IN PTR NAMEX._ipp._tcp
NAMEX._ipp._tcp IN SRV 0 0 631 PRINTSERVERDNSNAME
NAMEX._ipp._tcp IN TXT ( "txtvers=1" "qtotl=1" "rp=printers/QUEUENAME"
"adminurl=http://PRINTSERVERDNSNAME:631/printers/QUEUENAME"
"note=more info about printer"
"ty=Printer name"
"product=(Printer PPD model line)" "transparent=t" "copies=t" "duplex=t" "color=f"
"pdl=application/octet-stream,application/pdf,application/postscript,image/jpeg ,image/png,image/urf"
"URF=W8,SRGB24,CP1,RS600" )

Webinar: Change Management and Transport in the Enterprise Portal

SAP NetWeaver Know-How Network Webinar:
Change Management and Transport in the Enterprise Portal
Wednesday 21 July 2004
11 a.m. EDT
On Wednesday 21 July, Scott Jones hosts the webinar titled Change Management and Transport in the Enterprise Portal as part of the ongoing SAP NetWeaver Know-How Network Webinar Series.
Heres how Scott describes his webinar presentation:
Change Management offers special challenges to administrators working in Enterprise Portal 6.0 SP2 environments. This talk provides recommendations and tools, and defines best practices and methods for the effective transport of Enterprise Portal content, with special attention to content dependencies, tracking, and troubleshooting. We'll also look forward to Change Management enhancements coming with Netweaver 04.
SDN invites you to post your questions to the presenter prior to the webinar and continue the online discussion afterward.
How to Participate
(Please go to the SDN Events page to see the article and download the PDF presentation)
Dial-in Information:
Date: Wednesday 21 July 2004
Time: 11 a.m. EDT
Within the U.S., call: +1.888.428.4473
Outside the U.S., call: +1.651.291.0618
Password: NetWeaver04
WebEx Information:
Topic: SAP NetWeaver Know-How Network
Date: Wednesday 21 July 2004
Time: 11 a.m. EDT
Meeting Number: 742391500
Meeting Password: netweaver04 (lowercase)
WebEx Link: sap.webex.com
Replay Information:
A recorded replay of this call will be available for approximately three months after the webinar. Access this recording by dialing the appropriate number and using the replay access code TBD.
Toll-free: +1.800.475.6701
International: +1.320.365.3844
About the SAP NetWeaver Know-How Webinar Series
The SAP NetWeaver Know-How Webinar Series is driven by the SAP NetWeaver Regional Implementation Group (RIG), part of the SAP Development organization. The mission of the SAP NetWeaver RIG is to enable customers, employees, and partners to successfully implement the SAP NetWeaver solution. This SAP RIG has expertise in BI, EP, XI, and WebAS. They contribute their implementation expertise to the SDN implementation forums as well as to the SAP NetWeaver Know-How Webinar Series.
Disclaimer
SDN is not responsible for any changes to the webinar schedule. The webinar schedule may be changed or cancelled without prior notice.

Hello,
In the intresting document I read that for the deployement the version number mentionned in the MANIFEST.MF is very important in a clustered evironment.
SAPnote 727180 - Version of PAR File in Manifest File
denies this.
Can you clear this out?
Kind Regards
Koen Van Loocke

Error ORA-12560 prompts when trying to log in to the Enterprise Manager

Hi all,
I am a newbie to Oracle.
Just installed the Oracle 9i Database Enterprise Edition (9.0.1) into Windows Server 2003 Standard Edition. Problem is encountered when trying to log in to the Enterprise Manager Standalone mode using either system/oracle or scott/tiger as credentials. Error "ORA-12560: TNS:protocol adapter error" prompts.
I tried to check with some configuration and see whether the services are started. Services of "OracleOraHome90TNSListener" and "OracleServiceORCL" have been started and the database exists in the dedicated directory. Environment variables of "ORACLE_HOME" and "ORACLE_SID" have been added manually as the SID is set to orcl, which I just follow what the instruction manual has stated. Moreover, I can't get access using command prompt typing "svrmgrl"; error returned stating " 'svrmgrl' is not recognized as an internal or external command, operable program or batch file."
Another information is that there is no domain set in my server. Just a server with a name being assigned in a workgroup.
Hence, would you mind please advice me what to do in order to get access into the Enterprise Manager? It's quite an urgent task.
A million thx in advance!
Best Regards,
Karen

Hi Jigneshrp,
Thanks for your reply.
It is checked that the listener is running and TNS name service exists. Following your advice, I did create a new listener and another name service and use them, but the same error turns out when trying to log in to the Enterprise Manager again.
Additional information to take note for is that while reconfiguring the existing listener or creating a new listener, a mesage prompts stating "The information provided for this listener is currently in use by other software on this computer. You can proceed with the configuration as it is, but it will not be possible to start this listener until the conflict is resolved. Would you like to continue with the continue with the configuration anyway? Yes/No".
As for the reconfiguration or the new creation of TNS names service, when I am trying to test for the connection, the results in the details pane states that "Connecting... ORA-12560: TNS:protocol adapter error. The test did not succeed...."
Would you mind pls advice me on these?
Furthermore, there exist 2 questions I am wondering is that it is stated in the instruction manual that prior to the installation, a static IP should be specified for it instead of the DHCP one; hence, I wanna ask after the complete insallation, is it that the server should be running in the network, i.e. allow it to get connected with the outside network?
2nd question is that can Oracle 9i Database Server Standard Edition (9.0.1) be installed under a Windows Server 2003 Standard Edition and just a Window XP Professional?
Thanks for your reply.
Best Regards,
Karen

ICloud Usage In The Enterprise

Forgive me if I've posted this in the wrong location, but it seemed to be the best suited area...
With the announcement of iCloud, I've been trying to find information on how it will be managed on devices that are used in the enterprise? The company I work for has approximately 200 iPad users and 300 iPhone 4 users that sync their corporate mail, calendar and contacts to their devices.
Each of these users has tethered their device to their own personal iTunes account so they can add music, apps, video, etc to the device as they wish. We secure these devices using a MobileIron appliance along with Apple MDM certificates that allow us to implement security policies on the devices.
If these users choose to sign up for iCloud, does anyone yet know if it will only allow your me.com account to sync to the cloud? The last thing we would want is for these users to have their corporate mail/contacts/calendars synched to the devices and then simultaneously synched up to iCloud.
Anyone have any suggestions on how we might combat this? Or if it will even be possible to sync accounts via iCloud for anything other than me.com accounts? Thanks!

HI All,
Actually I face the same problem, only mine is using Apple MDM on Lion Server. We plan to deploy 2000 or more iphone 3gs on company cost. Currently in progress and already around 900 devices live using inhouse corporate application.
Our challenge is on security administration things. Wondering if there is somekind like iCloud that we can use in corporate to track the location in case of lost. we are now experiencing already two device lost on duty.
Currently all devices that we already deployed are registered to iCloud using one Apple-ID, no problem on registration process. However when I open iCloud, only limited devices was listed, I think just about 90 devices on the list. Unfortunately the two devices that reported lost are not on the list. So I feel hopeless now.
While MDM can only do Wipe and other things, but can not tracking the location.
Appreciate if someone can give me a clue the alternative to overcome those issue. Thanks.
Regards
AA

The security database on the server does not have a computer account for this workstation trust relationship

When I try to log on to my DC it says "The security database on the server does not have a computer account for this workstation trust relationship". It won't let me log on. I installed another server server 2012r2 (its virtual )
and I can get to ADSI edit.
I think what happened was I had a pc that could not connect without unplugging the network cable. So I found this fix
FIX: “The security database on the server does not have a computer account for this workstation trust relationship”2032011
I’ve seen a lot of solutions, or suggestions rather, with regard to the error in the title of this post. In my experience, the problem can almost always be resolved without extra domain add/removes and reboots, which is the most prevalent solution I have
seen around. Usually, this issue is due to a mismatch between attributes of the computer account in Active Directory and those values on the system itself. Here are the steps I take to fix this issue when it crops up:
Open up Active Directory Users & Computers pointed to the domain the computer account resides in
From the “View” pull-down menu, make sure that “Advanced Features” is checked
Navigate to the part of your organizational unit (OU) structure where the computer account for this server resides
Open the Properties for the computer object
Choose the “Attribute Editor” tab on the Properties dialog box
Check the Attributes dNSHostName & servicePrincipalName – anywhere that a fully qualified hostname is specified (e.g. myserver.mydomainname.com), make sure that the entry matches the hostname
you have configured when you go here on your server: Start -> Computer -> Right-Click, Properties -> Change Settings (under “Computer name, domain… settings”) -> Full Computer Name
As an example, for a fictitious W2K8 R2 server whose Full Computer Name is “srv1.mydomainname.com”, these attribute/value pairs should be in Active Directory:
dNSHostName:
srv1.mydomainname.com
servicePrincipalName:
HOST/SRV1
HOST/srv1.mydomainname.com
RestrictedKrbHost/SRV1
RestrictedKrbHost/srv1.mydomainname.com
TERMSRV/SRV1
TERMSRV/srv1.mydomainname.com"
Not reading it carefully I add a computer with the same name as the pc having the issue and followed the above. The problem is that I did not notice that the spn did not want the name of my server (serv1) but the name of the trouble
pc.
dcdiag output
PS C:\Users\administrator.TOM> dcdiag.exe
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
***Error: DC3 is not a Directory Server. Must specify /s:<Directory Server> or /n:<Naming Context> or nothing to
use the local machine.
ERROR: Could not find home server.
PS C:\Users\administrator.TOM> dcdiag.exe /s:DC2
Directory Server Diagnosis
Performing initial setup:
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\DC2
Starting test: Connectivity
The host 9e0dca7a-d017-445a-b354-adee5ff53d48._msdcs.TOM could not be resolved to an IP address. Check the DN
server, DHCP, server name, etc.
Neither the the server name (DC2.TOM) nor the Guid DNS name (9e0dca7a-d017-445a-b354-adee5ff53d48._msdcs.TOM)
could be resolved by DNS. Check that the server is up and is registered correctly with the DNS server.
Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
......................... DC2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site\DC2
Skipping all tests, because server DC2 is not responding to directory service requests.
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : TOM
Starting test: CheckSDRefDom
......................... TOM passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... TOM passed test CrossRefValidation
Running enterprise tests on : TOM
Starting test: LocatorCheck
......................... TOM passed test LocatorCheck
Starting test: Intersite
......................... TOM passed test Intersite
PS C:\Users\administrator.TOM> regsvr32 schmmgmt.dll
PS C:\Users\administrator.TOM> netdig /fix
netdig : The term 'netdig' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ netdig /fix
+ ~~~~~~
+ CategoryInfo : ObjectNotFound: (netdig:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\administrator.TOM> Setup /PrepareSchema
Setup : The term 'Setup' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ Setup /PrepareSchema
+ ~~~~~
+ CategoryInfo : ObjectNotFound: (Setup:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\administrator.TOM> netdiag /test
netdiag : The term 'netdiag' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ netdiag /test
+ ~~~~~~~
+ CategoryInfo : ObjectNotFound: (netdiag:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\administrator.TOM> nslooup
nslooup : The term 'nslooup' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ nslooup
+ ~~~~~~~
+ CategoryInfo : ObjectNotFound: (nslooup:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\administrator.TOM>

Ok fixed.
At a elevated cmd prompt run ;
C:\Users\administrator.TOM>setspn -x
As you can see the DC serv1 had duplicate SPNs.
Checking domain DC=TOM
Processing entry 1
HOST/serv1.TOM is registered on these accounts:
CN=SERV1,OU=Domain Controllers,DC=TOM
CN=C00049,CN=Computers,DC=TOM
{14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/TOWN-HBWJ29ZOQC is registered on these ac
counts:
CN=Administrator,CN=Users,DC=TOM
CN=TOWN-HBWJ29ZOQC,CN=Computers,DC=TOM
{14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/town-hbwj29zoqc.TOM is registered on thes
e accounts:
CN=Administrator,CN=Users,DC=TOM
CN=TOWN-HBWJ29ZOQC,CN=Computers,DC=TOM
RestrictedKrbHost/serv1 is registered on these accounts:
CN=C00049,CN=Computers,DC=TOM
CN=SERV1,OU=Domain Controllers,DC=TOM
RestrictedKrbHost/serv1.TOM is registered on these accounts:
CN=C00049,CN=Computers,DC=TOM
CN=SERV1,OU=Domain Controllers,DC=TOM
found 5 groups of duplicate SPNs.
Went to the computers OU and changed computer c00049 to the correct SPN. Now I have a new issues, I'll start a new thread.

Error Security BEA-090870 The realm "myrealm" failed to be loaded:

Hi, I am setting up Identity Manager on centos 4.7 with weblogic 10.3. I've followed "Installation and Configuration Guide for BEA WebLogic Server Release 9.1.0.pdf" document. After increasing the memory and setting up the java option, it required post installation tasks. My weblogic domain was unable to start. Please see the error logs below. Thanks in advance.
JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=48m -XX:MaxPermSize=128m
WLS Start Mode=Development
CLASSPATH=:/u01/app/oracle/bea/patch_wlw1030/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/app/oracle/bea/patch_wls1030/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/app/oracle/bea/patch_cie660/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/app/oracle/bea/jdk160_05/lib/tools.jar:/u01/app/oracle/bea/wlserver_10.3/server/lib/weblogic_sp.jar:/u01/app/oracle/bea/wlserver_10.3/server/lib/weblogic.jar:/u01/app/oracle/bea/modules/features/weblogic.server.modules_10.3.0.0.jar:/u01/app/oracle/bea/wlserver_10.3/server/lib/webservices.jar:/u01/app/oracle/bea/modules/org.apache.ant_1.6.5/lib/ant-all.jar:/u01/app/oracle/bea/modules/net.sf.antcontrib_1.0.0.0_1-0b2/lib/ant-contrib.jar::/u01/app/oracle/bea/wlserver_10.3/common/eval/pointbase/lib/pbclient57.jar:/u01/app/oracle/bea/wlserver_10.3/server/lib/xqrl.jar::
PATH=/u01/app/oracle/bea/wlserver_10.3/server/bin:/u01/app/oracle/bea/modules/org.apache.ant_1.6.5/bin:/u01/app/oracle/bea/jdk160_05/jre/bin:/u01/app/oracle/bea/jdk160_05/bin:/u01/app/oracle/product/10.2.0/db_1/bin:/usr/sbin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http://hostname:port/console *
starting weblogic with Java version:
java version "1.6.0_05"
Java(TM) SE Runtime Environment (build 1.6.0_05-b13)
Java HotSpot(TM) Client VM (build 10.0-b19, mixed mode)
Starting WLS with line:
/u01/app/oracle/bea/jdk160_05/bin/java -client -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=48m -XX:MaxPermSize=128m -Xverify:none -da -Dplatform.home=/u01/app/oracle/bea/wlserver_10.3 -Dwls.home=/u01/app/oracle/bea/wlserver_10.3/server -Dweblogic.home=/u01/app/oracle/bea/wlserver_10.3/server -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=/u01/app/oracle/bea/patch_wlw1030/profiles/default/sysext_manifest_classpath:/u01/app/oracle/bea/patch_wls1030/profiles/default/sysext_manifest_classpath:/u01/app/oracle/bea/patch_cie660/profiles/default/sysext_manifest_classpath -Dweblogic.Name=AdminServer -Djava.security.policy=/u01/app/oracle/bea/wlserver_10.3/server/lib/weblogic.policy weblogic.Server
<May 25, 2009 2:23:51 PM PHT> <Notice> <WebLogicServer> <BEA-000395> <Following extensions directory contents added to the end of the classpath:
/u01/app/oracle/bea/user_projects/domains/identitymanager/lib/log4j-1.2.8.jar:/u01/app/oracle/bea/user_projects/domains/identitymanager/lib/mbeantypes/XL10SecurityProviders.jar:/u01/app/oracle/bea/user_projects/domains/identitymanager/lib/nexaweb-common.jar>
<May 25, 2009 2:23:51 PM PHT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Client VM Version 10.0-b19 from Sun Microsystems Inc.>
<May 25, 2009 2:23:51 PM PHT> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3 Fri Jul 25 16:30:05 EDT 2008 1137967 >
<May 25, 2009 2:23:52 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<May 25, 2009 2:23:52 PM PHT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<May 25, 2009 2:23:52 PM PHT> <Notice> <Log Management> <BEA-170019> <The server log file /u01/app/oracle/bea/user_projects/domains/identitymanager/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.>
<May 25, 2009 2:23:58 PM PHT> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: java.lang.NoClassDefFoundError: com/thortech/util/logging/Logger.
weblogic.security.service.SecurityServiceException: java.lang.NoClassDefFoundError: com/thortech/util/logging/Logger
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(Unknown Source)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(Unknown Source)
Truncated. see log file for complete stacktrace
java.lang.NoClassDefFoundError: com/thortech/util/logging/Logger
at com.thortech.xl.security.wl.XellerateAuthenticationProviderImpl.<clinit>(XellerateAuthenticationProviderImpl.java:73)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:51)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
Truncated. see log file for complete stacktrace
java.lang.ClassNotFoundException: com.thortech.util.logging.Logger
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
Truncated. see log file for complete stacktrace
>
<May 25, 2009 2:23:58 PM PHT> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<May 25, 2009 2:23:58 PM PHT> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:
There are 1 nested errors:
weblogic.security.service.SecurityServiceRuntimeException: [Security:090399]Security Services Unavailable
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<May 25, 2009 2:23:58 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<May 25, 2009 2:23:58 PM PHT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<May 25, 2009 2:23:58 PM PHT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>

I had the same error while trying to start the weblogic admin server for my IDM domain to allow me configure OIM server and OIM Design Console on my Window 7 box. What I did were the following steps.
1. I changed to the IDM domain bin directory <MiddlewareHome>\user_projects\domains\idm1_domain\bin
2. I ran the secureWeblogic.bat file as administrator
3. I ran the setDomainEnv.cmd file as administrator
4. I ran the setSOADomainEnv.cmd file as administrator
5. Started my weblogic admin server and it worked.

There is a problem with the server's security certificate. The security certificate is not from a trusted certifying authority. SAP Business One is unable to connect to the server

Hello,
I have an issue with connecting client SB1H on Windows, the scenario is as follows:
1.- Server:
     Suse Linux Enterprise Server 11.3 kernel version: 3.0.76-0.11 IBM
     NDB and Server are review 69 SP06
2.- Client:
     Windows 8 Pro Virtual Machine on Microsoft Hyper-V
     SB1H PL 11 version 32bits
     SAP HANA Studio version 1.0.60
When I run SB1H the following message appears:
There is a problem with the server's security certificate. The security certificate is not from a trusted certifying authority. SAP Business One is unable to connect to the server.
Any idea what could be the solution?

Hi,
Please check SAP notes:
   1993392 - Server components setup wizard: New default values for certificates and single sign-on option
1929288 - Do not configure SSL for XApp during installation or upgrade if XApp is installed on a different machine than the SAP HANA server
Thanks & Regards,
Nagarajan

How can we prevent JTabbedPanes from transferring focus to components outside of the tabs during tab traversal?

Hi,
I noticed a strange focus traversal behavior of JTabbedPane.
During tab traversal (when the user's intention is just to switch between tabs), the focus is transferred to a component outside of the tabs (if there is a component after/below the JTabbedPane component), if using Java 6. For example, if using the SSCCE below...
import java.awt.BorderLayout;
import java.awt.event.FocusAdapter;
import java.awt.event.FocusEvent;
import java.awt.event.KeyEvent;
import javax.swing.Box;
import javax.swing.BoxLayout;
import javax.swing.JButton;
import javax.swing.JFrame;
import javax.swing.JPanel;
import javax.swing.JScrollPane;
import javax.swing.JTabbedPane;
import javax.swing.JTextField;
import javax.swing.SwingUtilities;
public class TabbedPaneTest extends JPanel {
 public TabbedPaneTest() {
 super(new BorderLayout());
 JTabbedPane tabbedPane = new JTabbedPane();
 tabbedPane.addTab("Tab 1", buildPanelWithChildComponents());
 tabbedPane.setMnemonicAt(0, KeyEvent.VK_1);
 tabbedPane.addTab("Tab 2", buildPanelWithChildComponents());
 tabbedPane.setMnemonicAt(1, KeyEvent.VK_2);
 tabbedPane.addTab("Tab 3", buildPanelWithChildComponents());
 tabbedPane.setMnemonicAt(2, KeyEvent.VK_3);
 tabbedPane.addTab("Tab 4", buildPanelWithChildComponents());
 tabbedPane.setMnemonicAt(3, KeyEvent.VK_4);
 JPanel panel = new JPanel(new BorderLayout());
 panel.add(tabbedPane);
 JButton button = new JButton("Dummy component that gains focus when switching tabs");
 panel.add(button, BorderLayout.SOUTH);
 * To replicate the focus traversal issue, please follow these steps -
 * 1) Run this program in Java 6; and then
 * 2) Click on a child component inside any tab; and then
 * 3) Click on any other tab (or use the mnemonic keys ALT + 1 to ALT 4).
 button.addFocusListener(new FocusAdapter() {
 @Override
 public void focusGained(FocusEvent e) {
 System.err.println("Gained focus (not supposed to when just switching tabs).");
 add(new JScrollPane(panel));
 private JPanel buildPanelWithChildComponents() {
 JPanel panel = new JPanel();
 BoxLayout boxlayout = new BoxLayout(panel, BoxLayout.PAGE_AXIS);
 panel.setLayout(boxlayout);
 panel.add(Box.createVerticalStrut(3));
 for (int i = 0; i < 4; i++) {
 panel.add(new JTextField(10));
 panel.add(Box.createVerticalStrut(3));
 return panel;
 public static void main(String[] args) {
 SwingUtilities.invokeLater(new Runnable() {
 public void run() {
 JFrame frame = new JFrame("Test for Java 6");
 frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
 frame.add(new TabbedPaneTest());
 frame.pack();
 frame.setVisible(true);
... Then we can replicate this behavior by following these steps:
1) Run the program in Java 6; and then
2) Click on a child component in any of the tabs; and then
3) Click on any other tab (or use the mnemonic keys 'ALT + 1' to 'ALT + 4').
At step 3 (upon selecting any other tab), the focus would go to the component below the JTabbedPane first (hence the printed message in the console), before actually going to the selected tab.
This does not occur in Java 7, so I'm assuming it is a bug that is fixed. And I know that Oracle suggests that we should use Java 7 nowadays.
The problem is: We need to stick to Java 6 for a certain application. So I'm looking for a way to fix this issue for all our JTabbedPane components while using Java 6.
So, is there a way to prevent JTabbedPanes from passing the focus to components outside of the tabs during tab traversal (e.g. when users are just switching between tabs), in Java 6?
Note: I've read the release notes between Java 6u45 to Java 7u15, but I was unable to find any changes related to the JTabbedPane component. So any pointers on this would be deeply appreciated.
Regards,
James

Hi Kleopatra,
Thanks for the reply.
Please allow me to clarify first: Actually the problem is not that the child components (inside tabs) get focused before the selected tab. The problem is: the component outside of the tabs gets focused before the selected tab. For example, the JButton in the SSCCE posted above gets focused when users switch between tabs, despite the fact that the JButton is not a child component of the JTabbedPane.
It is important for me to prevent this behavior because it causes a usability issue for forms with 'auto-scrolling' features.
What I mean by 'auto-scrolling' here is: a feature where the form automatically scrolls down to show the current focused component (if the component is not already visible). This is a usability improvement for long forms with scroll bars (which saves the users' effort of manually scrolling down just to see the focused component).
To see this feature in action, please run the SSCCE below, and keep pressing the 'Tab' key (the scroll pane will follow the focused component automatically):
import java.awt.BorderLayout;
import java.awt.Component;
import java.awt.GridBagConstraints;
import java.awt.GridBagLayout;
import java.awt.Insets;
import java.awt.event.FocusAdapter;
import java.awt.event.FocusEvent;
import java.awt.event.KeyEvent;
import javax.swing.JButton;
import javax.swing.JComponent;
import javax.swing.JFrame;
import javax.swing.JLabel;
import javax.swing.JPanel;
import javax.swing.JScrollPane;
import javax.swing.JTabbedPane;
import javax.swing.JTextField;
import javax.swing.JViewport;
import javax.swing.SwingUtilities;
public class TabbedPaneAutoScrollTest extends JPanel {
 private AutoScrollFocusHandler autoScrollFocusHandler;
 public TabbedPaneAutoScrollTest() {
 super(new BorderLayout());
 autoScrollFocusHandler = new AutoScrollFocusHandler();
 JTabbedPane tabbedPane = new JTabbedPane();
 tabbedPane.addTab("Tab 1", buildPanelWithChildComponents(20));
 tabbedPane.setMnemonicAt(0, KeyEvent.VK_1);
 tabbedPane.addTab("Tab 2", buildPanelWithChildComponents(20));
 tabbedPane.setMnemonicAt(1, KeyEvent.VK_2);
 tabbedPane.addTab("Tab 3", buildPanelWithChildComponents(20));
 tabbedPane.setMnemonicAt(2, KeyEvent.VK_3);
 tabbedPane.addTab("Tab 4", buildPanelWithChildComponents(20));
 tabbedPane.setMnemonicAt(3, KeyEvent.VK_4);
 JPanel panel = new JPanel(new BorderLayout());
 panel.add(tabbedPane);
 JButton button = new JButton("Dummy component that gains focus when switching tabs");
 panel.add(button, BorderLayout.SOUTH);
 * To replicate the focus traversal issue, please follow these steps -
 * 1) Run this program in Java 6; and then
 * 2) Click on a child component inside any tab; and then
 * 3) Click on any other tab (or use the mnemonic keys ALT + 1 to ALT 4).
 button.addFocusListener(new FocusAdapter() {
 @Override
 public void focusGained(FocusEvent e) {
 System.err.println("Gained focus (not supposed to when just switching tabs).");
 button.addFocusListener(autoScrollFocusHandler);
 JScrollPane scrollPane = new JScrollPane(panel);
 add(scrollPane);
 autoScrollFocusHandler.setScrollPane(scrollPane);
 private JPanel buildPanelWithChildComponents(int numberOfChildComponents) {
 final JPanel panel = new JPanel(new GridBagLayout());
 final String labelPrefix = "Dummy Field ";
 final Insets labelInsets = new Insets(5, 5, 5, 5);
 final Insets textFieldInsets = new Insets(5, 0, 5, 0);
 final GridBagConstraints gridBagConstraints = new GridBagConstraints();
 JTextField textField;
 for (int i = 0; i < numberOfChildComponents; i++) {
 gridBagConstraints.insets = labelInsets;
 gridBagConstraints.gridx = 1;
 gridBagConstraints.gridy = i;
 panel.add(new JLabel(labelPrefix + (i + 1)), gridBagConstraints);
 gridBagConstraints.insets = textFieldInsets;
 gridBagConstraints.gridx = 2;
 textField = new JTextField(22);
 panel.add(textField, gridBagConstraints);
 textField.addFocusListener(autoScrollFocusHandler);
 return panel;
 public static void main(String[] args) {
 SwingUtilities.invokeLater(new Runnable() {
 public void run() {
 JFrame frame = new JFrame("Test for Java 6 with auto-scrolling");
 frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
 frame.add(new TabbedPaneAutoScrollTest());
 frame.setSize(400, 300);
 frame.setVisible(true);
* Crude but simple example for auto-scrolling to focused components.
* Note: We don't actually use FocusListeners for this feature,
* but this is short enough to demonstrate how it behaves.
class AutoScrollFocusHandler extends FocusAdapter {
 private JViewport viewport;
 private JComponent view;
 public void setScrollPane(JScrollPane scrollPane) {
 viewport = scrollPane.getViewport();
 view = (JComponent) viewport.getView();
 @Override
 public void focusGained(FocusEvent event) {
 Component component = (Component) event.getSource();
 view.scrollRectToVisible(SwingUtilities.convertRectangle(component.getParent(),
 component.getBounds(), view));
Now, while the focus is still within the tab contents, try to switch to any other tab (e.g. by clicking on the tab headers, or by using the mnemonic keys 'ALT + 1' to 'ALT + 4')...
... then you'll notice the following usability issue:
1) JRE 1.6 causes the focus to transfer to the JButton (which is outside of the tabs entirely) first; then
2) In response to the JButton gaining focus, the 'auto-scrolling' feature scrolls down to the bottom of the form, to show the JButton. At this point, the tab headers are hidden from view since there are many child components; then
3) JRE 1.6 transfers the focus to the tab contents; then
4) The 'auto-scrolling' feature scrolls up to the selected tab's contents, but the tab header itself is still hidden from view (as a side effect of the behavior above); then
5) Users are forced to manually scroll up to see the tab headers whenever they are just switching between tabs.
In short, the tab headers will be hidden when users switch tabs, due to the Java 6 behavior posted above.
That is why it is important for me to prevent the behavior in my first post above (so that it won't cause usability issues when we apply the 'auto-scrolling' feature to our forms).
Best Regards,
James

Windows Applications in the Enterprise Portal

Hi all,
we have EP 6.0 SP10 based on NW04 installed.
Is there any possibility to integrate Windows Apllications
(Windows 'exe' files) in the Enterprise Portal.
Best regards

With LaunchInIE you use JavaScript to launch the actual applications. What we do is write a Java iView that contains links (we use icons) to programs installed locally on each machine. When the user clicks a link (icon) we run the JavaScript that opens the locally installed 'exe' file.
If you have a look at the WhirlyWiryWeb link posted earlier you can see how to use LaunchInIE.
The downside to this is that the .dll has to be installed on each machine and the registry (for each machine) has to be maintained.
You can just write a java iView that has links to locally installed exe's (file://C:/myfolder/myexe.exe) if you like but that will result in a security warning each time. LaunchInIE stops the security warning.

MPLS in the Enterprise

Has any had any experience with using MPLS in the Enterprise? I would like to use MPLS to segment the different parts of my network. I basically have 4 different user bases at remote locations and several others including development in the corporate areas. I would like to use MPLS between all of my sites and basically have my current router act as the PE with the different interfaces be different sudo customers. Then once I have this set up I can use a firewall to touch each MPLS vrf to redistribute networks to the other networks so it appears that it is one big network but I then would have a single location to be able to administer policy and rules as to who can talk to who. I would like to hear if any one has done this and what problems and or benefits they received from doing this approach. I know it may seem like over kill but it would give me a definitive answer to say yes an out break of a virus on one segment would not be able to affect another vrf if they rules and what not were in place.

Hi there,
we run three sites with a pair of 7200 PE's at each site. This allows us to get our security partioned networks to all three sites very cost effectively.
But beware, setting up basic VPN's is relatively easy compared to setting up tunnels and traffic engineering.

Using mms.cfg In The Enterprise

Hello, I’m currently investigating the best ways to install Flash Player in our corporate environment I’ve competed the request for enterprise downloads and I now have the access to the EXE & MSI installs.
Briefly reading the Administration guide I now know that I can use mms.cfg to disable updates a requirement in our network due to the lack of admin rights.
We will manage updates and fresh installs with SCCM 2012
I want to be able to install Flash Player during OSD (Operating System Deployment) and also on existing machines what are the best proven methods of delivering the custom mms.cfg ?
Can this be done with the command line if I use the EXE Bootstrapper install and not the MSI?
Or do I have to look at using group policy or a script to deliver this file outside of the installation
For Adobe reader I’m currently using the bootstrapper to install reader 11 and the latest MSP at the same time I’d like to do something similar for my Flash Player installs

My solution was as follows:
1. In SCCM 2012, I created an application for flash player based on the MSI deployment.
2. Created a second deployment type that executes a .CMD file with the following batch code in it (set dependency pointing to the Flash MSI completing successfully as well):
REM In case folders don't exist, create them
MD %WINDIR%\System32\Macromed\Flash
MD %WINDIR%\SysWow64\Macromed\Flash
REM Delete existing completion files
Del %WINDIR%\System32\Macromed\Flash\Complete.flag
Del %WINDIR%\SysWow64\Macromed\Flash\Complete.flag
REM Copy System32 CFG file and then copy the complete flag
Copy /y %~dp0mms.cfg %WINDIR%\System32\Macromed\Flash
Copy /y %~dp0Complete.flag %WINDIR%\System32\Macromed\Flash
REM Copy SysWow64 CFG file and then copy the complete flag
Copy /y %~dp0mms.cfg %WINDIR%\SysWow64\Macromed\Flash
Copy /y %~dp0Complete.flag %WINDIR%\SysWow64\Macromed\Flash
Note: Completion.flag is merely a text file that gives me an easy way to know if the script finished running or not. I check for it's existence in both locations to consider the process complete.
This has worked for me. The only hangup I had was that I set the MSI verification on the filename of the OCX that the installer puts in the System32 and SysWow64 folders not realizing that the filename is backwards from what I expected. System32 has the "Flash64..." file and SysWow64 has the "Flash32..." file. Goofy, I know.
Hope this helps.

OIM: Extending Security Outside of the Enterprise

Similar Messages

Maybe you are looking for