OSB1G R3 Security Active Intermediary pattern question

Hi
we have a requirement to use Message level security (no ssl) between the client and OSB 10gR3 proxy services . No security is required between proxy and business services
I wnet through WLS and OSB documentation and found it conflicting/vague for setting up the Active intermediary pattern
we need to do 4 uses cases, Request encryption, Request signing, Response encryption, Response signing
I have a few questions
Do we need to setup PKI credential mapper for this (or is this only for outbound between Proxy and business services)
How do the scenarios logically work (who uses private key and who uses public key for each of these scenarios)
Current documentation doesnt match with my understanding of PKI infratsructure
Thanks for any information

Hi Udi,
If I am reading your question correctly, you want to know if XI can take the user context from the sharepoint portal and pass it on to the R/3 backend, i.e. logging on to R/3 using the same user as is logged on to sharepoint. The answer, unfortunately, is no. AFAIK the only current way to accomplish this is to include the username in the actual message content and pass this on to the R/3 system; then on the R/3 system code the necessary authority checks against the provided username. Be aware though, that you cannot use the usual authority-check functionality for this.
Regards,
Thorsten

Similar Messages

  • Osb 10gR3 - Active Intermediary proxy with custom WS-Policy files

    I'm setting up an Active Intermediary proxy, and the Security option on the proxy to "Process WS-Security header" is only usable when Custom Policy Bindings are assigned to the proxy. But I don't want to use the default Oracle policies.
    The "Select WS-Policy" popup within OSB only shows entries under the Predefined Policy tab. Yet I have custom WS-Policy files which have been imported into OSB.
    So what's the trick?

    Hi,
    Below are the steps followed
    - OSB Proxy service has 'oracle/wss_username_token_service_policy' attached to it.
    - Iam invoking this from BPEL. BPEL process has 'oracle/wss_username_token_client_policy' attached.
    - I can invoke the osb proxy from bpel by passing credentials - No Issues.
    Now I need to put some authorization restriction to the proxy service, so only specific users can access that.
    -I used Role=Admin as a policy condition restriction under security in Proxy service.
    -Then I went to proxy test console and I added the 'oracle/wss_username_token_client_policy' credentials and weblogic/xxxxx at Transport section and I was able to invoke the process. Here weblogic has a Admin Role.
    -I cannot invoke the same proxy service from BPEL in Jdeveloper now.
    All Iam trying to do is to protect my proxy by authrorization policy.
    Thanks
    Jagan.

  • Security activation on your BlackBerry Z10 Device

    To start calendar and contact synchronization with Gmail, do I need to complete the security activation. If yes How can I do this on my Z10?

    Hey dasht,
    Welcome to the BlackBerry Support Community Forums.
    Thanks for the question.
    To start the calendar and contact synchronization you just need to add your email account and make sure sync contacts and calendar is set to on.  Also the contact synchronization happens every 4 hours.
    A security activation should not be required.
    Let me know if you have any more questions.
    Cheers.
    -ViciousFerret
    Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
    Be sure to click Like! for those who have helped you.
    Click  Accept as Solution for posts that have solved your issue(s)!

  • I forgot my security answer to the question How can I change my security question

    I forgot my security answer to the question How can I change my security question

    http://support.apple.com/kb/HT5312
    -If you established a rescue email address, there will be a link on the "Passwords & Security" page of id.apple.com.  Clicking the link will send the reset to your rescue email address (NOTE:  This is not the same address as your Apple ID email)
    -If there is no link on the page, then you didn't establish a rescue email address.  Contact AppleCare at 800.694.7466 (If you are in the US), and ask for account security.  You will need to answer some questions to verify your identity, AND you will need access to a computer to generate a temporary support pin.
    -If you are not in the US, click http://support.apple.com/kb/HT5699 - Apple ID: Contacting Apple for help with Apple ID account security
    HTH

  • Mail form editor: error message regarding "non-secure active code"

    Hi,
    I'm using the editor for mail forms in CRM 2007. I'd like to create a form containing pictures, personalized fields (e.g. salutation) and hard-coded text.
    However, when stepwise adding all of these elements, error message "The content you have entered may contain non-secure active code; so it has been deleted." is displayed in the screen where all elements are shown, so, some kind of WYSIWYG error message. It's not a message of the browser, it's displayed directly in the middle of the content screen and all text, images and fields inserted in the mail before are gone.
    Any idea?
    Regards
    Wolfgang

    Hi,
    In one of my previous project I had similar type of issues when designing the mail form, the HTML code changes were happening. SAP follows specific HTML version and you have to stick to that version when coding. Ideal would be design the HTML code and test it bit by bit to ensure that the same is acceptable.
    Regards,
    Deepak
    P.S. English word for ausführbaren is probably executable
    Edited by: Deepak Ahuja on Feb 10, 2009 1:28 PM

  • HT201303 Please help me. I have forgotten my security answers on two questions. It is not easy to restore it. Apple support did not send me on my e-mail  the answers or did not make opportunity to have as an option to reset my security questions on line.

    Please help me. I have forgotten my security answers on two questions. It is not easy to restore it. Apple support did not send me on my e-mail  the answers or did not make opportunity to have as an option to reset my security questions on line.

    You need to ask Apple to reset your security questions; ways of contacting them include clicking here and picking a method for your country, phoning AppleCare and asking for the Account Security team, and filling out and submitting this form.
    (97776)

  • TS2446 i forgot my security answers to the question

    I forgot my security answers to secruity questions what do i
    do?

    Frequently asked questions about Apple ID - http://support.apple.com/kb/HE37 --> Can I change the answers to the security questions for my Apple ID?  --> Yes. You can change the answers to the security questions provided when you originally signed up for your Apple ID. Go to My Apple ID (http://appleid.apple.com/) and click Manage your account.
    Forgotten security questions - https://discussions.apple.com/message/18402551  and https://discussions.apple.com/message/18625296
    More involved forgotten question issues - https://discussions.apple.com/thread/3961813
    Kappy 09/2012 post about security questions - https://discussions.apple.com/message/19569468
    John Galt's tips (09&11/2012) - https://discussions.apple.com/message/19809294 and https://discussions.apple.com/message/20229239
    If none of the above work, contact iTunes Support at http://www.apple.com/support/itunes/contact/ and follow the instructions to report the issue to the iTunes Store.

  • Facebook Security/Active Session Question via iPhone and Safari

    I am running Mac OS 10.8.3 with Safari 6.0.4 on an iMac. On Facebook using Safari, I set up "Login Approvals" which would require a security code. However, every once in a while under the "Active Sessions" I noticed an unknown session from an iOS 6 device from a different location other than the state I live in. I ended that activity. As a test, I accessed my Facebook account using my iPhone 5. I noticed that under Facebook's Active Sessions on Safari on my iMac, it lists my iPhone device as being in a different state. Why is that? Is there some general iPhone setting that I need to change?

    Hi, Thanks for the suggestion!
    To look at the keychain sounds helpful to solve the problem. It seems top be a problem with accessibility. I will have a look. But I also have decided to extend my RAM - since it is very true 128 MB really isn't much.
    Then for clarity:
    I have not followed an email link to download the security upgrade, but I used the usual software update manager - I just didn't find the proper english description, since my eMac talks german with me.
    I had had a look into some protokolls "system.log" - well I don't understand much what is written down there. There I might have got the confusion about the security server.
    There are several lines with Safari, like this one:
    date + time: localhost/Applications/Safari.app/Contens/MacOS/Safari:
    InitializeDiskArbitrationMessages: DiskArbitraitionRegister failed 1102
    The same is noticed about Mail
    These messages are followed by several lines telling:
    date + time: localhost lookupd[623]: NetInfo connection failed for server 127.0.0.1/local
    But I am afraid, I don't really know what this means.

  • Secure Mail Login (Lame question) Is there a secure IMAP login without SSL?

    We want to protect our external users' passwords from easy sniffing on the wire in the wild Internet (since users are in LDAP, these passwords may also be used for interactive logins to the servers, so keeping them in the open is not a good idea). As you may infer from my questions, I'm not too strong in this area yet.
    I understand that we can set up SSL/TLS wrappers or use native support for SMTPS, POP3S and IMAPS, or even set up a VPN server; however there are a number of clients (i.e. certain PDA's and cell phones) which don't suggest even tweaking the server port number, and only work over standard SMTP/IMAP/POP3.
    As much as I understand, this security stuff has long ago been such a problem that SMTP evolved several different ways of secure authentication. One is STARTTLS where a supporting SMTP server/relay and client can use enhanced commands on a normal SMTP port (tcp/25) to switch from plaintext to TLS-protected dialog on-the-fly (and use authentication after this step).
    I believe (but may be wrong doing so) there may also be a way when the user password submission for SMTP authentication is cryptographically protected, but the rest of the dialog is in plaintext. (Basically, IIRC, one or a few lines are protected by sending a hash of the password instead of the plain or BASE64 password string).
    I wonder if similar standard mechanisms exist for POP3 and IMAP at all, and if they are implemented in Sun Messaging Server in particular.
    And where should I best read up on these subjects? :)

    JimKlimov wrote:
    As much as I understand, this security stuff has long ago been such a problem that SMTP evolved several different ways of secure authentication. One is STARTTLS where a supporting SMTP server/relay and client can use enhanced commands on a normal SMTP port (tcp/25) to switch from plaintext to TLS-protected dialog on-the-fly (and use authentication after this step). Messaging server supports providing a SSL encrypted port (465) and also providing STARTTLS on a plain-text port (e.g. 25).
    The quickest way to enable this is to run:
    ./msgcert generate-certDB
    ./imsimta cnbuild;./imsimta restartThis will generate a self-signed certificate (not appropriate for production usage but fine for testing). To verify that it is working perform the following steps:
    telnet <mail-server> 25
    ehlo blah.comYou should see a line that says "250-STARTTLS".
    If you want to enable the SSL port (465), uncomment the following line in the dispatcher.cnf file:
    TLS_PORT=465You will need to run ./imsimta cnbuild;./imsimta restart for the change to become active.
    I believe (but may be wrong doing so) there may also be a way when the user password submission for SMTP authentication is cryptographically protected, but the rest of the dialog is in plaintext. (Basically, IIRC, one or a few lines are protected by sending a hash of the password instead of the plain or BASE64 password string).The mechanisms you refer to are all discussed here:
    http://docs.sun.com/app/docs/doc/819-4428/bgbau?a=view
    Note however that "To work, the CRAM-MD5, DIGEST-MD5, or APOP SASL authentication methods require access to the users’ plaintext passwords. ".
    I wonder if similar standard mechanisms exist for POP3 and IMAP at all, and if they are implemented in Sun Messaging Server in particular.
    And where should I best read up on these subjects? :)Refer to manual page listed earlier and the following manual page:
    http://docs.sun.com/app/docs/doc/819-4428/bgbba?a=view
    Regards,
    Shane.

  • Active directory change question regarding affects on exchange 2013

    Good day,
      I have some universal security groups that are meant to be distribution groups in a 2008 R2 active directory forest.  These groups are being utilized by exchange 2013, I plan on turning these groups into global distribution groups in active
    directory (all changes will be made in active directory only, not in exchange).
      Question is; What will happen to the mail boxes using this group? Will it break the mailbox? How will users be affected?
     I plan on doing testing of my own but if someone else has already done this and has ran into issues this will help me out greatly.

    Hi ,
    Mail enabled security groups can be used for two purposes.
    1.Used to distribute emails to its members.
    2.Unlike mail enabled Distribution groups , Mail enabled security groups will have SID value , so it can be mapped on any resources (for eg : share folder ) to get the access permissions to it members.
    In your case ,You would like to change the scopes for the mail enabled security groups ,Before changing the group scopes just have a look in to the following link which states clearly about the group scopes and its usage.
    http://technet.microsoft.com/en-us/library/cc755692(v=ws.10).aspx
    Please feel to reply me if you have any queries.
    Thanks & Regards S.Nithyanandham

  • Active Directory Connector Questions in 11.1.2.1

    Hello All.  I am new to this version of IDM and I am trying to get through the setup and config.  I just installed a single instance of 11.1.2.1 with OUD, OAM, OIM.  I installed the Active Directory connector for User Management and I believe I have it configured. 
    I followed the post at Weblogic Corner: Oracle Identity Manager: The Active Directory Connector Tutorial and got a lot of questions answered with that.  First, note that I was able to follow the guide and run the lookup recon jobs as well as the user and group recon in trusted mode, then target mode to create all of the users and groups.  I am also able to create a user in OIM, add an account and have that provisioned to AD. 
    Here are my questions if you would be so kind:
    1) When I create a user in AD and I run the user recon(target), the event says "No User Match Found".  I was kind of expecting it to create a new user for me.  I was also expecting to schedule the recon job in target mode and not have to ever switch back to trusted mode after the first full sync.  What did I miss here?
    2) When I add an account to the user in OIM, the AD User form comes up with all the fields empty.  Is that the way it should work?  I was hoping that it would prepopulate some of the stuff from the OIM profile.
    3) When I modify a field in OIM, say middle name, will that sync in the next recon run, or will the admin need to open the account, update the AD form also and submit the middle name in two places?
    Thanks in advance!

    1. Identity gets created in Oracle Identity Manager from an authoritative source. in case of target recon, it will just sync with the matched account in oim.
    please have a look in the below link seccion 12.1.12
    Managing Reconciliation - 11g Release 2 (11.1.2)
    2.u can very well prepopulate filed in the process definition, even u can automate the provisioning process using  role based when provissioning process.
    3.there should be some tasks available for each field. no need run the recon task or modify the account in AD. it will be updated in AD using the tasks. check the connector process definition.

  • I can not remember my security answers to the questions, i am wanting to buy some music but it keeps asking for security questions when i cannot remember! What do i do?

    I want to buy new music off itunes website on my Ipad, i know my email and password, after i have typed them in it asks me for a security questionaire. However i do not remeber the answers, how am i meant to download music as this is stopping me from doing it. I really need help as it is really annoying me! Thank you.

    You need to ask Apple to reset your security questions; ways of contacting them include clicking here and picking a method for your country, phoning AppleCare and asking for the Account Security team, and filling out and submitting this form.
    (96967)

  • Flash Security Settings and Random Questions not Displaying

    Hey folks,
    I created a Captivate 4 project with 3 slides and a question pool of about 70 questions in which I am randomly pulling in. I am using IE7 and Flash 10. Publishing in Flash 10. If I publish or view in Preview in a web browser the project launches, plays the first 3 slides, and then goes blank when the first question should appear. Note: previewing the project AND publishing the project as an .exe does launch and display all the questions correctly. It ends up being a flash security issue. I went to the adobe site and via the Adobe Flash Player Security Manager" I entered in the main .SWF captivate-generated file as a trusted file and then re-ran the published captivate project and it ran correctly. Question is ... what do I need to do to set up flash or my project so I don't have to do this for every new project that I deploy? I don't want to have the users have to go in and add whatever I deploy as a trusted file. It's also a little confusing as to why the first three slides played and it stopped at the questions ... seems like if it's not a trusted file, that it wouldn't run at all.
    Thanks for any help!
    Chris

    Hello again
    I think I'd be investigating a temporary web server to host on until things are ready. Here's where it will help.
    By providing files to the end users, if you are copying files over you end up having to explain how to save the files. You then have to walk them through setting the Flash Security so they can properly view. It all just becomes a pain in the kazoo.
    If you can find some server space, you simply upload the content and provide a link for the users to view the content.
    Other than that, if you are insistent that copying is the way to fly, I might suggest you establish a known location where you want everyone to copy their files. Perhaps C:\TestFolder. Then provide some instruction on how to configure the folder with the relaxed Flash Security. From there forward, anything they copy to the folder should need no security adjustment.
    Cheers... Rick
    Helpful and Handy Links
    Captivate Wish Form/Bug Reporting Form
    Adobe Certified Captivate Training
    SorcerStone Blog
    Captivate eBooks

  • Display pattern questions

    I would like to be able to set up a display patter that will add some asterisks or some other characters on each side of what ever a user enters in a field in order to flag the text. Is that possible? or is there a better way to do this than using display patters. I check the Designer help but could find much to answer my question.

    Amanda,
    Try to put a single quote around the parenthesis like this:
    '('$ZZ,ZZ9.99')' for your display pattern.

  • Can I get the Apple security to reset my questions?

    I recently acquired a $25 gift card, and when I tried to buy an album, I realized I had forgotten my security questions. Please and thank you for help.

    Call your country number from http://support.apple.com/kb/HE57 and ask to speak with Account Security.

Maybe you are looking for