Access Control up grade from 5.2 to 5.3
Hi,
One of my client have
1. Earlier Access control 5.2 was installed but only FF are configured and is in use.
2. After some time Access Control GRC 5.2 server (front end) have some problem so they have
installed 5.3 to front end level
--no back end patch was updated
--no connector are created.
Now the situation is as follows
Front end -access control 5.3 -
Back end -RTA is access control 5.2(they are only using FF)
No connector are created
From this situation how can we take it forward to access control 5.3.
I have following question
1. can we update back end to 5.3 and start configuration --what is the impact?
2. Do we need to take back up of table FF as client is using only FF.
Thanks,
Digambar
Hi
5.2 RTA will not be compatible with with GRC 5.3 RTA .
So best would ne to upgrade your backend RTA to 5.3 and SP level shoul;d be in Synch with level of SP of front end i.e SA P GRC 5.3 .
Thanks & Regards
Asheesh
Similar Messages
-
Is there any alternative way to access controls of views from controller?
For Example
I can access TextBox of View from controller like this
sap.ui.getCore().byId("txtBox1").setEnabled(true);
and By passing Parameter.
Can anyone please tell if there is any alternative way to do it..?Hi Rama,
I tried, But its not working,Am getting Error like this
Uncaught TypeError: undefined is not a function
Regards
Raghu -
제품 : ORACLE SERVER
작성날짜 : 2005-11-24
FINE GRAINED ACCESS CONTROL(FGAC)를 위한 DBMS_RLS.ADD_POLICY의 VERSION별 특징
=======================================================================
PURPOSE
row leve의 security 및 context관리 방법인 FGAC에 대한 간단한 개념 및 사용방법은
<bul 23026>에 제시하였다.
이 문서에는 FGAC를 위한 dbms_rls package의 8i ~ 10g까지의 version별 특징을
정리하며, STATIC_POLICY와 POLCICY_TYPE parameter에 대해서는 예제를 이용하여
자세히 살펴보도록 한다.
Explanation & Examples
dbms_rls.add_policy를 사용할 때 일반적으로 주는 value값의 예제는 다음과 같다.
이중 대부분은 default값을 이용하여, 일반적으로는 앞의 5개의 parameter만
value를 주면 된다.
SQL> exec DBMS_RLS.ADD_POLICY ( -
> object_schema => 'SCOTT', -
> object_name => 'EMP', -
> policy_name => 'POL1', -
> function_schema => 'SYS', -
> policy_function => 'PREDICATE', -
> statement_types => 'SELECT', -
> static_policy => false, -
> policy_type => DBMS_RLS.DYNAMIC
> long_predicate => false);
1. FGAC의 version별 특징
(1) sec_relevant_cols/sec_relevant_cols_opt : 10G
위에 기술한 add_policy procedure의 parameter외에 10g에서 추가된
parameter로 다음 두 parameter가 존재한다.
이 parameter는 해당되는 column이 조회될때만 policy가 작동하게 하기 위한
것으로 metalink.oracle.com site에서 <Note 250795.1> 를 살펴보면 사용 방법
및 예제를 확인 가능하다.
- sec_relevant_cols
- sec_relevant_cols_opt
(2) long_predicate : 10G
default는 false이며, true로 지정하는 경우 predicate이 4000 bytes이상이
될 수 있다.
(3) statement_types : 10G부터 INDEX type추가
9i까지는 SELECT, INSERT, UPDATE, DELETE에 대해서는 FGAC를 적용할 수
있었으나, 10g부터는 INDEX type도 지정 가능하다.
index를 지정하는 경우, function-based index 생성을 제한할 수 있으며,
자세한 예제는 metalink.oracle.com site에서 <Note 315687.1>를 조회하여
확인할 수 있다.
(4) EXEMPT ACCESS POLICY 권한 : 9i
특정 user가 모든 fine-grained access control policy의 영향을 받지
않도록 하려면 exempt access policy권한을 grant하면 되며, 이것은 9i부터
소개되었다.
SQL> grant exempt access policy to scott;
와 같은 방식으로 권한을 부여하면 되며, 이에 대한 자세한 예제는
metalink.oracle.com site에서 <Note 174799.1>를 통해 확인 가능하다.
(5) synonym에 대한 policy설정 : 9.2
synonym에 대해서 VPD (Virtudal Private Database)에 대한 policy를 설정하는
것이 가능해 졌으며 이에 대해서는 metalink.oracle.com에서 <Note 174368.1>를
조회하여 자세한 방법 및 예제를 살펴볼 수 있다.
(6) static_policy : 8.1.7.4
static_policy paramter는 8i에는 없던 것으로 9i에서 도입되면서, 8.1.7.4에도
반영되었다. default값은 false이며, 8173까지는 항상 false인 형태로 동작한다.
즉, policy function이 매번 object를 access할때마다 실행된다.
8.1.7.4부터는 이 parameter를 true로 설정할 수 있는대, 이렇게 되면
해당 session에서 policy function이 한번 실행되고 그 function이 shared pool에
cache되어 있으면 재실행없이 그대로 사용된다.
10g부터는 (7)번에 설명하는 policy_type parameter가 추가되어,
이 parameter에 true로 지정하는 대신, static_type은 false로 두고,
policy_type을 dbms_rls.static 으로 지정하면,
9i와 8174에서 static_policy를 true로 한것과 같은 결과가 나타난다.
(7) policy_type: 10g
다음과 같이 5가지 value가 가능하며, 이 중 default는 dynamic이다.
- STATIC
policy fuction에 포함된 predicate이 runtime환경에 따라 다른 결과를 내지
않는 경우 사용하게 된다. 예를 들어 sysdate의해 다른 결과를 return하는
경우에는 사용하면 사용하면 문제가 될 수 있다.
static을 사용하는 경우 policy function은 한번 실행되어 SGA에 올라온 다음
이후 같은 session에서 같은 object를 사용시에는 재실행 없이 해당 predicate의
결과를 그대로 사용한다.
- SHARD_STATIC
STATIC과 같으나, 이 값은 다른 object에 대해서도 같은 predicate function이
사용되는 경우, 먼저 cache된 predicate을 찾아서 있으면 그 값을 이용한다.
STATIC의 경우는 다른 object 사이에서는 공유하지 않으며 같은 object에
대해서만 cache된 값을 사용한다.
- CONTEXT_SENSITIVE
한 session에서 context가 변경되면 그때 predicate를 재 실행시킨다.
WAS(web application server)를 사용하는 경우 connection pooling방법을
기본적으로 사용하는대, 이 경우 하나의 session을 여러 사용자가 이어서
교대로 사용하는 방식이 된다. 이 경우 middle tier단에서 context를 설정해
주면 context가 변경될때마다 predicate를 새로 실행시켜 변경된 sysdate나
session_user등의 값을 다시 계산하게 되는것이다.
jdbc에서 context설정에 관한 예제는 metalink.oracle.com에서
<Note 110604.1>에서 확인가능하다.
- SHARED_CONTEXT_SENSITIVE
context_sensitive와 동일하며, 단 shared_static과 마찬가지로 여러 object에
대해서 같은 predicate을 사용하는 경우 다른 object에 대한 같은 predicate이
cache되어 있는지를 먼저 살펴본다.
존재하면 session private application context가 변경되기 전까지 그 predicate의
결과를 그대로 사용한다.
- DYNAMIC
이 값이 default값이다. 즉, predicate function이나 시스템이나 환경에
영향을 받는다고 판단하여 statement가 실행될때마다 매번 predicate function을
재 실행하여 환경에 맞는 값을 return하여 준다.
아래에서 sysdate 값에 따라 다른 결과를 return하게 되어 있는
predicate을 이용한 예제를 통해 정확한 메카니즘을 확인한다.
2. static_policy 및 policy_type의 value에 따른 policy function의 작동예제
(a) STATIC_POLICY => TRUE and POLICY_TYPE => NULL
(1) 기존에 pol1 policy가 존재하는 경우 다음과 같이 drop시킨다.
SQL> exec DBMS_RLS.DROP_POLICY ('SCOTT', 'EMP','POL1');
(2) 다음과 같이 predicate function을 scott user로 만들어둔다.
SQL> create or replace function PREDICATE (obj_schema varchar2, obj_name varchar2)
2 return varchar2 is d_predicate varchar2(2000);
3 begin
4 if to_char(sysdate, 'HH24') >= '06' and to_char(sysdate, 'MI')<'05' then
5 d_predicate := 'ename = sys_context (''USERENV'' , ''SESSION'');
6 else d_predicate := 'sal>=3000';
7 end if;
8 return d_predicate;
9 end predicate;
10 /
(3) pol1을 새로 add시킨다.
SQL> exec DBMS_RLS.ADD_POLICY ( -
object_schema => 'SCOTT', -
object_name => 'EMP', -
policy_name => 'POL1', -
function_schema => 'SCOTT', -
policy_function => 'PREDICATE', -
statement_types => 'SELECT', -
static_policy => TRUE, -
policy_type => NULL);
(4) adams user에서 scott.emp를 조회해 본다.
단 다음과 같이 scott.emp에 대한 select권한을 king에게 주어야 한다.
SQL>grant select on emp to king;
SQL>!date
Thu Nov 24 14:01:13 EST 2005
SQL> connect king/king
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7839 KING PRESIDENT 17-NOV-81 5000
10
5분이후가 되어 predicate function의 if조건을 만족하지 않아도,
king user는 같은 값을 emp table에 대해서 return한다.
SQL>!date
Thu Nov 24 14:10:13 EST 2005
SQL> connect king/king
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7839 KING PRESIDENT 17-NOV-81 5000
10
(b) STATIC_POLICY => FALSE and POLICY_TYPE => DBMS_RLS.DYNAMIC
(1) 기존의 policy를 다음과 같이 drop시킨다.
SQL> exec DBMS_RLS.DROP_POLICY ('SCOTT', 'EMP','POL1');
(2) pol1을 새로 add시키는대 이대 static_policy와 policy_type을 다음과 같이
변경한다.
SQL> exec DBMS_RLS.ADD_POLICY ( -
object_schema => 'SCOTT', -
object_name => 'EMP', -
policy_name => 'POL1', -
function_schema => 'SCOTT', -
policy_function => 'PREDICATE', -
statement_types => 'SELECT', -
static_policy => flase, -
policy_type => dbms_rls.dynamic);
(3) king user에서 조회해본다.
predicate function은 위의 2-(a)에서 실행한 것을 그대로 사용한다.
즉 (a)를 실행하지 않은 경우, 조회전에 (a)-(2)번을 실행해야 한다.
SQL>!date
Thu Nov 24 15:01:13 EST 2005
SQL> connect king/king
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7839 KING PRESIDENT 17-NOV-81 5000
10
5분 이후가 되어 다시한번 king user에서 실행해본다.
SQL>!date
Thu Nov 24 15:10:13 EST 2005
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7788 SCOTT ANALYST 7566 19-APR-87 3000
20
7839 KING PRESIDENT 17-NOV-81 5000
10
7902 FORD ANALYST 7566 03-DEC-81 3000
20
RELATED DOCUMENTS
<Note 281970.1> 10g Enhancement on STATIC_POLICY with POLICY_TYPE Behaviors
in DBMS_RLS.ADD_POLICY Procedure
<Note 281829.1> Evolution of Fine Grain Access Control FGAC Feature From 8i
to 10gfirst you could use default column values, not a trigger, which is more expensive.
if your apps already assumes full access to table to get max id ( another RT ), this is bad. Current RLS can not really help if you can not change the apps because of this flaw logic ( you can store the maxid anywhere, why scanning the whole table to find it ) -
Dynamic Access Control from PowerShell
Hi Guys
Please I need your help, I am working with AD Dynamics Access Control (AD DAC) and Windows Powershell (PS), the Idea is create a menu for AD DAC in PS, Everything is OK but I have a problem when I create a new ClaimType, because from AD DAC
windows Menu you can select an AD Attribute and there is a Column naming "Value Type" , but in my Script I Don't know how to get this to show in OUT-GridView, I dont know what is the correct property.
My Code:
Get-ADObject -SearchBase ((Get-AdRootDSE).SchemaNamingContext) -SearchScope 1 -filter * -Property name, Ldapdisplayname | out-gridview -outputmode Single
Sorry But I can't put my image here
Thanks in advanceHi,
Change the -Property parameter to a wildcard and check the output. Once you know what property you need (assuming it is actually listed), you can add it to your current list.
As for posting screenshots, you'll need to post in the current verification thread stuck at the top of this forum here:
https://social.technet.microsoft.com/Forums/en-US/home?forum=reportabug
Don't retire TechNet! -
(Don't give up yet - 13,085+ strong and growing) -
Hi Team,
As of IDM 7.2 SP8 patch2, when we use Enterprise role or Privilege in the access control definition of a task, accessing this task from UI5 i.e REST API is giving unauthorized error even though user is already having the required role or privilege.
But the task is working fine if we use fixed user ID or keeping blank value in allowed users field.
Attached the current access control definition of the task we configured & the error message info for reference
Regards,
Venkata BavirisettyHi Ralitsa,
Thanks for your response and sorry for late reply.
The XXXX in role is not used as a wild card. the name itself is in that format. I have searched the role and then selected from search list.
Let me know if you need any clarifications?
Refards,
Venkata Bavirisetty -
I can't access "control panel" on my 4s from the lock screen. My settings are active
I can't access "control panel" on my 4s from the lock screen or home screen. My settings are active.
You can try resetting Settings>General>Reset>Reset All Settings
if not
Basics from the manual are restart, reset, restore
Follow the 3R's- if a restart does not solve your problem proceed
User troubleshooting is:
1.restart, ie power off/on,
2. reset http://support.apple.com/kb/HT1430,
3. restore from backup, restore as new device. http://support.apple.com/kb/HT1414 -
How to allow multiple domains under Access-Control-Allow-Origin
Hi,
We have a domain where will get CORS request from another domain hosted on seperate DC. We can't set
Access-Control-Allow-Origin as * due to security concerns & IIS can't take more than 1 value at a time. Kindly suggest how to pass multiple httpheader for
Access-Control-Allow-Origin.
Regards,
DhirajHello Dhiraj,
This is not the suitable forum for your question, you may post in
IIS forums for more help.
Thanks for your understanding.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
How to access my macbook pro from a windows pc?
how to access my macbook pro from a windows pc?
Depending on what you mean by "access" the following may help:
File sharing: How to connect with File Sharing on your Mac - Apple Support
One way (and there are others) for remote control and remote access between Mac and Windows: http://www.teamviewer.com/en/index.aspx -
Time Capsule Access Control and Extended Network Question
I have a Time Capsule where I have set up a wireless network access list…and extended the network using an Airport Express unit. The Airport Express unit also has settings for an Access Control list. Do these need to be the same as the those for the network from TC that it is extending…or does that happen automatically…and if not what on earth are they for?
Thanks for any help…this doesn't seem clear from what I've read/seen.
JamesI have a Time Capsule where I have set up a wireless network access list…and extended the network using an Airport Express unit. The Airport Express unit also has settings for an Access Control list. Do these need to be the same as the those for the network from TC that it is extending…or does that happen automatically…and if not what on earth are they for?
Unfortunately, they are not automatically applied to each base station in an extended network. You would have to manually enter the exact same list in each base station. -
How do I set up timed access control for a time past midnight
I would like to set up timed access control for a number of my devices that would stretch past midnight... An open network from 6AM to 2AM - effectively only blocking access from 2AM tp 6AM in the morning....
Any notion on how to do this? the timed factily does not like the setting to enable 6A to 2A, says the times are invalid.
Setting up timed access from 6AM to 11:59P, then doing another from 12A to 2A causes a service "hiccup" of 1 Minute.Set up each device as follows:
Everyday........Between.......6:00 AM and 11:59 PM
Add a second rule for each device that will state....
Everyday.....Between.......12:00 AM and 2:00 AM
You might think that there would be a one minute break between 11:59 PM and 12:00 AM, but that will not be the case, at least on every AirPort that I have ever programmed.. Reason.....11:59 is really 11:59:59:59 turning off at 12:00 AM. But, you have a second rule to allow access at 12:00 AM, so the AirPort will be "on" at the same time the first rule ends, so there will be no break.
If you really want the second rule to turn the AirPort "off" at 2:00 AM.......then set that time for 1:59 AM. If you set the rule for 2:00 AM, then AirPort will really turn off at 2:01 AM. -
To run OHS at port 80 using solaris role based access control
Hi.
I already know & have done setuid root to ohs/bin/.apachectl to allow ohs to listen to port 80. Now on a new OFM 11.1.1.4 install, I want to use Solaris Role Based Access Control (RBAC) instead. Is it possible? RBAC does work as I can run a home built apache2 httpd at port 80 withOUT suid root.
On Solaris 10, I enabled oracle uid to run process below port 1024 using RBAC
/etc/user_attr:
oracle::::type=normal;defaultpriv=basic,net_privaddr
Change OHS httpd.conf Listen from port 8888 to port 80.
However, opmnctl startproc process-type=OHS
failed as below with nothing showing in the diag logs:
opmnctl startproc: starting opmn managed processes...
================================================================================
opmn id=truffle:6701
0 of 1 processes started.
ias-instance id=asinst_1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ias-component/process-type/process-set:
ohs1/OHS/OHS/
Error
--> Process (index=1,uid=187636255,pid=25563)
failed to start a managed process after the maximum retry limit
Thx,
KenJust to add my two cents here.
The commando used on Solaris to assign the right privilege to bind TCP ports < 1024 is:
# usermod -K defaultpriv=basic,*net_privaddr* <your_user_name>
Restart the opmnctl daemond.
After that OHS/Apache user can bind to lower TCP ports.
Regards.
Edited by: Tuelho on Oct 9, 2012 6:05 AM -
Hello,
I'm attempting to get a SharePoint 2013 Provider Hosted Application working in a brand new SharePoint environment. I've created snapshots of both my dev and the sharepoint environments along the way and have meticulously documented every step of the
way. I've followed these instructions (among many other resources found along this journey) :
http://msdn.microsoft.com/en-us/library/fp179923(office.15).aspx
http://technet.microsoft.com/en-us/library/fp161236(office.15).aspx
http://msdn.microsoft.com/library/office/fp179901%28v=office.15%29
Upon package and publish of my application to SharePoint, I get a 401 Unauthorized error. I use Fiddler to obtain the SPErrorCorrelationID to ultimately obtain the following ULS Viewer Output. Please explain how to fix if you're able.
Please Note: I was under the impression that a Provider Hosted Application does not use the Azure Access Control service, so I'm confused as to why my system is attempting to make this connection?
Also Note: I've used a self signed and godday obtained certificate to successfully f5 debug my basic web.title (out of the visual studio 2012 box) sharepoint provider hosted application... so I know my certs are good.
Here's my ULS output:
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Authentication Authorization agb9s Medium Non-OAuth request.
IsAuthenticated=True, UserIdentityName=0#.w|cltenet\sp.apps, ClaimsCount=25 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Logging Correlation Data xmnv Medium Site=/ 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.84 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Deployment acjjg Medium The current user has System.Threading.Thread.CurrentPrincipal.Identity.Name
= 0#.w|cltenet\sp.apps, System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT AUTHORITY\IUSR, System.Web.HttpContext.Current.User.Identity.Name = 0#.w|cltenet\sp.apps. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.84 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsrv Medium redirectLaunUrl after getting it from query
string, web or app instance: https://hightrust31.cltenetapps.com/Pages/Default.aspx?{StandardTokens} 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation General aib0n High trying to get app tokens for site: 888b71f7-51ee-40f5-8344-8de4869d37d0
Unable to load app tokens from appInstanceId: 22d5252f-392c-4f68-b820-a3053b9d4f24 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsrw Medium redirectLaunUrl after getting token replacement:
https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsry Medium m_oauthAppId after NormalizeAppIdentifier()
i:0i.t|ms.sp.ext|[email protected]8df36d5d. Now getting app principal info. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr0 Medium decided that we need to do a POST to the
app. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr1 Medium m_redirectMessage: EndpointAuthorityMatches
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr2 Medium realm matched attempting to get app token
using GetAccessToken() 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth advzm High Error when get token for app i:0i.t|ms.sp.ext|[email protected]8df36d5d,
exception: Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable. at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)
at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr3 High App token requested from appredirect.aspx
for site: 888b71f7-51ee-40f5-8344-8de4869d37d0 but there was an error in generating it. This may be a case when we do not need a token or when the app principal was not properly set up. LaunchUrl:https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http://portal.cltenet.com&SPLanguage=en-US&SPClientTag=0&SPProductNumber=15.0.4420.1017
Exception Message:The Azure Access Control service is unavailable. Stacktrace: at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)
at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest().
Since this is a nonfatal error, it will be sanitized and posted to the app as part of the app launch. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation General ajlz0 High Getting Error Message for Exception Microsoft.SharePoint.SPException:
The Azure Access Control service is unavailable. at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext) at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext
serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext userIdentityContext, String applicationId, Uri
applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext serviceContext,
String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest()
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth aib0p Medium Doing appredirect from appredirect.aspx:
in site: 888b71f7-51ee-40f5-8344-8de4869d37d0 with RedirectLaunchUrl: https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)).
Execution Time=26.5933938531294 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
Your help is very much appreciated.
With Respect,
LarryYes, actually - I was able to resolve it.
However I don't know how, unfortunately. I suspect it was because I needed to have the names of the certificates, defined during the certificate registration (to sharepoint) process, different.
I have a complete document that shows step by step instructions on the exact process I took to complete the provider hosted application creation, deployment and publishing. It was a daunting task, but I finished it successfully.
If there's a way to send private message on this forum, please do so and I'll respond with a way to obtain my document.
NOTE: I'm not all impressed with the way this forum works. This is supposed to be a Microsoft resource and I'll be damned if I ever get a response to highly technical questions. Completely lame. Boooooo Microsoft. -
How can I access my iTunes account from my iPhone.
1- I can't access my iTunes account from my iPhone.
Do I have to sync them or can I download the songs I bought without connecting with my macbook?
Last time i connected the two, all my music got deleted. Must have done something wrong, but have no idea how to prevent that from happening again.
2- My "preferences" panel in iTunes, only shows apps and books, not music- Why?
3- I can't save any music on iClod.hello.
i followed your link on how to delete content from all things Apple, and nothing removes books, movies, music... it just gives said device(s) the iCloud/download icon on top of the book, movie... not sure what the 'hide' purchase actually does - after X'ing/hide, everything STILL appears across all devices using that account. could you clarify this any further?
if i am understanding iTunes correctly, then EVERYTHING we download (free or purchased) will be FOREVER accessible with zero way for us to control what is filling up this mysterious vault called the cloud? (creepy- apple is keeping EVERYTHING, what happens when the cloud gets full?)
since we have iCloud.com and it shows our "stuff" that we iCloud sync from our devices such as notes, contacts, calendar... then why doesn't apple provide an iCloud.com tab that shows ALL of our purchases so we as CONSUMERS control/delete what is in our account?
we download ALOT of apps to try and then delete them off our devices. that works fine, but movies and books are always there. maybe a glitch? -
How do i access my icloud accound from my pc
how do i access my icloud accound from my pc (Windows 7)
www.icloud.com
Or download the iCloud control panel for Windows and use it with Outlook. -
ORA-24247: network access denied by access control list (ACL)error-UTL_HTTP
I am getting following ACL error while executing following procedure:
create or replace procedure sat_proc as
http_req utl_http.req;
http_resp utl_http.resp;
BEGIN
http_req := utl_http.begin_request('www.yahoo.com');
http_resp := utl_http.get_response(http_req);
utl_http.end_response(http_resp);
END;
exec sat_proc;
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "TRANSDBA.SAT_PROC", line 5
ORA-06512: at line 1
I am able to execute successfully while executing above code as PL/SQL block:
DECLARE
http_req utl_http.req;
http_resp utl_http.resp;
BEGIN
http_req := utl_http.begin_request('www.yahoo.com');
http_resp := utl_http.get_response(http_req);
utl_http.end_response(http_resp);
END;
PL/SQL procedure successfully completed.
Could help me find why I am getting error while executing same code in a procedure? Is there any privilege missing?GRANT EXECUTE ON SYS.UTL_HTTP TO <your_user>;
SQL> set time on
17:21:01 SQL> set role none;
Role set.
17:21:23 SQL> @utl_http.sql
17:21:34 SQL> DECLARE
17:21:34 2 http_req utl_http.req;
17:21:34 3 http_resp utl_http.resp;
17:21:34 4 BEGIN
17:21:34 5 http_req := utl_http.begin_request('www.yahoo.com');
17:21:34 6 http_resp := utl_http.get_response(http_req);
17:21:34 7 utl_http.end_response(http_resp);
17:21:34 8 END;
17:21:34 9 /
PL/SQL procedure successfully completed.
17:21:35 SQL> connect / as sysdba
Connected.
17:22:47 SQL> connect dbadmin/admindb
Connected.
17:23:06 SQL> @utl_http.sql
17:23:22 SQL> DECLARE
17:23:22 2 http_req utl_http.req;
17:23:22 3 http_resp utl_http.resp;
17:23:22 4 BEGIN
17:23:22 5 http_req := utl_http.begin_request('www.yahoo.com');
17:23:22 6 http_resp := utl_http.get_response(http_req);
17:23:22 7 utl_http.end_response(http_resp);
17:23:22 8 END;
17:23:22 9 /
PL/SQL procedure successfully completed.
17:23:23 SQL> set role none;
Role set.
17:23:29 SQL> @utl_http.sql
17:23:31 SQL> DECLARE
17:23:31 2 http_req utl_http.req;
17:23:31 3 http_resp utl_http.resp;
17:23:31 4 BEGIN
17:23:31 5 http_req := utl_http.begin_request('www.yahoo.com');
17:23:31 6 http_resp := utl_http.get_response(http_req);
17:23:31 7 utl_http.end_response(http_resp);
17:23:31 8 END;
17:23:31 9 /
DECLARE
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at line 5
17:23:31 SQL> above is from test user
Below is from SYSDBA account
SQL> set time on
17:20:53 SQL> revoke execute on sys.utl_http to dbadmin;
revoke execute on sys.utl_http to dbadmin
ERROR at line 1:
ORA-00905: missing keyword
17:22:03 SQL> revoke execute on sys.utl_http from dbadmin;
revoke execute on sys.utl_http from dbadmin
ERROR at line 1:
ORA-04020: deadlock detected while trying to lock object
ACLiLZU+w09hR7gQAB/AQAjcw==
17:22:32 SQL> /
Revoke succeeded.
17:22:52 SQL> Edited by: sb92075 on Jun 10, 2010 5:24 PM
Maybe you are looking for
-
Oracle 8i Installation problem on P4
I tried to install oracle 8i database on P4. but i can not install it. Is there any reason. Whether on P4, oracle can not be installed????
-
Every time I log onto Firefox I get the following message: "Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/
-
Is there a way to view how much charging time is left when charging iPod?
Is there a way to view how much charging time is left when charging our iPods (without having to disconnect and play a song to see the little battery icon)? The iBooks tell us the percentage and approximate time left to full charge. This would be a g
-
Will not convert a PDF file to Word
Since Wednesday, 12/10, I have not been able to convert a PDF file to Word. We have a paid subscription to do that and it looks like our account is active and in good standing. This is very frustrating. Who do I contact for technical support.
-
Getting graphic display with GL4java
Hello .. I'm trying to get a basic display with GL4java. I'm able to create the main window but cannot get any openGL display. I've first defined a class which extends from JFrame who is the main window. From the panel, I've added a class which exten