Access gate SDK, authentication and issues/bug

Similar Messages

• How to make the Access Gate SDK work with Web Gate

  When we want control the display of one area in one page, we can define this area as one resource then control the access of it. But when the user has been authenticated in the application, how can we get the user session and then call Access Gate SDK to check if the user is authorized? The following is one utility class to archive it.
  * $Id: CreateUserAction.java,v 1.1 2005/10/11 23:19:34 jason Exp $
  * $Revision: 1.1 $
  * $Date: 2005/10/11 23:19:34 $
  * Copyright (C) 1972 - 2005, Oracle Co. All Rights Reserved
  * The program(s) herein may be used and/or copied only with
  * the written permission of Oracle Co. or in accordance with
  * the terms and conditions stipulated in the agreement/contract
  * under which the program(s) have been supplied.
  package oblix.view;
  import com.oblix.access.ObAccessException;
  import com.oblix.access.ObConfig;
  import com.oblix.access.ObResourceRequest;
  import com.oblix.access.ObUserSession;
  import javax.servlet.http.Cookie;
  import javax.servlet.http.HttpServletRequest;
  * @author zhoujian
  public class OblixUtil {
  private static String ObSSOCookie = "ObSSOCookie";
  private OblixUtil() {
  * Check if the user is Authorized
  * @param request
  * @param rescourceUrl
  * @return
  public static boolean isAuthorized(HttpServletRequest request,
  String rescourceUrl) {
  return isAuthorized(request, "http", rescourceUrl, "GET");
  * Check if the user is Authorized
  * @param request
  * @param resourceType
  * @param rescourceUrl
  * @param resourceMethod
  * @return
  private static boolean isAuthorized(HttpServletRequest request,
  String resourceType, String rescourceUrl, String resourceMethod) {
  try {
  ObConfig.initialize();
  ObResourceRequest resource = new ObResourceRequest(resourceType,
  rescourceUrl, resourceMethod);
  ObUserSession session = getObUserSession(request);
  return session.isAuthorized(resource);
  } catch (ObAccessException oe) {
  oe.printStackTrace();
  ObConfig.shutdown();
  return false;
  * Get the Oblix user session from the request.
  * @param request
  * @return
  * @throws ObAccessException
  private static ObUserSession getObUserSession(HttpServletRequest request)
  throws ObAccessException {
  String token = getCookieValueByName(request.getCookies(), ObSSOCookie);
  if (token != null) {
  return new ObUserSession(token);
  return null;
  private static String getCookieValueByName(Cookie[] cookies, String name) {
  for (int i = 0; i < cookies.length; i++) {
  if (cookies[i].getName().equalsIgnoreCase(name)) {
  return cookies[i].getValue();
  return null;
  }

  Couple of options. You seem have to taken the Access Gate based approach. I will throw this in any way and you can make a call which one you want to use.
  If its a web application you can control authorization based on Resource by defining policy in the Access Manager.
  You mentioned aout display of one area in one page. That should be driven off of User attribute or custom logic. If it is driven off of User attribute then you can return header variable and you can check in the code as opposed to writing custom access gate.
  Now if you do want to write custom access gate when the resource is already protected by a Web gate,
  you can get the ObSSOCookie from the users browser session.
  You can pass the URL to the IsAuthorized method and call.
  Now here you have to install the Access Server SDK on the server, create custom access gate and then write the code and deploy it on that server.
  THanks
  Ram

• An issue with authentication and authorization on ISE 1.2

  Hi, I'm new to ISE.
  I have an issue with authentication and authorization.
  I have ISE 1.2 plus patch 6 installed on VMware.
  I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
  On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
  I created  authentication and authorization rules with Active Directory  as External Identity Source. Also I applied  authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for  authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
  I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
  I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
  What  should I do to resolve this issue?
  Switch configuration:
   testISE#sh runn
  Building configuration...
  Current configuration : 7103 bytes
  ! Last configuration change at 12:20:15Tue Apr 15 2014
  ! NVRAM config last updated at 10:35:02  Tue Apr 15 2014
  version 15.0
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname testISE
  boot-start-marker
  boot-end-marker
  no logging console
  logging monitor informational
  enable secret 5 ************
  enable password ********
  username radius-test password 0 ********
  username admin privilege 15 secret 5 ******************
  aaa new-model
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa authorization auth-proxy default group radius
  aaa accounting update periodic 5
  aaa accounting dot1x default start-stop group radius
  aaa server radius dynamic-author
   client 172.16.0.90 server-key ********
  aaa session-id common
  clock timezone 4 0
  system mtu routing 1500
  authentication mac-move permit
  ip dhcp snooping vlan 1,22
  ip dhcp snooping
  ip domain-name elauloks
  ip device tracking probe use-svi
  ip device tracking
  epm logging
  crypto pki trustpoint TP-self-signed-1888913408
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-1888913408
   revocation-check none
   rsakeypair TP-self-signed-1888913408
  crypto pki certificate chain TP-self-signed-1888913408
  dot1x system-auth-control
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  ip ssh version 2
  interface FastEthernet0/5
   switchport mode access
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 1
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  interface FastEthernet0/6
   switchport mode access
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 1
   authentication event server alive action reinitialize
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  interface FastEthernet0/7
  interface Vlan1
   ip address 172.16.0.204 255.255.240.0
   no ip route-cache
  ip default-gateway 172.16.0.1
  ip http server
  ip http secure-server
  ip access-list extended ACL-ALLOW
   deny   icmp any host 172.16.0.1
   permit ip any any
  ip radius source-interface Vlan1
  logging origin-id ip
  logging source-interface Vlan1
  logging host 172.16.0.90 transport udp port 20514
  snmp-server community public RO
  snmp-server community ciscoro RO
  snmp-server trap-source Vlan1
  snmp-server source-interface informs Vlan1
  snmp-server enable traps snmp linkdown linkup
  snmp-server enable traps mac-notification change move
  snmp-server host 172.16.0.90 ciscoro
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 6 support-multiple
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 5 tries 3
  radius-server vsa send accounting
  radius-server vsa send authentication
  radius server ISE-Alex
   address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
   automate-tester username radius-test idle-time 15
   key ******
  ntp server 172.16.0.1
  ntp server 172.16.0.5
  end

  Yes. Tried that (several times) didn't work.  5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts.  Kept getting error message that username and password invalid.  Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick.  Think there is an issue with imap.gmail.com and IOS 6.0.1.  I'm sure the 5 of us suddently experiencing this issue aren't the only ones.  Apple will figure it out.  Thanks.

• Java PDK Bugs and Issues

  Here are some bugs and issues I've run across using the JPDK that I thought other
  developers should be aware of. The following information comes from using JPDK
  1.1 with Oracle Portal Version 3.0.6.3.3 Early Adopter on Windows 2000.
  1) Do not use a colon character (':') in the String value returned by the method getTitle( Locale l ) in the class Portlet. Registering the provider will appear to succeed, but when you view the Portlet Repository you will get the following error message:
  An Unhandled Exception has occurred. ORA-06502: PL/SQL: numeric or value error:
  character to number conversion error
  Your provider and its portlets will not appear in the Portlet Repository when this error occurs.
  Perhaps other characters will cause this error as well.
  2) The Provider class method initSession() is supposed to propagate the array of returned Cookies back to the browser. The Cookies are never propagated to the browser. This is a huge road-block for our application and we need to have this problem fixed as there is no workaround.
  3) There is a limit to the number of portlets you can have per provider. I initially wrote a provider class that managed 19 portlet classes. However, after registering the provider only 17 portlet classes were loaded by the provider and/or displayed by the Portlet Repository. I had to create a second provider to manage additional portlets. The second provider worked out fine for me because I have 5 portlets that are for "administrator" users only. Moving these portlets left 14 portlets for the first provider to manage.
  Note: I don't know if this error occurs using the provider.xml method of implementing a provider and its portlets. My provider and portlets are implemented directly using the Java class API's.
  4) Sometimes I will receive the error "Meta data missing for portlet ID=<number>" when a portlet is rendered for the first time. This error does not occur often but when the error happens two conditions are met:
  a) The portlet is being rendered for the first time
  b) The HTTP and Web Assistant NT services have recently been started.
  This error is obviously caused by some timeout but increasing the timeout values
  for both the provider and the portlet has no effect. This error may be restricted to the NT platform.
  The following notes are not bugs but issues to be aware of:
  1) Make sure you have the "sessiontimeout" parameter defined when declaring the initArgs of a servlet in the zone.properties file and you intend to register your provider with a "Login Frequency" of "Once per User Session". For example:
  servlet.urlservlet.initArgs=debuglevel=1,sessiontimeout=1800000
  If you leave off the session timeout, Oracle Portal will call your provider's initSession() method for every request constantly generating new a session ID.
  2) Currently there is no means to check whether a ProviderUser has administrative
  privileges. This feature would be extremely helpful for restricting which portlets a user has access to when the provider's getPortlets() method is called.
  3) Currently there is no Java API for storing user and global preferences in the
  Oracle database. The JPDK provides a PersonalizationManager class but the method
  of storing the preferences needs to be implemented by the developer.
  The default Personalization Manager persists user preferences as a file
  to disk. However, this method opens up security holes and hinders scaleability.
  We got around the security and scalability issues by using Oracle's JDBC
  driver to persist user and global preferences to custom tables in the underlying Oracle database.
  I would appreciate hearing from anyone who has run across the cookie propagation issue and has any further insights.
  Thanks...
  Dave White
  null

  David,
  Thank you for your feedback on the JPDK. The information you provide helps us understand how customers are using 9iAS
  Portal and its development kits. I apologize for the delay in getting back with you. Since you are using the Early Adopters
  release, we wanted to test a few of the bugs and issues on the production release of 9iAS Portal.
  1) Using a colon character (:) in the String value returned by the method getTitle(Locale l) returned the ORA-06502 error is a
  known issue. This issue actually occurs within 9iAS Portal and should be resolved in the first maintenance release scheduled
  for 9iAS Portal.
  Waiting on reply from Nilay on #1
  2) The Provider class method initSession() not propagating the array of returned cookies back to the browser is an issue that we are currently working on. This bug has been fixed for most cases in the first maintenance release. A 100% fix of this issue is still being worked on.
  3) The limit to the number of portlets you can have per provider was an issue in the Early Adopter release, but is no longer an issue with 9iAS Portal production. Upgrade to the production release and you should no longer see this problem.
  4) The error "Meta data missing for portlet ID=<number>". I have not seen or heard about others receiving this same message. For this error, can you upgrade to the production version and let me know if you still receive this error message. At that time we can check for differences within the configuration.
  Not bug, but issues......
  1) You have made a good point with the sessiontimeout parameter. The JPDK uses servlet 2.0 APIs which does not provide access to the sessiontimeout. Currently, you will need to specify the sessiontimeout parameter in the zone.properties file.
  2) This is true. Currently there is no means to check whether a ProviderUser has administrative privileges. This is on our features list for future enhancements.
  3) This is also true. The DefaultPortletPersonalizationManager was created as a default runtime for developers not used to writing portlet code. It allows developers to write portlet code without concentrating on the underlying framework. Once a developer becomes more experienced with the JPDK and portlet environment, we encourage them to create their own
  customization manager. This includes changing how the portlet repository is stored or changing how the user customization is
  handled and where it is stored. You have no limitations as long as you follow the guidelines of the PortletPersonalizationManager interface.
  I hope this information helped. Again, we appreciate and welcome this type of feedback, it helps us not only locate bugs and issues, but also helps prioritize our enhancement list.
  Sue

• Window iphoto to big: no access to upload button and bug

  Hi,
  I have a problem with my iphoto window upload: she is to big since 2 weeks...I suppose that i'have touched something...I cannot have access to the lower right corner.
  For example:if i'm on facebook and want to upload some photos, the iphoto window open and this one is to big .So I cannot access to "upload' button and this window block,bug and i need to quite safari.
  If i go to " Presentation" and reduce it,it's not good ( reduce the other window) and if I click on the green button on the left corner its (in my example)for the faceBook page.
  Somebody for help me?
  Thanks !

  Hi...
  Login to another user account on your Mac. Try Facebook on Safari there. If it's ok there, then at least you know the issue is just with your user account, not a system wide problem.
  If you don't have another user account available, instructions for creating one here.
  http://docs.info.apple.com/article.html?path=Mac/10.5/en/8235.html
  If you haven't tried turning off Safari Extensions... do that. At least you can rule that out. You can access Safari Extensions from the menu bar, Safari / Preferences / Extensions.

• Access Server SDK issue.

  We have set up SSO for one of our application (App1) and is working fine(in production). I am configuring one more application(App2) for SSO.
  App1 is setup using webgate on our proxy server. all the request go through the webgate, urls are validated against the policy server and are given access. no problems here
  App2 - Webgate installed on my local machine proxy apache server, configured the new policy domain, and using the same identity servers as app1, the app is working fine. I am trying to decode the obssocookie to retrieve the userid, I have created a webservice which takes in the obssocookie and decodes it go retrieve the user name, so that the service can be used in different applications(which are not on sso) kind of authenticate the user against the OAM if the user is already logged in.
  My question is I have webgate configured on my local machine and also installed the access server sdk (Oracle_Access_Manager10_1_4_0_1_Win32_AccessServerSDK.exe) on my local machine, setup the classpath and path variables as discribed in admin guide. I am running weblogic 9.2. My index.jsp page accepts the user credentials and posts it to login.jsp ( Ihave protected the login.jsp) in the policy domain with the form based authentication schem.
  I have created a testsso.jsp (unprotected page) to test the sdk. below is my code. i always get an error when i access the testsso.jsp page
  cm=my_webgate challenge=268e2d09986e24c7
  8-1-2009 12:41:17 Received message: 0 14
  cm=access_dlsso01 challenge=071a577990ee977d st=ma=25 rt=1
  8-1-2009 12:41:17 Sending message: 0 15
  response=7b951e1ae2109fb4c7319060f2b9dc57
  8-1-2009 12:41:17 Received message: 0 15
  response=c045c076d3af5af4a2038a45ede9613f st=ma=25 rt=1
  8-1-2009 12:41:17 Sending message: 0 1
  ro=t=0 o= no= r= nr= wu=http://mymachine/myapp/login.jsp wh= wo=1 wa=0 ws= st=ma=6 mi=20 sg=0 sm= version=3 pd=NULL
  8-1-2009 12:41:17 Received message: 0 1
  ro=t=0 o= no= r= nr= wu=http://mymachine/myapp/login.jsp wh= wo=1 wa=0 ws= ri=NULL st=ma=5 mi=20 sg=3236 sm= rt=0
  com.oblix.access.ObAccessException: Unprotected resource GET HTTP:http://mymachine/myapp/login.jsp pass
  ed to the ObResourceRequest, so there is no associated authentication scheme.
       ObResourceRequest resReq = null;
       ObUserSession user = null;
       ObAuthenticationScheme authnScheme = null;
       Hashtable cred = new Hashtable();
       cred.put("userid", "TEST");
       cred.put("password", "TEST");
       try
            // put the correct path to your AccessSDK installation here
            ObConfig.initialize("C:\\OAM\\oblix\\AccessServerSDK");
            resReq = new ObResourceRequest("HTTP", "http://mymachine/myapp/login.jsp", "GET");
            // check if it is protected, if yes, create a user session
            //if (resReq.isProtected()) { // commented since the resource is always comming as unproctected. when I used the access tester
            // i get that the resource is always protected with a authentication schema
                 authnScheme = new ObAuthenticationScheme(resReq);
                 if (authnScheme.isBasic()) {
                      System.out.println("##################is protected #################");
                      user = new ObUserSession(resReq, cred);
                      if (user.getStatus() == ObUserSession.LOGGEDIN)     {
                                System.out.println("user status is LOGGEDIN " + user.getStatus());
                                if(user.isAuthorized(resReq)) {
                                          System.out.println("Permission GRANTED");
                                token = user.getSessionToken();
                      } else {
                           System.out.println("user status is NOT LOGGEDIN " );
                 } else {
                      System.out.println("is not basic");
            /*} else {
                 System.out.println("is not protected");
            ObConfig.shutdown();
       } catch (Exception oe) {
                 ObConfig.shutdown();
                 oe.printStackTrace();
  please advice on how to use the sdk
  Edited by: user7498134 on Jan 8, 2009 10:35 AM

  Looking at the exception - "com.oblix.access.ObAccessException: Unprotected resource GET HTTP:http://mymachine/myapp/login.jsp passed to the ObResourceRequest, so there is no associated authentication scheme.", it seems like what the SDK wants is the resource to be passed as "//mymachine/myapp/login.jsp", i.e. leave out the redundant "http:" from your URL in the program.
  Let me know if that helps.
  -Vinod

• Example of Certificate based authentication scheme using Custom Access Gate

  Can anyone provide me an example using Certificate authN scheme w/ Custom Access Gate. The developers guide has no examples of such. Thanks.

  Hi there
  I've got to get this working aswell.
  In my case I've got to have both the user/password authentication OR certificate based.
  The thing is, the documentation says that I need to have the containers (don't know if both the am server and the agent containers or only one of them ) with SSL and "Client Authentication enabled"... now the problem is, when I make it Client Authentication Enabled the container gives me a similar error to the one you described, this is because the server requests the browser to send a certificate when trying to access the server .....
  Can you give me any pointers to how this is supposed to be done? I would really appreciate help with this.
  Thanks
  Rp

• Advice needed for provider hosted web application - authentication and access to SharePoint document library

  I haven't done SharePoint 2013 development with claims so I apologize in advance if my assumptions and questions are way out in left field.
  I'm trying to understand SharePoint 2013 claims authentication for a scenario that involves:
  A SharePoint provided hosted (web forms) app that will pull information and assets (e.g. PDFs) from SharePoint into the web page.
  It will be a VS 2012 solution with asp.net.identity feature.
  Security will be set for internal users, federated external users and forms-based external users.  Based on their security and (claim type) role it will define what information and assets that can be retrieved from SharePoint
  I have looked through MSDN and other sources to understand.
  This one helped with my understanding 
  Federated Identity for Web Applications and assumed that the general concept could be applied to forms-based identity for non-Federated external users .
  What I have now:
  VS 2012 solution web forms application set to Provider Host with asp.net.identity feature and its required membership tables.
  I can create new users and associate claims to the new user.
  I can log in with a user from the membership tables and it will take me to a default.aspx page.  I have added code to it that displays the claims associated to a user.
  For POC purposes I'd like to retrieve documents that are associated to this user from the default.aspx page.
  This is where I am having trouble understanding:  Is my understand correct?
  Internal users
  since they are internal on the network i am assuming that they would already have access to SharePoint and they would already be configured to what documents that they have available to them.
  Federated external users & Forms authentication external users
  it seems to me that the authentication for external users are separate from SharePoint authentication process.
  changes to the configuration settings are necessary in SharePoint, IIS, web application.
  I believe this is what i read.
  claims processes (e.g. mappings) need to be set up in SharePoint
  as long as external users are authenticated then things are ok b/c they would have claims associated to the user and the configuration in SharePoint takes are of the rest.
  This statement bothers me because I think it's wrong.
  So basically i'm stuck with if my understanding is correct: once a user is authenticated either by federated identity or asp.net.identity authentication that it should go to the provider hosted default.aspx page because the claim is authenticated and means
  that it should have access to it and the SharePoint document library based on some claim property.  I could then write the calls to retrieve from a document library and SharePoint will know based on some claim property that the logged in user can only
  access certain documents.
  It just sounds too good to be true and that i'm missing something in the thought process.
  Thanks in advance for taking the time to read.
  greenwasabi

  Hi GreenWasabi,
  i agree this is an interesting topic to discuss,
  as you can check from the article, you may check this example from the codeplex:http://claimsid.codeplex.com/
  when i thinking regarding this topic, its looks like an environment with multiple of realms,
  from what you understand, its correct that all the authentication is based from the provider, so for example i have a windows live ID and internal ID, then when i login windows live ID, it will be authenticated using windows live ID server.
  here is the example for the webservice:
  http://claimsid.codeplex.com/wikipage?title=Federated%20Identity%20for%20Web%20Services&referringTitle=Home
  as i know, if you using this federated, i am not quite sure that you will need to go to the provider page literally, perhaps you can check this example if we are using azure:
  http://social.technet.microsoft.com/wiki/contents/articles/22309.integrating-windows-live-id-google-and-facebook-accounts-with-sharepoint-2013-white-paper.aspx
  Regards,
  Aries
  Microsoft Online Community Support
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Issue in External Table Authentication and Authorization in OBIEE11G

  Hello Gurus,
  Can anyone help me how to configure External Table Authentication and Authorization in OBIEE11g through weblogic server not like in 10g style(Through INIT Blocks).
  I've followed the (Doc ID 1338007.1) document. But when i'm restart the Managed servers and Admin servers after configuring the SQLAuthenticator all my services are showing down.
  I already raised the SR (SR 3-6286054151) on this issue. But still i didn't get any reply from them.
  Can anyone help me out on this issue or can anyone me send the document for "how to configure External Table Authentication and Authorization in OBIEE11g" . It's really appreciate for your quick response.
  my mail ID [email protected]
  Thanks,
  Syam.
  Edited by: 942658 on Oct 13, 2012 10:55 AM

  Hi John,
  Thanks for your quick response.
  We configured "ReadOnlySQL Provider" by following the Oracle's white paper(Doc ID 1338007.1) Please find the below steps what we configured in weblogic console.
  1. Created the Data Source
  2. In the data source specified the Database driver--> *Oracle's Driver Thin for service connections: Versions:9.0.1 and later.
  3. Defined the connection Properties .
  4. Selected targets as Admin server and bi_server.
  Then Activate changes
  5. Created new provider by using ReadOnlySQL Authenticator
  6. In the provider specific tab we given the SQL statements and saved it.
  7. Restarted the Admin and Managed servers.
  After restarted the services when we open the Enterprise Manager page all the services are showed as Undefined - means red.
  Apart from that we followed your suggested link http://askjohnobiee.blogspot.com/2012/09/how-to-oid-authentication-with-groups.html
  For External table authentication do we need to configure BISQLAuthenticator or ReadOnlySQLAuthenticator ?
  If we configure BISQLAuthenticator we just import Groups from database to Console application. Then how can it Authenticated to the User ?
  Please let me know your ideas on this.
  Thanks,
  Syam

• 802.1x multipoint authenticator and security issue

  Hi everybody
  Let say we have following set up:
  host1
  host2   ) ----------------hub------ f1/0-switch( authenticator)-------------------------Radius server.
  host3
  The switch is configured as follows.
  Switch(config)#interface FastEthernet 1/0
  Switch(config-if)#dot1x port-control auto
  Switch(config-if)#dot1x host-mode multi-host
  Let  say only host1 has valid credentials and the rest hosts i.e h2,h3 are  rogue hosts.  host1 sends authentication request and successfully  authenticated and switch transition its port to an authorized state.  But does it not mean  the other hosts h2 and h3 which were not  authenticated but yet are able to access network ?
  thanks and have a great weekend.

  This board is more for Wireless Security not LAN. but I would think it's because you are connecting through a hub instead of a switch. Hubs share the data, so when the switch gets the auth for the valid client it turns that port as it should.
  Now an invalid client connects and because the port is already thinking the client is valid, it passes all the traffic.
  Make sense?
  Steve
  Sent from Cisco Technical Support iPhone App

• Custom Access Gate for 2FA authentication

  Hello OAM Gurus,
  I am trying to build a custom accessgate which can authenticate user using our 2FA technology for a protected resource accessed initially. I have written a servlet to do this wherein I am expecting somehow when user tries to access the protected resource the user will be redirected to this servlet. The custom AccessGate will be running on a seperate server under a J2EE container. The problem has been 2 folds.
  1. I am unable to figure out how do I protect a resource (create a policy) on a web server which will be protected by my access gate.
  2. In My servlet how will I get the URL for the protected resource. I initially assumed that it should be referer.
  Here is the flow that I am looking at:
  User goes to a protected resource on a web server --> redirected to my servlet --> performs 2FA --> Servlet checks if user is authorised to access the resource --> redirect the user to the resource .
  Can somebody please help.
  Thanks,
  Gunjan

  Henrik,
  there is no SDK for OAM 11g so far, this might come in one of the next patch sets.
  You could resort to integrate with OAAM.
  --olaf                                                                                                                                                                                                                                                                                               

• [svn:fx-trunk] 7071: Providing assignable lvalue context while parsing rvalues in preparation to fix bugs such as SDK-17748 and SDK-18877 .

  Revision: 7071
  Author:   [email protected]
  Date:     2009-05-19 08:17:09 -0700 (Tue, 19 May 2009)
  Log Message:
  Providing assignable lvalue context while parsing rvalues in preparation to fix bugs such as SDK-17748 and SDK-18877. This change makes the compiler aware of a new piece of metadata . When parsing text values, this metadata instructs the TextParser to not look for literal syntax for Arrays, Booleans, Numbers, etc... and instead just treat the content as String. However, it will still honor { } binding syntax and @function syntax.
  Once TLF and Gumbo text components are updated to use this metadata on the appropriate properties we will be able to close the bugs mentioned above.
  QE: Not yet
  Doc: No
  Checkintests: Pass
  Cyclone Tests: Mxunit, Mxunit - compc, Mxunit - rsl, Mxmlcunit, Compiler api all pass.
  Reviewer: Paul
  Ticket Links:
      http://bugs.adobe.com/jira/browse/SDK-17748
      http://bugs.adobe.com/jira/browse/SDK-18877
  Modified Paths:
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/builder/AbstractBuilder.java
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/builder/ArrayBuilder.java
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/builder/ComponentBuilder.jav a
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/builder/DocumentBuilder.java
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/builder/PrimitiveBuilder.jav a
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/builder/VectorBuilder.java
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/lang/NodeTypeResolver.java
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/lang/StandardDefs.java
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/lang/TextParser.java
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/lang/ValueNodeHandler.java
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/reflect/Effect.java
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/reflect/Property.java
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/reflect/Style.java
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/reflect/TypeTable.java
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/rep/StatesModel.java
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler_en.properties
  Added Paths:
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/reflect/Assignable.java
      flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/reflect/DynamicProperty.java

• Known performance issue bugs and patches for R12.1.3

  Hi Team,
  We have upgraded oracle application from 12.1.1 to 12.1.3.
  I wanted to apply the known performance issue bugs and patches for R12.1.3.
  Please let me know for any details.
  Thanks,

  Are u currently facing any performance issues on 1213?
  Tuning All Layers Of E-Business Suite – Performance Topics
  http://www.oracle.com/technetwork/apps-tech/collab2011-tuning-ebusiness-421966.pdf
  • Start with Best Practices : (note: 1121043.1)
  • SQL Tuning
  – Trace files
  – SQLT output (note: 215187.1)
  – Trace Analyzer (note: 224270.1)
  – AWR Report (note: 748642.1)
  – AWR SQL Report (awrsqrpt.sql)
  – 11g SQL Monitoring
  – SQL Tuning Advisor
  • PL/SQL Tuning
  – Product logs
  – PL/SQL Profiler (note: 808005.1)
  • Reports Tracing
  – note: 111311.1
  • Database Tuning
  – AWR Report (note: 748642.1)
  – ADDM report (note: 250655.1)
  – Automated Session History (ASH) Report
  – LTOM output (note: 352363.1)
  • Forms Tuning
  • Forms Tracing (note: 373548.1)
  • FRD Log (note: 445166.1)
  – Generic note: 438652.1
  • Middletier Tuning
  – JVM Logs
  – JVM Sizing (note: 362851.1)
  – JDBC Tuning (note: 278868.1)
  • OS
  – OSWatcher (note: 301137.1)

• Hi there, got 3 issues at once.... 1) can't download the latest itune version (it simply stops, not even an error message) 2) can't access the itune store and in order to fix this i need the latest version 3) one of my ipods isn't recognised by itune

  Hi there, got 3 issues at once....
  1) can't download the latest itune version onto my PC (it simply stops, not even an error message)
  2) can't access the itune store and in order to fix this i need the latest version - catch 22!
  3) one of my ipods isn't recognised by itune, nit sure if because of the earlier problems?
  .... thanks
  S.

  Hello SAB7700,
  This first article can help get iTunes successfully downloaded and updated, which should restore access to the iTunes Store.
  Issues installing iTunes or QuickTime for Windows
  http://support.apple.com/kb/HT1926
  Once iTunes is successfully updated, the following articles provides steps that can help get your iPod working in iTunes again and the iTunes Store functioning, should the update not resolve these issues
  iPod not recognized in My Computer and in iTunes for Windows
  http://support.apple.com/kb/TS1369
  Can't connect to the iTunes Store
  http://support.apple.com/kb/TS1368
  Cheers,
  Allen

• EMAIL AND CALENDAR ACCOUNT STATUS ISSUE / BUG OS 10.3.1

  I found an issue / bug which is really frustrating me!
  Phone:      Blackberry Q10 (SQN100-3)
  OS:           10.3.1.1565
  Mail:          IMAP
  Calendar:  Google Calendar
  Last week I updated my BB Q10 to the new officially released OS 10.3.1
  Today I noticed that the connection info / status for email accounts and calendars (Settings > Accounts) wasn’t indication correctly.
  In the Accounts menu it shows “E-mail” below the name of my email account and “Calendar” below my calendar account to indicate that my Q10 is connected to these accounts. But when I turn airplane-mode on it still shows E-mail and Calendar without being connected to any of these accounts.
  Strangely when I turn on my phone while in airplane-mode the Accounts menu shows “E-mail” for my email account and “No Connection” for my calendar account, obviously without being connected to my email account. But when I turn of airplane-mode I receive emails and new appointments but the Accounts status for calendar still shows “No Connection”.
  Apparently the account status is not updated while using my phone, it shows the status at startup. This is very annoying and I am unable to check whether I am connected or not to my email and calendar while not in airplane-mode.
  In OS 10.2.1 the account status worked correctly and was updated (connected / no connection) while using my phone.
  Anybody else with the same problem?
  Is this already a known issue / bug?
  Anyone an idea how to solve this issue?

  I would simply delete both accounts (email and calendar) then readd them.
  The search box on top-right of this page is your true friend, and the public Knowledge Base too: