ACS authorization plugins + configuration

Hi,
there have been rumors that there is a plugin providing an API that allows you to authenticate user with a given name/password
combination. I.e. the users do not necessarily need an Adobe account.
The rumor also says that this is somewhat related to Barnes & Noble's nook device...
All I found so far is
http://www.adobe.com/devnet/digitalpublishing/articles/barnes_noble_faq.html
Can someone tell me where to find more detailed information. In particular how to download, install and configure that plugin
(if it exists). The interface to be implemented is called "PassHashInfo", but cannot be found in anywhere in the ACS' WAR or JAR
files.
Quote 1:
5.1 PasshashInfo Interface
The PasshashInfo Interface provides the mechanism for providing the encryption key for the document
encryption key during fulfillment when using Passhash based protection. The interface itself is a single function:
byte[] getPasshash(String transactionID, byte[] userID, byte[] distributorID) throws PasshashException;
The transactionID and distributorID are specified in the fulfillmentToken. The userID comes from the
fulfillmentRequest, which also contains the fulfillment token. Given these three pieces of information, it is the responsibility of the ACS4 operator to determine the appropriate username and password to be used,
and to generate the encryption key. It is the joint responsibility of the Distributor and the AC54 operator
to communicate the username and password to be used to access the content, prior to initiating the
fulfillment.
It is expected that the AC54 operator will work with the distributor to retrieve the passhash to be used
from the distributor. The exact mechanism to be used for this is outside the scope of ACS4.
Quote 2:
9 Password-Based Document Protection
New in ACS 4.1 is the ability to use password-based encryption for protecting the document encryption
key, instead of the current Public key-based encryption tied to a specific Adobe DRM user. Since the
content is not tied to a particular Adobe DRM user, there is no activation required and therefore no limits
on the number of devices the content can be used on. Because of the lack of activation requirements,
neither returning contents (loans), nor consumable permissions are supported when using password-
based document protections.
Ths password-based encryption is different from the password security offered in the Acrobat file format,
in that it requires a username and password, it is compatible with ACS, and the resulting files cannot be
viewed with Adobe Acrobat or Adobe Reader.
Password-based document protection is also referred to as ''Passhash''. To issue content using Passhash
protection, you must create a DistributionRight for that content with usePasshash set to true, and supply
the encryption hey to be used to the fulfillment service using the passhashlnfo interface. To set up the
DistributionRights correctly, you can either use the adminConsole or directly call the
ManageDistributionRights adm in AP l to set usePasshash to true for the DistributionRight. To configure
the fulfillment service to look for your custom class that implements the passhashlnfo interface, in your
fulfillment configuration file, you will need to set the value of the
com.adobe.adept.fulfillment.passhashInterface
setting to be the name of your class. You will also need to
place your .jar file into a location that is in the library path for Tomcat. The Tomcat Libraries directory is
usually the most convenient for this. For more information on the passhashlnfo interface, refer to the
Technical Reference .
Cheers
Markus

Hi Vinod,
I noticed that you are creating several posts for the same things...
Please follow up on https://supportforums.cisco.com/thread/2053653 where i posted answer for you.
HTH.
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

Similar Messages

ACS 5.3 Configuring 802.1x

Trying to configure 802.1x with ACS 5.3, have some general doubts about how to make it, this is what I got for the moment:
ACS 5.3 = 192.168.240.28
AD = 192.168.251.97
Switch = 192.168.240.171
IOS device config
Already configured and running Device Administration using Tacacs, mising with Radius aaa commands:
aaa group server tacacs+ TACACS_PLUS
server 192.168.240.28
aaa group server radius RADIUS_1x
server 192.168.240.28 auth-port 1812 acct-port 1813
aaa authentication login default group TACACS_PLUS
aaa authentication login no_tacacs enable local
aaa authentication enable default group RADIUS_1x
aaa authentication dot1x default group RADIUS_1x
aaa authorization config-commands
aaa authorization exec no_tacacs local
aaa authorization commands 15 TACACS_PLUS group tacacs+
aaa authorization network default group RADIUS_1x
aaa authorization auth-proxy default group RADIUS_1x
aaa accounting send stop-record authentication failure
aaa accounting update newinfo
aaa accounting dot1x default start-stop group RADIUS_1x
aaa accounting exec default start-stop group TACACS_PLUS
aaa accounting network default start-stop group TACACS_PLUS
aaa accounting connection default start-stop group TACACS_PLUS
aaa accounting system default start-stop group RADIUS_1x
tacacs-server host 192.168.240.28 port 49 key 7 104D0617040717180F05
tacacs-server directed-request
radius-server attribute 8 include-in-access-req
radius-server host 192.168.240.28 auth-port 1812 acct-port 1813
radius-server timeout 20
radius-server key 7 094F410718151201080D
radius-server vsa send authentication
dot1x system-auth-control
errdisable detect cause security-violation shutdown vlan
errdisable recovery cause security-violation
interface GigabitEthernet0/24
switchport mode access
switchport voice vlan 7
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-host
dot1x timeout quiet-period 15
spanning-tree portfast
spanning-tree bpduguard enable
ACS 5.3 Configuration until now
I have a document on how to configure this on ACS 4.2, but I have some problems trying to configure on ACS 5.3.
I'll appreciate a lot any ideas that could help me on this.
Regards,
Juan Carlos

Ok Carlos, I make it simple, just AD as condition and authorization profile, I tested with compliant client, and still receiving timeout, and Network Access Authorization still in 0, here is the debug:
001250: Jan 19 18:40:58.028 GDL: AAA/BIND(0000002F): Bind i/f
001251: Jan 19 18:40:58.237 GDL: %AUTHMGR-5-START: Starting 'dot1x' for client (f04d.a2a2.a028) on Interface Gi0/24 AuditSessionID C0A8F0AB0000001101B6C743
001252: Jan 19 18:41:00.007 GDL: %LINK-3-UPDOWN: Interface GigabitEthernet0/24, changed state to up
001253: Jan 19 18:41:01.014 GDL: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/24, changed state to up
001254: Jan 19 18:41:08.547 GDL: AAA/AUTHEN/8021X (0000002F): Pick method list 'default'
001255: Jan 19 18:41:08.547 GDL: RADIUS/ENCODE(0000002F):Orig. component type = Dot1X
001256: Jan 19 18:41:08.547 GDL: RADIUS(0000002F): Config NAS IP: 0.0.0.0
001257: Jan 19 18:41:08.547 GDL: RADIUS(0000002F): Config NAS IPv6: ::
001258: Jan 19 18:41:08.555 GDL: RADIUS/ENCODE(0000002F): acct_session_id: 37
001259: Jan 19 18:41:08.555 GDL: RADIUS(0000002F): sending
001260: Jan 19 18:41:08.555 GDL: RADIUS/ENCODE: Best Local IP-Address 192.168.240.171 for Radius-Server 192.168.240.28
001261: Jan 19 18:41:08.555 GDL: RADIUS(0000002F): Send Access-Request to 192.168.240.28:1812 id 1645/27, len 246
001262: Jan 19 18:41:08.555 GDL: RADIUS: authenticator 27 15 50 22 ED AB FC 34 - F1 24 56 87 30 6F 7D F9
001263: Jan 19 18:41:08.555 GDL: RADIUS: User-Name           [1]   18 "juancarlos.arias"
001264: Jan 19 18:41:08.555 GDL: RADIUS: Service-Type        [6]   6   Framed                    [2]
001265: Jan 19 18:41:08.555 GDL: RADIUS: Vendor, Cisco       [26] 27
001266: Jan 19 18:41:08.555 GDL: RADIUS:   Cisco AVpair       [1]   21 "service-type=Framed"
001267: Jan 19 18:41:08.555 GDL: RADIUS: Framed-MTU          [12] 6   1500
001268: Jan 19 18:41:08.555 GDL: RADIUS: Called-Station-Id   [30] 19 "00-1C-0E-08-69-98"
001269: Jan 19 18:41:08.555 GDL: RADIUS: Calling-Station-Id [31] 19 "F0-4D-A2-A2-A0-28"
001270: Jan 19 18:41:08.555 GDL: RADIUS: EAP-Message         [79] 23
001271: Jan 19 18:41:08.555 GDL: RADIUS:   02 01 00 15 01 6A 75 61 6E 63 61 72 6C 6F 73 2E 61 72 69 61 73 [ juancarlos.arias]
001272: Jan 19 18:41:08.555 GDL: RADIUS: Message-Authenticato[80] 18
001273: Jan 19 18:41:08.555 GDL: RADIUS:   E5 92 90 F9 39 F2 EA A9 E4 B2 C9 02 12 9D EA B0                 [ 9]
001274: Jan 19 18:41:08.555 GDL: RADIUS: EAP-Key-Name        [102] 2   *
001275: Jan 19 18:41:08.555 GDL: RADIUS: Vendor, Cisco       [26] 49
001276: Jan 19 18:41:08.555 GDL: RADIUS:   Cisco AVpair       [1]   43 "audit-session-id=C0A8F0AB0000001101B6C743"
001277: Jan 19 18:41:08.555 GDL: RADIUS: NAS-Port-Type       [61] 6   Ethernet                  [15]
001278: Jan 19 18:41:08.555 GDL: RADIUS: NAS-Port            [5]   6   50024
001279: Jan 19 18:41:08.555 GDL: RADIUS: NAS-Port-Id         [87] 21 "GigabitEthernet0/24"
001280: Jan 19 18:41:08.555 GDL: RADIUS: NAS-IP-Address      [4]   6   192.168.240.171
001281: Jan 19 18:41:08.555 GDL: RADIUS(0000002F): Sending a IPv4 Radius Packet
001282: Jan 19 18:41:08.555 GDL: RADIUS(0000002F): Started 20 sec timeout
001283: Jan 19 18:41:26.507 GDL: RADIUS(0000002F): Request timed out
001284: Jan 19 18:41:26.507 GDL: RADIUS: Retransmit to (192.168.240.28:1812,1813) for id 1645/27
001285: Jan 19 18:41:26.507 GDL: RADIUS(0000002F): Started 20 sec timeout
Complete Report:
aaa group server tacacs+ TACACS_PLUS
server 192.168.240.28
aaa group server radius RADIUS_1x
server 192.168.240.28 auth-port 1812 acct-port 1813
aaa authentication login default group TACACS_PLUS
aaa authentication login no_tacacs enable local
aaa authentication enable default group RADIUS_1x
aaa authentication dot1x default group RADIUS_1x
aaa authorization config-commands
aaa authorization exec no_tacacs local
aaa authorization commands 15 TACACS_PLUS group tacacs+
aaa authorization network default group RADIUS_1x
aaa authorization auth-proxy default group RADIUS_1x
aaa accounting send stop-record authentication failure
aaa accounting update newinfo
aaa accounting dot1x default start-stop group RADIUS_1x
aaa accounting exec default start-stop group TACACS_PLUS
aaa accounting network default start-stop group TACACS_PLUS
aaa accounting connection default start-stop group TACACS_PLUS
aaa accounting system default start-stop group RADIUS_1x
dot1x system-auth-control
interface GigabitEthernet0/24
switchport mode access
switchport voice vlan 7
authentication port-control auto
authentication violation protect
dot1x pae authenticator
dot1x timeout quiet-period 15
spanning-tree portfast
spanning-tree bpduguard enable
tacacs-server host 192.168.240.28 key 7 104D0617040717180F05
tacacs-server directed-request
radius-server attribute 8 include-in-access-req
radius-server host 192.168.240.28 auth-port 1812 acct-port 1813 key 7 15110402053A2E372B32
radius-server timeout 20
radius-server key 7 0110090A5A1B031C224D
radius-server vsa send authentication
The compliant client should have access to Vlan 60.

Juniper SSG and Cisco ACS v5.x Configuration

I searched for a long time unsuccessfully trying to find a resolution to my SSG320M and Cisco ACS v5.x TACACS dilemma. I finally got it working in my network, so I'm posting the resolution here in case anyone else is looking.
Configure the Juniper (CLI)
1. Add the Cisco ACS and TACACS+ configuration
     set auth-server CiscoACSv5 id 1
     set auth-server CiscoACSv5 server-name 192.168.1.100
     set auth-server CiscoACSv5 account-type admin
     set auth-server CiscoACSv5 type tacacs
     set auth-server CiscoACSv5 tacacs secret CiscoACSv5
     set auth-server CiscoACSv5 tacacs port 49
     set admin auth server CiscoACSv5
     set admin auth remote primary
     set admin auth remote root
     set admin privilege get-external
Configure the Cisco ACS v5.x (GUI)
1. Navigate to Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles
        Create the Juniper Shell Profile.
        Click the [Create] button at the bottom of the page
                Select the General tab
                        Name:    Juniper
                        Description: Custom Attributes for Juniper SSG320M
                Select the Custom Attributes tab
                    Add the vsys attribute:
                        Attribute:                vsys
                        Requirement:       Manadatory
                        Value:                    root
                        Click the [Add^] button above the Attribute field
                    Add the privilege attribute:
                        Attribute:                privilege
                        Requirement:       Manadatory
                        Value:                    root
                                Note: you can also use 'read-write' but then local admin doesn't work correctly
                        Click the [Add^] button above the Attribute field
                Click the [Submit] button at the bottom of the page
2. Navigate to Access Policies > Access Services > Default Device Admin > Authorization
        Create the Juniper Authorization Policy and filter by Device IP Address.
        Click the [Customize] button at the bottom Right of the page
                Under Customize Conditions, select Device IP Address from the left window
                        Click the [>] button to add it
                Click the [OK] button to close the window
                Click the [Create] button at the bottom of the page to create a new rule
                        Under General, name the new rule Juniper, and ensure it is Enabled
                        Under Conditions, check the box next to Device IP Address
                                Enter the ip address of the Juniper (192.168.1.100)
                        Under Results, click the [Select] button next to the Shell Profile field
                                Select 'Juniper' and click the [OK] button
                        Under Results, click the [Select] button below the Command Sets (if used) field
                                Select 'Permit All' and ensure all other boxes are UNCHECKED
                        Click the [OK] button to close the window
                Click the [OK] button at the bottom of the page to close the window
                Check the box next to the Juniper policy, then move the policy to the top of the list
                Click the [Save Changes] button at the bottom of the page
3. Login to the Juniper CLI and GUI, and attempt to change something to verify privilege level.

Cisco Prime LMS is not designed to manage appliances like the ACS. ACS is not on the LMS supported device list and I would doubt that it would be as LMS's functions are mostly not applicable to the appliance or software running on it.
You can use ACS as an authentication source for LMS, but authorization is still role-based according to the local accounts on the LMS server.

AM calls to LDAP No plugins configured for this operation

Hi All,
I am getting the following error when creating a user using AM SDK calls. Can someone shed some light here.
We are using SUN JES 2005Q4, AM 7.0 Patch 5.
Thanks
Bala
[#|2007-11-02T11:12:09.615-0500|WARNING|sun-appserver-ee8.1_02|javax.enterprise.system.stream.err|_ThreadID=13;|
Message:No plugins configured for this operation
at com.sun.identity.idm.server.IdServicesImpl.create(IdServicesImpl.java:177)
at com.sun.identity.idm.AMIdentityRepository.createIdentity(AMIdentityRepository.java:246)
at gov.research.core.eauth.action.SSOUtilities.createUser(SSOUtilities.java:197)
at gov.research.core.eauth.action.SAMLClientNSFAction.execute(SAMLClientNSFAction.java:99)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:747)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:257)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
at com.sun.enterprise.web.connector.httpservice.HttpServiceProcessor.process(HttpServiceProcessor.java:226)
at com.sun.enterprise.web.HttpServiceWebContainer.service(HttpServiceWebContainer.java:2071)
|#]

yes i am using JSF 1.2 version.
i have included listener tag in web.xml.But still i
am getting same error.
Sorry i didnt get couple of things that u explained
about myfaces.
could u explain more eloberately?JBoss comes with MyFaces as it's JSF implementation. If you wish to use JSF 1.2, you need to uninstall MyFaces and install Sun's RI of JSF (or another one if you prefer). It is not hard to do, see the JBoss documentation:
http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossWithIntegratedMyFaces

SaveBeforeExit plugin configuration

Hi all,
I need a help with SaveBeforeExit plugin configuration.
My scenario:
I have a tabular for where one column is defined as popup LOV. I would like to use a SaveBeforeExit plugin to display a warning message when there is some not saved data on the page.
I use a jQuery selector as "Disable Warning Selector" to disable the warning message when something is changed in existing row and user clicks on LOV arrow button (this works).
table.report-standard aBut this approach does not work when the new row is created. When I create a new row and put some data to some column and then click on LOV arrow button then the warning message is displayed. I have also tried to change the event scope of dynamic action from Static to Dynamic, but without success.
Could you please help me how to solve this issue?
My test appl..
www.oracle.apex.com
username: [email protected]
passwd: kurintest
appl: 71199
page: 2
As browser I use IE 8.
Thanks in advance!
Jiri

Since i have an IE8 here i can reproduce your issue. Works in FF without issues. I've been looking at it for a while, but i'm honestly getting so enormously frustrated by the crap that is called IE8. Debugging is such, SUCH, a pain. Even with the dev console open i'm not getting debug from apex.debug. The row that is added by "Add row" is not present in the pathetic piece of code that ie8 pretends is a DOM inspector. The console's inability to show objects. Sigh.
I can only guess it has something to do with no warning disable being run on the newly added row (and anchor tag). Not sure if this is a ""bug"" in the plugin or not.

Authorize plugin notify, on connection timeout + remote function execution

When a client application stops the stream I normally get an
E_STOP notify. But if a client dies due to network outage or the
client computer dies (or something other unforseen that doesnt give
a FIN/RST on the TCP connection), then it seems there is no way to
get a notification about this..
Or have I missed something?
If not, that is a big feature request for us, and probably
other people developing pay-per-view-stuff..
Also, is there some way to catch remote executions? Ie if my
client calls a function on my SSAS, can I catch that invocation in
my authorize module somehow? (Or in some other way get trigger some
code in my plugin, when a client calls a function)
Is there somewhere on the adobe site one can submit feature
requests to FMIS?
Thanks!

Hi, thanks for your answer!
Yes, that would be one solution that I've thought of.. But
then the question is how to interconnect SSAS/remote events with
the authorization plugin..
The only thing i've found is the addNotifyAction on
IFmsAuthEvent that allows me to call a a SSAS function from my
plugin (when I process an actual event). But not the other way
arround (dispatching an authorize/notify event in my plugin, from
SSAS) as far as I've seen...
I guess if I implement the server pinging feature, and do a
disconnect, i should get a E_DISCONNECT that I can use, so that
might be a (very ugly) solution.
Okay so I tried that now, with the following code:
application.onAppStart = function()
setInterval(application.pingAll, 30000);
Client.prototype.onStatus = function(info)
trace("client "+this.id+ "/"+this.ip+" onStatus with
"+info.code+", "+ info.level +": " +info.details);
Client.prototype.onResult = function(info)
trace("client "+this.id+ "/"+this.ip+" onResult with
"+info);
application.pingAll = function()
trace("Pinging "+application.clients.length+" clients");
for (i = 0; i < application.clients.length; i++)
var c = application.clients[ i ];
var r = c.call("ping", c);
trace("Pinging " + c.id + "/"+c.ip+ ", result "+r);
The result of this was, when pinging a client that was alive
I got "NetConnection.Call.Failed" immediately, but that was
expected since I haven't implement the ping function in my client.
So far so good.. Then I started another connection/stream on a
laptop, and pulled the plug.. A while later it tried to ping.. No
call to onStatus nor onResult.. waited a bit, after 5 minutes still
no call to onResult??.. return value from c.call was always true,
but after around 6-7 minutes, it started to return false instead.
But no call to onResult..
To me this seems like a bug? Or do I have to enable timeouts
or something?
I do have <AutoCloseIdleClients enable="true"> (with
60s check interval and 300 max idle) in my config, but still it
seems that the client object is alive in application.clients way
longer than 5 minutes..
Seems Adobe got a few quirks to sort out?
Thanks for any help or input!

ACS authorization fail

dear all,
When i am accessing one of my aaa client ,
which is getting authenticated from ACS Server 4.2
it is showinng as Authorization failure , what could be the issue
configuration on device &server side is proper

Hi,
Could you provide the aaa config part from the device? Along with this, please mention the protocol which you are using (Radius/Tacacs)?
If you are using Tacacs, make sure under the group setup, you have checked "shell" and under the privilege level, entered the privilege level which the user should be assigned.
Hope this helps
Kush

ACS authorization for copy SCP

Hi,
I configured the router to authorize all copy commands. Under ACS I need to allow only copy run: start: and Copy run scp: When I added under urguments:
permit run: startup:
permit run: scp:
it works fine for first one but for scp it will not.
When i checked the ACS under faild attempts. I found the ACS will not see any scp arguments. so to allow scp I should add:
permit running <cr>
which will allow all copies from running to any destination (for exapmly tftp. Can any one advice how I can restrict the copy commands for :
run startup
run scp
thanks

may be you have a error in few commands in the Shell command authorization set. Verify the complete & correct syntax of the command from the device and then configure it in ACS.

ACS Authorization

I'd like to configure shell authorization sets in ACS for Routers and switches .In this scenario, the users are able to use selective commands (configure terminal and to shut and no shut the interface only ) how can i do that on ACS
I tried the following but it doesn't work
configure permit terminal
interface permit shutdown
permit no shtdown
when i tested i can use any command under the interface configuration mode but i'd like to restrict it to shut and no shut only

Steve,
Did you resolve this issue??? I have configured shell authorization on the ACS and want to allow certain users to access conf t but limit their commands after this. When I do a shell set that includes 'configure permit terminal' there does not appear to be anyway to control the configuration commands. Access to all configuration is granted.
Any guidence would be appreciated.
Dean

ACS authorization query

Hi,
I would like to know what are the configurations required in Cisco ACS for authorization.
I have done the foll configurations in the switch.
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
radius-server host 10.240.252.247
radius-server key greenland.123
Thanks.
Rgds.,
Sack

Hi Narayan,
Sorry, I pasted the wrong configurations in the forum.Actual configurations in the device are as follows:
aaa authorization config-commands
aaa authorization exec default group radius local
radius-server host 10.240.252.247
radius-server key xxx
I would like to know what are the configurations required in the ACS server with respect to authorization as we are using radius.Do we need to add anything else apart from adding the client in ACS..?
Thanks.
Rgds.,
Sachin

Apache2.2 Plugin configuration issue with Weblogic 9.2

Hi All,
We are trying to configure apache plugin for weblogic 9.2 (Apache Proxying for Weblogic) in Solaris Spark. When we are testing the httpd.conf configuration using apachectl configtest we are getting following error.
httpd: Syntax error on line 80 of /data/httpserv/apache-2.2.10/conf/httpd.conf: Cannot load /data/httpserv/apache-2.2.10/modules/mod_wl_22.so into server: ld.so.1: httpd: fatal: /data/httpserv/apache-2.2.10/modules/mod_wl_22.so: wrong ELF class: ELFCLASS32
We were using the mod_wl_22.so file provided for Solaris/Spark in the link mentioned below.
http://download.oracle.com/otn/bea/weblogic/server103/server103_apacheplugins.zip
Apache 2.2.10 installation that we are using is a 64-bit version. It seems mod_wl_22.so provided in the above link for solaris/spark is a 32-bit version. Is it possible to get a 64bit version of this library?
Anybody has worked on same/similar kind of issues? Is there any workaround, for this?
Input/thoughts from anyone is highly appreciated

Hello, I'm not an expert at confugring Apache and WebLogic servers. Hopefully someone else who does know what they are doing will reply to your question.
I found your question because I am also working on an Apache / WebLogic install for an Ariba installation (in Windows 7).
However I did support a configuration of WebLogic on Solaris with Apache. I remember that the guy who did the Apache install mentioned that Apache needed to be compiled correctly - below is what he sent:
Apache server compilation options:
./configure prefix=/usr/local/apache_2.0.63 enable-mods-shared=all enable-ssl=shared enable-ssl with-ssl=/usr/local/ssl enable-proxy enable-proxy-connect enable-proxy-http --with-mpm=worker
I am still looking into the differences between the plugins (mod 22 so vs mod 20 so). Navigating the Oracle download options can be bewildering. I found the link to download a full zip file of plugins (below).
Oracle WebLogic Server Web Server Plugins 1.1
http://www.oracle.com/technetwork/middleware/ias/downloads/wls-plugins-096117.html
I clicked on "all versions."
Does the WLSPlugin1.1-64bitApache2.2-solaris-sparc.zip contain what you need?
Great luck to you!
-Tom Tobey

Cash book -FBCJ authorization for configuration of layout - need help

Hi All,
We are facing problem that our end users who all maintaining the cash book are all keep changing the alv layout by clicking the configuration button, I need to control this activities....
Regards
Krishnamoorthy T
Edited by: Krishnamoorthy T on Dec 28, :02 PM

Hi Krishnamoorthy,
Please arrest the authorization for all the end user and please go to the field status and make the filed suppressed.
Warm Regards,
Sivakumar Sathiaymoorthy

What's the best way to clone to another Mac with the same system id so I do not have to re-authorize plugins/programs?

I was told in a different thread that cloning is my answer for my problem. Once learning that, I checked around and saw people suggesting Super Duper over the Disk Utility option, saying that I will not have to re-authorize my programs. That it's the easiest way to clone one computer to the next without the hassle of having to reauthorizing all my programs and plugins. Is this true?

Clones are clones. SuperDuper does nothing special that Disk Utility does not do.
Clone using Restore Option of Disk Utility
Open Disk Utility from the Utilities folder.
Select the destination volume from the left side list.
Click on the Restore tab in the DU main window.
Check the box labeled Erase destination.
Select the destination volume from the left side list and drag it to the Destination entry field.
Select the source volume from the left side list and drag it to the Source entry field.
Double-check you got it right, then click on the Restore button.
Destination means the new computer. Source means the old computer.
You can connect the two via Firewire cable if both computers have Firewire ports. If not, then you will need to use an external hard drive as an intermediary. Clone the old computer's drive to the external drive. Then restore the clone from the external drive to the drive in the new computer.
Restoring the clone simply involves switching the Source and Destination.

Web Plugin Configuration

Anyone can help?
I have problem configuring the weblogin from
WebServer 6.1 to SJAS7.0. The following error
message is prompted..
line 25, column 50: HTTP3258: Error processing obj.conf line 25: HTTP2212: Directives must have at least one parameter
I have modify the following config file in webserver,
please advise.
magnus.conf
Init fn="load-modules" shlib="/APP/webserver61/plugins/passthrough/bin/libpassthrough.so" funcs="init-passthro
ugh,auth-passthrough,check-passthrough,service-passthrough" NativeThread="no"
Init fn="init-passthrough"
obj.conf
<Object name="passthrough">
ObjectType fn="force-type" type="magnus-internal/passthrough"
PathCheck fn="deny-existence" path="*/WEB-INF/*"
Service type="magnus-internal/passthrough" fn="service-passthrough"
servers="http://localhost:4830"
Error reason="Bad Gateway" fn="send-error" uri="/APP/webserver61/docs/badgateway.html"
</Object>

In obj.conf, is each of the lines beginning with upper case letters on a new line? i.e. it seems like servers="http://localhost:4830" is on a new line. It should not be. Make sure your configuration looks like
<Object name="passthrough">
ObjectType fn="force-type" type="magnus-internal/passthrough"
PathCheck fn="deny-existence" path="*/WEB-INF/*"
Service type="magnus-internal/passthrough" fn="service-passthrough" servers="http://localhost:4830"
Error reason="Bad Gateway" fn="send-error" uri="/APP/webserver61/docs/badgateway.html"
</Object>

Apache Plugin configuration

Hi,
I have an Apache in front of a weblogic cluster ;
what would be the correct configuration for achieving that every hit the apache receives should be passed to the cluster (= one of the instancies).
(Probaly a basic question but I'm having some kind of a blackout :-)
Tried something like thsi but it doesnst work ...
<IfModule mod_weblogic.c>
WebLogicCluster 1.1.1.1:7001,1.1.1.1:7003
MatchExpression *
ConnectTimeoutSecs 40
WLCookieName jsessionid
KeepAliveEnabled ON
</IfModule>
ThanX

Hmmm maybe I have been misleading myself...
The result was the same as before so I'll have to start doubting my tests.
The plugin log seems to indicate the request was passed to weblogic,
but the access logs I had activated on weblogic reflect no entries ..
I must have configured soemthing wrong.
PS tested a page that doesn't exist, since there is no content yet in Weblogic
Mon Apr 19 15:14:14 2010 <1922512716828251> ap_proxy: isThreaded set to -1
Mon Apr 19 15:14:14 2010 <1922512716828251> ap_proxy: mpm doesn't support threads; assigned dummy memory to timer thread
Mon Apr 19 15:14:14 2010 <1922512716828542>
================New Request: [GET /GETEst.html HTTP/1.1] =================
Mon Apr 19 15:14:14 2010 <1922512716828542> INFO: SSL is not configured
Mon Apr 19 15:14:14 2010 <1922512716828542> Using Uri /GETEst.html
Mon Apr 19 15:14:14 2010 <1922512716828542> After trimming path: '/GETEst.html'
Mon Apr 19 15:14:14 2010 <1922512716828542> The final request string is '/GETEst.html'
Mon Apr 19 15:14:14 2010 <1922512716828542> Host extracted from serverlist is [1.1.1.1]
Mon Apr 19 15:14:14 2010 <1922512716828542> Host extracted from serverlist is [1.1.1.1]
Mon Apr 19 15:14:14 2010 <1922512716828542> Initializing lastIndex=1 for a list of length=2
Mon Apr 19 15:14:14 2010 <1922512716828542> getListNode: created a new server node: id='1.1.1.1:7001,1.1.1.1:7003' server_name='1.1.1.1', port='80'
Mon Apr 19 15:14:14 2010 <1922512716828542> attempt #0 out of a max of 20
Mon Apr 19 15:14:14 2010 <1922512716828542> Trying a pooled connection for '1.1.1.1/7003/7003'
Mon Apr 19 15:14:14 2010 <1922512716828542> getPooledConn: No more connections in the pool for Host[1.1.1.1] Port[7003] SecurePort[7003]
Mon Apr 19 15:14:14 2010 <1922512716828542> general list: trying connect to '1.1.1.1'/7003/7003 at line 2630 for '/GETEst.html'
Mon Apr 19 15:14:14 2010 <1922512716828542> INFO: New NON-SSL URL
Mon Apr 19 15:14:14 2010 <1922512716828542> Connect returns -1, and error no set to 115, msg 'OperaciÃ³n en curso'
Mon Apr 19 15:14:14 2010 <1922512716828542> EINPROGRESS in connect() - selecting
Mon Apr 19 15:14:14 2010 <1922512716828542> Local Port of the socket is 45567
Mon Apr 19 15:14:14 2010 <1922512716828542> Remote Host 1.1.1.1 Remote Port 7003
Mon Apr 19 15:14:14 2010 <1922512716828542> general list: created a new connection to '1.1.1.1'/7003 for '/GETEst.html', Local port:45567
Mon Apr 19 15:14:14 2010 <1922512716828542> URL::parseHeaders: CompleteStatusLine set to [HTTP/1.1 404 Not Found]
Mon Apr 19 15:14:14 2010 <1922512716828542> URL::parseHeaders: StatusLine set to [404 Not Found]
Mon Apr 19 15:14:14 2010 <1922512716828542> parsed all headers OK
Mon Apr 19 15:14:14 2010 <1922512716828542> sendResponse() : r->status = '404'
Mon Apr 19 15:14:14 2010 <1922512716828542> Free old srvrList, id=[1.1.1.1:7001,1.1.1.1:7003], server_name=[1.1.1.1], server_port=[80]
Mon Apr 19 15:14:14 2010 <1922512716828542> Parsing cluster list: -141471731!-1408044506!7003!-1|-92253949!-1408044506!7001!-1
Mon Apr 19 15:14:14 2010 <1922512716828542> parseJVMID: Parsing JVMID '-141471731!-1408044506!7003!-1|-92253949!-1408044506!7001!-1'
Mon Apr 19 15:14:14 2010 <1922512716828542> parseJVMID: Actually parsing '-141471731!-1408044506!7003!-1'
Mon Apr 19 15:14:14 2010 <1922512716828542> ServerInfo struct for JVMID '-141471731' populated
Server Details are:
OrigHostInfo [1.1.1.1]
isOrigHostInfoDNS [0]
Host [1.1.1.1]
Port [7003]
SecurePort [0]
Mon Apr 19 15:14:14 2010 <1922512716828542> parseJVMID: Parsing JVMID '-92253949!-1408044506!7001!-1'
Mon Apr 19 15:14:14 2010 <1922512716828542> parseJVMID: Actually parsing '-92253949!-1408044506!7001!-1'
Mon Apr 19 15:14:14 2010 <1922512716828542> ServerInfo struct for JVMID '-92253949' populated
Server Details are:
OrigHostInfo [1.1.1.1]
isOrigHostInfoDNS [0]
Host [1.1.1.1]
Port [7001]
SecurePort [0]
Mon Apr 19 15:14:14 2010 <1922512716828542> Initializing lastIndex=1 for a list of length=2
Mon Apr 19 15:14:14 2010 <1922512716828542> ### Got a new Server List of length 2 ###
Mon Apr 19 15:14:14 2010 <1922512716828542> ###Response### : Srvr# [1] = [1.1.1.1:7003:0]
Mon Apr 19 15:14:14 2010 <1922512716828542> ###Response### : Srvr# [2] = [1.1.1.1:7001:0]
Mon Apr 19 15:14:14 2010 <1922512716828542> canRecycle: conn=1 status=404 isKA=0 clen=1214 isCTE=0
Mon Apr 19 15:14:14 2010 <1922512716828542> closeConn: URL.canRecycle() returns false, deleting URL '1.1.1.1/7003'
Mon Apr 19 15:14:14 2010 <1922512716828542> request [GETEst.html] processed sucessfully..................

ACS authorization plugins + configuration

Similar Messages

Maybe you are looking for