Adept Distributor Auth?

Hi,
I'm developing a .net solution to send and store files to ACS4 and using the Upload Test program as a starting point I'm getting the following error back - if anybody has any idea how to resolve this I'd be very grateful...
The error is:
E_ADEPT_DISTRIBUTOR_AUTH
with this extra bit in the XML too?
urn:uuid:00000000-0000-0000-0000-000000000001
I'm not sure whether this is something to do with the way I've encrypted the HMAC key or not based on the password that is supposed to be sent to the server?
Many thanks,
James

James
That means that means the HMAC doesn't match the message you sent. This can be because:
1.) You used the wrong key (should be the password for the built in distributor)
2.) You didn't do the hashing correctly
To rule out number 1, ensure that you can use UploadTest.jar successfully with that password.
For number 2, you are going to need to carefully look at the serialization of the XML for signature as implemented by the upload test. Unfortunately this was left out of the Tech Ref.
Alternatively if your Packaging service is behind a firewall, you can ignore the HMAC/message signature altogether by adding the following line to your packaging configuration file:
com.adobe.adept.persist.skipAuthentication=true
Jim Lester
Adobe Systems

Similar Messages

Count-parameter doesn't work

Hi there,
I'm currently developing against the ACS4 webservices andgot some problems with the count parameter.
As you can see I added the element limit with start and count in the request-XML.
"start" does exactly what it should do (acting as an offset) but "count" does nothing!
Every time the XML is sent all resources are returned (when start is 0 of course)!
I'm running ACS 4.0.3.
The XML is sent to:
http://...:8080/admin/QueryResourceItems
Here is the XML:
<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
- <request action="get" auth="builtin" xmlns="http://ns.adobe.com/adept">
<nonce>UGKxzD1ayVGqmnu169EOWg==</nonce>
<expiration>2009-07-10T14:28:56+02:00</expiration>
- <limit>
<start>0</start>
<count>30</count>
</limit>
<hmac>q+zuEPyqZoE3IW7Tdd6nFteXOsc=</hmac>
</request>
Does anybody see my mistake or is there an error somewhere else?
Thanks in advance,
Simon

I assume you've since got this working. Here's a post for others with the same issue.
We're using
<request xmlns="http://ns.adobe.com/adept">
<distributor>'.$distributor.'</distributor>
'<nonce>'.base64_encode(mt_rand(20000000,30000000000)).'</nonce>
<expiration>'.date("c", mktime() + 3600).'</expiration>
<QueryResourceItems/>
 <limit>
 <start>'.$start.'</start>
 <count>30</count>
 </limit>
</request>
And limit works fine

Problems with .acsm file

Hello,
I've purchased the book "The Shepherd" with my LG 500 Android device.
The downloaded format is .acsm which I can't open in Aldiko.
I've tried to use Astro, reinstall Aldiko - but both of them didn't help.
I was registered with my Adobe ID all the time in Aldiko.
Please help me open "the Shepherd" book in my mobile device.
Thanks
Shlomo
[email protected]

The .acsm file should look something like what I include below. Open with any text editor such as Notepad. Line spacing mught look different
If it doesn't look like that, the .acsm file is corrupt somehow.
When you do get a correct .acsm file and open it somewhere, it will actually download a real DRM encrypted .epub file.
You should be able to transfer the .epub file to another device and read it there as long as [a] the device has a DRM capable epub reader and [b] the device is registered to the same ID as the machine that first opend the .acsm and recovered the .epub.
I think you should be able to open the .acsm file and recover the .epub directly using the Bluefire app on the LG 500. I don't see why that should work any better than Aldiko, though.
Good luck
sample .acsm file for comparison
<fulfillmentToken fulfillmentType="loan" auth="user" xmlns="http://ns.adobe.com/adept">
<distributor>urn:uuid:f1227b83-f91b-4f30-9ae2-0f65ffeea9ac</distributor>
<operatorURL>http://acsepub.contentreserve.com/fulfillment</operatorURL>
<transaction>hampshire~392-666527-00013_A57380DD-F4B1-45E1-8540-80ADF02356B8-410</transac tion>
<expiration>2012-01-28T18:19:26-05:00</expiration>
<resourceItemInfo>
 <resource>urn:uuid:bfcc3f24-53a3-459d-9a57-c388ab3527df</resource>
 <resourceItem>1</resourceItem>
 <metadata>
 <dc:title xmlns:dc="http://purl.org/dc/elements/1.1/">At Home</dc:title>
 <dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Bill Bryson</dc:creator>
 <dc:publisher xmlns:dc="http://purl.org/dc/elements/1.1/">Transworld</dc:publisher>
 <dc:identifier xmlns:dc="http://purl.org/dc/elements/1.1/">978-1-40909-554-5</dc:identifier>
 <dc:format xmlns:dc="http://purl.org/dc/elements/1.1/">application/epub+zip</dc:format>
 <dc:language xmlns:dc="http://purl.org/dc/elements/1.1/">en</dc:language>
 <thumbnailURL>http://images.contentreserve.com/ImageType-200/0211-1/{A57380DD-F4B1-45E1-8540-80ADF02356B8}Img200.jpg</thumbnailURL>
 </metadata>
 <licenseToken>
 <resource>urn:uuid:bfcc3f24-53a3-459d-9a57-c388ab3527df</resource>
 <permissions>
 <display>
 <duration>1209592</duration>
 </display>
 <excerpt>
 <duration>1209592</duration>
 </excerpt>
 <print>
 <duration>1209592</duration>
 </print>
 <play>
 <duration>1209592</duration>
 </play>
 </permissions>
 </licenseToken>
</resourceItemInfo>
<hmac>WST7GaQvddZKRWYM0YaR23bDLR4=</hmac>
</fulfillmentToken>

License server communication problem: E_ADEPT_INTERNAL ??

When our customer downloads an epub link created by the adobe content server:
http://acs.riverwatcher.com:8080/fulfillment/URLLink.acsm?action=enterorder&ordersource=Sa gamore+Publishing+Store&orderid=1069267236_0&resid=urn%3Auuid%3A183e17c3-e5e3-43d9-8fde-ac c0177050b2&gbauthdate=09%2F27%2F2010+18%3A54+UTC&dateval=1285613645&gblver=4&auth=94ae7877 0104329ba549893bdff875f8e4582d1a
This allows them to open or save the following URLink.ascm file:
<fulfillmentToken fulfillmentType="buy" xmlns="http://ns.adobe.com/adept">
<distributor>urn:uuid:c58286f7-2655-4df5-8b63-912344f3ffe3</distributor>
<operatorURL>http://acs.riverwatcher.com:8080/fulfillment</operatorURL>
<expiration>2010-09-07T11:37:34-04:00</expiration>
<transaction>123456789</transaction>
<resourceItemInfo>
 <resource>urn:uuid:7763a743-4a7d-4153-b0c4-5bccaec539a2</resource>
 <resourceItem>1</resourceItem>
 <metadata>
 <dc:title xmlns:dc="http://purl.org/dc/elements/1.1/">
Edgar Poe, sa vie et ses oeuvres
</dc:title>
 <dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">
Baudelaire, Charles
</dc:creator>
 <dc:format xmlns:dc="http://purl.org/dc/elements/1.1/">application/epub+zip</dc:format>
 <dc:publisher xmlns:dc="http://purl.org/dc/elements/1.1/">
Feedbooks (www.feedbooks.com)
</dc:publisher>
<dc:language xmlns:dc="http://purl.org/dc/elements/1.1/">
fr
</dc:language>
 <dc:description xmlns:dc="http://purl.org/dc/elements/1.1/"></dc:description>
 <dc:identifier xmlns:dc="http://purl.org/dc/elements/1.1/">
urn:uuid:5f652f06-2d90-11dd-804a-001cc049a027
</dc:identifier>
 </metadata>
 <src>http://acs.riverwatcher.com:8080/media/7763a743-4a7d-4153-b0c4-5bccaec539a2.epub</src>
 <downloadType>simple</downloadType>
</resourceItemInfo>
<hmac>c/D6CH3gm/2EAw54j0AwM7FDG74=</hmac>
</fulfillmentToken>
They receive the following error in Adobe Digital Editions:
Error getting license
License server communication problem: E_ADEPT_INTERNAL
Here is the log from our acs server:
java.lang.NullPointerException
 at java.io.ByteArrayInputStream.<init>(ByteArrayInputStream.java:106)
 at com.adobe.adept.shared.request.LicenseToken.<init>(LicenseToken.java:100)
 at com.adobe.adept.fulfillment.servlet.Fulfill.writeLicense(Fulfill.java:979)
 at com.adobe.adept.fulfillment.servlet.Fulfill.doPost(Fulfill.java:1137)
 at com.adobe.adept.fulfillment.servlet.Fulfill.doPost(Fulfill.java:73)
 at com.adobe.adept.servlet.AdeptServlet.doPost(AdeptServlet.java:184)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja va:588)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
 at java.lang.Thread.run(Thread.java:636)
Please advise, any help you can provide would be very helpful. This is only happening with a select few of the books I packaged into the acs server. Using the exact same packaging and fulfillment process works fine for many of the pdfs we uploaded. There does not seem to be any common thread among the ones that fail vs. the ones that do not fail.
Things we have tried:
* Renaming the file prior to upload to have no spaces/special characters.
* deleting the product and trying again from scratch.
Has ANYONE seen this before? Or have any idea what could be the cause?
Thank you in advance,
Joe

Is the transaction in the fulfillmentToken really '123456789' and not '1079267236_0'?
At a quick look the exception is that it is unable to create a license for this. From memory the usual error for this is that the transaction is already recorded in the fulfillment table but there is no corresponding item in the license in the license table (join the user from the fulfillment table with the resource with the fulfillment item table - join is the fulfillmentid)
-jim

Using pass hash for fulfillment

Hi,
has anybody successfuly used the new pass hash in ACS and knows how to implement the fulfillment?
I got as far as:
Extracting the com.adobe.adept.fulfillment.PasshashInfo interface from the WAR file
Setting two system properties to use our code (not just one as the user manual claims!)
com.adobe.adept.fulfillment.passhashInterface=com.foo.passhash.SimplePassHash
com.adobe.adept.fulfillment.passhashJarFilename=/usr/local/acs/server.passhash.jar
Set the distribution type to "passhash"
<request xmlns="http://ns.adobe.com/adept" action="create" auth="builtin">
<distributionRights>
 <distributionType>loan</distributionType>
 <distributor>urn:uuid:23ea9130-7de4-4446-ae31-4786e99fc687</distributor>
 <resource>urn:uuid:3b7bd568-e54a-4d7d-8457-62ad72931512</resource>
 <userType>passhash</userType>
 <usePasshash>true</usePasshash>
 <permissions xmlns="http://ns.adobe.com/adept">
 
 <display/>
</permissions>
</distributionRights>
<expiration>2011-06-27T13:19:39+02:00</expiration>
<nonce>KoxJ73c7VgqZu247YwEdvg==</nonce>
<hmac>BTnHmezdqhaVerBWcejs9jtdZEg=</hmac>
</request>
Call the Fulfillment-Servlet, but here some parameters are unknown (???) to be
<fulfill xmlns="http://ns.adobe.com/adept">
<fulfillmentToken auth="none" fulfillmentType="loan" xmlns="http://ns.adobe.com/adept">
 <expiration>2011-07-23T13:51:42+02:00</expiration>
 <distributor>urn:uuid:23ea9130-7de4-4446-ae31-4786e99fc687</distributor>
 <transaction>ACS4-1823244310</transaction>
 <operatorURL>http://acs.foo.com/acs-fulfillment</operatorURL>
 <resourceItemInfo>
 <resource>urn:uuid:3b7bd568-e54a-4d7d-8457-62ad72931512</resource>
 </resourceItemInfo>
 <hmac>qPUhgdJvHobQafRVKnxhQvkUhyw=</hmac>
</fulfillmentToken>
<user>??? Is that passed to the PasshashInfo ???</user>
<device>???What is that ???</device>
<signature>???How do I generated this ???</signature>
<hmac>6OomkDlZ6wmACpOVhPfleJxWX8M=</hmac>
</fulfill>
I'm trying to write some roundtrip integration test the uploads the document and simulates the client fulfillment then.
At first I'd just like to see our implementation of the interface being called.
Next I'd be glad if someone could tell me how the call back methods should be implemented at all.
Thanks in advance
 Markus

Bump!
Have you gotten any further with your investigation?
We are going to start implementing this feature,
but since its so poorly documented we hoped that someone could provide us with some more information.
Does anybody at Adobe read this forum?
The documentation delivered with ACS4.1 is not complete.
Adobe: Please provide some feedback!!
Marius

Cannot download ADOBE DRM EPUBs to my PC. Authorization keeps reverting to "no ID" and error "E-AUTH-NOT-READY". Deleting Adept from registry no help.

Cannot download ADOBE DRM EPUBs to my PC. Authorization keeps reverting to "no ID" and error "E-AUTH-NOT-READY". Deleting Adept from registry no help.

Cannot download ADOBE DRM EPUBs to my PC. Authorization keeps reverting to "no ID" and error "E-AUTH-NOT-READY". Deleting Adept from registry no help.

/admin/ManageDistributor - get DistributorData for single Distributor?

Is it not possible to retrieve the DistributorData for a single distributor using built-in auth? I'm attempting to get a distributor based in its id by setting auth to built-in and signing the request with the the built-in distributor's secret key:
<request action="get" auth="built-in">
 <distributor>(specific distributor id)</distributor>
 <nonce>(nonce) </nonce>
 <expiration>(date)</expiration>
 <hmac>(HMAC based on built-in password)</hmac>
</request>
The response returned is "E_ADEPT_PERMISSION_DENIED".
If I use the buil-in distributor's id, it works fine, but it returns _all_ of the distributors, and I only want a specific one.
Thanks,
Eric

Jim,
So I need to do something similar to the following?:
<?xml version="1.0" encoding="UTF-8"?>
<request xmlns="http://ns.adobe.com/adept" action="get" auth="builtin">
 <distributordata>
 <distributor>urn:uuid:6edb3aed-53b9-4cc8-bdb3-58cd93ed8c6c</distributor>
 </distributordata>
 <nonce>MTI3MzAwNTQ1OTE0MA==</nonce>
 <expiration>2010-05-04T15:37:39-06:00</expiration>
 <hmac>3sWJSCb3uUW1SVWjq2AH+5ShxBE=</hmac>
</request>
This still doesn't return a distributordata element even though there is a distributor with the id 'urn:uuid:6edb3aed-53b9-4cc8-bdb3-58cd93ed8c6c'.

Deleting a distributor results in E_ADEPT_DATABASE

Hello,
Our test ACS4 setup is pretty much plain Jane and, after trying to delete a distributor, I got an error. That distributor's inventory is empty. Here's the relevant log information:
TRACE AdeptServlet: request POST http://***************:8080/admin/ManageDistributor
TRACE DefaultSQLDatabaseConnection: Open jdbc:mysql://127.0.0.1:3306/adept with user=********
TRACE DefaultSQLDatabaseConnection: SELECT distid, name, description, disturl, notifyurl, publickey, sharedsecret, maxloancount, linkexpiration FROM distributor WHERE distid = ?
TRACE DefaultSQLDatabaseConnection: obj 1 = 00000000-0000-0000-0000-000000000001
TRACE DefaultSQLDatabaseConnection: SELECT distid, name, description, disturl, notifyurl, publickey, sharedsecret, maxloancount, linkexpiration FROM distributor WHERE distid = ?
TRACE DefaultSQLDatabaseConnection: obj 1 = 00000000-0000-0000-0000-000000000001
TRACE DefaultSQLDatabaseConnection: SELECT distid, nonce, expiration FROM distusednonce WHERE distid = ? AND nonce = ?
TRACE DefaultSQLDatabaseConnection: obj 1 = 00000000-0000-0000-0000-000000000001
TRACE DefaultSQLDatabaseConnection: obj 2 = [B@372a96
TRACE DefaultSQLDatabaseConnection: INSERT INTO distusednonce(distid, nonce, expiration) VALUES(?, ?, ?)
TRACE DefaultSQLDatabaseConnection: obj 1 = 00000000-0000-0000-0000-000000000001
TRACE DefaultSQLDatabaseConnection: obj 2 = [B@372a96
TRACE DefaultSQLDatabaseConnection: obj 3 = Wed Jul 29 18:44:34 PDT 2009
TRACE DefaultSQLDatabaseConnection: DELETE FROM distusednonce WHERE expiration < ? AND distid = ? AND nonce = ?
TRACE DefaultSQLDatabaseConnection: obj 1 = Wed Jul 29 18:14:34 PDT 2009
TRACE DefaultSQLDatabaseConnection: obj 2 = 00000000-0000-0000-0000-000000000001
TRACE DefaultSQLDatabaseConnection: obj 3 = [B@372a96
TRACE DefaultSQLDatabaseConnection: DELETE FROM distributor WHERE distid = ?
TRACE DefaultSQLDatabaseConnection: obj 1 = 5b0c03ac-4e73-4032-8c3a-a29b8a97c934
ERROR DefaultSQLDatabaseConnection: com.mysql.jdbc.exceptions.MySQLIntegrityConstraintViolationException: Cannot delete or update a parent row: a foreign key constraint fails (`adept`.`distributionrights`, CONSTRAINT `distributionrights_ibfk_1` FOREIGN KEY (`distid`) REFERENCES `distributor` (`distid`))
ERROR AdeptServlet: database error [***************]
com.mysql.jdbc.exceptions.MySQLIntegrityConstraintViolationException: Cannot delete or update a parent row: a foreign key constraint fails (`adept`.`distributionrights`, CONSTRAINT `distributionrights_ibfk_1` FOREIGN KEY (`distid`) REFERENCES `distributor` (`distid`))
 at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:931)
 at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:2870)
 at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1573)
 at com.mysql.jdbc.ServerPreparedStatement.serverExecute(ServerPreparedStatement.java:1169)
 at com.mysql.jdbc.ServerPreparedStatement.executeInternal(ServerPreparedStatement.java:693)
 at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1404)
 at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1318)
 at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1303)
 at com.adobe.adept.persist.DefaultSQLDatabaseConnection.delete(DefaultSQLDatabaseConnection. java:392)
 at com.adobe.adept.admin.servlet.ManagePersistent.handleDelete(ManagePersistent.java:152)
 at com.adobe.adept.admin.servlet.ManagePersistent.doPost(ManagePersistent.java:325)
 at com.adobe.adept.admin.servlet.ManagePersistent.doPost(ManagePersistent.java:40)
 at com.adobe.adept.servlet.AdeptServlet.doPost(AdeptServlet.java:184)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja va:583)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
 at java.lang.Thread.run(Unknown Source)
TRACE AdeptServlet: request end http://***************:8080/admin/ManageDistributor
We're using:
Java:jre6_14
MySQL:5.1
Thanks for any help. (Not that deleting distributors is *that* crucial but I'd rather not be left with cluttering crud if I can help it.)
TS

Probably a login error and then using it after a login error:
Once you are in the admin console try to login in again
A failure should look like
Content Server Request:
http://.../admin/ManageDistributor
<request action="get" auth="builtin" xmlns="http://ns.adobe.com/adept">
<nonce>v0f8tAAAAAU=</nonce>
<expiration>2011-08-12T19:06:31-00:00</expiration>
<distributorData>
 <distributor>urn:uuid:00000000-0000-0000-0000-000000000001</distributor>
 <sharedSecret>...</sharedSecret>
</distributorData>
<hmac>JNJcIdZrABSxfvvthCRDunMFgJI=</hmac>
</request>
Warning:
<response xmlns="http://ns.adobe.com/adept"/>
A success should look like:
Content Server Request:
http://.../admin/ManageDistributor
<request action="get" auth="builtin" xmlns="http://ns.adobe.com/adept">
<nonce>v0mcOQAAAAY=</nonce>
<expiration>2011-08-12T19:08:17-00:00</expiration>
<distributorData>
 <distributor>urn:uuid:00000000-0000-0000-0000-000000000001</distributor>
 <sharedSecret>...</sharedSecret>
</distributorData>
<hmac>Z3AlWcnk5sBth46o4hyFspzdF5c=</hmac>
</request>
Content Server Response:
<response xmlns="http://ns.adobe.com/adept">
<distributorData>
 <distributor>urn:uuid:00000000-0000-0000-0000-000000000001</distributor>
 <sharedSecret>...</sharedSecret>
 <distributorURL>built-in</distributorURL>
 <name>builtin</name>
 <description>Built-in distributor for administrative purposes</description>
 <maxLoanCount>0</maxLoanCount>
 <linkExpiration>604800</linkExpiration>
</distributorData>
</response>

Issue with AP Auth List

Hi guys,
I'm havin problems joining an AP (3602I) to my controller (5508) when authorising MIC's against against my auth-list on the controller.
I have added the AP MAC address to the auth-list but the AP won't successfully join. The controller occasionally says "joined" and I can view it in the AP list, but the AP status is always UNKNOWN, whereby I will reset the AP and try again.
Any ideas?
Thanks.

show inv:
Burned-in MAC Address............................ E8:B7:48:A1:CD:A0
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 100
NAME: "Chassis"    , DESCR: "Cisco 5500 Series Wireless LAN Controller"
PID: AIR-CT5508-K9, VID: V01, SN: xxxxxxxxxx
AP sh ver:
AP78da.6e42.85ca#sh ver
Cisco IOS Software, C3600 Software (AP3G2-K9W8-M), Version 15.2(4)JA1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 30-Jul-13 22:57 by prod_rel_team
ROM: Bootstrap program is C3600 boot loader
BOOTLDR: C3600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(23c)JY, RELEASE SOFTWARE (fc1)
AP78da.6e42.85ca uptime is 22 minutes
System returned to ROM by power-on
System image file is "flash:/ap3g2-k9w8-mx.152-4.JA1/ap3g2-k9w8-xx.152-4.JA1"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP3602I-E-K9 (PowerPC) processor (revision A0) with 180214K/81920K bytes of memory.
Processor board ID FCZ1749J1KS
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.5.102.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 78:DA:6E:42:85:CA
Part Number                          : 73-14521-02
PCA Assembly Number                  : 800-37501-02
PCA Revision Number                  : A0
PCB Serial Number                    : FOC17444F2D
Top Assembly Part Number             : 800-35852-02
Top Assembly Serial Number           : FCZ1749J1KS
Top Revision Number                  : C0
Product/Model Number                 : AIR-CAP3602I-E-K9
Configuration register is 0x
WLC software version: 7.5.102.0
FUS: 7.0.112.21
Thanks again Scott.

How to delete an item in adept database

I would like to know how to delete an item in my adept Inventory or/and in my Distributor with a script putting the ID as a variable.
What woud you advise ?
Thanks

Hai Madhu,
It is pretty simple.
First u define a button. and in onAction Event of the button write the following code.
process is as follows:
1)get the node
2)get the element
3)using the method remove_element() ,remove the element.
The Sample Code is as follows
DATA:
 node_flighttab TYPE REF TO if_wd_context_node,
 elem_flighttab TYPE REF TO if_wd_context_element.
 node_flighttab = wd_context->get_child_node( 'FLIGHTTAB' ).
get element via lead selection
 elem_flighttab = node_flighttab->get_element( ).
 node_flighttab->remove_element( element = elem_flighttab ).
Follow the above code ,it will definately help you.

802.1x Auth-Fail VLAN and Guest-VLan not available

Hi Pros,
Having an issue with an 881 I have recently acquired. I'm wanting to setup a Virtual Office scenario. Everything is working fine except for 802.1x...
I can get the 881 to authenticate things connected to it, but I don't have the options of guest-vlan or auth-fail vlan.
Idea is if the users takes the router home and someone, either accidentally or on pupose, connects an unauthorized Laptop, they stay off the Corp network but can get to the internet still.
I found this link on Cisco's site:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6660/ps6808/deployment_guide_c07_458259_ns855_Networking_Solutions_White_Paper.html
That link shows them configuring a guest vlan right on the fa0-3 ports of an 881W. I dont have that option on mine. I can only configure 802.1x on the vlan interface. I have 802.1x working, for things that connect to vlan1, but I would like to have a "fallback" setup.
EZVPN_Remote(config-if)#int fa1
EZVPN_Remote(config-if)#dot
EZVPN_Remote(config-if)#dot1?
dot1q
EZVPN_Remote(config-if)#dot1
EZVPN_Remote(config-if)#int vlan1
EZVPN_Remote(config-if)#dot1x ?
default           Configure Dot1x with default values for this port
host-mode         Set the Host mode for 802.1x on this interface
max-reauth-req    Max No.of Reauthentication Attempts
max-req           Max No.of Retries
pae               Set 802.1x interface pae type
port-control      set the port-control value
reauthentication Enable or Disable Reauthentication for this port
timeout           Various Timeouts
Any thoughts why I'm seeing this behavior? Feature-set? IOS Version?
EZVPN_Remote#sh ver
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.1(2)T4, )
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 12-Jul-11 21:02 by prod_rel_team
ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
EZVPN_Remote uptime is 6 hours, 1 minute
System returned to ROM by reload at 14:53:21 UTC Thu Oct 13 2011
System restarted at 14:52:47 UTC Thu Oct 13 2011
System image file is "flash:c880data-universalk9-mz.151-2.T4.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 881 (MPC8300) processor (revision 1.0) with 236544K/25600K bytes of memor.
Processor board ID FTX153482GK
5 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
256K bytes of non-volatile configuration memory.
126000K bytes of ATA CompactFlash (Read/Write)
License Info:
License UDI:
Device#   PID                   SN
*0        CISCO881-SEC-K9       xxxxxxxx
License Information for 'c880-data'
    License Level: advipservices   Type: Permanent
    Next reboot license Level: advipservices
Thanks in advance!

Shamless bump...

Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

I would love some help with this issue. I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0 I have a test account set up with lab.acme.com to use the ACS.
When I log into my site using Windows Auth, everything is great. However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
to use to log in and after 3-5 second
and return me the logon page with error message “Authentication failed”
I base my setup on the technet article
http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
I validated than all my certificate are valid and able to retrieve the crl
I got in eventlog id 300
The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Additional Data
Exception details:
Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
serializationContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
trustNamespace, AsyncCallback callback, Object state)
System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
thx
Stef71

This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
on my case was :
PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ad0001.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
Certificate : [Subject]
CN=domain.AD0001CA, DC=domain, DC=com
[Issuer]
CN=domain.AD0001CA, DC=portal, DC=com
[Serial Number]
blablabla
[Not Before]
22/07/2014 11:32:05
[Not After]
22/07/2024 11:42:00
[Thumbprint]
blablabla
Name : domain.ad0001
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : domain.ad0001
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17164
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ADFS_Signing.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
Certificate : [Subject]
CN=ADFS Signing - adfs.domain
[Issuer]
CN=ADFS Signing - adfs.domain
[Serial Number]
blablabla
[Not Before]
23/07/2014 07:14:03
[Not After]
23/07/2015 07:14:03
[Thumbprint]
blablabla
Name : Token Signing Cert
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : Token Signing Cert
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17184
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.PORTAL>

Help need in creation of auth object

Hi all,
can anyone assist me in creating an auth object to restrict users based on plant.
I would appreciate i anyone of you could send me screen shots of the procedure.
My email id is
<removed by moderator>
Thanks
Venki

Hi,
Basically you can use derived role and restric users based on plant...
Other than standard objects do you want to create auth objects.
For more information on you can follow link. info on objects
http://help.sap.com/saphelp_47x200/helpdata/en/ea/e9b0054c7211d189520000e829fbbd/frameset.htm
Cheers
Soma

Auth.log - Rejected send message, 2 matched rules; type="method_call"

Hi,
i'm checking the /var/log/auth.log and I found out that there is this error message
Jun 9 20:19:56 localhost polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session2 (system bus name :1.23 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Jun 9 20:19:57 localhost dbus[513]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.23" (uid=1000 pid=861 comm="/usr/bin/gnome-shell ") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.1" (uid=0 pid=654 comm="/usr/sbin/console-kit-daemon --no-daemon ")
Jun 9 20:19:57 localhost dbus[513]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.23" (uid=1000 pid=861 comm="/usr/bin/gnome-shell ") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.1" (uid=0 pid=654 comm="/usr/sbin/console-kit-daemon --no-daemon ")
Jun 9 20:19:57 localhost dbus[513]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.23" (uid=1000 pid=861 comm="/usr/bin/gnome-shell ") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.1" (uid=0 pid=654 comm="/usr/sbin/console-kit-daemon --no-daemon ")
if think the problem is in /etc/dbus-1/system.conf
<deny send_type="method_call"/>
I'm tempted to change this to allow, but I won't as long as I don't understand why this deny-rule is implemented.
Last edited by miky76 (2012-06-09 20:41:06)

That deny rule is the default. Things in /etc/dbus-1/system.d override it. There's a ConsoleKit.conf file in there that describes what interaction ConsoleKit actually allows.
That said, ConsoleKit.conf also denies this access:
<deny send_destination="org.freedesktop.ConsoleKit"
send_interface="org.freedesktop.DBus.Properties" />
I don't know why this is denied - most likely it's to prevent private data from being stolen from console-kit-daemon in this way. I don't see any such private data stored in properties on ConsoleKit, though:
$ dbus-send --print-reply --system --dest=org.freedesktop.ConsoleKit /org/freedesktop/ConsoleKit/Session1 org.freedesktop.DBus.Introspectable.Introspect
method return sender=:1.5 -> dest=:1.14 reply_serial=2
string "<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
<node>
<interface name="org.freedesktop.DBus.Introspectable">
<method name="Introspect">
<arg name="data" direction="out" type="s"/>
</method>
</interface>
<interface name="org.freedesktop.DBus.Properties">
<method name="Get">
<arg name="interface" direction="in" type="s"/>
<arg name="propname" direction="in" type="s"/>
<arg name="value" direction="out" type="v"/>
</method>
<method name="Set">
<arg name="interface" direction="in" type="s"/>
<arg name="propname" direction="in" type="s"/>
<arg name="value" direction="in" type="v"/>
</method>
<method name="GetAll">
<arg name="interface" direction="in" type="s"/>
<arg name="props" direction="out" type="a{sv}"/>
</method>
</interface>
<interface name="org.freedesktop.ConsoleKit.Session">
<method name="SetIdleHint">
<arg name="idle_hint" type="b" direction="in"/>
</method>
<method name="GetIdleSinceHint">
<arg name="iso8601_datetime" type="s" direction="out"/>
</method>
<method name="GetIdleHint">
<arg name="idle_hint" type="b" direction="out"/>
</method>
<method name="Unlock">
</method>
<method name="Lock">
</method>
<method name="Activate">
</method>
<method name="GetCreationTime">
<arg name="iso8601_datetime" type="s" direction="out"/>
</method>
<method name="IsLocal">
<arg name="local" type="b" direction="out"/>
</method>
<method name="IsActive">
<arg name="active" type="b" direction="out"/>
</method>
<method name="GetLoginSessionId">
<arg name="login_session_id" type="s" direction="out"/>
</method>
<method name="GetRemoteHostName">
<arg name="remote_host_name" type="s" direction="out"/>
</method>
<method name="GetDisplayDevice">
<arg name="display_device" type="s" direction="out"/>
</method>
<method name="GetX11DisplayDevice">
<arg name="x11_display_device" type="s" direction="out"/>
</method>
<method name="GetX11Display">
<arg name="display" type="s" direction="out"/>
</method>
<method name="GetUnixUser">
<arg name="uid" type="u" direction="out"/>
</method>
<method name="GetUser">
<arg name="uid" type="u" direction="out"/>
</method>
<method name="GetSessionType">
<arg name="type" type="s" direction="out"/>
</method>
<method name="GetSeatId">
<arg name="sid" type="o" direction="out"/>
</method>
<method name="GetId">
<arg name="ssid" type="o" direction="out"/>
</method>
<signal name="Unlock">
</signal>
<signal name="Lock">
</signal>
<signal name="IdleHintChanged">
<arg type="b"/>
</signal>
<signal name="ActiveChanged">
<arg type="b"/>
</signal>
<property name="idle-hint" type="b" access="readwrite"/>
<property name="is-local" type="b" access="readwrite"/>
<property name="active" type="b" access="readwrite"/>
<property name="x11-display-device" type="s" access="readwrite"/>
<property name="x11-display" type="s" access="readwrite"/>
<property name="display-device" type="s" access="readwrite"/>
<property name="remote-host-name" type="s" access="readwrite"/>
<property name="session-type" type="s" access="readwrite"/>
<property name="user" type="u" access="readwrite"/>
<property name="unix-user" type="u" access="readwrite"/>
</interface>
</node>
Note those properties at the end of that list, which are the same things you can learn by running ck-list-session.
If you want to change the deny to allow, you may as well do it in the ConsoleKit.conf line, so it's specific to this usage, rather than allowing any method call in the world called through dbus.
FWIW, I can reproduce this same error, trying to do it "by hand", though I don't use GNOME, as you do:
$ dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.ConsoleKit /org/freedesktop/ConsoleKit/Session1 org.freedesktop.DBus.Properties.GetAll string:org.freedesktop.ConsoleKit.Session
Error org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 2 matched rules; type="method_call", sender=":1.17" (uid=1000 pid=13892 comm="dbus-send --print-reply --system --type=method_cal") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination="org.freedesktop.ConsoleKit" (uid=0 pid=751 comm="/usr/sbin/console-kit-daemon --no-daemon ")

Implement Hierarchy's On InfoObject that is Not Auth Relevant.

Hello Friends,
Please Advice me in this issue.
I am Upgrading from 3.1 to 7.0.I am able to implement hierarchies when the Infoobject is auth relevant.
There are hierarchies in 3.1 on Infoobjects which are Not Auth Relevant.
Like 0PLANT ..I don't know how to implement using this.
Is there any way to implement hierarchies on InfoObjects which are not auth relevant in BI 7.0 using Analysis authorizations.
Or Do i need to make thes non auth relevant InfoObjects of 3.1 to auth relevant in 7.0 and implement hierarchies.
Please advice.
Thanks,
Ram

Hi Keerti,
Can you please tell me how to implement hierarchy with out making 0PLANT auth relevant.
We are upgrading from 3.1 to 7.0.
0PLANT is not auth relevant in 3.1 but it has Hierarchies.
So business team wants to have the same in 7.0 with out making it auth relevant.
Please help me in doing this.
Thanks
Ram

Adept Distributor Auth?

Similar Messages

Maybe you are looking for