App Server 8.0 LDAP SSL Problems

Similar Messages

• App Server 8.1 JDBC Connection problem

  Dear Expert,
  Cu are using Sun Java System Application Server Enterprise Edition 8.1. Cu created one jdbc connection pool and datasource. They are called
  jdbc/RM
  From the App Server Admin Console -> Connection Pool, cu can "Ping" the database via the connection pool.
  Cu did the configuration on web.xml and sun-web.xml
  web.xml
  <resource-ref>
  <description>Oracle Database Connection - Rawmart</description>
  <res-ref-name>jdbc/RM</res-ref-name>
  <res-type>javax.sql.DataSource</res-type>
  <res-auth>Container</res-auth>
  </resource-ref>
  sun-web.xml
  <resource-ref>
  <res-ref-name>jdbc/RM</res-ref-name>
  <jndi-name>jdbc/RM</jndi-name>
  </resource-ref>
  In customer class,
  220: protected void initDataSource() throws NamingException {
  221: initContext = new InitialContext();
  222: envContext = (Context) initContext.lookup("java:comp/env");
  223: String dataSource = rConfigObject.getConfigValue("DATASOURCE");
  224: rDataSource = (DataSource) envContext.lookup(dataSource);
  225: }Exception occurs on line no. 222 already.
  From server.log, we get
  ================
  #|2005-06-03T11:36:11.562+0800|WARNING|sun-appserver-ee8.1|javax.enterprise.system.stream.err|_ThreadID=10;|
  javax.naming.NameNotFoundException: No object bound for java:comp/env [Root exception is java.lang.NullPointerException]
  at com.sun.enterprise.naming.java.javaURLContext.lookup(javaURLContext.java:161)
  at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:288)
  at javax.naming.InitialContext.lookup(InitialContext.java:351)
  at com.ns.DBObject.initDataSource(DBObject.java:222)
  at com.ns.DBObject.connectPool(DBObject.java:213)
  at com.ns.DBObject.<init>(DBObject.java:91)
  at com.ns.DBObject.getInstance(DBObject.java:122)
  at com.ncharter.NCContextListener.contextInitialized(NCContextListener.java:28)
  at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4010)
  at org.apache.catalina.core.StandardContext.start(StandardContext.java:4525)
  ===============
  Do you have any ideas on this problem? Thanks.
  Regards,
  Angus

  Try asking the Customer to fire up the JNDI browser in the admin console and try to browse the JNDI tree.
  What class is the InitialContext.lookup() happening in? Is that getting executed in the servlet class or a standalone client?
  thanks.

• Weblogic Server 8.1 SP4 SSL Problem

  I had a server setup using SSL and x.509 certificates on Weblogic 8.1 SP3. Everything was setup fine and working properly.
  I installed SP4 and I couldnt get the Certificates to work properly. I keeps rejecting the certificate. All the Identity, Trust, and all configurations seem to be identical.
  I get a message
  Could not establish encrypted connection because your certificate was rejected by localhost Error Code: -12271
  Any ideas on what the problem could be.

  I am also wondering what the status of this problem is? It is preventing us from going to SP4.
  _Mike                                                                                                                                                                                                                                                                                           

• Windows Server AD Certificate Services SSL Problem with Firefox

  Hello all,
  I currently have problems with Active Directory Certificate Services issued SSL certificates and compatibility with Firefox (newest).
  Environment: PKI has been deployed in two tier architecture, root CA and Enterprise Issuing CA. Both Servers are Windows 2008 R2, Issuing is Enterprise edition, Root Standard edition. Problem exist with the Firefox and issued certificates, when trying to
  open protected page with this certificate I get:
  Message: Error code: sec_error_bad_signature
  Certificate looks like this:
  Version: V3
  Signature Algorithm: RSASSA-PSS
  Signature Has Algorithm: SHA1
  Root CA is trusted and installed on each machine keystore. Problem only affects Firefox, I suspect the problem is the FF keystore, because for Chrome and IE everything works.
  Maybe you have the same expierence with FF compatibility issues.
  Thanks in advance!
  J

  Hello,
  for Security please ask in
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home#forum=winserversecurity&filter=alltypes&sort=lastpostdesc&content=Search and for Firefox please use the forum from them.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

• Web Server 6.1 / App Server 7 passthrough

  Hi
  I having read a couple of posts regarding passthrough functionality between Web Server and App Server - we are still having problems that we hope someone can comment on.
  We are running Sun ONE Web Server 6.1 and Sun ONE Application Server 7 (update 2) on the same server with passthrough enabled from the virtual hosts on the web server to the App server. We are using the following obj.conf settings for all our VS web servers but find that when the app server responds with a redirection to index.jsp the Web server does not correctly interpret the context and gives 404 errors. Any advice anyone can proivide would be greatly appreciated.
  <Object name="passthrough">
  ObjectType fn="force-type" type="magnus-internal/passthrough"
  PathCheck fn="deny-existence" path="*/WEB-INF/*"
  Service type="magnus-internal/passthrough" fn="service-passthrough" servers="localhost
  :81"
  Error reason="Bad Gateway" fn="send-error" uri="$docroot/badgateway.html"
  </Object>
  <Object name="default">
  NameTrans fn="assign-name" from="(/*|index.jsp)" name="passthrough"
  AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  NameTrans fn="ntrans-j2ee" name="j2ee"
  NameTrans fn="pfx2dir" from="/mc-icons" dir="/apps/WebServer/ns-icons" name="es-internal"
  NameTrans fn="document-root" root="$docroot"
  PathCheck fn="unix-uri-clean"
  PathCheck fn="check-acl" acl="default"
  PathCheck fn="find-pathinfo"
  PathCheck fn="find-index" index-names="admin.jsp,index.html,home.html,index.jsp"
  PathCheck fn="set-cache-control" control="no-cache"
  ObjectType fn="type-by-extension"
  ObjectType fn="force-type" type="text/plain"
  Service method="(GET|HEAD)" type="magnus-internal/imagemap" fn="imagemap"
  Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
  Service method="(GET|HEAD)" type="*~magnus-internal/*" fn="send-file"
  Service method="TRACE" fn="service-trace"
  Error fn="error-j2ee"
  AddLog fn="flex-log" name="access"
  </Object>
  <Object name="j2ee">
  ObjectType fn="force-type" type="text/html,*/*"
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="cgi">
  ObjectType fn="force-type" type="magnus-internal/cgi"
  Service fn="send-cgi" user="$user" group="$group" dir="$dir" chroot="$chroot" nice="$nice"
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>
  <Object name="send-precompressed">
  PathCheck fn="find-compressed"
  </Object>
  <Object name="compress-on-demand">
  Output fn="insert-filter" filter="http-compression"
  </Object>
  thanks!!!

  I don't think I explained very well! What I am trying to say is that when the web server receives a response from the App Server (i.e a redirection to /index.jsp) the browser then trys to refer to to this file on the Web Server - where it does'nt exist. I don't know if this is any clearer!

• How can i check the office web app server(wac client) is calling custom WOPI host?

  I am getting an error when I testing my wopi host(which is the same as
  example) with Office Web app server "Sorry, there was a problem and we can't open this document.  If this happens again, try opening the document in Microsoft Word."
  1-how can find the log files of this error?
  2-how can i check the office web app server(wac client) is calling my WOPI host?
  I am not sure about cumunication between owa to wopi host. I actually dont know how to implement checkfile and getfile functions to wopi host for waiting for call back from owa client.
  Note:I am sure that office web app server is configured true. Because i test it with sharepoint 2013 and editing and viewing is working well.

  Hi,
  According to your post, my understanding is that
  CheckFileInfo is how the WOPI application gets information about the file and the permissions a user has on the file. It should have a URL that looks like this:
  HTTP://server/<...>/wopi*/files/<id>?access_token=<token>
  While CheckFileInfo provides information about a file, GetFile returns the file itself. It should have a URL that looks like this:
  HTTP://server/<...>/wopi*/files/<id>/contents?access_token=<token>
  There is a great article for your reference.
  http://blogs.msdn.com/b/officedevdocs/archive/2013/03/20/introducing-wopi.aspx
  You can also refer to the following article which is about building an Office Web Apps(OWA) WOPI Host.
  http://blogs.msdn.com/b/scicoria/archive/2013/07/22/building-an-office-web-apps-owa-wopi-host.aspx
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support

• PSWATCHSRV does not auto-restart causing app server domain instability

  Current environment:
  - Solaris 10
  - Oracle 10.2.0.4
  - PS HRCS 9.0
  - PTools 8.49.19
  - Weblogic 9.2
  - Tuxedo 9.1
  We have two PIA web sites that reside on the same PIA web domain. They each interact with a different app server domain residing on csapp81. One is assigned a jolt listening port of 9060 (CS90SBX) and the other uses 9030 (CS90UNT). Recently, after patching the PTools to 8.49.19, we discovered that occasionally the PSWATCHSRV in one of the app server domains will shut down and not restart. The domain continues to run without the WATCHSRV but then erratic behavior in the PIA is observed:
  - Users attempting to access worklists are logged off
  - Reports stop posting from PSNT and PSUNX
  - Users attempting to navigate to reports already posted are logged off with "An Error Has Occurred" message
  - Some users are unable to log in and see a message in red on the signon page: bea.jolt.ServiceException
  Re-booting the app server domain will solve the problem temporarily until the PSWATCHSRV shuts down again. We have noticed that in the app server that is not affected, the PSWATCHSRV restarts one second after shutting down whereas in the affected domain it never auto-restarts. We have tried re-building the web server and app server domains but this does not affect the problem. There appears to be no difference between the two domains. In fact a couple of weeks earlier SBX was working fine and UNT was affected. Now it's the exact opposite and we have another environment (CFG) showing the same behavior.
  The proof the problem exists:
  Verified the issue by the application server log file <APPSRV_0602_SBX.LOG>, which displays that PSWATCHSRV has been shutdown and never restarted:
  PSAPPSRV.11610 (3) [06/02/09 12:48:40 GetCertificate](3) Returning context. ID=PS, Lang=ENG, UStreamId=124840_11610.3, Token=PSFT_HR/2009-06-02-05.48.40.000003/PS/ENG AAAAmwECAwQAAQAAAAACvAAAAAAAAAAsAARTaGRyAgBOZQgAOAAuADEAMBTG0ddiK9wa09fTauVpwsrNvqJDmwAAAFsABVNkYXRhT3icPcZNDkAwFEXh02oM7YS8VAkL8DMSwdzILi3O6xu4J/lygcf5IuDQ+Tcb2DlLJjaWKn9mLm5WjkREtJFa7c1odjQkBlNU+Wv5APmFCio=
  PSWATCHSRV.11609 (0) [06/02/09 12:52:38] Shutting down
  PSAPPSRV.11612 (29) [06/02/09 12:55:45 [email protected] (NETSCAPE 7.0; WINXP) ICPanel](3) (PublishSubscribe): PublicationManager::Publish(): publication a18e2838-4f31-11de-9268-83dc49eeb5cf.USER_PROFILE published in 0.0900 seconds
  My question is: Has anyone else ever seen this behavior in an 8.49.19 environment? If so, how was it resolved?
  We are now conducting UAT and the occasional disruption of having to restart the app server just so people can login to the system is not making a good impression on the customer.
  We have an open SR ticket with Support but as yet they have not been able to help us...

  Looks like Tuxedo is not doing he's job. You should double check the Tuxedo version and rolling patch installed.
  And also the configuration of AppServer, section "PSWATCHSRV", if the interval is set to 0, then it is disabled.
  Moreover, from your output it is difficult to understand what's going wrong.
  Nicolas.

• Installing policy agent 2.1.1 for app server 7

  Hi,
  I've been trying to install the policy agent on app server7. I read that the policy agent had to be installed on a different instance of the app server than the one where the portal is running (portal runs on instance server1). How can you make sure of that?
  I'd like to use the agent to only control the access to a webapp that is deployed on server1 instance. I don't want it to interfere with the portal but at the moment it does.
  Now I can't use the webapp (access forbidden) and the portal ("Authentication Service is not initialized").
  all the components of JES but the gateway are installed on a single machine called crpbioweb.crp-sante.healthnet.lu
  here is the statefile of the installation
  [STATE_BEGIN Sun ONE Identity Server Policy Agent a15672cb9a086c93b865dd58c4e72641d908cc91]
  OS_NAME = SunOS
  PACKAGE_ZIP_FILE = am_as70_agent.zip
  PACKAGE_ID = SUNWamas
  PACKAGE_VERSION = 2.1
  COMPONENT_NAME = Sun ONE Identity Server Policy Agent for Sun ONE Application Server 7.0
  AGENT_TYPE = as70
  defaultInstallDirectory = /opt
  currentInstallDirectory = /opt/agent
  SERVER_HOST = crpbioweb.crp-sante.healthnet.lu
  SERVER_PORT = 58080
  SERVER_PROTO = http
  SERVER_DEPLOY_URI = /amserver
  CONSOLE_HOST = crpbioweb.crp-sante.healthnet.lu
  CONSOLE_PORT = 58080
  CONSOLE_PROTO = http
  CONSOLE_DEPLOY_URI = /amconsole
  ENCADMINPASSWD = password
  LDAPUSERPASSWD = amldapuser
  DIRECTORY_HOST = crpbioweb.crp-sante.healthnet.lu
  DIRECTORY_PORT = 389
  DIRECTORY_SSL_ENABLED = false
  ROOT_SUFFIX = dc=crp-sante,dc=healthnet,dc=lu
  ORG_BASE = dc=crp-sante,dc=healthnet,dc=lu
  CONFIG_LOAD_INTEREVAL = 10
  ENABLE_NEL_CACHE = false
  NEL_CACHE_SIZE = 1000
  NEL_CACHE_TIME = 60
  PREF_PROTOCOL = http
  PREF_PORT = 80
  PRIMARY_CTX_PATH = /mailtracker
  AGENT_HOST = crpbioweb.crp-sante.healthnet.lu
  FILTER_MODE = ALL
  ACCESS_DENIED_URI =
  LOGIN_ATTEMPT_LIMIT = 5
  JAVA_HOME = /usr/jdk/entsys-j2se
  JSSE_INSTALLED = true
  JCE_INSTALLED = true
  AS70_BIN_DIR = /opt/SUNWappserver7/bin
  AS70_ADMIN_USER = admin
  AS70_ADMIN_PASSWD = password
  AS70_ADMIN_PORT = 4848
  AS70_INSTANCE_CONFIG_DIR = /var/opt/SUNWappserver7/domains/domain1/server1/config
  [STATE_DONE Sun ONE Identity Server Policy Agent a15672cb9a086c93b865dd58c4e72641d908cc91]
  There are 2 things I'd like to know:
  How can I make sure the agent is installed on server2 instance and not on server1?
  How do you choose to install the agent on server2?
  If I correctly installed the agent on server2, then why does it block the webapp and the portal on server1?

  Before installing the agent I already manually created a second instance of the app server on port 81. the problem is that I don't know how to install the agent on server2 instance. the only parameter that has something to do with port or instance is the "PREF_PORT". but according to the doc http://docs.sun.com/source/816-6884-10/chapter2.html#wp20595
  it says that the Preferred protocol listening port is the preferred port number on which the application server provides its services.
  I'm not quite sure what this means. Do I have to enter the port of the instance where I want to install the agent or the port I want to protect with the agent?
  Another way to check if I installed it at the right place would be to check in the app server admin console. the installation created a new item in App server instance > server 1 > security > Realms. Do you know if this is the correct place to appear? or should it be in server2?
  thanks

• Weblogic app server wsdl web service call with SSL Validation error = 16

  Weblogic app server wsdl web service call with SSL Validation error = 16
  I need to make wsdl web service call in my weblogic app server. The web service is provided by a 3rd party vendor. I keep getting error
  Cannot complete the certificate chain: No trusted cert found
  Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure
  Validation error = 16
  From the SSL debug log, I can see 3 verisign hierarchy certs are correctly loaded (see 3 lines in the log message starting with “adding as trusted cert”). But somehow after first handshake, I got error “Cannot complete the certificate chain: No trusted cert found”.
  Here is how I load trustStore and keyStore in my java program:
       System.setProperty("javax.net.ssl.trustStore",”cacerts”);
       System.setProperty("javax.net.ssl.trustStorePassword", trustKeyPasswd);
       System.setProperty("javax.net.ssl.trustStoreType","JKS");
  System.setProperty("javax.net.ssl.keyStoreType","JKS");
  System.setProperty("javax.net.ssl.keyStore", keyStoreName);
       System.setProperty("javax.net.ssl.keyStorePassword",clientCertPwd);      System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump","true");
  Here is how I create cacerts using verisign hierarchy certs (in this order)
  1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignClass3G5PCA3Root.txt -alias "Verisign Class3 G5P CA3 Root"
  1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediatePrimary.txt -alias "Verisign C3 G5 Intermediate Primary"
  1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediateSecondary.txt -alias "Verisign C3 G5 Intermediate Secondary"
  Because my program is a weblogic app server, when I start the program, I have java command line options set as:
  -Dweblogic.security.SSL.trustedCAKeyStore=SSLTrust.jks
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  -Dweblogic.security.SSL.enforceConstraints=strong
  That SSLTrust.jks is the trust certificate from our web server which sits on a different box. In our config.xml file, we also refer to the SSLTrust.jks file when we bring up the weblogic app server.
  In addition, we have working logic to use some other wsdl web services from the same vendor on the same SOAP server. In the working web service call flows, we use clientgen to create client stub, and use SSLContext and WLSSLAdapter to load trustStore and keyStore, and then bind the SSLContext and WLSSLAdapter objects to the webSerive client object and make the webservie call. For the new wsdl file, I am told to use wsimport to create client stub. In the client code created, I don’t see any way that I can bind SSLContext and WLSSLAdapter objects to the client object, so I have to load certs by settting system pramaters. Here I attached the the wsdl file.
  I have read many articles. It seems as long as I can install the verisign certs correctly to web logic server, I should have fixed the problem. Now the questions are:
  1.     Do I create “cacerts” the correct order with right keeltool options?
  2.     Since command line option “-Dweblogic.security.SSL.trustedCAKeyStore” is used for web server jks certificate, will that cause any problem for me?
  3.     Is it possible to use wsimport to generate client stub that I can bind SSLContext and WLSSLAdapter objects to it?
  4.     Do I need to put the “cacerts” to some specific weblogic directory?
  ---------------------------------wsdl file
  <wsdl:definitions name="TokenServices" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
       <wsp:Policy wsu:Id="TokenServices_policy">
            <wsp:ExactlyOne>
                 <wsp:All>
                      <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                           <wsp:Policy>
                                <sp:TransportToken>
                                     <wsp:Policy>
                                          <sp:HttpsToken RequireClientCertificate="true"/>
                                     </wsp:Policy>
                                </sp:TransportToken>
                                <sp:AlgorithmSuite>
                                     <wsp:Policy>
                                          <sp:Basic256/>
                                     </wsp:Policy>
                                </sp:AlgorithmSuite>
                                <sp:Layout>
                                     <wsp:Policy>
                                          <sp:Strict/>
                                     </wsp:Policy>
                                </sp:Layout>
                           </wsp:Policy>
                      </sp:TransportBinding>
                      <wsaw:UsingAddressing/>
                 </wsp:All>
            </wsp:ExactlyOne>
       </wsp:Policy>
       <wsdl:types>
            <xsd:schema targetNamespace="http://tempuri.org/Imports">
                 <xsd:import schemaLocation="xsd0.xsd" namespace="http://tempuri.org/"/>
                 <xsd:import schemaLocation="xsd1.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
            </xsd:schema>
       </wsdl:types>
       <wsdl:message name="ITokenServices_GetUserToken_InputMessage">
            <wsdl:part name="parameters" element="tns:GetUserToken"/>
       </wsdl:message>
       <wsdl:message name="ITokenServices_GetUserToken_OutputMessage">
            <wsdl:part name="parameters" element="tns:GetUserTokenResponse"/>
       </wsdl:message>
       <wsdl:message name="ITokenServices_GetSSOUserToken_InputMessage">
            <wsdl:part name="parameters" element="tns:GetSSOUserToken"/>
       </wsdl:message>
       <wsdl:message name="ITokenServices_GetSSOUserToken_OutputMessage">
            <wsdl:part name="parameters" element="tns:GetSSOUserTokenResponse"/>
       </wsdl:message>
       <wsdl:portType name="ITokenServices">
            <wsdl:operation name="GetUserToken">
                 <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetUserToken" message="tns:ITokenServices_GetUserToken_InputMessage"/>
                 <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetUserTokenResponse" message="tns:ITokenServices_GetUserToken_OutputMessage"/>
            </wsdl:operation>
            <wsdl:operation name="GetSSOUserToken">
                 <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserToken" message="tns:ITokenServices_GetSSOUserToken_InputMessage"/>
                 <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserTokenResponse" message="tns:ITokenServices_GetSSOUserToken_OutputMessage"/>
            </wsdl:operation>
       </wsdl:portType>
       <wsdl:binding name="TokenServices" type="tns:ITokenServices">
            <wsp:PolicyReference URI="#TokenServices_policy"/>
            <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
            <wsdl:operation name="GetUserToken">
                 <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetUserToken" style="document"/>
                 <wsdl:input>
                      <soap12:body use="literal"/>
                 </wsdl:input>
                 <wsdl:output>
                      <soap12:body use="literal"/>
                 </wsdl:output>
            </wsdl:operation>
            <wsdl:operation name="GetSSOUserToken">
                 <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetSSOUserToken" style="document"/>
                 <wsdl:input>
                      <soap12:body use="literal"/>
                 </wsdl:input>
                 <wsdl:output>
                      <soap12:body use="literal"/>
                 </wsdl:output>
            </wsdl:operation>
       </wsdl:binding>
       <wsdl:service name="TokenServices">
            <wsdl:port name="TokenServices" binding="tns:TokenServices">
                 <soap12:address location="https://ws-eq.demo.i-deal.com/PhxEquity/TokenServices.svc"/>
                 <wsa10:EndpointReference>
                      <wsa10:Address>https://ws-eq.demo.xxx.com/PhxEquity/TokenServices.svc</wsa10:Address>
                 </wsa10:EndpointReference>
            </wsdl:port>
       </wsdl:service>
  </wsdl:definitions>
  ----------------------------------application log
  adding as trusted cert:
  Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x641be820ce020813f32d4d2d95d67e67
  Valid from Sun Feb 07 19:00:00 EST 2010 until Fri Feb 07 18:59:59 EST 2020
  adding as trusted cert:
  Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
  Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028
  adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
  Valid from Tue Nov 07 19:00:00 EST 2006 until Sun Nov 07 18:59:59 EST 2021
  <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
  <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
  <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28395435>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 SSL3/TLS MAC>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 received HANDSHAKE>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
  Not Valid Before:Tue Dec 18 19:00:00 EST 2012
  Not Valid After:Wed Jan 07 18:59:59 EST 2015
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
  Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Not Valid Before:Sun Feb 07 19:00:00 EST 2010
  Not Valid After:Fri Feb 07 18:59:59 EST 2020
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
  Not Valid Before:Tue Dec 18 19:00:00 EST 2012
  Not Valid After:Wed Jan 07 18:59:59 EST 2015
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
  Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Not Valid Before:Sun Feb 07 19:00:00 EST 2010
  Not Valid After:Fri Feb 07 18:59:59 EST 2020
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
  <Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure.>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
       at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
       at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
       at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
       at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
       at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
       at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
       at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
       at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
       at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
       at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
       at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
       at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
       at javax.xml.ws.Service.<init>(Service.java:56)
       at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
       at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
       at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
       at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
       at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
       at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 22803607>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 14640403>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 SSL3/TLS MAC>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 received HANDSHAKE>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
  Not Valid Before:Tue Dec 18 19:00:00 EST 2012
  Not Valid After:Wed Jan 07 18:59:59 EST 2015
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
  Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Not Valid Before:Sun Feb 07 19:00:00 EST 2010
  Not Valid After:Fri Feb 07 18:59:59 EST 2020
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
  Not Valid Before:Tue Dec 18 19:00:00 EST 2012
  Not Valid After:Wed Jan 07 18:59:59 EST 2015
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
  Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
  Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
  Not Valid Before:Sun Feb 07 19:00:00 EST 2010
  Not Valid After:Fri Feb 07 18:59:59 EST 2020
  Signature Algorithm:SHA1withRSA
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
  <Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - 12.29.210.156 was not trusted causing SSL handshake failure.>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
       at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
       at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
       at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
       at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
       at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
       at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
       at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
       at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
       at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
       at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
       at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
       at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
       at javax.xml.ws.Service.<init>(Service.java:56)
       at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
       at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
       at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
       at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
       at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
       at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  >
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
  <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 16189141>

  I received a workaround by an internal message.
  The how to guide is :
  -Download the wsdl file (with bindings, not the one from ESR)
  -Correct it in order that the schema corresponds to the answer (remove minOccurs or other things like this)
  -Deploy the wsdl file on you a server (java web project for exemple). you can deploy on your local
  -Create a new logicial destination that point to the wsdl file modified
  -Change the metadata destination in your web dynpro project for the corresponding model and keep the execution desitnation as before.
  Then the received data is check by the metadata logical destination but the data is retrieved from the correct server.

• EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

  Hello everyone,
  Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
  Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
  I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
  Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
  However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
  This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
  Here's what happens:
  1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
  2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
  3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
  4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
  5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
  Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
  http://discussions.apple.com/thread.jspa?messageID=5967023
  http://discussions.apple.com/message.jspa?messageID=5982070
  these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
  If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
  Thanks,
  Andrew

  Hard to tell what is happening without looking at the application
  source, knowing what OS & hardware you're using etc. You might want to
  try running with different JVM versions to see if it's actually the VM
  that is the problem. If you have a support contract with BEA you could
  ask support to help you diagnose this.
  Regards,
  /Helena
  Ayub Khan wrote:
  I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
  application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
  seems to happen on loading the machine..the performance progressively gets worse
  and after a couple of seconds, all the threads stop responding. I checked the
  heap, cpu and the idle threads in the execute queue and there is nothing there
  to trigger alarms...there are quite a few idle threads still and the heap and
  the cpu utilization seem OK. On doing a thread dump, Is see that all the other
  threads seem to be in a state where they are waiting for data from LDAP and it
  is basically read only data that they are waiting on.
  Does anyone know what it is going on and help point me in the right direction.
  -Ayub

• Ssl and web app server: there's content which is not secure

  Hello,
  We have  implemented ssl in our intranet site ( web front server, Web app server, sql server - everything ) .
  Yet, In Https (and I.E) and document library , when I press the "..." , I get an warning: "only secure content is displayed" and the file preview doesn't show anything. If I select "show all content", the file preview shows
  the file.
  If I press "View in browser", I get the same message. If I press "show all content" I see the file, otherwise the file doesn't show.
  Looking at the fiddler, it looks like some connections with the (sharepoint)  application server aren't secured.
  Sample unsecured http gets are:
  http://ApplicationServer.mysite.gr/wv/ResReader.ashx?n=p1.img&WOPIsrc=http%3A%2F%Intranet%2Fsites%2FDNY%2F_vti_bin%2Fwopi.ashx%2Ffiles%2F42da77c08cd94b67a1c413ae39a71c58&access_token=eyJ0eBIgBigToken
  http://ApplicationServer.mysite.com/wv/ResReader.ashx?n=p1.img&v=00000000-0000-0000-0000-000000000602&usid=5fae4f7f-d4d6-4a21-a465-2fe24ded9519&WOPIsrc=http%3A%2F%2FIntranetSite%2Fsites%2FDNY%2F_vti_bin%2Fwopi.ashx%2Ffiles%2F42da77c08cd94b67a1c413ae39a71c58&access_token=BIgBigToken
  - this one is an image of the file.
  Having these unsecure gets, I have problems accepting that the site is totally secured.
  is the (sharepoint) application server the source of the problem?
  Thank you
  Christos

  Hi,
  According to your post, my understanding is that you wanted to show all content after you implemented ssl in intranet site.
  Please make sure you configure SSL correctly. You can refer to:
  Configure SSL for SharePoint 2013
  IE does provide an option which can be configured to automatically display all content, both secure and non-secure content, on web pages that come with mixed content.
  You can display all mixed contents in IE to suppress and disable any warning message on secure and/or non-secure content.
  More information:
  How to Disable Only Secure Content is Displayed in IE (Always Show All Mixed Content)
  Stop the "page contains secure and nonsecure items" warning
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• Does anyone have SSL working with the Sun Java System App Server PE?

  We have been having problems (to say the least) getting SSL to work with the Sun Java Application Server 8.1 Platform Edition.
  We have a signed certificate from VeriSign and have it imported correctly, but when you test it by going to https://localhost:8182/ (note that 8182 is the port set up for SSL) you get a warning mesage saying that the certificate cannot be verified. When you view the certificate you see that it is the one that got automatically generated for you by the app server and not the one we purchased from VeriSign.
  So, I was just wondering if anyone out there has gotten this to work and if so, what document did you follow to tell yoiu how it was done!
  THANK YOU!

  once apon a time i had a real problem with the same issue.. best of luck.. i forget now how to fix.. sorry.

• Office Web Apps Server SSL Certificate

  Hi
  I am deploying Office Web App Server for Integration with Lync 2013. I opted for secure communication with SSL Certificate. I want this server available to internal and external users.
  I am little confused over CA for Issuance of SSL Certificate. On most of the forums, I found SSL Certificate to be issued by Internal CA. If so, will this also work for external users?
  If not, then plz guide me for Generating Certificate Request on Office Web App Server to be submitted to External CA for Issuance of Certificate.
  Regards.

  Hi,
  Thanks for your posting in this forum.
  I have moved this thread in Lync Server 2013-Management, Planning, and Deployment forum for more dedicated support.
  Thanks for your understanding.
  Best Regards,
  Wendy
  Wendy Li
  TechNet Community Support

• Office Web Apps Server 2013 - Word Web App - Problem with Tab space

  Hello We have Office Web Apps Server 2013 running with SharePoint 2013.  Users Editing a Word document with Office Web Apps, can't use "Tabs", any Word document with Tabs; the tabs are replaced with a single space.
  Has anyone noticed this?  Is this a bug?
  -thanks
  thomas
  -Tom

  Yes, currently the Word Web App does not support
  Tab Keyboard shortcut for editing document content .
  For more information, you can have a look at
  the article:
  http://office.microsoft.com/en-us/office-online-help/keyboard-shortcuts-in-word-online-HA010378332.aspx?CTT=5&origin=HA010380212
  http://social.technet.microsoft.com/Forums/en-US/3f5978d3-67a1-4c8c-981f-32493d72610b/office-web-apps-server-2013-word-web-app-problem-with-tab-space?forum=sharepointgeneral

• Problem with READ DATASET when reading file from app server

  Hi,
  wondering if anyone can help, I'm using the following code to read from a file on app server, the file is of type .rtf
  OPEN DATASET file_rtf FOR INPUT IN TEXT MODE
                               ENCODING DEFAULT
                               WITH SMART LINEFEED.
  DO.
  READ DATASET file_rtf INTO string.
  IF SY-SUBRC = 0.
  EXIT.
  ENDIF.
  ENDDO.
  the open dataset part works sy-subrc = 0, but the read returns sy-subrc = 8 and no data is passed to string.
  Any ideas as to what is causing this problem appreciated, <removed>
  Thanks
  Edited by: Thomas Zloch on Mar 17, 2010 3:57 PM - please don't offer p...

  Hi Adam,
  The source code in the below link has details about how to read/write to application server.
  [Application server file operartions|http://www.divulgesap.com/blog.php?p=NDk=]
  Please let us know if you have any issues.
  Regards,
  Ravi