ASA 9.1 + ACS 5.4 SSL Web Portal Bookmarks according to AD Group.

Hello.
Have some issues, with ssl vpn on ASA 5515-X.
I have ASA (9.1) connected to the ACS (5.4) and configured anyconnect mobile client and clientless ssl web portal. ACS also have connection to Active Directory.
So it's configured that AD users from group, for example, VPN_clients could connect via anyconnect client or without client via SSL web page. And it's working fine.
My goal is that to make different SSL portal bookmarks (in terms of ASA different Group Polices) according to AD user group.
For example: I have 3 groups in AD: VPN_admin, VPN_Finance, VPN_Logistic. I want that users from these group after authentication at SSL web portal would see only their own bookmarks available only for their group.
As i inderstand after authentication process ACS must answer to ASA which AD groups the user consist of and ASA must choose the right group policy for the user, but i have no experience how to make this?

Hello Ivan,
You are right, ACS can let the ASA know which group-policy should assign based on the RADIUS attribute 25.
Steps on ACS:
1- Defined AD groups:
2- Define the authorization profile under the Policy Elements tab:
3- Create the Authorization policy and access criteria:
Then, on the ASA:
1- Create a group-policy and name it it.
2- Through the ASDM, create and assign the bookmarks to this group-policy.
3- Once a user authenticates, the ACS sends the attribute 25, which contains the string "ou=it".
4- The ASA looks for the group-policy it and assigns it to the user's session.
Let me know if you have any questions.
HTH.
Please rate any helpful posts.

Similar Messages

Unable to access CIFS shares using SSL Web portal

Hello,
i have deployed Cisco Clientless Web VPN on my ASA5515.
I'm having an issue when I try to browse a file server (access CIFS shares) from the WEB VPN portal. I am prompted for login, and after logging in I get the "Error contacting host" immediately. it's seem like a bug on ASA ? i saw that on Cisco Web site : bug CSCsl94183
I already DONE those things :
1- reload the ASA
2- upgrade to the latest software release
3- test different web browser ( Firefox, IE, Chrome)
1- ASA Platform is 5515 running latest software release (9.1.4)
2- File server running Windows 2008 R2
3- Clients is using Firefox.
4- When I establish SSL VPN connection using Cisco AnyConnect I have no problems accessing files or folders on the same server.
NOTE : I have 2 other CIFS server running Window 2003 and there is no issue. the issue is happening ONLY with the server running Window 2008 R2

I've also seen this exact problem. We have several Windows 2008 R2 servers, one of our Domain controllers has been migrated to 2008 R2. I can access shares on the Windows 2008 R2 domain controller, but not a deicated (member) file share server.

ORA-29532 error when invoking SSL web services using UTL_DBWS

Web Service gurus,
The WSDL for web services is as follows -
<definitions name="Webservice" targetNamespace="http://webservice.airclic.com/">
−
<types>
−
<xs:schema targetNamespace="http://webservice.airclic.com/" version="1.0">
<xs:element name="Exception" type="tns:Exception"/>
<xs:element name="listenForEvents" type="tns:listenForEvents"/>
<xs:element name="listenForEventsResponse" type="tns:listenForEventsResponse"/>
<xs:element name="sendAuthenticationResponse" type="tns:sendAuthenticationResponse"/>
<xs:element name="sendAuthenticationResponseResponse" type="tns:sendAuthenticationResponseResponse"/>
<xs:element name="upsertTask" type="tns:upsertTask"/>
<xs:element name="upsertTaskResponse" type="tns:upsertTaskResponse"/>
−
<xs:complexType name="upsertTask">
−
<xs:sequence>
<xs:element minOccurs="0" name="task" type="tns:Task"/>
</xs:sequence>
</xs:complexType>
−
<xs:complexType name="Task">
−
<xs:complexContent>
−
<xs:extension base="tns:PlatformObject">
−
<xs:sequence>
<xs:element minOccurs="0" name="status" type="tns:status"/>
<xs:element minOccurs="0" name="assignee" type="xs:string"/>
<xs:element minOccurs="0" name="assigneeUserId" type="xs:string"/>
<xs:element minOccurs="0" name="name" type="xs:string"/>
<xs:element minOccurs="0" name="type" type="xs:string"/>
<xs:element minOccurs="0" name="creationTimestamp" type="xs:long"/>
<xs:element minOccurs="0" name="updateTimestamp" type="xs:long"/>
<xs:element minOccurs="0" name="startTimestamp" type="xs:long"/>
<xs:element minOccurs="0" name="endTimestamp" type="xs:long"/>
<xs:element minOccurs="0" name="source" type="tns:source"/>
<xs:element minOccurs="0" name="notes" type="xs:string"/>
<xs:element minOccurs="0" name="priority" type="xs:int"/>
<xs:element minOccurs="0" name="penalized" type="xs:boolean"/>
<xs:element minOccurs="0" name="hasSLA" type="xs:boolean"/>
<xs:element minOccurs="0" name="location" type="tns:Location"/>
<xs:element minOccurs="0" name="windowStartTimestamp" type="xs:long"/>
<xs:element minOccurs="0" name="windowEndTimestamp" type="xs:long"/>
<xs:element minOccurs="0" name="signee" type="xs:string"/>
<xs:element minOccurs="0" name="signature" type="xs:base64Binary"/>
<xs:element minOccurs="0" name="customerId" type="xs:string"/>
<xs:element minOccurs="0" name="travelTime" type="xs:int"/>
<xs:element minOccurs="0" name="expirationTimestamp" type="xs:long"/>
<xs:element minOccurs="0" name="parentId" type="xs:long"/>
<xs:element minOccurs="0" name="externalTimezone" type="xs:string"/>
<xs:element minOccurs="0" name="localTimeOffset" type="xs:long"/>
<xs:element minOccurs="0" name="consignee" type="xs:string"/>
<xs:element minOccurs="0" name="assignmentWindowStartTimestamp" type="xs:long"/>
<xs:element minOccurs="0" name="assignmentWindowEndTimestamp" type="xs:long"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
−
<xs:complexType name="PlatformObject">
−
<xs:sequence>
<xs:element name="id" type="xs:string"/>
<xs:element name="externalId" type="xs:string"/>
<xs:element name="revision" type="xs:long"/>
<xs:element name="platformDateCreated" type="xs:dateTime"/>
<xs:element name="platformDateUpdated" type="xs:dateTime"/>
<xs:element name="objectName" type="xs:string"/>
<xs:element maxOccurs="unbounded" name="extendedAttributes" type="tns:ExtendedAttribute"/>
</xs:sequence>
</xs:complexType>
−
<xs:complexType name="Location">
−
<xs:sequence>
<xs:element minOccurs="0" name="name" type="xs:string"/>
<xs:element minOccurs="0" name="description" type="xs:string"/>
<xs:element minOccurs="0" name="type" type="xs:string"/>
<xs:element minOccurs="0" name="address" type="tns:Address"/>
<xs:element minOccurs="0" name="position" type="tns:Position"/>
<xs:element minOccurs="0" name="geofenceId" type="xs:long"/>
<xs:element minOccurs="0" name="capcity" type="xs:int"/>
<xs:element minOccurs="0" name="contact" type="xs:string"/>
<xs:element minOccurs="0" name="email" type="xs:string"/>
</xs:sequence>
</xs:complexType>
−
<xs:complexType name="Address">
−
<xs:sequence>
<xs:element minOccurs="0" name="addressLine" type="xs:string"/>
<xs:element minOccurs="0" name="addressLine2" type="xs:string"/>
<xs:element minOccurs="0" name="city" type="xs:string"/>
<xs:element minOccurs="0" name="secondaryCity" type="xs:string"/>
<xs:element minOccurs="0" name="subdivision" type="xs:string"/>
<xs:element minOccurs="0" name="postalCode" type="xs:string"/>
<xs:element minOccurs="0" name="country" type="xs:string"/>
<xs:element minOccurs="0" name="phone" type="xs:string"/>
<xs:element minOccurs="0" name="freeform" type="xs:string"/>
</xs:sequence>
</xs:complexType>
−
<xs:complexType name="Position">
−
<xs:sequence>
<xs:element name="latitude" type="xs:double"/>
<xs:element name="longitude" type="xs:double"/>
</xs:sequence>
</xs:complexType>
−
<xs:complexType name="ExtendedAttribute">
−
<xs:sequence>
<xs:element name="name" type="xs:string"/>
<xs:element name="value" type="xs:anyType"/>
</xs:sequence>
</xs:complexType>
−
<xs:complexType name="upsertTaskResponse">
−
<xs:sequence>
<xs:element minOccurs="0" name="task" type="tns:Task"/>
</xs:sequence>
</xs:complexType>
−
<xs:complexType name="Exception">
−
<xs:sequence>
<xs:element minOccurs="0" name="message" type="xs:string"/>
</xs:sequence>
</xs:complexType>
−
<xs:complexType name="listenForEvents">
−
<xs:sequence>
<xs:element minOccurs="0" name="listenParams" type="tns:ListenParams"/>
</xs:sequence>
</xs:complexType>
−
<xs:complexType name="ListenParams">
−
<xs:sequence>
<xs:element name="queueName" type="xs:string"/>
<xs:element name="resendLast" type="xs:boolean"/>
</xs:sequence>
</xs:complexType>
−
<xs:complexType name="listenForEventsResponse">
−
<xs:sequence>
<xs:element maxOccurs="unbounded" minOccurs="0" name="events" type="tns:Event"/>
</xs:sequence>
</xs:complexType>
−
<xs:complexType name="Event">
−
<xs:sequence>
<xs:element name="id" type="xs:string"/>
</xs:sequence>
</xs:complexType>
−
<xs:complexType name="AuthenticationRequestEvent">
−
<xs:complexContent>
−
<xs:extension base="tns:RequestEvent">
−
<xs:sequence>
<xs:element name="username" type="xs:string"/>
<xs:element minOccurs="0" name="password" type="xs:string"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
−
<xs:complexType name="RequestEvent">
−
<xs:complexContent>
−
<xs:extension base="tns:Event">
−
<xs:sequence>
<xs:element name="correlationId" type="xs:string"/>
<xs:element name="response" type="tns:Response"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
−
<xs:complexType name="Response">
−
<xs:sequence>
<xs:element name="correlationId" type="xs:string"/>
</xs:sequence>
</xs:complexType>
−
<xs:complexType name="AuthenticationResponse">
−
<xs:complexContent>
−
<xs:extension base="tns:Response">
−
<xs:sequence>
<xs:element name="success" type="xs:boolean"/>
<xs:element name="username" type="xs:string"/>
<xs:element minOccurs="0" name="password" type="xs:string"/>
<xs:element minOccurs="0" name="firstName" type="xs:string"/>
<xs:element minOccurs="0" name="lastName" type="xs:string"/>
<xs:element minOccurs="0" name="email" type="xs:string"/>
<xs:element minOccurs="0" name="active" type="xs:boolean"/>
<xs:element minOccurs="0" name="timeZone" type="xs:string"/>
<xs:element minOccurs="0" name="group" type="xs:string"/>
<xs:element minOccurs="0" name="role" type="xs:string"/>
<xs:element minOccurs="0" name="errorCode" type="xs:string"/>
<xs:element minOccurs="0" name="errorMessage" type="xs:string"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
−
<xs:complexType name="DispatchEvent">
−
<xs:complexContent>
−
<xs:extension base="tns:Event">
−
<xs:sequence>
<xs:element name="type" type="tns:eventType"/>
<xs:element minOccurs="0" name="previousTask" type="tns:Task"/>
<xs:element name="changeTask" type="tns:Task"/>
<xs:element minOccurs="0" name="newTask" type="tns:Task"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
−
<xs:complexType name="sendAuthenticationResponse">
−
<xs:sequence>
<xs:element minOccurs="0" name="authenticationResponse" type="tns:AuthenticationResponse"/>
</xs:sequence>
</xs:complexType>
−
<xs:complexType name="sendAuthenticationResponseResponse">
<xs:sequence/>
</xs:complexType>
−
<xs:simpleType name="status">
−
<xs:restriction base="xs:string">
<xs:enumeration value="NULL"/>
<xs:enumeration value="UNASSIGNED"/>
<xs:enumeration value="ASSIGNED"/>
<xs:enumeration value="RECEIVED"/>
<xs:enumeration value="ACCEPTED"/>
<xs:enumeration value="REJECTED"/>
<xs:enumeration value="IN_PROGRESS"/>
<xs:enumeration value="POSTPONED"/>
<xs:enumeration value="COMPLETED"/>
<xs:enumeration value="CANCELED"/>
<xs:enumeration value="CLEARED"/>
<xs:enumeration value="EXPIRED"/>
</xs:restriction>
</xs:simpleType>
−
<xs:simpleType name="source">
−
<xs:restriction base="xs:string">
<xs:enumeration value="NULL"/>
<xs:enumeration value="DISPATCH"/>
<xs:enumeration value="SYSTEM"/>
<xs:enumeration value="ENDUSER"/>
</xs:restriction>
</xs:simpleType>
−
<xs:simpleType name="eventType">
−
<xs:restriction base="xs:string">
<xs:enumeration value="TaskCreated"/>
<xs:enumeration value="TaskUpdated"/>
<xs:enumeration value="TaskAssigned"/>
<xs:enumeration value="TaskDeleted"/>
<xs:enumeration value="TaskStatusChanged"/>
<xs:enumeration value="TaskConflicted"/>
</xs:restriction>
</xs:simpleType>
</xs:schema>
</types>
−
<message name="Webservice_listenForEvents">
<part element="tns:listenForEvents" name="listenForEvents"/>
</message>
−
<message name="Webservice_sendAuthenticationResponseResponse">
<part element="tns:sendAuthenticationResponseResponse" name="sendAuthenticationResponseResponse"/>
</message>
−
<message name="Webservice_sendAuthenticationResponse">
<part element="tns:sendAuthenticationResponse" name="sendAuthenticationResponse"/>
</message>
−
<message name="Webservice_upsertTaskResponse">
<part element="tns:upsertTaskResponse" name="upsertTaskResponse"/>
</message>
−
<message name="Exception">
<part element="tns:Exception" name="Exception"/>
</message>
−
<message name="Webservice_upsertTask">
<part element="tns:upsertTask" name="upsertTask"/>
</message>
−
<message name="Webservice_listenForEventsResponse">
<part element="tns:listenForEventsResponse" name="listenForEventsResponse"/>
</message>
−
<portType name="Webservice">
−
<operation name="listenForEvents" parameterOrder="listenForEvents">
<input message="tns:Webservice_listenForEvents"/>
<output message="tns:Webservice_listenForEventsResponse"/>
<fault message="tns:Exception" name="Exception"/>
</operation>
−
<operation name="sendAuthenticationResponse" parameterOrder="sendAuthenticationResponse">
<input message="tns:Webservice_sendAuthenticationResponse"/>
<output message="tns:Webservice_sendAuthenticationResponseResponse"/>
<fault message="tns:Exception" name="Exception"/>
</operation>
−
<operation name="upsertTask" parameterOrder="upsertTask">
<input message="tns:Webservice_upsertTask"/>
<output message="tns:Webservice_upsertTaskResponse"/>
<fault message="tns:Exception" name="Exception"/>
</operation>
</portType>
−
<binding name="WebserviceBinding" type="tns:Webservice">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
−
<operation name="listenForEvents">
<soap:operation soapAction=""/>
−
<input>
<soap:body use="literal"/>
</input>
−
<output>
<soap:body use="literal"/>
</output>
−
<fault name="Exception">
<soap:fault name="Exception" use="literal"/>
</fault>
</operation>
−
<operation name="sendAuthenticationResponse">
<soap:operation soapAction=""/>
−
<input>
<soap:body use="literal"/>
</input>
−
<output>
<soap:body use="literal"/>
</output>
−
<fault name="Exception">
<soap:fault name="Exception" use="literal"/>
</fault>
</operation>
−
<operation name="upsertTask">
<soap:operation soapAction=""/>
−
<input>
<soap:body use="literal"/>
</input>
−
<output>
<soap:body use="literal"/>
</output>
−
<fault name="Exception">
<soap:fault name="Exception" use="literal"/>
</fault>
</operation>
</binding>
−
<service name="Webservice">
−
<port binding="tns:WebserviceBinding" name="WebservicePort">
<soap:address location="https://webservice.mp.b.airclic.com:443/webservice/product/fieldservice/v1/Webservice"/>
</port>
</service>
</definitions>
Following is the pl/sql code using UTL_DBWS
DECLARE
l_service UTL_DBWS.service;
l_call UTL_DBWS.call;
l_wsdl_url VARCHAR2(32767);
l_namespace VARCHAR2(32767);
l_service_qname UTL_DBWS.qname;
l_port_qname UTL_DBWS.qname;
l_operation_qname UTL_DBWS.qname;
l_input_params UTL_DBWS.anydata_list;
soap_request xmltype;
l_result xmltype;
result_output VARCHAR2(32767);
BEGIN
l_wsdl_url := 'https://webservice.mp.b.airclic.com/webservice/product/fieldservice/v1/Webservice?WSDL';
l_namespace := 'http://webservice.airclic.com/';
dbms_output.put_line ('1');
l_service_qname := UTL_DBWS.to_qname(l_namespace, 'Webservice');
dbms_output.put_line ('2');
l_port_qname := UTL_DBWS.to_qname(l_namespace, 'WebservicePort');
dbms_output.put_line ('3');
l_operation_qname := UTL_DBWS.to_qname(l_namespace, 'sendAuthenticationResponse');
dbms_output.put_line ('4');
l_service := UTL_DBWS.create_service (
wsdl_document_location => URIFACTORY.getURI(l_wsdl_url),
service_name => l_service_qname);
dbms_output.put_line ('5');
l_call := UTL_DBWS.create_call (
service_handle => l_service,
port_name => l_port_qname,
operation_name => l_operation_qname);
dbms_output.put_line ('6');
UTL_DBWS.SET_PROPERTY(l_call,'USERNAME',<username to access wsdl>);
dbms_output.put_line ('7');
UTL_DBWS.SET_PROPERTY(l_call,'PASSWORD',<password>);
dbms_output.put_line ('8');
utl_dbws.set_property(l_call,'OPERATION_STYLE', 'document');
dbms_output.put_line ('9');
soap_request := xmltype.createxml('<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<ns2:sendAuthenticationResponse xmlns:ns2="http://webservice.airclic.com/">
<authenticationResponse>
<correlationId>4646735802698040711:[email protected]</correlationId>
<success>true</success>
<username>changlanih</username>
<password>abcd1234</password>
<firstName>hero</firstName>
<lastName>changlani</lastName>
<email>[email protected]</email>
<active>true</active>
<timeZone>eastern</timeZone>
<group>Northeast</group>
<role>Service Manager</role>
</authenticationResponse>
</ns2:sendAuthenticationResponse>
</S:Body>
</S:Envelope>');
l_result := UTL_DBWS.invoke ( l_call,soap_request);
UTL_DBWS.release_call (call_handle => l_call);
UTL_DBWS.release_service (service_handle => l_service);
result_output := l_result.getstringval;
dbms_output.put_line('web svc output ===> ' || result_output);
END;
Following is the error from pl/sql code
1
2
3
4
DECLARE
ERROR at line 1:
ORA-29532: Java call terminated by uncaught Java exception: java.lang.IllegalAccessException: error.build.wsdl.model: oracle.j2ee.ws.common.tools.api.WsdlValidationException:
Failed to read WSDL from https://webservice.mp.b.airclic.com/webservice/product/fieldservice/v1/Webservice?WSDL:
HTTP connection error code is 401
ORA-06512: at "SYS.UTL_DBWS", line 193
ORA-06512: at "SYS.UTL_DBWS", line 190
ORA-06512: at line 20
Notes
The program fails at following line of code -
l_service := UTL_DBWS.create_service (
wsdl_document_location => URIFACTORY.getURI(l_wsdl_url),
service_name => l_service_qname);
Web services are SSL.
The WSDL is at https location and needs username/password for access. The username/password to access WSDL are set using UTL_DBWS.SET_PROPERTY
To access the SSL site, I have imported the CA in Oracle Wallet, JVM home and JDK home.
Can anyone tell me what am I doing wrong here. I am not able to even establish connection to web service host.
This is very frustrating - Oracle has no examples on how to access a SSL Web Service (that needs authentication) from Database.
This is effecting our project deadlines ......... any help would be greatly appreciated.
Thanks.

Hi,
I presume your Web Service needs HTTP (BASIC?) Authentication.
All this needs is setting the following 2 properties, which as can be seen, you are setting....
UTL_DBWS.set_property(l_call, 'USERNAME', '<username>');
UTL_DBWS.set_property(l_call, 'PASSWORD', '<pwd>');
This should work as long as your DBWS Callout Utility was downloaded from OTN after June 2008, and it's version is atleast 10.1.3.1.
Following is a sample code snippet that was tested successfully for this :
Declare
l_service UTL_DBWS.service;
l_call UTL_DBWS.call;
l_result sys.XMLTYPE;
l_request sys.XMLTYPE;
BEGIN
l_service := UTL_DBWS.create_service(null);
l_call := UTL_DBWS.create_call(l_service);
UTL_DBWS.set_target_endpoint_address(l_call, 'http://xxx.oracle.com:8888/basic/MyWebService1SoapHttpPort');
UTL_DBWS.set_property(l_call, 'USERNAME', 'username');
UTL_DBWS.set_property(l_call, 'PASSWORD', 'pwd');
UTL_DBWS.set_property(l_call, 'OPERATION_STYLE', 'document');
UTL_DBWS.set_property(l_call, 'SOAPACTION_USE', 'true');
UTL_DBWS.set_property(l_call, 'SOAPACTION_URI', 'http://xxx.oracle.com:8888/basic/MyWebService1SoapHttpPort');
l_request := XMLTYPE('<Z_CENTRICITY_GET_DOCLIST
xmlns:urn="urn:sap-com:document:sap:rfc:functions">' ||
'<I_INCLUDE_OLD_VERSIONS></I_INCLUDE_OLD_VERSIONS>' ||
'<I_INSTITUTION>0001</I_INSTITUTION>' ||
'<I_PATIENT_NR>0000000181</I_PATIENT_NR>' ||
'</Z_CENTRICITY_GET_DOCLIST>');
l_result := UTL_DBWS.invoke(l_call, l_request);
UTL_DBWS.release_call (call_handle => l_call);
UTL_DBWS.release_service (service_handle => l_service);
EXCEPTION
WHEN OTHERS THEN
dbms_output.put_line(sqlcode || ' ' || sqlerrm);
END;
Hope this helps,
Yogesh

Single SSL Web Listener for hosting multiple web sites

Hi All,
We are currently hosting multiple websites with Single HTTP Web Listener .. As of now it's everything is working fine..
Now we have planned to have SSL for the hosted sites
Each hosting site will have different SSL Certificates and i am little confused to use Single SSL Web Listener to host multiple web Sites...
Can any one guide me to use Singel SSL Listener for using all hosted sites..
We are having TMG on DMZ Network on Single Nic..
KJSUBBU

Hi,
it is no problem to host multiple SSL websites with only one IP address / certificate on the TMG Server. Only the authentication options for the published websites must be unique, because you cannot use multiple authentication options in one Listener
TMG Server uses HTTPS to HTTPS bridging, so you can use Host header and more to distinguish between the different internal websites:
http://technet.microsoft.com/en-us/library/cc995178.aspx
Regarding the SSL certificate on the internal webservers. TMG must trust the issuing certificate authority which issued certificates for these websites and the name you used to connect from the TMG Server to the internal webserver must part of the CN (Common
Name) or SAN (Subject Alternate Name) on the certificates of the webservers
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3276?GPP=MarcGrote

Powershell script for creating SSL web application

Hello,
I am trying to create SSL web application in Sharepoint 2010 using power shell and I am using the below script.
$WebApp = New-SPWebApplication -ErrorAction SilentlyContinue -Name $WebApplicationName -url $WebApplicationUrl -port $WebApplicationPort
-ApplicationPool $AppPool.Name -ApplicationPoolAccount $AppPoolManagedAccount.Username -AuthenticationProvider $AuthProvider -DatabaseName
$ContentDatabaseName
-SecureSocketsLayer
The web application gets created and when I try to create a site collection and access it, the page is inaccessible.
So I tried to bind the url to a new certificate from inetmgr and site collection still doesnt show up.
I tried manually through central admin and everything worked well including the binding to SSL.
Is there anything wrong with script, if yes what more do I need to add into this?
Thanks.

The issue is solved, the problem was that the parameter -URL shouldn't be any random url but it should be
https://yourservername/ and then configure the binding to a self-signed certificate.
So John I think the command rather should be
New-SPWebApplication -Name "Contoso Internet Site" -URL "https://yourservername" -Port 80 -ApplicationPool "ContosoAppPool"
than
New-SPWebApplication -Name "Contoso Internet Site" -URL "https://www.contoso.com" -Port 80 -ApplicationPool "ContosoAppPool"

SSL web auth equals encyrption?

If you use a self signed cert/SSL web auth page that uses LDAP usernames and passwords is the traffic there on considered encrypted or is it only my user name and password that gets encrypted ?

If there is no layer 2 encryption going on, then only the authentication piece is encrypted by SSL. After the user is authenticated, there's no more encrypted communication with the AP/controller. You'd need layer 2 encryption (AES, TKIP, WEP), VPN, or possibly some sort of SSL proxy for additional encryption.

2-Way SSL Web Service AssertionError

I am using weblogic 9.1 and 2-way ssl-based web services. The issue is that when a stand-alone client accesses the web services, via the BEA recommended way, a host of errors occurs. Initially I had the webserviceclient+ssl.jar on the client classpath in addition to the weblogic.jar which were both in my development lib directory, and worked from there. Here is the progression of errors:
1. ClassDefNotFound exception: weblogic.xml.schema.binding.util.ClassUtil$ClassUtilException
Resolution = added webservice.jar to classpath
2. ClassDefNotFound exception: com.bea.xml.XmlException
Resolution = added xbean.jar to classpath
3. java.lang.AssertionError: java.io.IOException
This was a difficult one to figure out. I tried running the test client from both my IDE and command-line, and I narrowed it down to a really weird issue. The only way I was able to get it to work was to include the absolute reference to the weblogic.jar in the classpath of the client. i.e. BEA_HOME/weblogic91/server/lib/weblogic.jar. If I had a relative reference to weblogic.jar, i.e. ../lib/weblogic.jar, the above assertion error was thrown.
Can anyone shed some light on this? I need to have a stand-alone client run a 2-way ssl web service and this client should not be expected to have a full blown weblogic 9.1 install.
Cheers.

WLS 9 does not have a separate client jar. So sorry, in the near future we might have to stick to the requirement of using the weblogic.jar.
Just FYI, I have submitted a two-way ssl sample in dev2dev.
https://codesamples.projects.dev2dev.bea.com/servlets/Scarab?id=S3
thanks
Jong

ASA WebVPN. How do you restrict access to users in an AD group using LDAP?

Hi All,
I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership. This has been very difficult, even though I beleive it should be easy.
The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
There are two other portals that I would like to restrict access to based on AD group membership. I have set these up to be selected by URL.
The biggest problem is, I have no way of knowing how to go about this. The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
I can only do an all or nothing scenario.
It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use. So how do I go about using them in this scenario? Turning off the aliases or URLs is not really an option right now.
Scenario 1 would work the best for me. Restrict access to profiles/groups based on AD group membership using LDAP.
Scenario 2 would be an ideal longer term solution.
Any thoughts, ideas or assitance would be greatly appreciated.
Cheers

This is exactly what i was looking for, and Nelson is correct. When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression. The guide (ther is a button to access this) is really helpful, with a couple of examples. This is what i used:
assert(function()
   if ( (type(aaa.ldap.distinguishedName) == "string") and
        (string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
then
       return true
   end
   return false
end)()
from the debug dap you can see what Users relates to;
DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
My admin account fails to get me in to the same profile:
DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
Thanks
Andrew

Enterprise Application and Web Portal Projects

I know its possible to have one enterprise application that contains 2 web portal projects. The part Im unsure about is if it is possible to update one web project without having to bring down the other project. Supposedly through console you can do this however I have been unable to get this to successfully work. Is this a known error?

Hi Anikumar!
Yes it is true! The webDynpro make it automaticaly.
I'm not clear with J2EE web application. I don't know how i should get the login parameter for my RFC calls.
I have try:
DestinationService dstserv =(DestinationService) ctx.lookup(DestinationService.JNDI_KEY);
RFCDestination dest =(RFCDestination) dstserv.getDestination("RFC", "test");
Properties destprop = dest.getDestinationProperties();
String user1="MYSAPSSO2";
String passwd1=pass;// pass is encrypted ticket;
destprop.setProperty("jco.client.user",user1);
destprop.setProperty("jco.client.passwd",passwd1);
JCO.Client cl = JCO.createClient(destprop);
cl.connect();
cl.ping();
cl.disconnect();
I also try
IWDJCOClientConnection ca = WDSystemLandscape.getJCOClientConnection("ModelData");
In the contentadministrator Modeldata Destination set to Ticket authentification and it works fine when i test it in webdynpro contentadministrator, but when i try to get the JCOConnection i get a SystemLandscapeException:Error while obtaining JCO connection.
I debugged it and i get a WDRuntimeException--->Nullpointerexception. It seems that the jco destination is not initialized at this time.
Maybe i understand something wrong.
Regards!

How to set up guest wifi network on 1200 series APs with disclaimer web portal?

I've been thinking about this one for awhile. I want to set up a guest wifi network without any security (AES / TKIP) that allows guests to connect. Ideally, their web browser would be redirected to a web portal containing legal disclaimers, and they would need to accept the terms and conditions to use the guest wifi. I would also like to have them be required to visit the web portal again every 8 hours after that to accept the terms and conditions again.
I have a Cisco 1240AG access point already. What else do I need to make this work?

I don't believe you can do this just with an AP running in autonomous mode you would need to have a WLC to configure the splash page.
Have a look here:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0/configuration/guide/c70/c70users.html#wp1049273
Alternatively you can use software running on a PC/Server. Something like http://www.antamedia.com/hotspot/
Hope that helps!
Matty

BSP Exception: Access to URL /irj/servlet/prt/portal/prtroot/com.sap.ip.bi.web.portal.integration.launcher;jsessionid= not allowed

Dear all,
I've created out BI system in our new Portal installation and tested the connection. Everything works fine. I added the certificate of the portal to STRUSTSSO2 in BI ABAP and assigned SAP_ALL and SAP_NEW to my Account.in BI. If I open the iView from the portal I get a BSP Exception with the message:
The used connection by the iView is to the ABAP-Stack of the BI-system not to the JAVA-Stack. Is that correct?
BSP Exception: Der Zugriff auf die URL /irj/servlet/prt/portal/prtroot/com.sap.ip.bi.web.portal.integration.launcher;jsessionid=IDBYatWIpt_pX4uc52ChoZqMWkm1RAFW2qsA_SAP ist untersagt.
What can be the problem/reason?
Thanks!

Hi Gerrit
In both places you have to provide a authorization access to the end users then only it will work. because your are already said that in SAP_All & SAP_New working fine
Back end BI system access as per the word document as pasted the link
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=7&cad=rja&uact=8&ved=0CFIQFjAG&url=http%3A%2F%2Fbasisdsp.f…
For SAP portal you have to create iview's assign the same to end user
Assigning an Authentication Scheme to an iView - User Authentication and Single Sign-On - SAP Library
Portal Authentication Infrastructure - Configuring the Portal for Initial Use - SAP Library
BR
SS

Why is the Profile Manager web portal inaccessible after update to 3.2.1 ?

We run the Profile Manager in OS X as an MDM. We also use the Device Enrollment Program.
After updating to 3.2.1, the web portal for Profile Manager became inaccessible, and DEP checkbox in Profile Manager became unchecked.
I've attempted to re-enroll in the DEP, but it always rejects the Token I give.
I don't know if the two problems are related or not.
Does anyone have a solution?
This is the log from the Profile Manager Service Log when I attempt to log in to the Profile Manager portal.
[641] [2014/09/18 12:54:16.249] I: Processing MagicController#admin_will_load (for 10.31.101.183 at 2014-09-18 12:54:16) [POST]
[641] [2014/09/18 12:54:16.250] I: auth_token doesn't exist
[641] [2014/09/18 12:54:16.251] I: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
[641] [2014/09/18 12:54:16.251] I: Completed in 2ms (View: 0, DB: 1) | 403 Forbidden [http://appleserver0001.ccps.us/magic/admin_will_load]
[633] [2014/09/18 12:54:20.392] I: Processing MagicController#do_magic (for 10.31.101.183 at 2014-09-18 12:54:20) [POST]
[633] [2014/09/18 12:54:20.393] I: auth_token doesn't exist
[633] [2014/09/18 12:54:20.394] I: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
[633] [2014/09/18 12:54:20.394] I: Completed in 2ms (View: 0, DB: 1) | 403 Forbidden [http://appleserver0001.ccps.us/magic/do_magic]
[636] [2014/09/18 12:54:35.028] I: Processing AuthenticationController#callback (for 10.31.101.183 at 2014-09-18 12:54:35) [GET]
[636] [2014/09/18 12:54:35.359] F: ActiveRecord::StatementInvalid (PG::Error: ERROR: relation "view_all_user_groups_users_flat" does not exist
    LINE 2:         FROM   view_all_user_groups_users_flat AS j
                           ^
    :         SELECT COUNT(j.*)
            FROM   view_all_user_groups_users_flat AS j
            WHERE j.user_id       = 27
              AND j.user_group_id = 3
            LIMIT 1
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/connection_adapter s/abstract_adapter.rb:227:in `rescue in log'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/connection_adapter s/abstract_adapter.rb:204:in `log'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/connection_adapter s/postgresql_adapter.rb:520:in `execute'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/connection_adapter s/postgresql_adapter.rb:1002:in `select_raw'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/connection_adapter s/postgresql_adapter.rb:989:in `select'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/connection_adapter s/abstract/database_statements.rb:7:in `select_all'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/connection_adapter s/abstract/query_cache.rb:60:in `block in select_all_with_query_cache'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/connection_adapter s/abstract/query_cache.rb:81:in `cache_sql'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/connection_adapter s/abstract/query_cache.rb:60:in `select_all_with_query_cache'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/connection_adapter s/abstract/database_statements.rb:13:in `select_one'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/connection_adapter s/abstract/database_statements.rb:19:in `select_value'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/base.rb:920:in `count_by_sql'
      app/models/user_group.rb:371:in `user_is_member_of_group'
      app/models/user.rb:293:in `user_is_admin?'
      app/controllers/application_controller.rb:258:in `verify_admin_logged_in'
      vendor/ruby/1.9.1/gems/activesupport-2.3.18/lib/active_support/callbacks.rb:178 :in `evaluate_method'
      vendor/ruby/1.9.1/gems/activesupport-2.3.18/lib/active_support/callbacks.rb:166 :in `call'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/filters.rb:225:i n `call'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/filters.rb:629:i n `run_before_filters'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/filters.rb:615:i n `call_filters'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/filters.rb:610:i n `perform_action_with_filters'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/benchmarking.rb: 68:in `block in perform_action_with_benchmark'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/benchmarking.rb: 68:in `perform_action_with_benchmark'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/rescue.rb:160:in `perform_action_with_rescue'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/flash.rb:151:in `perform_action_with_flash'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/base.rb:532:in `process'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/filters.rb:606:i n `process_with_filters'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/base.rb:391:in `process'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/base.rb:386:in `call'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/routing/route_se t.rb:438:in `call'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/dispatcher.rb:87 :in `dispatch'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/dispatcher.rb:12 1:in `_call'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/dispatcher.rb:13 0:in `block in build_middleware_stack'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/string_coercion. rb:25:in `call'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/string_coercion. rb:25:in `call'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/params_parser.rb :15:in `call'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/session/abstract _store.rb:177:in `call'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/query_cache.rb:29: in `block in call'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/connection_adapter s/abstract/query_cache.rb:34:in `cache'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/query_cache.rb:9:i n `cache'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/query_cache.rb:28: in `call'
      vendor/ruby/1.9.1/gems/activerecord-2.3.18/lib/active_record/connection_adapter s/abstract/connection_pool.rb:361:in `call'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/failsafe.rb:26:i n `call'
      <internal:prelude>:10:in `synchronize'
      vendor/ruby/1.9.1/gems/actionpack-2.3.18/lib/action_controller/dispatcher.rb:10 6:in `call'
      vendor/ruby/1.9.1/gems/rails-2.3.18/lib/rails/rack/static.rb:31:in `call'
      vendor/ruby/1.9.1/gems/rails-2.3.18/lib/rails/rack/log_tailer.rb:17:in `call'
      vendor/ruby/1.9.1/gems/thin-1.5.1/lib/thin/connection.rb:81:in `block in pre_process'
      vendor/ruby/1.9.1/gems/thin-1.5.1/lib/thin/connection.rb:79:in `catch'
      vendor/ruby/1.9.1/gems/thin-1.5.1/lib/thin/connection.rb:79:in `pre_process'
      vendor/ruby/1.9.1/gems/thin-1.5.1/lib/thin/connection.rb:54:in `process'
      vendor/ruby/1.9.1/gems/thin-1.5.1/lib/thin/connection.rb:39:in `receive_data'
      vendor/ruby/1.9.1/gems/eventmachine-1.0.3/lib/eventmachine.rb:187:in `run_machine'
      vendor/ruby/1.9.1/gems/eventmachine-1.0.3/lib/eventmachine.rb:187:in `run'
      vendor/ruby/1.9.1/gems/thin-1.5.1/lib/thin/backends/base.rb:63:in `start'
      vendor/ruby/1.9.1/gems/thin-1.5.1/lib/thin/server.rb:159:in `start'
      vendor/ruby/1.9.1/gems/thin-1.5.1/lib/thin/controllers/controller.rb:86:in `start'
      vendor/ruby/1.9.1/gems/thin-1.5.1/lib/thin/runner.rb:187:in `run_command'
      vendor/ruby/1.9.1/gems/thin-1.5.1/lib/thin/runner.rb:152:in `run!'
      thin:11:in `<main>'
[636] [2014/09/18 12:54:35.360] I: Rendering /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/public /500.html (500 Internal Server Error)

There are several of us having issues. A couple of threads so far:
Server 3.2.1 update fail
After Server 3.2.1 Upgrade profile manager stopped working
You can read my reply in the first one, but you should add your voice and call Apple Support about this. They need to understand this is an issue and will probably capture some data so that they are able to (hopefully) release or post a fix.

How to deploy a single class to the web portal?

EDIT: I've been able to create the deployment file. I found an older copy of NWDS and the old project folders are working perfectly again. I'll cross that bridge with the new version another time.
Firstly, sorry if this post is in the wrong section ... I looked around and couldn't find a section that I thought fitted.
A while back my company created a simple login module to similate a single sign on for our network. The module worked perfectly for a few months, then about a months ago it started rejecting logins for no apparent reason. I've asked all involved with the system and everyone claims that they haven't touched anything and that the problem must be within the Java class.
Due to recent workstation upgrades, I now have the latest version of NetWeaver Development Studio installed (SDN_Preview_SR_5_IDECE71). This new version does not like the old project that was created for this task, and I am struggling to create a new project which will do what I need.
Can someone point me to up-to-date documentation that explains how I can create a project which contains only a single java class that is to be deployed to a web portal? The class that is created extends the SAP class; com.sap.engine.interfaces.security.auth.AbstractLoginModule.
Please note that I have already look at some of the online documentation, for example: http://help.sap.com/saphelp_nw70ehp1/helpdata/en/e1/8e51341a06084de10000009b38f83b/frameset.htm
And that was of no help as it seems the documentation is no longer up-to-date with the current version ... or am I looking at the wrong documentation?
Another possibility is to install the older NetWeaver Development Studio, the problem here is I do not know where I can download a copy for Windows? I can only find the latest version for Windows online.
Thanks in advance for any and all assistance,
Edited by: Markus Schönenberger on Sep 30, 2010 3:07 PM

Hi Andreas,
You need to do the following:
- Upload the text file as a local configuration file in the "Local Content":
http://wikis.sun.com/display/OC2dot5/Uploading+a+Local+Configuration+File
- Create an OS Update Profile for the configuration file:
http://wikis.sun.com/display/OC2dot5/Creating+an+OS+Update+Profile
- Create a job and select the profile you have created as well as the servers you want to deploy the text file on:
http://wikis.sun.com/display/OC2dot5/Updating+From+a+Solaris+OS+Profile
Regards,
[email protected]

Confirmation creation error in web portal using BRF

Hi SRM Gurus,
We are new to SRM 7.0. Currently we are trying to create a confirmation step through BRF to get approval for confirmation of goods received. We are using a copy of the FM: /SAPSRM/WF_BRF_0EXP000 with the following parameters:
   0C_C1_C_FWFCORLCNTNT   > Class: /SAPSRM/CL_WF_RULE_CONTXT_CONF
   0C_C2_C_GET_PROPERTY    > Method - Get Atrribute Value
   0C_C3_C_SPECIFICAT             > Specification (for example, confirmation/return delivery/cancellation)
The standard workflow number is WS 40000015.
When we are using the Result Type as Boolean, we are getting a pop-up error message "Schema not found" in the web portal.
When the Result Type is changed to C (Length 30), we are getting a pop-up error message "No process levels defined in process scheme CF" error in the web portal.
Kindly provide us your valuable suggestions..
Thanks in Advance.
Cheers,
Ashok.

Hi,
Is your schema evaluation(Event) linked to a expression(Schema definition) determine dynamically? if so check your FM expression when EV_VALUE return correct value.. make sure you clear the ev_data_missing..

Problem in running a ABAP OLE Excel program in Web Portal

Hi,
Do anyone know how to solve the following problem ?
I have write a ABAP program in R/3 to use OLE to create a Excel file.
The program can run successful in front end workstation through SAPGUI.
However, when I run this ABAP program through the Web Portal by "Workset"
After I input the selection criteria and execute the program:
The statement "CREATE OBJECT EXCEL 'EXCEL.APPLICATION'" return with error "SY-SUBRC = 2".
How can I solve it ?
Can OLE Excel Abap Program can run on Web Portal through the "Workset" ?
Thanks so much,
Mark

Hi
check this might help
Re: Displaying Error while uploading Excel Sheets
jo

ASA 9.1 + ACS 5.4 SSL Web Portal Bookmarks according to AD Group.

Similar Messages

Maybe you are looking for