Authentication with Web Accees managment through Headervariable

Hi All
We have configured External WEb Access Management Product (reverse proxy, passthrough) for authentication to access our BI Java 7.0 Application using Header variable.We have configured authschemes.xml and UME Properties
When we are trying to access our BI Java 7.0 Application then get the below Error
" Cannot logon user defined in header variable"
Please help me on this if anyone have faced these type of issue
Waiting for your fast immediate response on this
Thanks with Regards
Deelip Kumar

Hi Patrick
I have doubt on onething, in visual Administrator the below Login module stacks are available,
SAP-J2EE-Engine this is a default configured login module stack that can be used by everyone.
·        Basic allows for Basic Authentication, supported by the Web container.
·        Client allows for client certificate authentication, supported by the Web container.
·        Digest allows for digest authentication, supported by the Web container.
·        Form allows for form authentication, supported by the Web container.
·        Ticket used for creating and verifying logon tickets.
·        Evaluation assertion ticket used for verifying assertion tickets (tickets used between systems).
I have selected SAP J2EE Engine and then defined the below Logon stack
EvaluateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
HeaderVariableLoginModule REQUIRED {ume.configuration.active=true, Header=}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
BasicPasswordLoginModule REQUISITE {}
CreateTicketLoginModule OPTIONAL {ume.configuration.active=true}
it do not understand whether it is right or we should create new policy under policy configuration and the define the above stack.now i am also facing problem in loggin to Visual adminstrator
Please suggest
Thanks with Regards
Deelip Kumar

Similar Messages

Strange Problem with Web Object Manager

Hi,
I have a very strange problem with JDev.
When I register a servlet with the Web Object Manager, it does not work (the web server does not find the servlet). This is not the end... If I exit JDev, re-open it and return to the Web Object Manager, instead of the Web Object Manager tree appears a tree labeled JTree with leaves labeled "colors", "sports" and "food"???
No way to recover the Web Object Manager!
I had to re-install JDev.
Any ideas?
Thanks
-David

Thanks but I don't understand. Here is wtgapp.xml:
<?xml version = '1.0'?>
<workspace>
</workspace>
Here is webtogo.ora:
[WEBTOGO]
USE_SYSTEM_CLASSPATH=YES
DEBUG=YES
[FILESYSTEM]
ROOT_DIR=C:\
TYPE=OS
[MIMES]
html=text/html
xml=text/xml
xsl=text/xml
jsp=text/html;handler=oracle.jsp.JspServlet
xsql=text/html;handler=oracle.xml.xsql.XSQLServlet
[APPLICATIONS]
xmlfile=.\wtgapp.xml
[SERVLET_PARAMETERS]
emit_debuginfo=true
bypass_source=true
jspcompiler=oracle.jdeveloper.jsp.JspOjcCompiler
page_repository_root=C:\Program Files\Oracle\JDeveloper 3.1.1.2\myclasses\_pages
after I added my servlet (which was named Servlet1). Where is the problem exactely.
Thanks.
-David
In any case, is the fixed version available?
null

Firmware update with web desktop manager

Hello,
I want to update my devices via Web Desktop Manager. I have configured the BES like discribed in the appropriate document and I have configured a share and a software bundle.
After login in the web desktop manager, I have no possibility to update the firmware. The register card "Device software" is missing.
I don`t know how to fade in the missing register!
Thanks and greetings

hello mchavez,
youwill find more answers if you post your question on the appropriate section of the forum.
go to the homepage of this forum and look for the "Blackberry Enterprise Solution" board.
The search box on top-right of this page is your true friend, and the public Knowledge Base too:

Experience with Web Desktop Manager??

I have just installed Web Desktop Manager v1.0.1 on my BES server (v.4.1.4.15). The installation went fine, but I am not able to login to the website. I get "The page cannot be found". Anybody have suggestions on what I did wrong and what I need to do to get this working? Thanks!

hello mchavez,
youwill find more answers if you post your question on the appropriate section of the forum.
go to the homepage of this forum and look for the "Blackberry Enterprise Solution" board.
The search box on top-right of this page is your true friend, and the public Knowledge Base too:

Safari authentication with web filters

safari cant authenticate with web filter agent. running active directory

Im having the same issue at work.
see my post and let me know if it is kind of the same issue.
https://discussions.apple.com/message/16418518#16418518
thanks,

BO Authentication with Sun Access Manager

Post Author: aboucher
CA Forum: Authentication
Hi,
Is there a way to use Sun Access Manager (Role base) with BO. We are using XIR2 but we are willing to move to XIR3 if this version can do this job. I know that BO can be configured with LDAP, AD, Enterprise but is there a Custom choice. Any idea?
Thanks

Post Author: TAZ
CA Forum: Authentication
So quickly reviewing sun access manager it doesn't seem to be an LDAP server per se. It's more like a portal used for SSO. If that's the case then you would integrate LDAP accounts and then use technology like trusted authentication for SSO from the sun access maanger portal. In that case trusted auth will support just about any front end as long as the user info can be forwarded to us in one of 7 methods. You can read more about trusted authentication in the XIR2 deployment guide
http://support.businessobjects.com/documentation/product_guides/default.asp
Integrations of this level typically involvel in depth planning and should probably be done with the assistance of a BO consultant.
Regards,
Tim

Basic Authentication with Web Service

Hello,
I am running S1AS7 on window XP. I have deployed the sample/jaxrpc/simple with basic authentication enabled. I have also changed to Client.java to set the USERNAME and PASSWORD (ie: stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "j2ee");
Once I have deployed the war file and run the client, I got access denied exception.
I have checked the s1as7 log and here is the details:
FINE: Logging in user [j2ee] into realm: file using JAAS module: fileRealm
FINEST: Login module initialized: class com.iplanet.ias.security.auth.login.File
LoginModule
FINEST: File login succeeded for: j2ee
FINEST: JAAS login complete.
FINEST: JAAS authentication committed.
FINE: Password login succeeded for : j2ee
FINE: Set security context as user: j2ee
FINE: Authenticator[jaxrpc-simple]: Authenticated 'j2ee' with type 'BASIC'
FINE: SingleSignOn[server1]: Registering sso id '193F1461E0D9B982E6B4055C0134076
9' for user 'j2ee' with auth type 'BASIC'
FINE: Authenticator[jaxrpc-simple]: Calling accessControl()
FINEST: PRINCIPAL : j2ee hasRole?: staffmember
FINEST: PRINCIPAL TABLE: {}
FINE: Authenticator[jaxrpc-simple]: Failed accessControl() test
Please notice that the authentication worked, but the PRINCIPAL TABLE is null!!!! If I run the basic authentication sample, i can see from the log the PRINCIPAL TABLE is (...staff=[staffmember], j2ee=[staffmember],.....)
so somehow the app server treats the two sample differently with the same user id (j2ee/password)
any comments?
thanks..

Hello,
I am running S1AS7 on window XP. I have deployed the
sample/jaxrpc/simple with basic authentication
enabled. I have also changed to Client.java to set
the USERNAME and PASSWORD (ie:
stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY
"j2ee");
Once I have deployed the war file and run the client,
I got access denied exception.
I have checked the s1as7 log and here is the
details:
FINE: Logging in user [j2ee] into realm: file using
JAAS module: fileRealm
FINEST: Login module initialized: class
com.iplanet.ias.security.auth.login.File
LoginModule
FINEST: File login succeeded for: j2ee
FINEST: JAAS login complete.
FINEST: JAAS authentication committed.
FINE: Password login succeeded for : j2ee
FINE: Set security context as user: j2ee
FINE: Authenticator[jaxrpc-simple]: Authenticated
'j2ee' with type 'BASIC'
FINE: SingleSignOn[server1]: Registering sso id
'193F1461E0D9B982E6B4055C0134076
9' for user 'j2ee' with auth type 'BASIC'
FINE: Authenticator[jaxrpc-simple]: Calling
accessControl()
FINEST: PRINCIPAL : j2ee hasRole?: staffmember
FINEST: PRINCIPAL TABLE: {}
FINE: Authenticator[jaxrpc-simple]: Failed
accessControl() test
Please notice that the authentication worked, but the
PRINCIPAL TABLE is null!!!! If I run the basic
authentication sample, i can see from the log the
PRINCIPAL TABLE is (...staff=[staffmember],
j2ee=[staffmember],.....)
so somehow the app server treats the two sample
differently with the same user id (j2ee/password)
any comments?
thanks..
One more thing, here is my web.xml file:
<web-app>
<display-name>Hello World Application</display-name>
<description>A web application containing a simple JAX-RPC endpoint</description>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>basic secuity test</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>staffmember</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>basic-file</realm-name>
</login-config>
</web-app>

Trusted Authentication with Web Services SDK

Hi,
I have just configured my BO server to use Trusted Authentication (REMOTE_USER) and It works with Infoview so I don't need the logon page to enter user and password.
I also have an .NET application that uses Web Services SDK and I would like to use Trusted Authentication on it.
Is there any code to access to BO using Web Services SDK?
Before the configuration, I was using this code:
string m_strURL="http://server:8080/dswsbobje/services/Session";
BusinessObjects.DSWS.Connection oConnection = new BusinessObjects.DSWS.Connection(m_strURL);
BusinessObjects.DSWS.Session m_wiSession = new Session(oConnection);
BusinessObjects.DSWS.Session.EnterpriseCredential oEC = new EnterpriseCredential();
oEC.Login = strLogin;
oEC.Password = strPassword;
oEC.AuthType = "secLDAP";
SessionInfo oSI = m_wiSession.Login(oEC);
Now, I want to use Trusted Authentication in my .NET application so I wouldn't have to enter user and password.
I have looking for some code, but I haven't found it yet. I hope you could help me.
Thanks,
Sandra

Hi, Ted,
I'm trying to use Trusted Authentication to access QaaWS (via WSDL/Axis, NOT Xcelsius). I enabled it from CMC, put the shared secret in a correct location (win32_x86 directory) and made the change to dsws.properties file, then I restarted tomcat. However, the system failed to login. Below is the trace log. Is Trusted Authentication supported for QaaWS? Thanks!
<br/>
=======
<br/>
2010-02-18 14:09:20,781 [http-8080-Processor25] ERROR com.businessobjects.qaaws.internal.transport.QaaWSServlet () 297906 - invoke()
java.lang.Exception: com.crystaldecisions.sdk.exception.SDKServerException: Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)
cause:com.crystaldecisions.enterprise.ocaframework.idl.OCA.oca_abuse: IDL:img.seagatesoftware.com/OCA/oca_abuse:3.2
detail:Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)
The server supplied the following details: OCA_Abuse exception 10498 at [.\secpluginent.cpp : 832] 42040 {}
     ...Invalid password
     at com.businessobjects.qaaws.internal.webi.WISessionMgr.makeSession(Unknown Source)
     at com.businessobjects.qaaws.internal.transport.QaaWSServlet.invoke(Unknown Source)
     at com.businessobjects.qaaws.internal.transport.QaaWSServlet.doPost(Unknown Source)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:873)
     at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
     at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
     at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
     at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
     at java.lang.Thread.run(Thread.java:595)
Caused by: com.crystaldecisions.sdk.exception.SDKServerException: Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)
cause:com.crystaldecisions.enterprise.ocaframework.idl.OCA.oca_abuse: IDL:img.seagatesoftware.com/OCA/oca_abuse:3.2
detail:Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)
The server supplied the following details: OCA_Abuse exception 10498 at [.\secpluginent.cpp : 832] 42040 {}
     ...Invalid password
     at com.crystaldecisions.sdk.exception.SDKServerException.map(SDKServerException.java:107)
     at com.crystaldecisions.sdk.exception.SDKException.map(SDKException.java:196)
     at com.crystaldecisions.sdk.occa.security.internal.LogonService.doUserLogon(LogonService.java:710)
     at com.crystaldecisions.sdk.occa.security.internal.LogonService.userLogon(LogonService.java:295)
     at com.crystaldecisions.sdk.occa.security.internal.SecurityMgr.userLogon(SecurityMgr.java:162)
     at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon(SessionMgr.java:425)
     ... 19 more
Caused by: com.crystaldecisions.enterprise.ocaframework.idl.OCA.oca_abuse: IDL:img.seagatesoftware.com/OCA/oca_abuse:3.2
     at com.crystaldecisions.enterprise.ocaframework.idl.OCA.oca_abuseHelper.read(oca_abuseHelper.java:106)
     at com.crystaldecisions.enterprise.ocaframework.idl.OCA.OCAs._LogonEx4Stub.UserLogonEx4(_LogonEx4Stub.java:80)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:585)
     at com.crystaldecisions.enterprise.ocaframework.ManagedService.invoke(ManagedService.java:424)
     at com.crystaldecisions.sdk.occa.security.internal._LogonEx4Proxy.UserLogonEx4(_LogonEx4Proxy.java:222)
     at com.crystaldecisions.sdk.occa.security.internal.LogonService.doLogon(LogonService.java:347)
     at com.crystaldecisions.sdk.occa.security.internal.LogonService.doUserLogon(LogonService.java:684)
     ... 22 more
org.apache.axis2.AxisFault: org.apache.axis2.databinding.ADBException: Unexpected subelement table
     at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
     at service.wsdl.heartFailure.HFReliabilityScoreStub.fromOM(HFReliabilityScoreStub.java:4131)
     at service.wsdl.heartFailure.HFReliabilityScoreStub.runQueryAsAService(HFReliabilityScoreStub.java:201)
     at org.apache.jsp.AuthTest_jsp._jspService(AuthTest_jsp.java:78)
     at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
     at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
     at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
     at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:873)
     at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
     at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
     at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
     at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
     at java.lang.Thread.run(Thread.java:595)

Integrated windows authentication with Oracle access manager 10g

Hi SSo guys,
Our project requirement is as follows:
We have two applications Ebiz 11.5.10.2 and OBIEE10g and we are supposed to integrate IWA for both the applications
so as per the below note OAM integration with IWA only works for the applications using IIS.
So can we protect both the applications in OAM 10g and point those applications to two html pages say http://IIS hostname/ebiz and http://IIS hostname/OBIEE and protect those two resorces in OAM suing IIS webserver?
As per the note :
Doc ID 1072204.1 specify
Excerpt from this doc:
#-begin-
OAM accomplishes IWA by using an OAM Webgate on the IIS Web Server that uses a hidden feature of external authentication to get the REMOTE_USER header variable value and map it to a DN for the ObSSOCookie generation and authorization. Behind the scenes, the IIS WebGate utilizes the UseIISBuiltinAuthentication parameter, by default, this value is false. IWA can only be achieved when this attribute is set to true on an IIS WebGate. This is not a valid parameter for any other OAM WebGate.
#-end-

It should be this way:
Ebiz:
1. Integrate OAM with OASSO
2. Register OASSO and OID with Ebiz11.5.10.2
3. Protect the resource in OAM
4. Verify if authentication is successful for this resource.
Obiee:
1. Integrate OBIEE with OAM
2. Verify if authentication is successful for this resource.
IWA:
1. Install IIS webser and webgate
2. Create authentication scheme which protects / of IIS web server.
Create a Form Authentication Scheme(this scheme should protect OBIEE and EBiz resource) which will have challenge redirect to IIS web server where IWA is configured and / is protected.
Login Flow:
1. User tries to access ebiz or obiee resource.
2. Form Authentication Scheme will challenge redirect to IIS web server where IWA is configured.
3. As IWA is configured. User will be automatically get ObSSOCookie.
4. User gets redirected back to the requested resource.
There is a My oracle support doc which talks in details about this setup.

Integrating windows authentication with Sun ACCESS MANAGER

Hi,
I have implemented sun access manager and successfully protected an application (ABC). At present iam using the SDS as the authentication and authorization directory. I login in to the machine using the network username and password which is on AD.
I want to integrate my authentication/authorization mechanism from SDS to AD. so that when i login into the machine and open application ABC it should not ask me for the credentials; instead allow me to the homepage directly.
How to do this.
Thanks in advance
Maruthi

Hi!
Maybe this helps you, it describes how to setup AM and policy agent to handle basic authentication protected sites. While the article is about sharepoint it should work for any application.
http://developers.sun.com/identity/reference/techart/sharepoint.html
Christoph

BPC authentication via Tivoli Access Manager

Hello experts,
I'm now investigating BPC authentication mechanism with third vendor authentication software.
Is it possible to login to BPC v7.5 MS version via Tivoli Access Manager with 'Reverse Proxy' ?
And can BPC get a login-user information as a http-header from Tivoli Access Manager at this time ?
If the above situation is possible, can BPC utilize BO enterprise authentication with Tivoli Access Manager ?
Best regards,
Tatsuo Oba

SAP BOPC can use Reverse Proxy.
I'm not sure how you want to use Tivoli Access Manager with SAP BOPC?
It is very interesting to know also the reason you woudl like to use SAP BOPC in this way.
It can be a very nice case study.
BPC can not get information like an HTTP header and something like that it will be unsafe from security point of view.
Regarding your question:
BPC to utilize CMS authentication with Tivoli Access Manager
I think you have to provide more information? Why do I need Tivoli Access Manager to access BPC or to do authentication to CMS.
I have to mention I don't know how it is working Tivoli Access Manager and because of that I'm asking you to provide more information.
Regards
Sorin Radulescu

Securing web services with Sun Access Manager

Hi!
I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
My questions are:
1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
2) Are there any documentation/tutorials/etc?
Thanks in advance :-)
Anders

what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
So.. having said that. here's what I'd recommend.
1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
2. configure it to use your access manager instance for authentication.
3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
4. voila... your webservices are not "protected" by acces manager ;-)

Problem with Jdeveloper and the Web Object Manager

I am trying to register a servlet through the web object manager.
As soon as click the web object manager menu pick I get the following
error: Could not load servlet information from web server.
On other peoples machines here it works fine and they can register
servlets. What am I missing!

hmmmm, wondering if I understood you correctly:
first try the file association - right click on one of the movie files (you should tell as well with extension) then 'open with' menu then go to 'choose program' and then choose one of them and coach the box "always use the selected program to open this kind of file" in your example 'window media player'.
the other point I understood is that in download directly into your browser, well there is a settin for this in the option, don't know where exactly, but you can avoid this by right clicking on the movie/file link and choose 'save target as ...' this forces it to download it on your disk and then you can open it.
hope this kinda helps
Cheers
Slarti

Confirming method to secure web services through oracle web service manager

Hi All,
I am just wondering about the method to secure web service through oracle web service manager.
I have a unsecure web service "helloworld" which is deployed on JWSDP1.6 toolkit.I want to secure it through oracle web service manager.
Inorder to secure this unsecure web service,I use gateway(web service manager for securing web service using message level security through certificate).
So when client want to access the helloworld service,it contacts the gateway securely and gateway intern connect to original web service after decrypting and verification of the signature.When gateway gets response from the web service,it signs the response message and then encrypt and passs on to the client.
So my question is,is it the right way to secure web service?
As I am getting the following fault exception :
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode "http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode>
<faultstring>Step execution failed with an exception
</faultstring>
<detail></detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I checked the log at :
C:\coresv_install_home\external\oc4j-10.1.2.0.0\j2ee\home\log\http-web-access
but there is no helpful information available.Thanks for any help.
Kash

Hi Rajesh,
Thanks for your reply.I am using the following policy steps:
1)for Request (Decrypt and Verify signature).
2)for Response(Sign Message and Encrypt).
The configuration for Request is shown below:
Pipeline "Request"
Pipeline Steps:
Start Pipeline
Log
Decrypt and Verify Signature
Basic Properties Type Default Value
Enabled (*) boolean true true
XML Decryption Properties Type Default Value
Decryptor''s keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-keystore.jks
Decrypt Keystore Type (*) string jks jks
Decryptor''s keystore password string *******
Decryptor''s private-key alias (*) string s1as
Decryptor''s private-key password string *******
Enforce Encryption (*) boolean true true
XML Signature Verification Properties Type Default Value
Verifying Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-truststore.jks
Verifying Keystore type (*) string jks jks
Verifying Keystore password string *******
Signer''s public-key alias (*) string xws-security-client
Enforce Signing (*) boolean true true
End Pipeline
And the configuration for Response is shown below:
Pipeline "Response"
Pipeline Steps:
Start Pipeline
Log
Sign Message and Encrypt
Basic Properties Type Default Value
Enabled (*) boolean true true
Signing Properties Type Default Value
Signing Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-keystore.jks
Signing Keystore Type (*) string jks jks
Signing Keystore password string *******
Signer''s private-key alias (*) string s1as
Signer''s private-key password string *******
Signed Content (*) string BODY BODY
Sign XPATH Expression string
Sign XML Namespace string[]
Encryption Properties Type Default Value
Encryption Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-truststore.jks
Encrypt Keystore Type (*) string jks jks
Encryption Keystore password string *******
Decryptor''s public-key alias (*) string xws-security-client
Encrypted Content (*) string BODY BODY
Encrypt XPATH Expression string
Encrypt XML Namespace string[]
End Pipeline
I checked the log again but nothing useful there,it is just giving the following values:
2006-08-14 16:32:50,372 INFO [Thread-21] mstore.OLiteMStore - SELECT MEASUREMENT_STR FROM MEASUREMENT_PERSISTED_STORE WHERE ID=? FOR UPDATE
2006-08-14 16:34:50,364 INFO [Thread-16] mstore.OLiteMStore - INSERT INTO MEASUREMENT_PERSISTED_STORE (ID,DEF_ID,CONTEXT_ID,PARENT_CONTEXT_ID,TIME,STORETIME,KEY0,KEY1,KEY2,KEY3,KEY4,KEY5,KEY6,KEY7,KEY8,KEY9,KEY10,KEY11,KEY12,KEY13,KEY14,KEY15,KEY16,KEY17,KEY18,KEY19,KEY20,KEY21,KEY22,KEY23,KEY24,KEY25,KEY26,KEY27,KEY28,KEY29,KEY30,KEY31,KEY32,KEY33,KEY34,KEY35,KEY36,KEY37,KEY38,KEY39,DBM0,MEASUREMENT_STR) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,'R',empty_clob())
2006-08-14 16:34:50,364 INFO [Thread-16] mstore.OLiteMStore - SELECT MEASUREMENT_STR FROM MEASUREMENT_PERSISTED_STORE WHERE ID=? FOR UPDATE
Any help would be appreciated.Thanks.
Kash

External Authentication with Java Card through HSM

Hi All,
How to do External Authentication process in Javacard through HSM (Hardware Security Module). Does any HSM supports this?
My requirement is to store the Card KMC in HSM and i should authenticate the terminal application with the Java Card through HSM.
Does anyone have the idea on this. Because i should not expose the Card KMC to outside world.

Hi,
Megaa1207 wrote:
My requirement is to store the Card KMC in HSM and i should authenticate the terminal application with the Java Card through HSM.If you cannot create a functional module for your HSM to perform external authenticate, you can use the PKCS11 libraries (cryptoki) to perform the primitive operations to generate your KDC's and to use them for generating session keys and cryptograms. All the sensitive data will be able to stay secured inside the HSM. You would perform the cryptographic operations on the derivation data and store the result as a key object inside the HSM. There is quite a lot of documentation on the PKCS11 operations on the RSA web site.
Cheers,
Shane

Authentication with Web Accees managment through Headervariable

Similar Messages

Maybe you are looking for