BASIC_PLAIN and CLIENT-CERT for SAML2 authentication

Similar Messages

• What is the option client certificate for user authentication used for?

  Hi All,
  I have to work on a FTPS - XI -SAP scenario.
  I can see an option for client certificate for user authentication when security is enabled for the FTP adapter. what exactly is this option used for?
  P.S: I went through sap help but couldnt quite understand.

  Thanks a lot Mark.
  So for a FTPS -> XI -> SAP scenario the following settings are required.
  1. I have to create a certificate in Visual Admin for the XI server , send a csr to a CA and get it signed by them, and i have to add this to the ssl_service view.
  2. I have to hand over the public key to the FTPS server & this key will be used for encryption of the file
  the above 2 steps are mandatory.
  If i choose to use the client certificate option , i have to get the client certificate from the FTPS server and add it into the TrustedCAs list. This certificate is just to imply that the client is what it claims to be.
  Will this certificate be used for encryption?
  To make it clear let me put it this way. The certificate created in the XI Server is used for encryption and also for ascertaining that the its what it claims to be.
  The clients certificate option is used only to make sure that the client is what its claiming to be & this is not used for encryption?

• Client Certs for just one directory using IIS

  I am using JRun 4 and IIS 5 on one site and IIS 6 on another, and am using SSL and requiring client certificates. I have all that working through IIS's site properties but my issue is that I only want to accept client certificates on one directory, in fact I only want the request for the client cert to pop up on that one directory. By setting the JRun.dll to the proper security settings to accept client certificates in IIS, any jsp file will prompt for the cert.
  Do I not want to want to use IIS to set up my SSL and client cert request as opposed to doing it in the web.xml? All my research pointed me to do this through IIS. Using IIS, do I need to use another ISAPI Jrun connector? How do I do that?
  Can someone tell me a way to get this working for a client cert prompt only for the one directory either though IIS or application security?
  Thanks for any input you can provide.

  Hello Bill,
  I am sorry but I do not have an answer to your issue. It just
  happend that I am trying to set up SSL connection between JRUN 4
  and IIS 5 using JRUN ISAPI connector. Unfortunately every time I
  try to run the "*.jsp" test page I am getting "fetchprops" error
  message on JRUN ISAPI connector. Would you be able to give me some
  hints as to what could cause this issue. By the way, I am testing
  it only with trial version of SSL certificate on IIS.
  Thank you

• Defining an Authentication Scheme for user ID and password and client certi

  Hi,
                  I do need to define an Authentication Scheme for user ID/Password and client certificate,, both at the same time, so whenever the end user access the SAP Portal he/she will be asked to provide user and password as well digital certificate,
                  Despite of the whole idea behind o f the concept of digital certificate, my client sill wants to keep the user ID and password to complies with business requirements.
       I found a documentation that discuss Authentication Scheme with example using both ID and Digital certificate, but the priority was set different for each authentication method.
  http://help.sap.com/saphelp_nw04s/helpdata/en/d3/1dd4516c518645a59e5cff2628a5c1/content.htm
       So I am wondering with I can accomplish User ID/Pwd plus digital certificate just by making the priority the same value. Anyone had a similar requirement?
  Best Regards
  Claudio Rocha

  Hi
  Did you get an answer for this Query ?
  Regards
  Priyanka

• Testing exampleswebapp/SnoopServelt.jsp on https and client-cert

  HI All:
  I am trying to setup 2-way authentication in wls7.0. I have not been able to pin
  down all the requriments for using client-cert authentication with 2-way authentication.
  I have done the following:
  1. enabled client certificate enforced under SSL tab
  2. specified client-cert as login mechanism in web.xml
  3. specified a security constraint and "INTEGRAL" as the transport mode for the
  URL pattern /SnoopServlet.jsp
  4. installed CertGenCA.der and client2certs.der, cerificates
  for CA and client (generated using utils.CertGen) in the browser
  when I hit the jsp I get a page cannot be displayed.
  Any ideas what settings are wrong?
  TIA,
  -Sandeep

  Hi Sandeep,
  You did not mention the following necessary step.
  - Configure the Trusted CA File Name for the client cert
  If this step does not help, you can enable server-side
  debugging by setting the following property on the java
  command line when starting WebLogic.
  -Dssl.debug=true
  I hope this helps.
  Regards,
  Tom Hegadorn
  Developer Relations Engineer
  BEA Support
  "Sandeep " <[email protected]> wrote:
  >
  HI All:
  I am trying to setup 2-way authentication in wls7.0. I have not been
  able to pin
  down all the requriments for using client-cert authentication with 2-way
  authentication.
  I have done the following:
  1. enabled client certificate enforced under SSL tab
  2. specified client-cert as login mechanism in web.xml
  3. specified a security constraint and "INTEGRAL" as the transport mode
  for the
  URL pattern /SnoopServlet.jsp
  4. installed CertGenCA.der and client2certs.der, cerificates
  for CA and client (generated using utils.CertGen) in the browser
  when I hit the jsp I get a page cannot be displayed.
  Any ideas what settings are wrong?
  TIA,
  -Sandeep

• Require client cert for just one servlet

  Hello
  I enabled SSL with mutual authentication in tomcat 5.5.x into Jboss like this:
  <Connector port="443" address="${jboss.bind.address}"
  maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
  emptySessionPath="true"
  scheme="https" secure="true" clientAuth="true"
  truststoreFile="${jboss.server.home.dir}/conf/confiaveis.truststore"
            truststorePass="111111"
  keystoreFile="${jboss.server.home.dir}/conf/.keystore"
  keystorePass="111111"
            sslProtocol = "TLS" />
  It�s working perfectly and any servlet requires client certificate. But now, i would like that just one servlet require client cert.
  Does any body could help me ?

  Application and web servers base their authentication mode on Listeners and not Servlets. Since Listeners listen on ports, and and can direct client calls to any number of Servlets, all Servlets served by a Listener will default to the authentication mode of the Listener.
  If you want to have selective authentication based on Servlets, then you should use a non-ClientAuth port for most of your Servlets, and redirect the client request to port 443 for the one Sevlet that needs ClientAuth. As a result, you will get the same effect.

• Anyconnect and client certificates for dynamic access policies (dap)

  I'm faced with the challenge of rolling out AnyConnect to our clients (which I've done before at another job) but in this case we want to 'NAC' vpn clients... We're still in discussion around the security policy and those details, but I wanted to see if folks on this forum could chime in with their experience on this.
  We have a mix of Windows, Linux and MACs that are corporate issued devices that should receive some form of posture checking and then be granted access. Personal devices would also be subjected to some level of posture checking, but if during the initial scan it was deemed that this is not a corporate machine, then that machine would have very limited access.
  From what I've read, the OS agnostic route to take is using certificates. I'm looking for design tips or docs that would assist in rolling this out. We do not have a PKI infrastructure today. So some of the questions I have are:
  Can the ASA manage all of the client issued certs? From enrollment to revocation?
  Or would I look to my Windows infrastructure for that? And if so, how does that integrate with the ASA?
  Client certs vs machine certs?
  Any advice from high level to low level or partial answers would be appreciated...
  Thanks

  "Can the ASA manage all of the client issued certs? From enrollment to revocation?"
  Yes, please check the Cisco url below, configuration method.
  http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/cert_cfg.html#wp1067758
  Hope that helps.
  thanks
  Rizwan Rafeek

• No F4 value for system and client field for create job request

  Hi,
  While creating a job request in Solution manager system filed and client filed F4 is not working , it does not show any value.
  Do you have  any idea regarding this issue.
  Thansk & Regards,
  kaushal

  Hello  Kaushal,
  you habe to link user, key user i.e. a business partner (BP), and managed system and this work like this:
  a) User <-> BP: start transaction BP, assign role Employee to your business partner and enter the user name on tab Identification
  b) BP <-> managed system: start transaction BP, select role General and enter the External System Identifier (format: <managed system ID> <installation number> <client> <user in managed system>) on tab Identification
  Alternative: Use transaction BP_GEN to create valid business partners for managed systems
  See also the Solution Manager Implementation Guide (IMG):
  -> transaction SPRO
  .> SAP Solution Manager Implementation Guide
  -> SAP Solution Manager
  -> Cross-Scenario Settings
  then
  -> Business Partners
  and
  -> iBase
  (Note that IMG path (and labels) might vary in between support packages)
  Kind regards,
  Martin
  http://service.sap.com/jsm

• How to get Client ID and Client Secret for Office App for Word which accessing SharePoint Online

  we currently implementing an Office App for MS Word which access SharePoint list and get data from lists. Our aim is any user can get this app from Office App store and enter their SharePoint URL and browse their own SharePoint lists and use those. When
  I was checking mechanisms which you used to access SharePoint, in some of them have used ClientId and Client Secret to authenticate with SharePoint. I have following questions.
  1.If I want to sell my app using Office app store where can I get those clientId and client secret which is used to  get the access tokens.
  2.Is it possible to create SharePoint app and publish it to SharePoint app store and get clientId and client secret and use it when accessing through office. So users first download our SharePoint app install it to their SharePoint environment then get out
  Office App from Office app store and add it to word. Will this work?

  Hi,
  >> We are planning to develop an Office app to access SharePoint Online and SharePoint on Premise from Microsoft word.
  I’m not very familiar with SharePoint development, so please correct me if I have any misunderstandings about your requirement.
  The basic components of an app for Office are an XML manifest file and the default webpage of your app (server side).
  >> If I'm publishing my Office App for Word in to the Microsoft office app store, how do I get the ClientId and ClientSecret which I need to pass to authenticate with SharePoint online?
  As far as I know, when register your web app to SharePoint Online, you will get the ClientId and ClientSecret from the Azure Active Directory. And you need to store the Client ID and Client
  Secret on the app server side.
  For details, you could reference the article
  Building an Office 365 ASP.NET MVC app.
  >> If ClientId and ClientSecret not providing when we publishing Word Office App to the app store how what the ways which we can use to authenticate with SharePoint using Word Office app?
  You don’t need to provide the ClientId and ClientSecret when publishing your App to App Store. They are stored on your app server side.
  By the way, if you have the question about how to access the SharePoint resource in a Web Application, I will suggest you posting the questions to
  SharePoint Development Forum. For this forum, we mainly discuss the questions about using the Office JavaScript API to develop Apps for Office.
  Regards,
  Jeffrey
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Glassfish 3.1.2 configuration Client Certificate for Mutual Authentication

  Hi
  I need help in configuring GF3.1.2 i have done following changes, please do let me know if i am missing anything important as after changes it is not working.
  my id is [email protected]
  I could not found any particular thread or answers in forum if any link is there will be helpful.
  if you have any document for this please forward.
  please do the needful
  App Web.xml
  <login-config>
  <auth-method>CLIENT-CERT</auth-method>
  </login-config>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Entire Application</web-resource-name>
  <url-pattern>/faces/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  <http-method>HEAD</http-method>
  <http-method>PUT</http-method>
  <http-method>OPTIONS</http-method>
  <http-method>TRACE</http-method>
  <http-method>DELETE</http-method>
  </web-resource-collection>
  <auth-constraint>
  <description/>
  <role-name>authorized</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <security-role>
  <description/>
  <role-name>authorized</role-name>
  </security-role>
  sun-web.xml
  <security-role-mapping>
  <role-name>authorized</role-name>
  <principal-name>admin</principal-name>     
  <group-name>authorized</group-name>
  </security-role-mapping>
  Domain.xml
  <security-service>
  <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
  <property name="file" value="${com.sun.aas.instanceRoot}/config/admin-keyfile"></property>
  <property name="jaas-context" value="fileRealm"></property>
  </auth-realm>
  <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
  <property name="file" value="${com.sun.aas.instanceRoot}/config/keyfile"></property>
  <property name="jaas-context" value="fileRealm"></property>
  </auth-realm>
  <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
  <property name="assign-groups" value="authorized"></property>
  </auth-realm>

  Hi,
  May be below links will be helpful
  Check the following links.. you will get the information all about the securities...
  http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/content.htm
  Also read thru this link for message level security - https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Also find soeminformation in these links
  http://help.sap.com/saphelp_nw2004s/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm
  /people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi
  Step by step guide for SSL security
  step by step guide to implement SSL
  Please go through below link for referance (above information is from below link)
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
  General guide
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9
  Message level security
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Regarding message level you can encrypt the message using certificates.
  For both of this basis team has to deploy the releavant certificates in XI ABAP Stack or Java stack.
  Generally if the scenarios are intra company we dont use any transport level or message level security since the network is already secured.
  Thanks
  Swarup

• Visual Studio generates wrong proxy and client config for WCF Service Host with customBinding

  Hi,
  I have  a simple WCF test service.
  The serviceModel configuration for the looks like this:
  <system.serviceModel>
  <bindings>
  <customBinding>
  <binding name="NewBinding0">
  <byteStreamMessageEncoding>
  <readerQuotas maxDepth="10" maxStringContentLength="10000" maxArrayLength="10000"
  maxBytesPerRead="1000" maxNameTableCharCount="200" />
  </byteStreamMessageEncoding>
  <tcpTransport />
  </binding>
  </customBinding>
  </bindings>
  <diagnostics>
  <messageLogging logMalformedMessages="true" logMessagesAtTransportLevel="true" />
  </diagnostics>
  <services>
  <service name="WcfServiceLibrary2.Service1">
  <endpoint address="mex" binding="mexHttpBinding" name="mexName"
  contract="IMetadataExchange" />
  <endpoint address="net.tcp://localhost:8734/WcfServiceLibrary2/Service1.svc"
  binding="customBinding" bindingConfiguration="NewBinding0" name="tcpName"
  bindingName="" contract="WcfServiceLibrary2.IService1" />
  <host>
  <baseAddresses>
  <add baseAddress="http://localhost:8733/Design_Time_Addresses/WcfServiceLibrary2/Service1/" />
  </baseAddresses>
  </host>
  </service>
  </services>
  <behaviors>
  <serviceBehaviors>
  <behavior name="">
  <serviceMetadata httpGetEnabled="true" />
  <serviceDebug includeExceptionDetailInFaults="false" />
  </behavior>
  </serviceBehaviors>
  </behaviors>
  </system.serviceModel>
  However the auto generated client side serviceModel looks like this:
  <system.serviceModel>
  <bindings>
  <customBinding>
  <binding name="tcpName">
  <textMessageEncoding messageVersion="Soap12" />
  <tcpTransport />
  </binding>
  </customBinding>
  </bindings>
  <client>
  <endpoint address="net.tcp://localhost:8734/WcfServiceLibrary2/Service1.svc"
  binding="customBinding" bindingConfiguration="tcpName" contract="ServiceReference2.IService1"
  name="tcpName" />
  </client>
  </system.serviceModel>
  Note the Encoding has changed to from byteStreamMessageEncoding to textMessageEncoding.
  When I test the service with WCF Test Client, I get the error "Addressing Version 'AddressingNone (http://schemas.microsoft.com/ws/2005/05/addressing/none)' does not support adding
  WS-Addressing headers."
  The error message makes sense in considering the client is mis-configured. I could manually modify the client side configuration, but I don't know how to give that to the WCF Test Client.
  When I run my own test client code, I get a NullReferenceException creating the Channel
  at System.Text.UTF8Encoding.GetByteCount(String chars)
  at System.ServiceModel.Channels.EncodedFramingRecord..ctor(FramingRecordType recordType, String value)
  at System.ServiceModel.Channels.EncodedContentType.Create(String contentType)
  at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.CreatePreamble()
  at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel..ctor(ChannelManagerBase factory, IConnectionOrientedTransportChannelFactorySettings settings, EndpointAddress remoteAddresss, Uri via, IConnectionInitiator connectionInitiator, ConnectionPool connectionPool, Boolean exposeConnectionProperty, Boolean flowIdentity)
  at System.ServiceModel.Channels.ConnectionOrientedTransportChannelFactory`1.OnCreateChannel(EndpointAddress address, Uri via)
  at System.ServiceModel.Channels.ChannelFactoryBase`1.InternalCreateChannel(EndpointAddress address, Uri via)
  at System.ServiceModel.Channels.ServiceChannelFactory.ServiceChannelFactoryOverDuplexSession.CreateInnerChannelBinder(EndpointAddress to, Uri via)
  at System.ServiceModel.Channels.ServiceChannelFactory.CreateServiceChannel(EndpointAddress address, Uri via)
  at System.ServiceModel.Channels.ServiceChannelFactory.CreateChannel(Type channelType, EndpointAddress address, Uri via)
  at System.ServiceModel.ChannelFactory`1.CreateChannel(EndpointAddress address, Uri via)
  at System.ServiceModel.ClientBase`1.CreateChannel()
  at System.ServiceModel.ClientBase`1.CreateChannelInternal()
  at System.ServiceModel.ClientBase`1.get_Channel()
  at ConsolWCFTestApp.ServiceReference2.Service1Client.GetXSDFiles(String path) in c:\Users\malley\Documents\Visual Studio 2013\Projects\WcfService1\ConsolWCFTestApp\Service References\ServiceReference2\Reference.cs:line 127
  at ConsolWCFTestApp.Program.Main(String[] args) in c:\Users\malley\Documents\Visual Studio 2013\Projects\WcfService1\ConsolWCFTestApp\Program.cs:line 14
  at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
  at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
  at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
  at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
  at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
  at System.Threading.ThreadHelper.ThreadStart()
  Any suggestions much appreciated.
  Martin

  Hi Martin00,
  I have tested your code in my side and I can meet the same exception as you.
  >>"Addressing Version 'AddressingNone (http://schemas.microsoft.com/ws/2005/05/addressing/none)' does not support adding WS-Addressing headers."
  Based the above exception, I try to use the following config:
  <textMessageEncoding messageVersion="Soap12" />
  Instead of this config code:
  <byteStreamMessageEncoding>
  <readerQuotas maxDepth="10" maxStringContentLength="10000" maxArrayLength="10000"
  maxBytesPerRead="1000" maxNameTableCharCount="200" />
  </byteStreamMessageEncoding>-->
  After that it works fine as following:
  Best Regards,
  Amy Peng
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• WLC Virtual Interface config for a public SSL cert for Web Authentication

  I'm trying to get a cert loaded on my 5508 WLC running 7.6.130.0 so when a Web-Auth users tries to authenticate they don't get the SSL cert error.
  In the document "Generate CSR for Third−Party Certificates and
  Download Chained Certificates to the WLC"
  Document ID: 109597 it states the following
  "Note: It is important that you provide the correct Common Name. Ensure that the host name that is
  used to create the certificate (Common Name) matches the Domain Name System (DNS) host name
  entry for the virtual interface IP on the WLC and that the name exists in the DNS as well. Also, after
  you make the change to the VIP interface, you must reboot the system in order for this change to take
  effect.
  Here are my questions.
  1. I have always had 1.1.1.1 as the address of the Virtual interface, should that change or can I leave it as 1.1.1.1?
  2. In the "DNS Host Name" Field do I simply put the domain or the FQDN?  Example. Company.com or hostname.company.com

  Hi,
  1) You can change that if you want. Normally it is non-Public and non-routable in your network.
  2) Put the Host name for which you are going to give in your company DNS server where that Host name would be mapped to the Virtual ip address.
  Regards
  Dhiresh
  ** Please rate helpful posts**

• ACE and Client cert headers

  Hi all,
  We currently use a Cisco SCA for SSL off load. When adding client certificates to the SCA, there is an option to "Add Client Certificate Info" - which uses a check box to enable this feature. This feature, to the best of my knowledge, sends the headers to the server. We have configured a new service on an ACE context but need to enable this feature, is this possible and how do we enable the same feature on the ACE.
  ACE version A2(2.3)
  Thanks in advance for any assistant with this matter.

  Hello,
  it is possible on ACE too, at least in recent sw versions:
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/ssl/guide/terminat.html#wp1169219
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/ssl/guide/terminat.html#wp1169832
  as you can see here:
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_x/Release/Note/RACEA2_3_X.html#wp586054
  this was introduced in A2(3.0) so if you'll need to use the feature you'll have to upgrade.
  Hope it helps,
  Francesco

• Server and client version for configuring/developing offline kapsel apps

  Hi all.
  I am planning to develop an offline Kapsel app.
  I have two questions.
  Q1.I have installed SP05 version for SMP server and SP06 version as SMP client. Is this configuration sufficient to begin with?
  Q2. Is a delta token enabled SAP ABAP service mandatory for developing an offline app?
  Need your help on this.
  Thanks.

  Hi Daniel Van Leeuwen ,Jitendra Kansal
  I am using SAP Netweaver Gateway services instead of Integration Gateway.
  I am now able to read the data when online, but get an error when I try to open the Offline store.
  Does this have to do anything with the Netweaver Gateway?
  The server log is as below.
  #2.0#2015-04-23 07:25:11.9#+0:00#INFO####Offline#1429708585665001#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########450###&lt;47&gt; Synchronization failed#
  #2.0#2015-04-23 07:25:11.021#+0:00#ERROR#RequestResponse#200##Offline#1429708585072043#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at org.apache.olingo.odata2.api.ep.EntityProvider.readMetadata(EntityProvider.java:809)#
  #2.0#2015-04-23 07:25:11.021#+0:00#ERROR#RequestResponse#200##Offline#1429708585072044#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at com.sap.odata.offline.scripts.ODataSyncHandler.prepareMetadata(ODataSyncHandler.java:358)#
  #2.0#2015-04-23 07:25:11.021#+0:00#ERROR#RequestResponse#200##Offline#1429708585072045#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at com.sap.odata.offline.scripts.ODataSyncHandler.doHandleUploadData(ODataSyncHandler.java:209)#
  #2.0#2015-04-23 07:25:11.021#+0:00#ERROR#RequestResponse#200##Offline#1429708585072046#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at com.sap.odata.offline.scripts.ODataSyncHandler$1.call(ODataSyncHandler.java:174)#
  #2.0#2015-04-23 07:25:11.021#+0:00#ERROR#RequestResponse#200##Offline#1429708585072047#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at com.sap.odata.offline.smp.MLSMPFactory.executeWithContext(MLSMPFactory.java:156)#
  #2.0#2015-04-23 07:25:11.021#+0:00#ERROR#RequestResponse#200##Offline#1429708585072048#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at com.sap.odata.offline.scripts.ODataSyncHandler.handle_UploadData(ODataSyncHandler.java:179)#
  #2.0#2015-04-23 07:25:11.021#+0:00#ERROR#RequestResponse#200##Offline#1429708585072049#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at sun.reflect.GeneratedMethodAccessor423.invoke(Unknown Source)#
  #2.0#2015-04-23 07:25:11.021#+0:00#ERROR#RequestResponse#200##Offline#1429708585072050#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)#
  #2.0#2015-04-23 07:25:11.021#+0:00#ERROR#RequestResponse#200##Offline#1429708585072051#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at java.lang.reflect.Method.invoke(Method.java:606)#
  #2.0#2015-04-23 07:25:11.021#+0:00#ERROR#RequestResponse#200##Offline#1429708585072052#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at ianywhere.ml.script.MethodInfo.invoke(MethodInfo.java:11826)#
  #2.0#2015-04-23 07:25:11.021#+0:00#ERROR#RequestResponse#200##Offline#1429708585072053#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x27;#
  #2.0#2015-04-23 07:25:11.021#+0:00#ERROR#RequestResponse#200##Offline#1429708585072054#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10225] Failure occurred while executing user supplied code in the server#
  #2.0#2015-04-23 07:25:11.021#+0:00#INFO#RequestResponse#200##Offline#1429708585072055#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; end_upload &lt;connection&gt; (no script)#
  #2.0#2015-04-23 07:25:11.021#+0:00#INFO#RequestResponse#200##Offline#1429708585072056#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; end_publication &lt;connection&gt; (no script)#
  #2.0#2015-04-23 07:25:11.021#+0:00#INFO#RequestResponse#200##Offline#1429708585072057#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; end_synchronization &lt;connection&gt; (no script)#
  #2.0#2015-04-23 07:25:11.005#+0:00#DEBUG#RequestResponse#200##Offline#1429708585072033#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.SessionLogger:debug#username#######447###ML_SCRIPT Exit handle_UploadData: remoteID=127d6d6a-e9e6-11e4-8000-d25ebbb51773#
  #2.0#2015-04-23 07:25:11.005#+0:00#ERROR#RequestResponse#200##Offline#1429708585072034#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158] Exception thrown in method: &#x27;public void com.sap.odata.offline.scripts.ODataSyncHandler.handle_UploadData(ianywhere.ml.script.UploadData) throws java.lang.Exception&#x27;. Error description: &#x27;java.lang.IndexOutOfBoundsException: Index: 0, Size: 0&#x27;.#
  #2.0#2015-04-23 07:25:11.005#+0:00#ERROR#RequestResponse#200##Offline#1429708585072035#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  Stack trace: &#x27;java.lang.IndexOutOfBoundsException: Index: 0, Size: 0#
  #2.0#2015-04-23 07:25:11.005#+0:00#ERROR#RequestResponse#200##Offline#1429708585072036#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at java.util.ArrayList.rangeCheck(ArrayList.java:604)#
  #2.0#2015-04-23 07:25:11.005#+0:00#ERROR#RequestResponse#200##Offline#1429708585072037#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at java.util.ArrayList.get(ArrayList.java:382)#
  #2.0#2015-04-23 07:25:11.005#+0:00#ERROR#RequestResponse#200##Offline#1429708585072038#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at org.apache.olingo.odata2.core.ep.consumer.XmlMetadataConsumer.readAssociation(XmlMetadataConsumer.java:427)#
  #2.0#2015-04-23 07:25:11.005#+0:00#ERROR#RequestResponse#200##Offline#1429708585072039#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at org.apache.olingo.odata2.core.ep.consumer.XmlMetadataConsumer.readSchema(XmlMetadataConsumer.java:152)#
  #2.0#2015-04-23 07:25:11.005#+0:00#ERROR#RequestResponse#200##Offline#1429708585072040#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at org.apache.olingo.odata2.core.ep.consumer.XmlMetadataConsumer.readMetadata(XmlMetadataConsumer.java:102)#
  #2.0#2015-04-23 07:25:11.005#+0:00#ERROR#RequestResponse#200##Offline#1429708585072041#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at org.apache.olingo.odata2.core.edm.provider.EdmxProvider.parse(EdmxProvider.java:51)#
  #2.0#2015-04-23 07:25:11.005#+0:00#ERROR#RequestResponse#200##Offline#1429708585072042#127d6d6b-e9e6-11e4-8000-d25ebbb51773#com.mycompany.app#com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged#username#######447###&lt;47&gt; [-10158]  &#x9;at org.apache.olingo.odata2.core.ep.ProviderFacadeImpl.readMetadata(ProviderFacadeImpl.java:225)#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072001#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; Table #1: LODATA_SYS_PROPERTIES, 3 columns#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072002#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; propertyID integer NOT NULL PRIMARY KEY#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072003#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; longValue bigint#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072004#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; stringValue long varchar#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072005#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; Table &#x27;LODATA_SYS_PROPERTIES&#x27; is referenced by publication &#x27;LODATA_DATA_PUBLICATION&#x27;#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072006#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; Table #2: LODATA_SYS_REQUESTS, 4 columns#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072007#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; requestName varchar(128) NOT NULL PRIMARY KEY#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072008#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; definingRequest long varchar NOT NULL#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072009#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; deltaLink long varchar#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072010#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; refreshSubset bit NOT NULL#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072011#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; Table &#x27;LODATA_SYS_REQUESTS&#x27; is referenced by publication &#x27;LODATA_DATA_PUBLICATION&#x27;#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072012#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; Table #3: LODATA_SYS_COMMAND, 3 columns#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072013#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; ID integer NOT NULL PRIMARY KEY#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072014#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; commandID tinyint NOT NULL#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072015#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; argument long varchar#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072016#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; Table &#x27;LODATA_SYS_COMMAND&#x27; is referenced by publication &#x27;LODATA_DATA_PUBLICATION&#x27;#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072017#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; authenticate_user &lt;connection&gt; (no script)#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072018#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; authenticate_user_hashed &lt;connection&gt; (no script)#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072019#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; authenticate_parameters &lt;connection&gt; (no script)#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072020#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; modify_user &lt;connection&gt; (no script)#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072021#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; begin_synchronization &lt;connection&gt; (no script)#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072022#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; begin_publication &lt;connection&gt; (no script)#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072023#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; begin_upload &lt;connection&gt; (no script)#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072024#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt; handle_UploadData &lt;connection&gt;#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072025#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########447###&lt;47&gt;  com.sap.odata.offline.scripts.ODataSyncHandler.handle_UploadData#
  #2.0#2015-04-23 07:25:10.88#+0:00#DEBUG####Offline#1429708585072026#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.SessionLogger:debug########447###ML_SCRIPT Enter handle_UploadData: remoteID=127d6d6a-e9e6-11e4-8000-d25ebbb51773#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072027#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.SessionLogger:info########447###Starting delta refresh#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072028#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.SessionLogger:info########447###Store version: 0#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072029#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.SessionLogger:info########447###Service root: http://xxxx.xxx.xx.com:80/com.mycompany.app#
  #2.0#2015-04-23 07:25:10.88#+0:00#DEBUG####Offline#1429708585072030#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.odata.offline.smp.MLODataSMPConfig:getApplications########447###getApplications()#
  #2.0#2015-04-23 07:25:10.88#+0:00#DEBUG####Offline#1429708585072031#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.odata.offline.smp.MLODataSMPConfig:getApplications########447###...getApplications()#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708585072032#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.SessionLogger:info########447###Sending HTTP GET &quot;http://xxxx.xxx.xx.com:80/com.mycompany.app/$metadata"#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429708722954016#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########420###&lt;47&gt; Network protocol version check completed#
  #2.0#2015-04-23 07:25:10.88#+0:00#INFO####Offline#1429709254451016#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########430###&lt;47&gt; Request from &quot;UL 16.5.1413&quot; for: remote ID: 127d6d6a-e9e6-11e4-8000-d25ebbb51773, user name: ml_odata_user_01, version: ODATA_TO_ML#
  #2.0#2015-04-23 07:25:10.281#+0:00#INFO####Offline#1429773910281000#127d6d6b-e9e6-11e4-8000-d25ebbb51773##com.sap.mobile.platform.server.mobilink.NativeLogger:doMessageLogged########409###&lt;47&gt; Request from &quot;UL 16.5.1413&quot;#
  Request your help on this

• Bridge and Client Mode for dual radio 3502

  I want to use my dual radio 3502e AP to service clients on the 2.4 MHz and do a point to point bridge on the 5 GHz.  Is that possible?

  Hi,
  3500 series AP's are technically only supported in lightweight (controller based) mode.
  7.0.116.0 allows 3500's (as well as most other models) to operate in mesh mode.  This would be a better alternative.
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_0_116_0.html#wp673954
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080b1c101.shtml