Cert auth with a SWS7 reverse-proxy in the way
We are planning to try authenticating Access Manager 7.1 (Portal, Messaging Server) users with a certificate module so they don't have to enter usernames and passwords all the time.
By architecture of the project, there are internal servers (actual AM, Portal, etc hosts in cluster config) in the internal LAN, and a Sun Web Server 7 in the DMZ acting as a load-balancer and reverse proxy which can filter some HTTP code if we need it to. This works okay for usual HTTP sessions.
I have vague ideas how would this NOT break HTTPS sessions concerning the user cert auth module, but I have little to no practice with it.
I would like to know whether we can offload SSL decoding to the Sun Web Server acting as a reverse proxy (with i.e. Niagara hardware for SSL acceleration) and pass/use the user's certificate information to an internal Access Manager host for user authentication, or are we stuck with TCP port-forwarding from internet straight to the internal hosts on the firewall or some hardware LB?
Port-forwarding is not good because of security concerns, and in this case it seems we'd have to make several listening ports, one for each backend application, instead of publishing one standard 443 port on the rev-proxy...
Perhaps there are ways to allow the Web Server to decode HTTPS handshake, determine the destination backend host, and pass the original HTTPS packets to it? Which server certificates would be in effect in such case, or should they be the same on front and backend hosts?
Perhaps we should set up some AM component for the frontend hosts (I've seen keywords about Distributed Access Manager, but didn't research it yet)?
Any other good ideas? :)
Got the rever proxy to work. Below are the field values in the reverse proxy setting that has worked:
Reverse proxy name: <any name>
Incoming http header host name: server1.domain..company.com (get it from the end-point in WSDL)
Incoming ICM port: port (get it from the end-point in WSDL)
Substitute host name: server2.domain..company.com (has to be FQDN)
Substitute http port: 80 (in my case)
Substitute https port: (blank)
Additional path prefix: (blank)
Meta data protocol subsitution: http
Endpoint protocol subsitution: http
Status: active
Similar Messages
-
Something wrong with my SSL reverse proxy config. HELP!
Using Sun ONE Web Proxy Server 3.6-SP6
1. Got Wildcard SSL Certificate from Verisign
2. Ran sec-key
made alias
used password from Verisign
3. Installed certificate
Used "Trusted Certificate Authority (CA)"
Pasted Cert in "Message Text (with headers)"
4. Verified Certificate install in "Manage Certificates."
5. Created regular and reverse mappings.
When I try to turn on encryption, it says:
Unable to read key file (9)
What did I do wrong? I appreciate help from anyone.
-baWhat is the OS ?
If it's Solaris, a truss will give you more details on the error.
Verify the rights on your folder alias and all its contents.
Can we have a more detailled error log file when you try to start the Proxy instance.
Another remark :
In the Admin Guide the scenario is called "Setting up a secure reverse proxy ".
The problem is, that if the Webserver request for Client-Authentication
within the SSL-Handshake the Proxy-Server has to present a cert signed as Client-Cert.
Solution:
- Proxy Server owner has own CA.
Create CSR within Proxy Server and let the CSR be signed as Client Cert.
- Proxy Server owner has not own CA.
Choose a CA which allows to get client certs using CSR (e.g. tctrustcenter)
Create CSR withing Proxy Server, at the common name use your name/Email=your.name@yourdomain
Get the client cert at the CA using this CSR
Import the cert into the Proxy Server.
Create regular and reverse mappings
e.g regular: http://test.content.org https://test.content.org
reverse: https://test.content.org http://test.content.org
Choose "initialize certificates only" at security settings for proxy instance. -
Session ID in the Reverse Proxy in the Response
Hi,
Can anyone tell if the request is going from the reverse proxy to the application server, will the response also flow back from the app server to reverse proxy and then back to the client.
Actually I want to fetch some information (MSISDN) from an external system the first time request comes to a proxy server. This is to be done on reverse proxy and map this information to the session id. Now my question is that the session id will be created in the App server and not on the reverse proxy. So can I map this information in the reverse proxy from the response when session id has already been created.
Pls let me know if I have not phrased my question properly
Thanks
AAAndy,
If you do all this in reverse, what happens, i.e., start with AS 2, get redirected to login, then repeat on AS1? Also, you didn't say what happens after the first step: you alter the URL, then login, then what? Do you end up on pg 40 with the session ID you as altered?
If the behavior is symmetric, I think this is expected in 2.2.1. You are asking to join a session already owned by the SSO-authenticated user.
Scott -
Trasnparent proxy and reverse proxy at the same time
Can I have in a Content Engine v 4.2 transparent proxy and reverse proxy at the same time ?
Yes, as long as you are not redirecting the two services on the same interface. One service takes precedence over the other and I believe transparent web-cache redirect takes precedence over reverse-proxy.
-
I have a small icon at the top right of my iphone 4G right to the left of the battery percent. What is this and how do I get rid of it? It looks like a lock with a circle 3/4 of the way around it
That icon indicates your iPhone is rotation locked.
To remove it, swipe up from the bottom of the screen to open Control Center. Tap the similar looking icon there to turn it off. -
Problem with Mobile clients - Reverse proxy
Hi Guys,
I have an issue that is driving me batty. I've set up a reverse proxy and am putting my mobile clients through it. I've used the Lync connectivity analyzer which is telling me that everything is good. However I am getting an error in my mobile clients to
the effect "Please check your account info and try again"
It looks like my IIS logs are showing 401 errors on the webticketservice.svc
2014-05-30 00:48:01 192.168.0.58 GET / sipuri=sip:[email protected]&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=0b8473bc-76f4-48e6-b29d-1028dad0dc2f 443 - 24.114.103.233 ACOMO - 200 0 0 93
2014-05-30 00:48:01 192.168.0.58 GET / - 80 - 24.114.103.233 ACOMO - 406 0 0 62
2014-05-30 00:48:01 192.168.0.58 GET /autodiscover/autodiscoverservice.svc/root/user originaldomain=openjive.com&X-ARR-LOG-ID=624d5656-03de-4d23-b7be-ef1d86f986ea 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 401 0 0 72
2014-05-30 00:48:01 192.168.0.58 GET /autodiscover/autodiscoverservice.svc/root/user originaldomain=openjive.com&X-ARR-LOG-ID=989d376d-f93d-4a61-a2e8-75e44a2f630e 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 401 0 0 62
2014-05-30 00:48:01 192.168.0.58 POST /webticket/webticketservice.svc/mex X-ARR-LOG-ID=96ab4698-b8bc-4ff6-829f-60bdd7e9d64e 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 200 0 0 209
2014-05-30 00:48:01 192.168.0.58 POST /webticket/webticketservice.svc X-ARR-LOG-ID=6884e7ec-01fa-4014-96ec-1e891fbb1c7e 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 401 0 0 116
2014-05-30 00:48:03 192.168.0.58 POST /webticket/webticketservice.svc X-ARR-LOG-ID=c4f2790c-983a-4d4f-b647-dc0c30d2335d 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 401 0 0 84
Any ideas would be appreciated. I am running windows 2012 R2 across the board. The reverse proxy is IIS 8.5 with ARR 3.Here is the connectivity analyzer results.
Sending HTTP request to
https://lyncdiscover.openjive.com/[email protected]
Logging test parameters:
SIP Uri: [email protected]
User Name: openjive\bryan
Discovery Type: Automatic Discovery
Network access: NetworkAccessExternal
Selected client: ApplicationLyncMobile2013
Starting Lync server autodiscovery
Please wait; this test may take several minutes to complete...
Starting automatic discovery for secure (HTTPS) internal channel
lyncdiscoverinternal.openjive.com can't be resolved by the DNS server. Skipping internal discovery.
Starting automatic discovery for secure (HTTPS) external channel
Cookie found in autodiscover response: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
Pragma: no-cache
X-MS-Server-Fqdn: banff.openjive.local
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Date: Fri, 30 May 2014 00:49:45 GMT
Content-Length: 1049
Content-Type: application/vnd.microsoft.rtc.autodiscover+xml; v=1
Expires: -1
Parsing the response for URL
https://lyncdiscover.openjive.com/[email protected]. Full response: <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
AccessLocation="External"><Root><Link token="Domain" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/domain?originalDomain=openjive.com"
/><Link token="User" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=openjive.com"
/><Link token="Self" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=openjive.com" /><Link
token="OAuth" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=openjive.com" /><Link
token="External/XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://banff.openjive.local/Autodiscover/XFrame/XFrame.html"
/><Link token="XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
Autodiscover URL
https://lyncdiscover.openjive.com/[email protected] redirected to
https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=openjive.com
Sending HTTP request to
https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected]
Cookie found in autodiscover response: StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
X-MS-WebTicketURL:
https://lyncweb.openjive.com/WebTicket/WebTicketService.svc
X-MS-WebTicketSupported: cwt,saml
X-MS-Server-Fqdn: banff.openjive.local
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Date: Fri, 30 May 2014 00:49:45 GMT
Content-Length: 1293
Content-Type: text/html
Authorization required for
https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected]
Obtaining WebTicket from
https://lyncweb.openjive.com/WebTicket/WebTicketService.svc
On-premises WebTicket server:
https://lyncweb.openjive.com/WebTicket/WebTicketService.svc/Auth
AcquireTicketAsync succeeded for
https://lyncweb.openjive.com/WebTicket/WebTicketService.svc/Auth
WebTicket: <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="SamlSecurityToken-bf1eeeeb-c7b5-4d50-87df-929bf90bd370" Issuer="https://banff.openjive.local:4443/f0ca8325-b055-5552-be4f-fb4088f97387"
IssueInstant="2014-05-30T00:52:05.151Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2014-05-30T00:52:05.151Z" NotOnOrAfter="2014-05-30T08:49:30.151Z"><saml:AudienceRestrictionCondition><saml:Audience>https://lyncweb.openjive.com/</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AuthenticationStatement
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="2014-05-30T00:52:05.151Z"><saml:Subject><saml:NameIdentifier Format="sip:[email protected]</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod><KeyInfo">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uri">sip:[email protected]</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod><KeyInfo
xmlns="<e:EncryptedKey">http://www.w3.org/2000/09/xmldsig#"><e:EncryptedKey xmlns:e="<e:EncryptionMethod">http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod
Algorithm="</e:EncryptionMethod><KeyInfo><KeyName>f0ca8325-b055-5552-be4f-fb4088f97387:8d149b659ca1d29</KeyName></KeyInfo><e:CipherData><e:CipherValue>kE4cKJAJbZL3GFCEx3/XxiBO/nhVPZJ15xEIQk96DjkxRNgzgxlh+w==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><Signature">http://www.w3.org/2001/04/xmlenc#kw-aes256"></e:EncryptionMethod><KeyInfo><KeyName>f0ca8325-b055-5552-be4f-fb4088f97387:8d149b659ca1d29</KeyName></KeyInfo><e:CipherData><e:CipherValue>kE4cKJAJbZL3GFCEx3/XxiBO/nhVPZJ15xEIQk96DjkxRNgzgxlh+w==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><Signature
xmlns="<SignedInfo><CanonicalizationMethod">http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="</CanonicalizationMethod><SignatureMethod">http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod><SignatureMethod
Algorithm="</SignatureMethod><Reference">http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI="#SamlSecurityToken-bf1eeeeb-c7b5-4d50-87df-929bf90bd370"><Transforms><Transform
Algorithm="</Transform><Transform">http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="</Transform></Transforms><DigestMethod">http://www.w3.org/2001/10/xml-exc-c14n#"></Transform></Transforms><DigestMethod
Algorithm="</DigestMethod><DigestValue>krqtSvw6JUlsbBsxdbXSsHyIgFzUD1G7DOKZ635AC4Q=</DigestValue></Reference></SignedInfo><SignatureValue>qo+GkTNnjyl250pQVkSSTCI707At83dn2zu1ZOSLoSlPF74FuzRgCysD5UPrgMvY5SYi+pi2igwEV7zt7ALtWFuAJWPU3e0mNT701xyO86+f11YtHXC/NhQDudJvq7DO3uWRGgZGdBodt82OyZlXKifplMgEE352y0+S4jy0GmKCpvHTbytUthInMSxSAp7UWcU+6ourkAj4NpLbSywgm4su6byHEZmZyJ1/6eZ6/xO3a395dxhlBoMbIs+Gk9zcQ75KL/VAy7WTcBq+kJ/16yfd9q73VzYO5NBSEgrOHW/xZuRUYusLyhSZ0AJTVaUUJuBi6XdG44kaP0Nsz9UTrw==</SignatureValue><KeyInfo><o:SecurityTokenReference">http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>krqtSvw6JUlsbBsxdbXSsHyIgFzUD1G7DOKZ635AC4Q=</DigestValue></Reference></SignedInfo><SignatureValue>qo+GkTNnjyl250pQVkSSTCI707At83dn2zu1ZOSLoSlPF74FuzRgCysD5UPrgMvY5SYi+pi2igwEV7zt7ALtWFuAJWPU3e0mNT701xyO86+f11YtHXC/NhQDudJvq7DO3uWRGgZGdBodt82OyZlXKifplMgEE352y0+S4jy0GmKCpvHTbytUthInMSxSAp7UWcU+6ourkAj4NpLbSywgm4su6byHEZmZyJ1/6eZ6/xO3a395dxhlBoMbIs+Gk9zcQ75KL/VAy7WTcBq+kJ/16yfd9q73VzYO5NBSEgrOHW/xZuRUYusLyhSZ0AJTVaUUJuBi6XdG44kaP0Nsz9UTrw==</SignatureValue><KeyInfo><o:SecurityTokenReference
xmlns:o="<o:KeyIdentifier">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:KeyIdentifier ValueType="AhJJ0tEVWf4IRNbKNKfDMD1Qyvg=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo></Signature></saml:Assertion">http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">AhJJ0tEVWf4IRNbKNKfDMD1Qyvg=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo></Signature></saml:Assertion>
Sending HTTP request to
https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected]
Cookie found in autodiscover response: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
Pragma: no-cache
X-MS-Server-Fqdn: banff.openjive.local
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Date: Fri, 30 May 2014 00:49:45 GMT
Content-Length: 2111
Content-Type: application/vnd.microsoft.rtc.autodiscover+xml; v=1
Expires: -1
Parsing the response for URL
https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected]. Full response: <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><User><SipServerInternalAccess fqdn="banff.openjive.local" port="5061" /><SipClientInternalAccess fqdn="banff.openjive.local"
port="5061" /><SipServerExternalAccess fqdn="lyncedge.openjive.com" port="5061" /><SipClientExternalAccess fqdn="lyncedge.openjive.com" port="5061" /><Link token="Internal/Autodiscover" href="https://banff.openjive.local/Autodiscover/AutodiscoverService.svc/root"
/><Link token="Internal/AuthBroker" href="https://banff.openjive.local/Reach/sip.svc" /><Link token="Internal/WebScheduler" href="https://banff.openjive.local/Scheduler"
/><Link token="Internal/CertProvisioning" href="https://banff.openjive.local/CertProv/CertProvisioningService.svc" /><Link token="External/Autodiscover" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root"
/><Link token="External/AuthBroker" href="https://lyncweb.openjive.com/Reach/sip.svc" /><Link token="External/WebScheduler" href="https://lyncweb.openjive.com/Scheduler"
/><Link token="External/CertProvisioning" href="https://lyncweb.openjive.com/CertProv/CertProvisioningService.svc" /><Link token="Internal/Mcx" href="https://lyncweb.openjive.com/Mcx/McxService.svc"
/><Link token="External/Mcx" href="https://lyncweb.openjive.com/Mcx/McxService.svc" /><Link token="Ucwa" href="https://lyncweb.openjive.com/ucwa/v1/applications"
/><Link token="Internal/Ucwa" href="https://banff.openjive.local/ucwa/v1/applications" /><Link token="External/Ucwa" href="https://lyncweb.openjive.com/ucwa/v1/applications"
/><Link token="External/XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://banff.openjive.local/Autodiscover/XFrame/XFrame.html"
/><Link token="XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Self" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/user"
/></User></AutodiscoverResponse>
Server discovery has completed for https://lyncdiscover.openjive.com/.
Autodiscover full response for URL https://lyncdiscover.openjive.com/ is <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><User><SipServerInternalAccess fqdn="banff.openjive.local" port="5061" /><SipClientInternalAccess fqdn="banff.openjive.local"
port="5061" /><SipServerExternalAccess fqdn="lyncedge.openjive.com" port="5061" /><SipClientExternalAccess fqdn="lyncedge.openjive.com" port="5061" /><Link token="Internal/Autodiscover" href="https://banff.openjive.local/Autodiscover/AutodiscoverService.svc/root"
/><Link token="Internal/AuthBroker" href="https://banff.openjive.local/Reach/sip.svc" /><Link token="Internal/WebScheduler" href="https://banff.openjive.local/Scheduler"
/><Link token="Internal/CertProvisioning" href="https://banff.openjive.local/CertProv/CertProvisioningService.svc" /><Link token="External/Autodiscover" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root"
/><Link token="External/AuthBroker" href="https://lyncweb.openjive.com/Reach/sip.svc" /><Link token="External/WebScheduler" href="https://lyncweb.openjive.com/Scheduler"
/><Link token="External/CertProvisioning" href="https://lyncweb.openjive.com/CertProv/CertProvisioningService.svc" /><Link token="Internal/Mcx" href="https://lyncweb.openjive.com/Mcx/McxService.svc"
/><Link token="External/Mcx" href="https://lyncweb.openjive.com/Mcx/McxService.svc" /><Link token="Ucwa" href="https://lyncweb.openjive.com/ucwa/v1/applications"
/><Link token="Internal/Ucwa" href="https://banff.openjive.local/ucwa/v1/applications" /><Link token="External/Ucwa" href="https://lyncweb.openjive.com/ucwa/v1/applications"
/><Link token="External/XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://banff.openjive.local/Autodiscover/XFrame/XFrame.html"
/><Link token="XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Self" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/user"
/></User></AutodiscoverResponse>
SendRequest failed for
https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected]
Automatic discovery results for https://lyncdiscover.openjive.com/
Access Location : External
SIP Server Internal Access : banff.openjive.local
SIP Server External Access : lyncedge.openjive.com
SIP Client Internal Access : banff.openjive.local
SIP Client External Access : lyncedge.openjive.com
Internal Auth broker service :
https://banff.openjive.local/Reach/sip.svc
External Auth broker service :
https://lyncweb.openjive.com/Reach/sip.svc
Internal Auto discover service :
https://banff.openjive.local/Autodiscover/AutodiscoverService.svc/root
External Auto discover service :
https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root
Internal MCX service :
https://lyncweb.openjive.com/Mcx/McxService.svc
External MCX service :
https://lyncweb.openjive.com/Mcx/McxService.svc
Internal UCWA service :
https://banff.openjive.local/ucwa/v1/applications
External UCWA service :
https://lyncweb.openjive.com/ucwa/v1/applications
Internal Webscheduler service :
https://banff.openjive.local/Scheduler
External Webscheduler service :
https://lyncweb.openjive.com/Scheduler
Total server discovery time: 1.1 seconds
Server discovery succeeded for secure (HTTPS) external channel against URL
https://lyncdiscover.openjive.com/
Starting automatic discovery for unsecure (HTTP) external channel
Sending HTTP request to
http://lyncdiscover.openjive.com/[email protected]
Cookie found in autodiscover response: StatusCode: 406, ReasonPhrase: 'Not Acceptable', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
Date: Fri, 30 May 2014 00:49:45 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Content-Length: 1346
Content-Type: text/html
Autodiscover: SendRequest(): the URL
http://lyncdiscover.openjive.com/[email protected] couldn't be connected. Complete HTTP headers:\r\n Date: Fri, 30 May 2014 00:49:45 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Couldn't connect to URL
http://lyncdiscover.openjive.com/[email protected] (HTTP status code NotAcceptable)
System.Exception: Couldn't connect to URL
http://lyncdiscover.openjive.com/[email protected] (HTTP status code NotAcceptable)
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.TerminateAD(String mesg)
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendRequest>d__d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<StartDiscoveryJourney>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at LyncConnectivityAnalyzerCore.Utilities.<RetrieveUserLocation>d__3e.MoveNext()
Server discovery failed for unsecured external channel against
http://lyncdiscover.openjive.com/
None, AutoInternalDNSFail, AutoInternalSecureD, AutoInternalUnsecureD, AutoExternalUnsecureD, ManualDNSFail, ManualSecureD, ManualUnsecureD, AuthBrokerInternalLMXCheckGET, AuthBrokerInternalLMXCheckPOST, AuthBrokerExternalLMXCheckGET, AuthBrokerExternalLMXCheckPOST,
MobilityMCXInternalLMXCheckGET, MobilityMCXInternalLMXCheckPOST, MobilityMCXExternalLMXCheckGET, MobilityMCXExternalLMXCheckPOST, LMXSIPServerInternalDNS, LMXSIPServerExternalDNS, MobilityUCWAInternalCheckPOST, MobilityUCWAExternalCheckPOST
Starting the requirement tests for Lync Mobile 2013 App
Please wait; this test may take several minutes to complete...
Testing the app requirements using the following discovery response:
Access Location : External
SIP Server Internal Access : banff.openjive.local
SIP Server External Access : lyncedge.openjive.com
SIP Client Internal Access : banff.openjive.local
SIP Client External Access : lyncedge.openjive.com
Internal Auth broker service :
https://banff.openjive.local/Reach/sip.svc
External Auth broker service :
https://lyncweb.openjive.com/Reach/sip.svc
Internal Auto discover service :
https://banff.openjive.local/Autodiscover/AutodiscoverService.svc/root
External Auto discover service :
https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root
Internal MCX service :
https://lyncweb.openjive.com/Mcx/McxService.svc
External MCX service :
https://lyncweb.openjive.com/Mcx/McxService.svc
Internal UCWA service :
https://banff.openjive.local/ucwa/v1/applications
External UCWA service :
https://lyncweb.openjive.com/ucwa/v1/applications
Internal Webscheduler service :
https://banff.openjive.local/Scheduler
External Webscheduler service :
https://lyncweb.openjive.com/Scheduler
Starting tests for Mobility (UCWA) service
UCWA user agent string: <input xmlns="<property">http://schemas.microsoft.com/rtc/2012/03/ucwa"><property name="culture">en-US</property><property name="endpointId">44:D8:84:3C:68:68</property><property
name="type">Phone</property><property name="userAgent">LyncConnectivityAnalyzer/5.0.8308.582 (Windows OS 6.0)</property></input>
Verifying external Ucwa service:
https://lyncweb.openjive.com/ucwa/v1/applications
On-premises WebTicket server:
https://lyncweb.openjive.com/WebTicket/WebTicketService.svc/Auth
AcquireTicketAsync succeeded for
https://lyncweb.openjive.com/WebTicket/WebTicketService.svc/Auth
WebTicket: <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="SamlSecurityToken-cda8f5c3-dc31-46d1-b9ba-51fa49cffcd3" Issuer="https://banff.openjive.local:4443/f0ca8325-b055-5552-be4f-fb4088f97387"
IssueInstant="2014-05-30T00:52:06.062Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2014-05-30T00:52:06.062Z" NotOnOrAfter="2014-05-30T08:44:42.062Z"><saml:AudienceRestrictionCondition><saml:Audience>https://lyncweb.openjive.com/</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AuthenticationStatement
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="2014-05-30T00:52:06.062Z"><saml:Subject><saml:NameIdentifier Format="sip:[email protected]</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod><KeyInfo">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uri">sip:[email protected]</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod><KeyInfo
xmlns="<e:EncryptedKey">http://www.w3.org/2000/09/xmldsig#"><e:EncryptedKey xmlns:e="<e:EncryptionMethod">http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod
Algorithm="</e:EncryptionMethod><KeyInfo><KeyName>f0ca8325-b055-5552-be4f-fb4088f97387:8d149b659ca1d29</KeyName></KeyInfo><e:CipherData><e:CipherValue>HiaWvrXQLacT+brihMO3w2xV0JCWsOj2hQNAkbGkl1yuavEW5U2+yA==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><Signature">http://www.w3.org/2001/04/xmlenc#kw-aes256"></e:EncryptionMethod><KeyInfo><KeyName>f0ca8325-b055-5552-be4f-fb4088f97387:8d149b659ca1d29</KeyName></KeyInfo><e:CipherData><e:CipherValue>HiaWvrXQLacT+brihMO3w2xV0JCWsOj2hQNAkbGkl1yuavEW5U2+yA==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><Signature
xmlns="<SignedInfo><CanonicalizationMethod">http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="</CanonicalizationMethod><SignatureMethod">http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod><SignatureMethod
Algorithm="</SignatureMethod><Reference">http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI="#SamlSecurityToken-cda8f5c3-dc31-46d1-b9ba-51fa49cffcd3"><Transforms><Transform
Algorithm="</Transform><Transform">http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="</Transform></Transforms><DigestMethod">http://www.w3.org/2001/10/xml-exc-c14n#"></Transform></Transforms><DigestMethod
Algorithm="</DigestMethod><DigestValue>9aGUpr6tQkHD1fj+o1gDZSFMpPp1HwnNjO9BmmGjA+Y=</DigestValue></Reference></SignedInfo><SignatureValue>jfleXw8Do6pavetwKPAGEEIezTJlJhF2UlnuNh04dK4FlCJMRowZbxHUyqUjTsCbjIdvVMhljsPrufsPwPd4v1ksvf8apfeVJ2zZZSyIqLLCjKW3Vus7X6DlBqZ+YB8rP1dGKleuH5E7kuk4asAc5XpzjoB3xvLf5cXp2hVvKuhwlDhqQp3dCIFnNCGPQLbqY+hek55uNcmyspJno13YbQ/fje/1CJxfwiN3M0o2dPskIMvOt1oqHlxn1zIeWm1lWkKd/ZDjchoWzmqiO67cbXuJpe7IrqwCx4WT7vHMkyHZznXB6D55pgPen94+h0Vwq75mWZeYBMIeXOM3t+7HnA==</SignatureValue><KeyInfo><o:SecurityTokenReference">http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>9aGUpr6tQkHD1fj+o1gDZSFMpPp1HwnNjO9BmmGjA+Y=</DigestValue></Reference></SignedInfo><SignatureValue>jfleXw8Do6pavetwKPAGEEIezTJlJhF2UlnuNh04dK4FlCJMRowZbxHUyqUjTsCbjIdvVMhljsPrufsPwPd4v1ksvf8apfeVJ2zZZSyIqLLCjKW3Vus7X6DlBqZ+YB8rP1dGKleuH5E7kuk4asAc5XpzjoB3xvLf5cXp2hVvKuhwlDhqQp3dCIFnNCGPQLbqY+hek55uNcmyspJno13YbQ/fje/1CJxfwiN3M0o2dPskIMvOt1oqHlxn1zIeWm1lWkKd/ZDjchoWzmqiO67cbXuJpe7IrqwCx4WT7vHMkyHZznXB6D55pgPen94+h0Vwq75mWZeYBMIeXOM3t+7HnA==</SignatureValue><KeyInfo><o:SecurityTokenReference
xmlns:o="<o:KeyIdentifier">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:KeyIdentifier ValueType="AhJJ0tEVWf4IRNbKNKfDMD1Qyvg=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo></Signature></saml:Assertion">http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">AhJJ0tEVWf4IRNbKNKfDMD1Qyvg=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo></Signature></saml:Assertion>
Successfully created the UCWA service
Completed tests for Mobility (UCWA) service
None, AutoInternalDNSFail, AutoInternalSecureD, AutoInternalUnsecureD, AutoExternalUnsecureD, ManualDNSFail, ManualSecureD, ManualUnsecureD, AuthBrokerInternalLMXCheckGET, AuthBrokerInternalLMXCheckPOST, AuthBrokerExternalLMXCheckGET, AuthBrokerExternalLMXCheckPOST,
MobilityMCXInternalLMXCheckGET, MobilityMCXInternalLMXCheckPOST, MobilityMCXExternalLMXCheckGET, MobilityMCXExternalLMXCheckPOST, LMXSIPServerInternalDNS, LMXSIPServerExternalDNS, MobilityUCWAInternalCheckPOST
Your deployment meets the minimum requirements for Lync Mobile 2013 App. -
Hi,
I had issues with iPad/iPhone access from external and tried a lot. Now I found my solution I like to share.
I setup a IIS on Windows Server 2012 with ARR 2.5 and Android and Windows Phone could login but not iPad and iPhone.
The IIS Log on the reverse proxy showed:
2013-02-26 12:03:31 <IP> POST /webticket/webticketservice.svc X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=1996c8d7-09d0-4310-8da4-a8dfb7940e28 443 - <ClientIP> Lync%202010/1.6+CFNetwork/609+Darwin/13.0.0 - 401 0 0 124
2013-02-26 12:03:31 <IP> POST /webticket/webticketservice.svc X-ARR-CACHE-HIT=0 443 - <ClientIP> Lync%202010/1.6+CFNetwork/609+Darwin/13.0.0 - 502 3 12018 93
First Request gets a 401 while anonymous. Second try would be with authentication but it never reached the internal front end server.
After I installed a fix for ARR
http://forums.iis.net/t/1195560.aspx/1?ARR+502+3+Bad+Gateway+0x80072ef2+2147954418+The+supplied+handle+is+the+wrong+type+for+the+requested+operation the Apple Devices could login.Hi,
This resolved our problem too!! So happy after 2 weeks of messing around with just about every setting recommended from all types of forums and rebuilding our reverse proxy I was at a loose end.
Our environment is Lync 2013 Enterprise, Lync 2013 Edge, IIS as Reverse Proxy on Server 2012 using ARR 2.5
We had Android and Windows clients working but no iOS devices at all. In the iOS log we were seeing
<h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>502 - Web server received an invalid response while acting as a gateway or proxy server.</h2> <h3>There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.</h3> </fieldset></div></div></body></html>
When the client was trying to retrieve from the webticketservice.svc
2013-04-11 17:19:44.659 Lync[4970:6c61000] INFO TRANSPORT TransportUtilityFunctions.cpp/907:<ReceivedResponse>
POST https://lyncwebext.contoso.com/webticket/webticketservice.svc
Request Id: 0x72cfc18
HttpHeader:Content-Length 1477
HttpHeader:Content-Type text/html
HttpHeader:Date Thu, 11 Apr 2013 16:22:25 GMT
HttpHeader:Server Microsoft-IIS/8.0
HttpHeader:StatusCode 502
Installed the HotFix from here:-
Hotfix for Microsoft Application Request Routing Version 2.5 for IIS7 (KB 2732764) (x64)
Rebooted the Reverse Proxy and iOS clients worked straight away for both Lync 2010 and Lync 2013 on both iPhone 5 and iPad both.
I hope this helps others as I was losing the plot :-)
Cheers
Sam -
Can the 4710 reverse proxy like the Apache rerwite rule
We currently have web servers configured with Apache that act as reverse proxies using an Apache rewrite rule. The end user connects to the Apache web server and it proxies that connection to the backend app server. Is the 4710 capable of acting as a reverse proxy like Apache which would eliminate the need for a web server?
ThanksHi,
Although this is not the most common scenario it is doable. What you will need is to NAT the client source IP to the ACE VIP and send the request to the web server. If there is a web farm then you can use another context of ACE to loadbalance the request to the web farm.Actually i have setup ACE as a reverse proxy in replacement of an ISA server by using the one-arm mode for the implementation. Beware though that you will need to use Policy Based Routing or NAT so as for the return traffic to go though ACE. Also you will need to insert the client IP in the x-forwarded-for HTTP header for proper analysis (as you would do with Apache).
See below link for routed mode (it is for the c6500 / ACE module but same applies for the ACE 4710 appliance
http://supportwiki.cisco.com/ViewWiki/index.php/Configure_ACE_with_Source_NAT_and_Client_IP_Header_Insert
Hope it helps,
./G -
Navigation Bar with Rollovers inside to extend all the way across x-axis
I have a dreamweaver cs4 question. I need to have a navigation bar, that lines up with a background image that DOES not move when scaling the webpages in and out. The images must have rollovers, is there a way to either insert a repeating x-axis image and placing text on top and adding a script element to make the text rollover links?
All I need is a navigation bar with rollover links in the middle that extends all the way to the sides of the page regardless of browers or screen size.
Currently I have a divtag with rollover images and a background image that has the same image as the divtag so it looks like the navbar goes all the way across, but when I zoom in and out the background image or the div tag moves just by 1 pixel making them not lined up. example here: its more evident in google chrome http://www.olympicvalleycapital.com/about.html.
Please help! this is killing me and I dont have much scripting experience so I am trying to do this using the UI elements.
Or is there a way to prevent the background image from resizing when zooming in and out, like a fixed or absolute dynamic to apply to the background?If you quit using position absolute for a basic layout, you will be amply rewarded.
Going through many of the posts with a similar topic you will find out why.
Gramps -
Need a little help with a Jbutton not working out the way I planned
The following code is to fulfill an assignment I am working on. The problem I am having is with the btnCalc. For some reason when the button is used, the results I get is from another button. I think the variables are set right for the program to function properly but I am really hung up on this. Do anyone have any suggestions?
import java.awt.*; //Contains classes for creating GUI
import java.awt.event.*; //For listener events
import javax.swing.*; // Imports the Main Swing Package
import javax.swing.event.*;
import javax.swing.text.*; // Positions text box
import java.text.NumberFormat; // For number format such as currency
import java.text.*; // Imports the Main Text Package
import java.util.*; // Utility Package
public class MPC extends JFrame implements ActionListener //Creates Class for MPC
//double dblLoanAmount, dblInterestRate, dblMonthlyPayment;
TextField txtTotalMort;
//JButton fixRates = new JButton("Choose Fixed Rates");
JLabel lblTotalMort = new JLabel("How much is the loan?"); // Label for dblLoanAmount amount
JTextField txtYears = new JTextField(10);
JLabel lblPayment = new JLabel("Your monthly payment is "); // Label for Payment
JTextField txtPayment = new JTextField(10);
JLabel lblYears = new JLabel("How many years?");
// add(lblYears);
JTextField txtYearsInput = new JTextField(10);
//a dd(txtYears);
JLabel lblInterestRate = new JLabel("What is the interest rate?");
//add(lblInterestRate);
JTextField txtInterestRate = new JTextField(10);
//add(txtInterestRate);
//JLabel lblPayment = new JLabel("Your monthly payment is:");
//add(lblPayment);
//JTextField txtPayment = new JTextField(10);
//txtPayment.setEditable(false);
//add(txtPayment);
JButton btnCalc = new JButton("Calculate");
//add(btnCalc);
//btnCalc.addActionListener(this);
JButton year7InterestRateBtn = new JButton("7 years at 5.35%"); // Mortgage Term and Interest Rate
JButton year15InterestRateBtn = new JButton("15 years at 5.50%");
JButton year30InterestRateBtn = new JButton("30 years at 5.75%");
JButton reset = new JButton("Clear All");
JTextArea boxSpace = new JTextArea(100,200); // Morgtage table size
JScrollPane scroll = new JScrollPane(boxSpace); // ScrollPane
public MPC() // Method
super("MPC"); // Frame Title
JMenuBar mb = new JMenuBar(); // Menu Bar
setJMenuBar(mb);
setSize(325, 500); // Frame Size
JPanel pane = new JPanel();
pane.setLayout(new BoxLayout(pane, BoxLayout.Y_AXIS)); //Grid box configuration
Container grid = getContentPane();
grid.setLayout(new GridLayout(8,2,8,8)); // Grid Layout
pane.add(grid); // Adds grid
pane.add(scroll); // Adds scrollPane
grid.setBackground(Color.white);
Setting color of text and backgrounds
txtYears.setBackground(Color.white);
txtYears.setForeground(Color.black);
txtYears.setFont(new Font("Arial", Font.PLAIN, 10));
txtPayment.setBackground(Color.white);
txtPayment.setForeground(Color.black);
txtPayment.setFont(new Font("Arial", Font.PLAIN, 10));
boxSpace.setBackground(Color.white);
boxSpace.setForeground(Color.black);
boxSpace.setFont(new Font("Arial", Font.PLAIN, 10));
grid.add(lblYears);
grid.add(txtYearsInput);
grid.add(lblInterestRate);
grid.add (txtInterestRate);
grid.add(lblTotalMort); // Adds the Mortgage Amount Label
grid.add(txtYears); // Adds the Mortgage Amount Text Field
grid.add(lblPayment); // Adds the Payment Label
grid.add(txtPayment); // Adds the Monthly Payment Text Field
txtPayment.setEditable(false); // Disables editing in this Text Field
grid.add(btnCalc);
grid.add(year7InterestRateBtn); // Adds 1st Loan and Rate Button
grid.add(year15InterestRateBtn); // Adds 2nd Loan and Rate Button
grid.add(year30InterestRateBtn); // Adds the Exit Button
grid.add(reset); // Adds the New Calc Button
setContentPane(pane); // Enables the Content Pane
setVisible(true); // Sets JPanel to be Visable
reset.addActionListener(this); // Adds Action Listener to the New Calc Button
txtYearsInput.addActionListener(this);
txtInterestRate.addActionListener(this);
btnCalc.addActionListener(this);
year7InterestRateBtn.addActionListener(this); // Adds Action Listener to the 1st loan Button
year15InterestRateBtn.addActionListener(this); // Adds Action Listener to the 2nd loan Button
year30InterestRateBtn.addActionListener(this); // Adds Action Listener to the 3rd loan Button
txtYears.addActionListener(this); // Adds Action Listener to the Mortgage Amount Text Field
txtPayment.addActionListener(this); // Adds Action Listener to the Monthly payment Text Field
public void actionPerformed(ActionEvent e) // Tests to Verify Which Button is Pressed
Object command = e.getSource(); // Enables command to get data
int intYears = 0; // Declares intYears
double dblLoanAmount, dblInterestRate, interestRate, intRate;
if (command == year7InterestRateBtn) // Activates the 1st Loan Button
intYears = 0; // Sets 1st value of Array
if (command == year15InterestRateBtn) // Activates the 2nd Loan Button
intYears = 1; // Sets 2nd value of Array
if (command == year30InterestRateBtn) // Activates the 3rd Loan Button
intYears = 2; // Sets 3rd value of Array
if (command == btnCalc)
//dblLoanAmount = Double.parseDouble(txtTotalMort.getText() ); // Loan amount
//interestRate = Double.parseDouble(txtInterestRate.getText() ); // /100 )/ 12; // Devides rate
intRate = (Double.parseDouble(txtInterestRate.getText() )/100 )/ 12;
//int intYearsMonths = Integer.parseInt(txtYearsInput.getText() );// * 12; //Multiplies loan length
int months = Integer.parseInt(txtYearsInput.getText() )* 12;
dblLoanAmount = 0; // Declares and Initializes dblLoanAmount
dblInterestRate = 0; // Declares and Initializes dblInterestRate
double [][] dblTrmLoanRate = {{7, 5.35}, {15, 5.50}, {30, 5.75},}; // Array Data for Calculation
try
dblLoanAmount = Double.parseDouble(txtYears.getText()); // Gets user input from txtYears Text Field
catch (NumberFormatException nfe) // Checks for correct user input
JOptionPane.showMessageDialog(null, "You must enter a valid number.", "MPC", JOptionPane.INFORMATION_MESSAGE);
return;
interestRate = dblTrmLoanRate [intYears][1];
//dblInterestRate=interestRate;
intRate = (interestRate / 100) / 12; // Calculates Interst Rate
double intYearsMonths = dblTrmLoanRate [intYears] [0]; // Calculates Loan Term in Months
int months = (int)intYearsMonths * 12; // Devides by months
double interestRateMonthly = (intRate / 12); // Devides Rate
double payment = dblLoanAmount * intRate / (1 - (Math.pow(1/(1 + intRate), months))); // Calculates monthly payment
double dblRmnLoan = dblLoanAmount; //Left over balance
double txtPaymentInterest = 0; // Payment
double txtPaymentPrincipal = 0; // Payment of principal
NumberFormat currency = NumberFormat.getCurrencyInstance(Locale.US); // Curreny format
txtPayment.setText(currency.format(payment));
boxSpace.setText("Month\tPrincipal\tInterest\tBalance Left\n");
for (;months > 0 ; months -- )
txtPaymentInterest = (dblRmnLoan * intRate);
txtPaymentPrincipal = (payment - txtPaymentInterest); // Calculates monthly payment
dblRmnLoan = (dblRmnLoan - txtPaymentPrincipal);
boxSpace.setCaret (new DefaultCaret()); // Scroll position
boxSpace.append(String.valueOf(months) + "\t" + // Table data
currency.format(txtPaymentPrincipal) + "\t" +
currency.format(txtPaymentInterest) + "\t" +
currency.format(dblRmnLoan) + "\n");
if(command == reset)
Clears fields
txtYearsInput.setText(null);
txtInterestRate.setText(null);
txtYears.setText(null);
txtPayment.setText(null);
boxSpace.setText(null);
public static void main(String[] args) //This is the signature of the entry point of all the desktop apps
new MPC();
}This portion to be exact. All the buttons work for me except this one. I need to calculate user input and also use the fixed data that can be found in the dblTrmLoanRate array. When I choos to use user input instead, the program either crashes or for some reason uses the year7InterestRateBtn instead.
if (command == btnCalc)
//dblLoanAmount = Double.parseDouble(txtTotalMort.getText() ); // Loan amount
//interestRate = Double.parseDouble(txtInterestRate.getText() ); // /100 )/ 12; // Devides rate
intRate = (Double.parseDouble(txtInterestRate.getText() )/100 )/ 12;
//int intYearsMonths = Integer.parseInt(txtYearsInput.getText() );// * 12; //Multiplies loan length
int months = Integer.parseInt(txtYearsInput.getText() )* 12;
I was going to leave out the remed portion but thought it might help you with the navigation. I am sorry I did not use code tags, but I am going to go find out what those are and use them in the future. -
Hi All,
I am trying to configure DMZ.
But I am having only one node for apache.
So I thought of configuring DMZ using Reverse Proxy with no External node.
But I am bit confused with configuration of Reverse Proxy using the apache shipped with E-business
My current archecture like:
Node 1 : Apache ,Forms and MWA
Node 2 : CM and DB
OS : AIX 5.3
Version : 11.5.10.2
DB : 10.2.0.4
1.Will there be 2 apache process running as applmgr on node1(one for external and other for internal)
2.Will there be 2 context files in node1 (one for external and other for internale)
3.How to configure 2 Server name for node1
Thanks in advanceHi,
Did you review (Note: 438744.1 - Case History: Implementing a Reverse Proxy Alone in a DMZ Configuration - 11i)?
Regards,
Hussein -
Access Mac Mini Server (profile management) through reverse proxy
Hi,
Newbie in Mac's world and yet trying to make it more complicated as it is.
As we recently (last month) decided to equip our sales force with iPads, they were configured through Apple Configurator tool running on a dedicated Mac Mini Mountain Lion.
Now, I'd be keen in moving this configuration to the Profile Manager, part of the OSx Server plugin. So far so good.
Problem is the following : another web server is already on the LAN using both 80 and 443 ports. So all incoming traffic on those ports was routed to this other server. As Mac Mini Server default http/s ports may not be altered, I installed a reverse proxy server (Oracle VM - Ubuntu 12.04LTS - pound), configured to deal differently traffic on those ports according to the domain name (host) of the web request (header). Each 'local' server has been allocated a domain name. Just to be clear, traffic is now routed by the WAN/LAN router, for those ports, towards the reverse proxy, configured to reroute the traffic to the correct destination.
So far so good, it works like a charm, except... as soon as we enter https protocol on Mac Mini Server Profile Manager.
Access from an iDevice to the Mac Mini Server Profile Manager login page is fine, but as soon as password is confirmed, safari is pending and finally a message 'An internal serer error occured. Please try later again' appears.
Looking to both reverse proxy system log and Mac Mini profilemanager.log files to trace the problem, the following lines are produced at this particular moment :
reverse proxy system.log
Jan 15 14:44:03 reverseproxy pound: 91.... GET /devicemanagement/console/apple_theme_v2/en/da56af0a69e733b259dac3991419fa928b4 94a56/resources/images/sprites/me_controls.png HTTP/1.1 - HTTP/1.1 200 OK
Jan 15 14:44:03 reverseproxy pound: 91.... GET /auth?redirect=http://osxsrv.fiks.net/devicemanagement/api/authentication/callback HTTP/1.1 - HTTP/1.1 302 Moved Temporarily
Jan 15 14:44:04 reverseproxy pound: 91.... GET /devicemanagement/api/authentication/callback?auth_token=336952DE-BDDE-4390-82F 7-8475B79FB2D3 HTTP/1.1 - HTTP/1.1 302 Moved Temporarily
Jan 15 14:44:04 reverseproxy pound: (b7680b40) e500 can't read header
Jan 15 14:44:04 reverseproxy pound: (b7680b40) e500 response error read from 192.168....:443/GET /profilemanager/ HTTP/1.1: Success (0.007 secs)
Jan 15 14:44:08 reverseproxy pound: 91.... POST /devicemanagement/api/magic/get_updated HTTP/1.1 - HTTP/1.1 200 OK
OSx Server profilemanager.log
Jan 15 14:44:05 osxsrv ProfileManager[1748] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:05) [POST]Jan 15 14:44:05 osxsrv ProfileManager[1749] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:05) [POST]
Jan 15 14:44:06 osxsrv ProfileManager[1748] <Info>: Completed in 492ms (View: 0, DB: 6) | 200 OK [http://osxsrv.../magic/do_magic]
Jan 15 14:44:06 osxsrv ProfileManager[1749] <Info>: Completed in 687ms (View: 0, DB: 5) | 200 OK [http://osxsrv..../magic/do_magic]
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: auth_token doesn't exist
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: auth_token doesn't exist
Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Completed in 4ms (View: 1, DB: 14) | 403 Forbidden [http://osxsrv..../magic/do_magic]
Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: auth_token doesn't exist
Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Completed in 45ms (View: 1, DB: 43) | 403 Forbidden [http://osxsrv..../magic/do_magic]
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: auth_token doesn't exist
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Completed in 55ms (View: 0, DB: 1) | 403 Forbidden [http://osxsrv..../magic/do_magic]
Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Processing AuthenticationController#callback (for 91.... at 2013-01-15 14:44:08) [GET]
Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Redirected to https://osxsrv..../profilemanager/
Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Completed in 149ms (DB: 5) | 302 Found [http://osxsrv..../authentication/callback?auth_token=[FILTERED]]
I guess the '302 Found' is causing or explaining the problem.
I agree this might not be a Mac issue, so I still knock your doors hoping some of you could at least give a hint for what to search for !
If the pound configuration file is of interest, just ask, but this is pretty trivial, saying basically listen these protocols (http/https) on these ports (80/443) and according to Header content (check destination host) and reroute packet to LAN device (with given LAN IP address).
As the default port(s) of the Mac Mini Web Services may not be altered (so far I know), I guess I am stuck using 80 and 443 anyway.
Maybe should I invest time in changing my other apache server ports to some more exotic 8080 or 88 or whatever so Mac Mini Server Profile Manager default ports 80 and 443 are maintained and can be easily and directly rerouted to my Mac server without any reverse proxy along the way.
Thanks in advance for your help
AlxHI All,
i'm also using reverse proxy technique to publish my server to the internet. The ip is used by twice domains. The problem is by using the profile manager
after login it redirects the url to the Local Area network addresse instead to the domain.
How to configure this on OS X Server and the Profile Manager Service?
Kind Regards
Oemer -
Sun One 6.1 reverse proxy with multiple certs
We are using Sun One Web Server 6.1sp6 as a reverse proxy without the passthrough plugin. We also have multiple certs and not a global cert and what we are seeing is the data getting "staged" on the web server before moving on to the destination (which obviously halves throughput). Some research tells us that this staging is happening because it needs to re-encrypt the packets for the next cert.
Is there any way besides having a global cert that we can get around this? Would using the passthrough plugin help?
Thanks,
DonThe thing is that it apparently doesn't do it on the fly, which is why I was wondering if the passthrough plug in would help. In other words, if I am sending a 10mb file through to the destination server (there's a weblogic server on the back end with a different cert that I want to do the real processing), the web server waits until it gets all 10mb then resends it. Seems it should do the encrypt/decrypt on a packet level to me.
As far as the config, I didn't set it up, I'm just trying to get it to work :)
Here are the configs, if it would help. If there's something set up wrong here, please feel free to point it out!
Thanks,
Don
magnus.conf
# The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
# They will not be supported in future releases of the Web Server.
NetsiteRoot /iplanet/servers
ServerName rpserver.testdomain.com
ServerID https-rpserver.testdomain.com
RqThrottle 256
DNS off
Security on
PidLog /iplanet/servers/https-rpserver.testdomain.com/logs/pid
User iplanet1
StackSize 131072
TempDir /tmp/https-rpserver.testdomain.com-a9dd9515
PostThreadsEarly off
KernelThreads off
ChunkedRequestBufferSize 0
LogVerbose on
LogVsId off
AsyncDNS off
KeepAliveTimeout 10
UseNativePoll on
Init fn="load-modules" funcs="wl_proxy,wl_init" shlib=/iplanet/servers/plugins/nsapi/wls923/libproxy128_61.so
Init fn="wl_init"
Init fn="load-modules" shlib="/iplanet/servers/bin/https/lib/libj2eeplugin.so" shlib_flags="(global|now)"
Init fn="stats-init" profiling="on"
obj.conf
# The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
# They will not be supported in future releases of the Web Server.
NetsiteRoot /iplanet/servers
ServerName rpserver.testdomain.com
ServerID https-rpserver.testdomain.com
RqThrottle 256
DNS off
Security on
PidLog /iplanet/servers/https-rpserver.testdomain.com/logs/pid
User iplanet1
StackSize 131072
TempDir /tmp/https-rpserver.testdomain.com-a9dd9515
PostThreadsEarly off
KernelThreads off
ChunkedRequestBufferSize 0
LogVerbose on
LogVsId off
AsyncDNS off
KeepAliveTimeout 10
UseNativePoll on
Init fn="load-modules" funcs="wl_proxy,wl_init" shlib=/iplanet/servers/plugins/nsapi/wls923/libproxy128_61.so
Init fn="wl_init"
Init fn="load-modules" shlib="/iplanet/servers/bin/https/lib/libj2eeplugin.so" shlib_flags="(global|now)"
Init fn="stats-init" profiling="on"
server.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
-->
<!DOCTYPE SERVER PUBLIC "-//Sun Microsystems Inc.//DTD Sun ONE Web Server 6.1//EN" "file:///iplanet/servers/bin/https/dtds/sun-web-server_6_1.dtd">
<SERVER qosactive="false">
<PROPERTY name="docroot" value="/iplanet/servers/docs"/>
<PROPERTY name="accesslog" value="/iplanet/servers/https-rpserver.testdomain.com/logs/access"/>
<PROPERTY name="user" value=""/>
<PROPERTY name="group" value=""/>
<PROPERTY name="chroot" value=""/>
<PROPERTY name="dir" value=""/>
<PROPERTY name="nice" value=""/>
<LS id="ls1" port="443" servername="rpserver.testdomain.com" defaultvs="https-rpserver.testdomain.com" security="on" ip="any" blocking="false" acceptorthreads="2">
<SSLPARAMS servercertnickname="Server-Cert" ssl2="off" ssl2ciphers="-rc4,-rc4export,-rc2,-rc2export,-desede3,-des" ssl3="on" tls="on" ssl3tlsciphers="-rsa_rc4_128_sha,+rsa_rc4_128_md5,-rsa_rc4_56_sha,-rsa_rc4_40_md5,+rsa_3des_sha,+rsa_des_sha,-rsa_des_56_sha,-rsa_rc2_40_md5,-rsa_null_md5,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,+fips_3des_sha,-fips_des_sha" tlsrollback="on" clientauth="off"/>
</LS>
<MIME id="mime1" file="mime.types"/>
<ACLFILE id="acl1" file="/iplanet/servers/httpacl/generated.https-rpserver.testdomain.com.acl"/>
<VSCLASS id="vsclass1" objectfile="obj.conf" rootobject="default" acceptlanguage="false">
<VS id="https-rpserver.testdomain.com" connections="ls1" mime="mime1" aclids="acl1" urlhosts="rpserver.testdomain.com" state="on">
<PROPERTY name="docroot" value="/iplanet/servers/docs"/>
<USERDB id="default"/>
<SEARCH>
<WEBAPP uri="/search" path="/iplanet/servers/bin/https/webapps/search" enabled="true"/>
</SEARCH>
</VS>
</VSCLASS>
<JAVA javahome="/iplanet/servers/bin/https/jdk" serverclasspath="/iplanet/servers/bin/https/jar/webserv-rt.jar:${java.home}/lib/tools.jar:/iplanet/servers/bin/https/jar/webserv-ext.jar:/iplanet/servers/bin/https/jar/webserv-jstl.jar:/iplanet/servers/bin/https/jar/ktsearch.jar" classpathsuffix="" envclasspathignored="true" nativelibrarypathprefix="" debug="false" debugoptions="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n" dynamicreloadinterval="-1">
<JVMOPTIONS>-Djava.security.auth.login.config=/iplanet/servers/https-rpserver.testdomain.com/config/login.conf</JVMOPTIONS>
<JVMOPTIONS>-Djava.util.logging.manager=com.iplanet.ias.server.logging.ServerLogManager</JVMOPTIONS>
<JVMOPTIONS>-Xmx256m</JVMOPTIONS>
<SECURITY defaultrealm="native" anonymousrole="ANYONE" audit="false">
<AUTHREALM name="file" classname="com.iplanet.ias.security.auth.realm.file.FileRealm">
<PROPERTY name="file" value="/iplanet/servers/https-rpserver.testdomain.com/config/keyfile"/>
<PROPERTY name="jaas-context" value="fileRealm"/>
</AUTHREALM>
<AUTHREALM name="native" classname="com.iplanet.ias.security.auth.realm.webcore.NativeRealm">
<PROPERTY name="jaas-context" value="nativeRealm"/>
</AUTHREALM>
<AUTHREALM name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
<PROPERTY name="directory" value="ldap://localhost:389"/>
<PROPERTY name="base-dn" value="o=isp"/>
<PROPERTY name="jaas-context" value="ldapRealm"/>
</AUTHREALM>
</SECURITY>
<RESOURCES/>
</JAVA>
<LOG file="/iplanet/servers/https-rpserver.testdomain.com/logs/errors" loglevel="info" logtoconsole="true" usesyslog="false" createconsole="false" logstderr="true" logstdout="true" logvsid="false"/>
</SERVER> -
Problem with Apache reverse proxy after applying SP13 NW
Hello,
we have a NW04 EP Portal and a Apache reverse proxy in the DMZ. After applying SP 13 for the portal we get the following error from the reverse proxy:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /irj/.
Reason: Error reading from remote server
Apache/2.0.52 (Win32) mod_ssl/2.0.52 OpenSSL/0.9.7e Server at servername.company.de Port 443
Is is it possible, that there is a problem with sp13?
Best regards
Daniel HolsteinHi Daniel,
ok I`ll try to find a solution in parallel and keep you up to date.
In the following my settings in case I missed something:
<VirtualHost test.firma.de:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
ServerName test.firma.de:443
ServerAdmin [email protected]
LogLevel debug
ErrorLog logs/ssl_443_error
CustomLog logs/ssl_443_access_log common
ProxyVia Off
ProxyPreserveHost On
ReWriteEngine on
ReWriteLogLevel 0
ReWriteLog logs//ssl_443_rewrite_http.log
ProxyPass / https://backend.firma.de:50001/
ProxyPassReverse / https://backend.firma.de:50001/
</VirtualHost>
Regards, Jens -
Apache Reverse Proxy with Abap Web query
Hi to all
We are trying to configure apache 2 to work as a reverse proxy with web abap Netweaver installation.
From inside the network the web query is fine.
Running the query with the reverse proxy we have only the html code in the browser. All the scripts and css are not present.
We checked some messages inside the forum and we have tried a lot of stuff without success.
We use always linux (Fedora, Ubuntu with xampp or apache only) plus the html module or the publisher from http://apache.webthing.com.
Our installation is like this the reverse proxy in the dmz and the netweaver to the inside off coarse, and we don't have the same domain name, i don't know if this is important.
Any help/idea is valuable.
Thank you
YiannisHi Olivier
I have seen your solution in other messages but i didn't try it because i was trying to work with the html_proxy module.
I read the documents you gave me plus some apache tutorials on the rewrite rule.
In any case i have my installation working now.
I did some extra changes in my config so now the rules are like that
ProxyVia On
ProxyBadHeader IsError
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /sap http://192.168.1.59:8001/sap
ProxyPassReverse /sap http://192.168.1.59:8001/sap
RewriteEngine On
RewriteRule ^/(sap\(.*) http://192.168.1.59:8001/$1 [P,L]
Thanks again for your help
Yiannis
Maybe you are looking for
-
how do i calibrate external monitors resolutions individually in windows 8 (like can be done in OS X) so that my MacBook Pro retina text isn't teeny tiny and my external monitors look normal? Is there a way to set the resolution and text size for eac
-
Selection Menu for VM, possible?
Hi all, I pretty new at this, but after weeks of trial and error, I am able to get the SRSS 4.2 and ESX4U1 to display my vm desktop to a DTU. Now I want to dig a little deeper. Question, is it possible in SRSS 4.2 to be able to create a "selection me
-
I have an applet with a background image and some JButtons. When you click a button a new Window (JFrame) is opened with some JLabels, JButtons on. This works fine in Appletviewer. When I run the program in IE the image in the JFrame isn't visible. S
-
Photoshop Elements refuses to open
I've had PSE, version 6, on my PC for over a year but tonight it locked up. When I closed it down and tried to restart it, it stopped when it came to the line 'Reading Workspace Modes'. When I click on 'check online for a solution' for solution nothi
-
HELP! All my songs have vanished
I switched on my pc yesterday and clicked on itunes and when it opened i found that all 5006 tunes in my itunes to be gone including all my playlists. They're in the pc somewhere but itunes isn't recognising them for some reason. It was working fine