Certificate Requirements and HTTPS configuration
if implement we https communication on configuration manager doe it mean all computers have to go through https
No you can run both http and https by adding an additional MP / DP.
http://blogs.technet.com/b/configmgrteam/archive/2012/05/25/system-center-2012-configuration-manager-r-i-p-native-mode.aspx
Some good info here:
I have used the below multiple times with no issues, it's very easy to follow.
http://sccmguy.com/2013/11/26/pki-certificates-for-configuration-manager-2012-r2-part-1-of-4-web-server-certificate/
http://www.petervanderwoude.nl/post/five-key-configuration-steps-for-implementing-internet-based-clients-in-configmgr-2012/
Similar Messages
-
Certificates required during SharePoint configuration
Hi,
I would like to understand what all certificates we have to install in SharePoint servers as part of fresh installation and configuration? To my understanding, we have to import SSL web certificates for web applications using port 443/HTTPS/SSL communication.
Is my understanding correct? Any help on this certificate requirements is much appreciated.
BR, SarathHi,
typically you choose to access our SharePoint through SSL. So yes, for each Web Application you will need a SSL certificate either from an internal trusted CA or a public one. You need to add it to the bindings in IIS directly.
Furthermore if you plan to use the SharePoint 2013 App Model, there are additional requirements where you typically need a wildcard certificate.
If you have any questions, please let me know.
Regards,
Dennis -
Hello All
Can anyone tell me how to configure a website which contain both https and http pages? I mean for example, if you go to your online banking website, all the pages before you reach the Login page are in http. But once you have login, all the pages are under https.
For my own project, I have also installed the SSL onto my Tomcat, it works fine. However, all the pages are under https, even the index.html page. Below is my server.xml, hope it may give you more information.
Many thanks
Viola
============================================================================
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8081 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8080" minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="8443"
acceptCount="100" debug="0" connectionTimeout="20000"
useURIValidationHack="false" disableUploadTimeout="true" />
<!-- Note : To disable connection timeouts, set connectionTimeout value
to -1 -->
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" />
</Connector>
<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8009" minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="8443"
acceptCount="10" debug="0" connectionTimeout="20000"
useURIValidationHack="false"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>True for my version of TOMCAT
I think that if you check http://localhost:8080
you will find that you can access your pages
with out using http also.
You are applying ssl to the server not the individual
war files. So you can access the files using both
https and http.
What you need todo is set the security parameters of the
war file that you want to access using https to only allow
connection using https.
So now you can access the web pages using http or https
but you can only access the file with the security settings
using https.
Note if you are using sessions becareful you don't jump between
http & https and leave the session id exposed. -
EP Setting up requirement and Basic configuration
Hi all,
I would like to know about the standard EP implementation requirement and some basic requirement.Currently we are running on SAP R3 Enterprise 4.70x110 and running on Oracle 9i.
So we would like to know w/ther we can implement Enterprise Portal.
Hope to hear from you.hi
yes you can implement EP6.0 on SAP R3 and running on oracle 9i but it will be better if you refer product availability matrix on service.sap.com as well you will find implementation as well installation guide along with configuration .SAP enterprise portal has following installation
database
then
Webapplication server
then portal platform
then content management and collaboration platform
hope this helps you .please do not forget to give points
with regards
subrato -
Intranet https client communication certificate requirement
Dear All,
I need your suggestion and feedback on SCCM client management using https (Intranet).
My client want to use https(443) intranet client’s communication instead of http(80)
Site system has MP, DP, SUP roles to manage two untrusted domain clients and few workgroup clients.
As per MS, there are three certificates needed to manage https environment.
Web server certificate
DP certificate
Client certificate.
For trusted domain, I will use auto enrollment of client certificate using group policy to deploy the certificates.
Here is my questions,
For Untrusted domain/work group client communication, do I need create individual certificate based on the hostname and deploy manually on the clients
Or
Do we have any other alternate method for certificate deployment?
Regards,
Kannan
cheers, kannan.csThere are ways of scripting the installation and/or using web policy or web page enrollment but that doesn't the requirements and will still almost always lead to some manual intervention. That's the whole of AD -- centralized identity and authentication
and choosing not to join these systems to AD (for whatever reason) means you have chosen not to have have this centralized identity which means it will require some manual intervention (unless you have another management system in place already).
Jason | http://blog.configmgrftw.com | @jasonsandys -
WCCP Configuration HTTP and HTTPS
Looking for anyone that might have a clue in on this, im attempting to configure a pair of routers to use WCCP to redirect HTTP and HTTPS traffic to two content keeper devices. The network im building is going to be used for a guest internet connection where defining proxies on end devices would be unusable.
I'll drop the configs in below but for now what i have are 2 cisco 3925 routers configured for HSRP. 2 content keeps running squid for the cache engine. with my current configurations, I have wccp web-cache and wccp service 70 configured (all 4 devices are available/usable in both services). this is a layer 2 setup. HTTP traffic is picked up and redirected to the content keepers without issue. https traffic does not appear to be detected by the routers. I have chosen not to use ACLS for WCCP and use the redirect in because we want to capture http(s) traffic from all hosts.
for HTTP, I see hits counters rise on the router under show ip wccp, i see hit counters for the content keepers increase, i see http traffic on the firewall from the content keepers and I get the web page on the device
For HTTPS I do not see hit counters under wccp increase, I do not see any traffic on the content keepers bridge, and i see traffic on the firewall from the hosts orginal ip address.
interface0/2 internal LAN
interface 0/0 content keepers (no WCCP commands)
interface 0/1 gateway firewalls. (no WCCP commands
ip wccp check services all
ip wccp web-cache
ip wccp 70
interface GigabitEthernet0/2
description To Lan
ip address x.x.x.x
ip wccp web-cache redirect in
ip wccp 70 redirect in
standby 1 ip x.x.x.x
standby 1 priority 150
standby 1 preempt
duplex auto
speed auto
Global WCCP information:
Router information:
Router Identifier: x.x.x.2
Service Identifier: web-cache
Protocol Version: 2.00
Number of Service Group Clients: 2
Number of Service Group Routers: 2
Total Packets Redirected: 17999
Process: 0
CEF: 17999
Service mode: Open
Service Access-list: -none-
Total Packets Dropped Closed: 0
Redirect access-list: 110
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total GRE Bypassed Packets Received: 0
Process: 0
CEF: 0
Service Identifier: 70
Protocol Version: 2.00
Number of Service Group Clients: 2
Number of Service Group Routers: 2
Total Packets Redirected: 0
Process: 0
CEF: 0
Service mode: Open
Service Access-list: -none-
Total Packets Dropped Closed: 0
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total GRE Bypassed Packets Received: 0
Process: 0
CEF: 0
Show details and show service attached.Hello Josh,
1. Yes, port-specific ACL is not supported. But it is not a big problem. Usually on WCCP server you can configure very specific bypass (Cisco WSA supports that - do not know about Sophos). For bypassed traffic WCCP server will reinject that packet in GRE and send back to ASA which will decapsulate it and send as normal packets.
It's a good design, because you can have very granural bypass policy on WCCP server.
2. Yes, configuration is correct, although it's better to be more specific (not send all traffic to WCCP if there is no need for that).
3. Yes, you can use deny in redirect-list to exclude traffic.
4. WCCP keepalives are being send by WCCP server by default every 10 seconds. If ASA does not see that replies for some time it marks server as dead and uses other ones.
Michal -
Cisco ISE NDES EAP and HTTP certificates from different CA
Hi guys, hope this is something you can help with…
2 x ISE 1.2 (patch 5) 3415 appliances with hostnames webproxy1.customerdomain.com and webproxy2.customerdomain.com
AD integration with customerdomain.local
Guest authentication (CWA) using a separate interface on the ISE appliance (Gigabit 1) routing into its own VRF for isolation
Corporate authentication is using EAP-TLS which is working fine
BYOD using NSP with SCEP for iPads only at this stage using NDES on <customerdomain.local>
I have installed a signed GlobalSign server certificate for HTTPS for guests (with SAN fields webproxy1.customerdomain.com and webproxy2.customerdomain.com)
I have also installed a signed server certificate from the customer's CA for EAP (with CN of psn.customerdomain.local and SAN fields psn.customerdomain.local , webproxy1.customerdomain.com and webproxy2.customerdomain.com)
The issue I have is if the two certificates are assigned for EAP and HTTP respectively the NSP process fails to generate a certificate though SCEP to the NDES server.
As soon as I use the same internally signed certificate for HTTP and EAP it works, this then causes a problem with the HTTPS certificate being trusted by guests.
This does not work with the GlobalSign certificate being used for both HTTPS and EAP, only the internal one works.
Can you confirm if it is a valid design to have the ISE use one certificate for HTTPS and another for EAP signed by different CAs, it appears it has to be the internal CA used in the SCEP process to work.
Thanks
AndyI have now tested this with a test HTTP cert signed by a public CA and an EAP cert signed by my internal and SCEP works fine. I am wondering if this is a certificate tier length issue. My working example has a RootCA->IssuingCA->Cert. It fails with a cert with a 3-tier heirarchy RootCA->IntermediateCA->IssuingCA->Cert.
Can anyone confirm this works on other deployments with a 3-tier certificate chain with SCEP?
Thanks -
Configuring WCCP for http and https
How do I configure wccp on a 6509 to redirect http and https trafic to a S650. I am using the following config and http is working fine:
ip wccp version 2
ip wccp web-cache redirect-list aclwccp
interface Vlan23
description Rede Firewall
ip address 10.0.23.20 255.255.255.0
ip access-group 172 out
ip wccp web-cache redirect out
mls rp vtp-domain coc_block1
mls rp ip
mls netflow sampling
end
Should I config an other service for the https protocol?Cecato,
The WSA can be configured to send 80 and 443 traffic, in the WCCP settings area (5.2.0+). There are some things you will need to be aware of before doing this though:
1. If you are on 5.2.0-x, you will not be able to inspect HTTPS traffic. Only version 5.5.0+ has the ability to decrypt HTTPS traffic. Because of this, it is not recommended to redirect port 443 on WSA version 5.2.
2. You will most likely need to specify a service ID other then web-cache. On most Cisco devices, web-cache is reserved for port 80 traffic only and cannot be changed. Any other service ID will work as you want it to. -
I have Netflix and amazon video accounts but unable to view, due to a http configuration
Just purchased and downloaded Netflix and amazon instant video but unable to watch due to an http configuration. What do I do?
Amazon video and netflix apps are free.
They are region restricted.
If you do not live in a supported region you can not use the service.
What http configuration problem are you having?
Are you trying to violate terms of service by using a proxy? -
Configuration on rac and http cluster
We installed Rac database 10g(10.2.03) and 2 http server OAS 10.1.3.
We are planning to have 2000 concurrent users.
What is your advice for parameter changes: database and http for the best performance?
Thanks MB.Hello Mary,
Have you had a look through the APEX & RAC whitepaper, available here -
http://www.oracle.com/technology/products/database/application_express/pdf/apex_rac_wp.pdf
John.
Blog: http://jes.blogs.shellprompt.net
Work: http://www.apex-evangelists.com
Author of Pro Application Express: http://tinyurl.com/3gu7cd
REWARDS: Please remember to mark helpful or correct posts on the forum, not just for my answers but for everyone! -
Lync 2013 certificate requirements for multiple SIP domains
Hi All,
I am engaged with a client in respect of a Lync 2013 implementation initially as a conferencing platform with a view to enabling EV functions (inc. PSTN conferencing) in the future. They initially need to support 30 SIP domains and eventually
around 100 SIP domains which is proving to be either not possible or severely cost prohibitive. Their current certificate provider, Thawte, can only support up to 25 SANs and have quoted them 5 figures. We tend to use GeoTrust as they are cheaper but they
appear to have a limit of 25 SANs. GoDaddy appear to support up to 100 SANs for a pretty reasonable cost. My questions are as follows:
Is there a way that I’m missing of reducing the number of SANs required on the Edge server?
Use aliases for access edge FQDNs - Supported by desktop client but not by other devices so not really workable
Don’t support XMPP federation therefore removing the need for domain name FQDNs for each SIP domain
Is there a way that I’m missing of reducing the number of SANs required on the Reverse Proxy server?
Friendly URL option 3 from this page:
http://technet.microsoft.com/en-us/library/gg398287.aspx
Client auto-configuration:
i.
Don’t support mobile client auto-configuration in which case no lyncdiscover.sipdomain1.com DNS records or SANs would be required.
ii.
Support mobile client auto-configuration over HTTP only in which case CNAME records are required for each SIP domain (lyncdiscover.sipdomain1.com, etc. pointing to lyncdiscover.designateddomain.com) but no SANs are required.
iii.
Support mobile client auto-configuration over HTTPS in which case DNS records are required for each SIP domain and a SAN entry for each SIP domains is also required. This is because a DNS CNAME to another domain is not supported over
HTTPS.
If the answer to 1 and/or 2 is no, are there certificate providers that support over 100 SANs?
How do certificate requirements differ when using the Lync 2013 hosting pack? I would think that this issue is something that a hosting provider would need to overcome.
Would the Lync 2013 Hosting Pack work for this customer? The customer uses SPLA licensing so I think is eligible to use the hosting pack but not 100% sure it will work in their environment given that client connections are supposed
to all come through the Edge where their tenants will be internal and also given the requirement for an ACP for PSTN conferencing.
Many thanks,Many thanks for the response.
I was already planning to use option 3 from the below page for simple URLs to cut down on SAN requirement.
http://technet.microsoft.com/en-us/library/gg398287.aspx
What are the security concerns for publishing autodiscover over port 80? I.e. Is this only used for the initial download of the discovery record and then HTTPS is used for authentication? This seems to be the case from the following note on the below page:
http://technet.microsoft.com/en-gb/library/hh690030.aspx
Mobile device clients do not support multiple Secure Sockets Layer (SSL) certificates from different domains. Therefore, CNAME redirection to different domains is not supported over HTTPS. For example, a DNS CNAME record for lyncdiscover.contoso.com that redirects
to an address of director.contoso.net is not supported over HTTPS.
In such a topology, a mobile device client needs to use HTTP for the first request, so that the CNAME redirection is resolved over HTTP. Subsequent requests then use HTTPS. To support this scenario, you need to configure your reverse proxy with a web publishing
rule for port 80 (HTTP).
For details, see "To create a web publishing rule for port 80" in Configuring the Reverse Proxy for Mobility. CNAME redirection to the same domain is supported over HTTPS. In this case, the destination domain's certificate covers the originating
domain.”
I don’t think SRV records for additional SIP domain access edge is a workable solution as this is not supported by some devices.
As per the below article:
http://blog.schertz.name/2012/07/lync-edge-server-best-practices/
“The recommended approach for external client Automatic Sign-In when supporting multiple SIP domains is to include a unique Access Edge FQDN for each domain name in the SAN field. This is no longer a requirement (it was in OCS) as it is possible to
create a DNS Service Locator Record (SRV) for each additional SIP domain yet have them all point back to the same original FQDN for the Access Edge service (e.g. sip.mslync.net).
This approach will trigger a security alert in Windows Lync clients which can be accepted by the user, but some other clients and devices are unable to connect when the Automatic Sign-In process returns a pair of SRV and Host (A) records which do not share
the same domain namespace. Thus it is still best practice to define a unique FQDN for each additional SIP domain and include that hostname in the external Edge certificate’s SAN field”.
===================
1. Basically the requirement is to initially provide Lync conferencing services (minus PSTN conferencing) to internal, external, federated and anonymous participants with a view to providing PSTN conferencing and therefore enterprise voice services later.
2. The customer currently supports close to 100 SMTP domains and wants to align their SIP domains with these existing domains. The structure of their business is such that “XXX IT Services” provide the IT infrastructure for a collection of companies who
fall under the XXX umbrella but are very much run as individual entities.
Question:
Would you agree that I’m going to need a SAN for every SIP domain’s access edge FQDN?
Thanks. -
SOAP Receiver Adapter problem (client certificate required)
My Scenario is similar to described in https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/3721. [original link is broken] [original link is broken] [original link is broken] I have two PI servers running on one machine. I am trying to post message HTTPS with Client authentication via SOAP adapter from one PI system to SOAP adapter of other PI server. I have done the following configuration.
PI Server AXD - (Client) - Receiver SOAP adapter
PI Server AXQ - (Server) - Sender SOAP Adapter.
Steps in AXD
1. I have created a certificate of AXD in the service_ssl view of key storage.
2. I have imported the AXQ public certificate in to AXD in the TrustedCAs of Key storage
Steps in AXQ
1. I have created a certificate of AXQ in the service_ssl view of key storage.
2. I have imported the AXD public certificate in to AXQ in the TrustedCAs of Key storage.
3. I have created a user in AXQ and assigned the certificate of AXD under usermangement in Security provider to this user.
4. I have added the AXD certificate under Client Authentication tab with require client certificate option checked in the SSL Provider.
5. I have assigned the user created in AXQ in the step above to the Sender Agreement.
Now when I post message from AXD with Configure Client Authentication checked (Here I have selected the certificate of AXD and view as service_ssl) I am getting the following error.
Exception caught by adapter framework: SOAP: response message contains an error XIServer/UNKNOWN/ADAPTER.JAVA_EXCEPTION - java.security.AccessControlException: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:884) at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl0_3
Any pointer to solve this problem is highly appreciated.
Thanks
AbinashHi Hemant,
I have couple of questions. Why do we need to import certificate for SOAP WS-Security and from where I can get it?
As far as my scenario goes I am not using message level security.
Secondly what do you mean by TRUSTED/WebServiceSecurity? I don't see any such view inside the Key Storage. I can see a view named just WebServiceSecuity though.
Also I don't have a decentralized adapter installation rather I have two separate PI instances having their own central adapter engine.
Abinash -
Certificate Requirements / Best Practice for DR Pool
Good morning
I'm looking for clarification on the certificate requirements for DR. I already have both my primary pool and my DR pool built, and paired. At the time I configured there, I used two different certificates for each pool. I would really just prefer to use
one when we build the environment live.
Is there some reason I cannot just add *all* servers from both primary and DR pool into one cert as SANs? The subject name/common name of the cert doesn't *really* matter as long as both the pool FQDNs and all server FQDNs are in the Subject Alternative
Names, right?It may work, but it's not the path Microsoft recommends:
https://technet.microsoft.com/en-us/library/gg398094.aspx. This is one of the reasons I always try use an internal certificate authority, even if I have to deploy one just for Lync, just so little items like this don't matter
much.
If it works, it's up to you. I'd base that decision on how mission critical the solution is. If it's your phone system, I'd follow Microsoft's guides to the letter so I'm not in a nightmare situation if I ever have to call Microsoft support.
If it's IM and P only, I'd be willing to let some things slide if it's saving you a lot of money.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications
This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Receiver SOAP adapter SSL error - client certificate required?
Hi all,
Problem configuring SSL in XI 3.0 NW04 SP17....
I have followed the config steps from Rahul's excellent weblog at <a href="/people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter">How to use Client Authentication with SOAP Adapter</a> (my Basis team have done the Visual Admin steps) and am going through his example as it closely matches my requirement. So, I have a test receiver SOAP adapter sending messages to a web service URL defined for a sender SOAP adapter. My test scenario is:
<b>Sender File -> <u><i>Receiver SOAP -> Sender SOAP</i></u> -> IDoc Receiver -> IDocs in R/3</b>
The problem components are in italic and underlined above. My Receiver SOAP Adapter has the web service URL, Certificate Keystore Entry and View entered. If, in the Sender SOAP Adapter, I have an HTTP Security Level of HTTPS Without Client Authentication, the interface works fine (note that Rahul suggests you untick the User Authentication in the Receiver but with this Security Level, it seems to work with or without it).
The problem is when I set HTTPS <b>With</b> Client Authentication in the Sender. I then get the following error in the message monitor:
SOAP: response message contains an error XIServer/UNKNOWN/ModuleUnknownException - com.sap.aii.af.mp.module.ModuleException: java.security.AccessControlException: <b>client certificate required caused by: java.security.AccessControlException</b>: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:1111) at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl3.process(ModuleLocalLocalObjectImpl3.java:103) at com.sap.aii.af.mp.ejb.ModuleProcessorBean.process(ModuleProcessorBean.java:250) at com.sap.aii.af.mp.processor.ModuleProcessorLocalLocalObjectImpl0.process(ModuleProcessorLocalLocalObjectImpl0.java:103) at com.sap.aii.af.mp.soap.web.MessageServlet.callModuleProcessor(MessageServlet.java:166) at com.sap.aii.af.mp.soap.web.MessageServlet.doPost(MessageServlet.java:421) at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code)) at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code)) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java(Compiled Code)) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java(Inlined Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.Client.handle(Client.java(Inlined Compiled Code)) at com.sap.engine.services.httpserver.server.Processor.request(Processor.java(Compiled Code)) at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java(Compiled Code)) at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java(Compiled Code)) at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java(Compiled Code)) at java.security.AccessController.doPrivileged1(Native Method) at java.security.AccessController.doPrivileged(AccessController.java(Compiled Code)) at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java(Compiled Code)) at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java(Compiled Code)) Caused by: java.security.AccessControlException: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:843) ... 22 more
Has anyone got any idea what this could be caused by?
Many thanks,
Stuart RichardsHave you configured the https port with that keystore entry?
Check out these links:
http://help.sap.com/saphelp_nw2004s/helpdata/en/b0/881e3e3986f701e10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw2004s/helpdata/en/5c/15f73dd0408e5be10000000a114084/frameset.htm
Regards,
Henrique. -
Integrating SOA and Peoplesoft: Configuring JMSTARGET Connector in IB.
Hi All,
I have created JMS queue/topic in oracle application server. Can anybody idea how can we configure JMS connector of peoplesoft integration broker.
Let me first explain my requirement, I am working in peoplesoft outbound interface design with SOA integration.
So my approach will be creating JMS queue in oracle application Server and then configuring this JMS to any node of peoplesoft IB.
Then extracted information from peoplesoft need to send to the above node so that once the node receive the message it should
populate the JMS queue inturn SOA BPEL will be triggered to write into third party file/database.
Please give your inputs on this approach if you any other suggetion for peoples soft outbound integration with SOA.
Thanks inadvance.Its published, but somehow you are unable to see it..issues with Meatlink for sure..
Here is its content :
Applies to:
PeopleSoft Enterprise PT PeopleTools - Version: 8.4 - Release: 8.4
Information in this document applies to any platform.
This document was previously published as Customer Connection Solution 201077819
Symptoms
Please see below.
Cause
Not Applicable
Solution
<<Document:664816.1>> E-IB: Configuring Integration Broker with IBM MQ on AIX
SPECIFIC TO: Enterprise, PeopleTools, Integration Broker Release 8.49
ISSUE:
How to setup Integration Broker to PUT messages to an IBM MQ Server on a remote machine?
SOLUTION:
<See attachment for documentation with screenshot examples.>
Configuring Integration Broker with IBM MQ on AIX
The following guide is intended to outline the setup between Peoplesoft Integration Broker and IBMs Websphere MQ version 6 client on AIX. Note: This is not a certification, but a working example, specifically using the MQ client to connect to a remote machine running the MQ server.
Platform Information:
PeopleSoft PeopleTools 8.49
IBM Websphere MQ Release 6
AIX
Steps
1) Install and IBM Websphere MQ (WMQ) client
2) Configure WMQ connection
3) Configure Peoplesoft
4) TEST using PING and a Peoplesoft message to PUT data onto the WMQ server
Steps
1) Install and configure Websphere MQ client on AIX where Peoplesoft is located
NOTE: This is one optional architecture. It is also possible to install Peoplesoft and MQ on the same server, which avoids the client software altogether.
a. IBM deliveres an MQ client that is installed on the same box as the Peoplesoft with the following options.
i. Installed to /usr/mqm, all objects owned by local user mqm
ii. Ensure that the MQ Extended Transactional Client is installed
1. This includes com.ibm.mqetclient.jar file
iii. Mq specific environment variables
1. $MQ_JAVA_DATA_PATH=/usr/mqm
2. $MQ_JAVA_INSTALL_PATH=/usr/mqm/java
3. $MQ_JAVA_LIB_PATH=/usr/mqm/java/lib
4. jms.jar, fscontext.jar, jndi.jar, providerutil.jar, stcjms.jar
iv. CLASSPATH
1. Includes the following MQ jar files
i. com.ibm.mqetclient.jar
ii. providerutil.jar
iii. com.ibm.mqjms.jar
iv. ldap.jar
v. jta.jar
vi. jndi.jar
vii. jms.jar
viii. connector.jar
ix. com.ibm.mq.jar
2. Example
a. > echo $CLASSPATH
i. echo $CLASSPATH /usr/mqm/java/lib/com.ibm.mqetclient.jar:/usr/mqm/java/lib/providerutil.jar:/usr/mqm/java/lib/com.ibm.mqjms.jar:/usr/mqm/java/lib/ldap.jar:/usr/mqm/java/lib/jta.jar:/usr/mqm/java/lib/jndi.jar:/usr/mqm/java/lib/jms.jar:/usr/mqm/java/lib/connector.jar:/usr/mqm/java/lib/fscontext.jar:/usr/mqm/java/lib/com.ibm.mq.jar:/usr/mqm/java/lib:/usr/mqm/java/bin
3. When setting up Peoplesoft, add these jar files to the classpath setting in the setenv.sh file and reboot PIA
2) Configure WMQ
a. Edit JMSAdmin.config (located in /usr/mqm/java/bin)
ii. Set Initial Context Factory = com.sun.jndi.fscontext.RefFSContextFactory
# The following line specifies which JNDI service provider is in use.
# It currently indicates an LDAP service provider. If a different
# service provider is used, this line should be commented out and the
# appropriate one should be uncommented.
#INITIAL_CONTEXT_FACTORY=com.sun.jndi.ldap.LdapCtxFactory
INITIAL_CONTEXT_FACTORY=com.sun.jndi.fscontext.RefFSContextFactory
#INITIAL_CONTEXT_FACTORY=com.ibm.ejs.ns.jndi.CNInitialContextFactory
iii. Set PROVIDER_URL=file:/usr/mqm/java
# The following line specifies the URL of the service provider's initial context. It currently refers to an LDAP root context. Examples of a file system URL and WebSphere's JNDI namespace are also shown, commented out.
#PROVIDER_URL=ldap://polaris/o=ibm,c=us
PROVIDER_URL=file:/usr/mqm/java
#PROVIDER_URL=iiop://localhost/
b. Run JMSAdmin to setup queue and qcf to the MQ server
i. def qcf(PLAS160_QCF) HOSTNAME(GSPLVP006-VM2) PORT(1414) CHANNEL(SYSTEM.DEF.SVRCONN) QMANAGER(QM_gsplvp006_vm2) TRANSPORT(CLIENT)
ii. NOTE: When connecting from a client to a remote server, it is important to specify the hostname, port and transport along with the other values.
iii. def q(PLAS160_Q) queue(PLAS160_Q)
1. Note: The q is a local naming alias, whereas the queue is the physical queue name on the MQ server
iv. Screenshot:
v. This creates a .bindings file
vi. NOTE: It is also possible to use IVTSetup for this, but JMSAdmin is recommended.
vii. NOTE: It is possible to gain a .bindings file from your MQ server administrator. Be sure that this format is correct, and the location on the client is referenced correctly.
viii. JMSAdmin can also be used to determin what connections are available from this machine using command dis ctx as shown
b. Optional: Test the connection to the MQ server using IBM software.
NOTE: Testing the ivtQ and ivt QCF can be accomplished using the IVTRun program, provided that the ivtQ and ivtQCF have been setup in the .bindings file with the same available on the MQ server (some mq administrators do not enable this by default)
i. Example IVTRun, see Appendix 1
ii. Example .bindings file see Appendix 2
3) Configure PeopleSoft
a. Create an external NODE representing the target JMS queue
i. Example node, see appendix 3
b. Setup the connectors properties for the new node
i. Use the connector ID= JMSTARGET
ii. Example properties screenshot, see Appendix 4
1. Notes
a. JMSProvider is MQSeries
b. JMSFactory, JMSQueue are those specified in the .bindings file representing that on the JMS server. In this case, PLAS160_QCF and PLAS160_Q are used for this example.
c. JMSUrl is the location of the working .bindings file on the web server (in this case file:/D:/apps/IBM/WebSphereMQ/Java )
c. Setup Gateway Properties
i. Access the Gateway Properties using PIA and add the JMS information for MQSeries to the integrationgateway.properties file as shown:
## JMS configuration Section
# <the following line is required>
ig.jms.JMSProvider.JNDIFactory.MQSeries=com.sun.jndi.fscontext.RefFSContextFactory
ii. Queue information here is only needed if going to GET message using the JMSListeningConnector. Not needed for the target PUT (or ping)
iii. Example integrationgateway.properties, See appendix 5
4) Test PUT connection from Peoplesoft to WMQ
1. Ping the JMS node from the node definition
b. Setup routings to PUT messages to the MQ node
i. Example using USER_PROFILE
ii. Submit the message and check the Operations Monitor
iii. Verify that the message made it to MQ (this is viewed by browsing the queue on the Websphere MQ Explorer, message browser. A better utility is rfhutil which is included in the MQ windows client development kit)
NOTE: This document is intended for 1 way communication TO Mq from Peoplesoft. Setup for GET using the JMSListeningConnector is a separate topic for documentation.
Appendix 1 IVTRun
Appendix 2 .bindings file.
NOTE: The PLAS160_QCF and PLAS160_Q references are applicable to this example.
#This file is used by the JNDI FSContext.
#Wed Sep 17 11:43:13 PDT 2008
PLAS160_QCF/RefAddr/9/Type=SRC
PLAS160_Q/RefAddr/5/Encoding=String
PLAS160_QCF/RefAddr/13/Content=5000
PLAS160_QCF/RefAddr/3/Content=GSPLVP006-VM2
PLAS160_Q/RefAddr/8/Content=PLAS160_Q
PLAS160_QCF/RefAddr/13/Type=PINT
PLAS160_QCF/RefAddr/1/Type=TRAN
MYPUT/RefAddr/2/Content=-2
PLAS160_QCF/RefAddr/6/Encoding=String
PLAS160_QCF/RefAddr/17/Type=RINT
PLAS160_QCF/RefAddr/5/Type=CHAN
PLAS160_QCF/RefAddr/18/Encoding=String
PLAS160_Q/RefAddr/2/Content=-2
PLAS160_PUT/RefAddr/1/Encoding=String
PLAS160_QCF/RefAddr/20/Content=SYSTEM.DEFAULT.MODEL.QUEUE
PLAS160_PUT/RefAddr/3/Type=PER
MYPUT/RefAddr/6/Encoding=String
PLAS160_Q/RefAddr/5/Content=0
PLAS160_PUT/RefAddr/8/Content=PLAS160_PUT
PLAS160_Q/RefAddr/6/Encoding=String
MYPUT/RefAddr/0/Type=VER
PLAS160_PUT/RefAddr/7/Type=FIQ
PLAS160_QCF/RefAddr/7/Encoding=String
MYPUT/RefAddr/4/Type=CCS
PLAS160_PUT/RefAddr/2/Content=-2
PLAS160_QCF/RefAddr/19/Encoding=String
PLAS160_PUT/RefAddr/5/Content=0
PLAS160_PUT/RefAddr/2/Encoding=String
PLAS160_Q/RefAddr/3/Type=PER
MYPUT/RefAddr/8/Type=QU
MYPUT/RefAddr/7/Encoding=String
PLAS160_Q/RefAddr/7/Encoding=String
MYPUT/ClassName=com.ibm.mq.jms.MQQueue
PLAS160_Q/RefAddr/7/Type=FIQ
PLAS160_QCF/RefAddr/8/Encoding=String
PLAS160_QCF/RefAddr/6/Type=CCS
MYPUT/RefAddr/9/Content=
PLAS160_QCF/RefAddr/10/Type=SFIPS
PLAS160_QCF/RefAddr/10/Encoding=String
PLAS160_PUT/RefAddr/3/Encoding=String
PLAS160_QCF/RefAddr/20/Type=TM
MYPUT/RefAddr/8/Encoding=String
PLAS160_Q/RefAddr/8/Encoding=String
PLAS160_QCF/RefAddr/14/Type=MBS
PLAS160_QCF/RefAddr/17/Content=5000
PLAS160_QCF/RefAddr/2/Type=QMGR
PLAS160_PUT/FactoryName=com.ibm.mq.jms.MQQueueFactory
PLAS160_QCF/RefAddr/7/Content=\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000
MYPUT/FactoryName=com.ibm.mq.jms.MQQueueFactory
MYPUT/RefAddr/3/Content=-2
PLAS160_PUT/RefAddr/0/Type=VER
MYPUT/RefAddr/6/Content=273
PLAS160_QCF/RefAddr/18/Type=TCM
PLAS160_QCF/RefAddr/9/Encoding=String
PLAS160_QCF/RefAddr/11/Content=false
PLAS160_QCF/RefAddr/1/Content=1
PLAS160_Q/RefAddr/6/Content=273
PLAS160_QCF/RefAddr/11/Encoding=String
PLAS160_QCF/RefAddr/20/Encoding=String
PLAS160_PUT/RefAddr/4/Type=CCS
PLAS160_PUT/RefAddr/4/Encoding=String
PLAS160_QCF/RefAddr/14/Content=10
PLAS160_QCF/RefAddr/4/Content=1414
PLAS160_Q/RefAddr/9/Content=
MYPUT/RefAddr/9/Encoding=String
MYPUT/RefAddr/0/Content=6
MYPUT/RefAddr/1/Type=EXP
PLAS160_Q/RefAddr/9/Encoding=String
PLAS160_PUT/RefAddr/8/Type=QU
PLAS160_Q/RefAddr/0/Content=6
PLAS160_Q/RefAddr/0/Type=VER
MYPUT/RefAddr/5/Type=TC
PLAS160_Q/RefAddr/3/Content=-2
PLAS160_QCF/RefAddr/0/Encoding=String
PLAS160_PUT/RefAddr/6/Content=273
PLAS160_QCF/RefAddr/21/Content=
PLAS160_Q/RefAddr/4/Type=CCS
MYPUT/RefAddr/9/Type=QMGR
PLAS160_QCF/RefAddr/21/Encoding=String
PLAS160_PUT/RefAddr/9/Content=
PLAS160_QCF/RefAddr/12/Encoding=String
PLAS160_PUT/RefAddr/5/Encoding=String
MYPUT/RefAddr/0/Encoding=String
PLAS160_Q/RefAddr/8/Type=QU
PLAS160_Q/RefAddr/0/Encoding=String
PLAS160_PUT/RefAddr/0/Content=6
PLAS160_Q/FactoryName=com.ibm.mq.jms.MQQueueFactory
PLAS160_PUT/RefAddr/3/Content=-2
PLAS160_QCF/RefAddr/7/Type=CT
PLAS160_QCF/RefAddr/1/Encoding=String
PLAS160_QCF/RefAddr/11/Type=SPAG
PLAS160_QCF/RefAddr/21/Type=TQPFX
PLAS160_QCF/RefAddr/13/Encoding=String
PLAS160_QCF/RefAddr/22/Encoding=String
PLAS160_PUT/RefAddr/6/Encoding=String
PLAS160_QCF/RefAddr/15/Type=FIQ
PLAS160_QCF/RefAddr/3/Type=HOST
MYPUT/RefAddr/1/Encoding=String
PLAS160_PUT/RefAddr/1/Type=EXP
PLAS160_QCF/RefAddr/19/Type=MNST
PLAS160_QCF/RefAddr/2/Encoding=String
PLAS160_PUT/RefAddr/5/Type=TC
PLAS160_QCF/FactoryName=com.ibm.mq.jms.MQQueueConnectionFactoryFactory
PLAS160_QCF/RefAddr/14/Encoding=String
PLAS160_QCF/RefAddr/18/Content=true
MYPUT/RefAddr/2/Type=PRI
PLAS160_QCF/RefAddr/8/Content=0
MYPUT/RefAddr/4/Content=1208
MYPUT/RefAddr/2/Encoding=String
PLAS160_PUT/RefAddr/9/Type=QMGR
PLAS160_Q/ClassName=com.ibm.mq.jms.MQQueue
PLAS160_Q/RefAddr/1/Encoding=String
MYPUT/RefAddr/7/Content=1
PLAS160_Q/RefAddr/1/Type=EXP
MYPUT/RefAddr/6/Type=ENC
PLAS160_QCF/RefAddr/12/Content=true
PLAS160_QCF/RefAddr/2/Content=QM_gsplvp006_vm2
PLAS160_Q/RefAddr/7/Content=1
PLAS160_QCF/RefAddr/3/Encoding=String
PLAS160_Q/RefAddr/5/Type=TC
PLAS160_QCF/RefAddr/15/Content=1
PLAS160_QCF/RefAddr/5/Content=SYSTEM.DEF.SVRCONN
MYPUT/RefAddr/1/Content=-2
PLAS160_PUT/RefAddr/7/Encoding=String
PLAS160_QCF/RefAddr/15/Encoding=String
PLAS160_Q/RefAddr/9/Type=QMGR
MYPUT/RefAddr/3/Encoding=String
PLAS160_Q/RefAddr/1/Content=-2
PLAS160_Q/RefAddr/2/Encoding=String
PLAS160_Q/RefAddr/4/Content=1208
PLAS160_QCF/RefAddr/8/Type=CTO
PLAS160_PUT/RefAddr/7/Content=1
PLAS160_QCF/RefAddr/22/Content=1
PLAS160_QCF/RefAddr/12/Type=UCP
PLAS160_QCF/RefAddr/0/Type=VER
PLAS160_QCF/RefAddr/4/Encoding=String
PLAS160_QCF/RefAddr/22/Type=MRET
PLAS160_QCF/RefAddr/16/Type=LA
PLAS160_PUT/ClassName=com.ibm.mq.jms.MQQueue
PLAS160_QCF/RefAddr/4/Type=PORT
PLAS160_PUT/RefAddr/8/Encoding=String
PLAS160_QCF/RefAddr/16/Encoding=String
PLAS160_PUT/RefAddr/1/Content=-2
PLAS160_PUT/RefAddr/4/Content=1208
PLAS160_Q/RefAddr/3/Encoding=String
PLAS160_PUT/RefAddr/2/Type=PRI
PLAS160_PUT/RefAddr/6/Type=ENC
PLAS160_QCF/RefAddr/5/Encoding=String
MYPUT/RefAddr/3/Type=PER
PLAS160_PUT/RefAddr/9/Encoding=String
PLAS160_QCF/RefAddr/17/Encoding=String
MYPUT/RefAddr/4/Encoding=String
PLAS160_Q/RefAddr/2/Type=PRI
MYPUT/RefAddr/7/Type=FIQ
PLAS160_Q/RefAddr/4/Encoding=String
PLAS160_QCF/ClassName=com.ibm.mq.jms.MQQueueConnectionFactory
PLAS160_QCF/RefAddr/16/Content=
PLAS160_Q/RefAddr/6/Type=ENC
PLAS160_QCF/RefAddr/6/Content=819
PLAS160_QCF/RefAddr/19/Content=true
PLAS160_QCF/RefAddr/9/Content=0
MYPUT/RefAddr/5/Content=0
PLAS160_PUT/RefAddr/0/Encoding=String
MYPUT/RefAddr/8/Content=PLAS160_PUT
PLAS160_QCF/RefAddr/10/Content=false
MYPUT/RefAddr/5/Encoding=String
PLAS160_QCF/RefAddr/0/Content=6
Appendix 3 Node definition
Appendix 4 - Node JMSTarget Connectors Properties
Appendix 5 integrationgateway.properties JMS configuration section
## JMS configuration Section
#The JNDIFactory Classnames for Weblogic, IPlanet, MQSeries.
#ig.jms.JMSProvider.JNDIFactory.Weblogic=weblogic.jndi.WLInitialContextFactory
#ig.jms.JMSProvider.JNDIFactory.IPlanet=com.sun.jndi.fscontext.RefFSContextFactory
ig.jms.JMSProvider.JNDIFactory.MQSeries=com.sun.jndi.fscontext.RefFSContextFactory
#ig.jms.JMSProvider.JNDIFactory.OracleApplicationServer=com.evermind.server.rmi.RMIInitialContextFactory
# Enter the number of Queue listners to instantiate
#ig.jms.Queues=1
# For each queue specify the following properties
# Name
# Provider
# JMSFactory name (which is binded to the JNDI)
# MessageSelector (optional Message Filter)
# JNDI System File URL
# JMS User
# JMS Password
# Example :
#ig.jms.Queue1=QUEUE_VAS
#ig.jms.Queue1.Provider=MQSeries
#ig.jms.Queue1.JMSFactory=QCF
# ig.jms.Queue1.MessageSelector=
#ig.jms.Queue1.Url=file:/D:/apps/IBM/WebSphereMQ/Java
# ig.jms.Queue1.User=sam
# Use the supplied encryption utility to provide an encrypted password for the entry below
# ig.jms.Queue1.Password=EncryptedPassword
# ig.jms.Queue1.SecurityPrincipal=sam
# Use the supplied encryption utility to provide an encrypted password for the entry below
# ig.jms.Queue1.SecurityCredentials=EncryptedPassword
#IBInfoHeaders
#ig.jms.Queue1.MessageName=QE_F18_ASYNC
#ig.jms.Queue1.MessageVersion=VERSION_1
#ig.jms.Queue1.RequestingNode=FromNode
#ig.jms.Queue1.DestinationNode=ToNode
# Use the supplied encryption utility to provide an encrypted password for the entry below
#ig.jms.Queue1.NodePassword=EncryptedRequestingNodePassword
#ig.jms.Queue1.SubChannel=SubChannel
# Enter the number of Topic Subscribers to instantiate
# ig.jms.Topics=1
# For each Topic specify the following properties
# Name
# Provider
# JMSFactory name (which is binded to the JNDI)
# MessageSelector (optional Message Filter)
# JNDI System File Url
# JMS User
# JMS Password
# Example :
# ig.jms.Topic1=ExampleTopic
# ig.jms.Topic1.Provider=MQSeries
# ig.jms.Topic1.JMSFactory=TopicConnectionFactory
# ig.jms.Topic1.MessageSelector=
# ig.jms.Topic1.Url=file:c:/
# ig.jms.Topic1.User=sam
# Use the supplied encryption utility to provide an encrypted password for the entry below
# ig.jms.Topic1.Password=EncryptedPassword
# ig.jms.Queue1.SecurityPrincipal=sam
# Use the supplied encryption utility to provide an encrypted password for the entry below
# ig.jms.Queue1.SecurityCredentials=EncryptedPassword
#IBInfo Headers
#ig.jms.Topic1.MessageName=QE_F18_ASYNC
#ig.jms.Topic1.MessageVersion=VERSION_1
#ig.jms.Topic1.RequestingNode=FromNode
#ig.jms.Topic1.DestinationNode=ToNode
# Use the supplied encryption utility to provide an encrypted password for the entry below
#ig.jms.Topic1.NodePassword=EncryptedRequestingNodePassword
#ig.jms.Topic1.SubChannel=SubChannel
#For sending error either ErrorQueue or ErrorTopic must be configured
#If both exists, errors are only sent to ErrorQueues.
#Configure the Error-Queue configuration
# ig.jms.ErrorQueue=ErrorQ
# ig.jms.ErrorQueue-Provider=Weblogic
# ig.jms.ErrorQueue-User=sam
# Use the supplied encryption utility to provide an encrypted password for the entry below
# ig.jms.ErrorQueue-Password=sam
# ig.jms.Queue1.SecurityPrincipal=sam
# Use the supplied encryption utility to provide an encrypted password for the entry below
# ig.jms.Queue1.SecurityCredentials=EncryptedPassword
# ig.jms.ErrorQueue-JMSFactory=TopicConnectionFactory
# ig.jms.ErrorQueue-Url=file:c:/
#Configure the Error-Topic configuration
# ig.jms.ErrorTopic=Error
# ig.jms.ErrorTopic-Provider=IPlanet
# ig.jms.ErrorTopic-User=sam
# Use the supplied encryption utility to provide an encrypted password for the entry below
# ig.jms.ErrorTopic-Password=sam
# ig.jms.ErrorTopic-JMSFactory=TopicConnectionFactory
# ig.jms.ErrorTopic-Url=file:c:/
## End of JMS configuration Section
# Profile Information
# Set it to either TRUE or FALSE
ig.ProfileInformation=FALSE
#End-Of Profile Information
##EIPTestTool Properties
#Class name of the Gateway Manager to use during processing
#ig.gatewayManagerClass=com.peoplesoft.pt.integrationgateway.eiptesttool.EIPTestToolGatewayManager
#Contains a true or false value.
#True for LoopBack
#ig.EIPLoopBack=TRUE
#Contains the directory path that will be used
#to store request/response files during recording.
#ig.EIPOutputDirectory=c:/temp/output
# Number of ig.EIPMsgProp.N.propFile's
#ig.EIPMsgProp.count=0
#Certification root directory
#ig.EIPInputDirectory=c:/temp/input
#MessageProperty file names with locations.
#ig.EIPMsgProp.1.propFile=c:/temp/input/properties/pro1.xml
#ig.EIPMsgProp.2.propFile=c:/temp/input/properties/pro2.xml
#Overrides input directory for an EIP
#ig.EIPMsgProp.1.inputDirectory=c:/temp/input/properties1/
#EIPNodemapFileName
#ig.EIPNodeMap=c:/temp/nodemap.xml
##End of EIPTestToolProperties
#File connector password.
# Use the supplied encryption utility to provide an encrypted password for the entry below
ig.fileconnector.password=EncryptedPassword
#End of file connector properties.
## Query Access Services (QAS) Configuration Section.
# QAS Repository Home Directory. This is the directory where Query result blocks will be
# temporarily persisted.
# Example:
#ig.qas.repositoryHomeDir=C:/QASRepository
# Uncomment the following line and replace the value with the actual QAS Repository Home Directory.
#ig.qas.repositoryHomeDir=<Full-Path-For-Directory>
## END of QAS Configuration.
## AS2 Connector Properties.
# These Properties need to be set to use either the AS2TargetConnector or the AS2ListeningConnector
# REQUIRED:
# AS2 KeyStore Properties
# Uncomment the following two lines to specify your key keystore path and password.
# Use the PSCipher.bat utility to encrypt the keystore password.
# example:
# ig.AS2.KeyStorePath=C://pt846//webserv//peoplesoft//keystore//pskey
# ig.AS2.KeyStorePassword=GD9klUFw8760HVaqeT4pkg==
# OPTIONAL:
# AS2 Log Directory, logs all incoming and outgoing AS2 requests and responses.
# Uncomment and specify the correct directory name to enable logging.
# example:
# ig.AS2.LogDirectory = c://temp//as2//logs
## End of AS2 Connector Properties
## AS2ListeningConnector Only Properties.
# OPTIONAL:
# AS2From and AS2To http header parameters are required on all incoming AS2 messages. These parameters must
# map to PeopleSoft node definitions either directly or indirectly via AS2 From & To map specifications.
# AS2 From & To Map
# This map translates incoming AS2From and AS2To http header parameters into PeopleSoft node names.
# This property is not required if your incoming messages use AS2From and AS2To parameters that match
# existing PeopleSoft node definitions.
# ig.AS2.AS2ListenerMap.From.<AS2From>= Specify the PSFT Source Node Name.
# ig.AS2.AS2ListenerMap.To.<AS2To>= Specify the PSFT Target Node Name.
# This example translate AS2From from AS2SENDER to PSFT_SRC_NODE, and AS2To from AS2RECEIVER to PSFT_TGT_NODE.
# example:
# ig.AS2.AS2ListenerMap.From.AS2SENDER=PSFT_SRC_NODE
# ig.AS2.AS2ListenerMap.To.AS2RECEIVER=PSFT_TGT_NODE
# AS2 Message name
# Message name used to publish AS2 transactions.
# Use this property if the incoming AS2 Message Name is not in the HTTP Header or the URL.
# Replace <source> and <target> with either the incoming AS2From and AS2To http header parameters .
# when those match existing PeopleSoft node definitions, or with the PeopleSoft nodes names specified in the
# AS2 From & To map above.
# ig.AS2.<source>.<target>.MessageName= Specify the Message Name
# example:
# ig.AS2.PSFT_SRC_NODE.PSFT_TGT_NODE.MessageName=AS2_ORDER_REQUEST
# These Properties need to be set to use either the AS2TargetConnector or the AS2ListeningConnector
# REQUIRED:
# AS2 Certificates
# CertificateAlias is the certificate of the AS2 Listening Node used to decrypt incoming messages.
# SignerCertificateAlias is the certificate of the AS2From trading partner of Listening Node used to verify
# the incoming signature.
# Replace <source> and <target> with either the incoming AS2From and AS2To http header parameters
# when those match existing PeopleSoft node definitions, or with the PeopleSoft nodes names specified in the
# AS2 From & To map above.
# ig.AS2.<source>.<target>.CertificateAlias = Specify the target AS2 Listening Node certificate alias.
# ig.AS2.<source>.<target>.SignerCertificateAlias = Specify the source AS2From trading partner certificate alias.
# example:
# ig.AS2.PSFT_SRC_NODE.PSFT_TGT_NODE.CertificateAlias=<GeneratedAS2certificatealias>
# ig.AS2.PSFT_SRC_NODE.PSFT_TGT_NODE.SignerCertificateAlias=<GeneratedAS2certificatealias>
## End of AS2ListeningConnector Only Properties
## AS2 Target Connector Properties
# These Properties need to be set to use the AS2TargetConnector
# AS2 Original Request Information Log Directory
# This is required for Async MDN only. The Async MDN receiver uses this directory
# to find original request information.
# example:
# ig.AS2.AS2Directory=c://temp//as2
## END of AS2 Target Connector Properties.
#XML dtd lookup flag
# true - enable dtd reference lookup dtd on gateway. this is also the default value.
# false - disable dtd reference lookup on gateway.
ig.dtdLookup=true
# Maximum active connections to be cached on gateway
# These are connections from gateway to peoplesoft application server
# Caching connections will improve integration broker throughput
ig.connection=10
#####################
Maybe you are looking for
-
BW Gurus, What is the best cutover strategy for BW. We are planning to do a system copy for go live. 1)What are the points/instructions that need to be completed on the original system before doing a System copy? 2)What are the steps for the Basis? 3
-
Advise on ClassIndicator, using an integer
Hi all, the default ClassIndicator is in-class-name which generate a jdoclass column with the entire classname string in it. If this would be an integer field, it would not only save quite some storage space, but I assume would also be better in perf
-
Database timeout issue in oracle 11g 64 bit windows machine
Hi , Database connection getting timedout for every 30 seconds in oracle 11g database 64 bit windows environment. And the error we are getting is "Invalid user name and passoword". After altering the schema passoword alter username identified by pwd;
-
WHy is there a pink line on the right of my display?
Hi there, About a month ago a hot pink link appeared (vertically) on the right hand side of my screen. It is only a few pixels wide and runs from the very bottom to almost the top. It is about three inches from the edge of the monitor. I have a gen
-
Get my omni 10 to do anything other than restart?