Changing Proxy Authentication Details

Summary
After setting up proxy server authentication and successfully establishing a connection through the proxy server to the WibblyWideWeb, it does not appear to be possible to change the authentication details.
I.e. Removing or changing the Authenticator object (Authenticator.setDefault(...);) appears to have no effect once a 'successful' one has already been used.
Details
I have a GUI application that makes connections to the Internet.
It gives the user the option to configure it to pass through a Proxy server when making these connections.
For this, the user may also optionally provide authentication details for the Proxy server (authentication may not be necessary).
(All pretty standard so far...)
Everytime the application wishes to make a connection to the Internet it first sets up the Authenticator.
If the user has provided authentication details then the following code is executed, otherwise the 'default Authenticator' is set to null:
Authenticator.setDefault(new Authenticator()
protected PasswordAuthentication getPasswordAuthentication()
return new PasswordAuthentication(username, password);
});(Again, this is all pretty basic stuff as I understand it...)
With the use of some DBF's ("Developer's Best Friend" - System.out.println("..."); statements) I have been able to detect that once a 'successful' set of authentication details has been retrieved from the Authenticator object, the getPasswordAuthentication() method is never called again.
Therefore, changing the Authenticator with the intention of changing or removing the authentication details has no effect.
One possibility for this happening is because some code deep within the java.net API is caching these authentication details after having detected that they are valid credentials.
Do you have any other ideas?
How can I ensure (without a JVM restart, which appears to be the only current solution) that changes to authentication details take effect?
Thanks for your time.
John

On a Mac, you may need to reset the sync history. As far as I know, not being a Mac user, this is accomplished in iSync. The only other solution that I could think of would be to delete the accounts on the phone, and then sync the phone and see if the new info comes over. However, I believe that resetting the sync history will do it.

Similar Messages

Calling external web service - Proxy Authentication error

Using Developer 10.1.3.3 and following OTN example http://www.oracle.com/technology/products/forms/htdocs/10gr2/howto/webservicefromforms/ws_10_1_3_from_forms.html.
I have followed the above example and am trying to test the SendServiceSoapClient.java in JDeveloper. The class compiles ok but when I run it I receive the following error in the log window :
HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Bad response: 407 Proxy Authentication Required
As I was able to create the proxy with no problems, the proxy settings in Tools->Preferences are valid. I don't understand at what point it is failing as I am able to access the wsdl in the example from JDeveloper. I have checked the system settings for the proxy (username/pwd/host etc) at run time and they are as expected.
Can anyone make any suggestions? I have had my user details checked on our proxy server and it is not blocked from performing any actions. Is the message indicating I am being blocked from accessing the service from the suppliers end?

I have a solution for the problem I encountered.
My collegues who look after the proxy server and network first tried to bypass authentication for the web site www.esendex.com (where the service resides). The same error occurred when trying to call the service.
They then set up a route on the network to send the request straight to www.esendex.com and a rule on the firewall to allow the request 'out'. This has done the trick and the request passes through!
Unfortunately, I am not much clearer as to why our proxy server is configured to block this message type and how come it can't be changed! Hey ho, I have a solution for now!

ITunes proxy authentication

How to use itunes through a proxy server with transparent authentication with Microsoft AD? Itunes constantly asks for a password, and if you specify to save the password after password change attempts to authenticate the user under the old password does not work and has not deleted the file keychain.plist? How can I fix this?

I have this issue, but at least 10.7 gives you the option to put in your authentication details.
iTunes 11 does not have proxy authentication at this point in time so do not upgrade if you require this.
I have upgraded to version 11 and now can't access the iTunes store.

Is there an issue with the latest version of FF with HTTPS requests and Proxy authentication?

I'm currently working inside a cope network behind a proxy, which requires authentication.
When browsing to websites externally to our network I would usually only be promoted once for authentication details; after that I would never see the prompt again until after restating the browser.
However after the latest update I've found that when visiting HTTPS sites I'm promoted for my login details. But even though I enter the correct information the prompt does not take the details and continually asks until eventually our proxy closes the connection (usually with my account now being locked).
My other browsers (IE, GC) work fine without problems.
Any ideas?

It could be a regression in Firefox 18 that wasn't present in Firefox 17. The developers are known nowadays for including too many experimental changes and my bet is one of them is causing this.
But to confirm, could you downgrade back to Firefox 17 and still see if it works well with proxy authentication?
Download link:
 www.mozilla.org/en-US/products/download.html?product=firefox-17.0.1&os=win&lang=en-US

Random Mozilla Proxy Authentication (Mozilla Firefox 30.0)

Hi All,
We are experiencing an issue with random intermittent Mozilla Proxy Authentication prompts. We are running Mozilla firefox in a Windows domain and using a clearswift proxy server. I've tried a large number of configuration changes with Firefox but still get these annoying prompts. This obviously looks bad to our user base. We do not suffer the same issues with IE11 or Google Chrome.
Please can anyone help before we look to remove this software and go for an alternative browser?
Many Thanks,
Kirk

I've called in the big guys in to help you.
What is your current Firefox and computer system?
Have you had any other issues?
While you are waiting, please check these out;
Some added toolbar and anti-virus add-ons are known to cause
Firefox issues. '''Disable All of them.'''
Some problems occurs when your Internet security program was set
to trust the previous version of Firefox, but no longer recognizes your
updated version as trusted. Now how to fix the problem: To allow
Firefox to connect to the Internet again;
* Make sure your Internet security software is up-to-date (i.e. you are running the latest version).
* Remove Firefox from your program's list of trusted or recognized programs. For detailed instructions, see
'''[https://support.mozilla.org/en-US/kb/configure-firewalls-so-firefox-can-access-internet Configure firewalls so that Firefox can access the Internet.]''' {web link}
'''[https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode Start Firefox in Safe Mode]''' {web link}
While you are in safe mode;
Type '''about:preferences#advanced'''<Enter> in the address bar.
Under '''Advanced,''' Select '''General.'''
Look for and turn off '''Use Hardware Acceleration'''.
Poke around safe web sites. Are there any problems?
Then restart.

Administration of APEX in SQL Developer with Proxy Authentication impossibl

Hello!
We are using latest version of SQL Developer to administer APEX. We are connecting to the database with proxy authentication. The syntax is:
personal_user[apex_ws_owner]
e.g.: mdecker[apex_demo]
When trying to deploy APEX application I go to "Database Object" -> Application Express -> Application1 [100] -> right mouse click: "Deploy Application". Then I select the appropriate database identifier and next, I am presented with a screen showing import options. In second line, it says: "Parsing Schema: MDECKER".
This is wrong: it has to be Parsing Schema: APEX_DEMO. It seems that managing APEX with SQL Developer does not support Proxy Authentication.
Could you please confirm?
Is there a way to formally ask for this enhancement?
Best regards,
Martin
Update:
I found out that if I check the flag "Proxy Authentication" in the connect details and provide both passwords, the deploy application parsing schema is set to the correct APEX_DEMO account. However, we are using Proxy Authentication in order to avoid having to know the application password.
Edited by: mdecker on Jan 28, 2013 4:48 PM

There is a write-up about connecting to APEX here: <a href ="http://www.oracle.com/technology/products/database/application_express/html/sql_dev_integration.html" >SQL Dev Oracle APEX Integration</a>
You do need to have updated to Oracle APEX 3.0.1.
Regards 
Sue

Define Proxy Server details in MS Dynamics CRM 2013 tamplate project using CRM 2013 developer toolkit

Hi,
I am trying to create MS CRM 2013 template project using MS CRM 2013 developer tool kit. When I am trying to connect with MS CRM 2013 online , it is giving me error "407 Proxy Authentication Required".
Actually I am using proxy server for connect with CRM. In my custom application as well as using plugin registration tool I have define below setting in config file for avoid this error
<system.net>
<defaultProxy useDefaultCredentials="true" />
</system.net>
But in MS CRM 2013 template project I don't get any option to add config file. So I am unable to add this detail in project.
Can any one help me, how can I avoid this error for MS CRM 2013 developer tool kit project.
Thanks,
---vaib

Hi,
We can :-)
I will try to find a better forum in the list and move it
Good luck :-)
Ronen Ariely
[Personal Site] [Blog] [Facebook]

Is Proxy Authenticated or not in Applet


Hi Everyone,


I need to show proxy details to the user in an applet and I got the proxy host and port by using the JDK API and I need to check is the proxy is authenticated or not and I used the below code in the applet


public boolean checkHttpAuthentication() {


logger.info("Start of detecting proxy authentication settings");
HttpURLConnection urlConnection = null;


try {


String host = SiteSurveyAppletConstants.HTTP_PROXY_DETECT_URL;


URL url = new URL(host);


urlConnection = (HttpURLConnection) url.openConnection();


urlConnection.setDoInput(true);


urlConnection.setDoOutput(true);


urlConnection.setUseCaches(false);


int statusCode = urlConnection.getResponseCode();


logger.info("statusCode : " + statusCode);


if(statusCode == HTTPStatusCodes.SC_PROXY_AUTHENTICATION_REQUIRED) {


isProxyAuthenticated = true;




} catch (Exception e) {


System.out.print("Error occured while sending data to the server\n" + e);




logger.info("End of detecting proxy authentication settings");


return isProxyAuthenticated;




When I access the applet a dialog box (Firefox browser dialog box) is prompting to enter the user credential and applet is loaded into the browser after entering the user credentials, but if you see the code in above snippet, it's not returning me the 407 status code, it's returning me the 200.


In my application applet will first fetch the proxy settings and will do some processing (connecting to the server) and will load into the browser. So for connecting to the server I need to know whether the proxy is authenticated or not. If it is authenticated then I need to open a dialog box asking the user to enter the credentials and will use those credentials for connecting back to the server


Can anyone help me what is causing the problem


Thanks


Hi,
MINUS does two full table scans & removes matches after whereas NOT IN does a full table scan of table 1 then for each row it searches through table two...assuming you have two proper tables e.g.:
TABLE1: 20,000 rows in 1000 blocks
TABLE2: 10,000 rows in 500 blocks
Reads required for minus:
Full scan of TABLE1 = 1000 blocks
+
Full scan of Table2 = 500 blocks
= 1500 reads
Reads required for NOT IN:
Full scan of TABLE1 = 1000 blocks
20,000 lookups in TABLE2 = 20,000 x (depth of index on TABLE2)
= 21,000 at least
So a lot more work is done with NOT IN. Taken from here. Note the gets:
SQL> select count(*) from
2 ( select object_id from t1
3 minus
4 select object_id from t2
5 )
6 /
COUNT(*)
 171
Statistics
 0 recursive calls
 24 db block gets
 136 consistent gets
 64 physical reads
 0 redo size
 380 bytes sent via SQL*Net to client
 518 bytes received via SQL*Net from client
 4 SQL*Net roundtrips to/from client
 3 sorts (memory)
 0 sorts (disk)
 1 rows processed
SQL> select count(*) from
2 ( select object_id from t1
3 where object_id not in
4 ( select object_id from t2
5 )
6 )
7 /
COUNT(*)
 171
Statistics
 0 recursive calls
 12 db block gets
 84406 consistent gets
 0 physical reads
 0 redo size
 405 bytes sent via SQL*Net to client
 541 bytes received via SQL*Net from client
 4 SQL*Net roundtrips to/from client
 1 sorts (memory)
 0 sorts (disk)
 1 rows processedMike

Problem after 9.2 / 8.17 updating - proxy authentication returns

We just updated to 9.2 and 8.1.7 of Acrobat and Adobe Reader on our SME network (Windows XP SP3 clients connected to Microsoft SBS2003 Premium server, so a typical SME setup).
When I then tried the usual [Check for Updates] I was unpleasantly surprised to see a previous problem appear - Acrobat and Adobe Reader both refused to connect to the internet without manual authentication to the Proxy Server (even when an admin account was logged in already). SBS2003 uses ISA as a proxy server, which works fine with all modern apps.
This was a major problem with Acrobat/Reader (and CS) until fairly recently when I assume the teams responded to complaints and modified the apps so that updates could occur without someone manually traipsing around client machines to enter authentication details.
Now we are back to square one - can someone please advise if this issue is 'accidental' (and hopefully therefore to soon be remedied) or if it was a deliberate move?
If the latter, I'd be interested to hear the justification behind it - it is making Reader in particular more trouble than it is worth to install.

Finally found another tread on this obscure problem -- I don't know why Adobe doesn't have a KB on this issue that their update causes.
I added *.adobe.com to the ISA server rules then the clients could run updater fine again.

SCCM 2012 R2 ADR issue with proxy authentication

Hi,
We're migrating SCCM 2007 to SCCM 2012 R2.
In SCCM 2007, the proxy server is configured with user authentication, and this works.
In SCCM 2012 R2, the Software Update Point is installed locally and connected with a local WSUS 4.0 (Server 2012)
We use a proxy with user authentication for Update Deployment. (This user is the same as configured in SCCM 2007.)
The Proxy Server is Blue Coat SG.
The proxy account is used for:
The Synchronization works, but Automatic Deployment Rule (ADR) doesn't work.
When an Automatic Deployment Rule is started, it tries to authenticate 3 times.
The Patchdownloader.log shows:
Trying to connect to the root\SMS namespace on the <servername> machine. Software Updates Patch Downloader 11/8/2013
12:19:06 3608 (0x0E18)
Connected to
\\<servername>\root\SMS Software Updates Patch Downloader 11/8/2013 12:19:06 3608
(0x0E18)
Trying to connect to the
\\<servername.domain>\root\sms\site_ECM namespace on the <servername.domain> machine. Software Updates Patch Downloader 11/8/2013
12:19:06 3608 (0x0E18)
Connected to
\\<servername.domain>\root\sms\site_ECM Software Updates Patch Downloader 11/8/2013 12:19:06 3608
(0x0E18)
Download destination =
\\<servername.domain>\dp_wks_ms_updates$\3208bb5e-bcd9-4389-a0c9-02ef33ccb998.1\XPSEPSC-x86-en-US.exe . Software Updates Patch Downloader 11/8/2013 12:19:07 3608
(0x0E18)
Contentsource =
http://wsus.ds.www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/xpsepsc-x86-en-us_7ae70ca1330a099080c6c41c4d5b7f19b30dc0cd.exe . Software Updates Patch Downloader 11/8/2013
12:19:07 3608 (0x0E18)
Downloading content for ContentID = 16819067,
FileName = XPSEPSC-x86-en-US.exe. Software Updates Patch Downloader 11/8/2013 12:19:07 3608 (0x0E18)
Try username <domain\ProxyAccount> Software Updates Patch Downloader 11/8/2013 12:19:07 8364
(0x20AC)
Proxy enabled proxy server <proxyserver>:8080 Software Updates Patch Downloader 11/8/2013
12:19:07 8364 (0x20AC)
HttpSendRequest failed HTTP_STATUS_PROXY_AUTH_REQ Software Updates Patch Downloader 11/8/2013
12:19:07 8364 (0x20AC)
Download
http://wsus.ds.www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/xpsepsc-x86-en-us_7ae70ca1330a099080c6c41c4d5b7f19b30dc0cd.exe to C:\Windows\TEMP\CAB6FD2.tmp returns 407 Software Updates
Patch Downloader 11/8/2013 12:19:07 8364 (0x20AC)
ERROR: DownloadContentFiles() failed with hr=0x80070197 Software Updates Patch Downloader 11/8/2013
12:19:07 3608 (0x0E18)
Then the proxy user account is locked:
Trying to connect to the root\SMS namespace on the <servername> machine. Software Updates Patch Downloader 11/8/2013
12:20:11 3608 (0x0E18)
Connected to \\ <servername>\root\SMS Software Updates Patch Downloader 11/8/2013
12:20:11 3608 (0x0E18)
Trying to connect to the
\\<servername.domain>\root\sms\site_ECM namespace on the <servername.domain> machine. Software Updates Patch Downloader 11/8/2013
12:20:11 3608 (0x0E18)
Connected to
\\<servername.domain>\root\sms\site_ECM Software Updates Patch Downloader 11/8/2013 12:20:11 3608
(0x0E18)
Download destination =
\\<servername.domain>\dp_wks_ms_updates$\e0a54221-3ff2-4129-b7cf-89bf5cd1f726.1\Windows-KB943729-x86-ENU.exe . Software Updates Patch Downloader 11/8/2013
12:20:12 3608 (0x0E18)
Contentsource =
http://wsus.ds.download.windowsupdate.com/msdownload/update/software/updt/2009/10/windows-kb943729-x86-enu_e174c41ce3dcbd5c8922d6d1c39df1be425a70e0.exe . Software Updates Patch Downloader 11/8/2013
12:20:12 3608 (0x0E18)
Downloading content for ContentID = 16824262,
FileName = Windows-KB943729-x86-ENU.exe. Software Updates Patch Downloader 11/8/2013 12:20:12 3608 (0x0E18)
Try username <domain\ProxyAccount> Software Updates Patch Downloader 11/8/2013 12:20:12 12480
(0x30C0)
Proxy enabled proxy server <proxyserver>:8080 Software Updates Patch Downloader 11/8/2013
12:20:12 12480 (0x30C0)
HttpSendRequest failed HTTP_STATUS_FORBIDDEN or HTTP_STATUS_DENIED Software Updates Patch Downloader 11/8/2013
12:20:12 12480 (0x30C0)
Download
http://wsus.ds.download.windowsupdate.com/msdownload/update/software/updt/2009/10/windows-kb943729-x86-enu_e174c41ce3dcbd5c8922d6d1c39df1be425a70e0.exe to C:\Windows\TEMP\CAB6E4B.tmp returns 403 Software Updates
Patch Downloader 11/8/2013 12:20:12 12480 (0x30C0)
ERROR: DownloadContentFiles() failed with hr=0x80070193 Software Updates Patch Downloader 11/8/2013
12:20:12 3608 (0x0E18)
The RuleEngine.log shows:
Failed to download the update from internet. Error = 403 SMS_RULE_ENGINE 11/8/2013 16:18:25 3608 (0x0E18)
Failed to download ContentID 16824467 for UpdateID 16819978. Error code = 403 SMS_RULE_ENGINE 11/8/2013 16:18:25 3608 (0x0E18)
It seems that the ADR uses a wrong password when authenticating with the proxy, but this same user works when synchronizing with WSUS.
We performed the following actions with no result:
run the ADR manually and automatic,
reinstalled WSUS and SUP,
changed proxy user account.
Regards,
Matthias

Currently, the command shows:
Current WinHTTP proxy settings:
 Direct access (no proxy server).
We've been testing with:
upddwnldcfg.exe /s:<proxyserver>:<port> /u:<user> /allusers
psexec -i -s iexplore.exe, set Internet Explorer proxy manually
All with same result, proxy user getting locked when ADR runs.
(These settings have been removed after the test.)
I think dekac99 would suggest netsh winhttp set proxy or import proxy.
then turn off proxy use on the role SUP (this way not SCCM will send auth but all winhttp will use proxy)
the problems with that for me are:
- if MS implemented role-based proxy usage, why set at http layer - of course this might work as a workaround for the time being so it might be a good idea but I'm just not sure what unwanted issues it may cause
- the other thing is where I'm not sure, with set proxy you cannot define authentication account. if you use import from IE and the IE prompted for proxy auth, the stored credential will be used on winhttp layer (though I'm not 100% sure of that) - so this
is just too uncontrolled for me
- upddwnldcfg.exe will need to run in the name of system account (it stores credentials under HKCU so far I know it will be a per user based setting)
--> what confuses me, the catalog synch works which should use the same configured proxy and account(?), only ADR does not work. shouldn't they both use the same process for sending account auth info?

ASA - cut through proxy authentication for RDP?

I know how to set this up on a router (dynamic access-list - lock and key)... But, I'm having trouble understanding how to setup OUTSIDE to INSIDE cut through proxy authentication for RDP.
OUTSIDE to INSIDE RDP is currently working.
I have 2 servers I want RDP open for..
[*]OUTSIDE 1.1.1.1 to INSIDE 10.10.70.100
[*]OUTSIDE 1.1.1.2 to INSIDE 10.10.50.200
What's required for OUTSIDE users to authenticate on the ASA before allowing port 3389 opens? I was hoping for is a way to SSH into this ASA, login with a special user, then have the ASA add a dynamic ACE on the OUTSISE interface to open 3389 for a designated time limit. Is this possible?
Here is my current config.
[code]
ASA Version 8.2(5)
hostname ASA5505
names
name 10.10.0.0 LANTraffic
name 10.10.30.0 SALES
name 10.10.40.0 FoodServices
name 10.10.99.0 Management
name 10.10.20.0 Office
name 10.10.80.0 Printshop
name 10.10.60.0 Regional
name 10.10.70.0 Servers
name 10.10.50.0 ShoreTel
name 10.10.100.0 Surveillance
name 10.10.90.0 Wireless
interface Ethernet0/0
description TO INTERNET
switchport access vlan 11
interface Ethernet0/1
description TO INSIDE 3560X
switchport access vlan 10
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
no nameif
security-level 50
no ip address
interface Vlan10
description Cisco 3560x
nameif INSIDE
security-level 100
ip address 10.10.1.1 255.255.255.252
interface Vlan11
description Internet Interface
nameif OUTSIDE
security-level 0
ip address 1.1.1.1 255.255.255.224
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup OUTSIDE
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 4.2.2.2
domain-name test.local
access-list RDP-INBOUND extended permit tcp any host 1.1.1.1 eq 3389
access-list RDP-INBOUND extended permit tcp any host 1.1.1.2 eq 3389
pager lines 24
logging enable
logging timestamp
logging trap warnings
logging device-id hostname
logging host INSIDE 10.10.70.100
mtu INSIDE 1500
mtu OUTSIDE 1500
ip verify reverse-path interface OUTSIDE
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
global (OUTSIDE) 1 interface
nat (INSIDE) 1 LANTraffic 255.255.0.0
static (INSIDE,OUTSIDE) tcp interface 3389 10.10.70.100 3389 netmask 255.255.255.255
static (INSIDE,OUTSIDE) tcp 1.1.1.2 3389 10.10.50.200 3389 netmask 255.255.255.255
access-group RDP-INBOUND in interface OUTSIDE
route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1 1
route INSIDE LANTraffic 255.255.0.0 10.10.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http Management 255.255.255.0 INSIDE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 10.10.70.100 255.255.255.255 INSIDE
ssh Management 255.255.255.0 INSIDE
ssh 0.0.0.0 0.0.0.0 OUTSIDE
ssh timeout 5
ssh version 2
console timeout 0
threat-detection basic-threat
threat-detection scanning-threat shun
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
username scott password CNjeKgq88PLZXETE encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1e9d278ce656f22829809f4c46b04a07
: end
[/code]

You're running ASA 8.2(5). In 8.4(2) Cisco added support for what they call Identity Firewall rules. That is, you can make access-lists entries specific to users (or object groups containing users).
There's an overview document on this posted here. It's a bit dated but I believe the only change is that Cisco is now preferring use of the more current Context Directory Agent (CDA) - a free VM they provide - vs. the deprecated AD agent (software service that runs on your DC).

Safari, Proxy Authentication, and Certificate Authorities ( for https )

A recent update to Safari has caused it to not work with our proxy authentication. It will not provide authentication details when looking up SSL certificate authorities, causing certificate errors on all https:// websites. All other traffic (http, https if certificate is bypassed, plugins, etc.) seem to work just fine. Is anyone else having this problem? If so, is there a fix?
It occurs on Mac and PC. I am using SquidGuard with NTLM authentication. All other browsers on our system (IE x.x, FireFox, Chrome, Opera ) don't have this issue.

I have the same problem and it's frustrating as can be.
What happens to me is that When I bring my laptop to work, and put it on the work network and launch Safari, Safari informs me that each of my plugins is invalid and then uninstalls them - I'm effectively not able to use any plug ins at work, and I have to go hunt them down when I get back home (for reference, The extensions are still physically in \users\me\Library\Safari\Extensions - so when I get home I can just double click on all of them)
I opened a case with apple and I encourage you to do the same. Perhaps if enough users complain they will find a gentler way to work with it.
They had me do a capture and after analyzing it said it was an issue with the work network and not being able to valdate the extensions.
It sounds like the same issue you have - as my work network uses a proxy as well.
The rep suggested that I use a different browser at work, but I'm so used to clicking safari, that I do it out of habit.
I really like Safari, and hope they get it fixed - Safari may not get respect in the windows world, but it's really a great browser - especially on a laptop where screen real estate is limited (where I often hit command-shift-\ to hide the address bar to see more of the page)
-Jack

ABAP client Proxy authentication required

Hallo, my problem is about ABAP client Proxy authentication.
Scenario:
Our Dev. BW MWDCLNT600 queries forward a (RetailPro) database (JDBC Receiver C.Channel), by Dev. XI , in order to "drive" data extraction (realized, backward, from RetailPro to BW).
Forward communication from BW uses a call on ABAP Client Proxy technology (I mean, a BW class implements an XI outbound Message Interface).
Problem:
Something changed, we don't know what or where, and since last week everytime you execute the report (F8) you are prompted for an authentication popup.
Official manual guide is: (ABAP Proxy Generation)
http://help.sap.com/saphelp_nw04/helpdata/en/ba/f21a403233dd5fe10000000a155106/frameset.htm
in which you have to manage the 2 properties for credential supplying:
com.sap.aii.applicationsystem.serviceuser.name
com.sap.aii.applicationsystem.serviceuser.pwd
in order to "drive" authentication to Integration Engine.
In our scenario, ABAP report ZRTP_FLOW_CONTROL drives data extraction query, by a call to execute method
of class: ZCO_MI_FLOW_CONTROL_OB
which implements Outbound MI: MI_Flow_Control_OB (...all in SPROXY).
In SXMB_ADM, XI IEngine URL is correct...
In Exchange Profile, the 2 properties (see above) are correctly maintained (user: XIAPPLUSER, and password is OK)
Any suggestion?
Thanks all in advance!
Gianluca

Hi
I would like to suggest you to change the password in http destination (sm59) configured to comunicate with XI and put another one using UPPER case only. Another thing to check is tx SLDAPICUST. There is a problem in this transaction (I think it is a problem, maybe it's a feature , you need to use password with UPPER there to, and you need to double save the data there (change something, click save, change another thing, click save, and will work, otherwise not). Check tx SLDCHECK to see if connection with SLD and Integration Directory are ok.
Regards.
Roberti

Proxy Authentication while Installing Dreamweaver Widget Browser (Mac)

Hi,
I have created the Adobe CS6 Web and Design Premium package using AAMEE 3.0. I have chosen to exclude adobe air and help. Exception folders have Adobe AIR Installer , Adobe Dreamweaver Widget browser and Adobe Help. ExceptionInfo.txt provides the list of commands to install the exceptions. While running the commands from the text file, Adobe AIR and Adobe Help works fine but Dreamweaver widget prompts for proxy authentication inspite of -slient parameter.
I am using the below command from ExceptionInfo.txt to install Widget Browser
Adobe AIR Installer.app/Contents/MacOS/Adobe AIR Installer -silent -eulaAccepted -programMenu WidgetBrowser.air
Does this a common issue or do I need to change something in the command line?
Regards,
Karthikeyan M

Hi Karthikeyan
I haven't had the opportunity to confirm this with CS6 recently, but depending on the callback the air application makes, I have seen examples where using the -revocationCheck never command line flag could potentially make a difference. It would be interesting to see if it does under these specific circumstances with the widgetbrowser.
See http://blogs.adobe.com/simplicity/2011/08/disabling-air-certificate-revocation-checks-duri ng-silent-install.html and http://helpx.adobe.com/creative-suite/kb/creative-suite-deployment-proxy-log.html for some background.
Kind regards
Henk

Proxy authentication doesn't work with JSSE

Hello,
Seems like there is no common way to authenticate with proxy for HTTP and HTTPS.
Connecting to http://... - works fine, but https://... returns error message:
Unable to tunnel through 111.111.111.111:8080. Proxy returns "HTTP/1.0 407 Proxy Authentication Required"
(IP address is intentionally changed in the message above)
I'm using JSSE with VAJ JDK 1.2 and here is a Java code snippet that works well with HTTP connections:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
System.setProperty("https.proxyHost", proxyHost);
System.setProperty("https.proxyPort", proxyPort);
System.setProperty("http.proxyHost", proxyHost);
System.setProperty("http.proxyPort", proxyPort);
try {
URL url = new URL("https://www.sun.com");
URLConnection connection = url.openConnection();
String authString = proxyUserID + ":" + proxyPasswd;
String encodedAuthString =
"Basic " + new sun.misc.BASE64Encoder().encode(authString.getBytes());
connection.setUseCaches(false);
connection.setRequestProperty("Proxy-authorization", encodedAuthString);
Listening to the network traffic helped me to understand that there is a difference between the way HTTP and HTTPS is handled. For some reason HTTPS ignores all the headers that I specify using setRequestProperty().
Here is example of request and responses sent by HTTPS handler:
Request:
CONNECT 198.175.98.32:443 HTTP/1.0
User-Agent: JSSE
Proxy response:
HTTP/1.0 407 Proxy Authentication Required
Date: Wed, 07 Nov 2001 22:04:11 GMT
Content-Length: 233
Content-Type: text/html
Server: NetCache (NetApp/5.1R2D4)
Proxy-Authenticate: basic realm="NETCACHE2"
Please note that there is no Proxy-authorization header in the request above.
Compare it with HTTPS request sent by Netscape browser:
Request to proxy:
CONNECT www.sun.com:443 HTTP/1.0
Proxy-authorization: Basic am0vbDphrGxHa22lLg==
User-Agent: Mozilla/4.76 [en] (Windows NT 5.0; U)
Response:
HTTP/1.0 200 Connection established
Proxy-Agent: NetCache NetApp/5.1R2D4
So, the question is:
What is the best way to pass "Proxy-authorization" header to proxy server??
Thanks in advance for your time.

Hi Guys,
Just like, i assume, all of you, i've had my battles with javas' handling of https comms from behind a firewall. I'm actually amazed at how something that is a simple combination of protocol and security should become so messy.
Luckily , i managed to get all my requirements met, but the sad thing is after all that hard work, i'm not much closer to understanding why the standard java sdk (im using 1.4) forces us to endure such painful tasks.
Really, Java is quite a mature language now, and one of its touted benefits is its applicability to web and internet technologies... so why the messy proxy code when dealing with ssl?
Anyway, i didn't really come here to b**tch, but rather to point you all to a handy library from apache - httpClient - http://jakarta.apache.org/commons/httpclient.
After implementing ssl proxy tunnelling and all the fun that goes with it, i found this tool, and subsequently deleted all that ugly code, and let http client deal with all that for me.
Its seriously simple, heres a snippet:
httpClient = new HttpClient();
httpClient.setTimeout(responseTimeoutMillies);
Protocol myHttps = new Protocol("https", new SSLContextBasedSocketFactory(sslContext), targetServerPort);
httpClient.getHostConfiguration().setHost(targetServerHost, targetServerPort, myHttps);
if (useProxy)
     httpClient.getHostConfiguration().setProxy(proxyHost, proxyPort);
        httpClient.getState().setProxyCredentials("my-proxy-realm", proxyHost, new UsernamePasswordCredentials(proxyUser, proxyPassword));
}This initialises the client, and after this, making http requests is simple:
String response = null;
PostMethod postMethod = new PostMethod("/secure/blah.jsp"); // A HTTP Post
postMethod.setRequestBody("Hello there"); // this is the data in the http post body
int responseCode = httpClient.executeMethod(postMethod);
if(responseCode == 200)
    response = postMethod.getResponseBody();...
As you can see, its alot less painful. It certainly makes me feel better, knowing i don't have to support/maintain the ugly proxy tunnelling code. Give it a shot on your next project.
Hope it helps.
Regards
Marcus Eaton

Changing Proxy Authentication Details

Similar Messages

Maybe you are looking for