Cisco Secure Access Control System vs ISE
Can someone tell me what the difference is between these two systems? Is there a feature on one that I can not use on the other?
TACACS+ to begin. No tacacs on ISE in its present form. I'm basically transitioning all user radius based auth to ISE and keeping admin tacacs based auth on ACS. ACS does DACLs, but only based on user or group membership. ISE does DACLs based on very customizable rules and posture assessment.
Similar Messages
-
Link does not work for
End-of-Sale and End-of-Life Announcement for the Cisco Secure Access Control System 5.4
How do we get Cisco to fix?
see attachmentGive it a couple of days - it looks like they just sent out the notification before the notice was published on the public page.
Once the ACS 5.4 EoS/EoL notice is published you should see it linked from this page. -
Cisco Secure Access Control Server Solution Engine OR Cisco Secure Access Server ?
Which product is really affected, the Cisco Secure Access Control Server Solution Engine which is a hardware applliance with software from 3.2 to 4.2 or the Cisco Secure Access Control Server Software appliance available for installing as a virtual machine into VMware ESX/ESXi 5.0 with 5.X software ?
Thank you for clarifying
Best regards
MarcoHi Thomas,
You can download ACS for windows 4.1 or 4.2 from the below listed link:
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-eval
For ACS 5.x, please visit cisco.com
Download software > Security > Cisco Secure Access Control System 5.x > Secure Access Control System Software
HTH
Regards,
Jatin
Plz rate helpful posts- -
Cisco Secure Access Control Server for Windows 3.0
I have to rebuild a server using Cisco Secure Access Control Server for Windows 3.0 ... I cannot locate this software under "download software" in cisco.com ..
where can I download a copy for Cisco Secure Access Control Server for Windows 3.0 ?Hi,
You can not download the ACS windows Solution engines softwares from the cisco.com > download pages as these s/w are not available there. You can only download patches and remote agent software.
In order to get any ACS software/ upgrade assistance you need to open up a TAC case.
Also, ACS 3.0 is not supported by Cisco anymore..getting support for this version or any 3.x is not possible.
HTH
Regards,
JK -
Cisco Secure Access Control Server (ACS) for Windows
Looking for Part code for client of ACS 3.1, needs CD-ROM for re-installation prior to considering upgrade.
It should be
CSACS31WINK9
M.
Hope that helps rate if it does -
Integrating with external access control system
Hi,
I am new at the network but have read a lot recently about the above subject as much as I could. However, I am a bit mixed up at something. I understand in order to update SAP HR module with employees time and attendance logs I need to interface with a certified PDC interface => (SAP ECC - PLANT DATA COLLECTION - TIME & ATTENDANCE AND EMPLOYEE EXPENDITURES (HR-PDC)
I wish to develop a system that updates the the SAP HR with employee attendance logs. In addition I also wish enroll new employees into my access control system database by polling the SAP HR database.
Now my question is if I use .NET connector:
1. Does the connector it include functions that can help with the above requirements?
2. Is the use of PDC interface here still a must?
ThanksFor time management with the help of transaction pt80 you can download the information about employees with the help of idoc. And there are some programs a.k.a connectors that link access control systems and SAP so that you do not hire the same employee in the access control problem. You hire the employee in SAP and SAP sends the information (HR Minimaster DATA) to the related program.
It is also do the same thing for the employees who resign. I mean if an employee is fired or resigned from the company than it is sent to the related system.
These can be found under PDC integrated systems. You can find information about the systems from Ecohub. http://ecohub.sap.com/
I hope this answer will help. -
Cisco Prime Infrastructure 1.2 with Cisco Prime Network Control System Hardware Appliance
Hi Team,
I have following BOM
Cisco Prime Infrastructure
R-PI-1.2-K9
Cisco Prime Infrastructure 1.2
1
R-PI-1.1-500-K9
Prime Infrastructure 1.2 Software - 500 Device Base Lic
1
L-PILMS42-500
Prime Infrastructure LMS 4.2 - 500 Device Base Lic
1
L-PINCS12-500
Prime Infrastructure NCS 1.2 - 500 Device Base Lic
1
PRIME-NCS-APL-K9
Cisco Prime Network Control System Hardware Appliance
1
PI-APL-IMAGE-1.2
Cisco Prime Infrastructure 1.2 Appliance Software
1
Pls let me know if we have both NCS and LMS preinstalled with Cisco Prime Infrastructure 1.2 Appliance Software orwe need seperate appliance or server for LMS 4.2.
RegardsHi Scott,
Thanks for the response but I got to know that LMS and NCS are combined in single ISO image from PI 1.2 and can be installed on the same physical NCS appliance.
Can you pls check this.
Regards -
Integrating SAP HCM with third party Access Control System
Hi Experts,
We have client using SAP HCM and intend procuring an Access Control Solution to manage her people.
What the client wants to avoid though is having to create a new employee in SAP HCM and manually creating same in the Access Control Software. Is there a way this can be automated such that upon recruitment of new staff, the data is updated in the Access Control DB which uses MS SQL? If this is possible, what is required to get this working well.
Thanks for your support in this regard.
Regards
JohnFor time management with the help of transaction pt80 you can download the information about employees with the help of idoc. And there are some programs a.k.a connectors that link access control systems and SAP so that you do not hire the same employee in the access control problem. You hire the employee in SAP and SAP sends the information (HR Minimaster DATA) to the related program.
It is also do the same thing for the employees who resign. I mean if an employee is fired or resigned from the company than it is sent to the related system.
These can be found under PDC integrated systems. You can find information about the systems from Ecohub. http://ecohub.sap.com/
I hope this answer will help. -
Problem with Cisco Secure Access Server 3.0
Hi All,
Please what is my problem? I use Cisco Secure Access Server Version 3.0 for Windows 2000/NT Servers to authenticate users on our wireless network. I however wish to assign monthly time limits to each user after which he/she will no longer have access until next month or the timer is reset. I tried this with the "User Usage Quota" under User setup. I set the Server to "Limit user to X hours of online time per Month" and enabled the "Use these settings" and also checked the box by the side of the option. I saved and restarted my server. Unfortunetly the settings did not work for all the users whose quotas I set.
What Am I doing wrong. Please assist.
ChafeDo you have your AP's sending accounting data? If not, ACS has no way of knowing how long they've been online?
You can utilize your ACS logging to see what your accounting looks like to confirm whether you are receiving accounting packets or not?
HTH
Jeff -
Dear All,
I have depolyed a cisco nac solution in inband virtual gateway mode.Everything is working fine.The issue is that i want to restrict intranet server access.Usually there is a web server configured on it and users can access by typing http://intranet.There are also shared resources on it.
I want certain users to be able to access shared ressources but not access the intranet by typing http://intranet.I created access rules in traffic control to deny tcp protocol from the specified source to the destination ip address of the server on port 80and permit everything else.Users continue to access both ressources.
Since it was not working, created access-list on the L3 3560 switch to deny connection on 172.31.0.3:80 and permit everything else and applied it to the users vlan svi.Still it does not work.
How can i make it happen ?Please help.
ThanksYes Sir.. Check this link for supported devices with Cisco ISE
http://www.cisco.com/en/US/docs/security/ise/1.0.4/compatibility/ise104_sdt.html
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection." -
Cisco Prime Network Control System Health Monitor Reflected XSS
Apologies for the n00b question,
I am a security manager not a Cisco guru so please bear with me
Our Nessus scanner has picked this vulnerability up
Nessus states that there is no fix
Looking on Cisco's bug search the status is set to fixed,
https://tools.cisco.com/bugsearch/bug/CSCud18375
I found this article on Cisco's website
Multiple Vulnerabilities in the WLSE Appliance - Cisco 2011-12-10
There are two vulnerabilities that exist in the CiscoWorks Wireless LAN Solution Engine (WLSE). The first is a cross site scripting (XSS) vulnerability that may allow an attacker to gain administrative privileges on the system. The second is a local privilege escalation vulnerability that can be used by an attacker who already has authenticated access to the command line interface to obtain access to the underlying operating system. Cisco has made free software available to address this vulnerability for affected customers. This advisory is available at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060419-wlse
Is WLSE part of WCS or am I grasping at straws here? Our techies don't seem to think so
We are currently running CISCO Wireless Controller System (WCS) running on Version 7.0.240.0 which is end of life
Is there an upgrade path for newer software?
Has anyone else encountered this issue
http://www.kb.cert.org/vuls/id/8303161. Its possible but some sort of lock/bug is preventing the removal of the controller. Is the controller reachable? Have you attempted to restart NCS to see if you are able to remove the controller afterwards?
2. 8510 not supported on NCS, you must upgrade to Cisco Prime 1.3.x or higher.
http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.3/release/notes/cpi_rn_13.html#wp86690
3. Follow the upgrade steps for all information regarding patches and migration path:
http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.3/quickstart/guide/cpi_qsg_1_3.html#wp69624 -
Cisco Prime Network Control System (NCS) - Reports
Hiya Supporters !
Just wonder how to make a report showing me which AP's in my setup that NEVER have any associated clients on, and/or over a given period of time, like 1 or months.
seems like I can get some reports under :
reports - report launch pad - clients
but i can not get clients count = 0 by "AP name"
anyone know how ?
I use WLC's versions 7.0.116 and NCS 1.0.2.29 appliance on ESXmbilgrav,
There is a command on the NCS CLI that looks interesting:
# ncs db reinitdb
wilab-ncs/admin# ncs db ? reinitdb Reinitialize NCS database by dropping all the tables
DISCLAIMER: I'm not a database guy, I've never used this command, and I have no idea what the ramifications are (I've searched and haven't found much). If you do decide to try it, snapshot/backup first and proceed at your own risk.
UPDATE: Curiousity got the best of me and I ran this command on my own lab NCS. I can confirm that this wipes out the NCS database completely and dumps you back to defaults. All user accounts except root are deleted, along with maps, devices and settings. The only thing that appears to be preserved is licensing. So... this could be useful if you wanted to re-attempt a WCS database migration: You could delete the offending AP entry within WCS first, then migrate your db over to NCS and presumably it would import without this AP record. That's assuming you came over from WCS in the first place, which I don't think you mentioned.
Other than that, you could try TAC. It sounds like a corrupt database entry or a bug to me, so maybe they can give you a sql query that will clear it out from the CLI or something.
If it were my system, I would snapshot/backup the 1.0 installation and then upgrade to 1.1. If you don't like the upgrade or if it breaks anything, you can restore your 1.0 snapshot.
Please let us know if/how you are able to resolve the issue.
Justin -
Secure Access Control Server for Windows.
Is this software licensed by server with an unlimited amount of devices that connect to it? Or do I license each device that uses it?
You can connect unlimited devices i.e."AAA Clients" to acs server.
Regards,
~JG
Please rate helpful posts -
OSB - ALSB / WLST / Security / add entry with WLST in Access Control
Hello,
I try to reproduce with WLST script the input from the consol to declare user on Access Control proxy (security).
sbconsol->$Proxy Service->Security->General Confiruration->Access Control->Transport Access Control->Add Conditions
* First implementation without success with the com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean : accessControlSecurity1()
* Second try with the service definition of the proxy service but cannot parse with Xpath accessControl Security2()
any idee ???
test case :
prerequisit
create an ALSB domain 10.3 (admin one with username='weblogic' password='weblogic' url='t3://localhost:7001') and create a proxy service on the default project
conf/setEnv.cmd
@CLS
@echo ON
@set BEA_HOME=D:\PRODUCT\MIDDLEWARE\SOA\OSB_10.3
@set WL_HOME=%BEA_HOME%\wlserver_10.3
@set OSB_HOME=%BEA_HOME%\osb_10.3
@set SCRIPTING_HOME=E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security
@set OSB_LIB=%OSB_HOME%/lib/sb-kernel-api.jar;%BEA_HOME%/modules/com.bea.alsb.statistics_1.0.1.0.jar;%OSB_HOME%/lib/sb-kernel-resources.jar;%OSB_HOME%/lib/sb-kernel-common.jar;%OSB_HOME%/lib/sb-kernel-impl.jar;%OSB_HOME%\lib\sb-security.jar;%OSB_HOME%/modules/com.bea.common.configfwk_1.3.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.1.0.jar;%OSB_HOME%/lib/modules/com.bea.alsb.resources.archive.jar;
@set TOOL_LIB=%SCRIPTING_HOME%\lib\log4j-1.2.15.jar;%SCRIPTING_HOME%\lib\jsch-0.1.43.jar;%SCRIPTING_HOME%\lib\db2jcc.jar
@set CLASSPATH=%OSB_LIB%;%TOOL_LIB%;%CLASSPATH%
@set CLASSPATH=%SCRIPTING_HOME%\lib\db2jcc.jar;%TOOL_LIB%;%CLASSPATH%
@set MODULE_LIB=%SCRIPTING_HOME%\lib
@call %WL_HOME%\server\bin\setWLSEnv.cmd > nul 2<&1
launch.cmd
@CLS
@echo OFF
@SETLOCAL
@call "conf\setEnv.cmd" > nul 2<&1
set PWD=%~dp0
%JAVA_HOME%\bin\java -Dmodule.lib=%MODULE_LIB% weblogic.WLST -skipWLSModuleScanning lib/security.py
lib/security.py
from com.bea.wli.monitoring import StatisticType
from java.util import HashMap
from java.util import HashSet
from java.util import ArrayList
from java.util import Collections
from java.io import FileInputStream
from java.io import FileOutputStream
from java.lang import String
from java.lang import Boolean
from com.bea.wli.sb.util import EnvValueTypes
from com.bea.wli.config.env import EnvValueQuery;
from com.bea.wli.config import Ref
from com.bea.wli.config.customization import Customization
from com.bea.wli.config.customization import EnvValueCustomization
from com.bea.wli.config.customization import FindAndReplaceCustomization
from com.bea.wli.sb.management.configuration import SessionManagementMBean
from com.bea.wli.sb.management.configuration import ALSBConfigurationMBean
from com.bea.wli.sb.management.query import BusinessServiceQuery
from com.bea.wli.sb.management.query import ProxyServiceQuery
from com.bea.wli.sb.management.configuration import ServiceConfigurationMBean
import os
# before, create an ALSB domain 10.3 with a proxy service in the default project and add an Acces Control Policy in the consol
# sbconsol->Project Explorer->default->${proxy service}->Security->Access Control->Create Session->Add Conditions->User->USR_1->Add
# when we try to modify the Acces Control Policy of the proxy service with the ServiceSecurityConfigurationMBean
def accessControlSecurity1( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get the ServiceSecurityConfigurationMBean
serviceSecurityConfigurationMBean = findService(String("ServiceSecurityConfiguration.").concat(sessionName), "com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean")
# get the XACMLAuthorizer
working_directory=pwd()
serverConfig()
xacmlAuthorizer = cd('/SecurityConfiguration/%s/Realms/myrealm/Authorizers/XACMLAuthorizer' % domain_name )
cd(working_directory)
domainRuntime()
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
# use the security Mbean to add : USER_A,USER_B,USER_C to the policy
policyHolder = serviceSecurityConfigurationMBean.newAccessControlPolicyHolderInstance(xacmlAuthorizer)
policyHolder.setPolicyExpression("Usr(USER_A,USER_B,USER_C)")
policyScope = serviceSecurityConfigurationMBean.newDefaultMessagePolicyScope(ref)
serviceSecurityConfigurationMBean.setAccessControlPolicy(policyScope,policyHolder)
# print the service definition
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# we can see the security entry in the service definition has follow
# <xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <ser:coreEntry isProxy="true" isEnabled="true" isAutoPublish="false">
# <ser:description/>
# <ser:security>
# <con:access-control-policies xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con:message-level-policies>
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# </con:access-control-policies>
# </ser:security>
# but when we commit
SessionMBean.activateSession(sessionName, "description for session activation")
# we got the following exception
# Unexpected error: com.bea.wli.config.session.SessionConflictException
# No stack trace available.
# Problem invoking WLST - Traceback (innermost last):
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 246, in ?
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 105, in accessControlSecurity1
# com.bea.wli.config.session.SessionConflictException: Conflicts for session SessionScript1363339726764
# [Non-Critical] Concurrent Modification Conflicts
# NONE
# [Critical] Resources with validation errors
# 1 - ProxyService test/PS_TEST_bis CannotCommit
# + CannotCommit [OSB Security:386836]Unnecessary proxy wide message access control policy found for service "test/PS_TEST_bis". Hint: The service is neither an active security
# intermediary nor has custom authentication enabled. ServiceDiagnosticLocation[SECURITY_TAB]:DiagnosticLocation:<con:message-level-policies xmlns:ser="http://www.bea.com/wli/sb/services" xml
# ns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env" xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/
# config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# [Info] Informational messages
# NONE
# at com.bea.wli.config.session.SessionManager.commitSessionUnlocked(SessionManager.java:358)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:339)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:297)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:306)
disconnect()
# when we try to modify the Acces Control Policy of the proxy service whith the service XML definition
def accessControlSecurity2( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
# parsing the proxy definition
nsSer = "declare namespace ser='http://www.bea.com/wli/sb/services'"
nsXsi = "declare namespace xsi='http://www.w3.org/2001/XMLSchema-instance'"
nsTran = "declare namespace tran='http://www.bea.com/wli/sb/transports'"
nsEnv = "declare namespace env='http://www.bea.com/wli/config/env'"
nsCon = "declare namespace con='http://www.bea.com/wli/sb/services/security/config'"
nsCon1 = "declare namespace con1='http://www.bea.com/wli/sb/services/security/config'"
# when we try to parse the following Xpath Expression, it' working but not sufficent to access the <con:policy-expression> element
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "WORKING{%s}" % confElem
# get the result
# <xml-fragment xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config" xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_1,USER_2,USER_3)</con:policy-expression>
# </con:policy>
# </xml-fragment>
# and when we try to acces the <con:policy> element whith the following Xpath expression we got an empty result
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy/con:policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "DON'T WORKING{%s}" % confElem
# get empty result
# array([], org.apache.xmlbeans.XmlObject)
# want to modify the value like this on the <con:policy-expression> but cannot reach it ...
#confValue="Usr(USER_A,USER_B,USER_C)"
#confElem.setStringValue(confValue)
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
# print the service definition
def printServiceDefinition( domain_name ):
# connection
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
#accessControlSecurity1('cluster_domain')
accessControlSecurity2('cluster_domain')Hello,
I try to reproduce with WLST script the input from the consol to declare user on Access Control proxy (security).
sbconsol->$Proxy Service->Security->General Confiruration->Access Control->Transport Access Control->Add Conditions
* First implementation without success with the com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean : accessControlSecurity1()
* Second try with the service definition of the proxy service but cannot parse with Xpath accessControl Security2()
any idee ???
test case :
prerequisit
create an ALSB domain 10.3 (admin one with username='weblogic' password='weblogic' url='t3://localhost:7001') and create a proxy service on the default project
conf/setEnv.cmd
@CLS
@echo ON
@set BEA_HOME=D:\PRODUCT\MIDDLEWARE\SOA\OSB_10.3
@set WL_HOME=%BEA_HOME%\wlserver_10.3
@set OSB_HOME=%BEA_HOME%\osb_10.3
@set SCRIPTING_HOME=E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security
@set OSB_LIB=%OSB_HOME%/lib/sb-kernel-api.jar;%BEA_HOME%/modules/com.bea.alsb.statistics_1.0.1.0.jar;%OSB_HOME%/lib/sb-kernel-resources.jar;%OSB_HOME%/lib/sb-kernel-common.jar;%OSB_HOME%/lib/sb-kernel-impl.jar;%OSB_HOME%\lib\sb-security.jar;%OSB_HOME%/modules/com.bea.common.configfwk_1.3.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.1.0.jar;%OSB_HOME%/lib/modules/com.bea.alsb.resources.archive.jar;
@set TOOL_LIB=%SCRIPTING_HOME%\lib\log4j-1.2.15.jar;%SCRIPTING_HOME%\lib\jsch-0.1.43.jar;%SCRIPTING_HOME%\lib\db2jcc.jar
@set CLASSPATH=%OSB_LIB%;%TOOL_LIB%;%CLASSPATH%
@set CLASSPATH=%SCRIPTING_HOME%\lib\db2jcc.jar;%TOOL_LIB%;%CLASSPATH%
@set MODULE_LIB=%SCRIPTING_HOME%\lib
@call %WL_HOME%\server\bin\setWLSEnv.cmd > nul 2<&1
launch.cmd
@CLS
@echo OFF
@SETLOCAL
@call "conf\setEnv.cmd" > nul 2<&1
set PWD=%~dp0
%JAVA_HOME%\bin\java -Dmodule.lib=%MODULE_LIB% weblogic.WLST -skipWLSModuleScanning lib/security.py
lib/security.py
from com.bea.wli.monitoring import StatisticType
from java.util import HashMap
from java.util import HashSet
from java.util import ArrayList
from java.util import Collections
from java.io import FileInputStream
from java.io import FileOutputStream
from java.lang import String
from java.lang import Boolean
from com.bea.wli.sb.util import EnvValueTypes
from com.bea.wli.config.env import EnvValueQuery;
from com.bea.wli.config import Ref
from com.bea.wli.config.customization import Customization
from com.bea.wli.config.customization import EnvValueCustomization
from com.bea.wli.config.customization import FindAndReplaceCustomization
from com.bea.wli.sb.management.configuration import SessionManagementMBean
from com.bea.wli.sb.management.configuration import ALSBConfigurationMBean
from com.bea.wli.sb.management.query import BusinessServiceQuery
from com.bea.wli.sb.management.query import ProxyServiceQuery
from com.bea.wli.sb.management.configuration import ServiceConfigurationMBean
import os
# before, create an ALSB domain 10.3 with a proxy service in the default project and add an Acces Control Policy in the consol
# sbconsol->Project Explorer->default->${proxy service}->Security->Access Control->Create Session->Add Conditions->User->USR_1->Add
# when we try to modify the Acces Control Policy of the proxy service with the ServiceSecurityConfigurationMBean
def accessControlSecurity1( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get the ServiceSecurityConfigurationMBean
serviceSecurityConfigurationMBean = findService(String("ServiceSecurityConfiguration.").concat(sessionName), "com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean")
# get the XACMLAuthorizer
working_directory=pwd()
serverConfig()
xacmlAuthorizer = cd('/SecurityConfiguration/%s/Realms/myrealm/Authorizers/XACMLAuthorizer' % domain_name )
cd(working_directory)
domainRuntime()
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
# use the security Mbean to add : USER_A,USER_B,USER_C to the policy
policyHolder = serviceSecurityConfigurationMBean.newAccessControlPolicyHolderInstance(xacmlAuthorizer)
policyHolder.setPolicyExpression("Usr(USER_A,USER_B,USER_C)")
policyScope = serviceSecurityConfigurationMBean.newDefaultMessagePolicyScope(ref)
serviceSecurityConfigurationMBean.setAccessControlPolicy(policyScope,policyHolder)
# print the service definition
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# we can see the security entry in the service definition has follow
# <xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <ser:coreEntry isProxy="true" isEnabled="true" isAutoPublish="false">
# <ser:description/>
# <ser:security>
# <con:access-control-policies xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con:message-level-policies>
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# </con:access-control-policies>
# </ser:security>
# but when we commit
SessionMBean.activateSession(sessionName, "description for session activation")
# we got the following exception
# Unexpected error: com.bea.wli.config.session.SessionConflictException
# No stack trace available.
# Problem invoking WLST - Traceback (innermost last):
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 246, in ?
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 105, in accessControlSecurity1
# com.bea.wli.config.session.SessionConflictException: Conflicts for session SessionScript1363339726764
# [Non-Critical] Concurrent Modification Conflicts
# NONE
# [Critical] Resources with validation errors
# 1 - ProxyService test/PS_TEST_bis CannotCommit
# + CannotCommit [OSB Security:386836]Unnecessary proxy wide message access control policy found for service "test/PS_TEST_bis". Hint: The service is neither an active security
# intermediary nor has custom authentication enabled. ServiceDiagnosticLocation[SECURITY_TAB]:DiagnosticLocation:<con:message-level-policies xmlns:ser="http://www.bea.com/wli/sb/services" xml
# ns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env" xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/
# config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# [Info] Informational messages
# NONE
# at com.bea.wli.config.session.SessionManager.commitSessionUnlocked(SessionManager.java:358)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:339)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:297)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:306)
disconnect()
# when we try to modify the Acces Control Policy of the proxy service whith the service XML definition
def accessControlSecurity2( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
# parsing the proxy definition
nsSer = "declare namespace ser='http://www.bea.com/wli/sb/services'"
nsXsi = "declare namespace xsi='http://www.w3.org/2001/XMLSchema-instance'"
nsTran = "declare namespace tran='http://www.bea.com/wli/sb/transports'"
nsEnv = "declare namespace env='http://www.bea.com/wli/config/env'"
nsCon = "declare namespace con='http://www.bea.com/wli/sb/services/security/config'"
nsCon1 = "declare namespace con1='http://www.bea.com/wli/sb/services/security/config'"
# when we try to parse the following Xpath Expression, it' working but not sufficent to access the <con:policy-expression> element
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "WORKING{%s}" % confElem
# get the result
# <xml-fragment xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config" xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_1,USER_2,USER_3)</con:policy-expression>
# </con:policy>
# </xml-fragment>
# and when we try to acces the <con:policy> element whith the following Xpath expression we got an empty result
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy/con:policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "DON'T WORKING{%s}" % confElem
# get empty result
# array([], org.apache.xmlbeans.XmlObject)
# want to modify the value like this on the <con:policy-expression> but cannot reach it ...
#confValue="Usr(USER_A,USER_B,USER_C)"
#confElem.setStringValue(confValue)
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
# print the service definition
def printServiceDefinition( domain_name ):
# connection
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
#accessControlSecurity1('cluster_domain')
accessControlSecurity2('cluster_domain') -
Cisco Network Control System software
As far as I know, the NCS is an appliance. But today some people told me that he has a copy of Cisco's Network Control System software. I am confused. If what he said is true, can I install the software on the Windows platforms like Win2003 or Win2008?
Thanks in advance.
RobertHi Robert,
Here we go
Product Specifications for Cisco Prime NCS
Item
Specification
VMware ESX and ESXi Versions (Virtual Appliance on a Customer-Supplied Server)
If deploying Cisco Prime NCS as a virtual appliance, on a customer-supplied server, one of the following versions of VMware ESX or ESXi may be used:
• VMWare ESX or VMWare ESXi version 4.1
Minimum Server Requirements for Deploying Virtual Appliances
Cisco Prime NCS High-End Virtual Appliance:
• 15,000 lightweight access points; 5000 standalone access points; 1200 wireless LAN controllers and 5000 switches
• Minimum RAM: 16GB
• Minimum Hard disk space allocation: 400GB
• Processors: 8, at 2.93GHz or better
Cisco Prime NCS Standard Virtual Appliance:
• 7500 lightweight access points; 2500 standalone access points; 600 wireless LAN controllers and 2500 switches
• Minimum RAM: 12GB
• Minimum Hard disk space allocation: 300GB
• Processors: 4, at 2.93GHz or better
Cisco Prime NCS Low-End Virtual Appliance:
• 3000 lightweight access points; 1000 standalone access points; 240 wireless LAN controllers and 1000 switches
• Minimum RAM: 8GB
• Minimum Hard disk space allocation: 200GB
• Processors: 2, at 2.93GHz or better
Deploying Cisco Prime NCS Virtual Appliance on CiscoWorks Wireless LAN Solution Engine (WLSE) models 1130-19 or 1133
• Cisco Prime NCS is not supported on the Cisco WLSE hardware
http://www.cisco.com/en/US/prod/collateral/wireless/ps5755/ps11682/ps11686/ps11688/data_sheet_c78-650051.html
Cheers!
Rob
Maybe you are looking for
-
Safari unexpectedly quits while trying to view content at Disney site
Whenever my kids try to access the games and videos at the Playhouse Disney website, Safari (and Firefox) quit unexpectedly. I've tried the troubleshooting tips suggested by Apple's article on this, including restarting the computer, resetting Safari
-
To transfer data from one db table to anotherdb's table
I have to transfer data from one db table A to another db table B. Both the tables have data which is common. I want to transfer data from table A to table B. Data transfer needed is only the excess data in table A
-
Having trouble using Xrite i1 Display Pro after upgrading to Mavericks. I'm a photog and monitor calibration is essencial. Any ideas? Thanks!
-
HAAALP!!! AIRPORT EXTREME NOT SHOWING UP ON AIRPORT UTILITY
I have two airport extremes one to make network and one to expand it. the one i have to make the network is working fine and is a FINE peice of machinery. but the second one i have to extend my network will not show up on airport utility. and no i am
-
SAP B1 speed Problem at startup
Hi! I have some problems, connecting from Workstation to SAP B1 DB and Licence Server. It takes very long to open, any ideas what could be wrong? The Welcome Screen with logon information remains for aprox. 3 min, until it loads the application. Mayb