CookieDomain
Hi,
I am using Weblogic App Server 8.1.
i have set the cookie domain to abc.abc.abc.com in the weblogic.xml. The problem is after setting the cookie domain i am not able to get the session object from request. Though i am able to login into my application but after that it says session is null and i am not able to retrieve any objects from session.
Can any one help me on this.
Regards,
V.Bhaskar
Ah, just noticed that SessionCookieDomain is a read only property:
http://edocs.bea.com/wls/docs92/wlsmbeanref/mbeans/WebAppComponentRuntimeMBean.html?skipReload=true#SessionCookieDomain
So I guess weblogic.xml is the only way. Shame it is read only!
Similar Messages
-
Alternative method of setting CookieDomain
Is there a way of setting a web applications CookieDomain other than setting it in the weblogic.xml file? It is not possible for us to set it in that file as the value will differ across the environments.
I'm guessing this value is stored in the WebAppComponentMBean but I'm not sure how to access that. Any code examples would be very helpful (we are running on Weblogic 92).
CheersAh, just noticed that SessionCookieDomain is a read only property:
http://edocs.bea.com/wls/docs92/wlsmbeanref/mbeans/WebAppComponentRuntimeMBean.html?skipReload=true#SessionCookieDomain
So I guess weblogic.xml is the only way. Shame it is read only! -
URGENT: Regading CookieDomain in weblogic.xml
Hi,
Should the "CookieDomain" be set in <session-descriptor> tag of weblogic.xml while
in-memory replication is used ?
For what purpose, is this CookieDomain attribute used ? Could someone please explain
this concept ?
TIA,
Prem
One simple example when setting CookieDomain is useful is preventing loss
of the session cookie during http to https transition (setting it to
.somesompany.com).
Michael Reiche <[email protected]> wrote:
> Without double checking - it works something like this...
> Cookies have a name and a domain. The application can read any cookies
> which are from its own domain. So if your domain is mail.yahoo.com, you can
> read cookies with the domain mail.yahoo.com and also yahoo.com - but you
> cannot read cookies from news.yahoo.com (or msn.net (then again, why would
> you want to?)).
> So, unless you are doing something funky, you can ignore the CookieDomain.
> This doesn't really have anything to do with 'in-memory replication'.
> Mike
> "Prem" <[email protected]> wrote in message
> news:[email protected]..
>>
>> Hi,
>>
>> Should the "CookieDomain" be set in <session-descriptor> tag of
> weblogic.xml while
>> in-memory replication is used ?
>>
>> For what purpose, is this CookieDomain attribute used ? Could someone
> please explain
>> this concept ?
>>
>> TIA,
>> Prem
Dimitri
-
SSO with WIA not working yet...
Hi,
We are trying to deploy SSO in our PT 5.0.2 portal (running on Windows 2000), but have not been able to get it to work
successfully yet. Microsoft Active Directory 2000 is our user/group source.
The server architecture is as follows:
Server A = Serves as Admin Portal, Portal Server, and Image Server (resides in the DMZ)Server B = Serves as Automation Server (resides inside the firewall)Server C = Serves as Database Server (running SQL Server 2000; resides inside the firewall)Server D = Serves as the Application Server (portlets reside on this server; resides in the DMZ)
All servers reside in the SAME domain.
This is what we have done so far:
1. Installed prerequisite software (i.e. IIS 5.0 and .NET Framework 1.1.4322) on Server C. Successfully installed and
configured the Active Directory Authentication Web Service (i.e. PT Optional Enterprise Web Component) on Server C.
2. Imported the above Web component, ADAWS, into Server A, using the PT Migration Wizard. This automatically created a
"Remote Server" and 2 "Web Services" (namely Authentication Web Service and Profile Web Service) objects on Server A.
3. Created a "Authentication Source - Remote" on Server A. The value in the "Authentication Source Category: " field is
EXACTLY the same as the Active Directory Source Domain. Selected "Authentication and Synchronization" as the Synchronization
setting, and "Full Synchronization."
4. Created a Job and added the above Remote Auth Source as the operation. The JOb ran successfully and imported all users and
groups from Active Directory.
5. Users can successfully login to the portal using the above Remote Auth Source (User ID example: Domain\joe_user).
6. Enabled "Integrated Windows Authentication" ONLY on the "\portal\sso" folder in Internet Services Manager on Server A.
Ensured that the security is set to "Anonymous" on "\portal" and "\portal\bin" folders.
7. Enabled SSO in the Portal, by entering the SSO Secret key in the SSO tab in the PT Admin Applet on Server A.
8. Created a "Authentication Source - SSO" on Server A. Entered the same SSO Secret key entered above and successfully
validated it.
9. Configured SSO integration with Windows Integrated Authentication (WIA) by editing the PTconfig.xml file. The edits are as
follows:
<SSOVendor value="5"/><DefaultAuthSourcePrefix value=""/><CookieDomain value=".companyname.com" />
NOTE: I did not have to edit the "sso.xml" file since the Auth Source category is EXACTLY the same as the Active Directory
Source Domain.
10. Edited the "Authentication Source - Remote" that we created in step 3 above, and changed the setting to
"Synchronization." And then selected the "Authentication Source - SSO" (created in step 8 above) from the "Authentication
Partners: " drop down list.
11. Users can still successfully login to the portal using the Remote Authentication Source after the above change.
12. Server D hosts a remote portlet. It is an IFRAME portlet (written in ASP) that has "href" links to several apps that
reside on Server D. The security on the folder, that contains this portlet, in Internet Services Manager, is set to
"Integrated Windows Authentication." Created a "Remote Server" object for Server D on Server A. Then created a "Web Service -
Remote Portlet" object for the portlet. In the Web Service, I selected the Remote server that I created, and entered only the
remaining path to the portlet (i.e. Portlet URL setting), since PT provided the "http://serverD/" portion. Finally created a
"Portlet" object.
13. users login to the portal using their domain ID (i.e. Domain\joe_user). They are then able to add the portlet to their
page. But when they attempt to click on the links in the portlet they are challenged to enter their user name and password
again.
What step or setting are we missing here? Any help will be sincerely appreciated.
Best regards,KiranHi Rajendrakumar,
You probably haven't updated the ACL properly via STRUSTSS02.
The portal server digitally signs logon tickets as it issues them to the portal users. SAP Systems need to accept the tickets and verify the portal servers digital signature. The following information is important for the SAP System to be able to accept and verify logon tickets:
· The SAP System should only accept logon tickets issued from their designated portal server. Therefore, the identity of the portal server needs to be entered in the SAP Systems Single Sign-On (SSO) access control list (ACL).
· The SAP System needs to be able to verify the portal servers digital signature. The portal server has a self-signed certificate, therefore the SAP System needs access to the portal servers public-key information, which needs to be entered in the SAP Systems certificate list.
Check the following procedure
http://help.sap.com/saphelp_nw70/helpdata/en/78/f1a8490e7011d6999500508b6b8a93/frameset.htm
Regards,
Siddhesh -
ConnectionExpireMinutes in OBIEE 11.1.1.7
Hi All,
I know that this topic was started while ago, however believe me, I've come through all of the post I found.
What I want to achieve is to set up a limit 20-30 minutes to run queries for end users.
What I've done so far is:
a) I set up this value via RPD - > Identity , etc ..... 20 minutes, Enable.
It works half way - after 20 minutes I get an error at Analytics, however this query is still running at Database side (sometimes more than 24 hours)
Then I followed another instructions and set up parameter in config file instanceconfig.xml like below
<Security>
<ConnectionExpireMinutes>20</ConnectionExpireMinutes> -- only this line is new
<ClientSessionExpireMinutes>210</ClientSessionExpireMinutes>
</Security>
After saving and restarting the servers - my Presentation Server is down.
Logs are below:
Exception occurred:
Severity:5
Type:PKN3saw9ExceptionE
File:project/webutil/configreaderinstance.cpp
Line:558
Message:Invalid settings in config file: Bad config instance '/opt/app/obiee/fmw_home1/instances/instance1/config/OracleBIPresentationServicesComponent/coreapplication_obips1/instanceconfig.xml'!^M
^M
Unknown element 'ConnectionExpireMinutes'^M
^M
Element 'ConnectionExpireMinutes' is not valid for content model: 'All(AllowRememberPassword,ClientSessionExpireMinutes,LogonExpireMinutes,MaxTicketLifetimeMinutes,CookieDomain,CookieLifetimeMinutes,CookiePath,CookieSecure,HttpOnlyCookies,SecureCookieLifetimeMinutes,CookieByteLength,CheckUrlFreshness,FreshnessIdByteLength,EscapeFormulasForCSVAndExcelDownloads,MsgCRCChecking,SessionIDEntropySourceQuality,SessionIDCookieName,PersistCookies,EnableWebServerAuthInSoap,LogSessionIDWithNewClient,InIFrameRenderingMode,UserPopulationQueryTimeoutSecs)'^M
^M
I'm not an expert, however it looks like in version 11.1.1.7 there is no parameter like ConnectionExpireMinutes. Is it something relevant/similar ?
P.S. I've also tried to put this parameter within different tag than Security - it didn't work as well.
I really appreciate your help.
Thanks
GoliHi,
I can confirm that there is no "ConnectionExpireMinutes" option for the presentation server, the only "expire" setting allowed next to ClientSessionExpireMinutes is LogonExpireMinutes, but again this is more a way to logoff the user, I don't think it will cancel the currently running query on the DB.
Where did you got the "ConnectionExpireMinutes" from ? -
The Web Dynpro application 'UWL' has expired
Hi ALL,
We are using Enterprise portal 7.0. and backend SRM server
When the user login into portal it will take him to the UWL page
in that the user click for any "Approve shopping cart" the error message showing
" The web dynpro application *'UWL' has expired. restart the application. choose 'refresh' in the iview tray or use the*
*browser 'refresh' button to restart the iview"*
user not getting the error message every time. error coming occasionally
we suggest the user to clear the cookies and restart the browser and relogin.
but some times it works some times not
Can any one know the exact problem (any parameters has to be change or any other solution)?
Regards,
Abdul Razzaq
SAP NW.BASIS ConsultantDear Abdul ,
Hope you are doing good.
We have seen similar cases of WD Session Expired error message when the jsessionid cookie issued by the server with the initial requests was not returned from the client with subsequent requets to the server. The only way to ascertain whether this is the case in your system will be by checking the HTTP watch trace (note 1558903 - How To Trace a Portal Scenario Using HttpWatch).
As the jsessionid cookie is used for session management, when it is missing from the request headers the correct session could not be retrieved and as result new session will be created for that user. Set the parameter JSESSIONID.CookieDomain to "NONE" as mentioned in the sap note: 791765 and see if the issue persists. This configuration should be accessible in
Config Tool -> expand the tree "cluster-data" -> "Global Server Configuration" -> "services" -> "servlet_jsp" -> Go to "Global
Properties". Do make the changes, save the customization and then restart the complete SAP server (not just the JAVA server nodes).
Kindly go through the note completely.
Also make sure that the SystemCookiesDataProtection and SystemCookieHTTPProtection is set in the HTTP Provider Service on
the server nodes.
Do make the changes,save the customization and then restart the complete SAP server.
Thank you and have a nice day :).
Kind Regards,
Hemanth
SAP AGS -
How to make IIS plug-in do STICKY load balancing
There are two classes of scalable services: pure and sticky. A pure service
is one where any instance of the application can respond to client requests.
A sticky service is one where a client sends its requests to the same
instance; those requests are not redirected to other instances.
It seems to me that weblogic IIS proxy plug-in does not support the sticky
load balancing.
Could someone give me some information on how to make the proxy sticky?
Is there configuration parameters for this?
Thanks,
-LeiI set the cluster.
It seems to me that there is some problem with the Set-Cookie mechanism of
the plug-in.
Sometime it set the cookie in my browser, sometime it is not.
Even from the wlproxy.log, I could set something like
Fri Aug 03 17:56:12 2001 Hdrs to
client:[Set-Cookie]=[AribaNode=O2tII92qHlP2tpZjUV0m5ued1s6X028cUPu24QcGj1Q25
AE5VXOd!1782877802312707887!ltang.ariba.com!8001!7002; domain=ariba.com;
path=/]
But the cookie is not set in my browser, what might be wrong here?
Thanks,
-Lei
"Eric Gross" <[email protected]> wrote in message
news:[email protected]...
I do believe that this will not work since if clustering is not enabled, a
cookie will not be set on the browser that contains the primary and
secondary server.
You are specifying two different ports in your servers. You need to use
clustering in order to get this functionality with the plugin.Furthermore,
you will achieve fail-over.
Regards,
Eric
"Lei Tang" <[email protected]> wrote in message
news:[email protected]...
Here is what I did for the examples under the bea sample directory.
I put the following in test1/WEB-INF/weblogic.xml
<session-descriptor>
<session-param>
<param-name> CookieDomain </param-name>
<param-value> *.ariba.com </param-value>
</session-param>
<session-param>
<param-name> CookieName </param-name>
<param-value> AribaNode </param-value>
</session-param>
<session-param>
<param-name> CookiePath </param-name>
<param-value> /test1 </param-value>
</session-param>
</session-descriptor>
</weblogic-web-app>
I add the following in iisproxy.ini
# This file contains initialization name/value pairs
# for the IIS/WebLogic plug-in.
WebLogicCluster=ltang.ariba.com:8001,achu.ariba.com:7001
ConnectTimeoutSecs=20
ConnectRetrySecs=2
Debug=ALL
WLLogFile=c:\tmp\wlproxy.log
WlForwardPath=/test1
DynamicServerList=OFF
CookieName=AribaNode
I use SesssionServlet.java as an example
When I involk http://proxy/test1/SessionServlet, I always get 1
if I use
http://proxy/test1/SessionServlet:AribaNode=................................
I could see the session becomes sticky.
If I do not want to use URL rewriting, what should I do in order to makethe
session STICKY
for this example.
Thanks,
-Lei
"Eric Gross" <[email protected]> wrote in message
news:[email protected]...
If you leave the CookieName untouched on the WebLogic side, then there
should be no reason to make the change in the plug-in.
But yes, you need to make sure the cookie names are the same.
Regards,
Eric
"Mark Vaughn" <[email protected]> wrote in message
news:[email protected]...
Actually, you also need to make sure you set the "CookieName" in theplugin.
That let's the plugin read the cookie set by WebLogic to determine
who
the
primary and secondary servers are for that session. Otherwise, theplugin
has no
way of knowing if you are establishing a new session or returning to
an
existing
one. The cookie will tell it if you have a current session and who
it
should
send you to for continuing that session, or failing that session
over.
>>>>
Eric Gross wrote:
Without having clustering enabled, you will not get Sticky load
balancing.
You need to have clustering so that a cookie is sent back to the
client
that
contains information about where it's session is located.
Otherwise,
you
are just going to get round-robin each time.
You can refer to the following page for more information:
http://e-docs.beasys.com/wls/docs61/cluster/servlet.html
Regards,
Eric
"Lei Tang" <[email protected]> wrote in message
news:[email protected]...
WebLogicCluster=machine1:7001,machine2:7001
ConnectTimeoutSecs=20
ConnectRetrySecs=2
Debug=ALL
WLLogFile=c:\tmp\wlproxy.log
WlForwardPath=/test,/test1
DynamicServerList=OFF
I run two standone (Admin server) weblogic servers on machine1
machine2.
Then I deploy application test.war on machine1 first, then onmachine2.
Should I make machine2 as a managed server and machine1 as an
admi
n
server?
Will this make the session sticky?
Thanks,
-Lei
"Eric Gross" <[email protected]> wrote in message
news:[email protected]...
It would help us to know how you have iisproxy.ini configured.
Sticky
load
balancing should work fine if you have the plug-in and
WebLogic
Server
setup
correctly.
How have you setup the plug-in?
Thanks,
Eric
"Lei Tang" <[email protected]> wrote in message
news:[email protected]...
There are two classes of scalable services: pure and sticky.
A
pure
service
is one where any instance of the application can respond to
client
requests.
A sticky service is one where a client sends its requests to
the
same
instance; those requests are not redirected to other
instances.
It seems to me that weblogic IIS proxy plug-in does notsupport
the
sticky
load balancing.
Could someone give me some information on how to make the
proxy
sticky?
Is there configuration parameters for this?
Thanks,
-Lei
.-. Mark Vaughn
/V\ 7024 Corona Dr.
// \\ North Richland Hills, TX 76180
/( )\ [email protected]
^^-^^
"Give a man a fish and you feed him for a day;
teach him to use the Net and he won't bother you for weeks."
Ben Woodbridge -
Integrating Apahce HTTP server with Oracle Entitlement Server
Hi,
In our project we are trying to protect a applicaiton via Oracle entitlement server. And the login page for the same is hosted on the Apache server. But we are facing issue with the Log In page.
My apache is installed int he c:\apache folder.
The ssm folder for apache is c:\bea\ales32-ssm\apache-ssm\instance\asm1\config
the wles_module is at c:\bea\ales32-ssm\apache-ssm\lib\mod_wles.dll
I have added the follwoing lines in my httpd.conf file
LoadModule wles_module c:\bea\ales32-ssm\apache-ssm\lib\mod_wles.dll
<IfModule mod_wles.cpp>
WLESConfigDir c:\bea\ales32-ssm\apache-ssm\instance\asm1\config
</IfModule>
But while access the Apache home page I am gettign the error saying -
[Mon Mar 02 17:50:46 2009] [error] Unable to get HTTPServer instance, please check configuration.
[Mon Mar 02 17:50:46 2009] [error] WLESConfigDir=c:\\bea\\ales32-ssm\\apache-ssm\\instance\\asm1\\config
Please let me knwo if I am missing any.I am trying to access the URL -
http://<servername>:8080/test/foo.html where test/foo.html is located at c:\apache\apache2 (the docroot of Apache)
The Default.properties is as follow -
# Default policydomain settings for this runtime. Each policydomain can override these settings by creating their own
# configuration file named after the policydomain - if the policydomain is named "mydomain" then it's properties is named
# "mydomain.properties"
# All of these settings persist until the server which uses this runtime is shut down and restarted (loaded once on startup)
### Authentication settings
# Order in which authentication methods are valued. First mechanism takes precedence over the latter. Valid values are
# FORM - authenticate the user by collecting credentials (asking the user questions)
authentication.precedence=FORM
authentication.initialForm=/test/NamePasswordForm.html
authentication.nameCallback[]=username:/test/NamePasswordForm.html
authentication.passwordCallback[]=password:/test/NamePasswordForm.html
authentication.onatnfailure=/test/atnfailure.html
authentication.onatzfailure=/test/atzfailure.html
authentication.default.resultform=/test/loggedin.html
### Single-sign on domain. Must include at least 2 dots. For example: .bea.com
authentication.cookiedomain=.bea.com
### SAML Identity Transfer settings
# If this is set to true, SAML identity transfer is accepted in the post handler
saml.incoming.enable=false
# The URL that consumes SAML Browser/POST data -- SAMLIn.html is a sample
saml.incoming.url=<SAMLAssertionConsumerServiceURL>/test/SAMLIn.html
# If this is set to true, SAML SSIs are enabled, allowing for outgoing identity transfer via the SAML template
saml.outgoing.enable=false
### Role Mapping Settings
# Any value other than "true" is false and disables role mapping
rolemapping.enable=false
# The name of the variable injected into the request stream which contains a comma seperated list of roles
rolemapping.name=WLES_ROLES
### Credential Mapping Settings
# Any value of than "true" is false and disables credential mapping
credentialmapping.enable=false
# A comma seperated list of credentials to query the runtime for on each request. If the examples
# exist they will be added into the request stream and made availble to subsequant cgis
# If the credentials don't exist or are not defined no credentials are injected into the request stream
credentialmapping.credtypes=weblogic.UserPassword
# The name prepended to the credential before it is added to the request stream. A number may be added to make the name
# unique - i.e. CRED1=B64(SAMLResponse) CRED2=DBPassword etc
credentialmapping.prefix=CRED
### Session settings
# Session inactivity timeout in seconds
session.inactivity.timeout=600
# Session absolute timeout in seconds - causing the user to re-authenticate - zero means never
session.absolute.timeout=86400
# Session logoff URL
session.forcedlogoffURL=/test/logoff.html
# Session cookie prefix - used to create a unique session cookie - any string including null will do - a unique code is attached to the prefix
session.cookie.name=ALESIdentityAssertion
# Session cookie prefix - used to create a session cookie for non sensitive data
session.misc.cookie.name=WLES_MISC
# The SSM WS Configuration ID
ssmconfig.default=asm1
### Naming Authorities
namingauthority.resource=ARME_RESOURCE_AUTHORITY
namingauthority.action=ARME_ACTION_AUTHORITY
namingauthority.audit=AUDITBASE
webservice.registry.url=http://192.168.179.130:9000/ServiceRegistry
### SSL Settings
# Directory that contains ssl PEM and configuration files (such as wles-ssm.pem).
# Use forward slashes (/) even on Windows. For example: c:/path1/path2/ssl
ssl.directory=C:/bea/ales32-ssm/apache-ssm/instance/asm1/ssl
### Debug Settings
# The log level (Possible values are error or debug)
log.level=error -
Greetings,
I have implemented the ISSOIntegration interface, and in the GetSecureCookies method I am returning an array of cookie names that I want passed down to my portlets. I hit the portal with the said cookies in the headers, and I am able to extract them from the IXPRequest object passed to GetLoginInfo (in ISSOIntegration). However, the portal never sends the cookies to any portlets once I start browsing my portal (I verified this by using a tunneling tool). Does anyone know how to properly set this up?
Regards,
Andrew Bays
bdg | [email protected] | http://www.thebdgway.comI am not expert here. Have a look at portalconfig.xml. May be this may help:
This setting will be used only if you are using an SSO product. Together with CookiePath (below) these two values are the domain and path that will be used for your secure SSO cookies. The Plumtree web server will send your secure SSO cookies to any remote portlet server whose URL matches the domain and path specified here. The domain must begin with a period ('.').
<setting name="CookieDomain">
<value xsi:type="xsd:string">.plumtree.com</value>
</setting>
Edited by Bryazgin at 10/24/2007 1:42 PM -
Hi,
HW: Sun Solaris 2.8
I would really appreciate it you can cc: me if you can shed any light
as
to whats going wrong, and what I should do to fix the following
problem.
Portal server doesn't allow one to access /console (or /login) -
0 length document is returned.
We find the following in the enterprise server error log, when we
attempt
to access portal console (URI: http://....:8080/console)
1) Installed SP3.0sp3a as Open Portal, i.e without the gateway and
without
SSL enabled.
2) Our Unix users are served using YP
***From the server access logs : ***
- - [16/Nov/2001:15:12:40 -0800] "GET /login HTTP/1.0" 503 0
***From the server error logs : ***
[16/Nov/2001:14:11:27] info ( 4639): successful server startup
[16/Nov/2001:14:11:27] info ( 4639): iPlanet-WebServer-Enterprise/4.1SP7
BB1-04/05
/2001 18:30
[16/Nov/2001:14:11:28] info ( 4639): Loading Simple Session Manager by
default. Sp
ecify MMapSessionManager in servlets.properties to load persistent
session manager
[16/Nov/2001:14:11:28] info ( 4639): SimpleSessionManager: Default
values for maxi
mum number of sessions is 1000 with a time out value of 1800 seconds
[16/Nov/2001:14:11:28] info ( 4639): SimpleSessionManager: Maximum
number of sessi
ons (1000) with a time out value of (1800) seconds
[16/Nov/2001:14:12:40] info ( 4639): Internal Info: loading servlet
login
[16/Nov/2001:14:12:41] info ( 4639): Internal Info: loading servlet
pllservice
[16/Nov/2001:14:12:41] info ( 4639): pllservice: init
[16/Nov/2001:14:12:42] failure ( 4639): Internal error: exception thrown
from the
servlet service function (uri=/login): java.lang.NullPointerException,
stack: java
..lang.NullPointerException
at
com.iplanet.portalserver.auth.service.AuthD.printProfileAttrs(Compiled
Code)
at
com.iplanet.portalserver.auth.service.AuthD.<init>(AuthD.java:160)
at
com.iplanet.portalserver.auth.service.AuthD.getAuth(AuthD.java:171)
at
com.iplanet.portalserver.auth.service.LoginServlet.doGetPost(Compiled C
ode)
at
com.iplanet.portalserver.auth.service.LoginServlet.doGet(LoginServlet.j
ava:990)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:701)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:826)
at
com.netscape.server.http.servlet.NSServletRunner.Service(NSServletRunne
r.java:507)
, root cause:
Many thanks for your responses on this.
Tarang Kumar Patel. WWW home:http://ic-www.arc.nasa.gov/ic/
NASA Ames Research Center, MS 269-2, Moffett Field, CA 94035-1000
Email: [email protected], Tel:(650) 604-4721 fax: (650) 604
3594
Stated views are my own IDEA, as I'm another I.D.E.A man "I Didn't
Explain All"Just one more thing:
I made the following setting in platform.conf
ips.debug=on
Now, the trace I see on the STDOUT/STDERR stream reveals :
Received RequestSet XML : <?xml version="1.0" standalone="yes"?>
<RequestSet vers="1.0" svcid="profile" reqid="2">
<Request sid="qxcuekwwdrcfwubmmwuip82764q94o37r67n@[email protected]@8080@z
repvc"><![CDATA[<ProfileService ver="1.0" reqid="0"><GetProfile searchFlag="false"
admin="false"><Profile profileName="mercip/authentication" profileType="9"><Priv p
rivName="iwtSession-addSessionListenerOnAllSessions"/></Profile></GetProfile></Prof
ileService>]]></Request>
</RequestSet>
---->NEED TO FILL APPSHASH -----
getProfile.walktree
321^iwtSession-addSessionListenerOnAllSessions-pv
com.iplanet.portalserver.profile.service.ProfileServiceException: 321^iwtSession-ad
dSessionListenerOnAllSessions-pv
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Exception.java:42)
at com.iplanet.portalserver.profile.service.ProfileServiceException.<init>(
ProfileServiceException.java:47)
at com.iplanet.portalserver.profile.service.ProfileService.walkTree(Compile
d Code)
at com.iplanet.portalserver.profile.service.ProfileService.getProfile(Compi
led Code)
at com.iplanet.portalserver.profile.service.ProfileService.processProfileRe
quest(ProfileService.java:134)
at com.iplanet.portalserver.profile.service.ProfileService.processRequest(P
rofileService.java:123)
at com.iplanet.portalserver.profile.service.ProfileService.process(Compiled
Code)
at com.iplanet.portalserver.pll.server.PLLRequestServlet.handleRequest(PLLR
equestServlet.java:139)
at com.iplanet.portalserver.pll.server.PLLRequestServlet.doPost(Compiled Co
de)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:826)
at com.netscape.server.http.servlet.NSServletRunner.Service(NSServletRunner
.java:507)
ProfileResponse: exception key:321
ProfileResponse: exception string:iwtSession-addSessionListenerOnAllSessions-pv
ProfileResponse.toXMLString:method id is 0
Sent ResponseSet XML : <?xml version="1.0" standalone="yes"?>
<ResponseSet vers="1.0" svcid="profile" reqid="2">
<Response><![CDATA[<ProfileService vers="1.0" reqid="0"><Exception>321^iwtSession-a
ddSessionListenerOnAllSessions-pv</Exception></ProfileService>]]></Response>
</ResponseSet>
ProfileResponse: exception key:321
ProfileResponse: exception string:iwtSession-addSessionListenerOnAllSessions-pv
ProfileUtils.getProfileResponse: Response content <ProfileService vers="1.0" reqid=
"0"><Exception>321^iwtSession-addSessionListenerOnAllSessions-pv</Exception></Profi
leService>
Profile Error:
Invalid attribute or privilege name
com.iplanet.portalserver.session.SessionException: Invalid attribute or privilege n
ame
at java.lang.Throwable.fillInStackTrace(Native Method)
at com.iplanet.portalserver.session.SessionException.<init>(SessionExceptio
n.java:30)
at com.iplanet.portalserver.session.Session.addSessionListenerOnAllSessions
(Session.java:642)
at com.iplanet.portalserver.session.Session.addSessionListenerOnAllSessions
(Session.java:502)
at com.iplanet.portalserver.auth.service.AuthD.<init>(AuthD.java:112)
at com.iplanet.portalserver.auth.service.AuthD.getAuth(AuthD.java:171)
at com.iplanet.portalserver.auth.service.LoginServlet.doGetPost(Compiled Co
de)
at com.iplanet.portalserver.auth.service.LoginServlet.doGet(LoginServlet.ja
va:990)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:701)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:826)
at com.netscape.server.http.servlet.NSServletRunner.Service(NSServletRunner
.java:507)
Authd Profile Attributes
cookieDomains
cookieName->iPlanetPortalServer
authHost:authPort->........:8080
authProto->http
authHostIP->.....
authHostURL->http://.......:8080/login/default
Lets hope this helps -
Cleaning /tmp on a SunRay server
Hello,
I'm running a server with 70 SunRay units, used by a different group of users every week. Mostly. Some stick around for a few months, but the majority are here for a week at a time. The /tmp directory gets littered quickly with files related to SunRay usage. We're also using Sun's GNOME 2.0 desktop environment, which creates /tmp files. Some of the files in /tmp should not be deleted, since they will cause the SunRay units to go into a "transient state", where they have an IP address, but no graphics data is arriving from the server. The screen will display only a blue box containing the IP and MAC addresses, a status code, etc, and it will float around the screen like a screensaver. The same thing appears to happen after about 30 days, to random SunRay units, if no files from /tmp are deleted. I am trying to determine which files, if deleted, will cause the floating blue box of death, and which ones I should nuke to maintain stability.
Here are some examples of files from /tmp that I'm not sure when or if to erase:
-rw------- 1 root other 352 Aug 30 15:07 .Xauth.Aay8j
drwxrwxr-x 2 root root 1536 Sep 28 14:28 .X11-pipe
-rw-rw-rw- 1 root other 0 Aug 10 18:11 X101
prw-rw-rw- 1 root other 0 Sep 28 08:25 X11
prw-rw-rw- 1 root other 0 Sep 28 08:39 X12
-rw-rw-rw- 1 root other 0 Sep 27 20:39 X13
drwxrwxr-x 2 root root 1536 Sep 28 14:28 .X11-unix
srwxrwxrwx 1 root other 0 Sep 28 01:25 X10
srwxrwxrwx 1 root other 0 Aug 10 18:11 X100
srwxrwxrwx 1 root other 0 Aug 10 18:11 X101
What is a good way to tell if the .Xauth* files, and the files in the .X11-unix and .X11-pipe dirs, are still in use or are from a now non-existent X session?
-rw-rw-rw- 1 root other 1388 Sep 28 01:26 .dcs.robson:10.37dd79
srwxr-xr-x 1 jbullock 03frg304 0 Sep 23 07:03 jpsock.140_03.12710
-rw------- 1 jbullock 03frg304 49 Sep 23 06:58 sh12690.2
There are dozens of .dcs* and sh* files. What are the .dcs*, jpsock.* and sh* files for, and when is it safe to nuke them?
Many thanks,
Brenti had the "Mailbox is on a different server" error too recently (mine shows up in ms outlook express) - and believe my problem came from having the hostnamealiases space delimited instead of comma separated (with no spaces, e.g. "foo.host1.com,bar.host2.com") - comma delimited, no spaces seems to be required ...
i am having a different problem now though:
i can login to communications express hosted domains via -
the main host url using credentials like: [email protected]/passwd
but when going to any of the hosted.com's urls, and trying to login without the @hosted1.com in the user - i get redirected to access manager (and subsequently can't login using either uid or [email protected] at the hosted1.com/uwc url).
here's what i have in AMConfig.properties:
com.sun.identity.server.fqdnMap[mail.hosted1.com]=mail.actual.org
com.sun.identity.server.fqdnMap[mail.hosted2.com]=mail.actual.org
com.sun.identity.server.fqdnMap[mail.hosted3.com]=mail.actual.org
here's what i have in uwcauth.properties:
virtualdomain.mode = y
mail.actual.org.isvirutalhostname=mail.actual.org
i have also added the cookiedomains in amconsole under service configuration --> platform - in addition to creating directories (hosted1.com, hosted2.com, hosted3.com) under /opt/SUNWuwc/WEB-INF/domain - containing the original files and directories under /opt/SUNWuwc/WEB-INF/domain (i was not clear if these directories should take this form e.g. including the .com or if they should just contain the domain-name --e.g. hosted1?)
i can receive hosted email via pop using uid [email protected]/passwd, etc.
thanks for any input.
s7
using sparc 2005q4 msg -58; uwc - 42 -
Mailbox is on a different server
Hi,
I had successfully configured JES 2005 Q1 Messaging+ Calendaring + Delegated Administration on top of Directory and Access Manager on Sol-10 x-86. It was working perfectly fine until, I hyad a necessity to configure the same LDAP as a Native Solaris authentication.
Subsequent to my Native Solaris authentication, Calendar, Delegated Administrator is working perfectly fine, whereas in Messaging, when I login as a user, it returns with an error Message "Mailbox is on a different server".
My mailHost and preferredMailHost attributes are perfect. Any other place to look out for this.
I am also sending the /opt/SUNWmsgsr/sbin/getconf output. Thanks
OUTPUT OF /opt/SUNWmsgsr/sbin/getconf
alarm.createtimestamp = 20050519053744Z
alarm.creatorsname = "cn=directory manager"
alarm.diskavail.createtimestamp = 20050519053744Z
alarm.diskavail.creatorsname = "cn=directory manager"
alarm.diskavail.modifiersname = "cn=directory manager"
alarm.diskavail.modifytimestamp = 20050519055448Z
alarm.diskavail.msgalarmdescription = "percentage mail partition diskspace available"
alarm.diskavail.msgalarmstatinterval = 3600
alarm.diskavail.msgalarmthreshold = 10
alarm.diskavail.msgalarmthresholddirection = -1
alarm.diskavail.msgalarmwarninginterval = 24
alarm.diskavail.objectclass = nsmsgCfgAlarm
,top
alarm.modifiersname = "cn=directory manager"
alarm.modifytimestamp = 20050519055448Z
alarm.msgalarmnoticeport = 25
alarm.msgalarmnoticercpt = postmaster
alarm.msgalarmnoticesender = postmaster
alarm.objectclass = nsmsgCfgAlarmContainer
,top
alarm.serverresponse.createtimestamp = 20050519053744Z
alarm.serverresponse.creatorsname = "cn=directory manager"
"conf.test" 422 lines, 16839 characters
alarm.diskavail.msgalarmstatinterval = 3600
alarm.diskavail.msgalarmthreshold = 10
alarm.diskavail.msgalarmthresholddirection = -1
alarm.diskavail.msgalarmwarninginterval = 24
alarm.diskavail.objectclass = nsmsgCfgAlarm
,top
alarm.modifiersname = "cn=directory manager"
alarm.modifytimestamp = 20050519055448Z
alarm.msgalarmnoticeport = 25
alarm.msgalarmnoticercpt = postmaster
alarm.msgalarmnoticesender = postmaster
alarm.objectclass = nsmsgCfgAlarmContainer
,top
alarm.serverresponse.createtimestamp = 20050519053744Z
alarm.serverresponse.creatorsname = "cn=directory manager"
alarm.serverresponse.modifiersname = "cn=directory manager"
alarm.serverresponse.modifytimestamp = 20050519055448Z
alarm.serverresponse.msgalarmdescription = "server response time in seconds"
alarm.serverresponse.msgalarmstatinterval = 600
alarm.serverresponse.msgalarmthreshold = 10
alarm.serverresponse.msgalarmthresholddirection = 1
alarm.serverresponse.msgalarmwarninginterval = 24
alarm.serverresponse.objectclass = nsmsgCfgAlarm
,top
createtimestamp = 20050519053744Z
creatorsname = "cn=directory manager"
encryption.createtimestamp = 20050519053744Z
encryption.creatorsname = "cn=directory manager"
encryption.fortezza.createtimestamp = 20050519053744Z
encryption.fortezza.creatorsname = "cn=directory manager"
encryption.fortezza.modifiersname = "cn=directory manager"
encryption.fortezza.modifytimestamp = 20050519055448Z
encryption.fortezza.nssslactivation = off
encryption.fortezza.objectclass = top
,nsEncryptionModule
encryption.modifiersname = "cn=directory manager"
encryption.modifytimestamp = 20050519055448Z
encryption.nsssl2 = off
encryption.nsssl3 = on
encryption.nsssl3ciphers = rsa_rc4_40_md5
,rsa_rc2_40_md5
,rsa_des_sha
,rsa_rc4_128_md5
,rsa_3des_sha
encryption.nsssl3sessiontimeout = 0
encryption.nssslclientauth = 0
encryption.nssslsessiontimeout = 0
encryption.objectclass = top
,nsEncryptionConfig
encryption.rsa.createtimestamp = 20050519053744Z
encryption.rsa.creatorsname = "cn=directory manager"
encryption.rsa.modifiersname = "cn=directory manager"
encryption.rsa.modifytimestamp = 20050519055448Z
encryption.rsa.nssslactivation = on
encryption.rsa.nssslpersonalityssl = Server-Cert
encryption.rsa.nsssltoken = internal
encryption.rsa.objectclass = top
,nsEncryptionModule
gen.accounturl = http://%[email protected]:390/bin/user/admin/bin/enduser
gen.configversion = 4.0
gen.createtimestamp = 20050519053744Z
gen.creatorsname = "cn=directory manager"
gen.folderurl = http://%[email protected]:390/bin/user/admin/bin/mailacl.cgi?folder=%M
gen.installedlanguages = "en,de,fr,es,ja,ko,zh-CN,zh-TW"
gen.modifiersname = "cn=directory manager"
gen.modifytimestamp = 20050519055448Z
gen.objectclass = nsmsgCfgGen
,top
gen.sitelanguage = en
local.defdomain = sunray.bdc3.co.in
local.enduseradmincred = Xg2qcd0sEE
local.enduseradmindn = "uid=msg-admin-bdc3srssu3.sunray.bdc3.co.in-20050519055344Z, ou=People, o=sunray.bdc3.co.in,dc=sunray,dc=bdc3,dc=co,dc=in"
local.ens.enable = 1
local.hostname = bdc3srssu3.sunray.bdc3.co.in
local.imta.enable = 1
local.imta.imta_tailor = /opt/SUNWmsgsr/config/imta_tailor
local.imta.ssrenabled = yes
local.installeddir = /opt/SUNWmsgsr
local.instancedir = /opt/SUNWmsgsr
local.lastconfigfetch = 1118409516
local.ldapbasedn = o=NetscapeRoot
local.ldapcachefile = /opt/SUNWmsgsr/config/local.conf
local.ldaphost = bdc3srssu3.sunray.bdc3.co.in
local.ldapport = 389
local.ldapsiecred = 6kca=wnDnr
local.ldapsiedn = "cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=bdc3srssu3.sunray.bdc3.co.in, ou=sunray.bdc3.co.in, o=NetscapeRoot"
local.ldapusessl = False
local.mmp.enable = 0
local.sched.enable = 1
local.schedule.expire = "0 23 * * * /opt/SUNWmsgsr/sbin/imexpire"
local.schedule.msprobe = "5,15,25,35,45,55 * * * * /opt/SUNWmsgsr/lib/msprobe"
local.schedule.purge = "0 0,4,8,12,16,20 * * * /opt/SUNWmsgsr/lib/purge -num=5"
local.schedule.return_job = "30 0 * * * /opt/SUNWmsgsr/lib/return_job"
local.servergid = mail
local.servername = bdc3srssu3.sunray.bdc3.co.in
local.serverroot = /opt/SUNWmsgsr
local.servertype = msg
local.serveruid = mailsrv
local.service.pab.attributelist = pabattrs
local.service.pab.enabled = 1
local.service.pab.ldapbasedn = o=pab
local.service.pab.ldapbinddn = "uid=msg-admin-bdc3srssu3.sunray.bdc3.co.in-20050519055344Z, ou=People, o=sunray.bdc3.co.in,dc=sunray,dc=bdc3,dc=co,dc=in"
local.service.pab.ldaphost = bdc3srssu3.sunray.bdc3.co.in
local.service.pab.ldappasswd = Xg2qcd0sEE
local.service.pab.ldapport = 389
local.service.pab.maxnumberofentries = 500
local.store.enable = 1
local.store.snapshotdirs = 3
local.store.snapshotinterval = 1440
local.store.snapshotpath = dbdata/snapshots
local.supportedlanguages = "[en,de,fr,es,af,ca,da,nl,fi,gl,ga,is,it,no,pt,sv,ja,ko,zh-CN,zh-TW]"
local.tmpdir = /opt/SUNWmsgsr/data/tmp
local.ugldapbasedn = "dc=sunray,dc=bdc3,dc=co,dc=in"
local.ugldapbindcred = Xg2qcd0sEE
local.ugldapbinddn = "uid=msg-admin-bdc3srssu3.sunray.bdc3.co.in-20050519055344Z, ou=People, o=sunray.bdc3.co.in,dc=sunray,dc=bdc3,dc=co,dc=in"
local.ugldapdeforgdn = "o=sunray.bdc3.co.in,dc=sunray,dc=bdc3,dc=co,dc=in"
local.ugldaphost = bdc3srssu3.sunray.bdc3.co.in
local.ugldapport = 389
local.ugldapuselocal = yes
local.watcher.enable = yes
local.webmail.da.host = bdc3srssu3.sunray.bdc3.co.in
local.webmail.da.port = 8080
local.webmail.sso.enable = 0
local.webmail.sso.singlesignoff = 1
logfile.admin.buffersize = 0
logfile.admin.createtimestamp = 20050519053744Z
logfile.admin.creatorsname = "cn=directory manager"
logfile.admin.expirytime = 604800
logfile.admin.flushinterval = 60
logfile.admin.logdir = /opt/SUNWmsgsr/data/log
logfile.admin.loglevel = Notice
logfile.admin.logtype = NscpLog
logfile.admin.maxlogfiles = 10
logfile.admin.maxlogfilesize = 2097152
logfile.admin.maxlogsize = 20971520
logfile.admin.minfreediskspace = 5242880
logfile.admin.modifiersname = "cn=directory manager"
logfile.admin.modifytimestamp = 20050519055448Z
logfile.admin.objectclass = nsmsgCfgLog
,top
logfile.admin.rollovertime = 86400
logfile.createtimestamp = 20050519053744Z
logfile.creatorsname = "cn=directory manager"
logfile.default.buffersize = 0
logfile.default.createtimestamp = 20050519053744Z
logfile.default.creatorsname = "cn=directory manager"
logfile.default.expirytime = 604800
logfile.default.flushinterval = 60
logfile.default.logdir = /opt/SUNWmsgsr/data/log
logfile.default.loglevel = Notice
logfile.default.logtype = NscpLog
logfile.default.maxlogfiles = 10
logfile.default.maxlogfilesize = 2097152
logfile.default.maxlogsize = 20971520
logfile.default.minfreediskspace = 5242880
logfile.default.modifiersname = "cn=directory manager"
logfile.default.modifytimestamp = 20050519055448Z
logfile.default.objectclass = top
,nsmsgCfgLog
logfile.default.rollovertime = 86400
logfile.http.buffersize = 0
logfile.http.createtimestamp = 20050519053745Z
logfile.http.creatorsname = "cn=directory manager"
logfile.http.expirytime = 604800
logfile.http.flushinterval = 60
logfile.http.logdir = /opt/SUNWmsgsr/data/log
logfile.http.loglevel = Notice
logfile.http.logtype = NscpLog
logfile.http.maxlogfiles = 10
logfile.http.maxlogfilesize = 2097152
logfile.http.maxlogsize = 20971520
logfile.http.minfreediskspace = 5242880
logfile.http.modifiersname = "cn=directory manager"
logfile.http.modifytimestamp = 20050519055449Z
logfile.http.objectclass = top
,nsmsgCfgLog
logfile.http.rollovertime = 86400
logfile.imap.buffersize = 0
logfile.imap.createtimestamp = 20050519053744Z
logfile.imap.creatorsname = "cn=directory manager"
logfile.imap.expirytime = 604800
logfile.imap.flushinterval = 60
logfile.imap.logdir = /opt/SUNWmsgsr/data/log
logfile.imap.loglevel = Notice
logfile.imap.logtype = NscpLog
logfile.imap.maxlogfiles = 10
logfile.imap.maxlogfilesize = 2097152
logfile.imap.maxlogsize = 20971520
logfile.imap.minfreediskspace = 5242880
logfile.imap.modifiersname = "cn=directory manager"
logfile.imap.modifytimestamp = 20050519055448Z
logfile.imap.objectclass = top
,nsmsgCfgLog
logfile.imap.rollovertime = 86400
logfile.imta.buffersize = 0
logfile.imta.createtimestamp = 20050519053745Z
logfile.imta.creatorsname = "cn=directory manager"
logfile.imta.expirytime = 604800
logfile.imta.flushinterval = 60
logfile.imta.logdir = /opt/SUNWmsgsr/data/log
logfile.imta.loglevel = Notice
logfile.imta.logtype = NscpLog
logfile.imta.maxlogfiles = 10
logfile.imta.maxlogfilesize = 2097152
logfile.imta.maxlogsize = 20971520
logfile.imta.minfreediskspace = 5242880
logfile.imta.modifiersname = "cn=directory manager"
logfile.imta.modifytimestamp = 20050519055449Z
logfile.imta.objectclass = top
,nsmsgCfgLog
logfile.imta.rollovertime = 86400
logfile.modifiersname = "cn=directory manager"
logfile.modifytimestamp = 20050519053744Z
logfile.objectclass = top
,nsmsgCfgContainer
logfile.pop.buffersize = 0
logfile.pop.createtimestamp = 20050519053745Z
logfile.pop.creatorsname = "cn=directory manager"
logfile.pop.expirytime = 604800
logfile.pop.flushinterval = 60
logfile.pop.logdir = /opt/SUNWmsgsr/data/log
logfile.pop.loglevel = Notice
logfile.pop.logtype = NscpLog
logfile.pop.maxlogfiles = 10
logfile.pop.maxlogfilesize = 2097152
logfile.pop.maxlogsize = 20971520
logfile.pop.minfreediskspace = 5242880
logfile.pop.modifiersname = "cn=directory manager"
logfile.pop.modifytimestamp = 20050519055449Z
logfile.pop.objectclass = top
,nsmsgCfgLog
logfile.pop.rollovertime = 86400
logfiles.admin.alias = |logfile|admin
logfiles.admin.createtimestamp = 20050519053744Z
logfiles.admin.creatorsname = "cn=directory manager"
logfiles.admin.modifiersname = "cn=directory manager"
logfiles.admin.modifytimestamp = 20050519055448Z
logfiles.admin.objectclass = nsmsgCfgAlias
,top
logfiles.createtimestamp = 20050519053744Z
logfiles.creatorsname = "cn=directory manager"
logfiles.default.alias = |logfile|default
logfiles.default.createtimestamp = 20050519053744Z
logfiles.default.creatorsname = "cn=directory manager"
logfiles.default.modifiersname = "cn=directory manager"
logfiles.default.modifytimestamp = 20050519055448Z
logfiles.default.objectclass = nsmsgCfgAlias
,top
logfiles.http.alias = |logfile|http
logfiles.http.createtimestamp = 20050519053744Z
logfiles.http.creatorsname = "cn=directory manager"
logfiles.http.modifiersname = "cn=directory manager"
logfiles.http.modifytimestamp = 20050519055448Z
logfiles.http.objectclass = nsmsgCfgAlias
,top
logfiles.imap.alias = |logfile|imap
logfiles.imap.createtimestamp = 20050519053744Z
logfiles.imap.creatorsname = "cn=directory manager"
logfiles.imap.modifiersname = "cn=directory manager"
logfiles.imap.modifytimestamp = 20050519055448Z
logfiles.imap.objectclass = nsmsgCfgAlias
,top
logfiles.imta.alias = |logfile|imta
logfiles.imta.createtimestamp = 20050519053744Z
logfiles.imta.creatorsname = "cn=directory manager"
logfiles.imta.modifiersname = "cn=directory manager"
logfiles.imta.modifytimestamp = 20050519055448Z
logfiles.imta.objectclass = nsmsgCfgAlias
,top
logfiles.modifiersname = "cn=directory manager"
logfiles.modifytimestamp = 20050519053744Z
logfiles.objectclass = nsmsgCfgContainer
,top
logfiles.pop.alias = |logfile|pop
logfiles.pop.createtimestamp = 20050519053744Z
logfiles.pop.creatorsname = "cn=directory manager"
logfiles.pop.modifiersname = "cn=directory manager"
logfiles.pop.modifytimestamp = 20050519055448Z
logfiles.pop.objectclass = nsmsgCfgAlias
,top
modifiersname = "cn=directory manager"
modifytimestamp = 20050519055448Z
nsclassname = "[email protected]@cn=admin-serv-bdc3srssu3, cn=Administration Server, cn=Server Group, cn=bdc3srssu3.sunray.bdc3.co.in, ou=sunray.bdc3.co.in, o=NetscapeRoot"
objectclass = top
,nsAdminObject
,nsConfig
pipeprograms.createtimestamp = 20050519053745Z
pipeprograms.creatorsname = "cn=directory manager"
pipeprograms.modifiersname = "cn=directory manager"
pipeprograms.modifytimestamp = 20050519053745Z
pipeprograms.objectclass = nsmsgCfgContainer
,top
service.authcachesize = 10000
service.authcachettl = 900
service.createtimestamp = 20050519053745Z
service.creatorsname = "cn=directory manager"
service.dcroot = "dc=sunray,dc=bdc3,dc=co,dc=in"
service.defaultdomain = sunray.bdc3.co.in
service.dnsresolveclient = no
service.http.allowadminproxy = no
service.http.allowanonymouslogin = no
service.http.createtimestamp = 20050519053745Z
service.http.creatorsname = "cn=directory manager"
service.http.enable = 1
service.http.enablesslport = 1
service.http.fullfromheader = no
service.http.idletimeout = 3
service.http.ipsecurity = yes
service.http.maxmessagesize = 5242880
service.http.maxpostsize = 5242880
service.http.maxsessions = 6000
service.http.maxthreads = 250
service.http.modifiersname = "cn=msg-config,cn=sun one messaging suite,cn=server group,cn=bdc3srssu3.sunray.bdc3.co.in,ou=sunray.bdc3.co.in,o=netscaperoot"
service.http.modifytimestamp = 20050519063623Z
service.http.numprocesses = 1
service.http.objectclass = top
,nsmsgCfgHttp
service.http.plaintextmincipher = 0
service.http.port = 80
service.http.resourcetimeout = 900
service.http.sessiontimeout = 7200
service.http.smtpport = 25
service.http.spooldir = /opt/SUNWmsgsr/data/http
service.http.sslcachesize = 0
service.http.sslport = 443
service.http.sslusessl = yes
service.imap.allowanonymouslogin = no
service.imap.banner = "%h %p service (%P %V)"
service.imap.createtimestamp = 20050519053745Z
service.imap.creatorsname = "cn=directory manager"
service.imap.enable = 1
service.imap.enablesslport = 1
service.imap.idletimeout = 30
service.imap.maxsessions = 4000
service.imap.maxthreads = 250
service.imap.modifiersname = "cn=directory manager"
service.imap.modifytimestamp = 20050519055449Z
service.imap.numprocesses = 1
service.imap.objectclass = top
,nsmsgCfgImap
service.imap.plaintextmincipher = 0
service.imap.port = 143
service.imap.sslcachesize = 0
service.imap.sslport = 993
service.imap.sslusessl = yes
service.ldapmemcache = no
service.ldapmemcachesize = 131072
service.ldapmemcachettl = 30
service.listenaddr = INADDR_ANY
service.loginseparator = @
service.modifiersname = "cn=directory manager"
service.modifytimestamp = 20050519055449Z
service.objectclass = top
,nsmsgCfgService
service.plaintextloginpause = 0
service.pop.allowanonymouslogin = no
service.pop.banner = "%h %p service (%P %V)"
service.pop.createtimestamp = 20050519053745Z
service.pop.creatorsname = "cn=directory manager"
service.pop.enable = 1
service.pop.enablesslport = 1
service.pop.idletimeout = 10
service.pop.maxsessions = 600
service.pop.maxthreads = 250
service.pop.modifiersname = "cn=directory manager"
service.pop.modifytimestamp = 20050519055449Z
service.pop.numprocesses = 1
service.pop.objectclass = top
,nsmsgCfgPop
service.pop.plaintextmincipher = 0
service.pop.popminpoll = 0
service.pop.port = 110
service.pop.sslport = 992
service.pop.sslusessl = yes
service.readtimeout = 10
store.admins = admin
store.cleanupage = 1
store.createtimestamp = 20050519053745Z
store.creatorsname = "cn=directory manager"
store.dbcachesize = 16777216
store.defaultacl = "anyone lrs"
store.defaultmailboxquota = -1
store.defaultmessagequota = -1
store.defaultpartition = primary
store.diskflushinterval = 15
store.expirerule.createtimestamp = 20050519053745Z
store.expirerule.creatorsname = "cn=directory manager"
store.expirerule.modifiersname = "cn=directory manager"
store.expirerule.modifytimestamp = 20050519053745Z
store.expirerule.objectclass = nsmsgCfgContainer
,top
store.modifiersname = "cn=directory manager"
store.modifytimestamp = 20050519055449Z
store.objectclass = top
,nsmsgCfgStore
store.partition.createtimestamp = 20050519053745Z
store.partition.creatorsname = "cn=directory manager"
store.partition.modifiersname = "cn=directory manager"
store.partition.modifytimestamp = 20050519053745Z
store.partition.objectclass = top
,nsmsgCfgContainer
store.partition.primary.createtimestamp = 20050519053745Z
store.partition.primary.creatorsname = "cn=directory manager"
store.partition.primary.modifiersname = "cn=directory manager"
store.partition.primary.modifytimestamp = 20050519055449Z
store.partition.primary.objectclass = top
,nsmsgCfgPartition
store.partition.primary.path = /opt/SUNWmsgsr/data/store/partition/primary
store.quotaenforcement = on
store.quotaexceededmsginterval = 7
store.quotagraceperiod = 120
store.quotanotification = off
store.quotawarn = 90
store.serviceadmingroupdn = "cn=Service Administrators,ou=Groups, dc=sunray,dc=bdc3,dc=co,dc=in"
store.umask = 077i had the "Mailbox is on a different server" error too recently (mine shows up in ms outlook express) - and believe my problem came from having the hostnamealiases space delimited instead of comma separated (with no spaces, e.g. "foo.host1.com,bar.host2.com") - comma delimited, no spaces seems to be required ...
i am having a different problem now though:
i can login to communications express hosted domains via -
the main host url using credentials like: [email protected]/passwd
but when going to any of the hosted.com's urls, and trying to login without the @hosted1.com in the user - i get redirected to access manager (and subsequently can't login using either uid or [email protected] at the hosted1.com/uwc url).
here's what i have in AMConfig.properties:
com.sun.identity.server.fqdnMap[mail.hosted1.com]=mail.actual.org
com.sun.identity.server.fqdnMap[mail.hosted2.com]=mail.actual.org
com.sun.identity.server.fqdnMap[mail.hosted3.com]=mail.actual.org
here's what i have in uwcauth.properties:
virtualdomain.mode = y
mail.actual.org.isvirutalhostname=mail.actual.org
i have also added the cookiedomains in amconsole under service configuration --> platform - in addition to creating directories (hosted1.com, hosted2.com, hosted3.com) under /opt/SUNWuwc/WEB-INF/domain - containing the original files and directories under /opt/SUNWuwc/WEB-INF/domain (i was not clear if these directories should take this form e.g. including the .com or if they should just contain the domain-name --e.g. hosted1?)
i can receive hosted email via pop using uid [email protected]/passwd, etc.
thanks for any input.
s7
using sparc 2005q4 msg -58; uwc - 42 -
Hi All,
I installed OIM11gr2 on RHEL x64.I tried to assign roles to users ,aprrovals been sent to xelsysadm.I'm trying to approve pending approvals and oim is trying soa server on ssl port 8002 instead of non-ssl port 8001
On soa_server1,I'm getting message as below.
UNKNOWN_CA alert received from 192.168.14.2 - 192.168.14.2. The peer is rejecting the certificate chain as being untrusted or incomplete.
Kindly let me know how to make oim server to contact soa server on non-ssl port.
Regards,
Krish.Kevin Pinsky wrote:
It's all available in the documentation. Just do some searching for oim-config.xml. I can't provide all the direct answers or you won't ever learn anything.
-KevinHI Kevin,
I have exported oim-config.xml .Please check & correct if anything is wrong.
<?xml version='1.0' encoding='UTF-8'?>
<xmlConfig xmlns="http://www.oracle.com/schema/oracle/iam/platform/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oracle/iam/platform/config oim-config.xsd ">
<discoveryConfig>
<directDBConfigParams driver="oracle.jdbc.OracleDriver" url="jdbc:oracle:thin:@domain:1521/orcl" username="dev_oim" passwordKey="OIMSchemaPassword" checkoutTimeout="1200" idleTimeout="360" maxCheckout="1000" maxConnections="5" sslEnabled="false" connectionFactoryClassName="oracle.jdbc.pool.OracleDataSource" validateConnectionOnBorrow="true" minConnections="2" connectionPoolName="OIM_JDBC_UCP">
<SSLConfig dBTrustStore="default-keystore.jks" dBTrustStorePasswordKey="default-keystore.jks" dBTrustStoreType="JKS"/>
<connectionProperties/>
</directDBConfigParams>
<bIPublisherURL>http://localhost:9704</bIPublisherURL>
<oimFrontEndURL>http://win11gr2:14000</oimFrontEndURL>
<oimJNDIURL>@oimJNDIURL</oimJNDIURL>
<backOfficeURL/>
</discoveryConfig>
<cacheConfig clustered="false" enabled="false" expirationTime="144000" provider="oracle.iam.platform.utils.cache.OSCacheProvider" threadLocalCacheEnabled="false">
<cacheCategoriesConfig>
<cacheCategoryConfig name="DataObjectEventHandlers" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="ProcessDefinition" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="EmailDefinition" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="RuleDefinition" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="FormDefinition" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="ColumnMap" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="UserDefinedColumns" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="ObjectDefinition" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="StoredProcAPI" enabled="false" expirationTime="600"/>
<cacheCategoryConfig name="NoNeedToFlush" enabled="true" expirationTime="-1"/>
<cacheCategoryConfig name="MetaData" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="User" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="AdapterInformation" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="OrgnizationName" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="Reconciliation" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="SystemProperties" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="LookupDefinition" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="UserGroups" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="LookupValues" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="ITResourceKey" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="RecordExists" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="ServerProperties" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="ColumnMetaData" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="API" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="Catalog" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="CustomResourceBundle" enabled="true" expirationTime="-1"/>
<cacheCategoryConfig name="CustomDefaultBundle" enabled="true" expirationTime="-1"/>
<cacheCategoryConfig name="ConnectorResourceBundle" enabled="true" expirationTime="-1"/>
<cacheCategoryConfig name="LinguisticSort" enabled="true" expirationTime="-1"/>
<cacheCategoryConfig name="GenericConnector" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="GenericConnectorProviders" enabled="false" expirationTime="-1"/>
<cacheCategoryConfig name="AccessPolicyDefinition" enabled="false" expirationTime="14400"/>
<cacheCategoryConfig name="UserConfig" enabled="true" expirationTime="-1"/>
<cacheCategoryConfig name="OESDefinition" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="RoleContainerToDescrMap" enabled="true" expirationTime="-1"/>
<cacheCategoryConfig name="PluginFramework" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="CallbackConfiguration" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="SchedulerTaskDefinition" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="UserStatus" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="LocaleCodeLanguageMapping" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="TenantRegistry" enabled="true" expirationTime="14400"/>
<cacheCategoryConfig name="LocalizedResource" enabled="true" expirationTime="14400"/>
</cacheCategoriesConfig>
<xLCacheProviderProps multicastAddress="236.17.242.46" size="5000">
<properties/>
</xLCacheProviderProps>
</cacheConfig>
<pluginConfig storeType="common">
<storeConfig reloadingEnabled="true" reloadingInterval="20"/>
</pluginConfig>
<schedulerConfig DSJndiURL="jdbc/operationsDB" nonTxnDSJndiURL="jdbc/oimJMSStoreDS" clustered="true" databaseDelegate="org.quartz.impl.jdbcjobstore.StdJDBCDelegate" implementationClass="oracle.iam.scheduler.impl.quartz.QuartzSchedulerImpl" instanceID="AUTO" quartzTablePrefix="QRTZ92_" startOnDeploy="true" threadPoolSize="10" dataBasePoolSize="10" multicastAddress="234.175.78.74" schedulerUser="oiminternal">
<pluggableParams>
<PluggableParam parameterName="ITResource" value="oracle.iam.pluggabletaskparamsupport.impl.ITResourceLookupImpl"/>
</pluggableParams>
<properties/>
</schedulerConfig>
<cryptoConfigParams>
<HashingAlgorithm>SHA-256</HashingAlgorithm>
<PKIProviderConfigParams signatureAlgorithm="SHA1withRSA" signatureProvider="sun.security.rsa.SunRsaSign" pKIProviderName="com.thortech.xl.crypto.tcDefaultSignatureImpl">
<keyStoreConfigParams provider="sun.security.rsa.SunRsaSign" type="JKS" name="default-keystore.jks"/>
<KeysConfigParams>
<keyConfigParams alias="xell" blockMode="" name="xell" padding=""/>
</KeysConfigParams>
</PKIProviderConfigParams>
<symmetricProviderConfig signatureAlgorithm="SHA1withDSA" signatureProvider="sun.security.rsa.SunRsaSign" verifySigner="false" symmetricProviderName="com.thortech.xl.crypto.tcDefaultDBEncryptionImpl">
<keyStoreConfigParams provider="com.sun.crypto.provider.SunJCE" type="JCEKS" name=".xldatabasekey"/>
<KeysConfigParams>
<keyConfigParams alias="DataBaseKey" blockMode="CBC" name="DBSecretKey" padding="PKCS5Padding"/>
</KeysConfigParams>
</symmetricProviderConfig>
</cryptoConfigParams>
<ADPClassLoaderConfig adapterReloadingEnabled="true" loadingStyle="ParentFirst" reloadInterval="15" reloadingEnabled="true">
<javaTaskDirectory>JavaTasks</javaTaskDirectory>
<thirdPartyDirectory>ThirdParty</thirdPartyDirectory>
<scheduleTaskDirectory>ScheduleTask</scheduleTaskDirectory>
<integrationsDirectory>XLIntegrations</integrationsDirectory>
<adapterDirectory>adapters</adapterDirectory>
<eventHandlerDirectory>EventHandlers</eventHandlerDirectory>
<icfIntgDirectory>icf/intg</icfIntgDirectory>
<properties/>
</ADPClassLoaderConfig>
<loginMapper>oracle.iam.platform.auth.impl.DefaultMapper</loginMapper>
<runAsUser>internal</runAsUser>
<deploymentConfig>
<appServerName>weblogic</appServerName>
<initialContextFactory>weblogic.jndi.WLInitialContextFactory</initialContextFactory>
<dataBaseType>oracle</dataBaseType>
<deploymentMode>simple</deploymentMode>
</deploymentConfig>
<miscellaneousConfig>
<properties>
<property name="SecurityLevel" value="0"/>
<property name="EncodeInput" value="true"/>
</properties>
</miscellaneousConfig>
<ssoConfig>
<version>@oamVersion</version>
<accessServerHost>@oamAccessServerHost</accessServerHost>
<accessServerPort>@oamAccessServerPort</accessServerPort>
<accessGateID>IdentityManagerAccessGate</accessGateID>
<napVersion>3</napVersion>
<cookieDomain>@oamCookieDomain</cookieDomain>
<cookieExpiryInterval>120</cookieExpiryInterval>
<transferMode>OPEN</transferMode>
<webgateType>javaWebgate</webgateType>
<ssoEnabled>false</ssoEnabled>
<tapEndpointUrl>@tapEndpointUrl</tapEndpointUrl>
</ssoConfig>
<callbackOwsmSecurityPolicy>oracle/wss_username_token_client_policy</callbackOwsmSecurityPolicy>
<SOAConfig>
<username>weblogic</username>
<passwordKey>SOAAdminPassword</passwordKey>
<type>rmi</type>
*<soapurl>http://win11gr2:14000</soapurl>*
*<rmiurl>t3://win11gr2:14000,win11gr2:8001,win11gr2:14600</rmiurl>*
</SOAConfig>
<oaacgConfig>
<host>@oaacghost</host>
<port>@oaacgport</port>
<username>@oaacgadminusername</username>
<passwordKey>OAACGAdminPassword</passwordKey>
<serviceURL>@oaacgserviceurl</serviceURL>
<responseTimeout>240</responseTimeout>
<fusionAdapterDatasourceName>@faDataSrcName</fusionAdapterDatasourceName>
<compositeName>default/OAACGRoleAssignSODCheck!1.0</compositeName>
<sodEnabled>false</sodEnabled>
</oaacgConfig>
<remoteManagerConfig>
<SSLContextAlgorithm>TLS</SSLContextAlgorithm>
<KeyManagerFactory>SUNX509</KeyManagerFactory>
</remoteManagerConfig>
<OAMConfig>
<XEEnabled>true</XEEnabled>
</OAMConfig>
</xmlConfig>
Regards,
Krish -
Error when checking out from external punch out catalog to SRM
Hi guys,
We have configured an external punchout in spro. Now when in portal, I am able to access the catalog. But when i check out from catalog to srm, it is throwing error telling "HTTP 404 not found".
Please help me resolve this issue.
Regards,
Madhu N GHi, Hope you are doing good. Nice to hear from you again. We don't have the httpwatch traces, but usually such issues get resolved by setting the parameter JSESSIONID.CookieDomain to "NONE". See: SAP Note No. 791765 : Mixed JSESSIONID Cookies from Different Servers SAP Note No. 1144722: Global configuration of session cookies and attributes See SAP notes as well: 1334956 - Various problems that solved by using FQDN in portal URL 654982 - URL requirements due to Internet standards Hope this helps. _ _ _ _ _ _ _ _ _ Kind Regards, Hemanth SAP AGS _ _ _ _ _ _ _ _ _
-
SiteMinder WebLogic agent configuration problem
Dear developer,
I have installed the SM WLS Agent and configured it in WebLogic
according to the sm_wls61_agent_v1.pdf doc(chapter) but weblogic
produces the following error after I restart it:
<Jan 4, 2002 9:19:11 AM PST> <Notice> <Management> <Loading
configuration file .\config\hipaa\config.xml ...>
<Jan 4, 2002 9:19:13 AM PST> <Info> <Logging> <FileLogger Opened.>
Loading Configuration: C:\bea\smagent\conf\SMWLSRealmAgent.conf
NOTE: Java Console permanently disabled. Log to file instead.
java.lang.Exception: Failed to create API for SM_WLS_AGENT
at com.netegrity.siteminder.java.agent.w.a([DashoPro-V1.2-120198])
at com.netegrity.siteminder.java.agent.w.<init>([DashoPro-V1.2-120198])
at com.netegrity.siteminder.java.agent.n.a([DashoPro-V1.2-120198])
at com.netegrity.siteminder.java.agent.n.<init>([DashoPro-V1.2-120198])
at com.netegrity.siteminder.weblogic.sixzero.realm.WLS60SiteMinderRealm.<init>([DashoPro-V1.2-120198])
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at weblogic.security.SecurityService.initializeRealm(SecurityService.java:258)
at weblogic.security.SecurityService.initialize(SecurityService.java:115)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:390)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
java.lang.Exception: Failed to create API for SM_WLS_AGENT
at com.netegrity.siteminder.java.agent.n.a([DashoPro-V1.2-120198])
at com.netegrity.siteminder.java.agent.n.<init>([DashoPro-V1.2-120198])
at com.netegrity.siteminder.weblogic.sixzero.realm.WLS60SiteMinderRealm.<init>([DashoPro-V1.
2-120198])
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at weblogic.security.SecurityService.initializeRealm(SecurityService.java:258)
at weblogic.security.SecurityService.initialize(SecurityService.java:115)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:390)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
<Jan 4, 2002 9:19:17 AM PST> <Emergency> <Server> <Unable to
initialize the server: 'Fatal initializ
ation exception
Throwable: java.lang.NullPointerException
java.lang.NullPointerException
at com.netegrity.siteminder.weblogic.sixzero.realm.WLS60SiteMinderRealm.getGroup([DashoPro-V
1.2-120198])
at weblogic.security.acl.CachingRealm.getGroup(CachingRealm.java:1120)
at weblogic.security.acl.internal.FileRealm.getPrincipalFromAnyRealm(FileRealm.java:1010)
at weblogic.security.acl.internal.FileRealm.ensureRequiredObjectsExist(FileRealm.java:957)
at weblogic.security.acl.internal.FileRealm.loadMembers(FileRealm.java:1202)
at weblogic.security.SecurityService.initializeRealm(SecurityService.java:274)
at weblogic.security.SecurityService.initialize(SecurityService.java:115)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:390)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.NullPointerException
java.lang.NullPointerException
at com.netegrity.siteminder.weblogic.sixzero.realm.WLS60SiteMinderRealm.getGroup([DashoPro-V
1.2-120198])
at weblogic.security.acl.CachingRealm.getGroup(CachingRealm.java:1120)
at weblogic.security.acl.internal.FileRealm.getPrincipalFromAnyRealm(FileRealm.java:1010)
at weblogic.security.acl.internal.FileRealm.ensureRequiredObjectsExist(FileRealm.java:957)
at weblogic.security.acl.internal.FileRealm.loadMembers(FileRealm.java:1202)
at weblogic.security.SecurityService.initializeRealm(SecurityService.java:274)
at weblogic.security.SecurityService.initialize(SecurityService.java:115)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:390)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exception
I have set up the classpath, put smjsafe.jar as the first element and
%SM_ASA_CLASSPATH% as the last, added "-Dasa.home=%ASA_HOME%
-Dsmlocalserverurl=t3://localhost:7001" to the java command, created a
SM realm and a caching realm.
It seems that the agent is not configured correctly for some reasons,
here is the conf file also:
#Siteminder Application Server Agent Configuration File for WebLogic
6.1
## Template .conf file
## This is a template .conf file that should be
## used by all application server agents.
agentname=",,SM_WLS_AGENT,xxxxxxx.phs.com"
defaultagentname="SM_WLS_AGENT"
policyserver="xxx.xxx.xxx.xxx,44441,44442,44443"
enableagents="YES"
enforcepolicies="YES"
requirecookies="YES"
usesecurecookies="NO"
persistentcookies="NO"
enableauditing="NO"
enablefailover="YES"
maxsocketsperport="3"
minsocketsperport="1"
newsocketstep="2"
pspollinterval="30"
ignoreext=".gif, .jpg, .jpeg, .png, .fcc, .scc, .ccc"
badurlchars="//, ./, /., /*, *., ~"
maxresourcecachesize="1000"
maxsessioncachesize="1000"
resourcecachetimeout="600"
cacheanonymous="NO"
requesttimeout="60000"
badcsschars="<,>,;,*"
badquerychars=""
transientidcookies="NO"
persistentipcheck="YES"
transientipcheck="YES"
cookiedomain=".phs.com"
#cookieprovider="<Cookie Provider URL>"
#logoffuri="<Your Logoff URI>"
servererrorfile=""
reqcookieerrorfile=""
disableauthsrcvars="NO"
disablesessionvars="NO"
loglevel="3"
logconsole="NO"
logfile="NO"
logappend="NO"
logfilename="C:/bea/smagent/log/SmRealmAgent.log"
useproxyurl="NO"
#overrideignoreextfilter="/servlets/"
CSSChecking="YES"
CSSErrorFile="C:/bea/smagent/error/Error.html"
sharedsecret="xxx"
Any clue??? Please help. Thanks.
--Kaiyin Tam
PacifiCare Health SystemsKaiyin,
You will get the API error when you don't have a corresponding agent name on
the policy server. Add SM_WLS_AGENT (realm agent) or run the
SmPolicyConfigTool provided with the agent. There is a netegrity newsgroup
that you have the option of posting to as well.
"Kaiyin Tam" <[email protected]> wrote in message
news:[email protected]...
Dear developer,
I have installed the SM WLS Agent and configured it in WebLogic
according to the sm_wls61_agent_v1.pdf doc(chapter) but weblogic
produces the following error after I restart it:
<Jan 4, 2002 9:19:11 AM PST> <Notice> <Management> <Loading
configuration file .\config\hipaa\config.xml ...>
<Jan 4, 2002 9:19:13 AM PST> <Info> <Logging> <FileLogger Opened.>
Loading Configuration: C:\bea\smagent\conf\SMWLSRealmAgent.conf
NOTE: Java Console permanently disabled. Log to file instead.
java.lang.Exception: Failed to create API for SM_WLS_AGENT
at com.netegrity.siteminder.java.agent.w.a([DashoPro-V1.2-120198])
atcom.netegrity.siteminder.java.agent.w.<init>([DashoPro-V1.2-120198])
at com.netegrity.siteminder.java.agent.n.a([DashoPro-V1.2-120198])
atcom.netegrity.siteminder.java.agent.n.<init>([DashoPro-V1.2-120198])
atcom.netegrity.siteminder.weblogic.sixzero.realm.WLS60SiteMinderRealm.<init>(
[DashoPro-V1.2-120198])
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
atweblogic.security.SecurityService.initializeRealm(SecurityService.java:258)
atweblogic.security.SecurityService.initialize(SecurityService.java:115)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:390)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
java.lang.Exception: Failed to create API for SM_WLS_AGENT
at com.netegrity.siteminder.java.agent.n.a([DashoPro-V1.2-120198])
atcom.netegrity.siteminder.java.agent.n.<init>([DashoPro-V1.2-120198])
atcom.netegrity.siteminder.weblogic.sixzero.realm.WLS60SiteMinderRealm.<init>(
[DashoPro-V1.
2-120198])
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
atweblogic.security.SecurityService.initializeRealm(SecurityService.java:258)
atweblogic.security.SecurityService.initialize(SecurityService.java:115)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:390)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
<Jan 4, 2002 9:19:17 AM PST> <Emergency> <Server> <Unable to
initialize the server: 'Fatal initializ
ation exception
Throwable: java.lang.NullPointerException
java.lang.NullPointerException
atcom.netegrity.siteminder.weblogic.sixzero.realm.WLS60SiteMinderRealm.getGrou
p([DashoPro-V
1.2-120198])
atweblogic.security.acl.CachingRealm.getGroup(CachingRealm.java:1120)
atweblogic.security.acl.internal.FileRealm.getPrincipalFromAnyRealm(FileRealm.
java:1010)
atweblogic.security.acl.internal.FileRealm.ensureRequiredObjectsExist(FileReal
m.java:957)
atweblogic.security.acl.internal.FileRealm.loadMembers(FileRealm.java:1202)
atweblogic.security.SecurityService.initializeRealm(SecurityService.java:274)
atweblogic.security.SecurityService.initialize(SecurityService.java:115)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:390)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.NullPointerException
java.lang.NullPointerException
atcom.netegrity.siteminder.weblogic.sixzero.realm.WLS60SiteMinderRealm.getGrou
p([DashoPro-V
1.2-120198])
atweblogic.security.acl.CachingRealm.getGroup(CachingRealm.java:1120)
atweblogic.security.acl.internal.FileRealm.getPrincipalFromAnyRealm(FileRealm.
java:1010)
atweblogic.security.acl.internal.FileRealm.ensureRequiredObjectsExist(FileReal
m.java:957)
atweblogic.security.acl.internal.FileRealm.loadMembers(FileRealm.java:1202)
atweblogic.security.SecurityService.initializeRealm(SecurityService.java:274)
atweblogic.security.SecurityService.initialize(SecurityService.java:115)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:390)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exception
>
I have set up the classpath, put smjsafe.jar as the first element and
%SM_ASA_CLASSPATH% as the last, added "-Dasa.home=%ASA_HOME%
-Dsmlocalserverurl=t3://localhost:7001" to the java command, created a
SM realm and a caching realm.
It seems that the agent is not configured correctly for some reasons,
here is the conf file also:
#Siteminder Application Server Agent Configuration File for WebLogic
6.1
## Template .conf file
## This is a template .conf file that should be
## used by all application server agents.
agentname=",,SM_WLS_AGENT,xxxxxxx.phs.com"
defaultagentname="SM_WLS_AGENT"
policyserver="xxx.xxx.xxx.xxx,44441,44442,44443"
enableagents="YES"
enforcepolicies="YES"
requirecookies="YES"
usesecurecookies="NO"
persistentcookies="NO"
enableauditing="NO"
enablefailover="YES"
maxsocketsperport="3"
minsocketsperport="1"
newsocketstep="2"
pspollinterval="30"
ignoreext=".gif, .jpg, .jpeg, .png, .fcc, .scc, .ccc"
badurlchars="//, ./, /., /*, *., ~"
maxresourcecachesize="1000"
maxsessioncachesize="1000"
resourcecachetimeout="600"
cacheanonymous="NO"
requesttimeout="60000"
badcsschars="<,>,;,*"
badquerychars=""
transientidcookies="NO"
persistentipcheck="YES"
transientipcheck="YES"
cookiedomain=".phs.com"
#cookieprovider="<Cookie Provider URL>"
#logoffuri="<Your Logoff URI>"
servererrorfile=""
reqcookieerrorfile=""
disableauthsrcvars="NO"
disablesessionvars="NO"
loglevel="3"
logconsole="NO"
logfile="NO"
logappend="NO"
logfilename="C:/bea/smagent/log/SmRealmAgent.log"
useproxyurl="NO"
#overrideignoreextfilter="/servlets/"
CSSChecking="YES"
CSSErrorFile="C:/bea/smagent/error/Error.html"
sharedsecret="xxx"
Any clue??? Please help. Thanks.
--Kaiyin Tam
PacifiCare Health Systems
Maybe you are looking for
-
The best webcam for the Mac Pro?
I have a 23 inch desktop and frankly, I'm upset at the iSight not being made anymore and the people making serious bank off it on ebay and amazon. I tried the agent webcam by liquid digital which is a company in australia, http://agent.liquiddigital.
-
Hello, has anyone had experience with dealing with this speciifc problem? In short, upon rebooting, I am getting a black screen with a line of text that says, "Booting from Boot Camp Assistant created USB Drive...Failed to load BOOTMGR." Nothing happ
-
Problem displaying 3 dependent tables
I have 3 tables A B C. the relationship with A, B and C are as follows: table A is tied to items from table B and table C. However Items from Table C can be selected based on the selection of Table B. I hope I am clear with the situation. I need a Ma
-
Currency symbol in Applications
Hi All, I am using Jdeveloper 10.1.3.3, i want to display Egypt currency symbol in amount fields in my application. what should i do for the same? what is the entry should be in my property file? Thanks in advance Regards GG
-
Service Tax Abatement in TAXINJ
Hello Experts. We are mapping scenario of service tax abatement, Currently we are using TAXINJ PROCEDURE, three condition type has been created for abatement i.e.Bed , ecess and secess for abatement and added in tax procedure seperate taX CODE has b