Cross Domain Security Express - RAC configuration

Hi All,
Not sure if the general DB forum is the place for this but here goes.
I am involved in designing a solution that wants to provide access to data from networks each trusted to a different level of security. The CDSE CDSS white paper look something like the design that we drew up.
http://www.oracle.com/industries/government/pdfs/oracle-cross-domain-security-express-ds.pdf
Question 1
In the diagram on p3 does this reflect a single rac cluster spanning two separate networks, what would connectivity requirements be between the nodes?
Question 2
Is physical storage shared across networks and then logically divided using labels?
Question 3
COuld you define separate tablespaces and use partitioning to force higher and lower secured content into respective tablespaces in separate storage.
Thanks in advance for any guidance
Tim

Similar Messages

Calling secured web service, cross domain security

Hey all,
I am trying to call a secured service, for which i need to enable cross domain security.
I have followed the steps described in
http://download.oracle.com/docs/cd/E15523_01/web.1111/e13707/domain.htm#i1176046
i.e. enabling trust between weblogic server domains.
The problem is: -
User authentication is working fine, but i am not able to invoke the operation.
Here is the content of log file
[2010-04-01T12:15:58.109+05:30] [AdminServer] [WARNING] [] [org.apache.myfaces.trinidadinternal.context.RequestContextImpl] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Could not find partial trigger port from RichTreeTable[org.apache.myfaces.trinidad.component.UIXTree$RowKeyFacesBeanWrapper@146ad85, id=treetablerequest] with the supported partialTriggers syntax. The partial trigger was found with the deprecated syntax. Please use the supported syntax.
[2010-04-01T12:15:58.109+05:30] [AdminServer] [WARNING] [] [org.apache.myfaces.trinidadinternal.context.RequestContextImpl] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Could not find partial trigger service from RichTreeTable[org.apache.myfaces.trinidad.component.UIXTree$RowKeyFacesBeanWrapper@146ad85, id=treetablerequest] with the supported partialTriggers syntax. The partial trigger was found with the deprecated syntax. Please use the supported syntax.
[2010-04-01T12:15:58.125+05:30] [AdminServer] [WARNING] [] [org.apache.myfaces.trinidadinternal.context.RequestContextImpl] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Could not find partial trigger invoke from RichTreeTable[org.apache.myfaces.trinidad.component.UIXTree$RowKeyFacesBeanWrapper@146ad85, id=treetablerequest] with the supported partialTriggers syntax. The partial trigger was found with the deprecated syntax. Please use the supported syntax.
[2010-04-01T12:15:58.125+05:30] [AdminServer] [WARNING] [] [org.apache.myfaces.trinidadinternal.context.RequestContextImpl] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Could not find partial trigger invoke_footer from RichTreeTable[org.apache.myfaces.trinidad.component.UIXTree$RowKeyFacesBeanWrapper@146ad85, id=treetablerequest] with the supported partialTriggers syntax. The partial trigger was found with the deprecated syntax. Please use the supported syntax.
[2010-04-01T12:15:58.125+05:30] [AdminServer] [WARNING] [] [org.apache.myfaces.trinidadinternal.context.RequestContextImpl] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Could not find partial trigger operation from RichTreeTable[org.apache.myfaces.trinidad.component.UIXTree$RowKeyFacesBeanWrapper@146ad85, id=treetablerequest] with the supported partialTriggers syntax. The partial trigger was found with the deprecated syntax. Please use the supported syntax.
[2010-04-01T12:15:58.125+05:30] [AdminServer] [WARNING] [] [org.apache.myfaces.trinidadinternal.context.RequestContextImpl] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Could not find partial trigger request_xml_choice_toggle from RichTreeTable[org.apache.myfaces.trinidad.component.UIXTree$RowKeyFacesBeanWrapper@146ad85, id=treetablerequest] with the supported partialTriggers syntax. The partial trigger was found with the deprecated syntax. Please use the supported syntax.
[2010-04-01T12:15:59.031+05:30] [AdminServer] [NOTIFICATION] [] [oracle.wsm.agent.WSMAgent] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] WSMAgent is initialized for category=management, function=agent.function.client, topologyNodePath=/wls/em/EJBs/default/COMPONENTs/default/WEBSERVICECLIENTs/ItemCostService/PORTs/ItemCostServiceSoapHttpPort/INTERCEPTORs/, isJ2EE=true
[2010-04-01T12:15:59.046+05:30] [AdminServer] [NOTIFICATION] [] [oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Recipient Alias property not configured in the policy. Defaulting to encrypting with signers certificate.
[2010-04-01T12:15:59.046+05:30] [AdminServer] [NOTIFICATION] [] [oracle.wsm.agent.WSMAgent] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] WSMAgent is initialized for category=security, function=agent.function.client, topologyNodePath=/wls/em/EJBs/default/COMPONENTs/default/WEBSERVICECLIENTs/ItemCostService/PORTs/ItemCostServiceSoapHttpPort/INTERCEPTORs/, isJ2EE=true
[2010-04-01T12:15:59.328+05:30] [soa_server1] [NOTIFICATION] [] [oracle.soa.mediator.serviceEngine] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] MediatorServiceEngine received a request for operation = retrieveItemCost
[2010-04-01T12:16:02.109+05:30] [soa_server1] [WARNING] [] [oracle.soa.mediator.common] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Payload after BaseActionHander.requestMessage :{parameters=oracle.xml.parser.v2.XMLElement@137ba0c}
[2010-04-01T12:16:02.109+05:30] [soa_server1] [WARNING] [] [oracle.soa.mediator.common] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Properties after BaseActionHander.requestMessage :{ReferenceInstance=[email protected]9371, to=http://adc60091fems.us.oracle.com:6079/cstItemCosts/ItemCostService, oracle.fabric.security.identity.subject=Subject:[[
Principal: CrossDomainConnectors
Principal: all_function_all_data
Principal: authenticated-role
Private Credential: Subject:
Principal: all_function_all_data
Principal: CrossDomainConnectors
, tracking.compositeInstanceId=30022, tracking.ecid=0000IUs7bmy1f_JLMm0Fye1Bg7vS000325, tracking.conversationId=null, tracking.compositeInstanceCreatedTime=Thu Apr 01 12:15:59 IST 2010, action=http://xmlns.oracle.com/apps/scm/costing/itemCosts/service/ItemCostService/retrieveItemCostRequest, tracking.parentComponentInstanceId=reference:30019, MESH_METRICS=null, tracking.parentReferenceId=mediator:3B28BA003D5A11DFBF807548C0B7C19C:3B4087C03D5A11DFBF807548C0B7C19C:req, transport.http.remoteAddress=10.177.219.95}
[2010-04-01T12:16:02.125+05:30] [soa_server1] [WARNING] [] [oracle.soa.mediator.common] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Headers after BaseActionHander.requestMessage :[]
[2010-04-01T12:16:03.562+05:30] [soa_server1] [ERROR] [] [oracle.soa.mediator.serviceEngine] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Rolling back transaction due to ORAMED-03303:[Unexpected exception in case execution]Unexpected exception in request response operation "retrieveItemCost" on reference "Service1". Possible Fix:Check whether the reference service is properly configured and running or look at exception for analysing the reason or contact oracle support.
[2010-04-01T12:16:03.578+05:30] [soa_server1] [ERROR] [] [oracle.soa.mediator.serviceEngine] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Got an exception: oracle.fabric.common.FabricInvocationException: javax.xml.ws.soap.SOAPFaultException: FailedCheck : failure in security check[[
oracle.tip.mediator.infra.exception.MediatorException: ORAMED-03303:[Unexpected exception in case execution]Unexpected exception in request response operation "retrieveItemCost" on reference "Service1". Possible Fix:Check whether the reference service is properly configured and running or look at exception for analysing the reason or contact oracle support.
at oracle.tip.mediator.service.SyncRequestResponseHandler.handleFault(SyncRequestResponseHandler.java:207)
at oracle.tip.mediator.service.SyncRequestResponseHandler.process(SyncRequestResponseHandler.java:123)
at oracle.tip.mediator.service.ActionProcessor.onMessage(ActionProcessor.java:64)
at oracle.tip.mediator.dispatch.MessageDispatcher.executeCase(MessageDispatcher.java:124)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCase(InitialMessageDispatcher.java:514)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCases(InitialMessageDispatcher.java:417)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCases(InitialMessageDispatcher.java:301)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.dispatch(InitialMessageDispatcher.java:137)
at oracle.tip.mediator.serviceEngine.MediatorServiceEngine.process(MediatorServiceEngine.java:779)
at oracle.tip.mediator.serviceEngine.MediatorServiceEngine.request(MediatorServiceEngine.java:650)
at oracle.integration.platform.blocks.mesh.SynchronousMessageHandler.doRequest(SynchronousMessageHandler.java:139)
at oracle.integration.platform.blocks.mesh.MessageRouter.request(MessageRouter.java:179)
at oracle.integration.platform.blocks.mesh.MeshImpl$2.run(MeshImpl.java:167)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at oracle.integration.platform.blocks.mesh.MeshImpl.doRequestAsSubject(MeshImpl.java:165)
at oracle.integration.platform.blocks.mesh.MeshImpl.request(MeshImpl.java:141)
at sun.reflect.GeneratedMethodAccessor1762.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:296)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:177)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:144)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:59)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy184.request(Unknown Source)
at oracle.integration.platform.blocks.soap.WebServiceEntryBindingComponent.doMessageProcessing(WebServiceEntryBindingComponent.java:1169)
at oracle.integration.platform.blocks.soap.WebServiceEntryBindingComponent.processIncomingMessage(WebServiceEntryBindingComponent.java:768)
at oracle.integration.platform.blocks.soap.FabricProvider.processMessage(FabricProvider.java:113)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:1160)
at oracle.j2ee.ws.server.WebServiceProcessor$1.run(WebServiceProcessor.java:896)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at oracle.security.jps.internal.jaas.AccActionExecutor.execute(AccActionExecutor.java:47)
at oracle.security.jps.internal.jaas.CascadeActionExecutor$SubjectPrivilegedExceptionAction.run(CascadeActionExecutor.java:79)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.security.Security.runAs(Security.java:61)
at oracle.security.jps.wls.jaas.WlsActionExecutor.execute(WlsActionExecutor.java:48)
at oracle.security.jps.internal.jaas.CascadeActionExecutor.execute(CascadeActionExecutor.java:52)
at oracle.security.jps.internal.jaas.AbstractSubjectSecurity.executeAs(AbstractSubjectSecurity.java:105)
at oracle.j2ee.ws.server.provider.GenericProviderPlatform.runAs(GenericProviderPlatform.java:302)
at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:903)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessing(ProviderProcessor.java:561)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:216)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:179)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:417)
at oracle.integration.platform.blocks.soap.FabricProviderServlet.doPost(FabricProviderServlet.java:480)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:326)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: oracle.fabric.common.FabricInvocationException: javax.xml.ws.soap.SOAPFaultException: FailedCheck : failure in security check
at oracle.integration.platform.blocks.soap.WebServiceExternalBindingComponent.throwFabricInvocationException(WebServiceExternalBindingComponent.java:414)
at oracle.integration.platform.blocks.soap.WebServiceExternalBindingComponent.throwFabricInvocationExceptionForSoapFault(WebServiceExternalBindingComponent.java:410)
at oracle.integration.platform.blocks.soap.WebServiceExternalBindingComponent.processSOAPFault(WebServiceExternalBindingComponent.java:393)
at oracle.integration.platform.blocks.soap.WebServiceExternalBindingComponent.processOutboundMessage(WebServiceExternalBindingComponent.java:252)
at oracle.integration.platform.blocks.soap.WebServiceExternalBindingComponent.sendSOAPMessage(WebServiceExternalBindingComponent.java:635)
at oracle.integration.platform.blocks.soap.WebServiceExternalBindingComponent.request(WebServiceExternalBindingComponent.java:525)
at oracle.integration.platform.blocks.mesh.SynchronousMessageHandler.doRequest(SynchronousMessageHandler.java:139)
at oracle.integration.platform.blocks.mesh.MessageRouter.request(MessageRouter.java:179)
at oracle.integration.platform.blocks.mesh.MeshImpl$2.run(MeshImpl.java:167)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at oracle.integration.platform.blocks.mesh.MeshImpl.doRequestAsSubject(MeshImpl.java:165)
at oracle.integration.platform.blocks.mesh.MeshImpl.request(MeshImpl.java:141)
at sun.reflect.GeneratedMethodAccessor1762.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:296)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:177)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:144)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy184.request(Unknown Source)
at oracle.tip.mediator.serviceEngine.MediatorServiceEngine.request2Mesh(MediatorServiceEngine.java:981)
at oracle.tip.mediator.service.BaseActionHandler.requestProcess(BaseActionHandler.java:202)
at oracle.tip.mediator.service.BaseActionHandler.requestProcess(BaseActionHandler.java:94)
at oracle.tip.mediator.service.BaseActionHandler.requestProcess(BaseActionHandler.java:74)
at oracle.tip.mediator.service.SyncRequestResponseHandler.process(SyncRequestResponseHandler.java:74)
... 64 more
Caused by: javax.xml.ws.soap.SOAPFaultException: FailedCheck : failure in security check
at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:882)
at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:715)
at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226)
at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97)
at oracle.integration.platform.blocks.soap.AbstractWebServiceBindingComponent.dispatchRequest(AbstractWebServiceBindingComponent.java:450)
at oracle.integration.platform.blocks.soap.WebServiceExternalBindingComponent.processOutboundMessage(WebServiceExternalBindingComponent.java:185)
... 88 more
[2010-04-01T12:16:03.578+05:30] [soa_server1] [ERROR] [] [oracle.soa.mediator.serviceEngine] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Updating fault processing DMS metrics
[2010-04-01T12:16:03.656+05:30] [soa_server1] [NOTIFICATION] [] [oracle.soa.mediator.serviceEngine] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] MediatorServiceEngine returning a response for operation = retrieveItemCost
[2010-04-01T12:16:03.656+05:30] [soa_server1] [NOTIFICATION] [] [oracle.wsm.agent.WSMAgent] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [J2EE_MODULE.name: fabric] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Message Type is normalized, exiting agent.processFault()
[2010-04-01T12:16:03.656+05:30] [soa_server1] [NOTIFICATION] [] [oracle.wsm.agent.WSMAgent] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [J2EE_MODULE.name: fabric] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Message Type is normalized, exiting agent.processFault()
[2010-04-01T12:16:04.296+05:30] [soa_server1] [ERROR] [OWS-04115] [oracle.webservices.service] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [APP: soa-infra] [arg: FabricProvider] [arg: javax.xml.rpc.soap.SOAPFaultException: FailedCheck : failure in security check] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] An error occurred for port: FabricProvider: javax.xml.rpc.soap.SOAPFaultException: FailedCheck : failure in security check.
[2010-04-01T12:16:04.312+05:30] [AdminServer] [NOTIFICATION] [] [oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Dispatch.invoke failed.Exception stack trace written to trace file.
[2010-04-01T12:16:04.343+05:30] [AdminServer] [ERROR] [EM-00453] [oracle.sysman.emas.model.wsmgt.WSTestModel] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Failed to invoke operation
[2010-04-01T12:16:04.343+05:30] [AdminServer] [ERROR] [EM-00453] [oracle.sysman.emas.view.wsmgt.WSView] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE]*.ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Failed to invoke operation*
[2010-04-01T12:16:04.359+05:30] [AdminServer] [NOTIFICATION:24] [] [oracle.sysman.core.app.menu.XMLMenuManager] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] The Document for grid menu is not found.
[2010-04-01T12:16:04.531+05:30] [AdminServer] [WARNING] [] [org.apache.myfaces.trinidad.bean.PropertyKey] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Unserializable value:oracle.sysman.core.view.tgtctls.common.DefaultTreeModel@15622f9 for key:UINodePropertyKey[value,17]
Thanks
Nitin

Thanks again Billy,
I have configured a wallet with all the necessary certificates. Actually I have purchased a VeriSign trusted certificate and convert that into Oracle Wallet (p12) using openssl with appropriate password. And I'm calling UTL_HTTP.set_wallet('<path_to_wallet>','<pass_to_open_it>');
I have send my public key to them (web service company) and they need me to send my certificate with every request so that they can authenticate.
You are saying we don't have to write any code for TLS/SSL UTL_HTTP will take care of that, thats really good.
One more thing I want to mention here...
In Internet Explorer - When I am importing my certificate without my private key and trying to access web service I'm getting 404 page not found error.
But when I'm importing my certificate with the private key, I can see WSDL and all other methods offered by that web service.
I'm guessing Oracle Wallet that I'm creating with my certificate will store private key also. B'coz it is showing me User Certificate in Ready state.
ORA-00600 is not giving me proper location where I can find any error in my code.
Thanks
-Smith

Cross domain policy file and BitmapData

Hey guys and gals, I'm having an issue with a Security error
when trying to access photos from an external site. I have a client
who is at siteA.com, who wants to load in photos from siteB.com,
siteC.com, and probably 100 other sites. He has permission to do so
from the other sites, but doesn't want to go through all the
trouble of asking each site to post a cross-domain policy file.
Please correct me if I'm wrong, but the way I understand it is, if
you want to simply load an image into a Loader object within a swf,
you're ok, but if you want to access the BitmapData, you will then
get a security error? My snippet of code that I believe is causing
the security error is
public function imageLoaded(e:Event):void {
var image:Bitmap = Bitmap(e.target.loader.content);
image.smoothing = true;
imageContainer.addChild(e.target.loader);
As you can tell, the reason why I want to access the Bitmap
itself is to apply smoothing. That is my main concern, I want to be
able to apply smooth transitions to these pictures that are loaded
in from external sites. My main goal is to load images externally,
then apply smooth transitions, so if you know of a way to get
around the security violations, that would be great. The only
work-around we have for this is to write a script that will load
all the images from the external sites onto the local server, as
this will be less work than getting the cross-domain policy file on
each server (if that's what it takes). Thanks in advance for
anybody who can shed some light on the subject.

If I understand you correctly, a 'helper' swf would be on the
site where the images are held, much like a cross-domain policy
file? I don't understand how that would be much different than
getting the external sites to add a cross-domain policy file on
their server. It sounds easier to just throw the cross-domain
policy file on the external site's server with '*' for the path of
allowed directories to load images from. I'm pretty new to the
cross-domain security issue, so I'm not sure. I don't understand
why it's a security risk to access the pixels of an image either...
anybody know about that? Just trying to figure out where to go from
here on this project. Thanks for the reply GWD, still looking for
some more feedback.

Cross Domain user security Authentication in Oracle Weblogic Server 10.3.3

Now i have configure the cross domain user configuration in the oracle weblogic 10.3.3 server. But i am not able to configure.
I have mentioned the below oracle document to configure the cross domain configuration.
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/secmanage/domain.html#domain_interop
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13752/toc.htm#INTRO120
http://download.oracle.com/docs/cd/E14571_01/apirefs.1111/e13952/taskhelp/security/EnableTrustBetweenDomains.html
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/ConsoleHelp/taskhelp/security/ConfigureConnectionFiltering.html
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/security/con_filtr.html#wp1030656
Regards,
S.Vinoth Babu

sorry,wrong forum
move to Weblogic Server Section
Edited by: inchlin on Apr 1, 2009 9:39 AM

FPN - Cross domain configuration...

Hi All,
Has anyone done cross domain configuration in FPN ?
I have see the steps what SAP has given. But I am sure it has lots apart from it.
It will be great if anyone can share the detail steps and also list any issues and the associated solutions .
Thanks and Regards,
Mahantesh

Hi Mahantesh,
the problem with different domains is in setting up the trust. You may use relax domain parameter but this depends on the domains you use. A proxy may also be helpful.
Hope this helps
Anja

Cross Domain Trust Error, while opening the infopath in sharepoint list.

Dear All,
Facing some issue in
Environement:
Windows = Windows Server 2008
Shareppoint = Sharepoint Server 2013.
Project Server = Project Server 2013
Info Path = Info Path Designer 2013
Detailed:
I have sharepoint environment with Project Server,I which have created task list in my project site and then i customize that form using info path their is one column named: "Product Name" in my task list which is drop down menu in that menu
i want to show all the project name which are created in PWA Site. For that i made the External data connection to my sql server and select my desired table from that and also configured the my column data "i:e; Product Name. And published it to the my
site. Now when i opened that form it prompts the error
"The form cannot be submitted because this action would violate cross-domain restrictions.
If this form template is published to a SharePoint document library, cross-domain access for user form templates must be enabled
under InfoPath Forms Services in SharePoint Central Administration, and the data connection settings must be stored in a UDC file in a data connection library in the same site collection.
If this is an administrator-approved form template, the security level of the form must be set to full trust, or the data connection
settings must be stored in a UDC file by using the Manage data connection files option under InfoPath Forms Services in SharePoint Central Administration ."
Oopsss !!
Now start googling it found couple of solution shared listed below:
1. Enable the cross domain authenticated in Central Admin –> General Application Settings –> Configure InfoPath Form Services (Done)
2. Now Created the data connection library in my site collection which is PWA Site after that i went to the infopath and creating the data connection and
Convert to Connection File and enter the URL of the data connection library
and its prompt the error " the specified url is not a data connection library and enter the correct filename" didnt remember the exact error description at the moment.
So, that was all stuff, Kindly suggest me any step which i missed that or ay solution that resolve my this issue.
Thanks
REGARDS DANISH DANIE

it seems the data-seed failed in your dehydration store.
so i would check if user orabple exsits in your db (pw is orabpel) .. and recreate the schema by executing the following script (based on your db)
orabpel\system\database\scripts\domain_oracle.ddl
hth clemens

ReportViewer & IReportServerCredentials WORKS within Domain; FAILS with Cross-Domain request:HTTP status 401: Unauthorized

The IReportServerCredentials approach with the ReportViewer control is working fine within a domain, but I get a 401 not authorized error for a Web IIS server trying to call a SSRS server in another domain. I've see plenty of helpful postings on the use
of IReportServerCredentials but nothing that provides suggestions for this cross domain issue. Hope someone has some ideas on this one. Thanking you in advance for your response.
Using VS 2008 VB.NET web app with ReportViewer control Version=8.0.0.0.
Outside domainA Web Server IIS 8. OS = Windows NT 6.2;
Inside domainA Windows 7 desktop; Inside domainA Windows Server 2003
SSRS using windows authentication and on SQL Server 2012. OS = Windows NT 6.2
The processing described below successfully produces a report when the web server app runs on a machine in the same domain as the SSRS server. For the "same domain" web app, both Win 7 desktop VS 2008 development server and Windows 2003 IIS 6 have
been tested successfully.
The report fails with error "The request failed with HTTP status 401: not authorized " when the web app is run from a windows IIS 8 machine (outward or Internet facing web server) that is not in the domain of the SSRS server. The ReportViewer control
credentials (provided by IReportServerCredentials and taken from the web.config file) match a domain account in the same domain as the SSRS
server and one that has browser permission on the report folder. The same credentials are used successfully for reports requested from within the SSRS domain.
One interesting thing is that on the Internet facing web server, I can access the report via a browser request. So it is possible to have a user request coming from the Internet facing machine get through the SSRS windows authentication. Just does not
work for the ReportViewer.
Using IReportServerCredentials interface per example provided by Microsoft msdn site. Code listed below.
IReportServerCredentials would appear to be a viable approach because it can pass credentials of a windows account known to the SSRS server, but not known to the client machine. By the way, database calls to SQL Server in domainA using a SQL Server
native login account work fine. So the network support communication to a domain that the web server does not belong to.
<Serializable()> _
Public NotInheritable Class MyReportServerCredentials
    Implements IReportServerCredentials
    Public ReadOnly Property ImpersonationUser() As System.Security.Principal.WindowsIdentity _
        Implements IReportServerCredentials.ImpersonationUser
        Get
            'Use the default windows user. Credentials will be
            'provided by the NetworkCredentials property.
            Return Nothing
        End Get
    End Property
    Public ReadOnly Property NetworkCredentials() As ICredentials _
            Implements IReportServerCredentials.NetworkCredentials
        Get
            'Read the user information from the web.config file.
            'By reading the information on demand instead of storing
            'it, the credentials will not be stored in session,
            'reducing the vulnerable surface area to the web.config
            'file, which can be secured with an ACL.
            'User name
            Dim userName As String = _
                ConfigurationManager.AppSettings("MyReportViewerUser")
            If (String.IsNullOrEmpty(userName)) Then
                Throw New Exception("Missing user name from web.config file")
            End If
            'Password
            Dim password As String = _
                ConfigurationManager.AppSettings("MyReportViewerPassword")
            If (String.IsNullOrEmpty(password)) Then
                Throw New Exception("Missing password from web.config file")
            End If
            'Domain
            Dim domain As String = _
                ConfigurationManager.AppSettings("MyReportViewerDomain")
            If (String.IsNullOrEmpty(domain)) Then
                Throw New Exception("Missing domain from web.config file")
            End If
            Return New NetworkCredential(userName, password, domain)
        End Get
    End Property
    Public Function GetFormsCredentials(ByRef authCookie As Cookie, _
                   ByRef userName As String, _
                   ByRef password As String, _
                   ByRef authority As String) As Boolean _
        Implements IReportServerCredentials.GetFormsCredentials
        authCookie = Nothing
        userName = Nothing
        password = Nothing
        authority = Nothing
        'Not using form credentials
        Return False
    End Function
End Class
'Set the ReportViewer values and retrieve the report from the SSRS server into a pdf file on the client machine.
ProposalRptViewer.ProcessingMode = Microsoft.Reporting.WebForms.ProcessingMode.Remote
' Set the ReportViewer ReportServerCredentials from the MyReportServerCredentials Class.
' Note the credentials are for a domain account defined in the same domain that the SSRS server belongs to and one that has browser permission on the report folder.
ProposalRptViewer.ServerReport.ReportServerCredentials = _
     New MyReportServerCredentials()
ProposalRptViewer.ServerReport.ReportServerUrl = New Uri(System.Configuration.ConfigurationManager.AppSettings(Web.[Global].CfgKeyReportServerURL))
ProposalRptViewer.ServerReport.ReportPath = System.Configuration.ConfigurationManager.AppSettings(Web.[Global].CfgKeyReportPathProposal)
ProposalRptViewer.ShowCredentialPrompts = False     ' disable prompting for data source credentials
Dim paramList As New Generic.List(Of ReportParameter)
Dim pInfo As ReportParameterInfoCollection
pInfo = ProposalRptViewer.ServerReport.GetParameters()
paramList.Add(New ReportParameter("ProposalID", ProposalID, True))paramList.Add(New ReportParameter("Entity", Entity, True))
paramList.Add(New ReportParameter("intRatesPage", intRatesPage1, True))
ProposalRptViewer.ServerReport.SetParameters(paramList)
' Process and render the report
ProposalRptViewer.ServerReport.Refresh()
Dim mimeType As String = Nothing
Dim encoding As String = Nothing
Dim streams As String() = Nothing
Dim extension As String = Nothing
Dim warnings As Microsoft.Reporting.WebForms.Warning() = Nothing
Dim returnValue As Byte()
' Render the proposal Rate Page 1 report to a Byte Array output in pdf file format.
returnValue = ProposalRptViewer.ServerReport.Render("PDF", Nothing, mimeType, encoding, extension, streams, warnings)
An error only occurs for web server not in the domain of SSRS Server:
The request failed with HTTP status 401: Unauthorized.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack
trace below.
Stack Trace:
[WebException: The request failed with HTTP status 401: Unauthorized.]
   Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.GetSecureMethods() +236
   Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.IsSecureMethod(String methodname) +58
   Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.SetConnectionSSLForMethod(String methodname) +16
   Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.LoadReport(String Report, String HistoryID) +226
   Microsoft.Reporting.WebForms.ServerReport.GetExecutionInfo() +192
   Microsoft.Reporting.WebForms.ServerReport.SetParameters(IEnumerable`1 parameters) +136
   DeltaRater.Web.ViewRates.btnCreateProposal_Click(Object sender, EventArgs e) in C:\alex\~~_____Rapid_Rater\SourceDir_VS2008_Jan17_2014\DRR\ViewRates.aspx.vb:911
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981
Version Information: Microsoft .NET Framework Version:2.0.50727.8009; ASP.NET Version:2.0.50727.8010

I got the answer to my question by following suggestions by Irb on another technical forum.
From web server (not on same domain), I was passing credentials of a domain account on the SSRS server. Irb suggested I create a local account on the SSRS server and pass those credentials. I tried this but got the same results.
This approach worked for web server in SSRS domain, but failed with 401 Unauthorized for web server outside the SSRS domain. Per suggestion for local account on SSRS server, I tried passing empty string "" as the domain via IReportServerCredentials.
Again this works for web server in the same domain as SSRS. But I get the 401 Unauthorized error when the web server is outside the domain. In testing and checking similar posts, I discovered an additional piece was required for the report request to work
across domains. The default user did not have authority to send the request and/or receive the report. Adding the following in <system.web> section of web.config file was needed.
<identity impersonate="true" userName="localwindowsuser" password="#########"/>          where "localwindowsuser" is a windows user defined on the web server.
I never needed this extra piece when the web server ran in the same domain as the SSRS server. I thank Irb for making me go through the details of additional tests because that is how I stumbled across an identity comment and ultimately got things working.

Problem authenticating user in Active Directory cross domain

Hi,
We have two different AD servers serving our London and Tokyo networks. My application runs in London network but used by both London and Tokyo users.
The two ADs have domain trust setup between them. I have groups defined in London AD to which users from both the London and Tokyo ADs are assigned.
'm trying to connect to London AD using the "users credentials" and retrieve the groups they are assigned to.
I can connect to the London AD using any of the London user and I could retrieve the groups. But when I use a Tokyo user credentials to connect using the London AD server 'm getting Security exception with a code indicating "User Not Found".
The code I use which is very basic is given below . The code below run as such gives me the following error,
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece.
If I change in the code below, Provider URL to Tokyo AD Server URL then it works but I can't use that due to security restrictions. As per the Windows Team the domain trust should allow me to connect/bind to the London AD Server with the Tokyo credentials.
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "london ldap server url");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.REFERRAL, "follow");
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
env.put(Context.SECURITY_CREDENTIALS, "password");
env.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory");
ctx = new InitialLdapContext(env, null);
I would like to know how to authenticate a user in a cross domain Active Directory environment. I read in one of the blogs that the "simple bind" will not work for cross domain user authentication. Unfortunately the blogger didn't mention what would work :( . Any help is much appreciated.
Please bear with me if my query is a naive one and point me in the right direction.
Thanks
Jothi

Hi Praveen,
to avoid losing data when user objects are moved to new locations in the LDAP server, it is possible to configure the User Management Engine to use the value of a specific unique attribute as part of the unique ID instead of the distinguished name.
For this, you have to change the following UME properties:
For user objects: ume.ldap.unique_user_attribute=<attributename>
For account objects: ume.ldap.unique_uacc_attribute=<attributename>
For group objects: ume.ldap.unique_grup_attribute=<attributename>
Be aware that the attribute (i.e. cn or uid) must be unique in the configured user/group path.
Please read SAPNote 777640 for more information regarding this problem and the way to change the UME properties.
Best regards,
Robert

Cross domain policy issues

I am attempting to communicate with a web service via flash
across sub domains. All works fine and dandy on my local machine,
but when i upload to my web server there is no communication across
the domains. The way the servers are configured, i don't have
access to the root of the domain to place the crossdomain.xml in
the default location, so i have it in the folder next to the web
service and link to it directly shown below. I have this line on
the first frame of the first layer of my file
quote:
System.security.loadPolicyFile("MYDOMAIN/StudentConnect2Apply/crossdomain.xml");
The server containing the flash file is insecure and the web
service is secure (https). this is what my crossdomain.xml file
looks like:
quote:
<cross-domain-policy>
<allow-access-from domain="*.MYDOMAIN.net"
secure="false"/>
</cross-domain-policy>
I have also enabled logging within my flash player to track
down problems, when i initially load the page in the browser, it
approves the policy file:
quote:
OK: Policy file accepted:
https://MYDOMAIN/StudentConnect2Apply/crossdomain.xml
But after submitting the form and attempting to interact with
the web service, i get an error saying permission is denied due to
lack of policy file permissions and
quote:
Warning: Failed to load policy file from
MYDOMAIN/crossdomain.xml
It is looking in the root of the domain after i defined and
it accepted the overridden location. Is there another way to define
where the crossdomain.xml file is located that i am missing,
possibly in the web service settings somewhere?

I have found my answer, thanks to another forum.
Meta-Cross Domain Policies.
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_03.html
Basically I can now say "f*ck you adobe. I as a college
student who likes to host things on my 150 MB of server space can
no longer host XML formatted levels for games I write. Because I am
not the administrator of the server and will never be able to
convince the administrator to let me have the MCDP file allow my
flash file to load it's levels."
F*ck you Adobe, F*ck You.

Are Cross Domain Flash Local Shared Objects (LSO aka Flash Cookie) possible

Hi,
I found several solutions for creating Flash LSOs from JavaScript (for example: http://www.nuff-respec.com/technology/cross-browser-cookies-with-flash )
If Page (www.hostA.com/index.html) and the .swf file are from the same site, everything works fine.
Now I'm trying to load the page form www.hostA.com/index.html, which includes www.hostB.com/flashcookie.swf (different sites). But then I cannot read or store the LSO.
I have tried several configurations (crossdomain.xml, Security.allowDomain("...") ), but nothing works.
Is this kind of cross domain access to a LSO possible?
Can a flash based advertisement delivered by a 3rd party save a LSO on my disc?
Thanks
-stephan

I 100% agree! We have an application that the Government requires information to be stored on the users computer as part of Multi-Factor-Authentication. We originally wrote it as a browser application and when everyone and their brother started deleting browser cookies because of security concerns, we totally re-wrote it as a Flash application to take advantage of permanent storage. This new "feature" in Flash Player is causing much concern because thousands of users will need to start answering lots of security questions every single time they use the application (ie: daily) and our staff is having to handle technical support questions that shouldn't exist. Right now it's only IE that's causing the issue, but I'm sure every browser and Internet Security program will soon be adding this to their products. There should at least be a way for the USER to white-list a specific Domain so Flash could exempt those sites from ANY external program trying to delete ALL Shared Objects/Local Storage/Flash Cookies. The USER should be given that choice. This would satisfy the extra privacy you are putting in there and still allow information to be stored from sites that require it.
John

Problem with socket cross domain

Hi guys,
This is my cross domain file:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="*"/>
<allow-access-from domain="localhost" to-ports="80" />
</cross-domain-policy>
I am placing it in my server.
From flex i am running this:
Security.loadPolicyFile("my server address");
And yet I am getting this event:
SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048"
What can I do?

Hello ILikeMyScreenNameNdCoffee,
I had the same problem with XMLSocket and I used a policy server that runs
on the remote server on port 843 and from Flex I load file before connecting
the xmlsocket Security.loadPolicyFile("my server address:843"). If you want
I can upload a version of my policy server or you can use the server policy
from here
http://www.broculos.net/tutorials/how_to_make_a_multi_client_flash_java_server/20080320/en
Also you can read here more about file policy:
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_04.html.
On Thu, Aug 19, 2010 at 5:40 PM, ILikeMyScreenNameNdCoffee <[email protected]

How to use a cross-domain comp. library?

Hi, all.
I have a problem in using a cross-domain library on pages of
a different domain.
To elaborate the circumstance:
I have 2 different domains on my project, say
www.my-dom-0.com and ww.my-dom-1.com.
I wrote an ActionScript component library and placed it at
my-dom-0.
And it works by calling a pre-determined set of Javascript
functions and objects under the hood.
Since the library is supposed to be cross-domain,
it may be used by flex applications either of my-dom-0 or of
my-dom-1.
They seemed to work fine until I hit upon the problem when
applications of my-dom-1 attempted to use the library's features in
IE7.
I verified that the required Javascript codes were placed in
the pages that had the applications.
With Firefox, they worked okay.
After some digging, I found that they didn't work due to
something related with
#error
2060.
Does anyone know how to make this work?
I'd like someone familiar with the issue to help me out of
the problem.
Thanks in advance.

Hi,
I think this
http://livedocs.adobe.com/flex/201/langref/flash/system/Security.html#allowDomain()
can solve your problem.
Hope this helps.

Cross Domain error for Silverlight + MVC application with self hosted WCF service on azure

Hi,
We are migrating existing Silverlight application to MVC; existing Silverlight application is hosted on
Azure which is consuming self-hosted WCF service. For authentication we have implemented
ADFS with WIF (passive). The cloud service (<myWebSite>.cloudapp.net) is C Name to (<myWebSite>.<myDomain>.com) and we
are consuming WCF service at <myWebSite>.cloudapp.net/<myService>.svc, as we were getting “Cross Domain” error so we have added “clientaccesspolicy.xml” at the root of “WEB ROLE”.
Existing Silverlight application works fine but the problem occurred when we deploy our migrated application to the same cloud service. We are getting a “Cross Domain” error.
The same migrated application works fine on UAT environment, the only difference is UAT environment is
without ADFS WIF implementation.
Migrated application is half Silverlight and half MVC with initial landing page is Silverlight. MVC web role is used to host the service i.e. .SVC . To go to SL landing page , redirected from home controller. Following is being observed in fiddler for this
application
Existing Silverlight application -
After authentication with ADFS it redirect to Silverlight landing page.
Before calling service method it looks for “clientaccesspolicy.xml”
In response header we are getting the content of “clientaccesspolicy.xml”
And after this everything works fine
Migrated Silverlight-MVC application –
After authentication with ADFS it redirects to “HomeController” and from there we are redirecting to Silverlight landing page.
Before calling service method it looks for “clientaccesspolicy.xml”
In response header we are getting following content - “https://federation-sts.<myDomain>.com/adfs/ls/?wa=wsignin1.0&
wtrealm=https%3a%2f%2f<myWebSite>.<myDomain>.com&
wctx=rm%3d0%26id%3dpassive%26ru%3d%252fclientaccesspolicy.xml&wct=2014-03-17T10%3a36%3a04Z”
4.Throw “Cross Domain” error.
Also we have added filter in
RouteConfig
for .xml file
routes.IgnoreRoute("{*allxml}",
new { allxml = @".*\.xml(/.*)?" });
NOTE: There is no configuration change apart from MVC configuration.
We have done RDP to web role and found that “clientaccesspiolicy.xml” is present at “E:\approot” location and it is also accessible at “https://<myWebSite>.<myDomain>.com/clientaccesspolicy.xml”.
Please help
Thanks,
Rahul P

Hi,
Please try to configure the cross domain policy file to allow public read access (that is, access it without federation requirement), make sure you can access the address
http://something/clientaccesspiolicy.xml directly in a browser
without redirecting to check whether the cross domain policy file could be anonymous accessed (Please start a new browser session and make sure you're
not logged in. Then test the cross domain policy file.).
Best Regards,
Ming Xu
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

Cross Domain Connection Issues with Test Controller

I am having trouble resolving a problem I have connecting a build agent with the test controller in a cross domain environment. I have purged out the actual machine names, domain names, and IP addresses just in case that is a security concern.
Situation is this:
All machines are running Visual Studio 2013
Test controller/agents are on Windows Server 2012 R2
Test controller is installed as stand-alone in order to be able to do load testing, as well as API and CodedUI.
Build definition in TFS kicks off the automation using testsettings file to point to build controller
Application under test uses resources in the ABC.XYZ domain. Test agents need to be in ABC.XYZ in order to test application E2E.
TFS is in Main.corp.company.com domain.
Test controller is a dual-homed box in corp.company.com and ABC.XYZ domains. It are accessible from Main using the corp.company.com NIC.
All our dual homed boxes are set up this way. Dual homed with Main and ABC directly is considered a security violation.
From the dual homed box, logged in with my ABC credentials, I can access TFS in Main using my Main credentials.
Manually, I can successfully kick off a test run from a command line from a VM in ABC.
Build controller and build agents are in Main.corp.company.com.
Build controller can successfully connect to build agent, and build agent successfully builds the automation.
Build agent fails to connect to build controller:
Failed to queue test run 'buildagent@MachineOne 2014-08-12 12:35:34_Any CPU_Debug': No such host is known
I can ping the build controller from the test agent, and I can successfully query port 6901:
Querying target system called:
testcontroller.corp.company.com
Attempting to resolve name to IP address...
Name resolved to 10.10.10.111
TCP port 6901 (unknown service): LISTENING
Firewall is turned off on the test controller. Even if it wasn’t, the relevant rules allowing port 6901 and File and Printer Sharing are created.
Local Security Policy | Security Options | Network access: Sharing & security model = classic
NETBIOS names of the test agents and build agent are set in the test controller’s hosts file (they were pingable without this anyway)
NETBIOS name of the test controller is set in the test agent’s hosts file (it was pingable without this anyway)
Tried both simple NETBIOS name and FSDN for test controller in testsettings file
Considering installing a build agent on the same machine as the test controller, but suspect that would just move my communication problem to build controller : build agent
Considering moving test controller to Main and making the four test agents dual-homed, but there is a concern to limit the number of dual-homed boxes, and also suspect that would again just move the communication problem.
I can use netstat to verify that the service is listening to port 6901 on both NICs:
TCP 0.0.0.0:6901 0.0.0.0:0 LISTENING 6536
TCP [::]:6901 [::]:0 LISTENING
6536
(PID 6536 is the QTController.exe)
However the VSTTController.log only mentions listening to the ABC NIC. Since the connection to the ABC test agents works, that makes sense.
When I open the testsettings file on my laptop in the Main domain and examine the server name, there is a warning that the host cannot be found. When I open it on a VM in the ABC domain I am able to manage the test controller and view all the test
agents. However, if I try to restart the build controller I get an access denied error. Not sure if that is related in some way.
I am using a ABC domain service account to run the test agent sevice. There is a Main domain service account running the build. Both service accounts are administrators on the test controller and in the TeatTestControllerAdmins and TeatTestControllerUsers
groups. The test agent service account is also in the TeamTestAgentService group.
I tried to create a port proxy to forward requests from the Main facing NIC to the port on the ABC facing NIC:
netsh interface portproxy add v4tov4 listenport=6901 listenaddress=10.10.10.111 connectport=6901 connectaddress=10.20.20.222
This almost worked. I could see with netstat commands that the port was opened and a connection was established with the build agent, however after a long wait it hit an error that it couldn’t find the ABC NIC:
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.20.20.222:6901
So apparently the ABC IP is getting forwarded back to the test agent, which then of course can’t use it.
I am running out of ideas to try. Not sure where the problem is:
Cross-domain issue between Main.corp.company.com and corp.company.com? Or,
Problem with the test controller not being able to listen on more than one NIC?
I know I am not the first person to try to set up something cross domain. Most of the troubleshooting suggestions I have been able to bing have been about fixing connections between test controller and test agents, which isn’t the problem here.
Is this set up just so far from standard that VS can’t handle it?
Thanks in advance,
Gary

Hi Gary,
Thank you for posting in the MSDN forum.
>> Build agent fails to connect to build controller: Failed to queue test run 'buildagent@MachineOne 2014-08-12 12:35:34_Any CPU_Debug': No such host is known
>> I know I am not the first person to try to set up something cross domain. Most of the troubleshooting suggestions I have been able to bing have been about fixing connections between test controller and test
agents, which isn’t the problem here.
Just to make this issue clearly, you mean that it is not the Test Controller and Test Agent issue, am I right?
As you said that it is related to the Build controller and build Agent, am I right?
If it is related to the Build Controller and Build Agent, I suggest you post this issue to the TFS forum, there you would get dedicated support.
http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?category=vstfs&filter=alltypes&sort=lastpostdesc
If there's any concern, please feel free to let me know.
Sincerely,
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. <br/> Click <a
href="http://support.microsoft.com/common/survey.aspx?showpage=1&scid=sw%3Ben%3B3559&theme=tech"> HERE</a> to participate the survey.

Problem with Cross-domain SSO, NTLM and ITS to R/3

Hello,
We are using EP 6.0.13.0 on a Windows environment. We have an ITS running WebGUI/ESS/MSS in another domain and that is the same domain where the R/3 and BI systems reside. We have configured NTLM authentication using IIS web server 6.0 and the IISProxy 1.6.2. We have configured SSO with the backends using the same ID as in the MS-ADS. Almost everything works fine.
The problem is that when we use the NTLM logon VIA the IIS to the portal, and then navigate to a WebGUI service transaction we are prompted for login. When we refresh the portal screen and try again - it works.
We have configured the mdc.hosts and are using the sendSAPSSO2Cookie.asp to generate the cross-domain logon ticket.
I have read that ITS may require the PAS be set up but I thought that was only used when you are going directly to the ITS (leveraging the NTLM authentication) - not when you are going through the portal.
Does anyone have some experience using ALL of the SSO features (i.e. SSO, cross-domain support, ITS, windows integrated authentication)?
We have though about the relax option for the domain but it does not apply as our domains are:
SERVER1.domain1.com and SERVER2.domain2.com
... so relaxing would not help unless we relaxed to the ".COM" which is unreasonable.
My regards,
Judson Maizels

Hi JUDSON
well i'll give one easy solution
make a alias under host file reside in winnt\system32\drivers\etc directory which has same domain name
i.e
SERVER1.domain1.com server1.mydomain.com
SERVER2.domain2.com server2.mydomain.com
it's works in my schenario we have a same system landscape
as you
regards,
kaushal

Cross Domain Security Express - RAC configuration

Similar Messages

Maybe you are looking for