CSS 11503 Users using a proxy

Similar Messages

• How to use an authenticated user for a proxy call

  Dear all,
  I am currently working on a JEE application where the user needs to authenticate (for this I have configured the web.xml).
  Now inside this application I need to do a proxy call to a PI webservice.
  I would like to use the user credentials of the already logged in user in order to call the proxy.
  What I don't want to do is to use a service user for the proxy call.
  The code I am trying to call looks something like this:
       private IntegratedConfigurationIn getPort() throws Exception{
            IntegratedConfigurationIn port = null;
            try {
                 IntegratedConfigurationInService service = null;
                 service = new IntegratedConfigurationInService();
                 port = (IntegratedConfigurationIn) service.getIntegratedConfigurationIn_Port();
                BindingProvider bp = (BindingProvider)port;
                bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, user);
                bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);
                if (url.length() != 0)
                     bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, url);
            catch (Exception ex){
                 ex.printStackTrace();
            return port;
  The examples I found to retrieve the userdata pointed to codes similar to this one:
  public HttpServletRequest getHttpRequest() throws Exception {
            // Get runtime context
            Properties props = new Properties();
            props.put("domain", "true");
            Context initialContext = new InitialContext(props);
            ApplicationWebServiceContext wsContext = (ApplicationWebServiceContext) initialContext
                      .lookup(" /wsContext/ApplicationWebServiceContext");
            HttpServletRequest req = wsContext.getHttpServletRequest();
            return req;
  com.sap.security.api.IUser sapUser = com.sap.security.api.UMFactory.getAuthenticator().getLoggedInUser(getHttpRequest(), null);
            IUser ep5User = com.sapportals.wcm.util.usermanagement.WPUMFactory.getUserFactory().getEP5User(sapUser);
  Now I don't know how to bring it togehter and how to use an authenticated user for the BindingProvider.
  I would appreciate any hints or ideas.

  Peter,
  from the first screenshot, what I understood is that, you are calling an inbound PI web service that is intended to create an integrated configuration object (this is used for whole lot of other reason completely) but not actually calling a development web service.
  For this, you would have to generate your client classes from the WSDL provided by the PI developer for that particular service. Once you get those client classes generated, you could used the method provided in the other screenshot to extract the user and password and call the intended web service.
  Vijay Konam

• Routing non-TCP/UDP traffic while using FWLB on CSS 11503s

  Hello all,
  I've been tasked to setup up FWLB with CSS 11503's as shown below. The issue is that intranet workstations use VPN client software when connecting to certain sites through the Internet and other times they use http or https (for connection to different sites). Because no flow is setup for ipsec and ECMP uses per packet routing for non TCP/UDP traffic, I'm concerned that load balancing through the firewalls will occur on a per packet basis. If that is true, stateful inspection in the firewalls will block asymmetrical traffic flows.
  Is my understanding correct? And, if so, is there a way to configure the CSS units to deal with this?
  Thanks in advance.
  (sorry for the dots in the drawing but the spaces kept getting deleted)
  .| Internet |
  ..........|
  .| CSS-outside |
  .............|
  ........|...............|
  .| FW1 |.....| FW2 |
  .......|................|
  ............|
  .| CSS-inside |
  ............|
  .| Intranet |

  for non-flowy traffic like IPSEC, we use a hash algorithm to decide where to send the traffic.
  So, it's not per packet loadbalancing.
  The same source/destination ip/port will always go to the same firewall.
  Gilles.

• Global Cerificate on CSS 11503

  Hi
  I am planning to enable https for few web servers behind a CSS 11503. I have tested the functionality with the trial cert every thing works as desired.
  Now I need to buy a certificate from Verisign to make it work in production.
  At verisign they offer two different certs (Secure Site --40 bits encryption) and (Secure Site Pro -- 128 bit encryption).
  1. Is this 128 bit cert a "global cert"? and I need to concatenate the "intermediate cert" and "server cert" to make it work?
  2. If all my users are in USA then does it make sense to buy this 128 bit certificate?
  3. Verisign website also asks for "server Platform" and cisco is not mentioned as an option (I can see other LB as F5 in the list). What should I select for the server Platform when I am requesting it for CSS 11503 (I have generated the CSR on CSS 11503).
  Thanks in advance
  Glenn

  1.The guy who picked the phone at verisign had no clue.Verisign website says the following
  Secure Site Certificate (40bit minimum)- SSL Certificates without SGC
  To install your SSL Certificate, go to the instructions below for your server software. If your server is not listed or you need additional information, refer to your server documentation or contact your server vendor
  Secure Site Pro Certificate(128bit minimum) - SSL Certificates with SGC
  If you are installing an SSL Certificate with SGC, you need to copy an Intermediate CA Certificate before proceeding to the installation instructions for your server software.
  2.My understanding was that 40 bit is minimum encryption level and only old browsers (exported ones) will us 40/56 bit ciphers. Other wise even with 40 bit certificate the new browsers will establish a 128 bit session.
  Verisign says about their 40 bit certificate
  "40-Bit to 256-Bit SSL Encryption Non-SGC SSL Certificates provide a minimum of 40-bit and up to 256-bit SSL encryption. Site visitors using certain older browsers and many Windows 2000 users will only receive 40- or 56-bit encryption unless they’re connecting to an SGC-enabled SSL Certificate"
  I found a document on net in favor of buying 40 bit certs.
  http://www.whichssl.com/myths_about_sgc.html
  Gilles I am a bit confused here.Need HELP :)

• Error while migrating users using CSSImportExportUtility

  Error while migrating users using CSSImportExportUtility
  I'm tring to export all user and group information from a Hyperion Shared Services 9.2.1 by using CSSExport.bat
  When there was only native directory in HSS, i can export these information successfully.
  But when I enabled NTLM external user authentication following error occurred:
  Exception in thread "main" java.lang.UnsatisfiedLinkError: getOSVersion
  at com.hyperion.css.spi.impl.ntlm.NTLMProvider.getOSVersion(Native Metho
  d)
  at com.hyperion.css.spi.impl.ntlm.NTLMProvider.<clinit>(Unknown Source)
  at com.hyperion.css.spi.impl.ntlm.NTLMConnectionClient.getUsers(Unknown
  Source)
  at com.hyperion.css.CSSAPIExtnImpl.getUsers(Unknown Source)
  at com.hyperion.css.CSSAPIImpl.getUsers(Unknown Source)
  at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
  at com.hyperion.css.exchange.NativeProviderManager.<init>(Unknown Source
  at com.hyperion.css.exchange.ImportExportManager.cssExport(Unknown Sourc
  e)
  at com.hyperion.css.exchange.CommandUtility.run(Unknown Source)
  at com.hyperion.css.exchange.CommandUtility.main(Unknown Source)
  I searched reference documents on the web, found this article: (http://download.oracle.com/docs/cd/E12825_01/epm.111/readme/mdm_111110_readme.html)
  Troubleshooting Tip: If HSS is configured for an NTLM provider, DRM services may not start due to error: "Exception Emdm_Exception with message 'Could not Initialize CSS. Error: 'getOSVersion'."
  You may receive the following error after clicking the "Enable CSS" button in DRM Console: “LoadLibrary("C:\Hyperion\Master Data Management\mdm_ntier_css_validator.dll") failed - The specified module could not be found.”
  To resolve both of these conditions, update the Windows System Path on the Data Relationship Management server with the applicable JRE and CSS pathing below.
  NOTE: Reboot the Data Relationship Management server machine after making any changes to the Windows Path.
  NOTE: Ensure that only one JRE version and one CSS version are referenced in the Windows Path.
  ? For HSS 9.3.1:
  %HYPERION_HOME%\common\JRE\Sun\1.5.0\bin;%HYPERION_HOME%\common\JRE\Sun\1.5.0\bin\client;%HYPERION_HOME%\common\CSS\9.3.1\bin;
  ? For HSS 9.3.0:
  %HYPERION_HOME%\common\JRE\Sun\1.5.0\bin;%HYPERION_HOME%\common\JRE\Sun\1.5.0\bin\client;%HYPERION_HOME%\common\CSS\9.3.0\bin;
  ? For HSS 9.2.0.3:
  %HYPERION_HOME%\common\JDK\Sun\1.4.2\jre\bin;%HYPERION_HOME%\common\JDK\Sun\1.4.2\jre\bin\client;%HYPERION_HOME%\common\CSS\9.2.0.3\bin;
  ? For HSS 9.2.0:
  %HYPERION_HOME%\common\JDK\Sun\1.4.2\jre\bin;%HYPERION_HOME%\common\JDK\Sun\1.4.2\jre\bin\client;%HYPERION_HOME%\common\CSS\9.2.0\bin;
  I found these is no directory "%HYPERION_HOME%\common\CSS\9.2.0\bin;" exists but "%HYPERION_HOME%\common\CSS\9.2.1\bin;"
  I configured PATH by setting to above, and tried CSSExport again, still failed.
  Than I disabled the NTLM is HSS, tried CSSExport again. It was successful.
  So I am convinced that the problem caused by NTLM or PATH environment variable or some files associated.
  Does anybody know the solution ?

  I recommend you upgrade at least to 10.1.0.5. 10.1.0.2 comes with the very first version of csalter.plb, which has not the current implementation. From and to which character set do you try to migrate?
  -- Sergiusz

• I am using a work laptop and have the same problem. When I try to change the "configure proxy", they only available option is "use this proxy server for all protocols". Could it be that my system administrator blocked me from changing it since they don'

  I am using a work laptop and have the same problem. When I try to change the "configure proxy", they only available option is "use this proxy server for all protocols". Could it be that my system administrator blocked me from changing it since they don't want us to use Firefox.
  == User Agent ==
  Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.4; FNGP_SYS)

  Start Firefox in [[Safe Mode]] to check if one of your add-ons is causing your problem (switch to the DEFAULT theme: Tools > Add-ons > Themes).
  See [[Troubleshooting extensions and themes]] and [[Troubleshooting plugins]]
  If it does work in Safe-mode then disable all your extensions and then try to find which is causing it by enabling one at a time until the problem reappears.
  You can use "Disable all add-ons" on the ''Safe mode'' start window.
  You have to close and restart Firefox after each change via "File > Exit" (on Mac: "Firefox > Quit")

• Routing issue with CSS 11503

  The senerio contains a PIX 515 E firewall,4507R Chassis switch and a CSS 11503. The servers in inside zone of the PIX is load balanced using a vip with default route specified in the CSS is the inside zone interface IP of the PIX
  Now I would like to load balance the servers in the DMZ zone of the PIX with a separate vip(from DMZ zone) in the same CSS. Since the default route in CSS is towards the inside zone of the PIX, I am unable to see the load blanced pages from dmz. Is there any solution to load balance the servers of the 2 zones with 2 different vip's using a single css ?

  The default behavior is to use the calling device's CSS for the redirected calls. In your case it sounds like you want to use the redirecting device's CSS. I haven't tried this myself but I believe you will need to change the following registry entry on your PGs. You will want to use option 2 (ROUTEADDRESS_SEARCH_SPACE).
  HKEY_LOCAL_MACHINE\SOFTWARE\Cisco
  Systems,Inc.\ICM\IPCCL\PG1B\PG\CurrentVersion\JGWS\jgw1\JGWData\Dynamic
  "UseRouteAddressSearchSpace"=dword:00000000
  - Used to control behavior on CTI Route Points for Route Selects.
  UseRouteAddressSearchSpace can be to set 0, 1, or 2 where :
  DEFAULT_SEARCH_SPACE = 0
  CALLINGADDRESS_SEARCH_SPACE = 1
  ROUTEADDRESS_SEARCH_SPACE = 2

• Error occurred while finding users using API with custom field

  Hi All,
  I am getting the following error while searching user using API with custom attribute. Did anybody faced the same problem before ?
  Hashtable<Object,Object> env = new Hashtable<Object,Object>();
  env.put("java.naming.factory.initial", "weblogic.jndi.WLInitialContextFactory");
  env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, "t3://localhost:14000");
  System.setProperty("java.security.auth.login.config","C:\\Oracle\\Middleware\\Oracle_IDM1\\designconsole\\config\\authwl.conf");
  System.setProperty("OIM.AppServerType", "wls");
  System.setProperty("APPSERVER_TYPE", "wls");
  tcUtilityFactory ioUtilityFactory = new tcUtilityFactory(env, "xelsysadm", "Weblogic123$");
  OIMClient client = new OIMClient(env);
  client.login("xelsysadm", "Weblogic123$".toCharArray());
  SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd");
  tcUserOperationsIntf moUserUtility = (tcUserOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcUserOperationsIntf");
  Hashtable mhSearchCriteria = new Hashtable();
  mhSearchCriteria.put("USR_UDF_ACTUALSTARTDATE",formatter.format(date));
  tcResultSet moResultSet = moUserUtility.findAllUsers(mhSearchCriteria);
  printTcResultSet(moResultSet,"abcd");
  log4j:WARN No appenders could be found for logger (org.springframework.jndi.JndiTemplate).
  log4j:WARN Please initialize the log4j system properly.
  Exception in thread "main" Thor.API.Exceptions.tcAPIException: Error occurred while finding users.
  at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
  at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
  at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
  at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl_1036_WLStub.findAllUsersx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
  at com.sun.proxy.$Proxy2.findAllUsersx(Unknown Source)
  at Thor.API.Operations.tcUserOperationsIntfDelegate.findAllUsers(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.security.Security.runAs(Security.java:41)
  at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
  at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
  at com.sun.proxy.$Proxy3.findAllUsers(Unknown Source)
  at oim.standalone.code.OIMAPIConnection.usersearch(OIMAPIConnection.java:209)
  at oim.standalone.code.OIMAPIConnection.main(OIMAPIConnection.java:342)
  Caused by: Thor.API.Exceptions.tcAPIException: Error occurred while finding users.
  at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.findAllUsers(tcUserOperationsBean.java:4604)
  at Thor.API.Operations.tcUserOperationsIntfEJB.findAllUsersx(Unknown Source)
  at sun.reflect.GeneratedMethodAccessor1614.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
  at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
  at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at com.sun.proxy.$Proxy347.findAllUsersx(Unknown Source)
  at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
  at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
  at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl.findAllUsersx(Unknown Source)
  at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl_WLSkel.invoke(Unknown Source)
  at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
  at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
  at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
  at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
  at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  Thank you

  Hi J,
  Thanks for the reply. But the code is working fine for OOTB attributes and  for 11g API i am getting permission exception
  Exception in thread "main" oracle.iam.platform.authz.exception.AccessDeniedException: You do not have permission to search the following user attributes: USR_UDF_ACTUALSTARTDATE.
  at oracle.iam.identity.usermgmt.impl.UserManagerImpl.search(UserManagerImpl.java:1465)
  at sun.reflect.GeneratedMethodAccessor1034.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at com.sun.proxy.$Proxy366.search(Unknown Source)
  at oracle.iam.identity.usermgmt.api.UserManagerEJB.searchx(Unknown Source)
  at sun.reflect.GeneratedMethodAccessor1449.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
  at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
  at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at com.sun.proxy.$Proxy365.searchx(Unknown Source)
  at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.__WL_invoke(Unknown Source)
  at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
  at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.searchx(Unknown Source)
  at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl_WLSkel.invoke(Unknown Source)
  at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
  at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
  at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
  at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
  at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  Caused by: oracle.iam.identity.exception.SearchAttributeAccessDeniedException: You do not have permission to search the following user attributes: USR_UDF_ACTUALSTARTDATE.
  at oracle.iam.identity.usermgmt.impl.UserManagerImpl.search(UserManagerImpl.java:1462)
  ... 44 more

• Unable to set session in Oracle Portal useing reverse proxy

  I have deployed a reverse proxy (using Oracle HTTP Server) in front of a Oracle Portal Install (version 10.1.2.0.2). The steps followed to set this up came from the following documents:
  Steps mentioned in Section 9.2 Configuring a Reverse Proxy for OracleAS Portal and OracleAS Single Sign-On for a reverse proxy on a Oracle HTTP Server.
  http://download-west.oracle.com/docs/cd/B14099_15/core.1012/b13998/variants.htm#ASTED005
  Also performed steps mentioned in -> Section 5.3.7 - Step 7: Enable Session Binding on OracleAS Web Cache of the Oracle® Application Server Portal Configuration Guide 10g Release 2 (10.1.2) -- B14037-03.
  My current (example names shown only)setup details are as follows:
  Reverse Proxy for SSO server (running on internal.oracle.com:7777): proxy.oracle.com:7777
  Reverse Proxy for Portal server (running on internal.oracle.com:7778): proxy.oracle.com:7778
  With the above steps completed, I can successfully use the http://proxy.oracle.com:7777/pls/orasso for login into SSO without any issues.
  Users get authenticated successfully.
  I can also use http://proxy.oracle.com:7778/pls/portal for viewing pages on the portal fine . All self referencing links have also been successfully modified to point to proxy.oracle.com:7778.
  However, an attempt to login in the portal is not successful. Clicking on the 'Login' link successfully redirects to the SSO login page (http://proxy.oracle.com:7777/<login-page>). However, after successful authentication, the success page fails to show up and the user gets shown the initial login portal home page again.
  There are no error messages shown on the screen.But it seems that user session is failing to be initiated/set correctly, as shown by the log file (in $PORTAL_ORACLE_HOME/j2ee/OC4J_Portal/application-deployments/portal/OC4J_Portal_default_island_1/application.log ):
  06/11/21 16:49:31 portal: [module=RepositoryServlet, ecid=83928411196,1] Repository Gateway: LWUser: PUBLIC, Cookie: oracle.uix=0^^GMT+10:00;
  portal=9.0.3+en-au+us+AUSTRALIA+22BC75924EEAD8A2E040007F010019F7+8DAC5E3559C95F5E0090A6F56FFA58192CB0F437CA57A9102A6394F1EB7FAB5DEE3BFA12C65
  91C0C009B6......
  06/11/21 16:49:31 portal: [module=RepositoryServlet, ecid=83928411196,1] ERROR: Repository Gateway error: Database Error: ORA=20001 ORA-20001:
  Unable to obtain session information from the cookie. Please close your browser and reconnect.
  ORA-06512: at "PORTAL.WPG_SESSION", line 149
  ORA-06512: at line 22
  Any help with this will be appreciated.
  Thanks.

  Hi Chris,
  The begin of the expection stack gives you the reason:
  06/11/03 09:13:59 java.sql.SQLException: The method 'setSavepoint' cant be called when a global transaction is active
  The reason is, that either the whole global transaction must be commited or rollbacked.
  I don't know your actual configuration, but between the methods begin() and commit()/rollback() of the UserTransaction instance, OC4J/OracleAS uses a global transaction (= XA transaction) in your configuration. The state of a global transactions is completely under the control of the application server and several restrictions must be considered. One of them is, that you can't use the method setSavePoint/. E.g. you can't also call the method setAutoCommit(true) in this state, or change the transaction isolation level via setTransactionIsolation(newLevel).
  This is NOT a limitation of the OC4J/OracleAS but is true for ALL application servers.
  P.S. I can successfully set savepoints and rollback to savepoints in weblogic 9.0This means, that WebLogic 9.0 doesn't use a global transaction in this case.
  Because I don't know your configurations (Oracle and WebLogic) I can't say, why the behave different in this situation.
  Best,
  Manfred

• Windows - Use system proxy settings not working as expected

  Hi everyone,
  I have a bit of an issue that I could use some help with. We currently have remote users that utilize an SSTP VPN connection to access our internal network. Once connected, those users are required to use an internal proxy server to connect to the Internet. The proxy server is Microsoft's TMG and utilized domain authentication.
  On our remote Windows clients we have their Internet Options configured to utilize a proxy as follows:
  Internet Options -> Connections -> LAN Settings -> No proxy configured at all
  Internet Options -> Connections -> Highlight SSTP Connection -> Settings
  Use a proxy server for this connection -> IP/Port of Proxy Server
  Firefox and Chrome are both configured to use system proxy settings.
  Here is my process to demonstrate the issues:
  Remote client workstation is rebooted.
  With the above configuration just after a reboot, a remote user that is not connected to the VPN can browse the Internet with Internet Explorer, Chrome, and Firefox. None of the browsers prompt for credentials.
  A remote VPN connection is then established.
  FF is opened and HTTP connections utilize the proxy server. However, HTTPS connections do not use the proxy server, but instead attempt to use the default gateway. FF does not prompt for credentials. FF is closed.
  Chrome is opened and can access both HTTP and HTTPS sites without issue. No credential prompt. Chrome is closed.
  IE is opened and can access both HTTP and HTTPS sites without issue. No credential prompt. IE is closed.
  Here's where it gets weirder...
  FF is then reopened. The VPN connection is still up. FF will prompt for credentials. Domain credentials are supplied and FF can now utilize the proxy for both HTTP and HTTPS connections. FF is closed.
  VPN is disconnected.
  FF is opened and cannot access the Internet as it is still trying to use the proxy server. FF is closed.
  IE is opened and can access the Internet. IE is closed.
  Chrome is opened and can access the Internet. Chrome is closed.
  FF is reopened and can now access the Internet. FF is closed.
  In summary, in the above scenario FF acts in an unexpected manner with regards to proxy usage when "use system proxy settings" is applied. However, Firefox begins acting as expected after IE is opened and closed. For example, connect to VPN, open IE, close IE, open FF, and everything works accordingly. Disconnect the VPN, open IE, close IE, open FF and everything works as expected.
  Any insight you can provide would be appreciated as it is affecting our FF users and the sooner we can achieve resolution the better. As a note, we've also worked through this issue with WPAD and proxy auto-detect. I've intentionally removed these from the equation to simplify troubleshooting.
  Thanks

  Quick update. Added to a previously filed bug. Looks like it's assigned now so maybe we'll see a fix for this soon.
  https://bugzilla.mozilla.org/show_bug.cgi?id=563169

• Purchase order replication – extended classic scenario using XML proxy via PI

  Hi Experts
  Question:
  In case of extended classic deployment is it possible to use XML proxy to
  transfer SRM purchase orders to ECC? As we know as of SRM 7.01 its via RFC
  whether SRM 7.02 onwards does SAP support XML for ECS too?
  Has
  anyone read about this in any of the SAP forums?
  Background: In our project, client have invested
  heavily on XI and XI monitoring and troubleshooting, integrated to SAP SOLMAN.
  And would like to opt for XML mode of transfer and reuse existing solution.
  This is the main reason we would like to be very clear in our understanding
  before we go back to client.
  We appreciate your time and support.
  Regards
  Prashanth

  Dear Rahul,
  Thanks for you input
  Let me give you an example of the behaviour:
  in PPOMA_BBP TOG assigned to user has : DQ with $1000 and upper percentage 5%.
  User orders a PO  with quantity=1000, price $100;
  No additional tolerances assigned in the PO itself
  User tries to enter confirmation with quantity 1001 (so qty variance converted to currency amount results in $100 over delivery) So the confirmation is under both the 5% and the $1000 limit.
  In that case I donu2019t receive an error message from the SRM, but the error message u201CBackend Purchase Order quantity exceeded by 1 EAu201D from ECC still prevents me from posting the Confirmation. And this is the problem I havenu2019t been able to solve so far.
  So I want the TOG tolerance to be used. And I am also happy with the absolute limit always having priority over percentage limit...
  But I am trying to find a way to get rid of the back end message (with assigning a tolerance to the PO itself as the will get rid of the absolute limit see my previous post.)
  Cheers
  Ulrike

• Sites keep asking for username and password and say "restricted". I've tried numerous fixes and am not using a proxy.

  Hi,
  I wonder if someone could help me please.
  I have an issue that extends across my browsers – Firefox and Internet Explorer (Firefox is default) and both are the latest version possible. My machine is fully patched (Win7 Pro x64 SP2).
  The issue is as shown below:
  'The site xxxx is requesting a user name and password. The site says: "restricted"’
  The happens for some (not all) sites and I have to click “cancel” twice to remove the dialogue box, and then the site appears and works normally for a little while. The box will come up again if I attempt to click any links within the same site. It’s incredibly annoying and has been frustrating me for the past month. Here’s what I have tried so far, but hasn’t resolved the issue:<br />
  <br />
  • Clearing Firefox cache/history manually (set to never remember anything)<br />
  • Tried checking/unchecking private browsing<br />
  • Made sure “accept 3rd party cookies” is enabled<br />
  • Tried all checkboxes for “no proxy”, “use system proxy” and “auto detect system proxy” etc<br />
  • Disabled all add-ons/extensions within Firefox and retried<br />
  • Performed the option to “Reset Firefox” to its default state from within “Troubleshooting”<br />
  • Completely uninstalled and re-installed Firefox (latest version)<br />
  • Went to the URL "about:config" and searched for the key "network.websocket.enabled" and switched it to "false".<br />
  • Went to the URL "about:config" and searched for the key "network.proxy.share_proxy_settings" and switched it to "false".<br />
  • Went to the URL "about:config" and searched for the key "network.automatic-ntlm-auth.allow-proxies" and switched it to "false".<br />
  • Run a full AV scan in safe mode (with latest definition files) using Avira Antivirus, Spybot Search & Destroy, MalwareBytes, Super Antispyware and performed full optimisations via Registry Mechanic, Tune-up Utilities 2013 and CC Cleaner (with CC Extender installed). No threats found.<br />
  None of the above has helped. The problem is only recent so I’m not entirely sure what’s changed.
  Does anyone have any ideas or suggestions? I seem to have exhausted my ability to diagnose the fault via the god of Google 
  Regards
  Malachor

  It is always best to avoid using such external cleaners as you can never be sure if they aren't corrupting files and it is usually not worth the trouble to repair damage if that is the case. A lot of the SQLite database files use a complicated table setup that can easily get corrupted.

• No tables listed when using a proxy connection in SQL Developer

  Hello, I'm trying to use a connection in SQL developer that uses the proxy connection to connect to another users tables. In the SQL worksheet area I can access the other users tables with no problems. And using SELECT COUNT(*) FROM USER_TABLES i get the count of the number to tables. But on the tables view on the left hand side of SQL developer no tables are listed. So the question is why do I not see any tables under the tables view? Is this a bug or is it working by design? Thanks

  To access other user's objects, use the Other Users node...
  K.

• How to use IE proxy with an applet and a socket ???

  Hello!
  I need to make an applet running with Internet Explorer.
  This applet uses socket and sends http request to a server (the server where the
  applet is).
  It's ok but it doesn't work when my IE uses a proxy.
  My question is: how my applet can makes a socket using the IE proxy ?
  My applet can be used by many users, so it has to work with or without proxy, and has
  no need no configuration.
  Thanks for your help.

  Check for the system environment variable for "ie.proxy" in your applet code, if it returns something then use the proxy server, if not then ignore it.
  However, as a rule of thumb unless your IE Security settings enable applets to access URLs, then it won't work. Next, speaking in general java - applets can only access resources (URLs) from the applet's originating server (i.e. the server where the applet exists).
  If IE uses a proxy, then your applet should automatically use it, unless as I metioned before, your IE Security does not allow permission for the applet to do so. Check Tools - Internet Options - Security - Java - Advanced options.

• Can lync client use internet proxy settings to proxy edge servers, if direct access is not reachable?

  Hi everybody I am trying to Login with my lync Client out of my organization. So I am using lync as a remote user. I am in another organization, and I am using their coporate lan wired and wireless, but I cannot Login to lync in my organization.
  I see that I cannot Access my edge Server on port 443 to authenticate directly, I know that Client in this organization use Internet Proxy to browse the Internet. they have a .pac in their ie Settings.
  my question is; can lync Client use Internet Proxy Settings to reach the Destination? I mean the Access edge on port 443?
  or it can use only Client direct Access to reach the edge Servers?
  I Think that the answer is that I use tcp protocol and not http, and maybe that is the reason why I cannot use the Internet Explorer Proxy Settings to reach the Access edge Servers, different maybe is the case I Need to reach the reverse Proxy for live Meetings.
  Hope my question is clear.
  Thanks

  Proxy settings are used to tell Internet Explorer the network address of an intermediary server (known as a proxy server) that is used between the browser and the Internet on some networks.
  Lync client doesn’t use Internet Proxy Setting. You need to access the Edge service directly.
  Lisa Zheng
  TechNet Community Support