Decode SAML Request or Response
I am attempting to write a function to decode a SAML request or response. I'm missing something and can't seem to find the issue. I thought the issue was the encoding on the GetString but varying between UTF8, ASCII or Unicode doesn't seem to return the
xml string I am expecting. Any suggestions.
function ConvertFromBase64{
param($EncodedText
Process{
if($EnCodedText.contains("%")){
$rawData = [System.Web.HttpUtility]::UrlDecode($EncodedText)
$samlData = [System.Convert]::FromBase64String($rawData)
else{
$samlData = [System.Convert]::FromBase64String($EncodedText)
[string] $DecodedText = [System.Text.Encoding]::UTF8.GetString($samlData)
$DecodedText
Thanks for the information. Unfortunately, that provides the same result I've been getting. I've had some other people I know try it and they get the same result. Below is the test I tried and the result.
function UrlDecode([string]$url) {
[Web.Httputility]::UrlDecode($url)
function FromBase64([string]$str) {
[text.encoding]::utf8.getstring([convert]::FromBase64String($str))
$text = "fZJNT%2BMwEIbvSPwHy%2Fd8tMvHympSdUGISuwS0cCBm%2BtMUwfbk%2FU4zfLvSVMq2Euv45n3fd7xzOb%2FrGE78KTRZXwSp5yBU1hpV2f8ubyLfvJ5fn42I2lNKxZd2Lon%2BNsBBTZMOhLjQ8Y77wRK0iSctEAiKLFa%2FH4Q0zgVrceACg1ny9uMy7rCdaM2%2Bs0BWrtppK2UAdeoVjW2ruq1bevGImcvR6zpHmtJ1MHSUZAuDKU0vY7Si2h6VU5%2BiMuJuLx65az4dPql3SHBKaz1oYnEfVkWUfG4KkeBna7A%2Fxm6M14j1gZihZazBRH4MODcoKPOgl%2BB32kFz08PGd%2BG0JJIkr7v46%2BhRCaEpod17DCRivYZCkmkd4N28B3wfNyrGKP5bws9DS6PKDz%2FMpsl36Tyz%2F%2Fax1jeFmi0emcLY7C%2F8SDD0Z7dobcynHbbV3QVbcZW0TlqQemNhoqzJD%2B4%2Fn8Yw7l8AA%3D%3D"
$Saml = UrlDecode $text
$Result = FromBase64 $Saml
$Result
I get.
}?MO?0►??H???|????jRuA?J?↕?????LS??8???IS*?K???}??????a;??e|↕???SXiWg????~?y~
~6#iM+▬]?'??☺♣6L:↕?C?;?♦J?$??@"(?Z?~►?8§?|
g????u?6??☺Z?i???☺?V5???m??"g/G??▲kI???Q?.♀?4???hzUN~?─??z??t???!?)?????}Y▬Q?*G
?????↓?3^#?♠b???♣◄?0????_??i♣?O☼↓??H????D&???u?0???↓
I?w?v?↔?|?↑??o♂=.?(<?2?%??????X?▬h?zg♂c??? ????2?v?Wt§m?V?9jA???$???⌂↑ù|
Similar Messages
-
Hello,
I have some sp which is using saml 2.0 as sign-in protocol. Since I want to know which reply party user come form, I enable auditing in ADFS. After that, I can get the get the user query string in EVENT ID 403( Do I look at the correct EVENT?).
But unlike WF-Fed which can easy get reply party identity id in the query, the query string in SAML is complex:
?SAMLRequest=nVLLbtswEPwVgXdJlBXZEWEbcGMEMZCmRuz20EuxFtc1AT5U7ipp%2F7603AJJDz70xOXsznA42DmBs71aDXzyz%2FhjQOLsp7Oe1NhYiCF6FYAMKQ8OSXGndquPj2pSSNXHwKELVryhXGcAEUY2wYtss16Ib41uusnt4dCCbm6m02om20M7a1G22LX1saqmNdbyRkIjsi8YKTEXIgklOtGAG08MnhMkqyaXdS7bvZypplKT268iW6ffGA88sk7MPamyBH2kWuNLoYMD44tUjlhpqRTZ6q%2FBu%2BBpcBh3GF9Mh5%2BfH99L8Kj9vRgcdIULJRnXWzwnULqgB4tFf%2BrL8U6Xc5JDRyOq8QiD5Zx6kW3%2FZPjBeJ30rsd3uAyRetjvt%2Fn2024vlvOzthrjiMv%2Fd%2BiQQQPDPwbn5Vv5%2BWVbnpKxzXobrOl%2BZfchOuDrvs%2BI0flxHFUcwZNBzylua8PrXURgXAiOA4pyeXny%2FU4ufwM%3D&RelayState=https%3A%2F%2Fadfstesting.umac.mo%2Fsimplesaml%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3Ddefault-sp
How can I covert this SAML request to plaintext? Since all the ADFS log will be stored in Splunk, is it possible to convert them automatically?
Thank you.Hello,
Thank you for reply.
I find a strange problem. Sine the query contain a lot of %2, %3 in query, This value will be replaced by the client id and Time.
For example:
?SAMLRequest=nVJNj9MwEP0rke9J3KS7Sq22UtkKUWmBals4cEFTe0It%2BSN4xgv8e9IUpF0OPXDy%2BM285%2BenWRJ4N6hN5nN4wu8ZiYuf3gVSU2MlcgoqAllSATySYq0Om%2FePqqmkGlLkqKMTLyi3GUCEiW0MothtV%2BLrnblf6Dm0Rjcn3Xe6PXXNqWsX2HXYtF0r5%2FdzLRcz6EXxGRONzJUYhUY6UcZdIIbAIyRnd6Vsy5k8yoWSMyXlF1Fsx9%2FYADyxzswDqboG01Nr8Lky0YMN1VhOWO2oFsXmr8GHGCh7TAdMz1bjp6fH1xI8aX%2Brsgdd%2BViT9YPDSwK1jyY7rIbzUE93up5NCZom1GAP2XFJgyj2fzJ8Y4MZ9W7Hd7oOkXp3PO7L%2FcfDUayXF201xZHW%2F%2B%2FQI4MBhn8MLuuX8svrtnwYje22%2B%2Bis%2FlW8jckD3%2FZ9Qawp%2B2lUcYJAFgOPcTsXfzwkBMaV4JRR1Ovrk693cv0b&RelayState=https%3A%2F%2Fadfstesting.umac.mo%2Fsimplesaml%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3Ddefault-sp
will be become
?SAMLRequest=nVJNj9MwEP0rke9J3KS7Sq22UtkKUWmBals4cEFTe0It2015-03-10 09:00:23BSN4xgv8e9IUpF0OPXDy2015-03-10 09:00:23BM2852015-03-10 09:00:23BenWRJ4N6hN5nN4wu8ZiYuf3gVSU2MlcgoqAllSATySYq0Om2015-03-10 09:00:23FePqqmkGlLkqKMTLyi3GUCEiW0MothtV2015-03-10
09:00:23BLrnblf6Dm0Rjcn3Xe6PXXNqWsX2HXYtF0r52015-03-10 09:00:23FdzLRcz6EXxGRONzJUYhUY6UcZdIIbAIyRnd6Vsy5k8yoWSMyXlF1Fsx92015-03-10 09:00:23FYADyxzswDqboG01Nr8Lky0YMN1VhOWO2oFsXmr8GHGCh7TAdMz1bjp6fH1xI8aX2015-03-10 09:00:23Brsgdd2015-03-10 09:00:23BViT9YPDSwK1jyY7rIbzUE93up5NCZom1GAP2XFJgyj2fzJ8Y4MZ9W7Hd7oOkXp3PO7L2015-03-10
09:00:23FcfDUayXF201xZHW2015-03-10 09:00:23F2015-03-10 09:00:23B2015-03-10 09:00:23FQI4MBhn8MLuuX8svrtnwYje222015-03-10 09:00:23B2015-03-10 09:00:23Bis2015-03-10 09:00:23FlW8jckD32015-03-10 09:00:23FZ9Qawp2015-03-10 09:00:23B2lUcYJAFgOPcTsXfzwkBMaV4JRR1Ovrk693cv0b&RelayState=https10.10.129.74A2015-03-10
09:00:23F2015-03-10 09:00:23Fadfstesting.umac.mo2015-03-10 09:00:23Fsimplesaml2015-03-10 09:00:23Fmodule.php2015-03-10 09:00:23Fcore2015-03-10 09:00:23Fauthenticate.php10.10.129.74Fas10.10.129.74Ddefault-sp
How to solve this ? -
How to find a concurrent request's responsibility of the FND user
How to find a concurrent request's responsibility of the OA user who submitted?
For example, I have a concurrent request id: 123, I know user A submitted,
I want to know user A's Responsibility when submitting the request id: 123.
ThanksHi,
I'm not sure about this, but can you check whether FND_CONCURRENT_REQUESTS.RESPONSIBILITY_ID provides you with the RESPONSIBILITY_ID of the user from which the request is triggered ? If yes, joining this with FND_RESPONSIBILITY_VL.RESPONSIBILITY_NAME can give you the name of the executing responsibility.
Regards,
Rakesh. -
Use Sign.xml and Encrypt.xml for both request AND response within WSDL?
Hi,
ALSB: 2.6
I was wandering if it's possible to use abstract outof the box WS-Policy file within WSDL file to specify encryption
(Encrypt.xml) and digital signature(Sign.xml) with X509 for both request and response???
So far, it only works for either request or response BUT not both. i.e. within WSDL file
<!-- following WSDL works for encrypting and signing request with X509 in test console -->.....
<wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
<wsdl:operation name="Message">
<soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
<wsdl:input>
<!-- WS-Policy file applied here -->
<wsp:Policy>
<wsp:PolicyReference URI="policy:Sign.xml"/>
<wsp:PolicyReference URI="policy:Encrypt.xml"/>
</wsp:Policy>
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
Or
<!-- following WSDL works for encrypting and signing response with X509 in test console -->
<wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
<wsdl:operation name="Message">
<soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
<wsdl:input>
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<!-- WS-Policy file applied here -->
<wsp:Policy>
<wsp:PolicyReference URI="policy:Sign.xml"/>
<wsp:PolicyReference URI="policy:Encrypt.xml"/>
</wsp:Policy>
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
But not both
<!-- following WSDL doesn't work for encrypting and signing both response and request with X509 in test console -->
<wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
<wsdl:operation name="Message">
<soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
<wsdl:input>
<!-- WS-Policy file applied here -->
<wsp:Policy>
<wsp:PolicyReference URI="policy:Sign.xml"/>
<wsp:PolicyReference URI="policy:Encrypt.xml"/>
</wsp:Policy>
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<!-- WS-Policy file applied here -->
<wsp:Policy>
<wsp:PolicyReference URI="policy:Sign.xml"/>
<wsp:PolicyReference URI="policy:Encrypt.xml"/>
</wsp:Policy>
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
... Instead, I got error message like
<15/01/2008 10:15:04 AM NZDT> <Error> <ALSB Security> <BEA-387023> <An error ocurred during web service security inbound response processing [error-code: Fault
, message-id: 3917705281899426819-4368b1eb.117762cff6e.-7fdb, proxy: DexServiceX509-Stub/Proxy Services/DexServiceX509-ProxyService, operation: Message]
--- Error message:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server</faultcode>
<faultstring>Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</faultstring></soapenv:Fa
ult></soapenv:Body></soapenv:Envelope>
weblogic.xml.crypto.wss.WSSecurityException: Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#
X509v3
at weblogic.xml.crypto.wss.SecurityBuilderImpl.addEncryption(SecurityBuilderImpl.java:308)
at weblogic.wsee.security.wss.SecurityPolicyDriver.processConfidentiality(SecurityPolicyDriver.java:280)
at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:75)
at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:64)
at weblogic.wsee.security.WssServerHandler.processOutbound(WssServerHandler.java:86)
Truncated. see log file for complete stacktrace
>
<15/01/2008 10:15:24 AM NZDT> <Error> <com.bea.weblogic.kernel> <000000> <Failed to build CertPath
java.security.cert.CertPathBuilderException: [Security:090603]The certificate chain is invalid because it could not be completed. The trusted CAs did not inclu
de CN=x509,OU=x509,O=x509,L=Wellington,ST=Wellington,C=NZ.
at weblogic.security.providers.pk.WebLogicCertPathProviderRuntimeImpl$JDKCertPathBuilder.engineBuild(WebLogicCertPathProviderRuntimeImpl.java:669)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at com.bea.common.security.internal.legacy.service.CertPathBuilderImpl$CertPathBuilderProviderImpl.build(CertPathBuilderImpl.java:67)
at com.bea.common.security.internal.service.CertPathBuilderServiceImpl.build(CertPathBuilderServiceImpl.java:86)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
Truncated. see log file for complete stacktrace
>
<15/01/2008 10:15:24 AM NZDT> <Error> <ALSB Security> <BEA-387022> <An error ocurred during web service security inbound request processing [error-code: Fault,
message-id: 3917705281899426819-4368b1eb.117762cff6e.-7fd8, proxy: DexServiceX509-Stub/Proxy Services/DexServiceX509-ProxyService, operation: null]
--- Error message:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><soapenv:Fault xmlns:wsse="http://docs.oasis-open.or
g/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:InvalidSecurityToken</faultcode><faultstring>Security token failed to validate. weblo
gic.xml.crypto.wss.SecurityTokenValidateResult@3c5347b[status: false][msg [
Version: V1
Subject: CN=x509, OU=x509, O=x509, L=Wellington, ST=Wellington, C=NZ
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: 13052787793731294943682394984664645854838424340012907077330623....
The 'System Error Handler' from 'Invocation Trace' in ALSB test console is something like
[pre]
$fault:
<con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-386201</con:errorCode>
<con:reason>
A web service security fault
occurred[{http://schemas.xmlsoap.org/soap/envelope/}Server][Failed
to get token for tokenType:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3]
</con:reason>
<con:details>
<err:WebServiceSecurityFault
xmlns:err="http://www.bea.com/wli/sb/errors">
<err:faultcode
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
soapenv:Server
</err:faultcode>
<err:faultstring>
Failed to get token for tokenType:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
</err:faultstring>
</err:WebServiceSecurityFault>
</con:details>
<con:location>
<con:path>response-pipeline</con:path>
</con:location>
</con:fault>
So is this a feature not supported in ALSB 2.6 yet or am I missing something dead simple?
Thanks in advance
SamInstead of specifying policies for input and output separately you could place the policy reference only once in the operation element. Maybe will this solve your problem...
http://e-docs.bea.com/alsb/docs26/security/ws_policy.html#wp1061166 -
Hi All,
JDBC(Sender)-XI-RFC (Request)
RFC (Response)-XI-JDBC(Receiver).
Need some solution for sending email for successfully completion of scenario after updating SQL DB Table.
Let me explain the scenario:
We are pooling the SQL DB table to pull the records and map the records to RFC request parameters, after successful Posting the entries in R3 HR, RFC response contain the same with E (Error) S (Success) records status, we are updating the same in SQL DB table, I implemented the complete scenario without BPM with the help of module processor in Sending JDBC Adapter, scenario is working fine but now we have to send the successful mail to our support team with status contain Number of success, Error and total records as email.
I need the solution how to implement the same requirement in current scenario.
Is their way to do something with the RFC receiver adapter module addition to send the successful mail or generating Alert with all the description?
I am at PI 7.0 SP12 with HP unix box.
Thanks in Advance for creative idea
With Regards
SunilHi Bhavesh,
Thanks for your help and your blog is really helpful. I implemented the UDF for generating Email Alert but this alert is generating before Updating the SQL Database, is their any way to generate alert after updating the SQL.
Actually in my scenario we are sending the data from SQL to R3 by RFC and again updating the SQL status whatever the RFC return, after successfully updating SQL we need to send success email to support people but if we are sending the email before updating the DB then their will be problem.
JDBC receiver after updating the SQL DB returns the response with No. of row updated but how to capture this response, if we can capture this response then we can send email through email adapter even their is one more problem, In my scenario I am counting the number of rows with status S and E and sending the same in alert email but if are sending email after updating the SQL DB where can hold the row count value and use it while sending the email.
Implemented the scenario without using BPM..i am using sender JDBC module processor for Syn-Asyn bridge.
Even I do not find the link to reward point. Please let me know how to do it.
With Regards
Sunil -
Dear Experts,
Please any one can help me i am getting one security issue.Some third party tools using and hacking the Request and Response of the Server.That time there taking one successfully Request (GET http://1.1 302 found) and Response (http://1.1 200 ok).In this request based on again there giving some invalidate credential in that time server giving request replacing for success fully Request that time there login in to portal successfully(Bypassing).In this Request level only getting the information for URL and set-cookies only.Here any process is there to restrict the set cookies.like JSESSIONMARKID and JSESSIONID SAP_LB.
We are using 7.0 Version and SP 12. Please share you are solutions because of this is very high problem here.
Thanks for Advance
Thanks and regrades,
Durga Rao.Dear Samuli,
Thanks for the Replay,
We are using HTTPS and SSL confined but man in the middle types of attack is happening here there using one tool based one there taking the Request and Response.The below given cookie are available in that request.
According to this , set-cookie: JSESSIONMARKID , JSESSIONID and MYSAPSSO2 values are user login time it will change every time are not.
After capturing above response HTTP/1.1 302 etc , when user gives valid credentials and logs in ,
and now ill give wrong password and wrong user id and on click of log on button, i can intercept the request and response coming from the server and when i replace this valid response stil i am able to loggin in to the portal , which should not happen as JESSIONMARKID is changed , server should not allow , but it is loggin in.Standard Login page also allowing to login in this case.
My server version is EP 7.0 SP 12.
Please suggest a solution so that if we restric the hacker at this stage , no matter he can never hijack the sesiona and login with invalid username and password.
Thanks for Advance
Thanks and regrades,
Durga Rao. -
SOAP request and response message
Hi,everyone:
I am working on one jaxrpc project.
I would like to get a concrete SOAP request and response message.
Do somebody know how and where i can get these two message?
thanks in advance
Hui
[email protected]I am also interested in the sample. Please post, any examples, I just finished the tutorial looking for further resources too.
R -
Implementation of one request, multiple responses bpel processes
Need info on how to build a one request, multiple responses bpel processes. The following URL discusses the link
http://download.oracle.com/docs/cd/E14571_01/integration.1111/e10224/bp_interact.htm#SOASE534
Book: Oracle® Fusion Middleware Developer's Guide for Oracle SOA Suite 11g Release 1 (11.1.1)
Chapter 5: Introduction to Interaction Patterns in a BPEL Process (section 5.6).
Are two projects required? is one a partner link to the other?
There are several different types of links discussed but minimal/no discussion on their implementation.
Thanks for the help - CaseyHi,
the BPEL forum is here: BPEL
Frank -
Need StackTrace For Single request till Response
As we all know in Jdevloper if we want to see the StackTrace we need to put a dubug point and then we can see the StackTrace for that request.
but i need a StackTrace for Every single HTTP Request till Response that means no need to put break point.
is there any facility in Jdeveloper so that we can Track this. if not
Can we develop a Extension for this???
Needed Help How to do that?
Thanks
VinodJust an idea: you implement your own HttpRequest class where you print a stack trace at the point you like without the need of a breakpoint.
Timo -
Hi,
I was told that there is a limit for the request and response object sizes and crossing them will throw IllegalStateException. Could some one explain whether this is true and what is the maximum size of the object allowed?
Thanks,
DesAs far as I know no such limit is defined by the API. There will always be a limit due to implementation and underlying architecture. Which particular implementation of request/response are you concerned about?
-
Parsing from Request to response interface using UDF
Hi,
Need your assistance on a scenario.
1. User searches for a Business Partner ID.
2. We have the Request and Response Interface. The Business Partner ID exists on the Request interface however not on the Response interface.
3. The requirement is that the Business Partner ID needs to be returned on the response interface.
Uisng standard CRM interfaces: BusinessPartnerCRMElementsByElementsQuery_sync
Is there a way using user defined functions to parse the Business Partner ID from the Request Interface to the Response interface?
Kind Regards
R> Is there a way using user defined functions to parse the Business Partner ID from the Request Interface to the Response interface?
No, this is not possible. You have no access to request message when you do mapping for response message. -
How to retrieve SOAP Original Header from request and response
Hi,
Does anyone know how to retrieve SOAP original header from SOAP request and response? I surfed but I'm able to see only the retrieval of SOAP custom headers via BPM mediator. Can anyone please help me regarding this? Also Please tell me how to check the headers in the Enterprise Manager.HI Chandra,
Thanks for your suggestions.
But i think in my case we do not want to get the complete list. We still want to get only 100 items initially and then if the user would scroll down he/she would see more items. But we already need to know the total number of items for the purpose of showing a message to the user. For e.g. Total issues (515), but the table would initially show only 100 and then another 100 after scroll. So setting the size litmit to max would not help.
And to be able to use the $count you mentioned, we have to still make another oData service call which we do not want.
But as i mentioned there is already a property named "__count" in the response of the bindItems() method call and i see that it has correct count but not sure how to retrieve it inside the controller. Thanks.
Regards,
Ashish -
Associating SOAP Request with Response in Handlers
Hi,
In the handler framework, there are handleRequest(MessageContext) and handleResponse(MessageContext) methods, which allow processing of the SOAP Request and Response envelopes, respectively.
Is there a way to know which request belongs to which response?
I would like to log these request and response envelopes together.
Thanks,
Puny SenHi,
I guess you could create a property in the MessageContext while processing the request to keep a message id, and then access the same property in the response.
Best regards,
Miguel Pardal -
Can someone explain what this message is, and what the reason could be for
the java.lang.IllegalStateException.
When such an error is encountered, how can I find out what the
"RepliesOwedMe" are. The complete exception is as follows
Any quick hint is greately appriciated
Thanks
asankha
<Sep 6, 2001 12:49:18 PM GMT+06:00> <Error> <EJB> <Exception during commit
of transaction transactio
n=(IdHash=8297169,Name = [EJB
CActionBeanImpl.execute()],Xid=3:c56b8ee8f6114598,Status=Active,numRep
liesOwedMe=2,numRepliesOwedOthers=0,seconds since begin=0,seconds
left=29,ServerResourceInfo[weblogi
c.jdbc.jts.Connection]=(state=suspended,assigned=none),SCInfo[myserver]=(sta
te=active),properties=({
weblogic.transaction.name=[EJB CActionBeanImpl.execute()],
weblogic.jdbc=t3://10.2.1.133:7001, weblo
gic.debug.DebugContext=weblogic.utils.DebugContext@662250})):
java.lang.IllegalStateException: Commi
t can be issued only when there are no requests awaiting responses.
Currently there are 2 such reque
sts. xid = 3:c56b8ee8f6114598, status = Active
at
weblogic.transaction.internal.TransactionImpl.throwIllegalStateException(Tra
nsactionImpl.
java:1272)
at
weblogic.transaction.internal.TransactionImpl.checkIfCommitPossible(Transact
ionImpl.java:
1206)
at
weblogic.transaction.internal.ServerTransactionImpl.commit(ServerTransaction
Impl.java:162
at
weblogic.ejb20.internal.BaseEJBObject.postInvoke(BaseEJBObject.java:201)
at
com.edocs.wb.web.action.CActionBeanEOImpl.execute(CActionBeanEOImpl.java:37)
at CeaMarketMainServlet.doGet(CeaMarketMainServlet.java:185)
at CeaMarketMainServlet.doPost(CeaMarketMainServlet.java:312)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:213)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:12
65)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:1631)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
>
This means that the transaction initiator has not received replies for some of
the transactional requests when the transaction commits, i.e. the checked transaction
behavior is violated. WLS TM enforces checked transaction behavior to make sure
that all work done in the transaction context will be completed before transaction
is committed. If it cannot make such guarantee due to outstanding replies, it
aborts the commit right away.
Currently, there is no provisions for dumping the requests whose replies are still
pending.
I would suggest you report to BEA support: [email protected]
Regards,
Priscilla
"Asankha C. Perera" <[email protected]> wrote:
>Can someone explain what this message is, and what the reason could be
>for
>the java.lang.IllegalStateException.
>
>When such an error is encountered, how can I find out what the
>"RepliesOwedMe" are. The complete exception is as follows
>
>Any quick hint is greately appriciated
>Thanks
>asankha
>
><Sep 6, 2001 12:49:18 PM GMT+06:00> <Error> <EJB> <Exception during commit
>of transaction transactio
>n=(IdHash=8297169,Name = [EJB
>CActionBeanImpl.execute()],Xid=3:c56b8ee8f6114598,Status=Active,numRep
>liesOwedMe=2,numRepliesOwedOthers=0,seconds since begin=0,seconds
>left=29,ServerResourceInfo[weblogi
>c.jdbc.jts.Connection]=(state=suspended,assigned=none),SCInfo[myserver]=(sta
>te=active),properties=({
>weblogic.transaction.name=[EJB CActionBeanImpl.execute()],
>weblogic.jdbc=t3://10.2.1.133:7001, weblo
>gic.debug.DebugContext=weblogic.utils.DebugContext@662250})):
>java.lang.IllegalStateException: Commi
>t can be issued only when there are no requests awaiting responses.
>Currently there are 2 such reque
>sts. xid = 3:c56b8ee8f6114598, status = Active
> at
>weblogic.transaction.internal.TransactionImpl.throwIllegalStateException(Tra
>nsactionImpl.
>java:1272)
> at
>weblogic.transaction.internal.TransactionImpl.checkIfCommitPossible(Transact
>ionImpl.java:
>1206)
> at
>weblogic.transaction.internal.ServerTransactionImpl.commit(ServerTransaction
>Impl.java:162
>)
> at
>weblogic.ejb20.internal.BaseEJBObject.postInvoke(BaseEJBObject.java:201)
> at
>com.edocs.wb.web.action.CActionBeanEOImpl.execute(CActionBeanEOImpl.java:37)
> at CeaMarketMainServlet.doGet(CeaMarketMainServlet.java:185)
> at CeaMarketMainServlet.doPost(CeaMarketMainServlet.java:312)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> at
>weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
>:213)
> at
>weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
>ntext.java:12
>65)
> at
>weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
>:1631)
> at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
> at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
>>
>
>
-
Decode ASN.1/BER response from PasswordPolicyResponse (openldap)
By using a connection request control (PasswordPolicyControl) I manage to get a response from OpenLDAPs password policy (OID: 1.3.6.1.4.1.42.2.27.8.5.1).
The response is encoded by ASN.1/BER and is probably (?) following the draft-behera-ldap-password-policy-09.txt (http://www.ietf.org/internet-drafts/draft-behera-ldap-password-policy-09.txt) page 20.
Is there anybody out there who has already written a BERdecoder that works with OpenLDAPs passwordpolicyresponse? I tried using the code written for the IBM tivoli server (http://www-128.ibm.com/developerworks/tivoli/library/t-ldap-controls/), but I couldn't get the decoding correct.
Thanks in advance.
J�rgen L�kkefew posts from openldap.org to help explain some potenial problems with password policy:
http://www.openldap.org/lists/openldap-software/200606/msg00220.html
http://www.openldap.org/lists/openldap-software/200606/msg00287.html
versions prior to 2.3.22 that supported ppolicy have PasswordPolicyResponseControl tag value of 0xA1 and not 0xA0.. so you need 2.3.22+
Tried to use Netscape library class JDAPBERTagDecoder, but it didn't handle tag 0x81
http://www.koders.com/java/fid5DD86A39A82ED753BAEC53E84A001BE4D6C6ADF5.aspx?s=JdapBERTagDecoder
so slightly modified a version of it...
and handled case..
case 0x81: /* Context Specific <Construct> [0]:
* v3 Server Control.
* SEQUENCE of SEQUENCE of {OID [critical] [value]}
* THIS IS ERROR FROM PASSWORD CONTROL
element = new BERInteger(stream, bytesRead);
implicit[0] = true;
break;..
more of that file..
public class OpenLdapBERTagDecoder extends BERTagDecoder
public BERElement getElement (BERTagDecoder decoder, int tag, InputStream stream, int[] bytesRead,
boolean[] implicit) throws IOException
BERElement element = null;
switch (tag) {
case 0x60: /* [APPLICATION 0] For Bind Request */
case 0x61: /* [APPLICATION 1] Bind Response */
case 0x63: /* [APPLICATION 3] Search Request
* If doing search without bind first,
* x500.arc.nasa.gov returns tag [APPLICATION 3]
* in Search Response. Gee.
case 0x64: /* [APPLICATION 4] Search Response */
case 0x65: /* [APPLICATION 5] Search Result */
case 0x67: /* [APPLICATION 7] Modify Response */
case 0x69: /* [APPLICATION 9] Add Response */
case 0x6a: /* [APPLICATION 10] Del Request */
case 0x6b: /* [APPLICATION 11] Del Response */
case 0x6d: /* [APPLICATION 13] ModifyRDN Response */
case 0x6f: /* [APPLICATION 15] Compare Response */
case 0x78: /* [APPLICATION 23] Extended Response */
case 0x73: /* [APPLICATION 19] SearchResultReference */
element = new BERSequence(decoder, stream, bytesRead);
implicit[0] = true;
break;
case 0x80: /* [APPLICATION 16] 64+16 */
element = new BERInteger(stream, bytesRead);
implicit[0] = true;
break;
/* 16/02/97 MS specific */
case 0x85: /* Context Specific [5]:
* (a) Handle Microsoft v3 referral bugs! (Response)
* (b) Handle Microsoft v3 supportedVersion in Bind
* response
element = new BERInteger(stream, bytesRead);
implicit[0] = true;
break;
case 0x87: /* Context Specific [7]:
* Handle Microsoft Filter "present" in
* search request.
element = new BEROctetString(decoder, stream, bytesRead);
implicit[0] = true;
break;
case 0x8a: /* Context Specific [10]:
* Handle extended response
element = new BEROctetString(decoder, stream, bytesRead);
implicit[0] = true;
break;
case 0x8b: /* Context Specific [11]:
* Handle extended response
element = new BEROctetString(decoder, stream, bytesRead);
implicit[0] = true;
break;
case 0xa3: /* Context Specific <Construct> [3]:
* Handle Microsoft v3 sasl bind request
element = new BERSequence(decoder, stream, bytesRead);
implicit[0] = true;
break;
case 0xa7: /* Context Specific <Construct> [7]:
* Handle Microsoft v3 serverCred in
* bind response. MS encodes it as SEQUENCE OF
* while it should be CHOICE OF.
element = new BERSequence(decoder, stream, bytesRead);
implicit[0] = true;
break;
case 0xa0: /* Context Specific <Construct> [0]:
* v3 Server Control.
* SEQUENCE of SEQUENCE of {OID [critical] [value]}
* THIS IS WARNING FROM PASSWORD CONTROL
element = new BERSequence(decoder, stream, bytesRead);
implicit[0] = true;
break;
case 0x81: /* Context Specific <Construct> [0]:
* v3 Server Control.
* SEQUENCE of SEQUENCE of {OID [critical] [value]}
* THIS IS ERROR FROM PASSWORD CONTROL
element = new BERInteger(stream, bytesRead);
implicit[0] = true;
break;
case 0xa1: /* Context Specific <Construct> [0]:
* v3 Server Control.
* SEQUENCE of SEQUENCE of {OID [critical] [value]}
element = new BERSequence(decoder, stream, bytesRead);
implicit[0] = true;
break;
default:
throw new IOException("Tag ID not recognised "+Integer.toHexString(tag));
return element;
}had to slightly modify examples from
http://www-128.ibm.com/developerworks/tivoli/library/t-ldap-controls/ to get openldap working
public Control getControlInstance (Control ctl)
Control result = null;
if (ctl.getID().equals( PasswordPolicyControl.OID ))
try
final PasswordPolicyResponseControl rctl = new PasswordPolicyResponseControl();
if (ctl.getEncodedValue() != null)
rctl.setEncodedValue( ctl.getEncodedValue() );
ByteArrayInputStream inStream = new ByteArrayInputStream( ctl.getEncodedValue() );
OpenLdapBERTagDecoder decoder = new OpenLdapBERTagDecoder();
int[] nRead = new int[1];
nRead[0] = 0;
/* A Sequence */
BERSequence aSeq = (BERSequence) BERElement.getElement(decoder,inStream,nRead);
for (int i = 0; i < aSeq.size(); i++)
handleSequenceElement( aSeq.elementAt( i ), rctl );
result = rctl;
catch (IOException e)
LOG.info( e );
return result;
protected void handleSequenceElement (BERElement element, PasswordPolicyResponseControl target)
final BERTag tag = (BERTag) element;
// warning -- Haven't checked warning code - but suspect it mightn't work!!!!
if ((tag.getTag() ^ BERTag.CONTEXT) == 0)
BERSequence sequence = (BERSequence) tag.getValue();
final BERTag elem = (BERTag) sequence.elementAt( 0 );
sequence = (BERSequence) elem.getValue();
final BERInteger intValue = (BERInteger) sequence.elementAt( 0 );
if ((elem.getTag() ^ BERTag.CONTEXT) == 0)
target.setTimeBeforeExpiration( intValue.getValue() );
if ((elem.getTag() ^ BERTag.CONTEXT) == 1)
target.setGraceLoginsRemaining( intValue.getValue() );
// error - THIS WORKS see openldap.org link above
if ((tag.getTag() ^ BERTag.CONTEXT) == 1)
//final BERSequence sequence = (BERSequence) tag.getValue();
//final BEREnumerated berEnum = (BEREnumerated) sequence.elementAt( 0 );
//target.setErrorCode( berEnum.getValue() );
final BERInteger berInteger = (BERInteger) tag.getValue();
target.setErrorCode( berInteger.getValue() );
}
Maybe you are looking for
-
Error in SDM while deploying EAR file
Hi all, We are getting an error in SDM tool while deploying EAR file. =========================================================================== Deployment started Fri Nov 28 14:11:01 CET 2008 ========================================================
-
ENVY 20-d030 - Win 8.1 - Hard Drive Failure - Replacement Options
Subject computer, only about 3 months out of its 1-year warranty, came up with a failed hard drive. I tried internal Recovery - no luck, then Recovery Disks - now getting message, "ERROR: No boot disk has been detected or the disk has failed." This
-
Hey everybody. As of late my Mom has been having some trouble with her older MacBook (older as in 2006). Her built in memory is 60 GB, but lately she's been getting error messages saying her start-up disk is too full. I checked, and she has just over
-
Link from a JSP to another flow in portlet
I'm trying to create a link in a flow portlet, from a JSP page to another flow. I can't use <netui:anchor action="[action name]">, because I want to jump to another controller. I've tried <netui:anchor href="/[another controller package]/[action in a
-
Powering laptop on International travel
Hello, I just bought a new Macbook & I wanted to know what do I need to get power or charge the battery during the flight. I will be flying on AA MD-80 (DC power ports) and on Cathay Pacific 747 (AC or EMpower) according to seatguru.com Thanks for an