DES3 encryptation bug

Similar Messages

• Why won't apple acknowledge and fix the IOS 5 update encryption bug?

  When updating to IOS5 and saving a backup, if you intentionally do not encrypt the backup, the software will do it for you against your will without letting you know.  The source for the assigned against your will and knowledge password for that backup isn't clear and many people never figure out what it is.  Clearly a lot of people on line and multiple people I know have come across this bug in updating their IOS to version 5 and many have lost everything on their IPADs and IPhones.  Losing one's backup of irreplaceable pictures and files etc.... is just a major loss and I spent hours on the phone with a service agent who verified it is a frequent problem but that there is no acknowledgement of it. 
  Why is this still happening and why isn't the bug fixed considering that it is so devastating for users who can't figure out the assigned password.  It happened to me months ago, it happened to my brother 2 weeks ago and to the wife of an office mate of mine yesterday.  Trying every password ever known to you doesn't always work.
  I'm seriously for the first time in my entire 20 years of exclusively owning Apple computer products thinking about switching to an Android instead.  Apple has failed me here and without effort to curb the problem with a fix, (this has been posted previously on this support community website by others for months now) it seems endemic of front door salesmanship without concern for the customer coming back for help with the product.  I give Apple it's first F.
  How can I restore from an encrypted backup I didn't encrypt?

  Here are an example of just a few threads pulled in 20seconds with multiple users in ech thread chiming in about their similar problem.
  https://discussions.apple.com/thread/3373852?start=30&tstart=0
  http://www.justanswer.com/mac-computers/5ov7e-ios5-upgrade-restore-fails-asking- encryption-password.html
  http://www.ipadforums.net/ipad-os/49211-ios5-itunes-asking-backup-password.html

• CRYPT password encryption bug?

  Hello,
  I'm using SUN One Directory Server 5.2 running on Solaris 8.
  I don't know if this is a bug or a limitation of CRYPT but it appears to only authenticate the first 8 characters of a password.
  For example, I have a password '12345678' and I change it to '123456789' then try to bind to the directory using '12345678' and I would succeed. In fact I can bind in using any random characters after the 8th character and still succeed i.e. '12345678abc' would still work. So only the first 8 characters are used and the rest are discarded.
  Is this meant to be like that?

  nvm apparently it is a limition of crypt.

• IPhone 3G and Exchange odd problem, and it's not the 3.1 encryption bug

  Ok, so first off I solved the issue I was seeing, but I have to post it anyway because I spent much too long figuring it out and would like to find a definitive answer if possible. This may be a problem with the iPhone, or it might be an Exchange issue. I honestly don't know, which is another reason I decided to post this. Ok, here goes
  I received a new iPhone 3G a few days ago. I already support about a dozen or so iPhone users using Exchange email and have had no complaints. However, I finally ran into something that wasn't normal. We have a single Exchange 2003 server hosting email for a few different domain names. For this to make sense, lets say those domains are email1.com and email2.com. The server itself is in the DNS as exchange.email1.com, which is manually set in the ActiveSync configuration when it asks for the server name. I have successfully setup email for users in both email1.com and email2.com with no problems. Now is where the weirdness begins...
  We have a proprietary application that requires users to have no more than 8 characters in their username, but we standardize on using the entire last name in the email address. For an example, let's say we have two employees named John and Tom Anderson. John works the email1.com company and Tom works for the email2.com company. This means their usernames would be janderso and tanderso, but their default email addresses would be [email protected] and [email protected]. The problem I have found is that this is fine for [email protected] and ActiveSync on the iPhone works correctly. However, [email protected] has no such luck and the account will verify but will not sync. This is true with SSL turned on or off. On occassion it will work, but eventually it will fail and anything synchronized to the phone will mysteriously disappear and then the phone begins giving errors connecting.
  Now what I found will fix this problem is matching the username to the email address. In my case, I was able to change the logon for this particular user since they didn't need access to the proprietary application. Changing the username from tanderso to tanderson, then leaving the email as [email protected] and reconfiguring ActiveSync on the iPhone worked. This was not required for users with an email address of [email protected] who are able to have differing usernames and email addresses without any issue.
  I first ran into this with an iPhone with a 3.1 OS installed, but have since been able to test it on the 3.0.1 OS and it failed there as well. Like I said, this may be a problem with the iPhone software or my Exchange server, but since I don't know which it is hopefully if it is an iPhone problem this will save you the time of trying to figure out what is going on.
  Has anyone else ran into this issue, or do you have any idea what might cause it? It was very weird because sometimes it would work for a little while, but most of the time it didn't. As soon as I changed the logon account name to match the email, everything was fine.

  No replies so I'm going to assume I'm the only one that ever had the issue. Everything appears to be working fine for the user now, and has been since the original post.

• Can't see Macintosh HD when trying to reinstall

  In short: Trying to reinstall Yosemite after erasing disk, can't see Macintosh HD when asked to select install disk, can I lay see recovery (which is locked). Can see disk under disk utility but no Erase tab visible, only First Aid and Partition tabs. In long: I've just today got my MBA 15", and I spent the day setting up things, including activating FileVault. I encountered the dreaded "connect power adaptor to resume encryption" bug (despite the progress bar having completed and then power adaptor indeed being connected. I thought, since I'd not installed much or put any data on, that the easiest solution was to erase the drive and reinstall OSX from recovery. I booted into recovery -> disk utility,  chose the Macintosh HD,  and went onto the erase tab. After trying to erase, I was met with an error message. I can't remember the details but I think it mentioned not being able to encrypt. I then went to the Reinstall OSX section, but where there was previously the option to select my Macintosh HD, there was now only my external HD. Going back to the disk utility, I can still see the Macintosh HD but there are now only First Aid and Partition tabs, and everything in the partition tab is greyed out. Rebooting the machine only changed one thing: under Reinstall OSX, when selecting a drive, the recovered rive is now visible (though locked). I'm worried I've bricked my 12 hour old baby, can you help me out? Thanks, Joe

  Let me see if I have this straight:
  Brand new 15" MacBook Air.
  You activated FileVault, and the encryption process "froze" when you encountered a bug.
  You decided to erase the drive, and re-install Yosemite, but the installer is not giving you Macintosh HD as an available option.
  I've never encountered this bug that you speak of, and I've activated FileVault on several Macs over the years, so I can't speak to it directly.
  My suggestion is to ensure you have a reliable power connection (ie. check that the power connector is on straight and there's no metal pieces stuck inside to the magnets), re-erase the drive, and then try install Yosemite again.

• Bug with digitally signed/encrypted emails

  Summary:
  In Lion, inbound emails that are digitally signed and/or encrypted do not contain any indicators that show that the email is encrypted and that the sender has digitally signed it.
  Even worse, if the contents of a digitally signed email have been altered, Mail does not display any warnings that the message has been tampered with.
  Steps to Reproduce:
  Send an encrypted and digitally signed email. It will be received without any indicators saying it was signed/encrypted. In addition, alter the digitally signed email source with a text editor, and then send the email (using telnet commands) to the mail server. When received, Mail does not warn the user that the email was modified.
  Both of these issues were not present in Mail under Snow Leopard
  Expected Results:
  Digitally signed/encrypted emails should have visual indicators to show it (see screenshot below showing same email in Lion and a different client). In addition, digitally signed emails that were altered must cause mail to warn the user about the tampering.
  Actual Results:
  Mail does not show that an email is signed/encrypted. Mail does not show that a digitally signed email has been tampered with.
  Neither of these two issues were present in the Mail.app in Snow Leopard.
  Anyone found a solution....?

  Running OS X 10.7.3 Apple Mail version 5.2(1257)
  My signature and encryption work fine for both incoming and outgoing e-mail. However there is an odd thing I see with e-mail received from Outlook senders.
  The e-mail from Outlook 2007 and 2010 show in my Apple Mail as Encrypted,Encrypted. Not as Signed,Encrypted as one would expect. Also in some cases I do not see anything in the header to indicate that the e-mail is Signed or Encrypted, unless I open the e-mail a second time.
  On the second attempt to view the e-mail I then can see in the header Encrypted,Encrypted when from Outlook. I only see this behavior when the Sender is using MS Outlook or Mozilla Thunderbird.
  I hope this bug is addressed as soon as possible.

• IOS 7 has bug in handling attachments on S/MIME Encrypted Mail

  Since upgrading to iOS 7, my colleagues and I can open attachments on unencrypted e-mail messages just fine.  When reading an encrypted message, we can see the message body text but the attachment pulsates inexplicably.  I've included a screen-shot (moving GIF) and a brief writeup here...
  http://snnyc.com/2013/09/ios7-smime-fail/
  Robert Parks

  Steve -
  S/MIME is on, and I'm able to send, receive and read encrypted messages on my iPhone and iPad running iOS 7.  However, most encrypted messages that contain attachments - and particularly messages that were created using Microsoft Outlook - have an attachment icon that pulsates in an abnormal way.  When the pulsating occurs, I'm never able to open the attachment.
  I even tried wiping an iPad running iOS 7 and setting it up as if it were a new device, and received the same results.  I'm confident that this is a bug, but would like to hear from someome outside my circle of colleagues who can share their own experiences post-upgrade.
  Robert

• Com.sleepycat.db.Database.verify(), not working with encrypted db. bug?

  Hi,
  I have a berkeley database file encrypted with a password (In fact, there are two databases embedded in the same physical file). The Berkeley api version that I'm using is the 5.3.21:
  The databases work fine, and I can read all the encrypted data (in both databases)...
  However, if I try to verifiy the database with the method, com.sleepycat.db.Database.verify(), I get the following error...
  BDB0196 Encrypted checksum: no encryption key specified
  BDB0522 Page 0: metadata page corrupted
  BDB0196 Encrypted checksum: no encryption key specified
  BDB3016 C:\cneDir\env-cipher/inforep.db: pgin failed for page 0
  Even if setup the databaseConfig object with my password... This is the code that I'm using:
      private static void doVerify(String args[], String symmetricKey) {
          DatabaseConfig dbConfig;
          VerifyConfig verifyConfig;
          String filename;
          String dbName;
          boolean result;
          filename = args[0] + "/" + args[1];
          dbName   = args[2];
          dbConfig = new DatabaseConfig();
          dbConfig.setEncrypted(symmetricKey);
          System.out.println("Is encrypted: " + dbConfig.getEncrypted());
          dbConfig.setChecksum(true);
          verifyConfig = new VerifyConfig();
          verifyConfig.setNoOrderCheck(false);
          try {
              result = Database.verify(filename, dbName, System.out, verifyConfig, dbConfig);
              System.out.println("Everything is OK? " + result);
          } catch (Exception ex) {
              System.out.println("D OH!");
              ex.printStackTrace();
          }This forced me to take the source code of the Java API to see what is happening...
  Atfer looking the API source code, it seems to me that the method com.sleepycat.db.Database.verify(), never sets the password at any point of its execution... So, I take the source code and I modify the method to set my password (Hardcoded):
      public static boolean verify(final String fileName,
                                   final String databaseName,
                                   final java.io.PrintStream dumpStream,
                                   VerifyConfig verifyConfig,
                                   DatabaseConfig dbConfig)
          throws DatabaseException, java.io.FileNotFoundException {
          final Db db = DatabaseConfig.checkNull(dbConfig).createDatabase(null);
          //db.set_flags(DbConstants.DB_ENCRYPT);
          db.set_encrypt("1234", DbConstants.DB_ENCRYPT_AES);   //Here, 1234 is my password
          return db.verify(fileName, databaseName, dumpStream,
                           VerifyConfig.checkNull(verifyConfig).getFlags());
      }Atfer this modification, the method com.sleepycat.db.Database.verify() returns true and doesn't throw any exception. So, I'm guessing that this could be a bug, right??

  Hi Carlos,
  It is a bug and the fix will be included in the next release(6.0). Thank you for pointing out this issue.
  Regards,
  -Jin

• Bug? iTunes forced me to encrypt backup - I don't want this. How can I stop it?

  It's all in the title really...
  When I just did the latest sync of my wife's phone, iTunes insisted that the backup needs to be encrypted. I looked down, the option is unchecked. It has never been checked. I unplugged the phone. I shutdown itunes and rebooted. But when I plugged her phone in again, it again has said I MUST encrypt this backup. Why have I never needed to do this before? Why has apple decided I must do this now?
  So reluctantly I put a password on it, thinking that once it's on, I can uncheck it later.... nope...
  So I enter a password, which I REALLY don't want to do.
  I sync, backup complete... The encryption option is now dulled, I can't uncheck it...
  Changing the password does nothing to remove it because you can't leave the new password blank.
  I have not forgot my password, I just don't want one.
  and please, no suggestions or comments that I should encrypt them all, it's up to me. I just don't want it for either of our phones!
  edit: and now it's done it to my phone too... This is BS...
  I have included a couple of images to show my point, this is for my phone, I have yet to create a password for it, so you can see the checkbox is still off..
  and then when I cancel...
  Why does this phone now REQUIRE the backup to be encrypted?
  I hope someone has a solution here, because I've already researched people losing data because of forgetting passwords and the like... I just don't want this stuff stuffed up in any way, I need to keep this as simple as possible for my wife!

  Ok, I'm back home now, and I've uninstalled the profile that was required by the M1 carrier in Singapore (free plug). Doing this has allowed me to make an unencrypted backup of my phone! YAY!!!
  It has also allowed me the option of UNCHECKING the encryption option on my wife's phone...
  As you can see, I can uncheck it, and it gives me an option to enter the password to UNLOCK the encryption.
  This has now been done and encryption removed!!!
  Message was edited by: iMadivad - in trying to unlock the backup, I initially used the wrong password. I had actually put the innitial password in incorrectly. It took quite a few goes at getting it right, I had mistyped a double character sequence. I had at least 10 goes at getting this right, it appears there's no limit to the number of times you can try and get the password right - I suppose, this is why there are brute force attacks on unlocking this file out there.

• How to resolve bug RC4 encrypt-decrypt on iPAD with AIR15 only

  Hi everybody,
  I have some trouble with AIR15 only, In the past, I created a small game on iPad It could send or receive messge from server. I used lib as3crypto.swc encrypt or decrypt message (RC4). But when I upgrade to AIR15 encrypt-decrypt cannot work ( Another thing about this crash is that it only happens with a release (adhoc or appstore) build but NOT with a debug build). I check so many time but i don't know what is problem here.
  Please help me, thanks so much any advice.
  P/S: My game have many swf files (code and resource). I must combine multiple SWF files into one.
  Class RC4.as
  import com.hurlant.crypto.prng.ARC4;
  import com.hurlant.util.Base64;
  import com.hurlant.util.Hex;
  import flash.utils.ByteArray;
  public class RC4
    private static const key:String = "keytest";
    private static var byteKeys:ByteArray = Hex.toArray(Hex.fromString(key));
    private static var rc4:ARC4 = new ARC4();
    public static function encrypt(clearText:String):String
    var byteText:ByteArray = Hex.toArray(Hex.fromString(clearText));
    rc4.init(byteKeys);
    rc4.encrypt(byteText);
    return Base64.encodeByteArray(byteText);
  public static function decrypt(encryptedText:String):String
    var byteText:ByteArray = Base64.decodeToByteArray(encryptedText);
    rc4.init(byteKeys);
    rc4.decrypt(byteText);
    return Hex.toString(Hex.fromArray(byteText));

  Sorry, exact message is "this movie could not be played".
  There are hundreds of posts about this message but no one states a clear solution to the problem.
  Your help will be much appreciated.
  Thank you.

• MBean creation: Encrypted = "true" doesnt work in MBeanAttribute

  Hello!
  I'm trying to create a custom AuthenticationProvider for WLS7 (up to
  date with service packs) and use the
  weblogic.management.commo.WebLogicMBeanMaker to create the necessary
  stubs. The authanticator should remember the system user and its
  password, so I created the following two <MBeanAttribute>s for the
  MBeanType:
  <MBeanAttribute Name="SystemUser" Type="java.lang.String"
  Writeable="true" Default=""system"" CachingDisabled="false"
  CurrencyTimeLimit="-1" Deprecated="false"
  GenerateExtendedAccessors="false" IsIs="false" Iterable="false"
  LegalNull="true" Listen="false" Log="false" NoDoc="false"
  NoDump="false" Readable="true" Visibility="1" />
  <MBeanAttribute Name="SystemPassword" Type="java.lang.String"
  Writeable="true" Default=""password"" Encrypted="true"
  CachingDisabled="false" CurrencyTimeLimit="-1" Deprecated="false"
  GenerateExtendedAccessors="false" IsIs="false" Iterable="false"
  LegalNull="true" Listen="false" Log="false" NoDoc="false"
  NoDump="false" Readable="true" Visibility="1" />
  It works fine as long as I leave out Encrypted="true" in the
  SystemPassword, but if I do this, I can find the password hanging
  around in cleartext in the /domain/userConfig/Security-folders. If I
  use Encrypted="true" it compiles fine, the server starts up fine, I
  can configure it without a problem. But as soon as I set the password
  in the admin-console and restart the server I get the following
  Exception:
  <07.06.2003 18:49:51 CEST> <Critical> <WebLogicServer> <000364>
  <Server failed during initialization.
  Exception:weblogic.management.configuration.ConfigurationException: -
  with nested exception:
  [java.lang.NullPointerException]
  java.lang.NullPointerException
  at weblogic.security.internal.SerializedSystemIni.getEncryptionService(SerializedSystemIni.java:225)
  at weblogic.management.commo.CommoModelMBean.getAttribute(CommoModelMBean.java:319)
  at javax.management.modelmbean.RequiredModelMBean.setAttribute(RequiredModelMBean.java:1681)
  at weblogic.management.commo.CommoModelMBean.setAttribute(CommoModelMBean.java:136)
  at weblogic.management.commo.CommoModelMBean.load(CommoModelMBean.java:616)
  at weblogic.management.commo.Commo.initInstances(Commo.java:241)
  at weblogic.management.commo.Commo.init(Commo.java:125)
  at weblogic.management.AdminServerAdmin.initializeCommo(AdminServerAdmin.java:477)
  at weblogic.management.AdminServerAdmin.initialize(AdminServerAdmin.java:108)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:664)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
  at weblogic.Server.main(Server.java:32)
  --------------- nested within: ------------------
  weblogic.management.configuration.ConfigurationException: - with
  nested exception:
  [java.lang.NullPointerException]
  at weblogic.management.AdminServerAdmin.initializeCommo(AdminServerAdmin.java:486)
  at weblogic.management.AdminServerAdmin.initialize(AdminServerAdmin.java:108)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:664)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
  at weblogic.Server.main(Server.java:32)
  >
  Any ideas what could be wrong? What kind of encryption service does it
  look for?
  Thanks for any idea that could be useful.
  Regards
  Thomas

  This is a known issue. Contact [email protected] for a patch.
  Satya wrote:
  This indeed looks like a bug, please enter a case with support.
  Thanks,
  -satya
  Thomas wrote:
  Hello!
  I'm trying to create a custom AuthenticationProvider for WLS7 (up to
  date with service packs) and use the
  weblogic.management.commo.WebLogicMBeanMaker to create the necessary
  stubs. The authanticator should remember the system user and its
  password, so I created the following two <MBeanAttribute>s for the
  MBeanType:
  <MBeanAttribute Name="SystemUser" Type="java.lang.String"
  Writeable="true" Default=""system"" CachingDisabled="false"
  CurrencyTimeLimit="-1" Deprecated="false"
  GenerateExtendedAccessors="false" IsIs="false" Iterable="false"
  LegalNull="true" Listen="false" Log="false" NoDoc="false"
  NoDump="false" Readable="true" Visibility="1" />
  <MBeanAttribute Name="SystemPassword" Type="java.lang.String"
  Writeable="true" Default=""password"" Encrypted="true"
  CachingDisabled="false" CurrencyTimeLimit="-1" Deprecated="false"
  GenerateExtendedAccessors="false" IsIs="false" Iterable="false"
  LegalNull="true" Listen="false" Log="false" NoDoc="false"
  NoDump="false" Readable="true" Visibility="1" />
  It works fine as long as I leave out Encrypted="true" in the
  SystemPassword, but if I do this, I can find the password hanging
  around in cleartext in the /domain/userConfig/Security-folders. If I
  use Encrypted="true" it compiles fine, the server starts up fine, I
  can configure it without a problem. But as soon as I set the password
  in the admin-console and restart the server I get the following
  Exception:
  <07.06.2003 18:49:51 CEST> <Critical> <WebLogicServer> <000364>
  <Server failed during initialization.
  Exception:weblogic.management.configuration.ConfigurationException: -
  with nested exception:
  [java.lang.NullPointerException]
  java.lang.NullPointerException
  at
  weblogic.security.internal.SerializedSystemIni.getEncryptionService(SerializedSystemIni.java:225)
  at
  weblogic.management.commo.CommoModelMBean.getAttribute(CommoModelMBean.java:319)
  at
  javax.management.modelmbean.RequiredModelMBean.setAttribute(RequiredModelMBean.java:1681)
  at
  weblogic.management.commo.CommoModelMBean.setAttribute(CommoModelMBean.java:136)
  at
  weblogic.management.commo.CommoModelMBean.load(CommoModelMBean.java:616)
  at weblogic.management.commo.Commo.initInstances(Commo.java:241)
  at weblogic.management.commo.Commo.init(Commo.java:125)
  at
  weblogic.management.AdminServerAdmin.initializeCommo(AdminServerAdmin.java:477)
  at
  weblogic.management.AdminServerAdmin.initialize(AdminServerAdmin.java:108)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:664)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
  at weblogic.Server.main(Server.java:32)
  --------------- nested within: ------------------
  weblogic.management.configuration.ConfigurationException: - with
  nested exception:
  [java.lang.NullPointerException]
  at
  weblogic.management.AdminServerAdmin.initializeCommo(AdminServerAdmin.java:486)
  at
  weblogic.management.AdminServerAdmin.initialize(AdminServerAdmin.java:108)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:664)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
  at weblogic.Server.main(Server.java:32)
  Any ideas what could be wrong? What kind of encryption service does it
  look for?
  Thanks for any idea that could be useful.
  Regards
  Thomas
  Rajesh Mirchandani
  Developer Relations Engineer
  BEA Support

• [Patch 정보] TRACKING BUG FOR CUMULATIVE MLR#6 ON TOP OF BPEL PM 10.1.3.3.1

  최근에 출시된 BPEL PM 10.1.3.3.1의 통합패치입니다.
  아래는 readme.txt에 포함된 patch list입니다.
  # WARNING: Failure to carefully read and understand these requirements may
  # result in your applying a patch that can cause your Oracle Server to
  # malfunction, including interruption of service and/or loss of data.
  # If you do not meet all of the following requirements, please log an
  # iTAR, so that an Oracle Support Analyst may review your situation. The
  # Oracle analyst will help you determine if this patch is suitable for you
  # to apply to your system. We recommend that you avoid applying any
  # temporary patch unless directed by an Oracle Support Analyst who has
  # reviewed your system and determined that it is applicable.
  # Requirements:
  # - You must have located this patch via a Bug Database entry
  # and have the exact symptoms described in the bug entry.
  # - Your system configuration (Oracle Server version and patch
  # level, OS Version) must exactly match those in the bug
  # database entry - You must have NO OTHER PATCHES installed on
  # your Oracle Server since the latest patch set (or base release
  # x.y.z if you have no patch sets installed).
  # - [Oracle 9.0.4.1 & above] You must have Perl 5.00503 (or later)
  # installed under the ORACLE_HOME, or elsewhere within the host
  # environment.
  # Refer to the following link for details on Perl and OPatch:
  # http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=189489.1
  # If you do NOT meet these requirements, or are not certain that you meet
  # these requirements, please log an iTAR requesting assistance with this
  # patch and Support will make a determination about whether you should
  # apply this patch.
  # 10.1.3.3.1 Bundle Patch 6823628
  # DATE: March 14, 2008
  # Platform Patch for : Generic
  # Product Version # : 10.1.3.3.1
  # Product Patched : Oracle(R) SOA
  # Bugs Fixed by 10.1.3.3.1 Initial patch 6492514 :
  # Bug 5473225 - PATCH01GENESIS HOT UNABLE TO CATCH AN EXCEPTION DURING A
  # TRANSFORM
  # Bug 5699423 - PARTNERLINK PROPERTY THAT SET BPELXPROPERTY FUNCTION DOESN'T
  # WORK
  # Bug 5848272 - STATEFUL WEBSERVICES DEMO ON OTN DOES NOT WORK 10.1.3.1
  # Bug 5872799 - ANT DEPLOY BPEL TEST FAILS/RUNS ON DEFAULT DOMAIN NOT
  # SPECIFIED TARGET DOMAIN
  # Bug 5883401 - ALLOW A WAY TO CREATE EMPTY NODES - AND USE FOR REQUIRED
  # NODES
  # Bug 5919412 - SAMPLE DEMO BPEL PROCESSES MIMESERVICE MIMEREQUESTER AXIS
  # JAVA EXAMPLE ERROR
  # Bug 5924483 - ESB SHOULD SUPPORT SOAP EDNPOINT LOCATION DYNAMIC UDDI LOOKUP
  # Bug 5926809 - ORAPARSEESCAPEDXML XPATH EXPRESSION FAILED TO EXECUTE
  # FOTY0001 TYPE ERROR
  # Bug 5937320 - STRANGE BEHAVIOUR CALLING FROM BPEL TO BPEL GETTING
  # NULLPOINTEREXCEPTION.
  # Bug 5944641 - BPA BLUEPRINT NOT AVAIALBLE IN JDEVELOPER
  # Bug 5945059 - JAVA.LANG.NULLPOINTEREXCEPTION SENDING EMAILS WITH PAYLOADS
  # LARGER THAT 1MB
  # Bug 5962677 - WS RESPONSE IS EMPTY SOAP BODY IN ONE-WAY CALL
  # Bug 5963425 - WHEN THE OUTCOMES FOR A HT CHANGED & IMPORTED - UPDATE
  # CONNECTION ROLES IN BPEL
  # Bug 5964097 - AQ ADAPTER DEPLOYMENT CAUSES OPMN TO PERFORM A FORCEFUL
  # SHUTDOWN IN SOA
  # Bug 5971534 - CANNOT GRANT USER TASK VIEWS TO GROUPS, ONLY TO USERS.
  # Bug 5989367 - REFER TO SR 6252219.993 BPEL 10.1.3 ONLY COPIES IN ASSIGN,
  # IN 10.1.2 IT CREATES
  # Bug 5989527 - ENHANCEMENT WARNING SHOULD BE GIVEN UPON UPLOAD IF BPEL
  # PROCESS IS OPEN IN ARIS
  # Bug 5997936 - ESB FAULT DOES NOT GET PROPAGATED TO BPEL
  # Bug 6000575 - PERF NEED ESB PURGE SCRIPT TO PURGE BY DATE AND PROCESS
  # Bug 6001796 - POSTING OF DATE RECEIVED FROM XML GATEWAY TO BPEL FAILED IN
  # ESB
  # Bug 6005407 - BPEL PROCESS DOESN'T PROPOGATE FAULT THROWN BY BPEL
  # SUB-PROCESS
  # Bug 6017846 - MIMETYPE OF EMAIL NOTIFICATION IS NOT SET THROUGH HUMAN TASK
  # Bug 6027734 - DECISION SERVICE IMPORT - LOCATING DECISION SERVICE IN .DECS
  # FILE IMPROPER
  # Bug 6028985 - EXCEEDED MAXIMUM NUMBER OF SUBSCRIBERS FOR QUEUE
  # ORAESB.ESB_CONTROL
  # Bug 6041508 - CREATING/UPDATING DVM CAUSE EXCEPTION
  # Bug 6053708 - FTP ADAPTER DOES NOT SUPPORT ENCRYPTED PASSWORD IN
  # OC4J-RA.XML
  # Bug 6054034 - INDEX4,INDEX5 AND INDEX6 CANNOT BE USED IN BPEL CONSOLE
  # Bug 6068801 - BACKPORT OF BPEL ON WEBLOGIC - VERSION 10.1.3.3
  # Bug 6070991 - HT EXPORT DOES NOT EXPORT PARAMETERS, ALLOW PARTICIPANTS TO
  # INVITE OTHERS
  # Bug 6071001 - WSIF HTTP BINDING NOT WORKING FROM ESB
  # Bug 6073311 - STRESS SCOPE NOT FOUND ON CALLBACK - WRONG (DUPE)
  # SUBSCRIPTION IN TABLE
  # Bug 6081070 - JMS ADAPTER REJECTION HANDLER CREATE 0 BYTE FILES
  # Bug 6083419 - DECISION SERVICE SCOPE NEED TO HAVE A SPECIAL INDICATOR
  # Bug 6085799 - HUMAN TASK ADDED IN SCOPE IN JDEV IS NOT UPDATED TO BPA
  # SERVER
  # Bug 6085933 - EXPORT AND EXPLORE SHOULD USE USER LANGUAGE AND NOT ENGLISH
  # ALWAYS
  # Bug 6086281 - STRING INDEX OUT OF RANGE ERROR FOR COBOL COPYBOOK WITH PIC
  # CLAUSE HAVING S
  # Bug 6086453 - DOMAINS CREATED IN A CLUSTER GETS NOT PROPAGATED TO NEW OR
  # EXISTING NODES
  # Bug 6087484 - MULTIPLE HEADER SETTING CAUSES ESB EXCEPTION
  # Bug 6087645 - ESB SHOULD ALLOW USER PICK RUNTIME PROTOCOL (HTTP/HTTPS)
  # Bug 6110231 - TRANSLATION NOT BASED ON MQ CCSID CHARSET
  # Bug 6120226 - BPEL IS NOT SETTING THE APPS CONTEXT CORRECTLY
  # Bug 6120323 - COMPLETIONPERSISTPOLICY ON DOMAIN LEVEL HAS DISAPPEARED
  # Bug 6125184 - ESB JMS SESSION ROLLBACK ORACLE.JMS.AQJMSEXCEPTION
  # Bug 6127824 - [AIA2.0] CURRENT XREF IMPLEMENTATION IS MISSING REQUIRED
  # INDEXES ON XREF SCHEMA
  # Bug 6128247 - HTTPCONNECTOR POST() METHOD SHOULD RAISE EXCEPTION FOR ALL
  # STATUS CODES EXCEPT 2
  # Bug 6131159 - ENABLE USERS TO CHOOSE XSD WHEN CREATING A BPEL PROCESS FROM
  # BLUE PRINT
  # Bug 6132141 - PROCESS_DEFAULT TABLE STILL CONTAINS INFORMATION FROM
  # UNDEPLOYED PROCESSES
  # Bug 6133190 - ENABLING ESB CONSOLE HTTP/S IS MAKING THE CONSOLE TO COME UP
  # BLANK.
  # Bug 6139681 - BPEL WSDL LINK IN CLUSTERED RUNTIME POINTS TO A SINGLE NODE
  # Bug 6141259 - BASICHEADERS NOT PUTTING WWW-AUTHENTICATE HEADERS FOR HTTP
  # BINDING IN BPEL
  # Bug 6148021 - BPEL NATIVE SCHEMA FOR COBOL COPYBOOK WITH IMPLIED DECIMAL
  # LOSES DIGIT IN OUTPUT
  # Bug 6149672 - XOR DATA - CONDITION EXPRESSION SPECIFICATION IS NOT
  # INTUITIVE IN BPMN MODELS
  # Bug 6152830 - LOSING CONDITIONAL EXPRESSIONS CREATED IN JDEV UPON MERGE
  # Bug 6158128 - BASICHEADERS NOT PUTTING WWW-AUTHENTICATE HEADERS FOR HTTP
  # BINDING
  # Bug 6166991 - WHEN STARTING SOA SUITE,, PROCESSES FAIL DUE TO UNDEFINED
  # WSDL
  # Bug 6168226 - LOCATION-RESOLVER EXCEPTION THROWN IN OPMN LOGS
  # Bug 6187883 - CHANGES FOR BPEL RELEASE ON JBOSS- VERSION 10.1.3.3
  # Bug 6206148 - [AIA2.0] NEW FUNCTION REQUEST, XREFLOOKUPPOPULATEDCOLUMNS()
  # Bug 6210481 - BPEL PROCESS WORKS INCORRECTLY WHEN AN ACTIVITY HAS MULTIPLE
  # TRANSITIONCONDITION
  # Bug 6240028 - WEBSERVICE THAT DOES NOT CHALLENGE FOR BASIC CREDENTIALS
  # CANNOT BE INVOKED
  # Bug 6257116 - MULTIPLE HEADER SETTING CAUSES ESB EXCEPTION
  # Bug 6258925 - MESSAGE RECEIVED BY THE TARGET ENDPOINT VIA HTTP POST IS
  # MISSING THE XML HEADER
  # Bug 6259686 - TOO MANY UNNECESSARY WORKFLOW E-MAIL NOTIFICATIONS GENERATED
  # Bug 6267726 - 10.1.3.3 ORACLE APPLICATIONS ADAPTER - NOT ABLE TO CAPTURE
  # BUSINESS EVENT
  # Bug 6272427 - WEBSPHERE BPEL FAILS FOR DATA RETRIEVAL OF SIZE 500+ KB
  # Bug 6276995 - MERGE SCOPE NAME IS NOT UPDATED WHEN CHANGED IN THE SERVER
  # Bug 6280570 - XPATH EXPRESSION ERROR IN MEDIATOR FOR ASSIGNING USER-DEFINED
  # CONTEXT VALUES
  # Bug 6282339 - RETRYCOUNT DOES NOT WORK PROPERLY
  # Bug 6311039 - ONE RECORD IS INSERTED TO SYNC_STORE IF
  # COMPLETIONPERSISTPOLICY SET TO FAULTED
  # Bug 6311809 - [AIA2.0] NON-RETRYABLE ERRORS ARE NOT POSTED ON ESB_ERROR
  # TOPIC
  # Bug 6314784 - THE PRIORITY DEFINED IN THE BPA SUITE IS NOT TRANSFERRED TO
  # THE JDEV CORRECTLY
  # Bug 6314982 - THREADPOOL RACE CONDITION IN ADAPTER INITIALIZATION MESSAGES
  # NOT PROCESSED
  # Bug 6315104 - (SET)CLASSNAME MISSING IN TSENSOR JAXB OBJECTS
  # Bug 6316554 - CONSUME FUNCTIONALITY OF JMS ADAPTER FOR BEA WEBLOGIC DOES
  # NOT WORK
  # Bug 6316950 - FILEADAPTER HARPER ENHANCEMENTS SYNC WRITE AND CHUNKED
  # INTERACTION SPEC
  # Bug 6317398 - THE ICON FOR COMPUTING DIFFERENCE IS MISSING IN JDEV REFRESH
  # FROM SERVER DIALOG
  # Bug 6320506 - IMPORT FAILS WHEN THERE IS AN UNNAMED CASE
  # Bug 6321011 - CANNOT PROCESS 0 BYTE FILE USING FTP ADAPTER
  # Bug 6325749 - TRACKING BUG FOR TRACKING ADDITIONAL CHANGES TO BUG #6032044
  # Bug 6328584 - NEED A NEW XPATH EXPRESSION TO GET ATTACHMENT CONTENT VIA
  # SOAP INVOKATION
  # Bug 6333788 - COLLAPSING OF CONSECUTIVE ASSIGN TASKS BREAKS BAM SENSOR
  # Bug 6335773 - BUILD.XML CONTAINS DO NOT EDIT .. - WHILE <CUSTOMIZE> TASK
  # MUST BE IN <BPELC>
  # Bug 6335805 - AQ ADAPTER OUTBOUND DOESN'T RECONNECT AFTER FAILURE
  # Bug 6335822 - [AIA2.0] PSRPERFESB - RUNTIME DVM PERFORMANCE OVERHEAD IN ABS
  # USE CASE
  # Bug 6339126 - CHECKPOINT BPEL JAVA METHOD DOESN'T WORK IN BPEL 10.1.3.3
  # Bug 6342899 - OUTLINECHANGE.XML NOT UPDATE WITH ACTIVITY FROM NEW BRANCH
  # Bug 6343299 - ESB CONCRETE WSDL NAMESPACE SHOULD BE DIFFERENT FROM IMPORTED
  # WSDL NAMESPACE
  # Bug 6372741 - DEHYDRATION DATABASE KEEPS GROWING IN 10.1.3.3
  # Bug 6401295 - NXSD SHOULD SUPPORT ESCAPING THE TERMINATED/QUOTED/SURROUNDED
  # DELIMITERS
  # Bug 6458691 - DIST DIRECTORY FOR 10.1.3.3.1 NEEDS UPDATE
  # Bug 6461516 - BPEL CONSOLE CHANGES FOR DISPLAYING RELEASE 10.1.3.3.1
  # Bug 6470742 - CHANGE THE VERSION NUMBER AND BUILD INFO IN ABOUT DIALOG IN
  # ESB
  # BUG ADDED IN MLR#1, 6671813 :
  # Bug 6494921 - ORABPEL-02154 IF LONG DOMAIN AND SUITECASE NAMES IN USE
  # BUGS ADDED IN MLR#2, 6671831 :
  # Bug 6456519 - ERROR IN BPEL CONSOLE THREADS TAB:SERVLETEXCEPTION CANNOT GET
  # DISPATCHER TRACE
  # Bug 6354719 - WHICH JGROUP CONFIGURATION PARAMETER IMPACTS BPEL CLUSTER
  # ACTIVITY
  # Bug 6216169 - SCOPE NOT FOUND ERROR WHILE DELIVERING EXPIRATION MESSAGE OF
  # ONALARM
  # Bug 6395060 - ORA-01704 ON INSERTING A FAULTED INVOKE ACTIVITY_SENSOR
  # Bug 6501312 - DEHYDRATION DATABASE KEEPS GROWING IN 10.1.3.3 #2
  # Bug 6601020 - SEARCHBASE WHICH INCLUDES PARENTHESIS IN THE NAMES DOES NOT
  # WORK
  # Bug 6182023 - WAIT ACTIVITY FAILS TO CONTINUE IN CLUSTER WHEN PROCESSING
  # NODE GOES DOWN
  # BUGS ADDED IN MLR#3, 6723162 :
  # Bug 6725374 - INSTANCE NOT FOUND IN DATASOURCE
  # Bug 4964824 - TIMED OUT IF SET CORRELATIONSET INITIATE YES IN REPLY
  # ACTIVITY
  # Bug 6443218 - [AIA2.0]BPEL PROCESS THAT REPLIES A CAUGHT FAULT AND THEN
  # RETHROWS IT IS STUCK
  # Bug 6235180 - BPPEL XPATH FUNCTION XP20 CURRENT-DATETIME() IS RETURNING AN
  # INCORRET TIME
  # Bug 6011665 - BPEL RESTART CAUSES ORABPEL-08003 FAILED TO READ WSDL
  # Bug 6731179 - INCREASED REQUESTS CAUSE OUTOFMEMORY ERRORS IN OC4J_SOA WHICH
  # REQUIRES A RESTART
  # Bug 6745591 - SYNC PROCESS <REPLY> FOLLOWED BY <THROW> CASE CAUSING
  # OUTOFMEMORY ERRORS
  # Bug 6396308 - UNABLE TO SEARCH FOR HUMAN TASK THAT INCLUDES TASK HISTORY
  # FROM PREVIOUS TASK
  # Bug 6455812 - DIRECT INVOCATION FROM ESB ROUTING SERVICE FAILS WHEN CALLED
  # BPEL PROCESS
  # Bug 6273370 - ESBLISTENERIMPL.ONFATALERROR GENERATING NPE ON CUSTOM ADAPTER
  # Bug 6030243 - WORKFLOW NOTIFICATIONS FAILING WITHOUT BPELADMIN USER
  # Bug 6473280 - INVOKING A .NET 3.0 SOAP SERVICE EXPOSED BY A ESB ENDPOINT
  # GIVES A NPE
  # BUGS ADDED IN MLR#4, 6748706 :
  # Bug 6336442 - RESETTING ESB REPOSITORY DOES NOT CLEAR DB SLIDE REPOSITORY
  # Bug 6316613 - MIDPROCESS ACTIVATION AGENT DOES NOT ACTIVATED FOR RETIRED
  # BPEL PROCESS
  # Bug 6368420 - SYSTEM IS NOT ASSIGNING TASK FOR REAPPROVAL AFTER REQUEST
  # MORE INFO SUBMITTED
  # Bug 6133670 - JDEV: UNABLE TO CREATE AN INTEGRATION SERVER CONNETION WHEN
  # ESB IS ON HTTPS
  # Bug 6681055 - TEXT ATTACHMENT CONTENT IS CORRUPTED
  # Bug 6638648 - REQUEST HEADERS ARE NOT PASSED THROUGH TO THE OUTBOUND HEADER
  # Bug 5521385 - [HA]PATCH01:ESB WILL LOSE TRACKING DATA WHEN JMS PROVIDER IS
  # DOWN
  # Bug 6759068 - WORKLIST APPLICATION PERFORMANCE DEGRADATION W/ SSL ENABLED
  # FOR BPEL TO OVD
  # BUGS ADDED IN MLR#5, 6782254 :
  # Bug 6502310 - AUTOMATED RETRY ON FAILED INVOKE WITH CORRELATIONSET INIT
  # FAILS
  # Bug 6454795 - FAULT POLICY CHANGE NEEDS RESTART OF BPEL SERVER
  # Bug 6732064 - FAILED TO READ WSDL ERROR ON THE CALLBACK ON RESTARTING BPEL
  # OC4J CONTAINER
  # Bug 6694313 - ZERO BYTE FILE WHEN REJECTEDMESSAGEHANDLERS FAILS
  # Bug 6686528 - LINK IN APPLICATION.XML FILES CHANGED TO HARD LINKS WHEN MORE
  # THAN 1 HT PRESENT
  # Bug 6083024 - TEXT AND HTML DOC THAT RECEIVED AS ATTACHMENTS WERE EITHER
  # BLANK OR GARBLED
  # Bug 6638648 - REQUEST HEADERS ARE NOT PASSED THROUGH TO THE OUTBOUND HEADER
  # Bug 6267726 - 10.1.3.3 ORACLE APPLICATIONS ADAPTER - NOT ABLE TO CAPTURE
  # BUSINESS EVENT
  # Bug 6774981 - NON-RETRYABLE ERRORS ARE NOT POSTED ON ESB_ERROR TOPIC
  # Bug 6789177 - SFTP ADAPTER DOES NOT SUPPORT RENAMING FILES
  # Bug 6809593 - BPEL UPGRADE TO 10.1.3.3.1 WITH ESB CALLS FAILS DUE TO
  # CACHING OF PLNK - SERVICE
  # BUGS ADDED IN MLR#6, 6823628 :
  # Bug 6412909 - <BPELX:RENAME> DOES NOT ADD XMLNS DECLARATION AUTOMATICALLY
  # Bug 6753116 - OUTPUT FROM HUMAN TASK IS NOT IS NOT CONSISTENT WITH
  # SCHEMA
  # ORDERING
  # Bug 6832205 - BAD VERIFICATIONSERVICE PERFORMANCE IF LDAP SERVICE HAS HUGE
  # DATA
  # Bug 6189268 - CALLING BPEL PROCESS VIA SOAP FROM ESB FAILS WITH
  # NAMENOTFOUNDEXCEPTION
  # Bug 6834402 - JMS ADAPTER IMPROPERLY CASTS XAQUEUESESSION TO QUEUESESSION
  # Bug 6073117 - TASK SERVICE DOESN'T RENDER THE TASK ACTIONS
  # Bug 6054263 - REUSING SOAP WSDL IN RS CAUSES SOAP ACTION'S NS TO BE
  # STRIPPED
  # AWAY
  # Bug 6489703 - ESB: NUMBER OF LISTENERS > 1 GIVES JMS EXCEPTION UNDER STRESS
  # Bug 5679542 - FTP ADAPTER: COULD NOT PARSE TIME:
  # JAVA.LANG.STRINGINDEXOUTOFBOUNDSEXCEPTION
  # Bug 6770198 - AQ ACTIVATIONINSTANCES >1 DOESN'T WORK IN ESB
  # Bug 6798779 - ESB ROUTING RULES CORRUPTED ON RE-REGISTERING WITH ROUTING
  # ORDER
  # IN WSDL CHANGED
  # Bug 6617974 - BACKPORT REQUEST FOR MOVING FILES FUNCTION OF FTP ADAPTER
  # Bug 6705707 - VALIDATION ON ESB CAN'T HANDLE NESTED SCHEMAS
  # Bug 6414848 - FTP ADAPTER ARCHIVE FILENAME FOR BPEL IS BEING SCRAMBLED
  # AFTER
  # THE 10.1.3.3 UPGR
  # Bug 5990764 - INFORMATION ARE LOST WHEN BPEL PROCESS IS POLLING FOR MAILS
  # WITH
  # ATTACHEMENTS
  # Bug 6802070 - ORA-12899 SUBSCRIBER_ID/RES_SUBSCRIBER COLUMN SMALL FOR LONG
  # DOMAIN AND PROCESS
  # Bug 6753524 - WRONG SERVICE ENDPOINT OPEN WHEN TEST WEB SERVICE OF ESB
  # Bug 6086434 - PROBLEM IN BPEL FILE ADAPTER WHILE READING A FIXED LENGTH
  # FILE
  # Bug 6823374 - BPEL 10.1.3.3.1 BAM SENSOR ACTION FAILS WITH BAM 11
  # Bug 6819677 - HTTS STATUS 202 RETURNED INSTEAD OF SOAP FAULT
  # Bug 6853301 - MQ ADAPTER REJECTED MESSAGES IS NOT REMOVED FROM THE RECOVERY
  # QUEUE
  # Bug 6847200 - 10.1.3.3.1 PATCH (#6748706) HAS STOPPED FTP ADAPTER POLLING
  # IN
  # SFTP MODE
  # Bug 6895795 - AQ OUTBOUND DOESN'T WORK WITH MLR#6
  업무에 참고하시기 바랍니다.

  David,
  You are right, theer are some changes incorporated in the latest MLR # 16 on the configurations files and on the dehydration store metrics(such as performance, fields,..).
  However, I would not suggest to continue working on olite, even for Development/Test purposes as you might get stuck with strange errors...and the only solution would be to re-install SOA Suite if your olite gets corrupted. There might be ways to gets your olite back to position, but trust me..its not so simple.
  Also, when you develop and stress test all your testcase scenarios in an TEST Adv installation, its simple to mimic the same in actual production box, as you exactly know its behavior.
  So, go for a brand new SOA 10.1.3.4 MLR # 5 (or) 10.1.3.3.1 MLR # 16 SOA Suite Advanced installation with Oracle DB 10.2.0.3 as its dehydration store.
  Hope this helps!
  Cheers
  Anirudh Pucha

• Unable to create an encrypted disk image in Lion

  disk utility gives the error Unable to create "Volume.dmg." (error - 60008) when creating an encrypted disk image. I am using the following steps:
      1.    Open disk utility
      2.    Select the disk (internal or external) to create the image on
      3.    Select File>New>Blank Disk Image…
      4.    Save As: 'Volume'
      5.    Name: Volume
      6.    Size: 50GB
      7.    Format: Mac OS Extended (Journaled)
      8.    Encryption: 128-bit AES encryption
      9.    Image Format: read/write disk image
      10.    Click the Create button
      11.    Password dialog appears
      12.    When I enter a password the dialog closes after entering only a few characters i.e. before I've finished typing, and the following error message displays:
  Unable to create "Volume.dmg." (error - 60008)
  I have previously, successfully, created encrypted disk images in Snow Leopard, and I don't know why I can't in Lion
  Does anyone have any ideas?

  Thanks for this Thomas.
  I've tried naming the image differently, but still received the error, I did however try different permutations for the password.
  The error seems to happen if I use a purely numerical password string and occurs on input of the 10th numerical character, if I start with numerical character but use an alpha before the 9th number I can continue and create a password, and I can create a password  if I start with an alpha and switch to numerals after the first alpha character, purely alphabetical passwords are fine too.
  It seems that Lion doesn't like purely numerical passwords greater than 9 characters, whereas Snow Leopard wasn't so fussy. Seems it's a bit of a bug.
  Thanks for your help

• UWC/CE 6.3 and Access Manager 7.1 SSO sometimes fails (seems like a bug)

  PREAMBULA: I started writing this post thinking that our AM SSO setup was at fault in some step. As I was gathering data, checking the doc-links and config files and finally sniffed the servers for HTTP dialogs, I grew pretty sure there's a bug in UWC/CE, AM SDK or Web Server Policy Agent, whatever implements the AM SSO session checking.
  In short, as written below, our "sunmail" server can POST a broken cookie to AM server, if the cookie originally contained a "plus" character. The "plus" is replaced by a "space", invalidating the session check. As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here. I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
  Is there some known bug or workaround that matches this description?
  Nevertheless, for completeness' sake I kept the description of our setup. Maybe it's at fault after all :)
  We have an installation of JCS5 with the latest patches as of early July 2008. And as the subject implies, we have problems with AM SSO in UWC/CE web-interface. I have reported them before, then they seemed fixed (not occuring for several tests in a row), but as time has shown, something wrong is still there.
  So I'll try to go into deeper detail now, as we've may have overlooked some nuance... Then again, as my sniffer research below shows, this may be an engine bug and these setup details are irrelevant.
  Our setup is split into several Solaris 10 full-root zones hosted on several servers, some of the components are enroute to HA (perhaps we made some mistakes on this part of the way?)
  So, we have the following software stack:
  1) two MMR Directory Servers (DSEE 6.3 = DSEE 6.2 from JCS5 + 125278-07__DSEE_6.3__x86x64 + 125277-07__DSEE_6.3__x86_sol9 patches) working in zones on two different servers. Except for one time when a manually forced ZFS rollback corrupted one of the server instances, no problems here.
  2) two zones with Directory Proxy Servers (6.3, exact versions as above) running at port 389 provide the clients with an illusion that they have a stable Directory Server, even if one of the actual servers is currently rebooting ;)
  These DPS zones are hosted on two different servers as well and are primarily used by LDAP clients (JCS components) running in other zones on the same respective servers.
  3) A zone with Sun Web Server 7.0U1 and Access Manager 7.1 (+ 126357-01__AM71_x86 patch) and Delegated Admin 6.4-4.01 (from JCS5 + 121582-18__COMMCLI64__x86 patch).
  At the moment there is one such zone (named "cos-psam-01.domain.ru" in the logs below), but we expect(-ed) it to become two similar zones as per AM HA setup.
  Zones listed in (1-3) use private IP numbers, they belong in our internal DMZ.
  Zones listed in (4-5) below use public (routed) IP numbers, they belong in our external DMZ.
  4) A zone with Sun Web Server 7.0U1 used primarily as a reverse-proxy server (optionally with a load-balancer libpassthrough.so plugin) successfully used for other hosted projects. One of its configurations now passes connections from an externally routed IP address published as "psam.domain.ru" to "cos-psam-01.domain.ru", per AM HA setup, so HTTP clients believe they work with an Access Manager instance. This zone has a backend interface with a private IP address to communicate with the actual AM instance.
  In AM configuration (both LDAP and file-based) we have configured a site ID with the publicly known name and mentioned both names (psam and cos-psam-01) in organization's realm/dns aliases.
  5) A zone with the rest of the Sun Java Communications Suite 5, as in Messaging Server 6.3 (6.3-6.03 64-bit: ci-5.0-1.03_solx86_x64__Messaging_Server_6.3-2 + patch 126480-09__MSG63__x86-64), UWC/CE 6.3 (from JCS5 + 122794-17__UWC63-4.01_core__x86), Instant Messaging 7.2 (from JCS5 + 118790-29__IM72__x86-1 + 118787-28__IM72__x86-2), Calendar Server 6.3 (from JCS5 + 121658-28__iCS63__x86). The web-components (UWC/CE, IM, /httpbind) are deployed in a Sun Web Server 7.0U1 as well.
  This zone is named "sunmail.domain.ru" and has a routed IP address for direct external access to its servicess.
  The AM SDK part is also patched (126357-01__AM71_x86); it points to the load-balancer name ("psam.domain.ru") as an actual AM server.
  # imsimta version
  Sun Java(tm) System Messaging Server 6.3-6.03 (built Mar 14 2008; 64bit)
  libimta.so 6.3-6.03 (built 17:15:08, Mar 14 2008; 64bit)
  SunOS sunmail 5.10 Generic_127112-07 i86pc i386 i86pc
  While setting up this server set we tried to use AM SSO as the user login method, but it works unreliably.
  "Unreliably" means that while most of the time entering a correct uid and password in Access Manager login page ("http://psam.domain.ru/amserver/UI/Login") does redirect a user back to "http://sunmail.domain.ru/uwc/auth" along with a new cookie, and the user is redirected again to his or her mailbox, sometimes the user receives the UWC/CE login page. Entering the same uid and password here does log him in, but it breaks the whole point of SSO and only increases the end-user routine required to log in :\
  We have also seen the "missing mail tab" problem - if the users point the browser to any hostname different from "sunmail.domain.ru" (i.e. www.mail.domain.ru which is equivalent in DNS), they have only the Address book, Calendar and Options tabs; no webmail. So far this is resolved by Policy Agent forcing The One name of the server.
  Here's the configuration we did specifically for AM SSO:
  1) in AMConfig.properties of "sunmail" and "cos-psam-01" we set up
  com.iplanet.am.cookie.encode=false
  am.encryption.pwd=<the same value>
  all hostname-related parameters point to "psam.domain.ru"
  2) in AMConfig.properties of "cos-psam-01" a number of FQDN equivalence entries are added (so it does not redirect to a server hostname unknown to visitors):
  com.sun.identity.server.fqdnMap[publicname-or-ip]=psam.domain.ru
  com.sun.identity.server.fqdnMap[cos-psam-01.domain.ru]=cos-psam-01.domain.ru
  3) in "msg.conf" on "sunmail" (entries added via configutil):
  local.webmail.sso.amcookiename = iPlanetDirectoryPro
  local.webmail.sso.amnamingurl = http://psam.domain.ru:80/amserver/namingservice
  local.webmail.sso.singlesignoff = yes
  local.webmail.sso.uwcenabled = 1
  service.http.ipsecurity = no
  (perhaps some more options are required? Looking for confirmation about: local.webmail.sso.uwclogouturl local.webmail.sso.uwccontexturi local.webmail.sso.uwchome service.http.allowadminproxy )
  4) Configured Web Policy Agent for Sun Web Server, so that users without an AM session are required to get one. Set up per [http://msg.wikidoc.info/index.php/AM_redirection_using_Policy_Agent], except that com.sun.am.policy.agents.config.notenforced_list points to the many names our server can go known by.
  5) Updated the logout URL in /opt/SUNWuwc/webmail/main.js:
  --- main.js.orig        Sat Jan 26 07:52:09 2008
  +++ main.js     Mon Jul 21 01:06:29 2008
  @@ -667,7 +667,8 @@
  function cleanup() {
     if(laurel)
  -      top.window.location =  getUWCHost() + "/base/UWCMain?op=logout"
  +//      top.window.location =  getUWCHost() + "/base/UWCMain?op=logout"
  +      top.window.location =  "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
     else
         exec('logout', '', 'exit()')
  @@ -1707,7 +1708,8 @@
     if(lg) {
           url = document.location.href
           url = url.substr(0,url.indexOf('webmail'))
  -        uwcurl = url + 'base/UWCMain?op=logout'        
  +//      uwcurl = url + 'base/UWCMain?op=logout'        
  +        uwcurl = "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
     exit()
  }6) Calendar SSO - per docs...
  According to ngrep sniffing,
  1) the browser goes to "http://sunmail.domain.ru/uwc/auth" without any cookies
  2) receives a redirect and goes to "http://psam.domain.ru/amserver/UI/Login?gotoOnFail=http://sunmail.domain.ru:80/uwc&goto=http%3A%2F%2Fsunmail.domain.ru%3A80%2Fuwc%2Fauth"; sends no cookies either.
  3) The first response from the "psam" server (as redirected from "cos-psam-01") sets a few cookies while rendering the login page:
  Set-cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; Path=/
  Set-cookie: AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
  Set-cookie: amlbcookie=02; Domain=.domain.ru; Path=/
  4) The browser requests the login page resources (javascripts, images, etc) using these cookies, as in this header line:
  Cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; amlbcookie=02
  5) The browser POSTs the login request to "/amserver/UI/Login" and receives a redirection to http://sunmail.domain.ru:80/uwc/auth
  Set-cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
  Set-cookie: AMAuthCookie=LOGOUT; Domain=.domain.ru; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
  6) The browser requests "http://sunmail.domain.ru/uwc/auth" using the newly set cookie (looks like the old one to me though):
  Cookie: amlbcookie=02; iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#
  7) The "sunmail" web-server checks the AM session validity with the same "psam.domain.ru". It sends a series of POSTs to /amserver/namingservice:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="com.iplanet.am.naming" reqid="685">
  <Request><![CDATA[
  <NamingRequest vers="1.0" reqid="324" sessid="AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#">
  <GetNamingProfile>
  </GetNamingProfile>
  </NamingRequest>]]>
  </Request>
  </RequestSet>(receives a large XML list of different Access Manager configuration parameters and URLs)
  ...then a double-request to /amserver/sessionservice:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="Session" reqid="686">
  <Request><![CDATA[
  <SessionRequest vers="1.0" reqid="678">
  <GetSession reset="true">
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </GetSession>
  </SessionRequest>]]>
  </Request>
  <Request><![CDATA[
  <SessionRequest vers="1.0" reqid="679">
  <AddSessionListener>
  <URL>http://sunmail.domain.ru:80/UpdateAgentCacheServlet?shortcircuit=false</URL>
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </AddSessionListener>
  </SessionRequest>]]>
  </Request>
  </RequestSet>As a result it receives an XML with a lot of user-specific information (the username, LDAP DN, preferred locale, auth module used, etc.)
  !!!*** Now, the problem part ***!!!
  8) And then "sunmail" POSTs a broken cookie to "psam" (note the space in mid-text, where the "plus" sign was previously). As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here.
  I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. I looked over the large XML responses to the two previous requests, whenever they mention the session cookie value, the "plus" is there.
  For the most detail I can provide, I'll even paste the whole HTTP packet:
  POST /amserver/sessionservice HTTP/1.1
  Proxy-agent: Sun-Java-System-Web-Server/7.0
  Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#;amlbcookie=null
  Content-type: text/xml;charset=UTF-8
  Content-length: 336
  Cache-control: no-cache
  Pragma: no-cache
  User-agent: Java/1.5.0_09
  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Host: cos-psam-01.domain.ru
  Client-ip: 194.xxx.xxx.xxx
  Via: 1.1 https-weblb.domain.ru
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="session" reqid="258">
  <Request><![CDATA[<SessionRequest vers="1.0" reqid="254">
  <GetSession reset="true">
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </GetSession>
  </SessionRequest>]]></Request>
  </RequestSet> The server's error response is apparent:
  HTTP/1.1 200 OK
  Server: Sun-Java-System-Web-Server/7.0
  Date: Thu, 31 Jul 2008 05:49:50 GMT
  Content-type: text/html
  Transfer-encoding: chunked
  19b
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <ResponseSet vers="1.0" svcid="session" reqid="258">
  <Response><![CDATA[<SessionResponse vers="1.0" reqid="254">
  <GetSession>
  <Exception>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=# Invalid session ID
  AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</Exception>
  </GetSession>
  </SessionResponse>]]></Response>
  </ResponseSet>On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
  For reference, here's a working final request-response (one with a good cookie, as received by the load-balancer web-server). Request looks a bit different:
  POST /amserver/sessionservice HTTP/1.1
  Cookie: iPlanetDirectoryPro=AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#;amlbcookie=null
  Content-Type: text/xml;charset=UTF-8
  Content-Length: 379
  Cache-Control: no-cache
  Pragma: no-cache
  User-Agent: Java/1.5.0_09
  Host: psam.domain.ru
  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="session" reqid="281">
  <Request><![CDATA[<SessionRequest vers="1.0" reqid="277">
  <SetProperty>
  <SessionID>AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#</SessionID>
  <Property name="uwcstatus" value="active"></Property>
  </SetProperty>
  </SessionRequest>]]></Request>
  </RequestSet> ...and the response is OK:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <ResponseSet vers="1.0" svcid="session" reqid="281">
  <Response><![CDATA[<SessionResponse vers="1.0" reqid="277">
  <SetProperty>
  <OK></OK>
  </SetProperty>
  </SessionResponse>]]></Response>
  </ResponseSet>

  There have been a few reports of the same behaviour with other customers - specifically with the handling of the encoding of "+" characters to " ". It relates to how cookie encoding/decoding is performed (as you have already observed).
  The solution for these customers was the following:
  => AM server/client side:
  Ensure that com.iplanet.am.cookie.encode=false in AMConfig.properties and AMAgent.properties on all systems.
  => AM client (UWC) side:
  - Set <property name="encodeCookies" value="false"/> in /var/opt/SUNWuwc/WEB-INF/sun-web.xml. This will prevent UWC from trying to urldecode the cookie it receives and therefore stops it turning the + into a space e.g.
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'file:///net/wajra.india.sun.com/export/share/dtd/sun-web-app_2_3-1.dtd'>
  <sun-web-app>
     <property name="encodeCookies" value="false"/>
     <session-config>
        <session-manager/>
     </session-config>
     <jsp-config/>
  <property name="allowLinking" value="true" />
  </sun-web-app>Regards,
  Shane.

• 10.5.1 doesn't fix 802.1X WEP os-logon and Go To Folder in finder dock Bug

  Hi,
  I still have a bug when opening folder/directory view from the finder dock icon. it instantly locks the finder and i have to kill it to get it function again. This bug doesnt' work when a finder window is open.. (as referred to be me in http://discussions.apple.com/message.jspa?messageID=5768515#5768515)
  There is still also a bug when i was using 802.1X WEP encryption at college earlier today. when booting leopard it searches for new or known wireless networks and gives me a password dialog. Since I authenticate against a LDAP server (U/P settings stored in the 802.1X tab) ) and also have a certificate, this dialog box is wrong. If i enter my password it also doesn't work!
  When canceling the dialog box and going to the wireless menu in the top right screen and selecting my access point, i get connected right away!!
  Come on apple, you can do better then that!
  Also, please remove or upgrade the "address book" in the terminal application, its still a shame...
  Regards,
  Rick

  In my searching beforehand, there were some rare problems in Finder with fonts in the sidebar causing problems. I figured it couldn't hurt. If I don't get any kind of solution here, I'm just going to wipe the computer (data backed up, of course), since I've accumulated quite a few odd things the past 18 months. Thanks anyway.
  edit: I just realized what you meant about the /Library/Fonts folder. I did the ~ one too, but no dice.
  Message was edited by: mintrepublic