Differenct between SNC and SSL

Hi All,
I have this question:
What is the difference between and SNC and SSL?
What are it's purpose?
(The context is while using Trust Manager with SAP systems)
Thanks and Regards, Pradeep

You can use SSL for encryption where the SAP Web AS is either the server or the client component for the connection, such as:
. Users connect to the SAP Web AS using their Web browser.
. The SAP Web AS connects to another SAP Web AS.
. The SAP Web AS connects to another Web server.
SSL is supported in all these cases.
For connections that use SAP protocols (RFC, DIAG), you can also use SNC on
the SAP Web AS.
SNC requires the use of an external security product to perform the encryption
Similar to SNC, for SSL, the SAP Web AS uses the SAP Cryptographic Library
to perform the cryptographic functions.
However, for SNC, you can alternatively use a partner product. For SSL, you must
use the SAP Cryptographic Library.
Thanks
Dheeraj

Similar Messages

What's the difference between SNC and SRM?

we will sell SNC in Q2.But i don't know what is the difference between SNC and SRM.
i've heard SNC suit Direct procurement better than SRM...
Pls give me the advice and information.
good regards kenji

Hi Kenji,
SRM is more of Supplier Identification and SNC work of building
relationship with Supplier starts after this Supplier identification.
SNC is very Good tool to handover Inventory replenishemnt
to Suppliers and it gives Visibility of inventory information over Web UI.
SNC has many processes like PO Collaboration, SMI, DR,DCM, SNI,
Invoice Collaboration,Release process...to accomplish above mentioned task.
SNC is designed for direct materials procurement.
SRM has contract negotiations,bids,auctions for sourcing to identify suppliers
SRM is good for basic purchasing fuctionality and suitable for indirect materials.
In addition to all these SNC has Customer Collaboration functionality also.
Regards,
Vasu

SSL between NSAPI and WLS with custom certificate and RequireSSLHostMatch=true fails

I am trying to use SSL for communication between NSAPI and WebLogic
server (server authentication at the NSAPI).
Therefore, a custom server certificate is installed on WLS, containing this
server's hostname. The NSAPI is configured (RequireSSLHostMatch=true) to
check the hostname contained in the certificate against the WebLogicHost
parameter in the "obj.conf" file. The corresponding TrustedCAFile is installed
for NSAPI.
The SSL setup seems to work ok, but when matching the hostname, it seems like
NSAPI is trying to do a string-match against the numeric IP of the WebLogicHost,
not on the hostname as configured in the WebLogicHost parameter.
The relevant entry in the "obj.conf" file:
<Object name="weblogic" ppath="*">
Service fn=wl-proxy WebLogicHost=btsun2a.muc \
WebLogicPort=7162 \
Debug=ALL \
SecureProxy=ON \
TrustedCAFile=/home/qx13604/wls61/config/testdomain/TC_RootServer_PEM_Class0.pem
RequireSSLHostMatch=true
</Object>
I am using WLS6.1 with NSAPI (both Solaris). The content of "wlproxy.log" is as
follows.
Any ideas?
Content of "wlproxy.log":
Thu Oct 11 12:30:22 2001 INFO: SSL is configured
Thu Oct 11 12:30:22 2001 INFO: Initializing SSL library
Thu Oct 11 12:30:22 2001 Loaded 1 trusted CA's
Thu Oct 11 12:30:22 2001 INFO: Successfully initialized SSL
Thu Oct 11 12:30:22 2001 INFO: SSL configured successfully
Thu Oct 11 12:30:22 2001 ....relFile.../index.jsp...
Thu Oct 11 12:30:22 2001 URI=[index.jsp]
Thu Oct 11 12:30:22 2001 Initializing lastIndex=0 for a list of length=1
Thu Oct 11 12:30:22 2001 attempt #0 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #1 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #2 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #3 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #4 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #5 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 request [index.jsp] processed ..................

I tried some other case and configured a certificate containing
the numeric IP as hostname. The authentication works fine then,
but it wouldn't be nice to hard-code the IP in the certificate
(btw. the WebLogicHost parameter is still given as DNS name, not
as IP address).
Has anyone got a solution for this?
"Wolfgang Jodl" <[email protected]> wrote:
>
I am trying to use SSL for communication between NSAPI and WebLogic
server (server authentication at the NSAPI).
Therefore, a custom server certificate is installed on WLS, containing
this
server's hostname. The NSAPI is configured (RequireSSLHostMatch=true)
to
check the hostname contained in the certificate against the WebLogicHost
parameter in the "obj.conf" file. The corresponding TrustedCAFile is
installed
for NSAPI.
The SSL setup seems to work ok, but when matching the hostname, it seems
like
NSAPI is trying to do a string-match against the numeric IP of the WebLogicHost,
not on the hostname as configured in the WebLogicHost parameter.
The relevant entry in the "obj.conf" file:
<Object name="weblogic" ppath="*">
Service fn=wl-proxy WebLogicHost=btsun2a.muc \
WebLogicPort=7162 \
Debug=ALL \
SecureProxy=ON \
TrustedCAFile=/home/qx13604/wls61/config/testdomain/TC_RootServer_PEM_Class0.pem
RequireSSLHostMatch=true
</Object>
I am using WLS6.1 with NSAPI (both Solaris). The content of "wlproxy.log"
is as
follows.
Any ideas?

SSL between XI and a business partner

Has anyone gotten SSL between XI and an external business partner up and running? I would like to have a short discussion with someone who has been successful. I am trying to send messages out from XI that require XI to be active. Please don't direct me to the documentation because we have read it and it has not been very helpful.
regards,
Chris

Hello Richard,
I can't see we have been successful but we are close. Here are the steps:
1. HTTPS service needs to be active (Tx: SMICM)
2. You need to load the SSL certificate key in your XI system (Tx: STRUST)
3. You will need to create an RFC (type G)pointing to your target server. Then select the SSL (acitve) and the private key you want to use (you will need one RFC destination by server key).
4. Use your RFC destination in your HTTP Adapter:
on the HTTP adapter don't select URL address but select RFC destination.
I hope this will help.
PLease don't heistate to ask if you need more detail.
Mustapha

Difference between ICH and SNC

Hi All,
Can some one explain what is the difference between ICH and SNC..

Hi Prawmu,
You can also check below sap help link
SAP SNC 7.0
http://help.sap.com/saphelp_snc70/helpdata/EN/46/41fb29cf955e40e10000000a11466f/frameset.htm
SAP SNC 5.1
http://help.sap.com/saphelp_snc2007/helpdata/EN/dd/8e51341a06084de10000009b38f83b/frameset.htm
SAP ICH/SNC 5.0
http://help.sap.com/saphelp_scm50/helpdata/en/b4/f20483605b0d4fa856354a986e900d/frameset.htm
Regards,
Nikhil

SSL Acceleration between iPlanet and WLS

I was wondering if anybody has successfully deployed a SSL accelerator card for SSL acceleration between iPlanet and WLS?

This is a feature in the latest release, WebLogic Server 6.1.0
          <http://e-docs.bea.com/wls/docs61/////adminguide/nsapi.html#101168>. It is
          not available for WebLogic Server 5.1.0.
          Regards,
          -- Ian
          "Abhinandan" <[email protected]> wrote in message
          news:3ba5dfa9$[email protected]..
          > Can i get SSL communication between iPlanet and Weblogic 5.1? if yes then
          how??

Difference between SRM and SNC

Hi all,
i frequently get this question from many of my friends who work on SRM, as what is the difference between SRM and SNC.Because the supplier collaboration part of SNC resemles with few functionalities of SRM.
What kind of industries go for SRM?
What kind of industries go for SNC?
Regards,
Nandan

Hi Nandan
SRM and SNC have few functionalities common.
SUS and Plan driven procurement. Like SNC Purchase Order Collaboration, these are direct procurement(Supplier known).
Where SRM has other business process like Self Service Procurement, where in they can create quotations and then compare and select the best supplier(In direct Procurement)
In SNC we do not support Service Orders, We only support Quantity Orders. Where SRM can support both.
They have other Business process(SAP SRM Supplier Collaboration), where in the solutions and backend systems like SAP Supplier Relationship Management (SRM), SAP Product Lifecycle Management (PLM), Collaboration Folders (cFolders), and SAP Supply Chain Management (SCM), to provide collaborative planning, sourcing, procurement.
Where SNC plays a material monitor here communicating between OEM & Supplier Org
SRM support both quantity procurement and service procurement directly and indirectly.
Where in SNC supports direct quantity procurement.
It is the business need, upon which they select SNC or SRM.
Best Regards
Vinod

Difference Between One-way SSL and Two Way SSL

Hi ,
Can any tell difference between one way and two ssl. apache to weblogic server which type of ssl we can configure. Please provide information on this.
thanks

In short below is the difference:
One Way SSL - Only the client authenticates the server
- This means that the public cert of the server needs to configured in the trust store of the client for this to happen.
Two Way SSL - The client authenticates the server & the server also authenticates the client.
- This means that the public cert of the server needs to configured in the trust store of the client for this to happen.
- Also the public cert of the client needs to be configured on the server's trust store
Please refer to http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=%2Fcom.ibm.mq.csqzas.doc%2Fsy10660_.htm. In case of Two way SSL the step numbers 5 & 6 also occur.
You can implement either of them between apache and weblogic.
Hope this helps.
Thanks,
Patrick

SSL Between Weblogic and IBM MQ

Dear All,
I would like to know the SSL configuration steps between Weblogic and MQ Communication.
The existing setup is, To put message in MQ, We are using MQ Java API directly. To get message from MQ, We are using JMS API with binding file.
Now, we are in a position to enable SSL in those communication between Weblogic and MQ. Here Weblogic is Treated as Client & MQ is treated as Server. If any one throw some light here would be greatful for us to enable 2-way SSL.
In High Level, Initially we planned for One-Way SSL like below,
1. Create the Trust Store in MQ Server
gsk7capicmd -keydb -create -db "/var/mqm/qmgrs/WLMQTest/ssl/WLMQTest.kdb" -pw serverpass -type cms -expire 365 -stash -fips
2. Create Self-Signed Certificate Initially for MQ Server
gsk7capicmd -cert -create -db "/var/mqm/qmgrs/WLMQTest/ssl/WLMQTest.kdb" -pw serverpass -label ibmwebspheremqwlmqtest -dn "CN=WLMQTest,O=,C=" -expire 365 -fips -sigalg sha1
gsk7capicmd -cert -extract -db "/var/mqm/qmgrs/WLMQTest/ssl/WLMQTest.kdb" -pw serverpass -label ibmwebspheremqwlmqtest -target "/var/mqm/qmgrs/WLMQTest/ssl/*WLMQTest.crt*" -format ascii -fips
3. Create the Key Store in Weblogic Server
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
4. Copy the Public SSL Server Certificate to the Weblogic Server
Copied the WLMQTest.crt from MQ Server into a directory under Weblogic Server Domain
The below command list the content of the keystore.jks
keytool -list -keystore keystore.jks
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
mydomain, Dec 26, 2011, PrivateKeyEntry,
Certificate fingerprint (MD5): E7:B6:4C:02:A7:DE:A3:66:27:66:38:A1:87:DF:8F:0F
And tried to import the WLMQTest.crt
keytool -import -alias mydomain -file WLMQTest.crt -keystore keystore.jks -storepass serverpass
We got the error like below,
keytool error: java.lang.Exception: Public keys in reply and keystore don't match
5. Configuring the Channels.
Please advice, Is it a right way? Positively expected your valuable comments
Edited by: user10094300 on Dec 26, 2011 1:17 AM

Check this:
http://www.ibm.com/developerworks/websphere/library/techarticles/0510_fehners/0510_fehners.html

Need help with ASA 5512 and SQL port between DMZ and inside

Hello everyone,
Inside is on gigabitEthernet0/1 ip 192.9.200.254
I have a dmz on gigabitEthernet2 ip 192.168.100.254
I need to pass port 443 from outside to dmz ip 192.168.100.80 and open port 1433 from 192.168.100.80 to the inside network.
I believe this will work for port 443:
object network dmz
subnet 192.168.100.0 255.255.255.0
object network webserver
host 192.168.100.80
object network webserver
nat (dmz,outside) static interface service tcp 443 443
access-list Outside_access_in extended permit tcp any object webserver eq 443
access-group Outside_access_in in interface Outside
However...How would I open only port 1433 from dmz to inside?
At the bottom of this message is my config if it helps.
Thanks,
John Clausen
Config:
: Saved
ASA Version 9.1(2)
hostname ciscoasa-gcs
domain-name router.local
enable password f4yhsdf.4sadf977 encrypted
passwd f4yhsdf.4sadf977 encrypted
names
ip local pool vpnpool 192.168.201.10-192.168.201.50
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 123.222.222.212 255.255.255.224
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.9.200.254 255.255.255.0
interface GigabitEthernet0/2
nameif dmz
security-level 100
ip address 192.168.100.254 255.255.255.0
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name router.local
object network inside-subnet
subnet 192.9.200.0 255.255.255.0
object network netmotion
host 192.9.200.6
object network inside-network
subnet 192.9.200.0 255.255.255.0
object network vpnpool
subnet 192.168.201.0 255.255.255.192
object network NETWORK_OBJ_192.168.201.0_26
subnet 192.168.201.0 255.255.255.192
object network NETWORK_OBJ_192.9.200.0_24
subnet 192.9.200.0 255.255.255.0
access-list outside_access_in extended permit icmp any4 any4 log disable
access-list Outside_access_in extended permit udp any object netmotion eq 5020
access-list split standard permit 192.9.200.0 255.255.255.0
access-list VPNT_splitTunnelAcl standard permit 192.9.200.0 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static inside-network inside-network destination static vpnpool vpnpool
nat (inside,outside) source static NETWORK_OBJ_192.9.200.0_24 NETWORK_OBJ_192.9.200.0_24 destination static NETWORK_OBJ_192.168.201.0_26 NETWORK_OBJ_192.168.201.0_26 no-proxy-arp route-lookup
object network netmotion
nat (inside,outside) static interface service udp 5020 5020
nat (inside,outside) after-auto source dynamic any interface
access-group Outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 123.222.222.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.9.200.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.9.200.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption aes128-sha1 3des-sha1
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 2 regex "Windows NT"
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3 regex "Intel Mac OS X"
anyconnect enable
tunnel-group-list enable
group-policy SSLVPN internal
group-policy SSLVPN attributes
dns-server value 192.9.200.13
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
default-domain value router.local
group-policy VPNT internal
group-policy VPNT attributes
dns-server value 192.9.200.13
vpn-tunnel-protocol ikev1 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPNT_splitTunnelAcl
default-domain value router.local
username grimesvpn password 7.wersfhyt encrypted
username grimesvpn attributes
service-type remote-access
tunnel-group SSLVPN type remote-access
tunnel-group SSLVPN general-attributes
address-pool vpnpool
default-group-policy SSLVPN
tunnel-group SSLVPN webvpn-attributes
group-alias SSLVPN enable
tunnel-group VPNT type remote-access
tunnel-group VPNT general-attributes
address-pool vpnpool
default-group-policy VPNT
tunnel-group VPNT ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:36271b5a1b9382621e14c3aa635e2fbb
: end

Hi Vibor. Apologies if my comment was misunderstood. What I meant to say was that the security level of the dmz interface should probably be less than 100.
And therefore traffic could be controlled between DMZ and inside networks.
As per thr security level on the DMZ interface. ....... that command is correct. :-)

J2SE adapter engine and SSL testing

Hi there,
We are currently doing a B2B scenario whereby SAP XI sends a message to the J2SE adapter engine in the DMZ and then that sends the message via HTTPS / SSL to the receiving service....
In order to test that the HTTPS / certificate etc worked I wrote a small Java application and dialled out of the network. I inserted the DER file into my CACERTS file on my local machine using the keytool as a "trusted certificate". The Java application worked 100% and did the SSL handshake fine and POSTED the data fine as well......
Now I am no expert in the J2SE adapter engine but decided to try testing the same SSL connection using the J2SE adapter engine from my LOCAL machine with me dialled out onto the Internet.
I logged into the J2SE adapter engine and imported the same DER file into the engine (actually inserted into the "truststore.jks" file). I them went into the "Test Environment" of the J2SE adapter and have been trying to test.....
I have a few questions:
1. Do I have to use a P12 or PFX file for this sort of communication? Reason I ask is that with the Java application all I needed was the DER file?
2. In the full blown scenario do I have to have SSL configured between XI and the J2SE adapter engine as well? Or can that stay as HTTP?
My basic config for the test is roughly:
WS.targetURL=https://someserver:4433/soap/someInbox
WS.SOAPAction=CustomSoapAction
SSLauthentication=true
Do I really need the following two?
SSLcertificate=somecert.p12
SSLcertificatePassword=somepassword
From my logic all I should need if the DER file loaded into the J2SE adapter which I have done......
Has anyone done successfull SSL / HTTPS testing from the J2SE adapter engine using the "Test Environment"?
Any advise would be greatly appreciated
Kind regards
Lynton

Hi
Not a answer to your question but why use the J2SE adapter engine in the DMZ and why not the J2EE Decentral Adapter Engine?
Regards
Bhavesh

Users mapping between EP and ABAP system

Hello
I'd like to ask for some guidance in my quest
Current situation looks like this:
I've configured UME in AS Java to work with LDAP as read only data source. Then I've configured SPNego to run SSO - It works, users from MS AD can log into portal.
Now I have application in WD which authorizes via EP/AD - works fine.
And next step is users mapping between AD and ABAP backend (serving some BAPI's for WD app)
I've found a bunch of help pages starting from
http://help.sap.com/saphelp_nwce711/helpdata/en/0b/d82c4142aef623e10000000a155106/frameset.htm
But somehow it's quite complicated to achieve this mapping. I've tried to set RFC destinations logon type to user mapping but without succes.
Can anyone point me to some more clear example or give path to configure this scenario? Is there a way of configuring this with NWA or some XML file editing is required?
Any help will be appreciated.
BTW: whole environment is in version 7.11
Best regards
Maciej

There is no equivalent to SPNEGO on the ABAP side.
If your goal is to propagate the user, then possible options are:
-> Wait for SAML 2.0 or invest now in a SAML 1.0 provider.
-> Use the same kerberos ticket for the EP as what your ABAP system will accept: route = SNC and 3rd party libraries.
-> Issue SAP logon tickets for the ABAP system from the EP, and use these in your WDA.
Another option is to expose the service with saved logon data in the ICF. If the service is just a wrapper for the BAPI, then you can also consider using trusted RFC between the service and the backend, but this might not be acceptable for your service.
I have only done experimental stuff with this and some of the above is not released yet. Also consider the consequences, even if it "does work"...
Cheers,
Julius

Maintaining Sessions between http and https

I have a web application in which I want my users to view the login page over SSL and send the login request via SSL also, but then I want to revert back to http://
My problem is, and i've seen this problem on loads of boards with no real resolution, during the login I set some objects with in the session that are used to display information in other parts of the site... but the session object is being lost!!!
I am using Tomcat as my web server, I saw an article on JavaWorld titled "mix protocols transparently in web applications", and apparently to over come this problem if you are using WebLogic 6.1 there is a parameter in the weblogic.xml file that must be configured, but I cant find a similar one on Tomcat!!!
Thanks in advance

Thanks a million for the answer, I have got it working now, but I had to do something a little different for any one else who experiances this problem I'll go through it... I set an attribute in the context which was named the the value of the current session id and contianed the session object. Then when leaving the login handeling in my dispatcher servlet I apended the session id to the url of the next jsp called. In this jsp then I retrived the "secure session" object from the context, this so far is what you suggested.
But then I had to loop through "non secure session" object's attributes and set them in the "non secure session" object, that is I was not just able to reset the "non secure session" object equal to the "secure session" object as when I went on to the next page it was reset to the "non secure session" object again!
The fact that the session object is changed when moving between http and https is (according to Tomcat buglist) a bug of Tomcat 4.1 and did not occur in tomcat 3.2

Sync config between active and standby CSM

Is there a way to sync config between active and standby CSMs? Just as one that in CSS.
How about two SSL Service module in two different 6500 chassis?
Thanks.

HI,
there is right now no command to commit redundancy between two CSM-Modules. Maybe in the future there will be one. Okay in regards of sync the only way is to check for redundancy is the show mod csm x ft command. But be aware that some slight differences like a real not being in service are sometimes not recognized.
In regards of the SSLModule there is no way as far as I know to sync them. This won't be present in the future in my opinion as there are certificates which require a password or something like that and one won't be able to do redundncy without those passwords. So In my opinion no way to sync two SSL-Module because of security issues.
Kind regards,
Joerg

JSF / Switch between HTTP and HTTPS

Hello!
I want to switch between HTTP and HTTPS using JSF.
Under Apache Struts framework I can use struts extension "sslext.jar" to configure switching between http and https in one web application.
e.g. Login-jsp should be secured, all other jsp's should run unsecured.
Any ideas?
regards
Harald.

Thanks,
I made the necessary enhancement for the second phase, password confirmation required when return to SSL zone after leaving it after a succesful login.
I did the following:
1) create a class in the application scope and/or singleton class with the servlet paths that require SSL
2) create a plugin that reads ActionConfigs from the ModuleConfig
3) create a filter that sets a request scope flag that says that password must re-entered.
Code Extracts:
1) MainshopContainer application level parameter singleton class:
private static HashMap sslZoneMap = new HashMap(50); // key = servlet path of request, example /login.do
public boolean isInSSLZone(String servletPath)
return this.sslZoneMap.containsKey(servletPath);
public void addToSSLZone(String servletPath)
this.sslZoneMap.put(servletPath,null);
public int getNumberOfActionsInSSLZone()
return this.sslZoneMap.size();
2) Struts plugin
add a call to loadSSLZoneMap in plugin init method:
loadSSLZoneMap(config, mainshopContainer);
private void loadSSLZoneMap(ModuleConfig config, MainshopContainer mainshopContainer)
throws ServletException
try {
ActionConfig[] actionConfigs = config.findActionConfigs();
for (int i = 0; i < actionConfigs.length; i++)
if (actionConfigs.getParameter().indexOf("/jsp/account/") < 0) // /account/* = URL path for SSL zone
// not found = not ssl zone
System.out.println("loadSSLZoneMap, following actionConfigs excluded from SSL Zone: "+actionConfigs[i].getPath());
else
// found = ssl zone
String servletPath = actionConfigs[i].getPath()+".do";
mainshopContainer.addToSSLZone(servletPath);
System.out.println("loadSSLZoneMap, following servletPath added to SSL Zone: "+servletPath);
System.out.println("loadSSLZoneMap, number of actions in SSL Zone: "+mainshopContainer.getNumberOfActionsInSSLZone());
catch (Exception ex)
ex.printStackTrace();
throw new ServletException("Exception caught in loadSSLZoneMap: "+ex.toString()+" Initialization aborted.",ex);
3)
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String servletPath = req.getServletPath();
boolean secure= this.mainshopContainer.isInSSLZone(servletPath);
The wole picture:
The filter adds a RequestDTO object that includes all request parameters, one of them is the secure flag.
I have a session scope class UserContainer that includes all the session parameters, one of them is the lastRequestDTO.(last made request)
At the end of all my jsp's I set the lastRequestDTO variable.
In that method I set the passwordConfirmationRequired flag if needed:
public void setLastRequestDTO(RequestDTO _lastRequestDTO)
if (this.lastRequestDTO != null && this.lastRequestDTO.isSecure() != _lastRequestDTO.isSecure())
this.setPasswordConfirmationRequired(true);
this.lastRequestDTO = _lastRequestDTO;
I read the passwordConfirmationRequired in all my jsp's in the SSL zone that allow editing or deleting and if that flag is true, a valid password must be re-entered in order to make the updates.
When the password is OK I reset the passwordConfirmationRequired to false.
I need some help for the first phase, that is SSL setup for all actions related to jsp's with url path /account/*
I tought I could define it in the web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>All Account Related Pages</web-resource-name>
<url-pattern>/account/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
but that doesn't work and finnaly understood why:
Example: /WEB-INF/jsp/account/login.jsp corresponds to /login.do
The url pattern /account/* at the container level is never encountered.
Is it allowed to declare the following action path: /account/login instead of /login?
If yes I could add following prefix /account to all my action paths and forward paths and this could resolve my problem.
What's your opinion?
If no, would your library resolve this?
Will all the Struts/JSP/JSTL url generating tags pick-up the required protocol (http/https) according to your configuration file?
Regards
Fred

Differenct between SNC and SSL

Similar Messages

Maybe you are looking for