Display authentication for proxy in proxy chain
Hi all,
I am a beginner to using proxies, so please bear with me. I am currently trying to set up a forward proxy using Sun Java Web Proxy System (SJSWPS) 4.0.7 to connect to another proxy, i.e. proxy chaining. The other proxy requires username and password authentication. For ease of description, I'll name that other proxy as Proxy A. The logical flow is as shown below.
PC ----> SJSWPS -----> Proxy A (requires basic authentication) ---> Internet
Is there any way to configure SJSWPS to display the authentication screen for Proxy A? The authentication screen is similar to the one used for basic authentication to access Administration Server of SJSWPS. Currently, SJSWPS just return 403 forbidden error instead of displaying the authentication screen.
Can anyone please help? Thanks in advance!
Edited by: test012030123 on Jun 3, 2009 12:56 AM
Edited by: test012030123 on Jun 3, 2009 1:03 AM
You have to edit your obj.conf and add the following entry to the object section which has the chaining instructions to proxyA.
ObjectType fn="forward-proxy-auth"
Similar Messages
-
Authentication for methods in proxy
hello everybody,
i created a Abap proxy using Integration Directory Programming Interface WSDL (API) for modify in massive way my comunication channell on XI 3.0.
I created my report following this blog:
/people/alessandro.frontini/blog/2008/10/20/using-the-communication-channel-web-service-with-abap-a-sample-report
All work fine but everytime in my report is called a method, they ask me authentication.
It's possible disable authentication? or set it on code?
Thanks in advance
AlexGe,
You misinterpreted my answer a bit.
1. Create own subclass of RuntimeException so you may distinguish your exceptions and standard ones like NullPointerException, ArrayIndexOutOfBoundsException:
public class GeRuntimeException extends RuntimeException {
public GeRuntimeException(final String message) { super(message); }
public GeRuntimeException(final Throwable cause) { super(cause); }
public GeRuntimeException(final String message, final Throwable cause) { super(message, cause); }
2. Next create concrete sublcasses of your superclass:
public class GeSecurityException extends GeRuntimeException {
public class GeDatabaseException extends GeRuntimeException {
public GeDatabaseException(final java.sql.Exception cause) { super(cause); }
3. Typical code pattern that throws your exception:
final PreparedStatement pstmt = ...;
try {
pstmt.setInt(1, 0);
pstmt.setString(2, "String param");
pstmt.executeUpdate();
} catch (final SQLException ex) {
throw new GeDatabaseException(ex);
4. Typical code pattern that handle exception:
try {
wdThis.wdGetOtherController().makeDatabaseCall();
} catch (final GeDatabaseException ex) {
wdComponentAPI.getMessageManager().reportException(
new WDNonFatalException( ex.getCause() ), false
return;
} catch (final GeRuntimeException ex) {
wdComponentAPI.getMessageManager().reportError("Unexpected failure");
return;
/* Some other code if no exception */
Notice that code above does not catch generic RuntimeException, only your sublcasses.
Valery Silaev
SaM Solutions
http://www.sam-solutions.net -
ASA - cut through proxy authentication for RDP?
I know how to set this up on a router (dynamic access-list - lock and key)... But, I'm having trouble understanding how to setup OUTSIDE to INSIDE cut through proxy authentication for RDP.
OUTSIDE to INSIDE RDP is currently working.
I have 2 servers I want RDP open for..
[*]OUTSIDE 1.1.1.1 to INSIDE 10.10.70.100
[*]OUTSIDE 1.1.1.2 to INSIDE 10.10.50.200
What's required for OUTSIDE users to authenticate on the ASA before allowing port 3389 opens? I was hoping for is a way to SSH into this ASA, login with a special user, then have the ASA add a dynamic ACE on the OUTSISE interface to open 3389 for a designated time limit. Is this possible?
Here is my current config.
[code]
ASA Version 8.2(5)
hostname ASA5505
names
name 10.10.0.0 LANTraffic
name 10.10.30.0 SALES
name 10.10.40.0 FoodServices
name 10.10.99.0 Management
name 10.10.20.0 Office
name 10.10.80.0 Printshop
name 10.10.60.0 Regional
name 10.10.70.0 Servers
name 10.10.50.0 ShoreTel
name 10.10.100.0 Surveillance
name 10.10.90.0 Wireless
interface Ethernet0/0
description TO INTERNET
switchport access vlan 11
interface Ethernet0/1
description TO INSIDE 3560X
switchport access vlan 10
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
no nameif
security-level 50
no ip address
interface Vlan10
description Cisco 3560x
nameif INSIDE
security-level 100
ip address 10.10.1.1 255.255.255.252
interface Vlan11
description Internet Interface
nameif OUTSIDE
security-level 0
ip address 1.1.1.1 255.255.255.224
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup OUTSIDE
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 4.2.2.2
domain-name test.local
access-list RDP-INBOUND extended permit tcp any host 1.1.1.1 eq 3389
access-list RDP-INBOUND extended permit tcp any host 1.1.1.2 eq 3389
pager lines 24
logging enable
logging timestamp
logging trap warnings
logging device-id hostname
logging host INSIDE 10.10.70.100
mtu INSIDE 1500
mtu OUTSIDE 1500
ip verify reverse-path interface OUTSIDE
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
global (OUTSIDE) 1 interface
nat (INSIDE) 1 LANTraffic 255.255.0.0
static (INSIDE,OUTSIDE) tcp interface 3389 10.10.70.100 3389 netmask 255.255.255.255
static (INSIDE,OUTSIDE) tcp 1.1.1.2 3389 10.10.50.200 3389 netmask 255.255.255.255
access-group RDP-INBOUND in interface OUTSIDE
route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1 1
route INSIDE LANTraffic 255.255.0.0 10.10.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http Management 255.255.255.0 INSIDE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 10.10.70.100 255.255.255.255 INSIDE
ssh Management 255.255.255.0 INSIDE
ssh 0.0.0.0 0.0.0.0 OUTSIDE
ssh timeout 5
ssh version 2
console timeout 0
threat-detection basic-threat
threat-detection scanning-threat shun
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
username scott password CNjeKgq88PLZXETE encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1e9d278ce656f22829809f4c46b04a07
: end
[/code]You're running ASA 8.2(5). In 8.4(2) Cisco added support for what they call Identity Firewall rules. That is, you can make access-lists entries specific to users (or object groups containing users).
There's an overview document on this posted here. It's a bit dated but I believe the only change is that Cisco is now preferring use of the more current Context Directory Agent (CDA) - a free VM they provide - vs. the deprecated AD agent (software service that runs on your DC). -
Sharepoint authentication via NTLM from proxy OSB service
Hello all ,
I want to reopen again this point of NTLM authentication for OSB to IIS/Microsoft .
So we follow all the recomandation until now regarding Authenticator and open URL .
The problem is that - webservice client generated from SharePoint wsdl - runs ok from java enviroment (Jdeveloper , Eclipse ) with Authenticator class set .
But when we move on OSB - and made a proxy service that made the java call out to one of client method the response is 401 - not authorized .
Any new hints ?
What can be wrong ?
Many thanks in advance ,
StefanAny way how can I see the error messages also in the log of OSBYou may use sysout's in Java code to print information on Standard out. You may also utilize server logging service-
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13739/logging_services.htm#CJAGBADA
enable some http monitor to see what happened behind - and where credentials are lost .You may use any network packet analyzer.
Regards,
Anuj -
What is package structure for Client ABAP Proxy?
1. What is the package structure need to be followed for creating abap client proxy.
2. I read some where in the form, it need to be 4 levels. Why is it?
Thank you
Ganges LeavesHi
U hav to create a 4 level package structure for client ABAP proxy.
U can create ur on packages
1st level-structure package.
2nd level-main package.
3rd and 4th level-sub packages.
To the 4th level only u hav to create proxy.
The classes and code wil be automatically generated at the time of proxy creation.
I think the 4 level structure bcz while in r/3 everythin in integration builder like software component version and all wil be takin as different levels.
Also u can go through the weblogs in the above replies u got.
Regards
Victoria. -
Error in scenario for client Java Proxy
2006-04-28 15:30:49 Success Java proxy runtime (JPR) is transferring the request message to the messaging System
2006-04-28 15:30:49 Success Application attempting to send an XI message synchronously using connection JPR.
2006-04-28 15:30:49 Success Trying to put the message into the call queue.
2006-04-28 15:30:49 Success Message successfully put into the queue.
2006-04-28 15:30:49 Success The message was successfully retrieved from the call queue.
2006-04-28 15:30:49 Success The message status set to DLNG.
2006-04-28 15:30:50 Error Received XI System Error. ErrorCode: NO_RECEIVER_CASE_BE ErrorText: ErrorStack: No receiver could be determined
2006-04-28 15:30:50 Error Returning synchronous error notification to calling application: XIServer:NO_RECEIVER_CASE_BE:.
2006-04-28 15:30:50 Error Transmitting the message using connection http://<SERVER>:<PORT>/sap/xi/engine?type=entry failed, due to: XIServer:NO_RECEIVER_CASE_BE:.
2006-04-28 15:30:50 Error The message status set to FAIL.
2006-04-28 15:30:50 Error Returning to application. Exception: XIServer:NO_RECEIVER_CASE_BE:
2006-04-28 15:30:50 Error JPR failed to transfer the request message to the messaging system. Reason: XIServer:NO_RECEIVER_CASE_BE:
I am getting this in the audit log for a Java Proxy <> XI <> RFC scenario. What could be the problem?
the configuration in integration directory seems to be perfectly fine however the message flow fails giving this error <b>NO_RECEIVER_CASE_BE</b>
Regards,
AmolHI Amol,
Did you check the Message type/Message Inetrface names in the Java Proxy ?
Also check for Receiever Determinations in the configuration.
I assume that , you have created the Communication Channel under the Business System created as Standalone Java System.. If not check this.
Go to SXI_CACHE and check for the Receiever Determination created in the Configuration...
Hope this helps,
regards,
Moorthy -
Keeps asking for username password proxy server
When i start Firefox 8 at work, Firefox keeps asking for username and password. I have fild in the network settings to not use a proxyserver for: 150.0.*;12.0.*.
Now the startpage of Firefox is our ourIntranet which is: http://ourintranet (which has a ip example: 150.0.2.3
So what i want to do is: use proxy except for this ip: xxxxxxxx, because this ip is http:\\ourintranet
Now i cannot go to http:\\ourintranet because he keeps asking for password.I'm not sure why it's not working. I think Firefox looks in the hosts file and then the configured/automatic DNS server for address resolution, in that order. To specify otherwise (for eg. a proxy for address resolution) the [http://kb.mozillazine.org/Network.proxy.socks_remote_dns network.proxy.socks_remote_dns] in [http://kb.mozillazine.org/About:config about:config] has to be set to true.
You can also check in a [https://support.mozilla.org/en-US/kb/Managing-profiles new profile]. A new profile would have the default settings and wouldn't usually have any installed extensions and would be clean. You can try then try the proxy settings.
The 150.0.2.0/24 should work (24 bits for the network with 254 addresses - http://www.subnet-calculator.com/cidr.php) unless perhaps the network is super-netted in which case you can also try the supernet prefix instead of /24. -
What to in SLD (Business and Technical sys)for Java server Proxy?
I am using java server proxy for communicating with XI.
I have HTTP as sender comm channel and XI as Receiver comm channel and this is the error i got in SXMB_MONI.
What to give in SLD for java Server proxy, i have given Web as Java.....is this what the error says.Help is highly appreciated.
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- <!-- Request Message Mapping
-->
- <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="">
<SAP:Category>Application</SAP:Category>
<SAP:Code area="MAPPING">EXCEPTION_DURING_EXECUTE</SAP:Code>
<SAP:P1>com/sap/xi/tf/_Folder_MM_</SAP:P1>
<SAP:P2>com.sap.aii.utilxi.misc.api.BaseRuntimeException</SAP:P2>
<SAP:P3>Fatal Error: com.sap.engine.lib.xml.parser.Parser~</SAP:P3>
<SAP:P4 />
<SAP:AdditionalText />
<SAP:ApplicationFaultMessage namespace="" />
<SAP:Stack>Während des Anwendungs-Mappings com/sap/xi/tf/_Folder_MM_ wurde eine com.sap.aii.utilxi.misc.api.BaseRuntimeException geworfen: Fatal Error: com.sap.engine.lib.xml.parser.Parser~.</SAP:Stack>
<SAP:Retry>M</SAP:Retry>
</SAP:Error>
=====================
ThanksHi,
Refer this configuration guide:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/ac6de690-0201-0010-54ac-8923089dcc97
Refer these too:
Java Proxy Inside Story Part I
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/a068cf2f-0401-0010-2aa9-f5ae4b2096f9
Java Proxy Inside Story Part II
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/f272165e-0401-0010-b4a1-e7eb8903501d
Regards
suraj
Message was edited by: S.R.Suraj
Message was edited by: S.R.Suraj -
Abap report for calling abap proxy?
why do we need to write abap report for calling abap proxy? i mean what's the use of abap report and what are the things inside the report ...please give me details about abap report.
Hi,
In SPROXY for your outbound interface you generate the proxy class.
The ABAP report is used to fill the data from the ABAP tables and then trigger the call to XI using this class.
Look into the code in this blog and check what is done,. The data is filled in the report and then the call is made to XI using an object of the class created in SPROXY using the EXECUTE_ASYNCHRONOUS method.
/people/ravikumar.allampallam/blog/2005/03/14/abap-proxies-in-xiclient-proxy
Regards
Bhavesh -
Display components for process chains
Hi all,
i remember a sap note or a how to guide to configure the display components for process chains as hierarchy like:
- my chains
- daily
- weekly
- monthly
- monthly admin
- monthly xyz
but right now i find no information about that.
Do you?
thanks for your help.Hi,
Check below threads -
Change the Directory of a Process chain.
Process chain: Moving chain from one u0093folderu0094 to the other
AleX -
How do you stop my iphone keep asking for my works proxy server name and password
how do you stop my iphone keep asking for my works proxy server name and password
Having been in IT for close to 30 years what they actually thought was, "whether you can connect your phone to our network isn't out problem, please go away".
They don't want to troubleshoot it. And, honestly, if it's your personal phone, they shouldn't have to. it's not their problem unless their boss says it is. -
Revision: 3048
Author: [email protected]
Date: 2008-08-29 15:40:17 -0700 (Fri, 29 Aug 2008)
Log Message:
Always map urls through the rootURL property, even for the non-proxy case. This might
change the behavior slightly if you set rootURL on HTTPService for the non-proxy case
as that would have been ignored in the current code path but it seem less consistent.
If rootURL is not set, it defaults to the swf's URL which should give the same relative
URL semantics we get today by default when rootURL is not set.
blazeDS checkintests pass
Modified Paths:
flex/sdk/trunk/frameworks/projects/rpc/src/mx/rpc/http/AbstractOperation.asOf the second and third scripts, the latter could perhaps be deemed the "most secure"; however, it might block more than you want. If you really want to use one of those, then I'd suggest using the second script. Otherwise, I'd recommend that you take a look here. (I only slightly examined the first script.... I do not understand the language of the comments, and I'm no iptables whiz. )
Also, note that you don't have to use an actual script to set up the rules; rather, you can save the rules you want to a file that will be read by iptables automatically (/etc/iptables/iptables.rules). Here's a modified version of mine:
# /etc/iptables/iptables.rules
# These rules (and the commented instructions) derived from:
# http://ubuntuforums.org/showthread.php?t=159661
*nat
:PREROUTING ACCEPT [163:50538]
:POSTROUTING ACCEPT [40:2451]
:OUTPUT ACCEPT [40:2451]
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:FIREWALL - [0:0]
:TRUSTED - [0:0]
-A INPUT -j FIREWALL
-A FORWARD -j DROP
-A FIREWALL -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FIREWALL -i lo -j ACCEPT
-A FIREWALL -j TRUSTED
-A FIREWALL -j DROP
# put your own exceptions here, like so (replacing <tcp/udp> with either "tcp" or
# "udp" -- minus the quotes -- and <port number> with the port you'd like to open):
# -A TRUSTED -p <tcp/udp> -m <tcp/udp> --dport <port number> -j ACCEPT
COMMIT
Of course, there are benefits to keeping the rules in a script. For instance, you could then easily set the default iptables rules, allow all traffic, etc. Plus, some firewall-related things (such as the various echo commands in the scripts you provided) cannot (to my knowledge) be done by iptables alone.
If you already have a script that sets up the rules you would like to use, you can save yourself the hassle of creating a rules file by following the directions outlined here.
Last edited by ssjlegendx (2008-08-06 20:17:00) -
Manual failover solution for a custom proxy service that should be deployed
I am looking for a manual failover solution for a custom proxy service that should be deployed on a cluster as a pinned service (requests have to be executed one after the other). The constraints I am encountering are:
a) Proxy service are deployed to all cluster's members by default.
b) Configuration of proxy services to cope with migration of JMS ressources.
Any idea?
Thanks in advance for your support
Fredhi leroy,
this is the OracleAS Portal Content Management forum. Please post your question in the Database forum
General Database Discussions
thanks,
christian -
How tune flash player 9 for use with proxy
I use me browser with proxy. But flash player, when i show
yourtube etc, use direct connection and not use proxy server. How
tune flash player (last fersion, 9) for use with proxy. I want what
all traffic go over proxyWill alienate? They've already alienated users a long time
ago. That isn't the point, though, because it doesn't matter if
users are alienated, it only matters if the users need flash.
The only thing that could make flash player better is open
source. I don't see why they don't do it. They make money on the
authoring tool, not the player. All of my Linux machines are ppc
and x86_64, no flash there. I also don't have flash on my PDA, a
Palm T|X. If the player was open sourced, people would stop
complaining about how much flash sucks -- because, right now, there
are very serious, legitimate, complaints against it.
Anyway, for now I'm hoping that SVG matures quickly.
Although, I"m sure that once Adobe sees that train coming, they
will extend Flash (dev.) to export SVG movies containing embedded
binary data that can only play with their binary plugin. -
Fore Front TMG proxy not allowing SharePoint Office Web App
Hi Everyone,
We are deploying Share Point server 2013 in a week days. we set all things ready to move for live and suddenly we are facing a problem with fore front TMG proxy server. we completely using this Share Point server for internal usage only and completely not
for external networks.
When we open SharePoint Office Web App in IE/Chrome with out any proxy it was working quiet good. But with proxy settings, we can able to log-in to the page and see the contents of the site, but couldn't able to open/edit the documents.
When we open the same SharePoint Office Web App in Firefox with proxy settings, It was not even able to go to the log-in page. Firefox completely blocking this SharePoint site with proxy setting and working good without proxy settings
we are using both ISA 2006 server and Forefront 2010 in our farm. please find the version details.
Forefront Threat Management Gateway Microsoft Corporation version: 7.0.7734.100 ,
Microsoft ISA Server 2006 Microsoft Corporation version 5.0.5720.164
Please help me on this as soon as possible, what I need to do for ForeFront TMG server & ISA Server to allow open/edit the sharepoint office web app.Hi Sarath,
I would like to clarify the below as it will help others to provide solutions.
First Point is, What is the TMG Topology, Is it SecureNAT as well as Proxy for all the subnet from where you are trying to access the site.
Is your Site hosted internally Ie internal when looking from ISA, If SP is internal then the traffic should not hit ISA itself, Or is it hosted on DMZ interface of ISA ?
Your SP server IP / Gateway Details
Your Sharepoint URL
If this is different from AD domain name, Do you have a split DNS configured ?
Your TMG IP address.
If you have Proxy as ISA and gateway as other Firewall, check the block on gateway as well.
Maybe you are looking for
-
Is it possible to livestream from a web site? What pod to I use?
Is it possible to livestream from a web site? What pod to I use? I tried a Web Link and a Share pod but this doesn't appear to work. I'd like to livestream a time clock. Thanks
-
Photoshop Elements 6.0 / Editing using 'Adjust Sharpness'
After making the adjustments i.e., amount, radius, remove with Enhance>Adjust Sharpness and visually looking at the edits being applied to the image, when I then click OK, there's a few seconds of hesitation to apply the edits then the image will ine
-
Change text size in multiple titles
To me, iMovie's most glaring weaknesses seem to fall under its text handling abilities, despite all the glitzy swoopy things you can do. I have several screens of rolling titles in a project and last night I decided to change the text size. It's impo
-
My ipod wont install apps it says installing but nothing is happening
ive tried to install different apps on my ipod after i done an update on it and now its not installing them its been saying its waiting for more than 48 hours
-
I DON'T SEE THE NORTON SAFE ICON IN FIREFOX SEARCH RESULTS. i i DO WITH GOOGLE CHROME.
Missing Norton's icon from search results.