Display authentication for proxy in proxy chain

Hi all,
I am a beginner to using proxies, so please bear with me. I am currently trying to set up a forward proxy using Sun Java Web Proxy System (SJSWPS) 4.0.7 to connect to another proxy, i.e. proxy chaining. The other proxy requires username and password authentication. For ease of description, I'll name that other proxy as Proxy A. The logical flow is as shown below.
PC ----> SJSWPS -----> Proxy A (requires basic authentication) ---> Internet
Is there any way to configure SJSWPS to display the authentication screen for Proxy A? The authentication screen is similar to the one used for basic authentication to access Administration Server of SJSWPS. Currently, SJSWPS just return 403 forbidden error instead of displaying the authentication screen.
Can anyone please help? Thanks in advance!
Edited by: test012030123 on Jun 3, 2009 12:56 AM
Edited by: test012030123 on Jun 3, 2009 1:03 AM

You have to edit your obj.conf and add the following entry to the object section which has the chaining instructions to proxyA.
ObjectType fn="forward-proxy-auth"

Similar Messages

  • Authentication for methods in proxy

    hello everybody,
    i created a Abap proxy using Integration Directory Programming Interface WSDL (API) for modify in massive way my comunication channell on XI 3.0.
    I created my report following this blog:
    /people/alessandro.frontini/blog/2008/10/20/using-the-communication-channel-web-service-with-abap-a-sample-report
    All work fine but everytime in my report is called a method, they ask me authentication.
    It's possible disable authentication? or set it on code?
    Thanks in advance
    Alex

    Ge,
    You misinterpreted my answer a bit.
    1. Create own subclass of RuntimeException so you may distinguish your exceptions and standard ones like NullPointerException, ArrayIndexOutOfBoundsException:
    public class GeRuntimeException extends RuntimeException {
      public GeRuntimeException(final String message) { super(message); }
      public GeRuntimeException(final Throwable cause) { super(cause); }
      public GeRuntimeException(final String message, final Throwable cause) { super(message, cause); }
    2. Next create concrete sublcasses of your superclass:
    public class GeSecurityException extends GeRuntimeException {
    public class GeDatabaseException extends GeRuntimeException {
      public GeDatabaseException(final java.sql.Exception cause) { super(cause); }
    3. Typical code pattern that throws your exception:
    final PreparedStatement pstmt = ...;
    try {
      pstmt.setInt(1, 0);
      pstmt.setString(2, "String param");
      pstmt.executeUpdate();
    } catch (final SQLException ex) {
      throw new GeDatabaseException(ex);
    4. Typical code pattern that handle exception:
    try {
      wdThis.wdGetOtherController().makeDatabaseCall();
    } catch (final GeDatabaseException ex) {
      wdComponentAPI.getMessageManager().reportException(
        new WDNonFatalException( ex.getCause() ), false
      return;
    } catch (final GeRuntimeException ex) {
      wdComponentAPI.getMessageManager().reportError("Unexpected failure");
      return;
    /* Some other code if no exception */
    Notice that code above does not catch generic RuntimeException, only your sublcasses.
    Valery Silaev
    SaM Solutions
    http://www.sam-solutions.net

  • ASA - cut through proxy authentication for RDP?

    I know how to set this up on a router (dynamic access-list - lock and key)... But, I'm having trouble understanding how to setup OUTSIDE to INSIDE cut through proxy authentication for RDP.
    OUTSIDE to INSIDE RDP is currently working.
    I have 2 servers I want RDP open for..
    [*]OUTSIDE 1.1.1.1 to INSIDE 10.10.70.100
    [*]OUTSIDE 1.1.1.2 to INSIDE 10.10.50.200
    What's required for OUTSIDE users  to authenticate on the ASA before allowing port 3389 opens? I was hoping for is a way to SSH into this ASA, login with a special user, then have the ASA add a dynamic ACE on the OUTSISE interface to open 3389 for a designated time limit. Is this possible?
    Here is my current config.
    [code]
    ASA Version 8.2(5)
    hostname ASA5505
    names
    name 10.10.0.0 LANTraffic
    name 10.10.30.0 SALES
    name 10.10.40.0 FoodServices
    name 10.10.99.0 Management
    name 10.10.20.0 Office
    name 10.10.80.0 Printshop
    name 10.10.60.0 Regional
    name 10.10.70.0 Servers
    name 10.10.50.0 ShoreTel
    name 10.10.100.0 Surveillance
    name 10.10.90.0 Wireless
    interface Ethernet0/0
    description TO INTERNET
    switchport access vlan 11
    interface Ethernet0/1
    description TO INSIDE 3560X
    switchport access vlan 10
    interface Ethernet0/2
    shutdown
    interface Ethernet0/3
    shutdown
    interface Ethernet0/4
    shutdown
    interface Ethernet0/5
    shutdown
    interface Ethernet0/6
    shutdown
    interface Ethernet0/7
    shutdown
    interface Vlan1
    no nameif
    security-level 50
    no ip address
    interface Vlan10
    description Cisco 3560x
    nameif INSIDE
    security-level 100
    ip address 10.10.1.1 255.255.255.252
    interface Vlan11
    description Internet Interface
    nameif OUTSIDE
    security-level 0
    ip address 1.1.1.1 255.255.255.224
    ftp mode passive
    clock timezone PST -8
    clock summer-time PDT recurring
    dns domain-lookup OUTSIDE
    dns server-group DefaultDNS
    name-server 8.8.8.8
    name-server 4.2.2.2
    domain-name test.local
    access-list RDP-INBOUND extended permit tcp any host 1.1.1.1 eq 3389
    access-list RDP-INBOUND extended permit tcp any host 1.1.1.2 eq 3389
    pager lines 24
    logging enable
    logging timestamp
    logging trap warnings
    logging device-id hostname
    logging host INSIDE 10.10.70.100
    mtu INSIDE 1500
    mtu OUTSIDE 1500
    ip verify reverse-path interface OUTSIDE
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-645.bin
    no asdm history enable
    arp timeout 14400
    global (OUTSIDE) 1 interface
    nat (INSIDE) 1 LANTraffic 255.255.0.0
    static (INSIDE,OUTSIDE) tcp interface 3389 10.10.70.100 3389 netmask 255.255.255.255
    static (INSIDE,OUTSIDE) tcp 1.1.1.2 3389 10.10.50.200 3389 netmask 255.255.255.255
    access-group RDP-INBOUND in interface OUTSIDE
    route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1 1
    route INSIDE LANTraffic 255.255.0.0 10.10.1.2 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    aaa authentication http console LOCAL
    http server enable
    http Management 255.255.255.0 INSIDE
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet timeout 5
    ssh 10.10.70.100 255.255.255.255 INSIDE
    ssh Management 255.255.255.0 INSIDE
    ssh 0.0.0.0 0.0.0.0 OUTSIDE
    ssh timeout 5
    ssh version 2
    console timeout 0
    threat-detection basic-threat
    threat-detection scanning-threat shun
    threat-detection statistics access-list
    threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
    webvpn
    username scott password CNjeKgq88PLZXETE encrypted privilege 15
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect ip-options
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip
      inspect xdmcp
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:1e9d278ce656f22829809f4c46b04a07
    : end
    [/code]

    You're running ASA 8.2(5). In 8.4(2) Cisco added support for what they call Identity Firewall rules. That is, you can make access-lists entries specific to users (or object groups containing users).
    There's an overview document on this posted here. It's a bit dated but I believe the only change is that Cisco is now preferring use of the more current Context Directory Agent (CDA) - a free VM they provide - vs. the deprecated AD agent (software service that runs on your DC).

  • Sharepoint authentication via NTLM from proxy OSB service

    Hello all ,
    I want to reopen again this point of NTLM authentication for OSB to IIS/Microsoft .
    So we follow all the recomandation until now regarding Authenticator and open URL .
    The problem is that - webservice client generated from SharePoint wsdl - runs ok from java enviroment (Jdeveloper , Eclipse ) with Authenticator class set .
    But when we move on OSB - and made a proxy service that made the java call out to one of client method the response is 401 - not authorized .
    Any new hints ?
    What can be wrong ?
    Many thanks in advance ,
    Stefan

    Any way how can I see the error messages also in the log of OSBYou may use sysout's in Java code to print information on Standard out. You may also utilize server logging service-
    http://download.oracle.com/docs/cd/E14571_01/web.1111/e13739/logging_services.htm#CJAGBADA
    enable some http monitor to see what happened behind - and where credentials are lost .You may use any network packet analyzer.
    Regards,
    Anuj

  • What is package structure for Client ABAP Proxy?

    1.     What is the package structure need to be  followed for creating abap client proxy.
    2.     I read some where in the form, it need to be 4 levels. Why is it?
    Thank you
    Ganges Leaves

    Hi
    U hav to create a 4 level package structure for client ABAP proxy.
    U can create ur on packages
    1st level-structure package.
    2nd level-main package.
    3rd and 4th level-sub packages.
    To the 4th level only u hav to create proxy.
    The classes and code wil be automatically generated at the time of proxy creation.
    I think the 4 level structure bcz while in r/3 everythin in integration builder like software component version and all wil be takin as different levels.
    Also u can go through the weblogs in the above replies u got.
    Regards
    Victoria.

  • Error in scenario for client Java Proxy

    2006-04-28 15:30:49 Success Java proxy runtime (JPR) is transferring the request message to the messaging System
    2006-04-28 15:30:49 Success Application attempting to send an XI message synchronously using connection JPR.
    2006-04-28 15:30:49 Success Trying to put the message into the call queue.
    2006-04-28 15:30:49 Success Message successfully put into the queue.
    2006-04-28 15:30:49 Success The message was successfully retrieved from the call queue.
    2006-04-28 15:30:49 Success The message status set to DLNG.
    2006-04-28 15:30:50 Error Received XI System Error. ErrorCode: NO_RECEIVER_CASE_BE ErrorText: ErrorStack: No receiver could be determined 
    2006-04-28 15:30:50 Error Returning synchronous error notification to calling application: XIServer:NO_RECEIVER_CASE_BE:.
    2006-04-28 15:30:50 Error Transmitting the message using connection http://<SERVER>:<PORT>/sap/xi/engine?type=entry failed, due to: XIServer:NO_RECEIVER_CASE_BE:.
    2006-04-28 15:30:50 Error The message status set to FAIL.
    2006-04-28 15:30:50 Error Returning to application. Exception: XIServer:NO_RECEIVER_CASE_BE:
    2006-04-28 15:30:50 Error JPR failed to transfer the request message to the messaging system. Reason: XIServer:NO_RECEIVER_CASE_BE:
    I am getting this in the audit log for a Java Proxy <> XI <> RFC scenario. What could be the problem?
    the configuration in integration directory seems to be perfectly fine however the message flow fails giving this error <b>NO_RECEIVER_CASE_BE</b>
    Regards,
    Amol

    HI Amol,
    Did you check the Message type/Message Inetrface names in the Java Proxy ?
    Also check for Receiever Determinations in the configuration.
    I assume that , you have created the Communication Channel under the Business System created as Standalone Java System.. If not check this.
    Go to SXI_CACHE and check for the Receiever Determination created in the Configuration...
    Hope this helps,
    regards,
    Moorthy

  • Keeps asking for username password proxy server

    When i start Firefox 8 at work, Firefox keeps asking for username and password. I have fild in the network settings to not use a proxyserver for: 150.0.*;12.0.*.
    Now the startpage of Firefox is our ourIntranet which is: http://ourintranet (which has a ip example: 150.0.2.3
    So what i want to do is: use proxy except for this ip: xxxxxxxx, because this ip is http:\\ourintranet
    Now i cannot go to http:\\ourintranet because he keeps asking for password.

    I'm not sure why it's not working. I think Firefox looks in the hosts file and then the configured/automatic DNS server for address resolution, in that order. To specify otherwise (for eg. a proxy for address resolution) the [http://kb.mozillazine.org/Network.proxy.socks_remote_dns network.proxy.socks_remote_dns] in [http://kb.mozillazine.org/About:config about:config] has to be set to true.
    You can also check in a [https://support.mozilla.org/en-US/kb/Managing-profiles new profile]. A new profile would have the default settings and wouldn't usually have any installed extensions and would be clean. You can try then try the proxy settings.
    The 150.0.2.0/24 should work (24 bits for the network with 254 addresses - http://www.subnet-calculator.com/cidr.php) unless perhaps the network is super-netted in which case you can also try the supernet prefix instead of /24.

  • What to in SLD (Business and Technical sys)for Java server Proxy?

    I am using java server proxy for communicating with XI.
    I have HTTP as sender comm channel and XI as Receiver comm channel and this is the error i got in SXMB_MONI.
    What to give in SLD for java Server proxy, i have given Web as Java.....is this what the error says.Help is highly appreciated.
    <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
    - <!--  Request Message Mapping
      -->
    - <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="">
      <SAP:Category>Application</SAP:Category>
      <SAP:Code area="MAPPING">EXCEPTION_DURING_EXECUTE</SAP:Code>
      <SAP:P1>com/sap/xi/tf/_Folder_MM_</SAP:P1>
      <SAP:P2>com.sap.aii.utilxi.misc.api.BaseRuntimeException</SAP:P2>
      <SAP:P3>Fatal Error: com.sap.engine.lib.xml.parser.Parser~</SAP:P3>
      <SAP:P4 />
      <SAP:AdditionalText />
      <SAP:ApplicationFaultMessage namespace="" />
      <SAP:Stack>Während des Anwendungs-Mappings com/sap/xi/tf/_Folder_MM_ wurde eine com.sap.aii.utilxi.misc.api.BaseRuntimeException geworfen: Fatal Error: com.sap.engine.lib.xml.parser.Parser~.</SAP:Stack>
      <SAP:Retry>M</SAP:Retry>
      </SAP:Error>
    =====================
    Thanks

    Hi,
    Refer this configuration guide:
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/ac6de690-0201-0010-54ac-8923089dcc97
    Refer these too:
    Java Proxy Inside Story Part I
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/a068cf2f-0401-0010-2aa9-f5ae4b2096f9
    Java Proxy Inside Story Part II
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/f272165e-0401-0010-b4a1-e7eb8903501d
    Regards
    suraj
    Message was edited by: S.R.Suraj
    Message was edited by: S.R.Suraj

  • Abap report for calling abap proxy?

    why do we need  to write abap report for calling abap proxy? i mean what's the use of abap report and what are the things inside the report ...please give me details about abap report.

    Hi,
    In SPROXY for your outbound interface you generate the proxy class.
    The ABAP report is used to fill the data from the ABAP tables and then trigger the call to XI using this class.
    Look into the code in this blog and check what is done,. The data is filled in the report and then the call is made to XI using an object of the class created in SPROXY using the EXECUTE_ASYNCHRONOUS method.
    /people/ravikumar.allampallam/blog/2005/03/14/abap-proxies-in-xiclient-proxy
    Regards
    Bhavesh

  • Display components for process chains

    Hi all,
    i remember a sap note or a how to guide to configure the display components for process chains as hierarchy like:
    - my chains
        - daily
        - weekly
        - monthly
             - monthly admin
             - monthly xyz
    but right now i find no information about that.
    Do you?
    thanks for your help.

    Hi,
    Check below threads -
    Change the Directory of a Process chain.
    Process chain: Moving chain from one u0093folderu0094 to the other
    AleX

  • How do you stop my iphone keep asking for my works proxy server name and password

    how do you stop my iphone keep asking for my works proxy server name and password

    Having been in IT for close to 30 years what they actually thought was, "whether you can connect your phone to our network isn't out problem, please go away".
    They don't want to troubleshoot it. And, honestly, if it's your personal phone, they shouldn't have to. it's not their problem unless their boss says it is.

  • [svn] 3048: Always map urls through the rootURL property, even for the non-proxy case.

    Revision: 3048
    Author: [email protected]
    Date: 2008-08-29 15:40:17 -0700 (Fri, 29 Aug 2008)
    Log Message:
    Always map urls through the rootURL property, even for the non-proxy case. This might
    change the behavior slightly if you set rootURL on HTTPService for the non-proxy case
    as that would have been ignored in the current code path but it seem less consistent.
    If rootURL is not set, it defaults to the swf's URL which should give the same relative
    URL semantics we get today by default when rootURL is not set.
    blazeDS checkintests pass
    Modified Paths:
    flex/sdk/trunk/frameworks/projects/rpc/src/mx/rpc/http/AbstractOperation.as

    Of the second and third scripts, the latter could perhaps be deemed the "most secure"; however, it might block more than you want. If you really want to use one of those, then I'd suggest using the second script. Otherwise, I'd recommend that you take a look here. (I only slightly examined the first script.... I do not understand the language of the comments, and I'm no iptables whiz. )
    Also, note that you don't have to use an actual script to set up the rules; rather, you can save the rules you want to a file that will be read by iptables automatically (/etc/iptables/iptables.rules). Here's a modified version of mine:
    # /etc/iptables/iptables.rules
    # These rules (and the commented instructions) derived from:
    # http://ubuntuforums.org/showthread.php?t=159661
    *nat
    :PREROUTING ACCEPT [163:50538]
    :POSTROUTING ACCEPT [40:2451]
    :OUTPUT ACCEPT [40:2451]
    COMMIT
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :FIREWALL - [0:0]
    :TRUSTED - [0:0]
    -A INPUT -j FIREWALL
    -A FORWARD -j DROP
    -A FIREWALL -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FIREWALL -i lo -j ACCEPT
    -A FIREWALL -j TRUSTED
    -A FIREWALL -j DROP
    # put your own exceptions here, like so (replacing <tcp/udp> with either "tcp" or
    # "udp" -- minus the quotes -- and <port number> with the port you'd like to open):
    # -A TRUSTED -p <tcp/udp> -m <tcp/udp> --dport <port number> -j ACCEPT
    COMMIT
    Of course, there are benefits to keeping the rules in a script. For instance, you could then easily set the default iptables rules, allow all traffic, etc. Plus, some firewall-related things (such as the various echo commands in the scripts you provided) cannot (to my knowledge) be done by iptables alone.
    If you already have a script that sets up the rules you would like to use, you can save yourself the hassle of creating a rules file by following the directions outlined here.
    Last edited by ssjlegendx (2008-08-06 20:17:00)

  • Manual failover solution for a custom proxy service that should be deployed

    I am looking for a manual failover solution for a custom proxy service that should be deployed on a cluster as a pinned service (requests have to be executed one after the other). The constraints I am encountering are:
    a) Proxy service are deployed to all cluster's members by default.
    b) Configuration of proxy services to cope with migration of JMS ressources.
    Any idea?
    Thanks in advance for your support
    Fred

    hi leroy,
    this is the OracleAS Portal Content Management forum. Please post your question in the Database forum
    General Database Discussions
    thanks,
    christian

  • How tune flash player 9 for use with proxy

    I use me browser with proxy. But flash player, when i show
    yourtube etc, use direct connection and not use proxy server. How
    tune flash player (last fersion, 9) for use with proxy. I want what
    all traffic go over proxy

    Will alienate? They've already alienated users a long time
    ago. That isn't the point, though, because it doesn't matter if
    users are alienated, it only matters if the users need flash.
    The only thing that could make flash player better is open
    source. I don't see why they don't do it. They make money on the
    authoring tool, not the player. All of my Linux machines are ppc
    and x86_64, no flash there. I also don't have flash on my PDA, a
    Palm T|X. If the player was open sourced, people would stop
    complaining about how much flash sucks -- because, right now, there
    are very serious, legitimate, complaints against it.
    Anyway, for now I'm hoping that SVG matures quickly.
    Although, I"m sure that once Adobe sees that train coming, they
    will extend Flash (dev.) to export SVG movies containing embedded
    binary data that can only play with their binary plugin.

  • Fore Front TMG proxy not allowing SharePoint Office Web App

    Hi Everyone,
    We are deploying Share Point server 2013 in a week days. we set all things ready to move for live and suddenly we are facing a problem with fore front TMG proxy server. we completely using this Share Point server for internal usage only and completely not
    for external networks. 
    When we open SharePoint Office Web App in IE/Chrome with out any proxy it was working quiet good. But with proxy settings, we can able to log-in to the page and see the contents of the site, but couldn't able to open/edit the documents. 
    When we open the same SharePoint Office Web App in Firefox with proxy settings, It was not even able to go to the log-in page. Firefox completely blocking this SharePoint site with proxy setting and working good without proxy settings
    we are using both ISA 2006 server and Forefront 2010 in our farm. please find the version details.
    Forefront Threat Management Gateway Microsoft Corporation version: 7.0.7734.100 ,
    Microsoft ISA Server 2006 Microsoft Corporation version 5.0.5720.164
    Please help me on this as soon as possible, what I need to do for ForeFront TMG server & ISA Server to allow open/edit the sharepoint office web app.

    Hi Sarath,
    I would like to clarify the below as it will help others to provide solutions.
    First Point is, What is the TMG Topology, Is it SecureNAT as well as Proxy for all the subnet from where you are trying to access the site.
    Is your Site hosted internally Ie internal when looking from ISA, If SP is internal then the traffic should not hit ISA itself, Or is it hosted on DMZ interface of ISA ?
    Your SP server IP / Gateway Details
    Your Sharepoint URL
    If this is different from AD domain name, Do you have a split DNS configured ?
    Your TMG IP address.
    If you have Proxy as ISA and gateway as other Firewall, check the block on gateway as well.

Maybe you are looking for