Does URL Policy Agent of SunONE Web Server 6.1 works with Identity Server 6

Similar Messages

• Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1

  Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
  Does anybody has a working combination of the above ? I get a ID login page and after that I always get a access denied page. I get this exception on the agent logs:
  2004-10-14 16:28:00.917 Warning 6347:c1818 PolicyAgent: in get_cookie: no cooki
  e in ap_table
  2004-10-14 16:28:01.895 Warning 6359:c1818 PolicyAgent: Invalid URL for propert
  y (com.sun.am.policy.agents.accessDeniedURL) specified
  2004-10-14 16:28:56.742 Warning 6349:c1818 PolicyAgent: am_web_is_access_allowe
  d(http://xx.xx.xx.net:8080/, GET) denying access: status = access de
  nied (20)
  2004-10-14 16:28:56.743 128 6349:c1818 RemoteLog: User testuser1 was denie
  d access to http://xx.xx.xx.net:8080/.
  2004-10-14 16:28:56.831 -1 6349:c1818 PolicyAgent: URL Access Agent: acces
  s denied to testuser1
  We can ignore Invalid URL property part because its just looking for a custom url in place there. I have cookies enabled in my browser. I even turned on the prompt option. No luck yet.
  Any suggestions would be of great help.
  Thanks,
  Sunil.

  From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
  information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.ibm.crypto.provider.IBMJCE
  security.provider.3=com.ibm.jsse.IBMJSSEProvider
  security.provider.4=com.ibm.security.cert.IBMCertPath
  security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
  Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry

• URL Policy agent attributes - Not displayed

  I installed a Policy Agent on a remote Web Server and pointed the policy agent to the Identity Server installed alongwith the Portal.
  When I click on the Policy agent in the Identity Server console , it displays the following message
  "There are no attributes to display for this entry".
  How to obtain the attributes for the URL Policy Agent Service .Is this a problem concerning the IS . Can anyone throw light on this issue.
  thanx in advance
  raj

  It's the way it supposed to be. There is no configurable attributes for this service.

• URL Policy agent attributes -

  I installed a Policy Agent on a remote Web Server and pointed the policy agent to the Portal's Identity Server .
  When I click on the Policy agent in the Identity Server console , it displays the following message
  "There are no attributes to display for this entry".
  How to obtain the attributes for the URL Policy Agent .Is this a problem concerning the IS . Can anyone throw light on this issue.
  thanx in advance
  raj

  It's the way it supposed to be. There is no configurable attributes for this service.

• Access Control for SunOne Web Server 6.0.5 vs. 6.0.4

  This question is about bypassing an appserver by specifying an alias without the appserver vitual host so as to download a class or jar file. With only the default ACL on the 6.0.4 version of the Sunone web server I found that .class and .jar files were not downloadable. However, on version 6.0.5 they are. For example, the URL:
  https://myhost/appserv/alias/path/file.jsp
  would return the html resulting from that file.jsp file being processed by my application server. But by contrast, the URL:
  https://myhost/alias/path/file.jsp
  will prompt the user as to where they want to save the file. Specifying the alias immediately after the hostname (omitting appserv) will allow free access to any files under that aliases target directory. This is a problem especially for .class and .jar files which contain server side programs. I have created an ACL as described in the administrators guide and this does solve the problem (thank goodness for that). My question is, why didn't I experience this problem before?

  To Disable directory listing : http://www.sun.com/bigadmin/features/hub_techtips/dir_list_web_srvr.jsp

• Memory leak on SunOne Web Server 6.1 on application reload

  Hi!
  I am pretty sure that i have found a memory management problem in
  SunOne Web Server 6.1 .
  It started with an OutOfMemory error we got under heavy load . After
  some profiling with Jprofiler i didn't find any memory leaks in the
  application.Even under heavy load (generated by myself) i can't find
  anything ,more, i can't reproduce the error! The memory usage is
  about 20Mb and does not go up .
  However it is pretty simple to see the following behavior:
  [1] Restart the server (to have a clear picture) and wait a little for
  memory usage to stabilize.
  [2] In the application dir. touch .reload or one of the classes:
  The memory usage goes up by another 50Mb (huge amount of mem. taking
  into account the fact that it used only 20Mb under any load befor).
  Do this another time and another 20Mb gone etc..
  The JProfiler marks the memory used by classes . And it can be
  clearly seen the GC can't release most of it.
  I AM sure this is not the application that takes all the memory.
  Another hint : after making the server to reload application i can see
  that the number of threads ON EVERY RELOAD is going up by ~10-20
  threads .The # of threads goes lower over time but not the mem usage.
  My system:
  Sparc Solaris 9 ,Java 1.4.2_04-b05, Sun ONE Web Server 6.1SP5
  Evgeny

  my guess is that - because of '.reload' , web container tries to
  recompile all the classes that you use within your web application and
  hence the memory growth is spiking up.What do you mean by "tries to recompile"?The classes in
  Web-inf are already compiled! And i have only ~5 jsp's .
  (the most part of the applic. is a complicated business logic)
  If you are talking about reloading them ,yes,that's the purpose of .reload,
  isn't it? :).But it seems that container uses the memory for it's own
  classes: the usage of memory for my classes don't really grow
  that much (if at all) after reload (according to profiler)
  Also the real problem is that the memory usage grows to much for
  too long (neither seen it going down) and thus ends with OutOfMemory.
  if you are seeing the memory growth to be flat in stress environment,
  then I am not sure that why do you think that there is a memory leak ?There is no memory leak in stress environment.
  There is memory leak while reloading the application.
  It is a memory hog for sure (~20-30Mb for every reload).
  Memory leak?It seems that way because i can't see memory usage go
  down and after a lot of reloads OutOfMemory is thrown.
  also, what is jvm heap that you use ? did you try jvm tune options like -
  XX:+AggressiveHeap ?256Mb.I can set it bigger ,but how do i know that it will not just delay
  the problem ?
  Thanks for response.
  Evgeny

• Policy Agent on Sun Application Server 9.1

  I'm attempting to deploy the Access Manager Policy Agent to Sun Application Server 9.1 and I'm running into some issues.
  Environment:
  amhost - Access Manager 7.0 on Sun Webserver can do both http and https
  ashost - Access Manager Policy AGent 2.2 on Sun Application Server 9.1
  If everything is set to http:
  When i attempt to access a simple servlet application (Headersnooper) I am redirected the the access manager server and when authentication is successful I see the browser attempting to redirect back to the application server and I see the following error in the Policy Agent debug logs amJAXRPC:
  11/13/2007 02:46:18:055 PM EST: Thread[httpSSLWorkerThread-8080-79,10,Grizzly]
  JAXRPCHelper: Connection to URL: https://ssodev.queensu.ca:443/amserver/jaxrpc/SMSObjectIF failed
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
  at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
  at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
  Why would it think to attempt to connect to https when everything in the agent is configured for http?
  Any thoughts or recommendations would be appreciated.

  Hi,
  One thing that could help is to look at the info in the agent logs, first increase Debug Logging Level, then restart the agent server and click thru your app, then look in agent runtime logs which should have more descriptive errors. For more detail on how to do this, try http://wikis.sun.com/display/OpenSSO/GlassFishAgentTrouble#GlassFishAgentTrouble-generaltips
  You could look on this page, which is mostly based on GlassFish server but could help for other servers as well.
  http://wikis.sun.com/display/OpenSSO/GlassFishAgentTrouble
  I have not installed either of the policy agents you mentioned. But with some of the other agents, like the Sun App server 9 (GlassFish) agent, it comes with a sample application, and I find that this is the best way to ensure your setup is good and you are following all steps etc. Once sample app is up, you can try your own apps with confidence.
  Since you already have the SJSAS 9 installed, maybe you could create a new domain and download/install the SJSAS 9 policy agent on the new domain. Then try out the sample app?
  Or if those other agents have a sample app then try it out.
  hth,
  Sean

• Can SunOne Web Server get REMOTE_USER?

  Scenario:
  Users authenticate to Active Directory on Windows and browse an application from their IE browser to a web application hosted by SunOne Web Server 6.1.
  Will the SunOne Web Server application be able to pick up the REMOTE_USER HTTP header?
  Thanks in advance.

  IE will not send user id in http headers. You can get the user id if you do NTLM authentication which the web server does not support. If your app is java based you can look into doing NTLM auth in Java and get the user id that way.
  See:
  http://www.rgagnon.com/javadetails/java-0441.html

• URL rewrite in iplanet sun web server 6.0

  HI,
  I've been using SunONE web server 6.0 for a while.
  Our website is changing to adapt URL rewrite. Can you please show me how or where to get such information about how to do URL rewrite in web server 6.0?
  http://domain.com/index.php?=c2345 ----> to this nice-looking URL http://domain.com/index/mainsite
  thanks so much!

  This would be non-trivial in WS6.0. Additionally, WS6.0 is end-of-lifed, and has known security problems that are NOT going to be fixed. You should consider upgrading.
  URL re-writing (and much more) is a native feature of WS7.0.

• SunOne Web Server (JSP & class)

  I have tried to read the documentation but I am just not getting it. I have 2 files myjsp.jsp and mybean.class that I would like SunOne Web Server to display my jsp using the javabean. Where do I put the files? (I have seen all kinds of things on deploying a WAR file etc. I just want to place these two files on the web server and go.)
  I have my jsp located at c:\iPlanet\Servers\docs\webdev and my class file located at[b] c:\iPlanet\Servers\docs\webdev\web-inf\classes. What do I need to tell the server how to load the javabean?

  Hi, elving
  This is good information. Thanks very much.
  Actually, I am not using SSL, just plain http connection with basic auth. It might be the cache-control header that causes the head ache. 6.0 response does not have the cache-control header, but 6.1 has.
  The interesting thing is that adding a servlet mapping on 6.1 solves the problem.
  I will take a further look tomorrow.
  Cheers,
  Harry
  I doubt the problem has to do with the Content-Length
  header.
  I'd guess that you're using SSL. Are you? If so,
  you're almost certainly bumping into a known bug (or,
  as Microsoft describes it, a "feature") in Internet
  Explorer. Microsoft article KB316431 at
  http://support.microsoft.com/default.aspx?scid=316431h
  as some information on the problem. As the article
  points out, the problem occurs when Internet Explorer
  needs to invoke an external application to handle a
  file that was served over SSL with Cache-Control:
  no-cache and/or Pragma: no-cache headers.
  A work around would be force Web Server to send
  Cache-Control and Pragma headers that don't include
  the no-cache directive. For example, the following
  lines could be added to the obj.conf configuration
  file:<Object ppath="*.jnlp">
  Output fn="set-variable" set-srvhdrs="Cache-Control:
  private"
  Output fn="set-variable" set-srvhdrs="Pragma:
  private"
  </Object>Fortunately, it sounds like you've already
  found another viable work around.

• SunOne web server sp6 on RH9

  Dear all,
  I would like to install SunOne web server sp6 on Redhat 9.0 for evaluation.
  I set some parameters as following.
  * make libncurses.so.4 link file
  * set LD_ASSUME_KERNEL=2.4.1
  * change name from netscape to mozilla in startconsole.
  * set firewall to pass port 80, etc
  When I touch ./startconsole, admin server is displayed and I touch ID and password.
  But browser display "The administration server was unable to fulfill your request."
  If I install Sunone web server 6.1, I don't see this message and I can turn web service on.
  If there is more set information on RH9.0, please give me advices.
  Regards,
  Masaaki Kato

  WS6.0 and 6.1 are not certified to run on RH9. They may behave in unexpected ways if you run them in that environment.
  If you must run on RH9, I recommend that you only test/use WS6.1.

• Problem running WebLogic as plugin for SunOne web server on Solaris

  I tried to set up WebLogic (8.1) as plugin for SunONE (iPlanet) web server. I followed instraction from http://e-docs.bea.com/wls/docs81/plugins/nsapi.html#110496. SunONE server start up successfully. But I have problem to connect my web application, and SunONE web server returns following error:
  "for host 172.23.54.5 trying to GET /arsys/home, wl-proxy reports: Neither 'WebLogicCluster' nor 'WebLogicHost' specified in parameters"
  I tried both SunOne (6.1 sp3) and iPlanet (6.0), I saw same problem.
  Can anyone help me on this?
  Thanks
  Charlie

  To configure sunone to work with WLS, you need to make entires in the magnus.conf and the obj.conf.From the error, it seems as if u missed the entries in the obj.conf.

• Url forwarding in sun one web server 6.1

  Hi,
  Can we use wild char patterns in url -forwarding in sun one web server 6.1
  For example http://myserver.com/*.do
  to
  http://anotherserver.com/*.do
  http://myserver.com/*.jsp
  to
  http://anotherserver.com/*.jsp
  appreciate your reply
  thanks

  yes, you can.
  http://docs.sun.com/source/819-0130/agcontnt.html#wp1017783

• NSAPI plugin has high CPU utilization on Sunone web server 6.0 SP5

  Hi,
  I am running WL 6.1 SP3 with pluginProxy SP03 on Sunone web server 6.0SP5 on Solaris.
  Seeing very high CPU utilization with 3 threads running wl_proxy (about 33% each).
  Any latest NSAPI pluginproxy patch I can use to fix this?
  Walter

  I'm having the same problems as all the above posts. I run a colloborative tool which uses IPlanet as a directory server and I receive the Event ID:25 Source: WebServer 6.0 error as well as Event ID:0 Source:https-admnserv6.0 which gives "the local computer may not have the necessary registry information or message DLL files to display messages from a remote computer". I have 3 servers built and all exhibit the same errors.

• I want to ask that i have passed my 10th and i am doing diploma in Mechanical Engineering. So i want to work with apple and wants to lean more from them. So how i can this company as a studying student?

  I want to ask that i have passed my 10th and i am doing diploma in Mechanical Engineering. So i want to work with apple and wants to lean more from them. So how i can this company as a studying student?

  [http://support.mozilla.com/en-US/kb/Managing+file+types]