Does URL Policy Agent of SunONE Web Server 6.1 works with Identity Server 6
Hi,
I'm using URL Policy Agent of SunONE Web Server 6.1, and using Identity Server 6.1 to configure policy to access web resource such as http://myweb.org.cn/test/*
After configyration, I try to access the resources http://myweb.org.cn/test/test.html
The redirection is ok, the IS login appear, but after login successfully, it still tell me that I don't have permission to view this web page.
Is this because of URL policy agent don't support IS 6.1?
Many thanks,
Can anybody help me with the steps to generate core for this issue.. I followed the steps as said in http://blogs.sun.com/meena/entry/troubleshooting_server_crashes_enabling_core but I don't see any core generated when server crashes..
Setup Info:
- OS is RHEL 4.0
- Sun ONE Web Server 6.1SP7
- Policy Agent 2.2
Similar Messages
-
Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
Does anybody has a working combination of the above ? I get a ID login page and after that I always get a access denied page. I get this exception on the agent logs:
2004-10-14 16:28:00.917 Warning 6347:c1818 PolicyAgent: in get_cookie: no cooki
e in ap_table
2004-10-14 16:28:01.895 Warning 6359:c1818 PolicyAgent: Invalid URL for propert
y (com.sun.am.policy.agents.accessDeniedURL) specified
2004-10-14 16:28:56.742 Warning 6349:c1818 PolicyAgent: am_web_is_access_allowe
d(http://xx.xx.xx.net:8080/, GET) denying access: status = access de
nied (20)
2004-10-14 16:28:56.743 128 6349:c1818 RemoteLog: User testuser1 was denie
d access to http://xx.xx.xx.net:8080/.
2004-10-14 16:28:56.831 -1 6349:c1818 PolicyAgent: URL Access Agent: acces
s denied to testuser1
We can ignore Invalid URL property part because its just looking for a custom url in place there. I have cookies enabled in my browser. I even turned on the prompt option. No luck yet.
Any suggestions would be of great help.
Thanks,
Sunil.From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.jsse.IBMJSSEProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry -
URL Policy agent attributes - Not displayed
I installed a Policy Agent on a remote Web Server and pointed the policy agent to the Identity Server installed alongwith the Portal.
When I click on the Policy agent in the Identity Server console , it displays the following message
"There are no attributes to display for this entry".
How to obtain the attributes for the URL Policy Agent Service .Is this a problem concerning the IS . Can anyone throw light on this issue.
thanx in advance
rajIt's the way it supposed to be. There is no configurable attributes for this service.
-
I installed a Policy Agent on a remote Web Server and pointed the policy agent to the Portal's Identity Server .
When I click on the Policy agent in the Identity Server console , it displays the following message
"There are no attributes to display for this entry".
How to obtain the attributes for the URL Policy Agent .Is this a problem concerning the IS . Can anyone throw light on this issue.
thanx in advance
rajIt's the way it supposed to be. There is no configurable attributes for this service.
-
Access Control for SunOne Web Server 6.0.5 vs. 6.0.4
This question is about bypassing an appserver by specifying an alias without the appserver vitual host so as to download a class or jar file. With only the default ACL on the 6.0.4 version of the Sunone web server I found that .class and .jar files were not downloadable. However, on version 6.0.5 they are. For example, the URL:
https://myhost/appserv/alias/path/file.jsp
would return the html resulting from that file.jsp file being processed by my application server. But by contrast, the URL:
https://myhost/alias/path/file.jsp
will prompt the user as to where they want to save the file. Specifying the alias immediately after the hostname (omitting appserv) will allow free access to any files under that aliases target directory. This is a problem especially for .class and .jar files which contain server side programs. I have created an ACL as described in the administrators guide and this does solve the problem (thank goodness for that). My question is, why didn't I experience this problem before?To Disable directory listing : http://www.sun.com/bigadmin/features/hub_techtips/dir_list_web_srvr.jsp
-
Memory leak on SunOne Web Server 6.1 on application reload
Hi!
I am pretty sure that i have found a memory management problem in
SunOne Web Server 6.1 .
It started with an OutOfMemory error we got under heavy load . After
some profiling with Jprofiler i didn't find any memory leaks in the
application.Even under heavy load (generated by myself) i can't find
anything ,more, i can't reproduce the error! The memory usage is
about 20Mb and does not go up .
However it is pretty simple to see the following behavior:
[1] Restart the server (to have a clear picture) and wait a little for
memory usage to stabilize.
[2] In the application dir. touch .reload or one of the classes:
The memory usage goes up by another 50Mb (huge amount of mem. taking
into account the fact that it used only 20Mb under any load befor).
Do this another time and another 20Mb gone etc..
The JProfiler marks the memory used by classes . And it can be
clearly seen the GC can't release most of it.
I AM sure this is not the application that takes all the memory.
Another hint : after making the server to reload application i can see
that the number of threads ON EVERY RELOAD is going up by ~10-20
threads .The # of threads goes lower over time but not the mem usage.
My system:
Sparc Solaris 9 ,Java 1.4.2_04-b05, Sun ONE Web Server 6.1SP5
Evgenymy guess is that - because of '.reload' , web container tries to
recompile all the classes that you use within your web application and
hence the memory growth is spiking up.What do you mean by "tries to recompile"?The classes in
Web-inf are already compiled! And i have only ~5 jsp's .
(the most part of the applic. is a complicated business logic)
If you are talking about reloading them ,yes,that's the purpose of .reload,
isn't it? :).But it seems that container uses the memory for it's own
classes: the usage of memory for my classes don't really grow
that much (if at all) after reload (according to profiler)
Also the real problem is that the memory usage grows to much for
too long (neither seen it going down) and thus ends with OutOfMemory.
if you are seeing the memory growth to be flat in stress environment,
then I am not sure that why do you think that there is a memory leak ?There is no memory leak in stress environment.
There is memory leak while reloading the application.
It is a memory hog for sure (~20-30Mb for every reload).
Memory leak?It seems that way because i can't see memory usage go
down and after a lot of reloads OutOfMemory is thrown.
also, what is jvm heap that you use ? did you try jvm tune options like -
XX:+AggressiveHeap ?256Mb.I can set it bigger ,but how do i know that it will not just delay
the problem ?
Thanks for response.
Evgeny -
Policy Agent on Sun Application Server 9.1
I'm attempting to deploy the Access Manager Policy Agent to Sun Application Server 9.1 and I'm running into some issues.
Environment:
amhost - Access Manager 7.0 on Sun Webserver can do both http and https
ashost - Access Manager Policy AGent 2.2 on Sun Application Server 9.1
If everything is set to http:
When i attempt to access a simple servlet application (Headersnooper) I am redirected the the access manager server and when authentication is successful I see the browser attempting to redirect back to the application server and I see the following error in the Policy Agent debug logs amJAXRPC:
11/13/2007 02:46:18:055 PM EST: Thread[httpSSLWorkerThread-8080-79,10,Grizzly]
JAXRPCHelper: Connection to URL: https://ssodev.queensu.ca:443/amserver/jaxrpc/SMSObjectIF failed
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
Why would it think to attempt to connect to https when everything in the agent is configured for http?
Any thoughts or recommendations would be appreciated.Hi,
One thing that could help is to look at the info in the agent logs, first increase Debug Logging Level, then restart the agent server and click thru your app, then look in agent runtime logs which should have more descriptive errors. For more detail on how to do this, try http://wikis.sun.com/display/OpenSSO/GlassFishAgentTrouble#GlassFishAgentTrouble-generaltips
You could look on this page, which is mostly based on GlassFish server but could help for other servers as well.
http://wikis.sun.com/display/OpenSSO/GlassFishAgentTrouble
I have not installed either of the policy agents you mentioned. But with some of the other agents, like the Sun App server 9 (GlassFish) agent, it comes with a sample application, and I find that this is the best way to ensure your setup is good and you are following all steps etc. Once sample app is up, you can try your own apps with confidence.
Since you already have the SJSAS 9 installed, maybe you could create a new domain and download/install the SJSAS 9 policy agent on the new domain. Then try out the sample app?
Or if those other agents have a sample app then try it out.
hth,
Sean -
Can SunOne Web Server get REMOTE_USER?
Scenario:
Users authenticate to Active Directory on Windows and browse an application from their IE browser to a web application hosted by SunOne Web Server 6.1.
Will the SunOne Web Server application be able to pick up the REMOTE_USER HTTP header?
Thanks in advance.IE will not send user id in http headers. You can get the user id if you do NTLM authentication which the web server does not support. If your app is java based you can look into doing NTLM auth in Java and get the user id that way.
See:
http://www.rgagnon.com/javadetails/java-0441.html -
URL rewrite in iplanet sun web server 6.0
HI,
I've been using SunONE web server 6.0 for a while.
Our website is changing to adapt URL rewrite. Can you please show me how or where to get such information about how to do URL rewrite in web server 6.0?
http://domain.com/index.php?=c2345 ----> to this nice-looking URL http://domain.com/index/mainsite
thanks so much!This would be non-trivial in WS6.0. Additionally, WS6.0 is end-of-lifed, and has known security problems that are NOT going to be fixed. You should consider upgrading.
URL re-writing (and much more) is a native feature of WS7.0. -
SunOne Web Server (JSP & class)
I have tried to read the documentation but I am just not getting it. I have 2 files myjsp.jsp and mybean.class that I would like SunOne Web Server to display my jsp using the javabean. Where do I put the files? (I have seen all kinds of things on deploying a WAR file etc. I just want to place these two files on the web server and go.)
I have my jsp located at c:\iPlanet\Servers\docs\webdev and my class file located at[b] c:\iPlanet\Servers\docs\webdev\web-inf\classes. What do I need to tell the server how to load the javabean?Hi, elving
This is good information. Thanks very much.
Actually, I am not using SSL, just plain http connection with basic auth. It might be the cache-control header that causes the head ache. 6.0 response does not have the cache-control header, but 6.1 has.
The interesting thing is that adding a servlet mapping on 6.1 solves the problem.
I will take a further look tomorrow.
Cheers,
Harry
I doubt the problem has to do with the Content-Length
header.
I'd guess that you're using SSL. Are you? If so,
you're almost certainly bumping into a known bug (or,
as Microsoft describes it, a "feature") in Internet
Explorer. Microsoft article KB316431 at
http://support.microsoft.com/default.aspx?scid=316431h
as some information on the problem. As the article
points out, the problem occurs when Internet Explorer
needs to invoke an external application to handle a
file that was served over SSL with Cache-Control:
no-cache and/or Pragma: no-cache headers.
A work around would be force Web Server to send
Cache-Control and Pragma headers that don't include
the no-cache directive. For example, the following
lines could be added to the obj.conf configuration
file:<Object ppath="*.jnlp">
Output fn="set-variable" set-srvhdrs="Cache-Control:
private"
Output fn="set-variable" set-srvhdrs="Pragma:
private"
</Object>Fortunately, it sounds like you've already
found another viable work around. -
Dear all,
I would like to install SunOne web server sp6 on Redhat 9.0 for evaluation.
I set some parameters as following.
* make libncurses.so.4 link file
* set LD_ASSUME_KERNEL=2.4.1
* change name from netscape to mozilla in startconsole.
* set firewall to pass port 80, etc
When I touch ./startconsole, admin server is displayed and I touch ID and password.
But browser display "The administration server was unable to fulfill your request."
If I install Sunone web server 6.1, I don't see this message and I can turn web service on.
If there is more set information on RH9.0, please give me advices.
Regards,
Masaaki KatoWS6.0 and 6.1 are not certified to run on RH9. They may behave in unexpected ways if you run them in that environment.
If you must run on RH9, I recommend that you only test/use WS6.1. -
Problem running WebLogic as plugin for SunOne web server on Solaris
I tried to set up WebLogic (8.1) as plugin for SunONE (iPlanet) web server. I followed instraction from http://e-docs.bea.com/wls/docs81/plugins/nsapi.html#110496. SunONE server start up successfully. But I have problem to connect my web application, and SunONE web server returns following error:
"for host 172.23.54.5 trying to GET /arsys/home, wl-proxy reports: Neither 'WebLogicCluster' nor 'WebLogicHost' specified in parameters"
I tried both SunOne (6.1 sp3) and iPlanet (6.0), I saw same problem.
Can anyone help me on this?
Thanks
CharlieTo configure sunone to work with WLS, you need to make entires in the magnus.conf and the obj.conf.From the error, it seems as if u missed the entries in the obj.conf.
-
Url forwarding in sun one web server 6.1
Hi,
Can we use wild char patterns in url -forwarding in sun one web server 6.1
For example http://myserver.com/*.do
to
http://anotherserver.com/*.do
http://myserver.com/*.jsp
to
http://anotherserver.com/*.jsp
appreciate your reply
thanksyes, you can.
http://docs.sun.com/source/819-0130/agcontnt.html#wp1017783 -
NSAPI plugin has high CPU utilization on Sunone web server 6.0 SP5
Hi,
I am running WL 6.1 SP3 with pluginProxy SP03 on Sunone web server 6.0SP5 on Solaris.
Seeing very high CPU utilization with 3 threads running wl_proxy (about 33% each).
Any latest NSAPI pluginproxy patch I can use to fix this?
WalterI'm having the same problems as all the above posts. I run a colloborative tool which uses IPlanet as a directory server and I receive the Event ID:25 Source: WebServer 6.0 error as well as Event ID:0 Source:https-admnserv6.0 which gives "the local computer may not have the necessary registry information or message DLL files to display messages from a remote computer". I have 3 servers built and all exhibit the same errors.
-
I want to ask that i have passed my 10th and i am doing diploma in Mechanical Engineering. So i want to work with apple and wants to lean more from them. So how i can this company as a studying student?
[http://support.mozilla.com/en-US/kb/Managing+file+types]
Maybe you are looking for
-
Hello the problem what i am facing is when i run the job from the enterprise manager ,the job is submitting at the server end but in the status column its showing status as failed i have set the credentials for the user the user is from the repositor
-
IP address changes when using webmail on my ipad.
I can sign in to my webmail however whenever I try to send an email or delete emails etc it disconnects me with a message to say "IP address has changed". It means I cannot use my email account successfully when away from home. Any ideas please?
-
Dear members Is it possible to write a Javascript which opens in Safari or Firefox a new page either in a new window or a new tab. The open command (new window or new tab) should be able to be choosen by the user. Do I'm being right here? Thank you v
-
Whenever I click on somewhere in Safari, I get a message "A keychain cannot be found to store Safari" I can click on an link, or just an empty space on a page. I can cancel, and things seem ok, or I can Reset to Defaults, which I am not sure I want t
-
by mistake i ereased my mackbook pro's disk. and when is restared it recovery page opened. and i did not purchase the osx mountain lion. do i have any other way to recory it without purchasing the copy of osx. ?can i do it using a usb having image fi