EAS: Security mode

Similar Messages

• Essbase native security mode and MSAD users

  Hi guys,
  I'm trying to solve following question:
  I need to keep Essbase in native security mode, ie. to assign security for users directly in EAS, not in HSS console. And I need to grant access to MSAD users, ie. to allow users to connect to Essbase using their MSAD usernames and passwords.
  How to do that?
  Thanks!
  Vladino

  You don't state what release you're on -- I think it varies slightly from release to release although the concept is mostly the same.
  Have you read this in the EAS help?
  http://download.oracle.com/docs/cd/E17236_01/epm.1112/eas_help/extauthen.html
  I think this help is missing the step where you tell Essbase what the external authenticators are. From reading about the AUTHENTICATIONMODULE Essbase.cfg setting:
  http://download.oracle.com/docs/cd/E17236_01/epm.1112/esb_tech_ref/authenticationmodule.html
  It seems that:
  When you run Oracle's Hyperion Enterprise Performance Management System Configurator, Essbase is automatically registered with Shared Services (unless you select the option to deploy Essbase in standalone mode) and this setting is automatically added to essbase.cfg.So I'm not quite sure where that leaves you -- where do you config the external authentication? Hopefully someone more installation-centric than I (which would be just about everyone in the known universe) can jump in here. I have to say that I haven't used non-Shared Services authentication since System 9 came out -- it just makes life too easy for my clients to manage security in one place.
  Regards,
  Cameron Lackpour

• Performance Issues with Acrobat Reader 11.0.0.2 when secure mode is enabled

  Hello All,
  We are experiencing sporadic issues with Acrobat 11.0.0.2 across our domain, users are reporting performance issues when opening PDF documents whether locally or from a network share.
  We have found that turning off Secure Mode helps towards reducing this delay and in the cases it doesn't we are repairing the installation and/or reinstalling the application.
  Due to the security implications we need to leave this turned on, I am wondering if anyone has encountered this issue and what steps were taken towards resolving it?
  I also wonder whether the white list function in the new release 11.0.0.3 would be a solution to this issue?
  Kind Regards,
  Ryan McCarty

  No probelm, so....
  We had no problems with Adobe Reader 9 and 10, we encountered the issues when upgrading to 11.0.0.2.
  Initially we found that turning off the Protected Mode, helped but did not resolve the issue.
  We tried;
  1. Turn off protected mode - issue still present
  2. Clearing the recent file registry using the below registry path and deleting the keys underneath it.
  HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles (this does not turn recent files off permanently). - works but needs clearing regularly
  3. Turning off welcome screen by creating -  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cWelcomeScreen - works to improve app open speed.
  4. uninstall/reinstall of 11.0.0.2 - works most likley due to the recent files being cleared.
  5. upgrade to 11.0.0.3 - issue still present
  Following reboots the issue is still present.
  When Adobe Reader is the only application open this issue is still present.
  As mentioned I have no systems available which I could test this issue using 11.0.0.1 as we have fixed them, albeit temporarily using the reinstall method.
  I am concious that this issue is going to reoccur once that cache (recent files) builds back up because the fix above (#2) is clearing the recent files cache NOT disabling it.

• BI Publisher with Oracle e-Business Suite 11i in EBS security mode

  Seems I submitted below in wrong forums earlier so posing to correct one now. Appreciate any help.
  Hi All,
  I want to configure BI Publisher that comes as a part of OBIEE in Oracle E-Business Suite security mode. My Oracle E-Business Suite 11i runs on 3 node RAC database and 3 node apps tier/cm tier. As per configuration guide, I changed security mode in BIP to 'Oracle E-Business' and uploaded DBC file from E-business suite Web&Forms tier. In DBC file TWO_TASK parameter has value of test_806_BALANCE which is just an alias in tnsnames.ora for load balancing. Now when I go to BI publisher and click on 'Roles and Permission' tab in security center, it gives me 500 Internal server error.
  But if I change this TWO_TASK value to any particular RAC instance sid, I am able to see all responsibility in Roles and Permission tab. This seems that BI Publisher makes jdbc connection url to database on the fly by reading DB_HOST, dB_Port and TWO_TASK parametes from dbc file and due to this my BI Publisher is single point of failure if the RAC instance goes down which I mentioned in DBC file. Even though E-Business Suite is in HA, BI publisher is not taking advantage of this HA db.
  Any one has idea how to over come this situation.

  You can try for a luck by posting the thread in BI Publisher Section of this Forum..

• The dreaded 404 message using basicHttpBinding, Transport security mode, and certificates

  I am working on setting up a WCF service using mutual authentication with both client and server certifiates. The service is hosted in IIS 7, and I'm trying to access it from a simple console app. When I try to connect to the service, I get the error ""There
  was no endpoint listening at
  https://localhost/IISHostedService/MyService.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details." The inner exception is "The remote server returned an error:
  (404) Not Found."
  I have seen people all over the net reporting this error, but so far none of their fixes work for me. I have an HTTPS binding in IIS for my app, and I am able to browse to my service (using either http or https) and view it with no problems. I can get the
  wsdl (also over either protocol) with no issues, but connecting from the client doesn't work.
  Here is my server config:
  <system.serviceModel>
  <behaviors>
  <serviceBehaviors>
  <behavior>
  <serviceCredentials>
  <serviceCertificate findValue="ServerCertificate" storeLocation="LocalMachine" x509FindType="FindBySubjectName" />
  <clientCertificate>
  <authentication revocationMode="NoCheck" />
  </clientCertificate>
  </serviceCredentials>
  <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
  <serviceDebug includeExceptionDetailInFaults="true" />
  </behavior>
  </serviceBehaviors>
  </behaviors>
  <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  <bindings>
  <basicHttpBinding>
  <binding name="BasicHttpBinding_MyService">
  <security mode="Transport">
  <transport clientCredentialType="Certificate" />
  </security>
  </binding>
  </basicHttpBinding>
  </bindings>
  <services>
  <service name="MyService">
  <endpoint binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_MyService" contract="Namespace.IContract" />
  </service>
  </services>
  </system.serviceModel>
  And my client:
  <system.serviceModel>
  <behaviors>
  <endpointBehaviors>
  <behavior name="clientEndpointBehavior">
  <clientCredentials>
  <clientCertificate findValue="ClientCertificate" storeLocation="LocalMachine" x509FindType="FindBySubjectName"/>
  </clientCredentials>
  </behavior>
  </endpointBehaviors>
  </behaviors>
  <bindings>
  <basicHttpBinding>
  <binding name="BasicHttpBinding_MyService" closeTimeout="00:10:00"
  openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00"
  allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
  maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
  messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
  useDefaultWebProxy="true">
  <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
  maxBytesPerRead="4096" maxNameTableCharCount="16384" />
  <security mode="Transport">
  <transport clientCredentialType="Certificate" />
  </security>
  </binding>
  </basicHttpBinding>
  </bindings>
  <client>
  <endpoint address="https://localhost/IISHostedService/MyService.svc behaviorConfiguration="clientEndpointBehavior"
  binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_MyService"
  contract="Namespace.IContract" name="BasicHttpBinding_MyService" />
  </client>
  </system.serviceModel>
  I am not sure if it matters, but this client and server are running on the same physical machine in a test environment. I have confirmed that both the client and the server certificates are installed, and that the issuing authority is trusted. The virtual
  folder is set in IIS to "Accept" client certificates, and SSL is not required.
  Does anyone have any thoughts what I may be missing? This service works without a problem over HTTP, so it has to be somehow related to the certificate that is being passed. With the Server certificate, I just trapped the ServicePointManager.ServerCertificateValidationCallback
  event to manually approve the certificate if the subject matched what I was looking for (the subject does not match the domain name, since this is a test environment). Do I need to do something similar for the client certificate?
  EDIT: One thing I do notice is that, in the WSDL, the soap location is always pointing to http. I'm not sure if that is correct or not:
  <wsdl:service name="MyService">
  <wsdl:port name="BasicHttpBinding_MyService" binding="tns:BasicHttpBinding_MyService">
  <soap:address location="http://computerName.domain.com/IISHostedService/MyService.svc" />
  </wsdl:port>
  </wsdl:service>

  A little more information (since this is the main thing I have to work on today):
  After some research, I decided to try using a custom certificate validator, in case something is wrong with the client certificate. In the clientCertificate\authentication node on the server, I set the certificateValidationMode="Custom" and set customValidationType="MyType.Validator,
  MyType". My type is apparently being found (when it is not found I get a "service could not be activated" error), but my Validate() method is never being called.
  Now this leads me to believe that it's not a problem with the client certificate, but something else, before it even gets that far.

• Cant get Security Mode to work on WRT54G

  I have everything set up fine.. internet working etc but I cannot get security mode to work.. I go to click on WEP, WPA.. whatever and it just autos back to DISABLED.. Anyone to fix this?

  how many computers do you have?
  try to use other computers in setting up the security. check also the firmware of your router.make sure you have the latest one.

• WRTG42 v1 Need help with changing the Security Mode

  I need to change my wireless security mode but for some reason whenever I try to change anything the website automatically puts what ever I changed back to normal.  Basically, I try to change an option and the website changes the option back instantly. Has anyone else had this issue? And if so, can you please walk me through what you did? Thanks!

  Try using a different browser and make sure you click on Save Settings after changing security settings. Here's a link for detailed instructions.

• Security Mode Feature in ATAPI HD's provided by Apple

  Hello, I'd like to know how would I implement the security mode feature for the hard drive provided by Apple in MacBook Pro and if it will or not have any problems with EFI.
  How will EFI manage this feature of ATA hard drives?

  This article will help (about 1/2 way down).
  http://support.apple.com/kb/HT1212
  Barry

• Now I can start my Mac Pro only in "secure mode." I'm still appears on all monitors a series of bands such as seen in the attached file. Someone can give me a diagnosis? Thank you.

  Now I can start my Mac Pro only in "secure mode."
  I'm still appears on all monitors a series of bands such as seen in the attached file.
  Someone can give me a diagnosis?
  Thank you.

  The attached file is not showing.
  In Safe/Secure Mode many Drivers are not loaded. When your computer works in Safe Mode, but not regular mode, two types of problems are implicated:
  1) Third-party kernel extensions. a conflict with some part of Mac OS X means that when those extensions load, your Mac can not run.
  2) Failed graphics card. Since the Driver for the display is not loaded, the display in Safe Mode uses a very simple built-in Driver. In regular mode, once the driver is loaded, all parts of the graphics card must be working, or you could get bands of color on the display (which is just what you reported).
  Which Model Mac Pro Tower or MacBook Pro is this?

• I am not having problems with wifi but ipad will not accept my password in the secure mode. anyone else having the same problem?

  I am having problems with the Ipad accepting my password in the secure mode in Wifi. I can get into wifi when the secure mode is off. This only started when I downloaded the lastest update for the Ipad. Anyone else having the same problems?  I have rebooted the Rotar and still doesn't work.

  I am not.
  Which secure mode are you using with your wireless network - WEP or WPA?
  Have you tried forgetting this network on your iPad, and/or resetting network settings on your iPad? Both will require rejoining the network and the latter will require rejoining every wi-fi network your iPad has access to when returning within range of the network.

• Database control won't run in secure mode

  I'm following the instructions displayed by the database configuration manager after creating a database. These instructions configure the database control to run in secure mode using https. I get an error with the following command run from the OS command line while in the ORACLE_HOME/bin directory:
  emctl.bat secure dbconsole -sysman_pwd password
  I get the error message "Failed to create EM root key."
  The emdctl.trc file has the following entry: "No connection could be made because the target machine actively refused it."
  The ORACLE_SID has already been set. The database control is down. The "emctl config emkey -repos" command completed successfully.
  I'm using Oracle 10.2.0.4 on Windows 2003 server. I'm running this command on the database server. The database control was selected in the database configuration manager. This database control does run successfully in http mode, but I can't configure it for https.
  Does anyone know why the target machine would actively refuse this connection?

  Have you tried it without the -sysman_pwd flag ?
  MOS Doc 276950.1 - How to setup Enterprise Manager Database Control for SSL (HTTPS) secure connection
  HTH
  Srini

• How can Manage Permissions for DB in Shared Services Security Mode

  In shared services security mode, after provisioning users for Essbase applications, only can assign database calculation and filter access. How can I grant permissions "Access Databases" like in native mode?

  Essbase will be default be in shared services security mode in 11.1.2, the wizard will not migrate security when in this mode.
  It is possible to revert it back but if you don't know the process then it is worth looking at alternatives first.
  You could use LCM to export the provisioning and then import into your target environment.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Auto Logoff while in Shared Services Security Mode

  Pretty simple question but I still haven't found the answer.
  My client's essbase server is set up in Shared Services Security Mode, so now the auto logoff options for the server don't apply. Is there a way to set this via shared services? Or is there some other means perhaps?
  Thanks for your time.

  Essbase will be default be in shared services security mode in 11.1.2, the wizard will not migrate security when in this mode.
  It is possible to revert it back but if you don't know the process then it is worth looking at alternatives first.
  You could use LCM to export the provisioning and then import into your target environment.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Tomcat: ClassNotFound Exception in security mode

  Hi there,
  we have a problem with our web application when starting Tomcat in security mode. For some reasons we always get some "ClassNotFoundExceptions" and we don't know why. The exception is:
  java.lang.ClassNotFoundException:org.mozilla.javascript.optimizer.OptRuntime
  org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1359)
  org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1205)
  java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
  java.lang.Class.forName0(Native Method)
  java.lang.Class.forName(Class.java:164)
  ...The class which cannot be found is in a js.jar which is located at WEB-INF/lib of our web application. We also defined access to our web application in the catalina.policy which looks like:
  grant codeBase "file:${catalina.home}/webapps/ourWebApp/-"
      permission java.security.AllPermission;
  };If we start Tomcat in normal mode, everything works fine. So what could be the problem? Can you help me?
  Thanks,
  jacquipre

  Hi there,
  we have a problem with our web application when starting Tomcat in security mode. For some reasons we always get some "ClassNotFoundExceptions" and we don't know why. The exception is:
  java.lang.ClassNotFoundException:org.mozilla.javascript.optimizer.OptRuntime
  org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1359)
  org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1205)
  java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
  java.lang.Class.forName0(Native Method)
  java.lang.Class.forName(Class.java:164)
  ...The class which cannot be found is in a js.jar which is located at WEB-INF/lib of our web application. We also defined access to our web application in the catalina.policy which looks like:
  grant codeBase "file:${catalina.home}/webapps/ourWebApp/-"
      permission java.security.AllPermission;
  };If we start Tomcat in normal mode, everything works fine. So what could be the problem? Can you help me?
  Thanks,
  jacquipre

• Scale 802.1X ACS in High Security Mode any Idea's?

  Scenario
  Platform ACS V 5.1.0.44
  Switch 4510R with 8 48 port modules (384 ports)
  802.1x authentication of the ports in High Security Mode (VLAN assignments required)
  Authentication Method Cert based eap-tls to machine
  we currently have 4 Data Vlans that users and assets drop into on this switch
  How do I scale this as I cant differentiate the cert to distribute the users across the 4 vlans in ACS?
  I think I can use unique Identity groups for the MAB of assets but the users has me really scratching my head.

  Looks like a Switching group has been looking at this as a possible answer for the stack switches but I cant configure vlan groups on 4510's
  and would theres no config guide on how to apply it in ACS 5.1 (use attrib 81 like we do for vlan assignment?)
  12.2(52)SE
  IEEE 802.1x User Distribution to allow deployments with multiple VLANs (for a group of users) to improve scalability of the network by load balancing users across different VLANs. Authorized users are assigned to the least populated VLAN in the group, assigned by RADIUS server.
  12.2(52)SE
  3750-E, 3560-E
  But then you get bit with even using VLAN assignments on large stacks
  •When IEEE 802.1x authentication with VLAN assignment is enabled, a CPUHOG message might appear if the switch is authenticating supplicants in a switch stack.
  The workaround is not use the VLAN assignment option. (CSCse22791)