EM Alert: Policy name=Well_known_Accounts

Hello,
I am getting the following alerts from the OEM (Grid Control) :
Message=Database may be in an insecure state as MDSYS's account status is OPEN.
Policy name=Well_known_Accounts
Severity=Warning
Message=Database may be in an insecure state as CTXSYS's account status is OPEN.
Policy name=Well_known_Accounts
Severity=Warning
Message=Database may be in an insecure state as ORDSYS's account status is OPEN.
Policy name=Well_known_Accounts
Severity=Warning I have two questions :
1. Can i changed those user passowrd using "alter user CTXSYS identified by xxxx" or should i use the EBS application for this porpose ?
2. I am thinking to LOCK those accounts in the future . how can i be sure that they are not in use ?
Thanks

Hi;
For your questions please check below and see its helpful:
How to Change and Which Apps Database Users Passwords Can Be Changed in a Multi-Node Apps Installation? [ID 303621.1]
FNDCPASS Utility New Feature ALLORACLE [ID 398942.1]
How to change the oracle users, APPS, APPLSYS and application module passwords (INV, AR, AP, etc.) for Applications 11.5 in Unix [ID 160214.1]
Also check:
How to find the Culprit?
Regard
Helios

Similar Messages

Policy name and column name inside a policy function

I have the following function associated with a policy in the employee table for SSN and SALARY columns
FUNCTION empid_policy_fn (object_schema IN VARCHAR2, object_name VARCHAR2)
end;
When the policy fires, the schema name and the name of the table are passed onto this function which we can use inside this function but is there a way to get the policy name and the column name which invokes this function?. The problem here is, I'm using same function (common) for multiple policies in different tables and that's why I need to get these details.
Thanks
-Krishnamurthy

Inside your policy function you can query V$VPD_POLICY along with V$SESSION, V$SQL and USER_SEC_RELEVANT_COLS
to get the fired policy name and column_names.
Something like
SELECT v.POLICY, .........
               FROM v$session ss, v$sql s, v$vpd_policy v
              WHERE ss.SID = (SELECT SID
                                FROM v$mystat
                               WHERE ROWNUM = 1)
                AND s.address = ss.sql_address
                AND s.address = v.paraddr
                AND s.hash_value = v.sql_hash
                AND s.child_number = 0HTH

ALERT: DATABASE NAME :EXTFILE: Missing or unreadable external file: DATAPU

Hi,
We are getting alerts
ALERT:<DATABASE NAME>:EXTFILE: Missing or unreadable external file: <DATAPUMP DIRECTORY>bogus.dat
and this file also does not exists in data pump directory.
Pls sugggest any solution to this.
Thanks,
Taruna

'bogus.dat' is internally used by datapump, so see the message as an internal error, which should be reported to Oracle support.
External Tables

Outlook Security Alert - "the name on the security certificate is invalid or does not match the name of the site"

Due to our company changing names, we recently moved to a new domain. All users were at first getting a certificate error when opening Outlook "the name on the security certificate is invalid or does not match the name of the site." After our network
admin made some changes, nobody receives this error anymore except one user. The URL at the top of the security alert is the old domain, mail.olddomain.com. I checked the users Exchange Proxy Settings in Outlook, everything is showing the URL's of the new
domain so I'm not sure where this is coming from. I'm assuming it has to be something on her local machine since she is the only one who still gets the error.
Thanks in advance for any help.
Exchange server 2008
Outlook 2010

Hi,
Please follow all above suggestions to confirm whether the issue happens in OWA. And run Test E-mail AutoConfiguration in Outlook to check whether there is any URL settings using the old domain.
If the issue doesn’t happen in OWA and your URL configurations are all same as others and set correctly, please create a new Outlook profile to have a try.
Thanks,
Winnie Liang
TechNet Community Support

Command "service-policy input policy-name permit-any" will not work

Hi all,
have a SG500 with latest Firmware, but this command will not work.
service-policy input QoS_01 permit-any
i get this error message:
% Wrong number of parameters or invalid range, size or characters entered
without the option "permit-any or deny-any" the command is successfully.
What is the reason?
It is important, directly to specify this options. Otherwise to lose the access to the switch.
Regards
Stefan

Hi Tom,
i have a ACL / ACE and create a QoS "policy table" put the "policy class map" (with class mappings) in it.
And now i will bind this QoS policy to a Ethernet port.
cli tutorial example say:
Use the service-policy Interface Configuration (Ethernet, Port-channel) mode command to bind a policy map to a port/port-channel. Use the no form of this command to detach a policy map from an interface.
This command is only available in QoS advanced mode.
Syntax
service-policy input policy-map-name default-action [permit-any | deny-any]
no service-policy input
Example:
witchxxxxxx(config-if)# service-policy input policy1 permit-any
A cisco support open a ticket for me.
-Stefan

ACE - incomplete 'sh service-policy NAME detail' listing

Hi guys,
our customer reported to me problem with incomplete 'sh service-policy CLIENT_VIP detail' listing. this listing is not complete and ends with 'Unexpected header: 0'.
he reported, that (for example) 25 policy maps in policy-map multi-match working correctly and listing is complete, but more policy maps in the policy-map multi-match cause incomplete listing and this extra policy maps are not working properly.
I tried copy his config file to my ACE, and service policy listing is complete.
any ideas? maybe no more resources for this context (I got no 'sh resource usage' from the customer till now).
ACE SW: 3.0(0)A1(5a)
config has 39 class maps in the class-map multi-match CLIENT_VIP definition
thanks,
martin

I forgot... customer reported behavior, that is very important:
Primary problem is, that removed class from policy-class multi-match is still working (!) and new added class is not working. configuration is ok, because without too many classes in policy-map multi-match are this config parts operational.
is this known defect?
resources usage is without problem.
martin

Not getting alerts even after applied the monitoring policy on user defined group.

Hi,
recently we have installed OEM Ops center 12c for monitoring our oracle servers. I have created a user defined group and applied a userdefined monitoring policy on that group. I have threshold 70% as crtical and 50 % as warning in my monitoring policy.
Some of my servers are having 77% disk utlization and im not getting any alerts for that.
What will be the problem?
When i see the membership of particular group (group -> membership in center pane), im not able to see the monitoring policy name on the monitoring policy column but i have applied policy on that group.
Please help me to resolve the issue.
Thanks,
Veijar

Hi Stijn,
Thanks for the response.
You are right. I was sending personalized iBot to group 'Financial Analyst'. A non-OBI user(Reshmi) belongs to this group.
But still problem has not been completely resolved.Still users in group either Administrator/Financial Analyst not getting alert via mail.
Atleast the users in Administrator group should get alert via mail, since both are defined in rpd.
Now when i send non-personalized ibot to group 'Financial Analyst', All the users other than Reshmi get alert on their dashboard but they don't get alert
via mail.Also Reshmi does not get alert via mail and error file shows error like -
No devices for user: Reshmi.
Now i am not getting the error nQSError: 43001 Authentication failed for Reshmil in repository Star: invalid user/password. (08004)
which i was getting earlier while sending personalized ibot.
I have already defined the Mail tab contents using Job Manager. Also i have selected User Destinations both Interactive Dashboard and Active Delivery
Profile.
Why the users don't get alert via mail? What could be the problem?

Problem Installing Policy Agent 2.2 on Apache 2.2.3

Hi all,
I'm trying to configure policy agent 2.2 on apache 2.2.3 on linux platform CentOS (red hat 5.1).
The configuration and the installation seem to work properly, in effect in the log file install.log you can find :
[06/10/2008 16:38:49:865 CEST] Creating directory layout and configuring Agent file for Agent_001 instance ...SUCCESSFUL.
[06/10/2008 16:38:49:936 CEST] Reading data from file /opt/web_agents/apache22_agent/passwordFile and encrypting it ...SUCCESSFUL.
[06/10/2008 16:38:49:937 CEST] Generating audit log file name ...SUCCESSFUL.
[06/10/2008 16:38:50:022 CEST] Creating tag swapped AMAgent.properties file for instance Agent_001 ...SUCCESSFUL.
[06/10/2008 16:38:50:026 CEST] Creating a backup for file /etc/httpd/conf/httpd.conf ...SUCCESSFUL.
[06/10/2008 16:38:50:031 CEST] Adding Agent parameters to /opt/web_agents/apache22_agent/Agent_001/config/dsame.conf file ...SUCCESSFUL.
[06/10/2008 16:38:50:032 CEST] Adding Agent parameters to /etc/httpd/conf/httpd.conf file ...SUCCESSFUL.
But, when I try to restart Apache it gives me an error and in the error.log file in Apache you can read:
[Tue Jun 10 16:57:33 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 10 16:57:34 2008] [notice] Digest: generating secret for digest authentication ...
[Tue Jun 10 16:57:34 2008] [notice] Digest: done
[Tue Jun 10 16:57:34 2008] [alert] Policy web agent configuration failed: NSPR error
Configuration Failed
Well, I found in the Sun documentation a well known bug about the NSPR and NSS library :
Error message issued during installation of Policy Agent 2.2 on Linux systems
When the Linux operating system is installed, specific components can be selected. Occasionally the specific components of the operating system selected lack the libraries necessary for Policy Agent 2.2 to function. When the complete Linux operating system is installed, all the required libraries are available. The libraries that are required for the agent to function are as follows: NSPR, NSS, and libxml2.
Workaround: If the Linux operating system you are using is not complete, install the latest versions of these libraries as described in the steps that follow:
At the time this note was added, the latest version of the NSPR library packages was NSPR 4.6.x , while the latest version of the NSS library package was NSS 3.11.x.
To Install Missing Libraries for Policy Agent 2.2 on Linux Systems
*+
Install the NSS, and libxml2 libraries. These libraries are usually available as part of Linux installation media. NSPR and NSS are available as part of Mozilla binaries/development packages. You can also check the following sites:
o
NSPR: http://www.mozilla.org/projects/nspr/
o
NSS: http://www.mozilla.org/projects/security/pki/nss/
So, I checked my libraries but they are upgraded to the latest version.
If I comment the line that includes the libamapc22.so in the apache configuration file
LoadModule dsame_module /opt/web_agents/apache22_agent/lib/libamapc22.so
Apache can restart but the agent is misconfigurated!
Any Idea?

thank you Subhodeep for your reply,
I didn't try to change the library file and I didn't find in licterature any information about library file changing in the Policy agent installation. Please, could you suggest me something more about which library to use instead of libamapc22.so?
ps. I am using red hat 5.1, and from the release note of the policy agent seems that the latest platform version supported is red hat enterprise linux 4.0 versions.....
this one could definitely be the reason of the misconfiguration.

SID Showing instead of friendly name after renaming the server

I had to rename a windows 2012 R2 server and after I rename it, Sever is showing SID instead of user friendly name.
Even when I try to add new domain group or user in any resourse of this server, the friendly name disappear, soon after I hit apply button.
So far I have done the following
disjoin/rejoin - same result
disjoin >delete AD account > Rejoin - same result
I confirm that I have see the new server name in AD. DNS is OK too. Could find anything (i think) related to this problem.
I can see the following errors
1. The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. EVENT ID 10010
2. The processing of Group Policy failed. Windows could not determine if
the user and computer accounts are in the same forest. Ensure the user
domain name matches the name of a trusted domain that resides in the
same forest as the computer account. . Event ID 1110
3. Netloon server could not add the autZ RPC interface. The service
was terminated. the following error occured. " Not enough sesources are
available to compete this operation Event id 5820
4. The UAC file Virtulatization service failed to start due to the
following error: This driver has been blocked from loading.Event ID 7000
I have not deleted the computer account in the second time. Then
rejoin but this time i didn't get the message but the issue with SID
showing instead of friendly name is still there. These are related , i
can see
I can see the server in the domain and DNS also updated.
When I run GPReuslt, it shows
Data collected on: 20/03/2014 3:17:09 PM
Summary
During last computer policy refresh on
20/03/2014 3:00:29 PM
<v:group alt="Error" class="vmlimage"
coordsize="100,100"
style="width:15px;height:15px;vertical-align:middle;"><v:oval
class="vmlimage" coordsize="21600,21600" fillcolor="red"
strokecolor="red"
style="width:100px;height:100px;"></v:oval><v:line
class="vmlimage" from="25,25" strokecolor="white" strokeweight="2.25pt"
style="" to="75,75"></v:line><v:line
class="vmlimage" from="75,25" strokecolor="white" strokeweight="2.25pt"
style="" to="25,75"></v:line></v:group>
1
Errors Detected
<v:group alt="Warning" class="vmlimage"
coordsize="100,100"
style="width:15px;height:15px;vertical-align:middle;"><v:shape
class="vmlimage" coordsize="100,100" fillcolor="yellow"
path=" m50,0 l0,99,99,99 xe" strokecolor="yellow"
style="width:100px;height:100px;"><v:path></v:path></v:shape><v:rect
class="vmlimage" coordsize="21600,21600" fillcolor="black"
strokecolor="black"
style="width:10px;height:35px;"></v:rect><v:rect
class="vmlimage" coordsize="21600,21600" fillcolor="black"
strokecolor="black"
style="width:10px;height:5px;"></v:rect></v:group>
A fast link was detected More information...
<v:group alt="Warning" class="vmlimage"
coordsize="100,100"
style="width:15px;height:15px;vertical-align:middle;"><v:shape
class="vmlimage" coordsize="100,100" fillcolor="yellow"
path=" m50,0 l0,99,99,99 xe" strokecolor="yellow"
style="width:100px;height:100px;"><v:path></v:path></v:shape><v:rect
class="vmlimage" coordsize="21600,21600" fillcolor="black"
strokecolor="black"
style="width:10px;height:35px;"></v:rect><v:rect
class="vmlimage" coordsize="21600,21600" fillcolor="black"
strokecolor="black"
style="width:10px;height:5px;"></v:rect></v:group>
The following GPOs have special alerts
GPO
Name
Alert
Default Policy
AD / SYSVOL Version
Mismatch
During last user policy refresh on
20/03/2014 3:00:29 PM
<v:group alt="Error" class="vmlimage"
coordsize="100,100"
style="width:15px;height:15px;vertical-align:middle;"><v:oval
class="vmlimage" coordsize="21600,21600" fillcolor="red"
strokecolor="red"
style="width:100px;height:100px;"></v:oval><v:line
class="vmlimage" from="25,25" strokecolor="white" strokeweight="2.25pt"
style="" to="75,75"></v:line><v:line
class="vmlimage" from="75,25" strokecolor="white" strokeweight="2.25pt"
style="" to="25,75"></v:line></v:group>
1
Errors Detected
<v:group alt="Warning" class="vmlimage"
coordsize="100,100"
style="width:15px;height:15px;vertical-align:middle;"><v:shape
class="vmlimage" coordsize="100,100" fillcolor="yellow"
path=" m50,0 l0,99,99,99 xe" strokecolor="yellow"
style="width:100px;height:100px;"><v:path></v:path></v:shape><v:rect
class="vmlimage" coordsize="21600,21600" fillcolor="black"
strokecolor="black"
style="width:10px;height:35px;"></v:rect><v:rect
class="vmlimage" coordsize="21600,21600" fillcolor="black"
strokecolor="black"
style="width:10px;height:5px;"></v:rect></v:group>
A fast link was detected More information...
Please help
I feel like, something is blocking the user-friendly name to display in that server. I could be wrong.
I have also noticed that Netlogon service is not running. Try to run, it gives error Error 1721: Not enough resources are available to complete this operation.
please help.

Hi,
Would you please tell us that are all user names displayed as SIDs, or only some of them after you renamed the server?
Here are some related links below I suggest you refer to:
Event ID 1110 — Group Policy Preprocessing (Active Directory)
http://technet.microsoft.com/en-us/library/cc727342(v=WS.10).aspx
Error Message:
http://technet.microsoft.com/en-us/library/cc940521.aspx
"AD / SYSVOL version mismatch" message is displayed unexpectedly in the Group Policy Results report in Windows
http://support.microsoft.com/kb/2866345
Best Regards,
Amy Wang

WLS 10.3.0 - Scheduled Custom data retirement policy not running

I am trying to use a custom retirement policy and scheduling it to run every hour. When I run it manually from the console it works, (I can see log message about the policy being run) but the scheduled run never happens.
I have other policy for HarvestedDataArchive scheduled with the same parameters and that is running as exepected.
Here is the excerpt from config.xml file
<server-diagnostic-config>
<diagnostic-store-dir>data/store/diagnostics</diagnostic-store-dir>
<diagnostic-data-archive-type>FileStoreArchive</diagnostic-data-archive-type>
<data-retirement-enabled>true</data-retirement-enabled>
<preferred-store-size-limit>100</preferred-store-size-limit>
<store-size-check-period>1</store-size-check-period>
<wldf-data-retirement-by-age>
<name>DataRetirementPolicy-1</name>
<enabled>true</enabled>
<archive-name>HarvestedDataArchive</archive-name>
<retirement-time>0</retirement-time>
<retirement-period>1</retirement-period>
<retirement-age>744</retirement-age>
</wldf-data-retirement-by-age>
<wldf-data-retirement-by-age>
<name>DrpOsbAlert</name>
<enabled>true</enabled>
<archive-name>CUSTOM/com.bea.wli.monitoring.alert</archive-name>
<retirement-time>0</retirement-time>
<retirement-period>1</retirement-period>
<retirement-age>744</retirement-age>
</wldf-data-retirement-by-age>
</server-diagnostic-config>
Is there any known issues with custom policies, am I missing something in the configuration?
Thanks a lot
Juan

I am trying to use a custom retirement policy and scheduling it to run every hour. When I run it manually from the console it works, (I can see log message about the policy being run) but the scheduled run never happens.
I have other policy for HarvestedDataArchive scheduled with the same parameters and that is running as exepected.
Here is the excerpt from config.xml file
<server-diagnostic-config>
<diagnostic-store-dir>data/store/diagnostics</diagnostic-store-dir>
<diagnostic-data-archive-type>FileStoreArchive</diagnostic-data-archive-type>
<data-retirement-enabled>true</data-retirement-enabled>
<preferred-store-size-limit>100</preferred-store-size-limit>
<store-size-check-period>1</store-size-check-period>
<wldf-data-retirement-by-age>
<name>DataRetirementPolicy-1</name>
<enabled>true</enabled>
<archive-name>HarvestedDataArchive</archive-name>
<retirement-time>0</retirement-time>
<retirement-period>1</retirement-period>
<retirement-age>744</retirement-age>
</wldf-data-retirement-by-age>
<wldf-data-retirement-by-age>
<name>DrpOsbAlert</name>
<enabled>true</enabled>
<archive-name>CUSTOM/com.bea.wli.monitoring.alert</archive-name>
<retirement-time>0</retirement-time>
<retirement-period>1</retirement-period>
<retirement-age>744</retirement-age>
</wldf-data-retirement-by-age>
</server-diagnostic-config>
Is there any known issues with custom policies, am I missing something in the configuration?
Thanks a lot
Juan

Policy web agent configuration failed: NSPR error Configuration Failed!!!!

I am having troubles to install agent Apache 2.2!!!!!
The libamapc22.so uses libstdc++.so.5....
so i have this error:
root@ped-02 bin# service httpd start
Starting httpd: httpd: Syntax error on line 995 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /opt/web_agents/apache22_agent/Agent_006/config/dsame.conf: Cannot load n/opt/web_agents/apache22_agent/lib/libamapc22.so into server: libstdc++.so.5: cannot open shared object file: No such file or directory
In my OS is Installed the libstdc++.so.6
if I Install the libstdc++.so.5
I have this error:
[Wed Aug 20 15:50:35 2008] [notice] Digest: generating secret for digest authentication ...
[Wed Aug 20 15:50:35 2008] [notice] Digest: done
[Wed Aug 20 15:50:35 2008] [alert] Policy web agent configuration failed: NSPR error Configuration Failed
So I have installed NSPR and NSS but this error persists.
In log /opt/web_agents/apache22_agent/Agent_006/logs/debug/amAgent
===========
2008-08-20 16:16:36.152 Error 18271:b949c3d0 all: Connection::initialize() unable to initialize SSL libraries: NSS_Initialize returned -8128
2008-08-20 16:16:36.156 Error 18271:b949c3d0 all: initialization error: am_properties_load(com.sun.am.policy.agents.config.stopInInit) failed, error = NSPR error (12): exiting...
2008-08-20 16:16:36.156 Error 18271:b949c3d0 all: Process initialization failure:NSPR error
My configuration: ---- AMAgent.properties
com.sun.am.cookie.name = iPlanetDirectoryPro
com.sun.am.cookie.secure = false
com.sun.am.naming.url = http://accessmanager.coreo.network.ctbc:8080/opensso/namingservice
com.sun.am.policy.am.login.url = http://accessmanager.coreo.network.ctbc:8080/opensso/UI/Login
com.sun.am.policy.agents.config.local.log.file =/opt/web_agents/apache22_agent/Agent_006/logs/debug/amAgent
com.sun.am.policy.agents.config.local.log.rotate = false
com.sun.am.policy.agents.config.remote.log = amAuthLog.accessmanager.coreo.network.ctbc.80
com.sun.am.log.level =
com.sun.am.policy.am.username = amadmin
com.sun.am.policy.am.password = fhfeUCQselvAndSuo17Pww==
com.sun.am.sslcert.dir =
com.sun.am.certdb.prefix =
com.sun.am.trust_server_certs = true
com.sun.am.notification.enable = false
com.sun.am.notification.url=http://accessmaager.coreo.network.ctbc:80/UpdateAgentCacheServlet?shortcircuit=false
com.sun.am.policy.am.url_comparison.case_ignore = true
com.sun.am.policy.am.polling.interval=3
com.sun.am.sso.polling.period=3
com.sun.am.policy.am.userid.param=UserToken
com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organizational-unit,o|organization,mail|email,employeenumber|employee-number,c|country
com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
com.sun.am.policy.agents.config.session.attribute.map=
com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
com.sun.am.policy.agents.config.response.attribute.map=
com.sun.am.load_balancer.enable = false
com.sun.am.policy.agents.config.version=2.2
com.sun.am.policy.agents.config.audit.accesstype = LOG_DENY
com.sun.am.policy.agents.config.agenturi.prefix = http://accessmanager.coreo.network.ctbc:80/amagent
com.sun.am.policy.agents.config.locale = en_US
com.sun.am.policy.agents.config.instance.name = unused
com.sun.am.policy.agents.config.do_sso_only = false
com.sun.am.policy.agents.config.accessdenied.url =
com.sun.am.policy.agents.config.fqdn.check.enable = true
com.sun.am.policy.agents.config.fqdn.default = accessmanager.coreo.network.ctbc
com.sun.am.policy.agents.config.fqdn.map =
com.sun.am.policy.agents.config.cookie.reset.enable=false
com.sun.am.policy.agents.config.cookie.reset.list=
com.sun.am.policy.agents.config.cookie.domain.list=
com.sun.am.policy.agents.config.anonymous_user=anonymous
com.sun.am.policy.agents.config.anonymous_user.enable=false
com.sun.am.policy.agents.config.notenforced_list = SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/UI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTCONSOLE_DEPLOY_URI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/login_images/* SERVER_PROTO://SERVER_HOST:SERVER_PORT/docs* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/namingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/sessionservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/loggingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/profileservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/policyservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/config* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/js/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/css/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/authservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLAwareServlet SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLSOAPReceiver SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLPOSTProfileServlet
com.sun.am.policy.agents.config.notenforced_list.invert = false
com.sun.am.policy.agents.config.notenforced_client_ip_list =
com.sun.am.policy.agents.config.postdata.preserve.enable = false
com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
com.sun.am.policy.agents.config.client_ip_validation.enable = false
com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
com.sun.am.policy.agents.config.logout.url=
com.sun.am.policy.agents.config.logout.cookie.reset.list =
com.sun.am.policy.am.fetch_from_root_resource = true
com.sun.am.policy.agents.config.get_client_host_name = true
com.sun.am.policy.agents.config.convert_mbyte.enable = false
com.sun.am.policy.agents.config.ignore_path_info = false
com.sun.am.policy.agents.config.override_protocol =
com.sun.am.policy.agents.config.override_host =
com.sun.am.policy.agents.config.override_port =
com.sun.am.policy.agents.config.override_notification.url =
com.sun.am.policy.agents.config.connection_timeout =
com.sun.am.receive_timeout = 0
com.sun.am.connect_timeout = 0
com.sun.am.poll_primary_server = 5
com.sun.am.tcp_nodelay.enable = false
com.sun.am.policy.agents.config.encode_url_special_chars.enable = false
com.sun.am.policy.agents.config.iis.filter_priority = HIGH
com.sun.am.policy.agents.config.cdsso.enable=false
com.sun.am.policy.agents.config.cdcservlet.url = http://accessmanager.coreo.network.ctbc:8080/opensso/cdcservlet
Jonathan Costa Muniz.

Hi joncmuniz,
Are you managed to resolve this problem? I have the same.
In logs i have such information:
2008-10-08 16:48:02.471   Debug 23153:84d5368 all: Connection::initialize() calling NSS_Initialize() with directory = "" and prefix = ""
2008-10-08 16:48:02.471   Debug 23153:84d5368 all: Connection::initialize() Connection timeout wen receiving data = 0 milliseconds
2008-10-08 16:48:02.472   Error 23153:84d5368 all: Connection::initialize() unable to initialize SSL libraries: NSS_Initialize returned -8128
2008-10-08 16:48:02.475   Error 23153:84d5368 all: initialization error: am_properties_load(com.sun.am.policy.agents.config.stopInInit) failed, error = NSPRerror (12): exiting...
2008-10-08 16:48:02.475   Error 23153:84d5368 all: Process initialization failure:NSPR errorI think the problem is with certificates, but i can't point where.
Can you help?

In r12 What is use of Purge log and Closed system alerts

Hi
In r12 What is use Concurrent reqest "Purge logs and Closed system alerts "
is there any diffrence with "Purge Concurrent Request and/or Manager Data Program"
we have to purge cm logs and data.
'

In r12 What is use Concurrent reqest "Purge logs and Closed system alerts "The concurrent program "Purge Debug Log and System Alerts" (Short name: FNDLGPRG) is the recommended way to purge messages. This program purges all messages up to the specified date, except messages for active transactions (new or open alerts, active ICX sessions, concurrent requests, and so on). This program is by default scheduled to run daily and purge messages older than 7 days. Internally this concurrent program invokes the FND_LOG_ADMIN APIs, which are described later in this document.
Oracle® Applications Supportability Guide Release 12
http://download.oracle.com/docs/cd/B40089_09/current/acrobat/120fndsupp.pdf
is there any diffrence with "Purge Concurrent Request and/or Manager Data Program" This concurrent program is used to purge concurrent requests log/out file, and/or CM log files.
we have to purge cm logs and data.Use "Purge Concurrent Request and/or Manager Data" concurrent program.

I get a Group Policy Disk Quota failure at every system start

This is very long, my apologies
I asked this question about a month ago and then had some medical problems so I'm starting over again.
Whenever I start my system I get a message on the screen that the system is trying to run Group Policy for Disk Quotas. To my knowledge I've never set a disk quota policy and I can't find any indication that one is currently set. I freely admit
that I could be responsible for this. I might have done something in the early days of the system because it wasn't happening for the first month or two.
This time I did more reading and found a procedure on TechNet at:
"http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx" which led me step by step through the procedure, although I still can't make sense of the results.
So far I've verified that there are no policies set and that all the hard drives (3) have the Disk Quota bit 'disabled'. I did this as 'Administrator'.
The results from the TechNet procedure turned out to be quite long but I'm listing it here in hope that someone in the community will be familiar with this problem and be able to use the information to figure out the problem.
Here are the results:
From: TechNet Group Policy Testing
( "http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx" )
1 - Troubleshooting using the Group Policy operational log
   a - Determine the instance of Group Policy processing
   (Before you view the Group Policy operational log, you must first determine
   the instance of Group Policy processing that failed.)
My ActivityID from the Group Policy operational log = C87E5BC2-FD21-4794-B678-787AB587D8D5
2 - Create a custom view, via a query, of the Group Policy instance
My resultant query:
<QueryList><Query Id="0" Path="Application"><Select Path="Microsoft-Windows-GroupPolicy/Operational">*[System/Correlation/@ActivityID='{C87E5BC2-FD21-4794-B678-787AB587D8D5}']</Select></Query></QueryList>
3 - Results of running the query from step 2 are listed below, in chronological order, including the complete 'detail' sections from each event.
event 4000
Event Description(s) = Computer startup
BEGIN DETAIL SECTION-----------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 4000
   Version 1
   Level 4
   Task 0
   Opcode 1
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.598400000Z
   EventRecordID 22707
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  PolicyActivityId {C87E5BC2-FD21-4794-B678-787AB587D8D5}
  PrincipalSamName WORKGROUP\GROK$
  IsMachine 1
  IsDomainJoined false
  IsBackgroundProcessing false
  IsAsyncProcessing false
  IsServiceRestart false
  ReasonForSyncProcessing 2
END DETAIL SECTION-------------------------------------------------------------------------------
event 5320
Event Description(s) = Checking for Group Policy client extensions that are not part of the system.
Event Description(s) = Service configuration update to standalone is not required and will be skipped.
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5320
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22711
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  InfoDescription %%4161
END DETAIL SECTION-------------------------------------------------------------------------------
event 5313
Event Description(s) = The following Group Policy objects were not applicable because they were filtered out :
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5313
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22710
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  DescriptionString None
  GPOInfoList
END DETAIL SECTION-------------------------------------------------------------------------------
event 5311
Event Description(s) = The loopback policy processing mode is "No loopback mode".
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5311
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22708
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  PolicyProcessingMode 0
END DETAIL SECTION-------------------------------------------------------------------------------
event 5312
Event Description(s) = List of applicable Group Policy objects:
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5312
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22709
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  DescriptionString Local Group Policy
  GPOInfoList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name><Version>524296</Version><SOM>Local</SOM><FSPath>C:\Windows\System32\GroupPolicy\Machine</FSPath><Extensions>[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{3610EDA5-77EF-11D2-8DC5-00C04FA31A66}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{F3CCC681-B74C-4060-9F26-CD84525DCA2A}{0F3F3735-573D-9804-99E4-AB2A69BA5FD4}]</Extensions></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 4016
Event Description(s) = Starting Microsoft Disk Quota Extension Processing.
Event Description(s) = List of applicable Group Policy objects: (Changes were detected.)
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 4016
   Version 0
   Level 4
   Task 0
   Opcode 1
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22714
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEExtensionId {3610EDA5-77EF-11D2-8DC5-00C04FA31A66}
  CSEExtensionName Microsoft Disk Quota
  IsExtensionAsyncProcessing false
  IsGPOListChanged true
  GPOListStatusString %%4102
  DescriptionString Local Group Policy
  ApplicableGPOList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 5320
Event Description(s) = Finished checking for non-system extensions.
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5320
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22713
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
  - Security
   [ UserID] S-1-5-18
- EventData
  InfoDescription %%4165
END DETAIL SECTION-------------------------------------------------------------------------------
event 4016
Event Description(s) = Starting Audit Policy Configuration Extension Processing.
Event Description(s) = List of applicable Group Policy objects: (No changes were detected.)
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 4016
   Version 0
   Level 4
   Task 0
   Opcode 1
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:21.987200000Z
   EventRecordID 22718
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEExtensionId {F3CCC681-B74C-4060-9F26-CD84525DCA2A}
  CSEExtensionName Audit Policy Configuration
  IsExtensionAsyncProcessing true
  IsGPOListChanged false
  GPOListStatusString %%4101
  DescriptionString Local Group Policy
  ApplicableGPOList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 7016
Event Description(s) = Completed Microsoft Disk Quota Extension Processing in 108374 milliseconds.
BEGIN DETAIL SECTION-------------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 7016
   Version 0
   Level 2
   Task 0
   Opcode 2
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:21.987200000Z
   EventRecordID 22717
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEElaspedTimeInMilliSeconds 108374
  ErrorCode 2147942402
  CSEExtensionName Microsoft Disk Quota
  CSEExtensionId {3610EDA5-77EF-11D2-8DC5-00C04FA31A66}
END DETAIL SECTION-----------------------------------------------------------------------------------------
event 5016
Event Description(s) = Completed Microsoft Disk Quota Extension Processing in 108374 milliseconds.
BEGIN DETAIL SECTION----------------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5016
   Version 0
   Level 4
   Task 0
   Opcode 2
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:22.314800000Z
   EventRecordID 22720
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEElaspedTimeInMilliSeconds 312
  ErrorCode 2147483658
  CSEExtensionName Audit Policy Configuration
  CSEExtensionId {F3CCC681-B74C-4060-9F26-CD84525DCA2A}
END DETAIL SECTION-----------------------------------------------------------------------------------------
Event 8000
Event Description(s) = Completed computer boot policy processing for WORKGROUP\GROK$ in 108 seconds.
BEGIN DETAIL SECTION----------------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 8000
   Version 1
   Level 4
   Task 0
   Opcode 2
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:22.330400000Z
   EventRecordID 22721
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  PolicyElaspedTimeInSeconds 108
  ErrorCode 0
  PrincipalSamName WORKGROUP\GROK$
  IsMachine 1
  IsConnectivityFailure false
END DETAIL SECTION-----------------------------------------------------------------------------------------
End of results.
Thanks to all,
wegrok
Win7 Ultimate x64, 8 GB ram, AMD Phenom 9950 Quad-proc @2.6Ghz, HD = 1TB ASUS M4N72-E mobo, Video = NVIDIA GeForce 8800 GT w/ Dell 2407 Digital Monitor -------------------------------------------------------------------------------------------------------

Did you ever have luck tracking this down? Im getting this error and have no clue where it is coming from. I have not enabled gp disk quotas, but I do have a network share on a domain member server that has quotas attached to each users folder.
I removed the quotas and still get this error when I manually perform a gpupdate.

Renewed my subca now I get A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider

Hello
My subca certificate was about to expire so I renewed it with the same key and since then my wireless will not connect. I get the following error from NPS:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID:
AD\4411CB8CD34A2AA$
Account Name:
host/4411CB8CD34A2AA.ad.***.org
Account Domain:
AD
Fully Qualified Account Name:
AD\4411CB8CD34A2AA$
Client Machine:
Security ID:
NULL SID
Account Name:
Fully Qualified Account Name:
OS-Version:
Called Station Identifier:
f4-1f-c2-e6-0e-40:***-private
Calling Station Identifier:
e0-06-e6-c2-96-b7
NAS:
NAS IPv4 Address:
10.0.2.85
NAS IPv6 Address:
NAS Identifier:
DOM-WLC1
NAS Port-Type:
Wireless - IEEE 802.11
NAS Port:
13
RADIUS Client:
Client Friendly Name:
NPS Proxy 1
Client IP Address:
10.0.2.12
Authentication Details:
Connection Request Policy Name:
Wireless Clients
Network Policy Name:
Wireless Clients
Authentication Provider:
Windows
Authentication Server:
DOM-DC1.ad.****.org
Authentication Type:
EAP
EAP Type:
Microsoft: Smart Card or other certificate
Account Session Identifier:
Logging Results:
Accounting information was written to the local log file.
Reason Code:
295
Reason:
A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
How do i make the policy provider trust this new certificate that was created? When i renewed the certificate everything looks good on the subca and root ca. The new certificate is not in the nps servers so i tried manually importing it and that still did
not work. I noticed when i open the wireless network policy properties under constraints and open the Microsoft: Smart Card or other certificate eap type the new certificate is not in there. Any suggestions? Thank you!

can you copy client certificate to NPS server and run the following command against this certificate:
certutil -verify -urlfetch path\clientcert.cer
and show us the output.
Vadims Podāns, aka PowerShell CryptoGuy
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell File Checksum Integrity Verifier tool.

Retrieve Client IP Address in a Oracle WebServices Manager Custom Policy

Hi everybody,
For some reasons i had to implement a custom policy in the OWSM, to restrict the access to webservices by Client IP Addresses. I´ve been following the examples for custom policies mentioned in the books: "Oracle Web Services Manager, Oracle Web Services Manager" by Sitaraman Lakshminarayanan, and the "Oracle® Web Services Manager Extensibility Guide 10g (10.1.3.3.0)" by Oracle. I followed the examples mentioned in those books to implement my Custom policy, the policy is successfully deployed to OWSM and it works, only by the issue that when i want to retrieve the Client Ip address it returns null, and following the example by the Oracle Guide, the HttpServletRequest its also returns null, im desperated because in every site that i finally find some info about it, quotes any of these 2 examples in those books, and mine doesnt work! this is the code of the custom policy, i´ve combined the 2 aproaches:
package project1;
import com.cfluent.ccore.util.logging.ILogger;
import com.cfluent.ccore.util.logging.Level;
import com.cfluent.ccore.util.logging.LogManager;
import com.cfluent.pipelineengine.container.MessageContext;
import com.cfluent.policysteps.sdk.AbstractStep;
import com.cfluent.policysteps.sdk.Fault;
import com.cfluent.policysteps.sdk.IMessageContext;
import com.cfluent.policysteps.sdk.IResult;
import com.cfluent.policysteps.sdk.InvocationStatus;
import com.cfluent.policysteps.sdk.Result;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
public class CustomPolicy extends AbstractStep {
private static String CLASSNAME = CustomPolicy.class.getName();
private static ILogger LOGGER = LogManager.getLogger(CLASSNAME);
private String allowedIpAddress = null;
private String allowedRoleName = null;
private String protectedServiceMethodName = null;
public CustomPolicy() {
public void init() throws IllegalStateException {
// nothing to initialize
public void destroy() {
* This is the main method which will validate that the request is coming from
* the correct IP Address and has permission to access the specified metod.
public IResult execute(IMessageContext messageContext) throws Fault {
LOGGER.entering(CLASSNAME, "execute");
Result result = new Result();
result.setStatus(IResult.FAILED); //initialize result
String processingStage = messageContext.getProcessingStage();
LOGGER.log(Level.INFO, "Processing stage is " + processingStage);
HttpServletRequest httpServletRequest = (HttpServletRequest)
messageContext.getProperty("javax.servlet.request");
String remoteAddr = httpServletRequest.getHeader("Host");
LOGGER.log(Level.SEVERE, "Dir IP:"+remoteAddr);
String remoteHost = httpServletRequest.getRemoteHost();
LOGGER.log(Level.INFO, "ADDR" + remoteAddr+ "HOST"+remoteHost);
boolean isRequest =
(IMessageContext.STAGE_REQUEST.equals(messageContext.getProcessingStage()) ||
IMessageContext.STAGE_PREREQUEST.equals(messageContext.getProcessingStage()));
//Execute the step Only when its a Request pipeline else return success
if (!isRequest) {
result.setStatus(IResult.SUCCEEDED);
return result;
MessageContext msgCtxt = (MessageContext)messageContext;
String _MethodName = msgCtxt.getRequest().getMethodName();
LOGGER.log(Level.INFO,
"Writing Allowed IP Addr before creating SOAP header " +
allowedIpAddress);
LOGGER.log(Level.INFO,
"Writing Remote IP Addr before creating SOAP header " +
msgCtxt.getRemoteAddr());
/*LOGGER.log(Level.INFO,
"Writing Remote IP Addr before creating SOAP header " +
remoteAddr);*/
String cadTempo = allowedIpAddress;
Vector vect = new Vector();
for (int i = 0; i < allowedIpAddress.length(); i++) {
if (cadTempo.indexOf(",") != -1) {
//vect.add(cadTempo.substring(0, cadTempo.indexOf(",") - 1));
vect.add(cadTempo.substring(0, cadTempo.indexOf(",")));
cadTempo =
cadTempo.substring(cadTempo.indexOf(",") + 1, cadTempo.length());
LOGGER.log(Level.INFO,
"AQUI111");
} else {
if (!cadTempo.equalsIgnoreCase("")) {
vect.add(cadTempo);
LOGGER.log(Level.INFO,
"AQUI222");
break;
for(int i=0;i<vect.size();i++){
String temp = (String)vect.get(i);
if (temp.equals(msgCtxt.getRemoteAddr()) &&
_MethodName.equals(protectedServiceMethodName)) {
LOGGER.log(Level.INFO,
"AQUI333");
result.setStatus(IResult.SUCCEEDED);
break;
} else {
msgCtxt.getInvocationStatus().setAuthorizationStatus(InvocationStatus.FAILED);
LOGGER.log(Level.INFO,
"AQUI444");
/*if(allowedIpAddress!=null){
result.setStatus(IResult.SUCCEEDED);
/*if (allowedIpAddress.equals(msgCtxt.getRemoteAddr()) &&
_MethodName.equals(protectedServiceMethodName)) {
result.setStatus(IResult.SUCCEEDED);
} else {
msgCtxt.getInvocationStatus().setAuthorizationStatus(InvocationStatus.FAILED);
// Set the result to SUCCESS
//result.setStatus(IResult.SUCCEEDED);
return result;
public String getIpAddress() {
return allowedIpAddress;
public void setIpAddress(String IpAddress) {
this.allowedIpAddress = IpAddress;
LOGGER.log(Level.INFO, "IP Address is.. " + allowedIpAddress);
public String getServiceMethodName() {
return protectedServiceMethodName;
public void setServiceMethodName(String serviceMethodName) {
this.protectedServiceMethodName = serviceMethodName;
public String getRoleName() {
return allowedRoleName;
public void setRoleName(String roleName) {
this.allowedRoleName = roleName;
And the xml:
<csw:StepTemplate xmlns:csw="http://schemas.confluentsw.com/ws/2004/07/policy"
name="Custom authenticate step" package="project1"
timestamp="Oct 31, 2005 05:00:00 PM" version="1"
id="0102030405">
<csw:Description>Custom step that authenticates the user against the
credentials entered here. This step requires Extract
credentials to be present before it in the request pipeline.</csw:Description>
<csw:Implementation>project1.CustomPolicy</csw:Implementation>
<csw:PropertyDefinitions>
<csw:PropertyDefinitionSet name="Basic Properties">
<csw:PropertyDefinition name="Enabled" type="boolean">
<csw:Description>If set to true, this step is enabled</csw:Description>
<csw:DefaultValue>
<csw:Absolute>true</csw:Absolute>
</csw:DefaultValue>
</csw:PropertyDefinition>
</csw:PropertyDefinitionSet>
<csw:PropertyDefinitionSet name="Custom Access Rules">
<csw:PropertyDefinition name="IpAddress" type="string" isRequired="true">
<csw:DisplayName>IpAddress</csw:DisplayName>
<csw:Description>IP Address that is allowed access</csw:Description>
<csw:DefaultValue>
<csw:Absolute>192.168.0.1</csw:Absolute>
</csw:DefaultValue>
</csw:PropertyDefinition>
<csw:PropertyDefinition name="ServiceMethodName" type="string"
isRequired="true">
<csw:DisplayName>ServiceMethodName</csw:DisplayName>
<csw:Description>Service Method Name that is Protected (Secured)</csw:Description>
<csw:DefaultValue>
<csw:Absolute>getTime</csw:Absolute>
</csw:DefaultValue>
</csw:PropertyDefinition>
</csw:PropertyDefinitionSet>
</csw:PropertyDefinitions>
</csw:StepTemplate>
Please any tip or idea is welcome, thanks in advance for the help.
Carlos.

Hi again
copied your code for testing. And it works fine.
So both the code and policy-step definition is fine, log output below.
What is your log output?
Using soapui to send the request will give the ip of my localhost, using the test client will give the ip of the server, because that is the actual client.
I guess the server ip is 192.168.0.1 in your case, as you are testing from test console.
<b>anyway, results from SOAPUI:</b>
2009-05-19 09:52:15,096 FINE [HTTPThreadGroup-4] CSWComponent - Executing policy step. Policy='SID0003004', Step Name='Custom Policy Step', Step Class='com.*.soa.wsm.CustomPolicy'
2009-05-19 09:52:15,096 FINER [HTTPThreadGroup-4] wsm.CustomPolicy - com.*.soa.wsm.CustomPolicy execute:ENTERING
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Processing stage is Request
2009-05-19 09:52:15,096 SEVERE [HTTPThreadGroup-4] wsm.CustomPolicy - Dir IP:hostname.domain:8890
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - ADDRhostname.domain:8890HOST10.47.89.116
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - MethodName=getHostNameElement
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Allowed IP Addr before creating SOAP header 10.47.89.116, 192.168.0.1
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Remote IP Addr before creating SOAP header 10.47.89.116
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI111
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI222
2009-05-19 09:52:15,097 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI333
2009-05-19 09:52:15,097 FINER [HTTPThreadGroup-4] agent.Agent - com.cfluent.agent.Agent intercept:ENTERING
<b>But if I use the test client the remote IP would be 10.47.137.50 and execution fails, as code is written</b>
<i>
2009-05-19 09:54:12,266 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Allowed IP Addr before creating SOAP header 10.47.89.116, 192.168.0.1
2009-05-19 09:54:12,266 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Remote IP Addr before creating SOAP header 10.47.137.50
2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI111
2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI222
2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI444
2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI444
2009-05-19 09:54:12,267 FINE [HTTPThreadGroup-4] CSWComponent - Step execution failed: Policy=[SID0003004] Pipeline=[Request] Step Name=[Custom Policy Step] Step Class=[com.tandberg.soa.wsm.CustomPolicy]
2009-05-19 09:54:12,267 FINER [HTTPThreadGroup-4] common.PrepareForServiceStep - Step PrepareForServiceStep called
</i>

EM Alert: Policy name=Well_known_Accounts

Similar Messages

Maybe you are looking for