Exception: "Could not validate SAML Token"
We have an evaluation system setup that we are using to generate PDF from PS. We're connecting via the EJB client, and typically have had no problems. Until today. At some point today we began seeing exceptions being thrown on the client:
Caused by: com.adobe.idp.um.api.UMException | [com.adobe.idp.um.api.impl.AuthenticationManagerImpl] errorCode:16421 errorCodeHEX:0x4025 message:Could not validate SAML Token --- Assertion has expired and hence not valid for user [administrator@DefaultDom]. Its valid till time [Tue Feb 04 10:58:45 MST 2014] was found to be before the current time [Tue Feb 04 16:04:41 MST 2014]
Simply bouncing the app server where the client code is running solved the problem, however we'd like to better understand what is going on and why. Nothing that I can find in the docs seems to indicate the cause/solution, and possible solutions have links that appear to no longer function: http://cookbooks.adobe.com/post_Renewing_the_context_to_handle_session_expiry-16410.html
Any suggestions and/or insight would be greatly appreciated. Thanks!
PROBLEM
Using the same instance of ServiceClientFactory to remotely invoke the services exposed by the LiveCycle container can lead to
exception related to assertion expiry
Solution
To handle the timeout use the ThrowHandler mechanism provided by the ServiceClientFactory framework
Detailed explanation
LiveCycle provides a client sdk for java based client to invoke its services remotely.
An invocation involves Creation of a ServiceClientFactory instance Setting the user credential in thefactory instance Pass that factory to a service client or use that to create InvocationRequest directly
Use the client to make the actual request.
For more details refer to Invoking
LiveCycle ES Using the Java API .
A ServiceClientFactory instance once created is valid for a ceratin
period of time which is by default 120 min. if the same instance is used to invoke beyond this period then it would lead to an exception stating that
the session has expired [com.adobe.idp.um.api.impl.AuthenticationManagerImpl]
errorCode:16421 errorCodeHEX:0x4025 message:Could not validate SAML
Token --- Assertion has expired and hence not valid for user
[administrator@DefaultDom]. Its valid till time [Thu Oct 22
17:07:53 IST
2009] was found to be before the current time [Thu Oct
22 17:58:18 IST 2009]
This is not an issue if the ServiceClientFactory instance is used for short duration. However if you are going to perform a long
running task like converting large number of documents to pdf ,applying policies to them etc then it would be an issue.
Session Expiry
Before fxing the issue some info on what is session expiry.
When you use a ServiceClientFactory instance to invoke the service following fow happens
You set the credentials in the properties and invoke theservice
LiveCycle on server side validates the credentials and issues a Context. It is sort of a ticket which can be reused later instead of the actual credentials.
Upon receiving the response from the server the ServiceClientFactory instance deletes its own copy of credentials and instead stores the Context For later invocations this Context instance is passed instead of the user credentials
This whole fow is done to ensure that user's credentials are not sent for each remote call thus improving the security.
For more information on Context refer to
User Identity in LiveCycle .
Solution
To fx this issue you would have to re authenticate to LiveCycle and get the Context reissued. the best way to do that is to make use of the ThrowHandler provided by the ServiceClientFactory framework
STEP1 - Create a Throwhandler
* This ThrowHandler caches the user credentials and uses them
to refresh the Context in the
* ServiceClientFactory upon expiry.
private static class SimpleTimeoutThrowHandler implements
ThrowHandler {
private String username;
private String password;
public SimpleTimeoutThrowHandler(String username, String
password) {
this.username = username;
this.password = password;
public boolean handleThrowable(Throwable t, ServiceClient
sc,
ServiceClientFactory scf, MessageDispatcher md,
InvocationRequest ir, int numTries) throws
DSCException {
if(timeoutError(t)){
//The call to AuthenticationManager do not require
authentication so the default properties
//are suffcient
AuthenticationManager am =
new
AuthenticationManagerServiceClient(ServiceClientFactory.createInstance (getDefaultProperties()));
AuthResult ar = null;
try {
ar =
am.authenticate(username,password.getBytes());
} catch (UMException e) {
throw new IllegalStateException(e);
Context ctx = new Context();
ctx.initPrincipal(ar);
//Refresh the ServiceClientFactory instance with
the new context
scf.setContext(ctx);
logger.info("Refreshed the context associated with
ServiceCLientFactory");
//Now tell SCF to try the invocation again
return true;
//Check so that we do not wrap the exception again
if(t instanceof DSCException)
throw (DSCException)t;
if(t instanceof RuntimeException)
throw (RuntimeException)t;
// how is it possible to get this far?
throw new IllegalStateException(t);
private boolean timeoutError(Throwable t) {
if(!(t.getCause() instanceof UMException)){
return false;
UMException ue = (UMException) t.getCause();
//Check that UMException is due to the
assertion/context expiry
if(UMConstants.ErrorCodes.E_TOKEN_INVALID ==
ue.getErrCode()){
return true;
return false;
This ThrowHandler would be invoked by the ServiceClientFactory upon receiving any exception. The handler would then determine if its a timeout related exception and then would refresh the Context associated with the factory instance and tells it to retry the invocation.
STEP - 2 Register the handler
ServiceClientFactory.installThrowHandler(new
SimpleTimeoutThrowHandler(username, password));
Note: The handler should be registered only once in the application
STEP 3 - Perform your invocation
Following sample would try to apply policies on all the fles present in a directory
Properties p = getDefaultProperties();
p.setProperty(DSC_CREDENTIAL_USERNAME, username);
p.setProperty(DSC_CREDENTIAL_PASSWORD, password);
ServiceClientFactory scf =
ServiceClientFactory.createInstance(p);
//Now do some long running operation
String inputDirName ="path-to-input-dir";
String outDirName = "path-to-out-dir";
String policyName = "the-policy-name";
File inDir = new File(inputDirName);
File outDir = new File(outDirName);
RightsManagementClient rmClient = new
RightsManagementClient(scf);
DocumentManager docManager = rmClient.getDocumentManager();
//Iterate over all the pdf in the inDir and apply the
policies. If this takes a
for(File pdfFile : inDir.listFiles()){
Document inDoc = new Document(pdfFile, false);
Document securedDoc = docManager.applyPolicy(inDoc,
pdfFile.getName(), null, policyName, null, null);
securedDoc.copyToFile(new
File(outDir,pdfFile.getName()));
Now the invocation would complete even if it takes a long time. if any session expiry occurs then our ThrowHandler would take care of that.
here's a sample:
TimeOutSample.zip
Similar Messages
-
Erroe while invoking a process (could not validate SAML)
Hi,
I am getting the following error while invoking a process from
Weblogic Portal Server.The invocation happens properly always but
after frequent intervals(approx 1-1.5 hrs) this error comes.Then if
the Portal Server(the client which is invoking the process) is
restarted again it works properly.
This is very urgent to resolve.Any pointers to this will be very
helpful.
Thannks in advance,
Leena Jain
Stack Trace of the error:
ALC-DSC-215-000: com.adobe.idp.dsc.DSCAuthenticationException: None of
the Auth Provider could authenticate the user. Authentication Failed
at
com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.authenticate
(AbstractMessageReceiver.java:157)
at
com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.invoke
(AbstractMessageReceiver.java:312)
at
com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapSdkEndpoint.invokeCall
(SoapSdkEndpoint.java:138)
at
com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapSdkEndpoint.invoke
(SoapSdkEndpoint.java:81)
at sun.reflect.GeneratedMethodAccessor377.invoke(Unknown
Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.axis.providers.java.RPCProvider.invokeMethod
(RPCProvider.java:397)
at org.apache.axis.providers.java.RPCProvider.processMessage
(RPCProvider.java:186)
at org.apache.axis.providers.java.JavaProvider.invoke
(JavaProvider.java:323)
at org.apache.axis.strategies.InvocationStrategy.visit
(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:
118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.handlers.soap.SOAPService.invoke
(SOAPService.java:454)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:
281)
at org.apache.axis.transport.http.AxisServlet.doPost
(AxisServlet.java:699)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:
727)
at org.apache.axis.transport.http.AxisServletBase.service
(AxisServletBase.java:327)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:
820)
at weblogic.servlet.internal.StubSecurityHelper
$ServletServiceAction.run(StubSecurityHelper.java:226)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet
(StubSecurityHelper.java:124)
at weblogic.servlet.internal.ServletStubImpl.execute
(ServletStubImpl.java:283)
at weblogic.servlet.internal.TailFilter.doFilter
(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter
(FilterChainImpl.java:42)
at
com.adobe.idp.dsc.provider.impl.soap.axis.InvocationFilter.doFilter
(InvocationFilter.java:43)
at weblogic.servlet.internal.FilterChainImpl.doFilter
(FilterChainImpl.java:42)
at weblogic.servlet.internal.WebAppServletContext
$ServletInvocationAction.run(WebAppServletContext.java:3393)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs
(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown
Source)
at
weblogic.servlet.internal.WebAppServletContext.securedExecute
(WebAppServletContext.java:2140)
at weblogic.servlet.internal.WebAppServletContext.execute
(WebAppServletContext.java:2046)
at weblogic.servlet.internal.ServletRequestImpl.run
(ServletRequestImpl.java:1366)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
Caused by: | [com.adobe.idp.um.api.impl.AuthenticationManagerImpl]
errorCode:16421 errorCodeHEX:0x4025 message:Could not validate SAML
Token --- Assertion is not valid. Current time is greater than
NOTonOrAfter time specified in the Assertion| [IDPLoggedException]
errorCode:12804 errorCodeHEX:0x3204 message:Could not validate SAML
Token --- Assertion is not valid. Current time is greater than
NOTonOrAfter time specified in the Assertion
at com.adobe.idp.um.api.impl.ManagerImpl.handleException
(ManagerImpl.java:246)
at com.adobe.idp.um.api.impl.ManagerImpl.handleException
(ManagerImpl.java:192)
at
com.adobe.idp.um.api.impl.AuthenticationManagerImpl.validateAssertionCheck
(AuthenticationManagerImpl.java:587)
at
com.adobe.idp.um.api.impl.AuthenticationManagerImpl.validateAssertion
(AuthenticationManagerImpl.java:552)
at
com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.authenticate
(AbstractMessageReceiver.java:132)
... 33 moreThis happens due to expiry of the SAML assertion that the client has. Have a look at the Renew Assertion Recipe at the cookbook site
-
Hello consultant:
We are trying configurated SSO usind SPNEGO module
We have a portal 7.0 ehp1 and Active Directory Microsoft versión 2003 native
we have followed the steps described in note Sap 1457499"Note 1457499 - SPNego add-on"
When we have logged with user Active Directory and we try access to portal we obtain following error:
Authorization check user error
We have Deploy the Web diagtool from SAP Note 1045019 on the J2EE server, run it and perform the
following steps:
1. Select "Component" = "security" and "Activity" = "all"
2. Click the "Go" button, followed by the "Add All" button
3. Select "Component" = "All" and in the "Search pattern" field write "com.sap.security.spnego"
4. Click the "Go" button, followed by the "Add All" button
5. Start the tool
Then we have reproduce the problem and stop the tool. The generated zip file will contain following error:
15:45:20:078 Error J2EE_GST_PRD SAPEngine_Application_Thread[impl:3]_15 ~p.security.spnego.krb5.crypto.DesCrypto Checksum error! checksum: 0xc46bfed8d0dbc54221ee75405c8cd5ac; calculated checksum: 0x6ead7e801608b729a6957597327f2ba5
15:45:20:078 Error J2EE_GST_PRD SAPEngine_Application_Thread[impl:3]_15 ~m.sap.security.spnego.SPNEGOLoginModule Could not validate SPNEGO token.
java.lang.Exception: Checksum error.
at com.sap.security.spnego.krb5.crypto.DesCrypto.decrypt(DesCrypto.java:43)
at com.sap.security.spnego.krb5.KrbEncryptedData.decrypt(KrbEncryptedData.java:81)
at com.sap.security.spnego.krb5.KrbApReq.decrypt(KrbApReq.java:67)
at com.sap.security.spnego.SPNEGOLoginModule.parseAndValidateSPNEGOToken(SPNEGOLoginModule.java:234)
at com.sap.security.spnego.SPNEGOLoginModule.processAuthorizationHeader(SPNEGOLoginModule.java:385)
at com.sap.security.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:102)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:185)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:70)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:181)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:61)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
at java.lang.reflect.Method.invoke(Method.java:391)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:699)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:151)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:634)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:631)
at javax.security.auth.login.LoginContext.login(LoginContext.java:557)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:912)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:367)
at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:126)
at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:181)
at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:541)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:430)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.sap.portal.navigation.Gateway.service(Gateway.java:126)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Could you help us?
Many thanks for your collaboration<< Do not post the same question across a number of forums >>
-
SPNEGO Login module Stack issue: Could not validate SPNEGO token
Hello to all,
We are deploying a SAP Netweavear 7.3 Enterprise Portal with SPNego login module activated.
We are performing some tests (performances and concurrent accesses).
During the tests we have found several times the folloiwing Issue linked to the spnego.
Could not validate SPNEGO token.
[EXCEPTION]
java.lang.NumberFormatException: multiple points
at sun.misc.FloatingDecimal.readJavaFormatString(FloatingDecimal.java:1082)
at java.lang.Double.parseDouble(Double.java:510)
at java.text.DigitList.getDouble(DigitList.java:151)
at java.text.DecimalFormat.parse(DecimalFormat.java:1303)
at java.text.SimpleDateFormat.subParse(SimpleDateFormat.java:1934)
at java.text.SimpleDateFormat.parse(SimpleDateFormat.java:1312)
at java.text.DateFormat.parse(DateFormat.java:335)
at com.sap.security.core.server.jaas.spnego.util.Utils.generalizedTimeStringToData(Utils.java:167)
at com.sap.security.core.server.jaas.spnego.krb5.KrbTicketEncryptedData.parseDecryptedData(KrbTicketEncryptedData.java:67)
at com.sap.security.core.server.jaas.spnego.krb5.KrbEncryptedData.decrypt(KrbEncryptedData.java:94)
at com.sap.security.core.server.jaas.spnego.krb5.KrbApReq.decrypt(KrbApReq.java:68)
at com.sap.security.core.server.jaas.SPNegoLoginModule.parseAndValidateSPNEGOToken(SPNegoLoginModule.java:315)
at com.sap.security.core.server.jaas.SPNegoLoginModule.processAuthorizationHeader(SPNegoLoginModule.java:474)
at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:160)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:65)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:254)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:352)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.loginWithRequestCredentials(AuthenticationService.java:337)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:321)
at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:60)
at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:163)
at com.sap.portal.prt.dispatcher.DispatcherServlet.service(DispatcherServlet.java:132)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doCached(RequestDispatcherImpl.java:655)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:488)
at com.sap.portal.navigation.Gateway.service(Gateway.java:147)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at com.sap.portal.http.EnrichNavRequestFilter.doFilter(EnrichNavRequestFilter.java:49)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:432)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:276)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
The user rlinked to this user is Guest.
could you please advice us how to solve this reccuring issue?
Kind regards
Julien LEFEVREHello Cathal,
Thank you for your answer.
In fact the new spnego wizard of the SAP Enterprise Portal 7.3 is used to get the the two keys files. The SAP Jvm is used in fact with the 1.6.1.
And in fact , it functions perfectly sometimes. but during the test of massive access ( More than 30 conurent users), I have this error that comes frequently.
Best regards
Julien LEFEVRE -
Supplied credentials not accepted by the server and Could not validate SPNEGO token
Hi,
We have installed and configured SSO 2.0 SP02 on HP-UX system. We have exported the client policy files, root certificate from SLS and imported the same in the client PC. Then we have installed the SLC in client PC with logging enabled option. Now when we try to manually login using SLC we are getting the below error.
In SLC - "Supplied credentials not accepted by the server"
In Diatool - "Could not validate SPNEGO token"
Attached the trace file from SLC and logs from diatool. Anyone suggest how to rectify this error.
The trace file from SLC
[2014.03.28 12:08:50.434][TRACE][sbus.exe ][sbus.dll ][ 4856] CToken:: Secure Login token [toksw:mem://securelogin/Windows Authentication (SPNEGO) :: login
[2014.03.28 12:08:50.452][TRACE][sbus.exe ][sbusresloade][ 4856] { GetLocale
[2014.03.28 12:08:50.453][TRACE][sbus.exe ][sbusresloade][ 4856] } 0
[2014.03.28 12:08:50.453][TRACE][sbus.exe ][sbusslogin.d][ 4856] { CSecureLogin_Protocol_2_0::Send_Init
[2014.03.28 12:08:50.453][TRACE][sbus.exe ][sbusslogin.d][ 4856] { CSecureLogin::Send_Any
[2014.03.28 12:08:50.515][ERROR][sbus.exe ][BASE ][ 2800] ERROR(0xA0100017) in CRYPT->sec_crypt_cipher_get_cipher_len(): An attribute is missing
[2014.03.28 12:08:50.563][TRACE][sbus.exe ][sbusslogin.d][ 4856] } 0
[2014.03.28 12:08:50.563][TRACE][sbus.exe ][sbusslogin.d][ 4856] } 0
[2014.03.28 12:08:50.566][TRACE][sbus.exe ][sbusresloade][ 4856] { CResourceManager::New
[2014.03.28 12:08:50.566][TRACE][sbus.exe ][sbusresloade][ 4856] { GetLocale
[2014.03.28 12:08:50.566][TRACE][sbus.exe ][sbusresloade][ 4856] } 0
[2014.03.28 12:08:50.566][TRACE][sbus.exe ][sbusresloade][ 4856] { CResourceManager::Init
[2014.03.28 12:08:50.568][TRACE][sbus.exe ][sbusresloade][ 4856] } 0
[2014.03.28 12:08:50.568][TRACE][sbus.exe ][sbusresloade][ 4856] } 0
[2014.03.28 12:09:00.979][ERROR][sbus.exe ][sbus.dll ][ 4856] LogonUser failed with error 0x0000052e
[2014.03.28 12:09:12.628][TRACE][sbus.exe ][Kerberos ][ 4856] Got kerberos ticket for 'HTTP/ssodev' with server key type 23 and session key type 23
[2014.03.28 12:09:12.628][TRACE][sbus.exe ][BASE/RANDOM ][ 4856] Get 8 bytes random data
[2014.03.28 12:09:12.628][TRACE][sbus.exe ][sbusslogin.d][ 4856] { CSecureLogin_Protocol_2_0::Send_Auth_SPNEGO
[2014.03.28 12:09:12.628][TRACE][sbus.exe ][sbusslogin.d][ 4856] { CSecureLogin::Send_Any
[2014.03.28 12:09:12.727][TRACE][sbus.exe ][sbusslogin.d][ 4856] } 0
[2014.03.28 12:09:12.727][TRACE][sbus.exe ][sbusslogin.d][ 4856] { CSecureLogin_Protocol_2_0::Handle_Auth_Response
[2014.03.28 12:09:12.727][TRACE][sbus.exe ][sbusslogin.d][ 4856] } 0
[2014.03.28 12:09:12.727][TRACE][sbus.exe ][sbusslogin.d][ 4856] } 80070005
Regards,
Yogesh Kumar DHello Yogesh,
With regards to the 2nd error "Could not validate SPNEGO Token"
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.SPNegoLoginModule SUFFICIENT ok exception true Could not validate SPNEGO token. Reason: No user with account attributes [[namespace=com.sap.security.core.authentication, name=principal, value=sap.helpdesk1, isCaseSensitive=false], [namespace=com.sap.security.core.authentication, name=realm, value=HZL01.VEDANTARESOURCE.LOCAL, isCaseSensitive=false]] found
No logon policy was applied
It means that the user "sap.helpdesk1" was decrypted from the kerberos
token but there is no user with this name in the AS Java. The reason for that is a misconfiguration in the SPNEGO user mapping.
Therefore, please open the SPNEGO wizard in the NWA and configure
how AS Java should choose a user from the UME based on the received
SPNEGO token. Here is some documentation about configuring the user
mapping:
http://help.sap.com/saphelp_nw73/helpdata/en/f4/1978c3a37a441b87a89d61c1a08689/frameset.htm
Regards,
David -
SPNEGO -Could not validate SPNEGO token.
Hi All,
we have configured SPENGO wizard. we have followed the steps provided in the SAP note #1457499 and deployed the files in the SPNego_AddOn_700.zip and followed all the steps in the pdf.
We are getting below error --
Could not validate SPNEGO token.
[EXCEPTION]
java.lang.Exception: Invalid ticket endtime: 20110117223730Z
at com.sap.security.spnego.krb5.KrbApReq.throwValidationException(KrbApReq.java:112)
at com.sap.security.spnego.krb5.KrbApReq.validate(KrbApReq.java:100)
at com.sap.security.spnego.SPNEGOLoginModule.parseAndValidateSPNEGOToken(SPNEGOLoginModule.java:240)
at com.sap.security.spnego.SPNEGOLoginModule.processAuthorizationHeader(SPNEGOLoginModule.java:385)
at com.sap.security.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:102)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:185)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:70)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:181)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Please suggest what could be the issue.
Regards
AmitHi
web diagtool also shows the same error :--
Could not validate SPNEGO token.
[EXCEPTION]
java.lang.Exception: Invalid ticket endtime: 20110118140218Z
at com.sap.security.spnego.krb5.KrbApReq.throwValidationException(KrbApReq.java:112)
at com.sap.security.spnego.krb5.KrbApReq.validate(KrbApReq.java:100)
at com.sap.security.spnego.SPNEGOLoginModule.parseAndValidateSPNEGOToken(SPNEGOLoginModule.java:240)
at com.sap.security.spnego.SPNEGOLoginModule.processAuthorizationHeader(SPNEGOLoginModule.java:385)
at com.sap.security.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:102)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:185)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:70)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:181)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
at java.lang.reflect.Method.invoke(Method.java:391)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:699)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:151)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:634)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:631)
at javax.security.auth.login.LoginContext.login(LoginContext.java:557)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:149)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:303)
at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)
at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:523)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:412)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.sap.portal.navigation.Gateway.service(Gateway.java:126)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Regards
Amit -
WS-Security: "Could not validate the signature..."
Hello,
We get the following fault when calling a web service demanding signature:
<soapenv:Fault xmlns:wsse="....">
<faultcode>wsse:InvalidSecurity</faultcode>
<faultstring>Could not validate encryption against any of the supported token types</faultstring>
</soapenv:Fault>
Client signs the request using X509V1 certificate, but in the SOAP request, type of BinarySecurityToken claims "X509V3":
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 ...>
Is this possible the reason that the message can't get validated?
We should have use V3 certificate, but seem JDK's keytool can't generate V3 self-signed certificate and we don't want to bother request a V3 certificate from any CA.
Seem openSSL can do that. I will try but I can't install any thhing on the company PC. Hard to believe? :-)X509V1 is not a valid value for "Valuetype". So I guess this should not be the problem.
-
Disk image Restore returns "Could not validate source - error 254"
I had backed up an older G4 with a disk image of the boot disk. I was having severe problems so I reformatted the boot drive and started a restore (using disk utility from startup disk). The restore started fine and ran a while but then "stalled." The "progress" bar stopped and the system just kept "hitting" the Utility DVD install disk non-stop (as shown by disk access light).
Now when I try again, I immediately get a "Restore Failure - Could not validate source - error 254"
The disk image being restored is on a hard drive. I copied it to another drive and tried again with the same result.
This is being done on an old G4 Tower, dual 1 GHz PPC under 10.5.8
Comments?
(This won't kill me as all my data files are also on my MBP, I just don't want to have to reinstall all my apps, setups, etc.)Yes, for my "real" machine (my Intel MBP) I have images, clones, and Time Machine Backups not to mention my data files written to DVD. I've got at least triplicate backup. This was a old machine I was setting up for a specific purpose. I'm not losing any data but I just didn't want to have to reload apps and such. But guess I have no alternative. Thanks for the tip. I had never used the "scan for restore option" before so I learned something. Usually I just trust my multiple backup method so if one source is bad, no big deal. Thanks baltwo!
-
"Could not validate Essentials package" - How to solve?
Hi there,
I tried doing an upgrade install of Leopard and got the notorious "could not validate package" error. I'd checked the install DVD, and the same disc worked on other machines.
The problem was that the installation process was incomplete and left my system in an inconsistent state, so I couldn't reboot. Trying an erase-and-install gave me the same error.
Now I'm wondering whether I can copy a Leopard image from another machine using Carbon Copy Cloner and then apply the image to my MacBook. I haven't done this before, so would appreciate some tips on the exact process.
The other machine is a MacBook (although a newer model). Thanks a lot.
BenI've been having this problem. Apple's support documents instruct to remove all third party RAM that may be installed in your machine.
http://docs.info.apple.com/article.html?artnum=106693
(head to the bottom of the page!)
I'm going to be trying that later this evening. I've heard of RAM conflicts before so this is most likely going to be cause!
Unfortunately I have no idea if it's OK to put the RAM back in once the install is complete!
Hope this helps
Cheers
Mat
At least you're up and running in the mean time! -
Java.lang.Exception: Could not get name for DC project
Hello Experts,
We have a code which is downloaded from SVN repository.
I have imported the code from my desktop into NWDS and when I try to deploy it throws,
java.lang.Exception: Could not get name for DC project
I have referred few threads in SCN and solution suggested is to change the workspace and create a new DC & copy the _comp from old DC.
I tried the above solution but there are lot of build errors as we have few RFC models and it is throwing build errors for missing model reference.
Kindly help me on how to fix the error.
Thanks, SwarnaprakashDear Swarnaprakash,
The Web Dynpro DCs Import C:\----\user\.dtc\LocalDevelopment\DCs\sap.com\test and
the related package for DC is missing once check it after try to import.
Depending on which Java compiler preferences are set, you may see some
warnings in the "Task" view after importing the project. If the severity level for problems of type "Unused imports" (set in Preferences – Java – Compiler) has the value "Warning", the compiler will issue a warning for unused import references. Ignore these warnings!
Still You getting means delete your .metadata before take the backup.after open the NWDS again it will set new configurations in your system.
Thanks & Regards,
Durga Rao. -
The installer could not validate the contents of the 'BaseSystem' package
Hello all,
Sorry for my first post being a problem, but I am not the worlds greatest Mac person and I have been asked to support our Macs here at work.
I have had a hard drive go in a MacBook, and I have fitted a new 160Gb hard drive (upgrading from the original 80Gb one) and I am getting the above error.
I tried installing Leopard 10.5.4 from its original CD (we bought a full version when we upgraded this Macbook previously) and got the above error.
SO I thought I would have to install the original version of Tiger and upgrade from there, in the same way that I did before. I reinstalled Tiger no problems from the disks which came with the MacBook, and then tried to do the upgrade, but got the same error.
Am I doing something wrong or is there a problem do you think ?
The MacBook has been upgraded form this particular disk once before, and no changes to the MacBook have been made apart from replacing the defunct hard drive.
Thanks in advance, and I apologise if I have missed out any important needed information because as I say I am fairly new to Macs.I have your solution! I just experienced the same problem after installing a new hard drive to replace a crashed drive in an iMac (Ambient Light Sensor) model.
I initially thought it was the optical drive and/or the Leopard DVD. I tried two Leopard DVD's and both the internal slot-load and an external FireWire drive. All resulted in the same error at the calculation stage of the install...could not verify basesystem. All hard drive tests passed.
I used the Apple Hardware Test (your original OS DVD) and what did I discover? A failed memory DIMM! Even though the Mac would boot from an external, I thought everything was OK. The failed memory DIMM is the culprit!
Here is why: The Mac OS X installer copies data to memory, then copies to the hard drive. When the copied data encountered the failed memory DIMM, the Installer kicks back the failure that it could not validate the basesystem. The data in the memory becomes corrupt because the DIMM is corrupt.
I replaced both DIMMS in my iMac (an upgrade from 1 GB to 2 GB) and sure enough, the installer is running smoothly without any problems.
So replace your memory and your problem is solved. Or figure out which DIMM went bad and replace it. -
Unhandled Exception "Could not find any available Domain Controller"
Hi,
I keep on having exchange 2010 loosing contact to domain controllers.
"Unhandled Exception "Could not find any available Domain Controller.". EventID 1. Once I restart the sever, this error disappear and reappear again after a few days.
When I run AD setting, the result shows as below. Update version is currently as at 14.02.0342.003. And boths DCs have 100% uptime.
PS C:\> Get-ADServerSettings | fl
RunspaceId
: 9392eb25-bcdc-462e-816b-2d5626c572a5
DefaultGlobalCatalog
: DC2.com.au
PreferredDomainControllerForDomain
DefaultConfigurationDomainController
: dc1.com.au
DefaultPreferredDomainControllers
: {DC2.com.au}
UserPreferredGlobalCatalog
UserPreferredConfigurationDomainController :
UserPreferredDomainControllers
RecipientViewRoot
ViewEntireForest
: True
WriteOriginatingChangeTimestamp
: False
WriteShadowProperties
: False
Identity
IsValid
: True
Could you please help as this exchange server has our management team and their outlook keep on going offline.
Thanking you in advance.
Cheers,
PwintI have another issue. I was trouble shooting exchange bin folder for permission and as a result of it Exchange transport service stopped and couldn't restart. I quickly changed to local service account and able to restart. Fixed the transport roles folder
permission but don't know the password of network service account so I can't change it back. I can send and receive emails internally and externally but I am worried that by running with local account maybe not recommended? Is it safe to reset network service
password? Thanks. I am freaking out... Regards, Pwint -
ADS: COM.adobe processing exception could not retrieve a password
Hi,
I am getting the error while clicking onto the print preview option at VF03. I am not able to get any output after that. Please help to resove this issue. The print preview report is in Adobe format.
ADS.com:Adobe processing Exception could not retrieve a password for credentials:reader rights(200,101)
regards
rajHi,
That error message would sure to seem to point that the credentials are not accessible to the user that ADS webservice call is being made by,
Check for user credential
Check for below url as well
http://help.sap.com/saphelp_nw2004s/helpdata/en/56/f2c94a069f44a785b85748e11f82a0/content.htm
http://help.sap.com/saphelp_nw2004s/helpdata/en/fe/e8cc48abee49f082dfbd5b45d98dd4/content.htm
Hope it helps.
Cheers
Deepanshu -
ADS:com.adobe.Processing Exception:Could not retrive(200101)
I am trying to create an Interactive ADOBE form. Created the form through SFP transaction and coded the print program also. When I am trying to give the EDITing fascility to my form I am getting error saying "ADS:com.adobe.Processing Exception:Could not retrive(200101)" how to resolve the issue? do anyboyd got the same problem and how did resolve?
Thanks for replying.
I am not getting the error if I comment the line. The code is as below
CALL FUNCTION 'FP_FUNCTION_MODULE_NAME'
EXPORTING
i_name = 'ZZ_TEST_ADOBE1'
IMPORTING
e_funcname = fm_name.
now call the generated function module
FP_OUTPUTPARAMS-FILLABLE = 'X'.
fp_outputparams-connection = p_conn.
CALL FUNCTION 'FP_JOB_OPEN'
CHANGING
ie_outputparams = fp_outputparams
EXCEPTIONS
cancel = 1
usage_error = 2
system_error = 3
internal_error = 4
OTHERS = 5.
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
DO p_loop TIMES.
FP_DOCPARAMS-FILLABLE = 'X'.
fp_docparams-langu = 'EN'.
fp_docparams-country = 'US'.
CALL FUNCTION fm_name
EXPORTING
/1bcdwb/docparams = fp_docparams
zvbak = VBAK
zadr = ADRC.
Plz tell me how to remove th error. -
Exception Could not create the Java virtual machine
Hello All,
OS: AIX 5.3 IBM
DB: 10g
Using putty to connect to the server.
xclock is running.
ORACLE_HOME & SID are set.
oracle:>java -version
java version "1.4.1"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1)
Classic VM (build 1.4.1, J2RE 1.4.1 IBM AIX build ca1411ifx-20040810 (141SR3) (JIT enabled: jitc))
oracle:>echo $PATH
/usr/bin:/etc:/usr/sbin:/usr/ucb/:/u08/ora10g/sid/db/bin:/usr/bin/X11:/sbin:/usr/java14/jre/bin:/usr/java14/bin:.
I am trying to create dbconsole as below:
Pwd
oracle:>pwd
/ORACLE_HOME/bin
oracle:>./emca
Exception Could not create the Java virtual machine.
DNfor example.
setenv JAVAHOME /usr/local/redhat/packages/usr.local/java/jdk1.4.0_01
Maybe you are looking for
-
How do i know or change the inch size in iPhoto?
How do I know and/or change the inch size of a photo in iPhoto?
-
HTML Forms in MSS in place of ADS
I am facing the age old problem of Trip Form in EP. Actually I do not need ADS in my system. Hence for that I have done the configuration as per SAP Note 1032311. So HTML forms are working fine in ESS. But in MSS I am facing the problem of the form n
-
Business Graphics - Chart Type - Columns, and Simple Scatter Type
Hi, I am interested to know more about Business Graphics Specially Chart types Columns and Scatter type ( and Time Scatter). I am facing problem in producing X and Y Co-ordinate values for Charts. (Specially Date Values in X Axis.). I tried with
-
Highlight/color elements in video, add arrows ?
Hi all This is my first time posting here so bare with me. I'm new to Premiere (noob) and my knowledge is close to sea bottom, but I am ambitious . I was given a project by my university which is due at the end of the next month. What am I trying to
-
How do I import list of favorites from iexplorer to bookmarks in mozilla?
How do I import list of favorites from iexplorer to bookmarks in mozilla?