FPN - Cross domain configuration...

Hi All,
Has anyone done cross domain configuration in FPN ?
I have see the steps what SAP has given. But I am sure it has lots apart from it.
It will be great if anyone can share the detail steps and also list any issues and the associated solutions .
Thanks and Regards,
Mahantesh

Hi Mahantesh,
the problem with different domains is in setting up the trust. You may use relax domain parameter but this depends on the domains you use. A proxy may also be helpful.
Hope this helps
Anja

Similar Messages

Cross Domain user security Authentication in Oracle Weblogic Server 10.3.3

Now i have configure the cross domain user configuration in the oracle weblogic 10.3.3 server. But i am not able to configure.
I have mentioned the below oracle document to configure the cross domain configuration.
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/secmanage/domain.html#domain_interop
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13752/toc.htm#INTRO120
http://download.oracle.com/docs/cd/E14571_01/apirefs.1111/e13952/taskhelp/security/EnableTrustBetweenDomains.html
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/ConsoleHelp/taskhelp/security/ConfigureConnectionFiltering.html
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/security/con_filtr.html#wp1030656
Regards,
S.Vinoth Babu

sorry,wrong forum
move to Weblogic Server Section
Edited by: inchlin on Apr 1, 2009 9:39 AM

Cross Domain Security Express - RAC configuration

Hi All,
Not sure if the general DB forum is the place for this but here goes.
I am involved in designing a solution that wants to provide access to data from networks each trusted to a different level of security. The CDSE CDSS white paper look something like the design that we drew up.
http://www.oracle.com/industries/government/pdfs/oracle-cross-domain-security-express-ds.pdf
Question 1
In the diagram on p3 does this reflect a single rac cluster spanning two separate networks, what would connectivity requirements be between the nodes?
Question 2
Is physical storage shared across networks and then logically divided using labels?
Question 3
COuld you define separate tablespaces and use partitioning to force higher and lower secured content into respective tablespaces in separate storage.
Thanks in advance for any guidance
Tim

Hi All,
Not sure if the general DB forum is the place for this but here goes.
I am involved in designing a solution that wants to provide access to data from networks each trusted to a different level of security. The CDSE CDSS white paper look something like the design that we drew up.
http://www.oracle.com/industries/government/pdfs/oracle-cross-domain-security-express-ds.pdf
Question 1
In the diagram on p3 does this reflect a single rac cluster spanning two separate networks, what would connectivity requirements be between the nodes?
Question 2
Is physical storage shared across networks and then logically divided using labels?
Question 3
COuld you define separate tablespaces and use partitioning to force higher and lower secured content into respective tablespaces in separate storage.
Thanks in advance for any guidance
Tim

Cross Domain Trust Error, while opening the infopath in sharepoint list.

Dear All,
Facing some issue in
Environement:
Windows = Windows Server 2008
Shareppoint = Sharepoint Server 2013.
Project Server = Project Server 2013
Info Path = Info Path Designer 2013
Detailed:
I have sharepoint environment with Project Server,I which have created task list in my project site and then i customize that form using info path their is one column named: "Product Name" in my task list which is drop down menu in that menu
i want to show all the project name which are created in PWA Site. For that i made the External data connection to my sql server and select my desired table from that and also configured the my column data "i:e; Product Name. And published it to the my
site. Now when i opened that form it prompts the error
"The form cannot be submitted because this action would violate cross-domain restrictions.
If this form template is published to a SharePoint document library, cross-domain access for user form templates must be enabled
under InfoPath Forms Services in SharePoint Central Administration, and the data connection settings must be stored in a UDC file in a data connection library in the same site collection.
If this is an administrator-approved form template, the security level of the form must be set to full trust, or the data connection
settings must be stored in a UDC file by using the Manage data connection files option under InfoPath Forms Services in SharePoint Central Administration ."
Oopsss !!
Now start googling it found couple of solution shared listed below:
1. Enable the cross domain authenticated in Central Admin –> General Application Settings –> Configure InfoPath Form Services (Done)
2. Now Created the data connection library in my site collection which is PWA Site after that i went to the infopath and creating the data connection and
Convert to Connection File and enter the URL of the data connection library
and its prompt the error " the specified url is not a data connection library and enter the correct filename" didnt remember the exact error description at the moment.
So, that was all stuff, Kindly suggest me any step which i missed that or ay solution that resolve my this issue.
Thanks
REGARDS DANISH DANIE

it seems the data-seed failed in your dehydration store.
so i would check if user orabple exsits in your db (pw is orabpel) .. and recreate the schema by executing the following script (based on your db)
orabpel\system\database\scripts\domain_oracle.ddl
hth clemens

Calling secured web service, cross domain security

Hey all,
I am trying to call a secured service, for which i need to enable cross domain security.
I have followed the steps described in
http://download.oracle.com/docs/cd/E15523_01/web.1111/e13707/domain.htm#i1176046
i.e. enabling trust between weblogic server domains.
The problem is: -
User authentication is working fine, but i am not able to invoke the operation.
Here is the content of log file
[2010-04-01T12:15:58.109+05:30] [AdminServer] [WARNING] [] [org.apache.myfaces.trinidadinternal.context.RequestContextImpl] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Could not find partial trigger port from RichTreeTable[org.apache.myfaces.trinidad.component.UIXTree$RowKeyFacesBeanWrapper@146ad85, id=treetablerequest] with the supported partialTriggers syntax. The partial trigger was found with the deprecated syntax. Please use the supported syntax.
[2010-04-01T12:15:58.109+05:30] [AdminServer] [WARNING] [] [org.apache.myfaces.trinidadinternal.context.RequestContextImpl] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Could not find partial trigger service from RichTreeTable[org.apache.myfaces.trinidad.component.UIXTree$RowKeyFacesBeanWrapper@146ad85, id=treetablerequest] with the supported partialTriggers syntax. The partial trigger was found with the deprecated syntax. Please use the supported syntax.
[2010-04-01T12:15:58.125+05:30] [AdminServer] [WARNING] [] [org.apache.myfaces.trinidadinternal.context.RequestContextImpl] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Could not find partial trigger invoke from RichTreeTable[org.apache.myfaces.trinidad.component.UIXTree$RowKeyFacesBeanWrapper@146ad85, id=treetablerequest] with the supported partialTriggers syntax. The partial trigger was found with the deprecated syntax. Please use the supported syntax.
[2010-04-01T12:15:58.125+05:30] [AdminServer] [WARNING] [] [org.apache.myfaces.trinidadinternal.context.RequestContextImpl] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Could not find partial trigger invoke_footer from RichTreeTable[org.apache.myfaces.trinidad.component.UIXTree$RowKeyFacesBeanWrapper@146ad85, id=treetablerequest] with the supported partialTriggers syntax. The partial trigger was found with the deprecated syntax. Please use the supported syntax.
[2010-04-01T12:15:58.125+05:30] [AdminServer] [WARNING] [] [org.apache.myfaces.trinidadinternal.context.RequestContextImpl] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Could not find partial trigger operation from RichTreeTable[org.apache.myfaces.trinidad.component.UIXTree$RowKeyFacesBeanWrapper@146ad85, id=treetablerequest] with the supported partialTriggers syntax. The partial trigger was found with the deprecated syntax. Please use the supported syntax.
[2010-04-01T12:15:58.125+05:30] [AdminServer] [WARNING] [] [org.apache.myfaces.trinidadinternal.context.RequestContextImpl] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Could not find partial trigger request_xml_choice_toggle from RichTreeTable[org.apache.myfaces.trinidad.component.UIXTree$RowKeyFacesBeanWrapper@146ad85, id=treetablerequest] with the supported partialTriggers syntax. The partial trigger was found with the deprecated syntax. Please use the supported syntax.
[2010-04-01T12:15:59.031+05:30] [AdminServer] [NOTIFICATION] [] [oracle.wsm.agent.WSMAgent] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] WSMAgent is initialized for category=management, function=agent.function.client, topologyNodePath=/wls/em/EJBs/default/COMPONENTs/default/WEBSERVICECLIENTs/ItemCostService/PORTs/ItemCostServiceSoapHttpPort/INTERCEPTORs/, isJ2EE=true
[2010-04-01T12:15:59.046+05:30] [AdminServer] [NOTIFICATION] [] [oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Recipient Alias property not configured in the policy. Defaulting to encrypting with signers certificate.
[2010-04-01T12:15:59.046+05:30] [AdminServer] [NOTIFICATION] [] [oracle.wsm.agent.WSMAgent] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] WSMAgent is initialized for category=security, function=agent.function.client, topologyNodePath=/wls/em/EJBs/default/COMPONENTs/default/WEBSERVICECLIENTs/ItemCostService/PORTs/ItemCostServiceSoapHttpPort/INTERCEPTORs/, isJ2EE=true
[2010-04-01T12:15:59.328+05:30] [soa_server1] [NOTIFICATION] [] [oracle.soa.mediator.serviceEngine] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] MediatorServiceEngine received a request for operation = retrieveItemCost
[2010-04-01T12:16:02.109+05:30] [soa_server1] [WARNING] [] [oracle.soa.mediator.common] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Payload after BaseActionHander.requestMessage :{parameters=oracle.xml.parser.v2.XMLElement@137ba0c}
[2010-04-01T12:16:02.109+05:30] [soa_server1] [WARNING] [] [oracle.soa.mediator.common] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Properties after BaseActionHander.requestMessage :{ReferenceInstance=[email protected]9371, to=http://adc60091fems.us.oracle.com:6079/cstItemCosts/ItemCostService, oracle.fabric.security.identity.subject=Subject:[[
Principal: CrossDomainConnectors
Principal: all_function_all_data
Principal: authenticated-role
Private Credential: Subject:
Principal: all_function_all_data
Principal: CrossDomainConnectors
, tracking.compositeInstanceId=30022, tracking.ecid=0000IUs7bmy1f_JLMm0Fye1Bg7vS000325, tracking.conversationId=null, tracking.compositeInstanceCreatedTime=Thu Apr 01 12:15:59 IST 2010, action=http://xmlns.oracle.com/apps/scm/costing/itemCosts/service/ItemCostService/retrieveItemCostRequest, tracking.parentComponentInstanceId=reference:30019, MESH_METRICS=null, tracking.parentReferenceId=mediator:3B28BA003D5A11DFBF807548C0B7C19C:3B4087C03D5A11DFBF807548C0B7C19C:req, transport.http.remoteAddress=10.177.219.95}
[2010-04-01T12:16:02.125+05:30] [soa_server1] [WARNING] [] [oracle.soa.mediator.common] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Headers after BaseActionHander.requestMessage :[]
[2010-04-01T12:16:03.562+05:30] [soa_server1] [ERROR] [] [oracle.soa.mediator.serviceEngine] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Rolling back transaction due to ORAMED-03303:[Unexpected exception in case execution]Unexpected exception in request response operation "retrieveItemCost" on reference "Service1". Possible Fix:Check whether the reference service is properly configured and running or look at exception for analysing the reason or contact oracle support.
[2010-04-01T12:16:03.578+05:30] [soa_server1] [ERROR] [] [oracle.soa.mediator.serviceEngine] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Got an exception: oracle.fabric.common.FabricInvocationException: javax.xml.ws.soap.SOAPFaultException: FailedCheck : failure in security check[[
oracle.tip.mediator.infra.exception.MediatorException: ORAMED-03303:[Unexpected exception in case execution]Unexpected exception in request response operation "retrieveItemCost" on reference "Service1". Possible Fix:Check whether the reference service is properly configured and running or look at exception for analysing the reason or contact oracle support.
at oracle.tip.mediator.service.SyncRequestResponseHandler.handleFault(SyncRequestResponseHandler.java:207)
at oracle.tip.mediator.service.SyncRequestResponseHandler.process(SyncRequestResponseHandler.java:123)
at oracle.tip.mediator.service.ActionProcessor.onMessage(ActionProcessor.java:64)
at oracle.tip.mediator.dispatch.MessageDispatcher.executeCase(MessageDispatcher.java:124)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCase(InitialMessageDispatcher.java:514)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCases(InitialMessageDispatcher.java:417)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.processCases(InitialMessageDispatcher.java:301)
at oracle.tip.mediator.dispatch.InitialMessageDispatcher.dispatch(InitialMessageDispatcher.java:137)
at oracle.tip.mediator.serviceEngine.MediatorServiceEngine.process(MediatorServiceEngine.java:779)
at oracle.tip.mediator.serviceEngine.MediatorServiceEngine.request(MediatorServiceEngine.java:650)
at oracle.integration.platform.blocks.mesh.SynchronousMessageHandler.doRequest(SynchronousMessageHandler.java:139)
at oracle.integration.platform.blocks.mesh.MessageRouter.request(MessageRouter.java:179)
at oracle.integration.platform.blocks.mesh.MeshImpl$2.run(MeshImpl.java:167)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at oracle.integration.platform.blocks.mesh.MeshImpl.doRequestAsSubject(MeshImpl.java:165)
at oracle.integration.platform.blocks.mesh.MeshImpl.request(MeshImpl.java:141)
at sun.reflect.GeneratedMethodAccessor1762.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:296)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:177)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:144)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:59)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy184.request(Unknown Source)
at oracle.integration.platform.blocks.soap.WebServiceEntryBindingComponent.doMessageProcessing(WebServiceEntryBindingComponent.java:1169)
at oracle.integration.platform.blocks.soap.WebServiceEntryBindingComponent.processIncomingMessage(WebServiceEntryBindingComponent.java:768)
at oracle.integration.platform.blocks.soap.FabricProvider.processMessage(FabricProvider.java:113)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:1160)
at oracle.j2ee.ws.server.WebServiceProcessor$1.run(WebServiceProcessor.java:896)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at oracle.security.jps.internal.jaas.AccActionExecutor.execute(AccActionExecutor.java:47)
at oracle.security.jps.internal.jaas.CascadeActionExecutor$SubjectPrivilegedExceptionAction.run(CascadeActionExecutor.java:79)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.security.Security.runAs(Security.java:61)
at oracle.security.jps.wls.jaas.WlsActionExecutor.execute(WlsActionExecutor.java:48)
at oracle.security.jps.internal.jaas.CascadeActionExecutor.execute(CascadeActionExecutor.java:52)
at oracle.security.jps.internal.jaas.AbstractSubjectSecurity.executeAs(AbstractSubjectSecurity.java:105)
at oracle.j2ee.ws.server.provider.GenericProviderPlatform.runAs(GenericProviderPlatform.java:302)
at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:903)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessing(ProviderProcessor.java:561)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:216)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:179)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:417)
at oracle.integration.platform.blocks.soap.FabricProviderServlet.doPost(FabricProviderServlet.java:480)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:326)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: oracle.fabric.common.FabricInvocationException: javax.xml.ws.soap.SOAPFaultException: FailedCheck : failure in security check
at oracle.integration.platform.blocks.soap.WebServiceExternalBindingComponent.throwFabricInvocationException(WebServiceExternalBindingComponent.java:414)
at oracle.integration.platform.blocks.soap.WebServiceExternalBindingComponent.throwFabricInvocationExceptionForSoapFault(WebServiceExternalBindingComponent.java:410)
at oracle.integration.platform.blocks.soap.WebServiceExternalBindingComponent.processSOAPFault(WebServiceExternalBindingComponent.java:393)
at oracle.integration.platform.blocks.soap.WebServiceExternalBindingComponent.processOutboundMessage(WebServiceExternalBindingComponent.java:252)
at oracle.integration.platform.blocks.soap.WebServiceExternalBindingComponent.sendSOAPMessage(WebServiceExternalBindingComponent.java:635)
at oracle.integration.platform.blocks.soap.WebServiceExternalBindingComponent.request(WebServiceExternalBindingComponent.java:525)
at oracle.integration.platform.blocks.mesh.SynchronousMessageHandler.doRequest(SynchronousMessageHandler.java:139)
at oracle.integration.platform.blocks.mesh.MessageRouter.request(MessageRouter.java:179)
at oracle.integration.platform.blocks.mesh.MeshImpl$2.run(MeshImpl.java:167)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at oracle.integration.platform.blocks.mesh.MeshImpl.doRequestAsSubject(MeshImpl.java:165)
at oracle.integration.platform.blocks.mesh.MeshImpl.request(MeshImpl.java:141)
at sun.reflect.GeneratedMethodAccessor1762.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:296)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:177)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:144)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy184.request(Unknown Source)
at oracle.tip.mediator.serviceEngine.MediatorServiceEngine.request2Mesh(MediatorServiceEngine.java:981)
at oracle.tip.mediator.service.BaseActionHandler.requestProcess(BaseActionHandler.java:202)
at oracle.tip.mediator.service.BaseActionHandler.requestProcess(BaseActionHandler.java:94)
at oracle.tip.mediator.service.BaseActionHandler.requestProcess(BaseActionHandler.java:74)
at oracle.tip.mediator.service.SyncRequestResponseHandler.process(SyncRequestResponseHandler.java:74)
... 64 more
Caused by: javax.xml.ws.soap.SOAPFaultException: FailedCheck : failure in security check
at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:882)
at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:715)
at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226)
at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97)
at oracle.integration.platform.blocks.soap.AbstractWebServiceBindingComponent.dispatchRequest(AbstractWebServiceBindingComponent.java:450)
at oracle.integration.platform.blocks.soap.WebServiceExternalBindingComponent.processOutboundMessage(WebServiceExternalBindingComponent.java:185)
... 88 more
[2010-04-01T12:16:03.578+05:30] [soa_server1] [ERROR] [] [oracle.soa.mediator.serviceEngine] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Updating fault processing DMS metrics
[2010-04-01T12:16:03.656+05:30] [soa_server1] [NOTIFICATION] [] [oracle.soa.mediator.serviceEngine] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [composite_name: calling_secured_web_service] [J2EE_MODULE.name: fabric] [component_instance_id: 3B28BA003D5A11DFBF807548C0B7C19C] [component_name: Mediator1] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [composite_instance_id: 30022] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] MediatorServiceEngine returning a response for operation = retrieveItemCost
[2010-04-01T12:16:03.656+05:30] [soa_server1] [NOTIFICATION] [] [oracle.wsm.agent.WSMAgent] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [J2EE_MODULE.name: fabric] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Message Type is normalized, exiting agent.processFault()
[2010-04-01T12:16:03.656+05:30] [soa_server1] [NOTIFICATION] [] [oracle.wsm.agent.WSMAgent] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: all_function_all_data] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [WEBSERVICE_PORT.name: ItemCostServiceSoapHttpPort] [APP: soa-infra] [J2EE_MODULE.name: fabric] [J2EE_APP.name: soa-infra] [WEBSERVICE.name: ItemCostService] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] Message Type is normalized, exiting agent.processFault()
[2010-04-01T12:16:04.296+05:30] [soa_server1] [ERROR] [OWS-04115] [oracle.webservices.service] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0:3] [APP: soa-infra] [arg: FabricProvider] [arg: javax.xml.rpc.soap.SOAPFaultException: FailedCheck : failure in security check] [TARGET: /Farm_test_domain/test_domain/soa_server1/soa-infra] [TARGET_TYPE: oracle_soainfra] An error occurred for port: FabricProvider: javax.xml.rpc.soap.SOAPFaultException: FailedCheck : failure in security check.
[2010-04-01T12:16:04.312+05:30] [AdminServer] [NOTIFICATION] [] [oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Dispatch.invoke failed.Exception stack trace written to trace file.
[2010-04-01T12:16:04.343+05:30] [AdminServer] [ERROR] [EM-00453] [oracle.sysman.emas.model.wsmgt.WSTestModel] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Failed to invoke operation
[2010-04-01T12:16:04.343+05:30] [AdminServer] [ERROR] [EM-00453] [oracle.sysman.emas.view.wsmgt.WSView] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE]*.ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Failed to invoke operation*
[2010-04-01T12:16:04.359+05:30] [AdminServer] [NOTIFICATION:24] [] [oracle.sysman.core.app.menu.XMLMenuManager] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] The Document for grid menu is not found.
[2010-04-01T12:16:04.531+05:30] [AdminServer] [WARNING] [] [org.apache.myfaces.trinidad.bean.PropertyKey] [host: sjandhya-idc1] [nwaddr: 10.177.219.95] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IUs7bmy1f_JLMm0Fye1Bg7vS000325,0] [APP: em] [TARGET: /Farm_test_domain/test_domain/AdminServer/em] [TARGET_TYPE: j2ee_application] Unserializable value:oracle.sysman.core.view.tgtctls.common.DefaultTreeModel@15622f9 for key:UINodePropertyKey[value,17]
Thanks
Nitin

Thanks again Billy,
I have configured a wallet with all the necessary certificates. Actually I have purchased a VeriSign trusted certificate and convert that into Oracle Wallet (p12) using openssl with appropriate password. And I'm calling UTL_HTTP.set_wallet('<path_to_wallet>','<pass_to_open_it>');
I have send my public key to them (web service company) and they need me to send my certificate with every request so that they can authenticate.
You are saying we don't have to write any code for TLS/SSL UTL_HTTP will take care of that, thats really good.
One more thing I want to mention here...
In Internet Explorer - When I am importing my certificate without my private key and trying to access web service I'm getting 404 page not found error.
But when I'm importing my certificate with the private key, I can see WSDL and all other methods offered by that web service.
I'm guessing Oracle Wallet that I'm creating with my certificate will store private key also. B'coz it is showing me User Certificate in Ready state.
ORA-00600 is not giving me proper location where I can find any error in my code.
Thanks
-Smith

Cross Domain error for Silverlight + MVC application with self hosted WCF service on azure

Hi,
We are migrating existing Silverlight application to MVC; existing Silverlight application is hosted on
Azure which is consuming self-hosted WCF service. For authentication we have implemented
ADFS with WIF (passive). The cloud service (<myWebSite>.cloudapp.net) is C Name to (<myWebSite>.<myDomain>.com) and we
are consuming WCF service at <myWebSite>.cloudapp.net/<myService>.svc, as we were getting “Cross Domain” error so we have added “clientaccesspolicy.xml” at the root of “WEB ROLE”.
Existing Silverlight application works fine but the problem occurred when we deploy our migrated application to the same cloud service. We are getting a “Cross Domain” error.
The same migrated application works fine on UAT environment, the only difference is UAT environment is
without ADFS WIF implementation.
Migrated application is half Silverlight and half MVC with initial landing page is Silverlight. MVC web role is used to host the service i.e. .SVC . To go to SL landing page , redirected from home controller. Following is being observed in fiddler for this
application
Existing Silverlight application -
After authentication with ADFS it redirect to Silverlight landing page.
Before calling service method it looks for “clientaccesspolicy.xml”
In response header we are getting the content of “clientaccesspolicy.xml”
And after this everything works fine
Migrated Silverlight-MVC application –
After authentication with ADFS it redirects to “HomeController” and from there we are redirecting to Silverlight landing page.
Before calling service method it looks for “clientaccesspolicy.xml”
In response header we are getting following content - “https://federation-sts.<myDomain>.com/adfs/ls/?wa=wsignin1.0&
wtrealm=https%3a%2f%2f<myWebSite>.<myDomain>.com&
wctx=rm%3d0%26id%3dpassive%26ru%3d%252fclientaccesspolicy.xml&wct=2014-03-17T10%3a36%3a04Z”
4.Throw “Cross Domain” error.
Also we have added filter in
RouteConfig
for .xml file
routes.IgnoreRoute("{*allxml}",
new { allxml = @".*\.xml(/.*)?" });
NOTE: There is no configuration change apart from MVC configuration.
We have done RDP to web role and found that “clientaccesspiolicy.xml” is present at “E:\approot” location and it is also accessible at “https://<myWebSite>.<myDomain>.com/clientaccesspolicy.xml”.
Please help
Thanks,
Rahul P

Hi,
Please try to configure the cross domain policy file to allow public read access (that is, access it without federation requirement), make sure you can access the address
http://something/clientaccesspiolicy.xml directly in a browser
without redirecting to check whether the cross domain policy file could be anonymous accessed (Please start a new browser session and make sure you're
not logged in. Then test the cross domain policy file.).
Best Regards,
Ming Xu
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

Problem with Cross-domain SSO, NTLM and ITS to R/3

Hello,
We are using EP 6.0.13.0 on a Windows environment. We have an ITS running WebGUI/ESS/MSS in another domain and that is the same domain where the R/3 and BI systems reside. We have configured NTLM authentication using IIS web server 6.0 and the IISProxy 1.6.2. We have configured SSO with the backends using the same ID as in the MS-ADS. Almost everything works fine.
The problem is that when we use the NTLM logon VIA the IIS to the portal, and then navigate to a WebGUI service transaction we are prompted for login. When we refresh the portal screen and try again - it works.
We have configured the mdc.hosts and are using the sendSAPSSO2Cookie.asp to generate the cross-domain logon ticket.
I have read that ITS may require the PAS be set up but I thought that was only used when you are going directly to the ITS (leveraging the NTLM authentication) - not when you are going through the portal.
Does anyone have some experience using ALL of the SSO features (i.e. SSO, cross-domain support, ITS, windows integrated authentication)?
We have though about the relax option for the domain but it does not apply as our domains are:
SERVER1.domain1.com and SERVER2.domain2.com
... so relaxing would not help unless we relaxed to the ".COM" which is unreasonable.
My regards,
Judson Maizels

Hi JUDSON
well i'll give one easy solution
make a alias under host file reside in winnt\system32\drivers\etc directory which has same domain name
i.e
SERVER1.domain1.com server1.mydomain.com
SERVER2.domain2.com server2.mydomain.com
it's works in my schenario we have a same system landscape
as you
regards,
kaushal

2012 R2 Hyper-V Replica and Cross Domain

Customer would like to user Hyper-V Replica, but their local site and DR site are different domains.
I know we need certificate. Is there any guide for this? I didn't find any configuration document, thanks.

Hi Sir,
Please refer to the similar thread :
https://social.technet.microsoft.com/Forums/windowsserver/en-US/420d239c-0475-480f-aa9c-c094d9ae226b/server-2012-hyperv-replication-cross-site-and-cross-domain?forum=winserverhyperv
Also the article below is a lab test about hyper-v replica based on certificate :
https://social.technet.microsoft.com/Forums/en-US/c3e309b6-1d5d-4e52-b859-cf36bd5af47d/forum-faq-how-to-implement-hyperv-replica-in-workgroup-environment?forum=winserverhyperv
Best Regards,
Elton Ji
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] .

ReportViewer & IReportServerCredentials WORKS within Domain; FAILS with Cross-Domain request:HTTP status 401: Unauthorized

The IReportServerCredentials approach with the ReportViewer control is working fine within a domain, but I get a 401 not authorized error for a Web IIS server trying to call a SSRS server in another domain. I've see plenty of helpful postings on the use
of IReportServerCredentials but nothing that provides suggestions for this cross domain issue. Hope someone has some ideas on this one. Thanking you in advance for your response.
Using VS 2008 VB.NET web app with ReportViewer control Version=8.0.0.0.
Outside domainA Web Server IIS 8. OS = Windows NT 6.2;
Inside domainA Windows 7 desktop; Inside domainA Windows Server 2003
SSRS using windows authentication and on SQL Server 2012. OS = Windows NT 6.2
The processing described below successfully produces a report when the web server app runs on a machine in the same domain as the SSRS server. For the "same domain" web app, both Win 7 desktop VS 2008 development server and Windows 2003 IIS 6 have
been tested successfully.
The report fails with error "The request failed with HTTP status 401: not authorized " when the web app is run from a windows IIS 8 machine (outward or Internet facing web server) that is not in the domain of the SSRS server. The ReportViewer control
credentials (provided by IReportServerCredentials and taken from the web.config file) match a domain account in the same domain as the SSRS
server and one that has browser permission on the report folder. The same credentials are used successfully for reports requested from within the SSRS domain.
One interesting thing is that on the Internet facing web server, I can access the report via a browser request. So it is possible to have a user request coming from the Internet facing machine get through the SSRS windows authentication. Just does not
work for the ReportViewer.
Using IReportServerCredentials interface per example provided by Microsoft msdn site. Code listed below.
IReportServerCredentials would appear to be a viable approach because it can pass credentials of a windows account known to the SSRS server, but not known to the client machine. By the way, database calls to SQL Server in domainA using a SQL Server
native login account work fine. So the network support communication to a domain that the web server does not belong to.
<Serializable()> _
Public NotInheritable Class MyReportServerCredentials
    Implements IReportServerCredentials
    Public ReadOnly Property ImpersonationUser() As System.Security.Principal.WindowsIdentity _
        Implements IReportServerCredentials.ImpersonationUser
        Get
            'Use the default windows user. Credentials will be
            'provided by the NetworkCredentials property.
            Return Nothing
        End Get
    End Property
    Public ReadOnly Property NetworkCredentials() As ICredentials _
            Implements IReportServerCredentials.NetworkCredentials
        Get
            'Read the user information from the web.config file.
            'By reading the information on demand instead of storing
            'it, the credentials will not be stored in session,
            'reducing the vulnerable surface area to the web.config
            'file, which can be secured with an ACL.
            'User name
            Dim userName As String = _
                ConfigurationManager.AppSettings("MyReportViewerUser")
            If (String.IsNullOrEmpty(userName)) Then
                Throw New Exception("Missing user name from web.config file")
            End If
            'Password
            Dim password As String = _
                ConfigurationManager.AppSettings("MyReportViewerPassword")
            If (String.IsNullOrEmpty(password)) Then
                Throw New Exception("Missing password from web.config file")
            End If
            'Domain
            Dim domain As String = _
                ConfigurationManager.AppSettings("MyReportViewerDomain")
            If (String.IsNullOrEmpty(domain)) Then
                Throw New Exception("Missing domain from web.config file")
            End If
            Return New NetworkCredential(userName, password, domain)
        End Get
    End Property
    Public Function GetFormsCredentials(ByRef authCookie As Cookie, _
                   ByRef userName As String, _
                   ByRef password As String, _
                   ByRef authority As String) As Boolean _
        Implements IReportServerCredentials.GetFormsCredentials
        authCookie = Nothing
        userName = Nothing
        password = Nothing
        authority = Nothing
        'Not using form credentials
        Return False
    End Function
End Class
'Set the ReportViewer values and retrieve the report from the SSRS server into a pdf file on the client machine.
ProposalRptViewer.ProcessingMode = Microsoft.Reporting.WebForms.ProcessingMode.Remote
' Set the ReportViewer ReportServerCredentials from the MyReportServerCredentials Class.
' Note the credentials are for a domain account defined in the same domain that the SSRS server belongs to and one that has browser permission on the report folder.
ProposalRptViewer.ServerReport.ReportServerCredentials = _
     New MyReportServerCredentials()
ProposalRptViewer.ServerReport.ReportServerUrl = New Uri(System.Configuration.ConfigurationManager.AppSettings(Web.[Global].CfgKeyReportServerURL))
ProposalRptViewer.ServerReport.ReportPath = System.Configuration.ConfigurationManager.AppSettings(Web.[Global].CfgKeyReportPathProposal)
ProposalRptViewer.ShowCredentialPrompts = False     ' disable prompting for data source credentials
Dim paramList As New Generic.List(Of ReportParameter)
Dim pInfo As ReportParameterInfoCollection
pInfo = ProposalRptViewer.ServerReport.GetParameters()
paramList.Add(New ReportParameter("ProposalID", ProposalID, True))paramList.Add(New ReportParameter("Entity", Entity, True))
paramList.Add(New ReportParameter("intRatesPage", intRatesPage1, True))
ProposalRptViewer.ServerReport.SetParameters(paramList)
' Process and render the report
ProposalRptViewer.ServerReport.Refresh()
Dim mimeType As String = Nothing
Dim encoding As String = Nothing
Dim streams As String() = Nothing
Dim extension As String = Nothing
Dim warnings As Microsoft.Reporting.WebForms.Warning() = Nothing
Dim returnValue As Byte()
' Render the proposal Rate Page 1 report to a Byte Array output in pdf file format.
returnValue = ProposalRptViewer.ServerReport.Render("PDF", Nothing, mimeType, encoding, extension, streams, warnings)
An error only occurs for web server not in the domain of SSRS Server:
The request failed with HTTP status 401: Unauthorized.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack
trace below.
Stack Trace:
[WebException: The request failed with HTTP status 401: Unauthorized.]
   Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.GetSecureMethods() +236
   Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.IsSecureMethod(String methodname) +58
   Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.SetConnectionSSLForMethod(String methodname) +16
   Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.LoadReport(String Report, String HistoryID) +226
   Microsoft.Reporting.WebForms.ServerReport.GetExecutionInfo() +192
   Microsoft.Reporting.WebForms.ServerReport.SetParameters(IEnumerable`1 parameters) +136
   DeltaRater.Web.ViewRates.btnCreateProposal_Click(Object sender, EventArgs e) in C:\alex\~~_____Rapid_Rater\SourceDir_VS2008_Jan17_2014\DRR\ViewRates.aspx.vb:911
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981
Version Information: Microsoft .NET Framework Version:2.0.50727.8009; ASP.NET Version:2.0.50727.8010

I got the answer to my question by following suggestions by Irb on another technical forum.
From web server (not on same domain), I was passing credentials of a domain account on the SSRS server. Irb suggested I create a local account on the SSRS server and pass those credentials. I tried this but got the same results.
This approach worked for web server in SSRS domain, but failed with 401 Unauthorized for web server outside the SSRS domain. Per suggestion for local account on SSRS server, I tried passing empty string "" as the domain via IReportServerCredentials.
Again this works for web server in the same domain as SSRS. But I get the 401 Unauthorized error when the web server is outside the domain. In testing and checking similar posts, I discovered an additional piece was required for the report request to work
across domains. The default user did not have authority to send the request and/or receive the report. Adding the following in <system.web> section of web.config file was needed.
<identity impersonate="true" userName="localwindowsuser" password="#########"/>          where "localwindowsuser" is a windows user defined on the web server.
I never needed this extra piece when the web server ran in the same domain as the SSRS server. I thank Irb for making me go through the details of additional tests because that is how I stumbled across an identity comment and ultimately got things working.

There appears to be a persistent connection limit of 2 for cross domain requests

I am building a service that allows anybody to add real-time push updates to their website or web application. To do this I'm using the Access-Control-Allow-Origin header response from a cloud hosted server.
When establishing a connection we create one persistently connected HTTP connection and use a second connection to send requests (subscriptions/commands).
The problem I'm seeing looks very similar to the old 2 socket to a server connection limit (related to about:config "network.http.max-persistent-connections-per-server").
Is there a limitation on the number of persistent cross domain connections that can be established from a single Firefox process? If so, where is the configuration options to override this?
This problem can be easily duplicated by going to the following page in two tabs within the same Firefox process:
http://kwwika.com/Standalone/Demos/WorldCup2010/
You will notice that one page connects and starts to receive updates. The second will not connect until you close the first tab/page.
I'd like to be able to provide feedback to the users of Kwwika about this problem so any information you can provide me with would be very much appreciated.
== URL of affected sites ==
http://kwwika.com/Standalone/Demos/WorldCup2010/
== User Agent ==
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.70 Safari/533.4

[bump]

Problem authenticating user in Active Directory cross domain

Hi,
We have two different AD servers serving our London and Tokyo networks. My application runs in London network but used by both London and Tokyo users.
The two ADs have domain trust setup between them. I have groups defined in London AD to which users from both the London and Tokyo ADs are assigned.
'm trying to connect to London AD using the "users credentials" and retrieve the groups they are assigned to.
I can connect to the London AD using any of the London user and I could retrieve the groups. But when I use a Tokyo user credentials to connect using the London AD server 'm getting Security exception with a code indicating "User Not Found".
The code I use which is very basic is given below . The code below run as such gives me the following error,
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece.
If I change in the code below, Provider URL to Tokyo AD Server URL then it works but I can't use that due to security restrictions. As per the Windows Team the domain trust should allow me to connect/bind to the London AD Server with the Tokyo credentials.
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "london ldap server url");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.REFERRAL, "follow");
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
env.put(Context.SECURITY_CREDENTIALS, "password");
env.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory");
ctx = new InitialLdapContext(env, null);
I would like to know how to authenticate a user in a cross domain Active Directory environment. I read in one of the blogs that the "simple bind" will not work for cross domain user authentication. Unfortunately the blogger didn't mention what would work :( . Any help is much appreciated.
Please bear with me if my query is a naive one and point me in the right direction.
Thanks
Jothi

Hi Praveen,
to avoid losing data when user objects are moved to new locations in the LDAP server, it is possible to configure the User Management Engine to use the value of a specific unique attribute as part of the unique ID instead of the distinguished name.
For this, you have to change the following UME properties:
For user objects: ume.ldap.unique_user_attribute=<attributename>
For account objects: ume.ldap.unique_uacc_attribute=<attributename>
For group objects: ume.ldap.unique_grup_attribute=<attributename>
Be aware that the attribute (i.e. cn or uid) must be unique in the configured user/group path.
Please read SAPNote 777640 for more information regarding this problem and the way to change the UME properties.
Best regards,
Robert

Cross domain policy issues

I am attempting to communicate with a web service via flash
across sub domains. All works fine and dandy on my local machine,
but when i upload to my web server there is no communication across
the domains. The way the servers are configured, i don't have
access to the root of the domain to place the crossdomain.xml in
the default location, so i have it in the folder next to the web
service and link to it directly shown below. I have this line on
the first frame of the first layer of my file
quote:
System.security.loadPolicyFile("MYDOMAIN/StudentConnect2Apply/crossdomain.xml");
The server containing the flash file is insecure and the web
service is secure (https). this is what my crossdomain.xml file
looks like:
quote:
<cross-domain-policy>
<allow-access-from domain="*.MYDOMAIN.net"
secure="false"/>
</cross-domain-policy>
I have also enabled logging within my flash player to track
down problems, when i initially load the page in the browser, it
approves the policy file:
quote:
OK: Policy file accepted:
https://MYDOMAIN/StudentConnect2Apply/crossdomain.xml
But after submitting the form and attempting to interact with
the web service, i get an error saying permission is denied due to
lack of policy file permissions and
quote:
Warning: Failed to load policy file from
MYDOMAIN/crossdomain.xml
It is looking in the root of the domain after i defined and
it accepted the overridden location. Is there another way to define
where the crossdomain.xml file is located that i am missing,
possibly in the web service settings somewhere?

I have found my answer, thanks to another forum.
Meta-Cross Domain Policies.
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_03.html
Basically I can now say "f*ck you adobe. I as a college
student who likes to host things on my 150 MB of server space can
no longer host XML formatted levels for games I write. Because I am
not the administrator of the server and will never be able to
convince the administrator to let me have the MCDP file allow my
flash file to load it's levels."
F*ck you Adobe, F*ck You.

Safari cross domain error

I tired to access a web site via Safari that I previously was able to access; however, now I get the following message: "Cross Domain Error: Cross domain is not supported by this browser." Is there a plug-in or something else that would allow me access the site?

Hi,
Please try to configure the cross domain policy file to allow public read access (that is, access it without federation requirement), make sure you can access the address
http://something/clientaccesspiolicy.xml directly in a browser
without redirecting to check whether the cross domain policy file could be anonymous accessed (Please start a new browser session and make sure you're
not logged in. Then test the cross domain policy file.).
Best Regards,
Ming Xu
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

OAM - Cross Domain SSO Solution

Hello Experts,
We have two web applications X and Y both are deployed in Tomcat (two different tomcat and they are in different domain). Application X has its own native authentication mechanism(User ID and Password) and application Y does not have any authentication mechanism (has only User Id in its DB).
I have to implement cross domain SSO and Single Logout between these two applications.
I unserdtand that I have to install webgates for tomcat to protect those applications and configure policies.But I am wondering how to avoid displaying login page of application X after OAM Authentication?
Can this be achieved by configurations or require custom coding?
Please assist me.
Thanks
INIYA

Hi Iniya,
Couple of points -
1) There are no webgates for Tomcat. You would have to install reverse proxy web servers in front of the Tomcat servers and add webgates to the reverse proxies.
2) For avoiding the login page for application X, you would need a separate SDK based accessgate (custom-coded and plugged into Tomcat).
So no, without custom coding, you will not be able to achieve this.
For single logout, you will need to cross link the logout URLs for both domains so that visiting one logout link will log you out of both domains. However, it's more complicated for session timeouts.
-Vinod

Oracle maps cross domains

Hello everyone,
I am facing the following issue. I have mapviewer deployed on a serverA and a web app deployed on serverB.
Then I call the mapviewer FOI server from the app of serverB and I get the following error message:
*[MVThemeBasedFOIControl.foiLoaded] mapviewer-05523 cannot process response from mapviewer server. (<?xml version="1.0" encoding="UTF-8" ?> <oms_error> Requests are not allowed to be sent to this remote target URL via proxy servlet. (http://172.31.128.50/mapviewer/foi)</oms_error>)*
I am using mapviewer Ajax API version Ver11_1_1_5_B110527.
Has anyone experinced such errror?????????

Ok lads,
Seems I found the solution. Following the instructions from this post [http://oraclemaps.blogspot.com/2008/09/cross-domain-oracle-maps-scripting.html] I have 90% the solution.
What also needs to be done is to pass the url of serverB to the mapviewer configuration file of serverA in the section <proxy_enabled_hosts>.
At list this works for me.

FPN - Cross domain configuration...

Similar Messages

Maybe you are looking for