Friendly URL redirection to SSL in security mode 2

10gR3...going to here:
http://ourportal/portal/server.pt?open=512&objID=405&mode=2
redirects to:
https://ourportal/portal/server.pt?open=512&objID=405&mode=2
whereas going to
http://ourportal/portal/server.pt/community/it_policies/405
redirects to the subportal home page, instead of the https url of the same page.
Is this expected? Bug?

What happens if you go directly to https://ourportal/portal/server.pt/community/it_policies/405 instead of redirecting from http? Does that resolve?
How about if you try with a community that has a simple name like 'test' instead of special characters in the name like 'it_policies'?
What mechanism are you using to redirect from http to https? For example if it's a load balancer perhaps the rules are doing something incorrect when resolving to https? Perhaps you can use wireshark to compare the request from lb to portal, versus making a direct https request to portal.
Having said that there are bugs related to friendly urls. For example, here's one as an example...but probably not related to your issue...unless you have SSO enabled:
Bug 7825067: WITH FRIENDLY URLS AND SSO ENABLED, ATTEMPTING TO BROWSE A BOOKMARKED COMMUNITY URL WILL DIRECT THE USER TO THEIR MY PAGE INSTEAD OF THE PROPER COMMUNITY
This might require some more support troubleshooting to determine if it's a bug, or if there's some kind of workaround.

Similar Messages

SSL and security modes

We are getting ready to implement SSL on the Portal Server and after reading the documentation, I'm not sure which security mode we need to be in. Will mode 0 be fine as long we require SSL on IIS on the portal server?

Hi Eric,
You mentioned that your site is in mode 2. How was the performance? Are you using an accelerator? Please send me the link if that is alright. We have been playing with https (mode 2) but no success since all admin tasks stopped working. Our next step is to install a separate portal inside the firewall....Any tips would be appreciated.
Thanks,
Leona------- Eric Whitley wrote on 9/17/04 10:33 AM -------
I think you'll want to at least set SSL mode to 1. I'm going to just write out my understanding of things, and I only really have PT 4.5 WS in production, so if I'm off, well... somebody correct me. :)
Something to keep in mind - Plumtree needs to "know" which SSL mode you're setting up so it can construct the links for all click-throughs (http://myservervs https://myserver).
0 = no SSL. Even if you place SSL on IIS Plumtree won't care - in fact, if you click on 'require SSL' on IIS, I think you'll run into problems. Plumtree won't construct URLs with the appropriate "https" prefix, which will likely cause problems.
1 = apply security to pages that need it. Login pages, document click-throughs, etc. as defined in the secure activity spaces configuration. Plumtree will apply the "https" to only those pages/links.
2 = SSL everything, everywhere. Our portal current has this configuration.
Clicking on "require SSL" on the virtual directory will only deal with the IIS portion - you still need to indicate to Plumtree how much/where you want it applied so it can construct the links appropriately. Try setting "1" to see if it will get you where baseline security - our clients and global security team force us to SSL everything conceivable, so we use setting "2".
That help?
Eric

SSL termination and URL redirection

Hi All,
I have configured application in cisco ACE module for which i got more requirement for URL redirection.
Application setup is as below.
VIP : 10.232.92.x/24 which is pointing to 2 Web server 10.232.94.x/24 range. In addition to that app team want APP server also need to be loadbalanced hence new VIP is configured for 10.232.92.x/24 which is pointing to 2 different app server 10.232.94.x/24.
Both Web and App servers are having different IP but in same broadcastdomain. SSL termination is done on ACE.
Issue : 1) After initiating connection i am getting login page but after login its again giveing login page. After 2 to 3 trial its giving me application page but with invalid session error.
2) How to do https connection redirecting to different path.
Ex. https://apps.xyz.com to https://apps.xyz.com/abc
configuration :
probe tcp rem_app_tcp
port 2100
interval 5
passdetect interval 10
passdetect count 2
open 1
probe http rem_itsm_https
port 80
interval 5
passdetect interval 10
passdetect count 2
request method get url /keepalive/https.html
expect status 200 200
open 1
serverfarm host app_tcp
predictor leastconns
probe rem_app_tcp
rserver server1 2100
    inservice
rserver server2 2100
    inservice
serverfarm host rem_https
predictor leastconns
probe rem_itsm_https
rserver server3 80
    inservice
rserver server4 80
    inservice
action-list type modify http remurlrewrite
ssl url rewrite location "apps\.xyz\.com"
policy-map type loadbalance first-match app_tcp
class class-default
    serverfarm app_tcp
policy-map type loadbalance first-match app_https
class class-default
    serverfarm rem_https
    action remurlrewrite
class-map match-all VIP_rem_app_tcp
2 match virtual-address 10.232.92.8 any
class-map match-all VIP_rem_itsm_https
2 match virtual-address 10.232.92.9 tcp eq https
class-map match-all real_servers_vlan273
2 match source-address 10.232.94.0 255.255.255.0
policy-map multi-match VIPS
class real_servers_vlan273
    nat dynamic 1 vlan 273
class VIP_rem_app_tcp
    loadbalance vip inservice
    loadbalance policy rem_app_tcp
    loadbalance vip icmp-reply
class VIP_rem_itsm_https
    loadbalance vip inservice
    loadbalance policy rem_itsm_https
    loadbalance vip icmp-reply
    ssl-proxy server Remedy-SSL-PROXY

Hi Kanwaljeet,
I have applied below config for HTTPS URL redirection. Seems it dint work for me. Redirect serverfarm and policy map was not hitted.
access-list ANY line 8 extended permit ip any any
probe tcp rem_app_tcp
port 2100
interval 5
passdetect interval 10
passdetect count 2
open 1
probe http rem_itsm_https
port 80
interval 5
passdetect interval 10
passdetect count 2
request method get url /keepalive/https.html
expect status 200 200
open 1
ip domain-name nls.jlrint.com
ip name-server 10.226.0.10
ip name-server 10.226.128.10
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://%h/arsys 301
inservice
rserver host serv1
ip address 10.232.94.74
inservice
rserver host serv2
ip address 10.232.94.75
inservice
rserver host serv3
ip address 10.232.94.76
inservice
rserver host serv4
ip address 10.232.94.77
inservice
serverfarm redirect REDIRECT-SERVERFARM
predictor leastconns
rserver REDIRECT-TO-HTTPS
    inservice
serverfarm host rem_app_tcp
predictor leastconns
probe rem_app_tcp
rserver serv1 2100
    inservice
rserver serv2 2100
    inservice
serverfarm host rem_itsm_https
predictor leastconns
probe rem_itsm_https
rserver serv3 80
    inservice
rserver serv4 80
    inservice
ssl-proxy service Remedy-SSL-PROXY
key Remkey.pem
cert Remcert.pem
class-map type management match-any MANAGEMENT_CLASS
3 match protocol ssh any
4 match protocol snmp any
5 match protocol icmp any
6 match protocol http any
7 match protocol https any
class-map match-all VIP_rem_app_tcp
2 match virtual-address 10.232.92.8 any
class-map match-all VIP_rem_itsm_http
2 match virtual-address 10.232.92.9 tcp eq www
class-map match-all VIP_rem_itsm_https
2 match virtual-address 10.232.92.9 tcp eq https
class-map match-all real_servers_vlan273
2 match source-address 10.232.94.0 255.255.255.0
policy-map type management first-match MANAGEMENT_POLICY
class MANAGEMENT_CLASS
    permit
policy-map type loadbalance first-match REDIRECT-PM
class class-default
    serverfarm REDIRECT-SERVERFARM
policy-map type loadbalance first-match rem_app_tcp
class class-default
    serverfarm rem_app_tcp
policy-map type loadbalance first-match rem_itsm_https
class class-default
    serverfarm rem_itsm_https
policy-map multi-match VIPS
class real_servers_vlan273
    nat dynamic 1 vlan 273
class VIP_rem_itsm_http
    loadbalance vip inservice
    loadbalance policy REDIRECT-PM
class VIP_rem_itsm_https
    loadbalance vip inservice
    loadbalance policy rem_itsm_https
    loadbalance vip icmp-reply
    ssl-proxy server Remedy-SSL-PROXY
class VIP_rem_app_tcp
    loadbalance vip inservice
    loadbalance policy rem_app_tcp
    loadbalance vip icmp-reply
interface vlan 270
description VIP
ip address 10.232.92.4 255.255.255.0
alias 10.232.92.6 255.255.255.0
peer ip address 10.232.92.5 255.255.255.0
access-group input ANY
service-policy input MANAGEMENT_POLICY
service-policy input VIPS
no shutdown
interface vlan 273
description Real server
ip address 10.232.94.66 255.255.255.192
alias 10.232.94.65 255.255.255.192
peer ip address 10.232.94.67 255.255.255.192
access-group input ANY
nat-pool 1 10.232.92.253 10.232.92.253 netmask 255.255.255.0 pat
service-policy input MANAGEMENT_POLICY
service-policy input VIPS
no shutdown

Use multiple URLS in Mixed Security mode

.NET Portal Version: 6.0.1.218452 on Windows 2003 server
We have setup portal in Mixed mode (Securoty mode = 1), keeping login-page in secure mode.
Now we wish to use to different URLs. Configured and created Experience definition.
I believe only 1 certificate can be associated to a SITE in IIS-6.
So if I create another site in IIS-6 with header information as 2nd URL, will it work?
Do I need to do anything special?
Any suggestions???
Edited by kuljitsingh at 01/02/2007 12:40 PM

Hi
Yes your above statements are correct, but what is the use?? In effect, you are giving a single transaction code in a single call of the transaction.
whereas in session method, within a single BDC GROUP, you can give multiple transactions.
This is infact one of the major differences between CALL TRANSACTION and SESSION METHOD.
Hope u understood
Reward points if helpful
Regards

Disable Security Alert while redirecting for secure to non secure mode.

Hi Experts,
I am new to the portal and came accross a very different kind of requirement for which i need you advice.
On pressing the Logout button on the portal, the navigation/control is redirecting to the non secure Http website. My portal is on Https site. Now the issue is upon logging out I am getting the security Alert " You are about to direct to a connection that is non secure. Do you want to continue? "
Now I have a requirement to suppress or remove this pop up. I do understand that this is the IE functionality to show the pop message and I have already uncheck the check box under Internet Options -> Advanced -> miscellaneous -> Warn if changiung between Secure to non secure.
Please suggest !
Thanks
Shobhit Taggar

Shobhit,
Which version of IE?
Regards,
Sandeep Tudumu

Disable security Alert while redirecting from secure to non secure mode

Hi Experts,
I am new to the portal and came accross a very different kind of requirement for which i need you advice.
On pressing the Logout button on the portal, the navigation/control is redirecting to the non secure Http website. My portal is on Https site. Now the issue is upon logging out I am getting the security Alert " You are about to direct to a connection that is non secure. Do you want to continue? "
Now I have a requirement to suppress or remove this pop up. I do understand that this is the IE functionality to show the pop message and I have already uncheck the check box under Internet Options -> Advanced -> miscellaneous -> Warn if changiung between Secure to non secure.
Please suggest !
Thanks
Shobhit Taggar

Shobhit,
Which version of IE?
Regards,
Sandeep Tudumu

Sharepoint and SSRS report trust relationship ssl/tls secure channel remote certificate is invalid

I have no experience with sharepoint at all. but this is what I observed.
I intermittently getting this error message on my sharepoint. could not establish trust relationship for the ssl/tls secure channel. Remote Certificate is invalid according to the validation procedure.
Screnshot of the error
This is how the sharepoint page layout.
I have report.aspx. and below is the content of the aspx file.
The url is http://sharepoint.COMPANY.com/Pages/Report.aspx.
The URL is intranet only.
The sharepoint is hosted in SERVER1 and the SSRS is hosted in SERVER.
I observed this error happens on both HTTP and HTTPS http sharepoint COMPANY com/Pages/Report.aspx OR https sharepoint COMPANY com/Pages/Report.aspx
So far, the step I did was to follow this blog http://krishnasangani.blogspot.ca/2013/06/the-remote-certificate-is-invalid.html Restarted
IIS in SERVER1 AND SERVER2. but the problem persist. Another I have done is to click the certificate in internet explorer and everything looks ok on that side to (certificate is valid)
It seems to only happen earlier during the morning, then it fixes itself around 9 Oclock. It has been on going for about 2 weeks. Please help troubleshooting this.
<%@ Page Inherits="Microsoft.SharePoint.Publishing.TemplateRedirectionPage,Microsoft.SharePoint.Publishing,Version=14.0.0.0,Culture=neutral,PublicKeyToken=71e9bsasdasdasd9c" %> <%@ Reference VirtualPath="~TemplatePageUrl" %> <%@ Reference VirtualPath="~masterurl/custom.master" %><%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bsasdasdasd9c" %>
<html xmlns:mso="urn:schemas-microsoft-com:office:office" xmlns:msdt="uuid:547SF010-65B3-11d1-A29F-00457845FFSW"><head>

<title>Report</title></head>
A few questions I have in mind is Any pointer to troubleshoot this problem AND By looking at the ASPX file, Would you be able to determine what method is my Sharepoint page calling the SSRS report , integrated mode, native mode? IEFrame? The reason I am asking
this is that maybe IF I google using the right terminology I can get to the similar problem and solution.
Thanks

Please let us know if you are using
SharePoint communicates to an external service via HTTPS
Please try perform following steps:
Fix is to setup a trust between SharePoint and the server requiring certificate validation.
In SharePoint Central Administration site, go to “Security” and then “Manage Trust”. Upload the certificates to SharePoint. The key is to get both the root and subordinate certificates on to SharePoint.
The steps to get the certificates from the remote server hosting the WCF service are as follows:
1. Browse from IE to the WCF service (e.g., https://remotehost/service.svc?wsdl)
2. Right click on the browser body and choose “Properties” and then “Certificates” and then “Certificate Path”.
This tells you the certificate chain that’s required by the other server in order to communicate with it properly. You can double-click on each level in the certificate chain to go to that particular certificate, then click on “Details” tab, “Copy to
File” to save the certificate with the default settings.
As an example, get both VeriSign & VeriSign Class 3 Extended Validation SSL CA.
reference : http://blogs.technet.com/b/sharepointdevelopersupport/archive/2013/06/13/could-not-establish-trust-relationship-for-ssl-tls-secure-channel.aspx
If my contribution helps you, please click Mark As Answer on that post and
Vote as Helpful
Thanks, ShankarSingh(MCP)

ISE & Switch URL redirect not working

Dear team,
I'm setting up Guest portal for Wired user. Everything seems to be okay, the PC is get MAB authz success, ISE push URL redirect to switch. The only problem is when I open browser, it is not redirected.
Here is some output from my 3560C:
Cisco IOS Software, C3560C Software (C3560c405-UNIVERSALK9-M), Version 12.2(55)EX3
SW3560C-LAB#sh auth sess int f0/3
            Interface: FastEthernet0/3
          MAC Address: f0de.f180.13b8
           IP Address: 10.0.93.202
            User-Name: F0-DE-F1-80-13-B8
               Status: Authz Success
               Domain: DATA
      Security Policy: Should Secure
      Security Status: Unsecure
       Oper host mode: multi-domain
     Oper control dir: both
        Authorized By: Authentication Server
           Vlan Group: N/A
     URL Redirect ACL: redirect
         URL Redirect: https://BYODISE.byod.com:8443/guestportal/gateway?sessionId=0A005DF40000000D0010E23A&action=cwa
      Session timeout: N/A
         Idle timeout: N/A
    Common Session ID: 0A005DF40000000D0010E23A
      Acct Session ID: 0x00000011
               Handle: 0xD700000D
Runnable methods list:
       Method   State
       mab      Authc Success
SW3560C-LAB#sh epm sess summary
EPM Session Information
Total sessions seen so far : 10
Total active sessions      : 1
Interface            IP Address   MAC Address       Audit Session Id:
FastEthernet0/3       10.0.93.202 f0de.f180.13b8    0A005DF40000000D0010E23A
Could you please help to explore the problem? Thank you very much.

With switch IOS version later than 15.0 the default interface ACL is not required. For url redirection the dACL is not required as this ACL is part of traffic restrict for "guest" users.
In my experiece some users can not get the redirect correctly because anti-spoof ACL on management Vlan or stateful firewall blocks the TCP syn ack.
It is rare in campus network access layer switches have user SVI configured so the redirect traffic has to be sent from the netman SVI, but trickly the TCP SYN ACK from the HTTP server will be sent back from the netman Vlan without source IP changed. (The switch is spoofing the source IP in my understanding with changing only the MAC address of the packet). In most of the cases there should be a basic ACL resides on the netman SVI on the first hop router, where the TCP SYN ACK may be dropped by the ACL.
tips:
1. "debug epm redirect" can make sure your traffic matches the redirect url and will get intercepted by the switch
2. It will be an ACL or firewall issue if you can see epm is redirecting your http request but can not see the SYN ACK from the requested server.
Which can win the race: increasing bandwidth with new technologies VS QoS?

ISE Wired Central Web Authentication no url redirect

We are setting up ISE for wired guest accest but are having trouble with the client being redirected. The switch gets the download from ISE and shows that it should use the URL redirect with the correct ACL.
ISEtest3560#show authentication sessions interface fastEthernet 0/2
            Interface: FastEthernet0/2
          MAC Address: 001d.09cb.78bd
           IP Address: Unknown
            User-Name: 00-1D-09-CB-78-BD
               Status: Authz Success
               Domain: DATA
      Security Policy: Should Secure
      Security Status: Unsecure
       Oper host mode: multi-auth
     Oper control dir: both
        Authorized By: Authentication Server
           Vlan Group: N/A
              ACS ACL: xACSACLx-IP-ISE-Only-52434fbe
     URL Redirect ACL: ACL-WEBAUTH-REDIRECT
         URL Redirect: https://REMOVED.Domain.corp:8443/guestportal/gateway?sessionId=0A0003E600000039064485B1&action=cwa
      Session timeout: N/A
         Idle timeout: N/A
    Common Session ID: 0A0003E600000039064485B1
      Acct Session ID: 0x00000293
               Handle: 0x95000039
Runnable methods list:
       Method   State
       dot1x    Failed over
       mab      Authc Success
From the client pc I can get name resolution for anything I ping. I also can ping the ise server by name. The ACL that is downloaded it as follows:
Extended IP access list xACSACLx-IP-ISE-Only-52434fbe (per-user)
    10 permit udp any eq bootpc any eq bootps
    20 permit udp any any eq domain
    30 permit ip any host 10.4.37.91
    40 deny ip any any log
Extended IP access list ACL-WEBAUTH-REDIRECT
    10 deny udp any eq bootpc any eq bootps
    20 deny udp any any eq domain
    30 deny ip any host 10.4.37.91
    40 permit tcp any any eq www (13 matches)
    50 permit tcp any any eq 443
    51 permit tcp any any eq 8443
    60 deny ip any any
The machine passes the Authentication with MAB and hits the CWA Authorization profile, ISE shows the cient as "Pending" then the next entry above that is the log is the dACL getting pushed to the switch. Could part of the issue be that the device shows Unknown for IP address? The command ip device tracking is in the swtich:
ISEtest3560#show running-config | include tracking
ip device tracking
ISEtest3560#
We have 802.1x clients working and the IP address for those do show up..
Please advise,
Thanks,
Joe

ISEtest3560#show ip access-lists interface fastEthernet 0/2
ISEtest3560#
Doesn't appear the dacl is being applied.
interface FastEthernet0/2
switchport access vlan 11
switchport mode access
ip access-group ACL-DEFAULT in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 999
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab webauth
authentication priority dot1x mab webauth
authentication port-control auto
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
spanning-tree guard root
Extended IP access list ACL-DEFAULT
    10 permit udp any eq bootpc any eq bootps
    20 permit udp any any eq domain
    30 permit icmp any any
    40 permit udp any any eq tftp
    41 permit ip any host 10.4.37.91
    50 deny ip any any log (1059 matches)
Could the dACL being causing the issue with the Unknown, or is the Unknow causing the issue with the dACL?
Thanks,
Joe

ISE CWA FLEXCONNECT - No url redirect

Hi,
I'm setting up a LAB environment for CWA with ISE(1.2.1), vWLC(8.0.100), ASA5505(9.1.X) and a 2602 AP in flexconnect mode.
Unfortunately I'm running into problems.
The AP, WLC and ISE is all running in vlan 1 which terminates in the 5505 as a inside interface.
Vlan 2 is a guest network terminating on a separate interface in the ASA.
The problem that I'm facing is that the url-redirect from the ISE dosent' work. If i check the client summery on the vWLC I can see that the client get applyes the redirect flexconnect ACL and that the URL is present. I've verified that it's not a DNS issue and I'm able to manually connect to ISE so there is no ACL blocking me. The client just dosen't get the redirect. I've tired with multiple devices (windows,ios,android) and it's all the same.
I've followed the following guides:
http://www.drchaos.com/flexconnect-local-switching-guestbyod/
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116087-configure-cwa-wlc-ise-00.html#anc11
Currently I'm at work but I can provide some debug output later.
Have anyone seen this behavior before?

It is possible that you are hitting the following bug:
https://tools.cisco.com/bugsearch/bug/CSCue68065
One thing this bug does not mention is that there is another resolution outside of disabling local switching. The alternative is:
1. Create a standar ACL on the controller that is named exactly as the FlexConnect ACLs
2. The standard ACL does not have to have any ACE in it
I have ran into this issue before and the above workaround has worked for me. The issue was supposed be addressed in version 8.x of the WLC but I think it is still worth giving it a try.
Thank you for rating helpful posts!

Configuring Oracle Application Server to use a user friendly url

Hi All,
I am having trouble configuring the apache httpd.conf file within an applicaton server to be able to use user-friendly urls for the infrastructure identity management tools server. I also need this for security reasons as well as hardware reasons - loadbalancing.
At the moment I have a standard setup, whereby the sso application server is using port 7777. I would like the user not to enter the port, but to enter just a standard url, like http://login.<company>.com.au, so that if the user needs to modify oid using the oiddas web application, they can enter something like http://login.<company>.com.au/oiddas/ rather than http://<machine host name>:7777/oiddas/. This would also be used by portal for sso logins.
From the standard installation, Apache was configured as follows:
Port 7777
Listen 7777
ServerName <machine host name>
DocumentRoot <root document folder>
Now reading the documentation from the Oracle Application Server Installation notes for the Http Server, they document how to do this (in the loadbalancer section - this will eventually be used in the hardware setup):
Port 80
Listen 7777
Listen 80
# Virtual Hosts
# This section is mandatory for URLs that are generated by
# the PL/SQL packages of the Oracle Portal and various other components
# These entries dictate that the server should listen on port
# 7777, but will assert that it is using port 80, so that
# self-referential URLs generated specify www.oracle.com:80
# This will create URLs that are valid for the browser since
# the browser does not directly see the host server.oracle.com.
NameVirtualHost <machine ip>:7777
<VirtualHost <nameofmachine>:7777>
ServerName login.<company>.com.au
Port 80
</VirtualHost>
# Since the previous virtual host entry will cause all links
# generated by the Oracle Portal to use port 80, the server.company.com
# server needs to listen on 80 as well since the Parallel Page
# Engine will make connection requests to Port 80 to request the
# portlets.
NameVirtualHost <machine ip>:80
<VirtualHost <nameofmachine>:80>
ServerName login.<company>.com.au
Port 80
<VirtualHost>
Note that I used slightly different names for the url's rather than the oracle names www.oracle.com and server.oracle.com
Now after applying this, I noticed not only could I not go to the oiddas from the original machine name, but also couldnt go there from the new machine name.
Also I was not even able to go to the standard index page whereby you can go to the enterprise manager for the application server, from either names.
The following urls provide me with "The Page Cannot Be Displayed" error message:
http://login.<company>.com.au:7777/
http://<nameofmachine>:7777/
The following urls provide me with "Page Under Construction" error message:
http://login.<company>.com.au/
http://<nameofmachine>/
Could someone please tell me why this is the case, considering I am using the installation procedures Oracle has published within the Oracle Http Server Admistrators Guide (http://download-west.oracle.com/docs/cd/B14099_19/web.1012/b14007/netconf.htm#sthref379).
Cheers
Rodney

Hi Rondey,
Ik think that I can see your probleem.
Just change the following line at your httpd.conf, then restart the component.
First of all if the port is installed with nr. 7777. then the listen process will be on port 7778
the second thing is just try to do the following steps
((Port 80 to Port 7777)))
Listen 7778
%%%% In loadbalancer section %%%%%%
just add the following lines
Listen 80
Listen 8103
Listen 8102
NameVirtualHost *
NameVirtualHost *:8103 or 80
If you want to use this ports (8103 or 8102) for other site (url), then
<VirtualHost *:80>
ServerName <machine ip> or (host name)
Hear from U,
Regards,
Hamdy

BI Publisher with Oracle e-Business Suite 11i in EBS security mode

Seems I submitted below in wrong forums earlier so posing to correct one now. Appreciate any help.
Hi All,
I want to configure BI Publisher that comes as a part of OBIEE in Oracle E-Business Suite security mode. My Oracle E-Business Suite 11i runs on 3 node RAC database and 3 node apps tier/cm tier. As per configuration guide, I changed security mode in BIP to 'Oracle E-Business' and uploaded DBC file from E-business suite Web&Forms tier. In DBC file TWO_TASK parameter has value of test_806_BALANCE which is just an alias in tnsnames.ora for load balancing. Now when I go to BI publisher and click on 'Roles and Permission' tab in security center, it gives me 500 Internal server error.
But if I change this TWO_TASK value to any particular RAC instance sid, I am able to see all responsibility in Roles and Permission tab. This seems that BI Publisher makes jdbc connection url to database on the fly by reading DB_HOST, dB_Port and TWO_TASK parametes from dbc file and due to this my BI Publisher is single point of failure if the RAC instance goes down which I mentioned in DBC file. Even though E-Business Suite is in HA, BI publisher is not taking advantage of this HA db.
Any one has idea how to over come this situation.

You can try for a luck by posting the thread in BI Publisher Section of this Forum..

The dreaded 404 message using basicHttpBinding, Transport security mode, and certificates

I am working on setting up a WCF service using mutual authentication with both client and server certifiates. The service is hosted in IIS 7, and I'm trying to access it from a simple console app. When I try to connect to the service, I get the error ""There
was no endpoint listening at
https://localhost/IISHostedService/MyService.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details." The inner exception is "The remote server returned an error:
(404) Not Found."
I have seen people all over the net reporting this error, but so far none of their fixes work for me. I have an HTTPS binding in IIS for my app, and I am able to browse to my service (using either http or https) and view it with no problems. I can get the
wsdl (also over either protocol) with no issues, but connecting from the client doesn't work.
Here is my server config:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceCredentials>
<serviceCertificate findValue="ServerCertificate" storeLocation="LocalMachine" x509FindType="FindBySubjectName" />
<clientCertificate>
<authentication revocationMode="NoCheck" />
</clientCertificate>
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_MyService">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="MyService">
<endpoint binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_MyService" contract="Namespace.IContract" />
</service>
</services>
</system.serviceModel>
And my client:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="clientEndpointBehavior">
<clientCredentials>
<clientCertificate findValue="ClientCertificate" storeLocation="LocalMachine" x509FindType="FindBySubjectName"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_MyService" closeTimeout="00:10:00"
openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost/IISHostedService/MyService.svc behaviorConfiguration="clientEndpointBehavior"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_MyService"
contract="Namespace.IContract" name="BasicHttpBinding_MyService" />
</client>
</system.serviceModel>
I am not sure if it matters, but this client and server are running on the same physical machine in a test environment. I have confirmed that both the client and the server certificates are installed, and that the issuing authority is trusted. The virtual
folder is set in IIS to "Accept" client certificates, and SSL is not required.
Does anyone have any thoughts what I may be missing? This service works without a problem over HTTP, so it has to be somehow related to the certificate that is being passed. With the Server certificate, I just trapped the ServicePointManager.ServerCertificateValidationCallback
event to manually approve the certificate if the subject matched what I was looking for (the subject does not match the domain name, since this is a test environment). Do I need to do something similar for the client certificate?
EDIT: One thing I do notice is that, in the WSDL, the soap location is always pointing to http. I'm not sure if that is correct or not:
<wsdl:service name="MyService">
<wsdl:port name="BasicHttpBinding_MyService" binding="tns:BasicHttpBinding_MyService">
<soap:address location="http://computerName.domain.com/IISHostedService/MyService.svc" />
</wsdl:port>
</wsdl:service>

A little more information (since this is the main thing I have to work on today):
After some research, I decided to try using a custom certificate validator, in case something is wrong with the client certificate. In the clientCertificate\authentication node on the server, I set the certificateValidationMode="Custom" and set customValidationType="MyType.Validator,
MyType". My type is apparently being found (when it is not found I get a "service could not be activated" error), but my Validate() method is never being called.
Now this leads me to believe that it's not a problem with the client certificate, but something else, before it even gets that far.

ISE url-redirect CWA to Gig1

Hello,
say I want to have five ISE 1.3 nodes behind load balancer, I want only only G0 behind LB, and G1 interfaces will be dedicated for certain things. Specifically I want to use G1 interface for Redirected Web Portal access (could be CWA, device registration, NSP, etc). RADIUS auth will happen through LB on G0 of some specific PSN, and that PSN will url-redirect user to the CWA URL.
How do I tell ISE to use specifically Gig1's IP address or Gig2's IP address? When I check result authorization profile, there is no option there, it's just ip:port. Obviously, that's not the right place, because which PSN is used to processed the policy is unpredictable.
So then I go to guest portal, and specifically Self-Registered Guest Portal that I'm using. So here I see Gig0, Gig1, Gig2, and Gig3 listed. My guess is that if I only leave Gig1 selected then I will achieve my goal, is that correct?
But then, why does it let me choose multiple interfaces, what happens if I select all of them?
Am I missing another spot in ISE admin where I can control this?
Additional question. I know that in ISE 1.2 you could configure "ip host" in ISE's CLI, which would force URL-redirect response to be translated to FQDN:port. Is that still the right method in ISE 1.3?
Thanks!

Take a look at the following document:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/installation_guide/b_ise_InstallationGuide13.pdf
Towards the end of the document you will find a section called: "Cisco ISE Infrastructure" and there you will see the following:
• Cisco ISE management is restricted to Gigabit Ethernet 0.
• RADIUS listens on all network interface cards (NICs).
• All NICs can be configured with IP addresses.
So, you can take an interface, give it an IP address and then assign it to the web portal that you are working with.
I hope this helps!
Thank you for rating helpful posts!

SSRS Report Server Could not establish connection. The underlying connection was closed. Could not establish trust relationship for the SSL/TLS Secure channel

Hi
Had to un-install and then re-install MS SQL Server 2012 with SSRS.
After we re-installed we are able to get to the Web Services page but not the Report Server page and get the above error message. We need to use SSL and when we bind the cert in RS Configuration Manager it says it does this successfully on the WebServices
tab. We also do a similar exercise on the ReportServer page.
Any help warmly welcomed :D
Thanks

Hi Rich Whight,
According to your description, after you re-installed SQL Server 2012 with SSRS, you are able to access Web Service URL, but when you tried to access Report Manager URL, the error occurred: The underlying connection was closed. Could not establish trust
relationship for the SSL/TLS Secure channel.
The issue may be caused when the certificate isn't installed correctly in the trusted root for the local computer. To verify and install the certificate, Please refer to the steps blow:
In RsReportServer.config file(default location: C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer), change the “SecureConnectionLevel” element value from 0 to 3.
Add correct value to <UrlRoot> element.
Add the same value to the <ReportServerUrl> element as step2.
Go to Microsoft management Console, add the certificate which you use to access the report server under “Trusted Root Certification Authorities”.
For more information about SSL configuration and Managing Trusted Root Certificates, please refer to the following documents:
http://blogs.msdn.com/b/mariae/archive/2007/12/12/ssl-configuration-and-reporting-services.aspx
http://technet.microsoft.com/en-us/library/cc754841.aspx
If you have any more questions, please feel free to ask.
Best Regards,
Wendy Fu

Friendly URL redirection to SSL in security mode 2

Similar Messages

Maybe you are looking for