Generating fault detail; basic auth over SSL

Similar Messages

• IE6 WinXP Java2 and Basic Auth

  This only happens on WinXP (Pro is what I'm using), not WinME, Win2K or Win98/Win98SE.
  When I request a page with an embedded Java applet (with applet tags) that is "protected" with Basic Auth over SSL I first enter the Basic Auth credentials (username/password) in the IE6 dialog and then a second dialog appears, a Java one, to enter the same Basic Auth credentials again.
  On Win2k/WinME/Win9x only once am I required to enter the BA credentials with the IE6 dialog.
  What's up?

  I solved the problem of the double Basic Auth sign-ins accessing a HTTPS/SSL page containing <APPLET> tags by disabling JRE 1.4 and reverting to JRE 1.3.1.
  IMHO, JRE 1.4 is seriously broken WRT SSL/<APPLET>/Basic Auth.

• Forms based authentication + Basic authentication = no way to use the basic auth!!!!

  Hi,
  I setup a test sharepoint site, claims mode, with both the forms and basic authentication  enabled.
  I expect to see the page asking me which authentication method I want to use, but I never see this page!!!
  I have to select the windows authentication (NTLM or Kerberos) to see this page!
  why using only the Basic authentication did not prompt the user?
  and how to be authenticated using the basic authentication rather than the forms auth when both are enable for the same site?
  >I do NOT want to extend my site to have 2 zones... my question is ONLY with 1 zone configured.

  What is the business purpose for using Basic Auth over NTLM/Kerberos?
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• BizTalk WCF service over SSL -WSDL is not working

  we are exposed BizTalk Schema as Service and deployed in both IIS servers.BTW IIS cluster working as a loadbalancer.
  First Question:
  The service is exposed over SSL and shared URL like https://DNSName/abc.svc.When they browse the URL with WSDL nothing is getting (i.e.https://DNSName/abc.svc?wsdl).
  Please help me why WSDL is not generating
  Second Question:
  Exposing service over SSL and in web.config making httpgetenabled=true and endpoint name="HttpMexEndpoint enabled.
  Then when we browse URL(i.e.https://DNSName/abc.svc) it displaying like http://ipadress/abc.service?wsdl.
  So when we click on http://ipadress/abc.service?wsdl ,the wsdl is generated.
  Why when we try http://DNSName/abc.service?wsdl ,wsdl not generated.
  Instead of  displaying IPAddress to end user, we want to display DNSName.how to do it?
  Regards BizTalkWorship

  Hi,
  For the problem of SVC file changing to WSDL when you bowse, this normally happens when "httpsHelpPageEnabled" property (in case of HTTPS as your case otherwise httpHelpPageEnabled) of you service is set to "false"
  in service's web.config file. When the help page option is set to "false" in the service's web.config file, this happens. Change it to  "true"
  <serviceDebug httpHelpPageEnabled="true"
  Regards,
  M.R.Ashwin Prabhu
  If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

• How to set up iPhone 5 iOS 6 email with IMAP over SSL on a custom port?

  Basically I have the same problem as this guy 5 years ago but the thread contained no useful answer. Maybe there are people out there who became smarter in the meantime? Please help me out how to get my iPhone read emails via IMAP over SSL on a custom port to the corporate server. The issue is that the iPhone only seems to work if you use the standard 993 port for IMAPS, not with a custom port as we have. I've installed the corporate root certificate in a profile, and it shows up as trusted and verified in the phone, so that should not be the issue. The mail app in the iPhone tries to connect, I can verify that from the server, but then does nothing, doesn't try to authenticate, doesn't log out, nothing is going on, and then drops the connection after 60 seconds. Repeats this every 5 minutes (as set to fetch e-mail every 5 minutes.)
  Original thread 5 years ago: https://discussions.apple.com/message/8104869#8104869

  Solved it by some (a lot) of fiddling.
  Turns out it's not a bug in the iPhone, it's a feature.
  Here's how to make it work.
  DOVECOT
  If the IMAPS port is anything other than 933 (the traditional IMAPS port) the iPhone's Mail App takes the "Use SSL" setting on the IMAP server as 'TLS', meaning it starts the communication in plain text and then issues (tries to issue) the STARTTLS command to switch the connection to encrypted. If, however, Dovecot is set up to start right away in encrypted mode, the two cannot talk to each other. For whatever reason neither the server nor the client realizes the connection is broken and only a timeout ends their misery.
  More explanation about SSL/TLS in the Dovecot wiki: http://wiki2.dovecot.org/SSL
  So to make this work, you have to set Dovecot the following way. (Fyi, I run Dovecot 2.0.19, versions 1.* have a somewhat different config parameters list.)
  1. In the /etc/dovecot/conf.d/10-master.conf file make sure you specify the inet_listener imap and disable (set its port to 0) for imaps like this:
  service imap-login {
    inet_listener imap {
      port = --your port # here--
    inet_listener imaps {
      port = 0
      ssl = yes
  This of course enables unencrypted imap for all hackers of the universe so you quickly need to also do the things below.
  2. In the /etc/dovecot/conf.d/10-ssl.conf file, make sure you set (uncomment) the following:
  ssl = required
  This sets Dovecot to only serve content to the client after a STARTTLS command was issued and the connection is already encrypted.
  3. In /etc/dovecot/conf.d/10-auth.conf set
  disable_plaintext_auth = yes
  This prevents plain text password authentication before encryption (TLS) is turned on. If you have also set ssl=required as per step 2, that will prevent all other kinds of authentications too on an unencrypted connection.
  When debugging this, please note that if you connect from localhost (the same machine the server runs on) disable_plaintext_auth=yes has no effect, as localhost is considered secure. You have to connect from a remote machine to make sure plain text authentication is disabled.
  Don't forget service dovecot restart.
  To test if your setup works as it's supposed to, issue the following (green) from a remote machine (not localhost) (I'm using Ubuntu, but telnet and openssl is available for almost all platforms) and make sure Dovecot responds with something like below (purple):
  telnet your.host.name.here yourimapsportnumber
  * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready.
  Most importantly, make sure you see 'STARTTLS' and 'LOGINDISABLED'. Then issue STARTTLS and hopefully you see something like this:
  a STARTTLS
  a OK Begin TLS negotiation now.
  (The 'a' in front of STARTTLS is not a typo, a prefix is required by the IMAP server in front of all commands.)
  Close the telnet (with 'a logout' or Ctrl+C) and you can use openssl to further investigate as you would otherwise; at the end of a lot of output including the certificate chain you should see a line similar to the one below:
  openssl s_client -starttls imap -connect your.domain.name.here:yourimapsportnumber
  . OK Pre-login capabilities listed, post-login capabilities have more.
  You can then use the capability command to look for what authentication methods are available, if you see AUTH=PLAIN, you can then issue a login command (it's already under an encrypted connection), and if it's successful ("a OK Logged in"), then most likely your iPhone will be able to connect to Dovecot as well.
  a capability
  * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN
  a login username password
  * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS
  a OK Logged in
  POSTFIX
  Likewise, you have to set Postfix to wait for STARTTLS before encrypting the communication.
  1. You have to delete the setting smtpd_tls_wrappermode=yes from /etc/postfix/master.cf and/or /etc/postfix/main.cf, if it was enabled. This will mean Outlook won't be able to connect any more because it requires a TSL connection without issuing STARTTLS as per Postfix documentation (haven't tested.) In my case we don't use Outlook so I didn't care. Outlook + iPhone + custom SMTPS port are simply not possible together at the same time as far as I understand. Pick one to sacrifice.
  2. Require encrypted (TLS) mode for any data transfer in /etc/postfix/main.cf:
  smtpd_tls_security_level = encrypt
  3. Authentication should only happen while already in encrypted (TLS) mode, so set in /etc/postfix/main.cf:
  smtpd_tls_auth_only = yes
  Don't forget postfix reload.
  To test if this works, issue the following telnet and wait for the server's greeting:
  telnet your.host.name.here yoursmtpsportnumber
  220 your.host.name ESMTP Postfix (Ubuntu)
  Then type in the EHLO and make sure the list of options contains STARTTLS and does not include an AUTH line (that would mean unencrypted authentication is available):
  ehlo your.host.name.here
  250-STARTTLS
  Then issue starttls and wait for the server's confirmation:
  starttls
  220 2.0.0 Ready to start TLS
  Once again, it's time to use openssl for further testing, detailed info here http://qmail.jms1.net/test-auth.shtml
  CERTIFICATES
  You also need to be aware that iOS is somewhat particular when it comes to certificates. First of all, you have to make sure to set the following extensions on your root certificate (probably in the [ v3_ca ] section in your /etc/ssl/openssl.cnf, depending on your openssl setup), especially the 'critical' keyword:
  basicConstraints = critical,CA:true
  keyUsage = critical, cRLSign, keyCertSign
  subjectKeyIdentifier=hash
  authorityKeyIdentifier=keyid:always,issuer:always
  And then on the certificate you sign for your mail server, set the following, probably in the [ usr_cert ] section of /etc/ssl/openssl.cnf:
  basicConstraints=CA:FALSE
  keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  subjectKeyIdentifier=hash
  authorityKeyIdentifier=keyid,issuer
  subjectAltName = DNS:your.domain.name.here
  issuerAltName=issuer:copy
  Please note, the above are results of extensive google-ing and trial and error, so maybe you can omit some of the stuff above and it still works. When it started working for me, I stopped experimenting because figuring this all out already took way too much time. The iPhone is horribly undocumented when it comes to details of its peculiar behaviors. If you experiment more and have more accurate information, please feel free to post here as a reply to this message.
  You have to import your root certificate into your iPhone embedded in a profile via the iPhone Configuration Utility (free, but only available in Windows or a Mac; details here: http://nat.guyton.net/2012/01/20/adding-trusted-root-certificate-authorities-to- ios-ipad-iphone/ ), after having first added it to Windows' certificate store as a trusted root certificate. This way the Utility will sign your certificate for the phone and it becomes usable; if you just add it from the phone it will be there but won't be used. Using a profile has the added benefit of being able to configure mail settings in it too, and that saves a lot of time when you have to install, remove, reconfigure, install again, etc. a million times until it works.
  Another undocumented constraint is that the key size is limited to a max of 4096. You can actually install a root certificate with a larger key, the iPhone Configuration Utility will do that for you without a word. The only suspicious thing is that on the confirmation screen shown on your iPhone when you install the profile you don't get the text "Root Certificate/ Installing the certificate will add it to the list of trusted certificates on your iPhone" in addition to your own custom prompt set up in the iPhone Configuration Utility. The missing additional text is your sign of trouble! - but how would know that before you saw it working once? In any case, if you force the big key certificate on the device, then when you open the Mail App, it opens up and then crashes immediately. Again, without a word. Supposedly Apple implemented this limit on the request of the US Government, read more here if you're interested: http://blogs.microsoft.co.il/blogs/kamtec1/archive/2012/10/13/limitation-of-appl e-devices-iphone-ipad-etc-on-rsa-key-size-bit.aspx .
  IN CLOSING...
  With all this, you can read and send email from your iPhone.
  Don't forget to set all your other clients (Thunderbird, Claws, etc.) to also use STARTTLS instead of SSL, otherwise they won't be able to connect after the changes above.

• Web service client behind a proxy server connecting to web service over SSL

  Hi Friends,
  A web service is exposed by an external system over SSL. We are behind a proxy server and are trying to get connected to web service over SSL. <p>
  We are getting the following error on the test browser of workshop<p><p>
  External Service Failure: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters.<p><p>
  the whole trace is <p>
  <p>JDIProxy attached
  <Sep 24, 2005 9:27:25 AM EDT> <Warning> <WLW> <000000> <Id=creditCheckCtrl:salesExpertServiceControl; Method=creditcheckcontr
  ol.SalesExpertServiceControl.doCreditVerification(); Failure=com.bea.control.ServiceControlException: SERVICE FAULT:
  Code:javax.net.ssl.SSLHandshakeException
  String:FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters
  Detail:
  END SERVICE FAULT>
  <Sep 24, 2005 9:27:26 AM EDT> <Warning> <WLW> <000000> <Id=creditCheckCtrl; Method=creditcheckcontrol.CreditCheck.testCreditC
  heck(); Failure=com.bea.control.ServiceControlException: SERVICE FAULT:
  Code:javax.net.ssl.SSLHandshakeException
  String:FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters
  Detail:
  END SERVICE FAULT [ServiceException]>
  <Sep 24, 2005 9:27:26 AM EDT> <Warning> <WLW> <000000> <Id=top-level; Method=processes.CreditCheck_wf.$__clientRequest(); Fai
  lure=com.bea.wli.bpm.runtime.UnhandledProcessException: Unhandled process exception [ServiceException]>
  <Sep 24, 2005 9:27:26 AM EDT> <Error> <WLW> <000000> <Failure=com.bea.wli.bpm.runtime.UnhandledProcessException: Unhandled pr
  ocess exception [ServiceException]><p>
  I am not able to make out what could be possibly wrong. Please let me know if you guys have any ideas about how to resolve it.
  Thanks
  Sridhar

  did you resolve this problem. I am looking at the same issue. If you did I would really appreciate your response.
  Thanks.

• LC + ActiveDirectory + LDAP over SSL = doesn't work

  Hi,
  I installed Active Directory Certificate Services. Now I want setup LDAP over SSL. Unfortunatelly it doesn't work. I pressed "Test" and always get "Invalid username or invalid password" (
  German: "Ungültiger Benutzername oder ungültiges Kennwort"). I'm pretty sure username and password are fine (it worked before I installed Active Directory Certificate Services and used LDAP without SSL).
  On server.log, I got this:
  2011-11-12 00:51:28,202 INFO  [com.adobe.idp.um.businesslogic.synch.LdapHelper] Following stacktrace is generated due to the Test LDAP Server Configuration action
  javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
          at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
          at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
          at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
          at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
          at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
          at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
          at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
          at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
          at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
          at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
          at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
          at javax.naming.InitialContext.init(InitialContext.java:223)
          at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
          at com.adobe.idp.um.businesslogic.synch.LdapHelper.createContext(LdapHelper.java:663)
          at com.adobe.idp.um.businesslogic.synch.LdapHelper.testServerConfig(LdapHelper.java:682)
          at com.adobe.idp.um.ui.config.ConfigDirectoryEditAction.testServerSettings_onClick(ConfigDirectoryEditAction.java:215)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at com.cc.framework.adapter.struts.ActionUtil.handleFormAction(Unknown Source)
          at com.cc.framework.adapter.struts.FWAction.handleFormAction(Unknown Source)
          at com.cc.framework.adapter.struts.ActionUtil.execute(Unknown Source)
          at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
          at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
          at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
          at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
          at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
          at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:173)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at com.adobe.idp.um.auth.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:154)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:91)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at com.adobe.idp.um.auth.filter.CSRFFilter.doFilter(CSRFFilter.java:41)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
          at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
          at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:543)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
          at java.lang.Thread.run(Thread.java:619)
  Do you have some Idea?
  cu Floh

  I have not done it for Netscape yet but I have done it for Novell and JNDI.. Here is the settings for Novell
  // Dynamically set JSSE as a security provider
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  // Dynamically set the property that JSSE uses to identify
  // the keystore that holds trusted root certificates
  System.setProperty("javax.net.ssl.trustStore", m_connectionData.getLocal("KeyStore").toString());
  ssf = new LDAPJSSESecureSocketFactory();
  // Set the socket factory as the default for all future connections
  LDAPConnection.setSocketFactory(ssf);

• FTP over SSL connectivity in File Adapter

  Hi All,
    I request your suggestion on my problem.  I have a scenario idoc to file where I am connecting to my vendor server throught SFTP (Ftp over SSL).  In this my vendor specifically told that to obtain secure FTP connectivity to their server they require a pre-approved Secure FTP client be used to access the service.
  So as per this requirement first our XI server need to coneect to the pre-approved client and the connectivity will happen to the vender server.  He list the pre-approved client as below
  *Cleo Lexicom 2.1
  *TrailBlazer ZMOD FTP Client V3R1 PTF Level PFT3100034
  *QualEDI for Windows, 32-bit version
  *Ascential DataStage TX, Release 7.5
  *Future 3 - Advanced Communication Module Plus (ACM Plus)
  *eBridge FTPS Communicator for GXS version 5.3
  *Ipswitch Inc's WS_FTP Professional version 8.02.
  ·Robo-FTP version 3.2
  Please let me know will this be possible from our file adapter.  Currently as per this requirement we open up the port of XI server for SFTP connecvity but through this we can have host to host connection over SFTP and not sure whether we can connect to client software and from their to vendor sever.
  Kindly needful your suggestion/solution on this.
  Regards,
  Dhill

  Hi,
    Thank you,  Yes I have used FTPS only please find the below details given in the communication channel.
  <b>FTP Connection Parameters</b>
  Server: ServerName
  Port : 6366 (specified by vendor)
  Data connection : Passive
  Timeout(secs) : 65
  Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection
  Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
  Keystore: service_ssl
  X-509 Certificate and Private Key: ssl-credentials
  User Name : Vendor user name
  Password: Vendor given password
  Connect Mode: Permanantly
  Transfer Mode: Text
  Maximum Concurrency: 1
  and also as per he list given by vendeor we can use *Ipswitch Inc's WS_FTP Professional version 8.02.
  <b>Note:</b> We have Deploying the SAP Java Cryptographic Toolkit and also CA certificate used to sign the server certificate added to the TrustedCAs keystore view.
  So If possible i request you to kindly provide the details how we need to specify the client software between our XI server and Vender server as you mentioned in your solution.
  Please let me know your mail id, i will forward the screenshot of my communication channel.
  Kindly appreciate your help on this.
  Regards,
  Dhill.

• Ldapbind failed over SSL  (U2 – "one way", "U3-two way") from Oracle DB to

  Hi
  I am facing the below error when I try ldapbind (database server to OID) over SSL (U2 – “one way”, “U3-two way”)
  *** ACTION NAME:() 2010-09-29 07:09:46.691
  *** MODULE NAME:(sqlplus@alddbux01 (TNS V1-V3)) 2010-09-29 07:09:46.691
  *** SERVICE NAME:(SYS$USERS) 2010-09-29 07:09:46.691
  *** SESSION ID:(121.274) 2010-09-29 07:09:46.691
  kzld_discover received ldaptype: OID
  KZLD_ERR: DB-OID SSL auth failed. Err=0
  KZLD is doing LDAP unbind
  KZLD_ERR: found err from kzldini
  Environment details:
  OID Server:
  OS: Enterprise Linux Enterprise Linux AS release 5.3
  Hostname : aldidmux02
  Oracle Internet Directory 11.1.1.2.0
  Realm in this OID is “dc=mycmsc,dc=com”
  Oracle Database Server:
  OS: Sun Solrais 5.10
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
  Hostname: alddbux01
  Key points:
  1.     As per metalink notes 466662.1, I am trying to setup EUS between DB - OID.
  First difference I see here is OID version (10.1.4.0.1) in notes & using OID 11g (11.1.1.2.0) in my environment for testing.
  a)     Are these steps applicable for OID11g(11.1.1.2.0) version?
  b)     If not please provide me the references for achieving ldap authentication from Oracle database server with OID 11g as ldap user repository.
  c)     As per task1 > step3 For the first time oidctl command is used to connect & start the instance before starting services using opmnctl. What is the procedure to do the same in OID11g?
  2.     Wallet certificates in my environment OID & Database server status shows “Ready”

  Is it possible to get an answer on this one from someone who knows?
  "Leif Kristian Vadseth" <[email protected]> wrote in
  message news:[email protected]..
  In WLS 6.0 I was able to configue the server SSL protocol so that when
  accessing the server (web application) from a web browser over https, the
  browser showed a list of matching installed client certificates that the
  client can choose, but the client could choose not to present his/hers
  certificate and still continue to access the requested resources.
  In WLS 6.1 I have not been able to repeat this behaviour, even if the SSL
  configuration is exactly the same.
  The project I work in wants to have both one-way SSL (using only username
  and password for authentication) and two-way SSL (using both
  username/password and certificate for authentication) in the same server.
  Is it possible to configure the server the way I want or do we have to
  configue two servers; one that does not require mutual authentication, and
  one that requires this?
  Leif Kristian Vadseth

• BPEL to invoke a webservice secured by BASIC auth

  Hi
  I have been trying to write a simple BPEL process to invoke a remote webservice secured by basic authentication. I was able to build the BPEL process and then the composite application that I deployed successfully to glassfish, all within NetBeans IDE. As per the wiki notes: http://wiki.open-esb.java.net/Wiki.jsp?page=HTTPBasicAuthentication, I also added the Policy element to the wsdl for the service that I am trying to invoke as follows:
  <wsdl:service name="PMSDatabase">
          <wsdl:port name="PMSDatabaseSOAP11port_http" binding="ns2:PMSDatabaseSOAP11Binding">
              <soap:address location="http://namadgi:9999/MessageCentre/services/PMSDatabase"/>
          </wsdl:port>
          <wsdl:port name="PMSDatabaseSOAP12port_http" binding="ns2:PMSDatabaseSOAP12Binding">
              <soap12:address location="http://namadgi:9999/MessageCentre/services/PMSDatabase"/>
          </wsdl:port>
          <wsdl:port name="PMSDatabaseHttpport" binding="ns2:PMSDatabaseHttpBinding">
              <http:address location="http://namadgi:9999/MessageCentre/services/PMSDatabase"/>
              <wsp:PolicyReference URI="#HttpBasicAuthBindingBindingPolicy"/>
          </wsdl:port>
      </wsdl:service>
      <wsp:Policy wsu:Id="HttpBasicAuthBindingBindingRealmPolicy">
          <mysp:MustSupportBasicAuthentication on="true">
              <mysp:BasicAuthenticationDetail>
                 <mysp:WssTokenCompare/>
              </mysp:BasicAuthenticationDetail>
          </mysp:MustSupportBasicAuthentication>
          <mysp:UsernameToken mysp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
             <wsp:Policy>
                  <sp:WssUsernameToken10>mcs_user</sp:WssUsernameToken10>
                  <sp:WssPassword>${pass_token}</sp:WssPassword>
             </wsp:Policy>
        </mysp:UsernameToken>
      </wsp:Policy>When i try to run a testcase, the BPEL process fails during the invoke activity and I get the following error in the output:
  <detailText>BPCOR-6135:A fault was not handled in the process scope; Fault Name is {http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/ErrorHandling}systemFault; Fault Data is &lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;&lt;jbi:message xmlns:sxeh=&quot;http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/ErrorHandling&quot; type=&quot;sxeh:faultMessage&quot; version=&quot;1.0&quot; xmlns:jbi=&quot;http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper&quot;&gt;&lt;jbi:part&gt;HTTPBC-E00753: HTTP POST request failed, portType {http://service.messagecentre.dha.gov.au}PMSDatabaseHttpport
      URL: http://namadgi:9999/MessageCentre/services/PMSDatabase/deletePMSVoidPeriod
      QUERY:
      PATH_INFO:
      Exception detail: request requires HTTP authentication: User mcs_user not found in directory.&lt;/jbi:part&gt;&lt;/jbi:message&gt;. Sending errors for the pending requests in the process scope before terminating the process instance
     Caused by: BPCOR-6131:An Error status was received while doing an invoke (partnerLink=PartnerLink1, portType={http://service.messagecentre.dha.gov.au}PMSDatabasePortType, operation=deletePMSVoidPeriod)
  BPCOR-6129:Line Number is 48
  BPCOR-6130:Activity Name is Invoke1
     Caused by: HTTPBC-E00753: HTTP POST request failed, portType {http://service.messagecentre.dha.gov.au}PMSDatabaseHttpport
      URL: http://namadgi:9999/MessageCentre/services/PMSDatabase/deletePMSVoidPeriod
      QUERY:
      PATH_INFO:
      Exception detail: request requires HTTP authentication: User mcs_user not found in directory.
     Caused by: request requires HTTP authentication: User mcs_user not found in directory.</detailText>Where else do i need to configure the BASIC auth details to get this to work?

  Please post your request to [email protected] for quick response.
  Error states "mcs_user" is invalid user. Please make sure that the user is valid.

• Web Service over SSL hangs if sent data size exceeds around 12Kb

  Hi,
  I have a Web Service running on a WebLogic Server 10.3. One of its purposes is to send and receive documents over a one-way SSL connection. The service runs fine if the documents are smaller than around 12Kb, however if its larger than that, the service simply hangs. From SSL debug information it looks like some data is sent but afterwards it simply stops. When testing the Web Service without SSL it works fine, which points to an SSL issue. Also, surprisingly, when it receives documents over the SSL, it also works fine. I assumed there is a parameter that limits the size of the POST message sent over SSL, however all the parameters that I found, that could do that, were already set to unlimited.

  We ended up resolving this issue. It turned out to be something really simple. The client that was sending the soap traffic did not have the proper SSL certificate installed on the server that was generating the soap traffic.

• Web Service over SSL failing in BEA Workshop

  I have deployed a web service on weblogic 9.2
  I have enabled one-way ssl on it. got a trial ssl certificate from verisign. installed them on the keystore/truststore on the server as well as the jre (cacerts and jssecacerts truststores) being used by the client. the client is on different machine than the server.
  i have developed the service through 'bea weblogic workshop 9.2' now when i try to test the service through the 'web services explorer' within bea weblogic workshop i receive the following error:
  IWAB0135E An unexpected error has occurred.
  IOException
  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  on server:
  <Jul 13, 2009 6:45:44 PM EDT> <Warning> <Security> <BEA-090485> <CERTIFICATE_UNKNOWN alert was received from yunus.l1id.local - 10.10.2.72. The peer has an unspecified issue with the certificate. SSL debug tracing should be enabled on the peer to determine what the issue is.>
  if i try to access the web service (over ssl) through the browser (ie/firefox), it works fine. i have generated a proxy class to access this web service through the same bea workshop and that works fine too. certificates are identified and all. i also created a small .net (c#) application that calls this secure web service over ssl from another machine and it works fine too!
  of course non-secure url for the web service is working fine in every case.
  what can be the reason for this failing only in 'web services explorer' in bea workshop?
  cross posted at: http://www.coderanch.com/t/453879/Web-Services/java/Web-Service-over-SSL-failing
  thanks.

  Hello,
  I used this example, when I made my experiments with SSL and Glassfish (GF):
  http://java.sun.com/developer/EJTechTips/2006/tt0527.html#1
  If you have problems with GF I suggest to post a message here:
  http://forums.java.net/jive/forum.jspa?forumID=56
  e.g. here is one thread:
  http://forums.java.net/jive/thread.jspa?threadID=59993&tstart=0
  Miro.

• How to get JSP to forward a request over SSL?

  I'm new to JSP and servlets, although I've been working with Java for a long time. I'm trying to write a simple user registration and login system to teach myself JSP. I would like to set things up so that the user is able to login securely over https. I'm not sure how to do that, though. There seems to be no place in the relative URLs to indicate that you should be forwarding a request over SSL. I've got sample login page below - would anyone know how to modify it so that it happens securely?
  Also, do I need to install a certificate on my web server?
  index.jsp
  <html>
      <body>
          <h1>Index</h1>
          <a href="login.jsp">Login</a>
      </body>
  </html>login.jsp
  <%@page contentType="text/html" pageEncoding="UTF-8"%>
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
     "http://www.w3.org/TR/html4/loose.dtd">
  <html>
      <body>
          <h1>Login</h1>
          <jsp:useBean id="userLogin"
                       class="com.kitfox.webrpg.UserLogin"/>
          <jsp:setProperty name="userLogin"
                           property="*"/>
          <%if (userLogin.isValid()) {%>
          <jsp:useBean id="userId"
                       class="com.kitfox.webrpg.UserIdent"
                       scope="session"/>
          <jsp:setProperty name="userId" property="*"/>
          <jsp:forward page="index.jsp"/>
          <%} else {%>
          <form action="login.jsp" method="post">
              <fieldset>
                  <legend>Enter login information</legend>
                  <label for="login">Login</label>
                  <input type="text" name="login" value="${userLogin.login}"/> <br/>
                  <label for="password">Password</label>
                  <input type="password" name="password"/> <br/>
                  <input type="submit" value="submit">
              </fieldset>
          </form>
          <%}%>
      </body>
  </html>

  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Secure Login</web-resource-name>
  <url-pattern>/login.jsp</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  This code is used basically for different authentication type . Forward to any jsp under any layer works with <jsp:forward> or else try with request.getRequestDispatcher(" url (can be absolute or accurate path)").forward(request,response);
  Edited by: user8483670 on Mar 13, 2011 9:46 PM

• How do i change my email id to be synced with i cloud.i basically changed over from yahoo to gmail after i created my apple id?

  how do i change my email id to be synced with i cloud.i basically changed over from yahoo to gmail after i created my apple id?

  In order to change your Apple ID or password for your iCloud account on your iOS device, you need to delete the account from your iOS device first, then add it back using your updated details. (Settings > iCloud, scroll down and hit "Delete Account")
  Providing you are simply updating your existing details and not changing to another account, when you delete your account, all the data that is synced with iCloud will also be deleted from the device (but not from iCloud), but will be synced back to your device when you login again.
  In order to change your Apple ID or password for your iCloud account on your computer, you need to sign out of the account from your computer first, then sign back in using your updated details. (System Preferences > iCloud, click the sign out button)
  In order to change your Apple ID or password for your iTunes account on your iOS device, you need to sign out from your iOS device first, then sign back in using your updated details. (Settings > iTunes & App store, scroll down and tap your ID)
  If you are using iMessages or FaceTime, you will also need to log out and into your ID there too.

• FTP/File Sender Adapter over SSL - 500 Illegal PORT command.

  Hello Experts!
  I'm trying to configure FTP Sender Adapter over SSL. This is the configuration I'm using:
  Server: server01
  Port: 21
  Data Connection: Active
  Timeout: 100
  Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection
  Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
  I have imported ftp server certificate into TrustedCAs key store. When the sender adapter tries to connect it receives the error 500 Illegal PORT command when getting files list.
  This is an excerpt of the logs of connection steps:
  #Plain##ftp server returns reply '220 Restricted Access. All Actions are monitored.'#
  #Plain##Detected 'AUTH TLS' command: Preparing TLS/SSL connection upgrade#
  #Plain##'AUTH TLS' successful: Upgrading control channel to TLS/SSL#
  #Plain##ftp server returns reply '234 Proceed with negotiation.'#
  #Plain##ftp server returns reply '331 Please specify the password.'#
  #Plain##ftp server returns reply '230 Login successful.'#
  #Plain##ftp server returns reply '200 PBSZ set to 0.'#
  #Plain##ftp server returns reply '200 PROT now Private.'#
  #Plain##ftp server returns reply '215 UNIX Type: L8'#
  #Plain##ftp server returns reply '200 Switching to ASCII mode.'#
  #Plain##ftp server returns reply '250 Directory successfully changed.'#
  #Plain##ftp server returns reply '500 Illegal PORT command.'#
  Does anybody know how to solve it?
  Thank you in advance!
  Roger Allué i Vall

  Ok! This is the maximum i could obtain:
  Fri Dec 11 15:28:12 2009 [pid 15206] FTP response: Client "10.58.42.108", "220 Restricted Access. All Actions are monitored."
  Fri Dec 11 15:28:12 2009 [pid 15206] FTP command: Client "10.58.42.108", "AUTH TLS"
  Fri Dec 11 15:28:12 2009 [pid 15206] FTP response: Client "10.58.42.108", "234 Proceed with negotiation."
  Fri Dec 11 15:28:12 2009 [pid 15206] FTP command: Client "10.58.42.108", "USER iubsint"
  Fri Dec 11 15:28:12 2009 [pid 15206] [iubsint] FTP response: Client "10.58.42.108", "331 Please specify the password."
  Fri Dec 11 15:28:12 2009 [pid 15206] [iubsint] FTP command: Client "10.58.42.108", "PASS <password>"
  Fri Dec 11 15:28:12 2009 [pid 15205] [iubsint] OK LOGIN: Client "10.58.42.108"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "230 Login successful."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PBSZ 0"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 PBSZ set to 0."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PROT P"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 PROT now Private."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "SYST"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "215 UNIX Type: L8"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "TYPE I"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 Switching to Binary mode."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "CWD /interfaces"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "250 Directory successfully changed."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,45,108,159,112"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "500 Illegal PORT command."
  I think we found the problem though. FTP Administrator says this is wrong:
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,45,108,159,112"
  it should be
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,42,108,159,112"
  Something is making SAP PI to take a wrong ip address (This server has two).
  I'll let you know if we solve it!!
  Thank you!!!