How to invalidate the client part of a HTTPS Session with client auth
Hi to everybody here,
I'm having an issue with HTTPS and client authentication related with how SSLHandshake works and the behavior of the client browser. I hope you can help.
I'm setting up a web application that ask for a valid session in order to allow access to the application. If the user has no valid session, he's redirected to the login form, and if the auth process is ok, the user gets a session and is redirected again to the secured pages.
We are in the way to create a new login service with client certificates, so the user identificates himself with a certificate valid on the application server.
We have an application server with a secure listener in port 8443. It's configured to request client certificates so we can access to the certificate and validate it and create a session for the user automatically. The user just type his pin code in the browser, no passwords at all. This process is working and sessions are created. The problem comes up when we are trying to log the user out.
We invalidate the session using a logout.jsp, but if the user goes to the secured pages again, we have observed that the authentication takes place automatically and the user can see the secured pages, so he thinks the logout.jsp doesn't work.
My questions are: can we access to delete or modify the client browser ssl part in order to reset the https connection established against our application server? Are there any other ways to avoid this behavior?
Thanks in advance.
Miss.
An enduser presents a certificate from a CAC for authentication to our website.
They pick the Cert off the inserted CAC and submit it. Get logged into the application successfully.
The user removes the card form the reader and the SSO session times out.
In the same browser the user clicks log in with CAC and is not prompted for the cert this time the browser just goes ahead and presents the cached cert even though the card is no longer in the reader. The user logs in successfully.
The desired behavior would be to prompt the user for for a cert again obviously.
I am wondering how to turn this off as well.
Similar Messages
-
How to modify the coding part of KE30 reports ?
How to modify the coding part of KE30 reports ,
so that I can be able to restrict report output based on sales office.
I am unable to find out the program name also.
Regards
Anubhav>
Venkat Reddy wrote:
> Hi,
>
> If u want to know the program running for KE30 just go to SE93 and give KE30
> and click on display you can see the program running for KE30 will be SAPMKCEE.
> I think this is much simpler :-).
>
> Rather than change the standard report try to prepared your own that will be more
> comfortable since it will be complex task to achieve editing the standard program.
> Good Luck
>
> Regards
> VEnk@
>
> Edited by: Venkat Reddy on Dec 11, 2009 4:52 PM
Venkat,your answer is much simpler If the OP knows there is a tcode Se93, what if he/she does not know it??
P.S: Just a thought.
Regards.
Vishwa. -
How to setup the client application for the RMI?
Question:
I write a short program of RMI It contain server and client
if server and client are run on localhost they are running ok
but run client application on remote machine it occure issuses.
How to setup the client on remote machine?hello Dhanraj K, for gmail accounts there shouldn't be much manual configuration required. please try to set it up like described in [[Add an email account to the Mail app in Firefox OS]]
-
How to start the IR part in XI
Hi All,
How to Start the Design part in XI while Converting the PDF file into Text file using Module Processor?
Pls let me know.......
Regards,
Govindu.Govind,
If you want some changes to be done to the file like mapping etc then you need to have the IR setting done too.
But if you are going to use XI as an FTP service you need no configuration on the IR except creating the Datatype , message type and message Interfaces .
Take a look at this blog,
<a href="/people/shabarish.vijayakumar/blog/2006/04/03/xi-in-the-role-of-a-ftp">XI in the role of FTP</a>
Regards,
Bhavesh -
Hello , FMS is how to prevent the client into a large number of bytes?
Hello , FMS how to prevent the client to pass a large number of bytes , such as one person put a 1G file in the argument , I also silly to receive ?Although there Client.setBandwidthLimit ( ) limit his maximum traffic per second , but is there a way , one more than the maximum amount of bytes to disconnect his.I assume that methods to determine the length is also obtained all of his transfer is finished , in order to determine out of it .
How to limit the size of the parameters of the method.I wrote a method in the main.asc then the client NetConnection.call assignment, but if the client is malicious to upload very large data, how to limit it, I view the document did not find the clues, I hope that those parameters up to100KB.
-
How to reconstruct the missing parts list (co24)
Dear All
How to reconstruct the missing parts list (co24).by using report PPCOXPR1.?
Rgds
Pankaj AgarwalHi Pankaj,
You need to run the program "PPCOXPR1" using SE38. This program will create missing part index in RESB table.
Hope this helps you, Reward your points.
Regards,
Prasobh -
I have two companies sending me indesign documents. One opens up and the dictionary is set to English. The other file opens at is in Hebrew, Not sure how to fix the Hebrew part and whether or not the fault lies at my end or at the other end
If only the language is Hebrew, you should correct it in the Paragraph and Character Styles.
But in such a case I would expect more problems.
If you are a creative cloud subscriber you should additionally install the InDesign version, English with Hebrew support:
Go to the preferences of you CC.app. It is found behind the Gear Symbols on the top right.
When the preferences open, go to the Apps section.
Change the App Language to English with Hebrew support.
Now you can install it. It will install on the very same place where your InDesign program is found some additional plugins, which will give you access to Hebrew functionality, like RTL text. Otherwise you will inherit in the document (and where you copy and paste it from such a document into another one). But now you can change or repair problems.
Now repeatstep 1 + 2, but you need not to install your own language again. InDesign will now, when started, run in the language of your OS (when you have it installed in that language) but with more functionality to handle problems with Hebrew documents.
The same steps you would have to do with Arabic or Asian documents. These languages will also add more plugins. But keep it limitted to those language you need. I have installed it that way, because I get sometime documen where the text flows the wrong direction or the numbers come up in Farsi digit, not in Arabic digits. For such purposes I need versions in languages I don’t understand myself. -
How to refresh the client area
i used javax.swing.JPanel and drawed many shapes with paintComponent method. i wonder how to refresh the client area.
ps: i first used paint method to draw shapes, but i found a copy of the menu bar appeared. at last i found paintComponent method works, but when i tried to refresh the client area with repaint, the same scene appears.
could some one help me?
thanks in advance!when i tried to refresh the client area with repaint, the same scene appears. When you invoke repaint() on a component, the paintComponent() method of that component is invoked. So unless your code in that method is different, the image painted will be the same.
-
How to invalidate the IPortalComponent Session
Hi,
I have written one portal component for customizing the session expiry. In this component, based on certain idle time we want to redirect to another customize page saying that session is timed out. Redirection is happening but session is still alive. I want to invalidate the session.
Can somebody tell me that <b>how can I invalidte the IPortalComponent session</b>. I know how to invalidate the http session but that does not solve my problem.
Any suggestion?
Thanks in advance.
ManishHi,
By looking at the code of the IPortalComponentSession one can see that it basically stores all values in the httpsession with a certain prefix. Therefore, shouldn't it be sufficient to invalidate the httpsession ? (if this is not the case could you describe the problem closer)
Note that if there is not component session, the IPortalComponent request creates one the first time it is accessed.
public IPortalComponentSession getComponentSession()
if(mm_componentSession == null)
mm_componentSession = new PortalComponentSession(this);
return mm_componentSession;
Dagfinn -
How to fix the decimal part(round) i.e. fix the size of float.
how to fix the decimal part(round) i.e. fix the size of float.
You can use BigDecimal to round of your number.
float f = 5.678f;
f = new BigDecimal(f).setScale(2, BigDecimal.ROUND_HALF_UP).floatValue();If you just want to display the float with a certain number of decimals, you can use java.text.DecimalFormat
DecimalFormat df = new DecumalFormat("0.00"); // two decimals
float f = 5.678f;
System.out.println(df.format(f)); // should show up as 5.68 -
How to check the sales orders that have been created with an Rebate Agreeme
Dear Experts,
Do you know how to check the sales orders that have been created with an Rebate Agreements?
Thanks!!Hi Hoo Laa,
I have one way but little lengthy.
Rebate condition always appears in the billing document.
So 1st you extract the sales order list from Table VBAK.
once you have the sales order list then you can put your order list in Table VBFA --> Extract the billing document list.
Now put that list in the table VBRK.
In VBRK you will get the "Doc. condition" --> put that doc condition in table KONV with your rebate condition type.
It will show the result.
Later, through VLOOKUP you can identify in which order you have given rebate to your customer.
Already said, Little lengthy
Regards,
MT -
HT204074 how to assess the apps i have on my ipad with my iphone 5s
how to assess the apps i have on my ipad with my iphone 5s
If universal, just re-download them to your phone, or sync them from your iTunes library.
-
What are the steps to setup an HTTP Session replication clustering in oc4j9
what are the steps to setup an HTTP Session replication clustering in oc4j9.0.5
Are you sure you have the correct version number for OC4J? Is this a standalone OC4J instance, if it then the steps involved are different from the full stack. Please check the Higher Availibility guide in the documentation on OTN.
Deepak -
How to invalidate the browser cache?
Hello,
at the [AFP Wiki Site|http://wiki.sdn.sap.com/wiki/display/AFP/SAPPortal-AjaxFramework+Page] I found the document "Ajax Framework Page (AFB) - Features and Benefits", where it says
! There's no need to manually clear the browser cache when it is automatically
invalidated
Browser cache is automatically invalidated when
The SAP NetWeaver Portal is updated with a new Support Package (SP)
Content has changed
User's roles are modified (adding/removing all or parts of roles)
Does anbody know how to force this invalidation on client or server side? I mean, how does the client side cache know that the roles of a user changed?Hi Björn,
you might know this but just to be sure.
Backend side: HTTP > invalidate via visual admin, Navigation cache to be invalidated via system administration role, PCD cache to be invalidated via system administration role
Client side: to force the browser to pull the new content with IE > CtrlF5, FF > CtrlShift+R. The new HTTP content is pulled even if the server HTTP cache stores old content. In case of F5 the old content from the server HTPS cache will be pulled.
See you next week!
Best regards,
Alex -
How to setup the 'Client Licensing Mode' for Windows server?
Hello,
We will install the SBO server:
OS: Windows Server 2003 Standard Edition
SBO Clients: 150
How should we setup the 'Client Licesing Mode' for the windows server?
If we select the mode "Per server,Number of concurrent connections", how to set the connection number?
Thanks in advance.
DonHi..
you can set License to Particular user using License under Administration and Client will automatically fetch License using License Manager on License Server
Regards,
Bhavank
Maybe you are looking for
-
Delivery Quantity change during creation of Delivery Document
Hi Friends, I have a requirement of creating a Partial delivery when not much stock is available. For this I am using a BADI 'LE_SHP_DELIVERY_PROC' method Save_Document_Prepare. I am changing the contents of CT_XLIPS-lfimg in the method and
-
Link between OrderDetail and SBO Sales Order Lines
Hey All, can anyone tell me how I can tell which order detail records are linked to which SBO sales order lines? I know I can find the sales order based on the synch id in the ordermaster table. But I don't see a link between the child orderdetail t
-
How to install photoshop without disk but with serial number
Any ideas on how to install a permission of PS if I've lost the installation disk but do have the serial number?
-
After I disconnect from the cinema display and than a few minutes later open up the macbook without the display connected, things are fine. But re-connecting to the display, all the screens are moved and/or changed in size. Anybody any ideas ?
-
Not all checked songs are syncing to my iPhone (no error messages)
I posted this question a month ago and didn't receive any replies. I'm hoping somebody stumbles upon it with a suggestion. Thanks! My iTunes library shows 1743 songs, but ony 613 songs get synced to my iPhone. I'm using iTunes 8.1.1.10, iPhone 2.2.1,