How to protect URL with OSSO while leaving sub-URL unprotected
Hi,
I have deployed an application to OAS while SSO is enabled and I have the following URL to be protected:
http://host:port/myContext
In the myContext application, there is a servlet that I want to be unprotected:
http://host:port/myContext/myPublic
I tried two ways to achieve this. One is in mod_osso.conf, create a Location entry like:
<Location /myContext/>
require valid-user
AuthType Basic
Order deny, allow
Allow from myPublic
Satisfy any
</Location>
The other way is to create a LocationMatch in mod_osso, like:
<LocationMatch ^/myContext((?!myPublic).)*$>
require valid-user
AuthType Basic
</LocationMatch>
The problems with both of these two methods are they seem to break the HTTP server or show down the whole server. I would like to get help on this:
1. What is the legitimate way to do this: protect a URL while unprotect its sub-page.
2. In order to protect a new URL, besides adding a Location or LocationMatch , is there something else to do? I don't know why the new entries break/slow down the server.
Thanks for any help.
Hi,
Please refer to this message:
Re: How to deal with SSO secured webservices
I tested the described approach and it worked fine for me.
Best regards,
IG
Similar Messages
-
How to do Handshake with tired party(bank) HTTPS URL from SAP PI server
Dear Expert,
I have developed bunch of scenarios, all are synchronous ABAP proxy to HTTP_AAE with bank on PI 7.4(dual stack). Bank web server is HTTPS enabled server. Our ABAP developments are still in progress also we have few issue in connection from ECC to PI.but that is not the focus of discussion here.
we want to do the handshake to check the connectivity with bank on their HTTPS URL from PI. Bank has provided the privet key for SSL from their server and corresponding public key they have maintained on their server. I have imported the private key under NWA -> Certificates -> Key Storage -> TrustedCA->Import Entry->Entry Type->PKCS#12->select the SSL.p12 file->import , also I have selected the option to "Use SSL" in HTTP_AAE receiver communication channel and selected the corresponding entryin "keystore view" and "keystore entry". All these I have done in our DEV system, and we are trying to connect our PI dev to bank Dev server.
Questions
Is there any specific steps to do the handshake with third party HTTPS(bank in my case) server? if not, how can we just test the HTTPS connectivity by using the SSL private installed on our PI server, without running the complete scenarios. Our PI has been installed on UNIX, and "telnet https url 443" is working, as network team has opened the HTTPS port.
We have not enabled the SSL technically on our PI server, and we have not installed any generated certificate from our PI server. Moreover, we have not made our PI url as "https:hostname:port" as we just need to communicate with bank by using their private key. Do you guys think we should enable the SSL? if yes, please explain why.
What is the best practice to test the connection with third party having HTTPS URL? how can I just assure HTTPS communication is working fine, before testing my actual scenarios.
Thanks for helping always.
Regards,
FarhanHi Farhan,
Some part of the blog is applicable for sending HTTPS request to partners/third party (Receiver SOAP Adapter).
If banks certificates are already in trustedCA, then, can you check if it also imported under user PIISuser under Identity management in NWA. If above 2 steps are done then i think your are good to go. But be careful when you install certificate, it should be in proper order.
As you already mentioned, connectivity is already established and you are able to PIng/telnet from pi server, connectivity looks ok.
While sending request, if you are getting 401 unauthorized, below might be the reason -
1. Certificate not installed correctly or some missing steps
2. Partner or TP is not ready to receive it, some certificate issue in there side.
other than 401 means you are ok (As per certificate and Connectivity) - 403 and 500 errors are next stops.
403 - error because of encoding method.
500 - data issue.
Regards
Aashish Sinha -
Using url with username and password in URL class
Hi,
I'm writting an applet in which I use getAppletContext().showDocument with an URL.
The problem is that I'm using URLs with username and password (http://user:[email protected]/page) and it isn't working because the browser is getting the URL http://user/page.
Is this a bug in the URL class? Or in the showDocument method?
Is there any way to make this work?
Thanks for any help,
Pedro Prospero Luis ([email protected])I'm not sure whether this is supported behaviour. I've had this syntax fail to work in the Netscape address bar so I can't recommend it as an approach for authentication.
If you want to authenticate the user before redirecting to the page, though, you could try creating a connection to another page on the same server and sending the authorization information then. Your browser may then be successfully authenticated.
See http://www.javaworld.com/javatips/jw-javatip47.html for information on this.
You might not need to read back the page from the server, just connect to it. Might work. -
How can I set time-out while accessing a url using URL object?
Hi
I'm trying to get the content of a URL using the following code. How can I set timeout
(example, 10 secs), if the webserver takes a while to respond.?
BufferedReader inbuf=null;
URL url=null;
try {
String urlString="http://host-machine/sms/index.jsp";
url = new URL(urlString);
inbuf = new BufferedReader(new InputStreamReader(url.openStream()));
String inputLine;
String LongString="";
while ( (inputLine=inbuf.readLine()) != null)
LongString=LongString+inputLine;
retString=LongString;
inbuf.close();
catch (Exception e) {System.out.println(e)}
Thanks a lot for your kind help
Regards
KandasamyIf you're using Java 5, see this thread (reply 10)
http://forum.java.sun.com/thread.jspa?forumID=31&threadID=576157 -
How to protect password with pdf file in oracle database
hiiii,,,,i have a form in 6i where i am sending pdf file(by running report) to the other clients in the network,,now my requirement is that i want to protect a password with this pdf file whenevr i run new report ,,wat should i do..
plz help
lovely sethi[email protected] wrote:
hiiii,,,,i have a form in 6i where i am sending pdf file(by running report) to the
other clients in the network,,now my requirement is that i want to protect a
password with this pdf file whenevr i run new report ,,wat should i do..Why not just rely on OS security withing the server? If you email it to a
particular individual, then it's protected as far as you trust that individual
anyway!
Those who are in the dba group on the server can get at the data
in any case.
I just don't see the point in trying to do what you're asking - unless
I've missed something?
BTW, you haven't mentioned OS or db version (see .sig).
Paul...
lovely sethi--
When asking database related questions, please give other posters
some clues, like OS (with version), version of Oracle being used and DDL.
Other trivia such as CPU, RAM + Disk configuration might also be useful.
The exact text and/or number of error messages is useful (!= "it didn't work!"). Thanks.
Furthermore, as a courtesy to those who spend time analysing and attempting to help,
please do not top post and do try to trim your replies! -
I have 2 macbooks (mine & my wife's). I just loaded osx Lion on my macbook. We have 2 iphones. Both 3G. I have two separate mobile me accounts that are working fine. What is the best way for me to deal with icloud as long as we have two 3G iPhones?
This is a user forum I feel you need to deal with Adobe customer services or support chat did not work in you case.
-
How to config ErrorDistnation with WSLT while offline
I am trying to create a brand new domain for deployment by running a WSLT script in the offline mode.
Below is a snippet of the script
# Individual DLQ cd("/JMSSystemResources/EmailServiceModule/JmsResource/NO_NAME_0")
emailDLQ = create('EmailJMSServer@EmailDLQ','Queue') emailDLQ.setJNDIName('/eh/matchmaker/jms/EmailJMSServer@EmailDLQ') emailDLQ.setSubDeploymentName('EmailQueueSubDeployment')
# Individual queue cd("/JMSSystemResources/EmailServiceModule/JmsResource/NO_NAME_0")
emailQ = create('EmailJMSServer@EmailQueue','Queue') emailQ.setJNDIName('/eh/matchmaker/jms/EmailJMSServer@EmailQueue') emailQ.setSubDeploymentName('EmailQueueSubDeployment') # Set Failure Delivery for queue cd('Queues/EmailJMSServer@EmailQueue') failureParams = create('DeliveryFailureParams','DeliveryFailureParams') failureParams.setRedeliveryLimit(3)
paramsOverrides = create('DeliveryParamsOverrides','DeliveryParamsOverrides')
paramsOverrides.setRedeliveryDelay(900000)
cd('DeliveryFailureParams/NO_NAME_0')
set('ErrorDestination',emailDLQ)
print ls()
Unfortunately, the script generates the following in the JMS config file that fails during AdminServer start up.
<delivery-failure-params>
<error-destination>Proxy for EmailJMSServer1@EmailDLQ: Name=EmailJMSServer1@EmailDLQ, Type=JMSSystemResource!JmsResource!Queue</error-destination>
<redelivery-limit>3</redelivery-limit>
</delivery-failure-params>
The desired value is <error-destination>EmailJMSServer1@EmailDLQ</error-destination>
But set('ErrorDestination','EmailJMSServer1@EmailDLQ') does not work either.
Please help.Hello Lewis,
It is always a good idea to run the Validator tool to verify a deployment.
The PKCS11.cfg file referenced below is an optional configuration file, that needs to be present/configured if-and-only-if HSM access needs to be enabled on the server.
The error you are seeing below is not something to be concerned about unless you plan to enable HSM access on the server. The stack trace is a DEBUG level log message. If you notice, the INFO log message suggests that this is not a critical error. When such an error is encountered with the PKCS11 config file, the server automatically defaults to not using HSM.
Hope that answers your question.
Regards,
Safdar -
VSTO: Word Automation how to Protect Document with Restricted Access
hi all:
As the title, how to achieve this in VSTO?
Could you show some Word API for this requirement?
Really thanks,
Best regards,
Riquel
Please remember to mark the replies as answers if they help and unmark them if they provide no help.Actually I just want to use Automation/VSTO to implement "Restrict permission to content in files". Any idea?
https://support.office.com/en-nz/article/Information-Rights-Management-in-Office-2010-c7a70797-6b1e-493f-acf7-92a39b85e30c?ui=en-US&rs=en-NZ&ad=NZ
Thanks!
Best regards,
Riquel
Please remember to mark the replies as answers if they help and unmark them if they provide no help. -
How to disable a main vi while a sub-vi is running?
I have a vi that calls up two sub-vi's using menu buttons. It is done using a typical state machine setup. When the first sub-vi is running, the main vi is disabled until either the OK or Cancel buttons are selected on the sub-vi. When the second vi is running, the main vi remains sensitive to mouse clicks and jams up the system. How do I set the second vi so that the main vi is disabled until the second vi is closed?
(Apparently the first vi is set up properly with dumb luck.)
I noticed that the first vi has the dark box around the OK button which makes it work off of the enter key without having to use the mouse. The second vi does not. Does this have anything to do with the above problem? If no
t, how is the OK button configured like the first vi?
Property nodes does not seem to be the issue. Property nodes are only used for system initialization in this application.
I am using LabView v6.0, full development.
Thanks,
--- Dave Johnson
--- [email protected]
--- Practical TechnologiesHi,
There is a solution with VI server. See attachement saved for LabVIEW 6.0.
I hope it will be helpful.
Attachments:
call_subvis.zip 24 KB -
Can i backup my new TC while leaving old TC connected for the wifi?
My original TC (500gb) is full so purchased a 2Tb. I want to do initial backup with ethernet while leaving the old TC connected as the wireless device. My router is in another room and I don't want to move my computer into a different room for days.
Ah, details. Sorry for the confusion.
Might be worth the time savings to invest in a long Ethernet cable and run things that way overnight to allow the copies to go at a much faster pace. Backups usually run at about 30-35 GB per hour or more using Ethernet, so you get 300-350 GB copied overnight.
Otherwise, you have no choice but to relocate and reconfigure things. -
How can we handle browser settings while dealing with the security ?
Hi ,
how can we handle browser settings while dealing with the security ?When we configured security in web.xml , during the first request the container is asking for the authentication credentials once they are provided it go's on. but when the user gives a fresh request from the second window within the same browser that time it is not asking for authentication. How can we overcome this.Is there anything to do with server configurations?
How can we make the container no to keep the things or act like session?Ya... I am taking a small example need not happen always but a kind of possibility i am thinking off.
once the user sign out and just left without closing the browser and a friend (suppose not a good friend ... just kidding...) of that user may open the same jsp or file .This time the security is breached. If that feature or property exists....
I know what you might say ... the user will log-out before leaving where a programer might invalidate the session at the time of log out.
Consider the case of a bad Programing or just a programer might forget to invalidate,At that time as a application administrator how can he solve that issue.
Thanks.......
Edited by: user8483670 on Jun 6, 2011 1:08 AM
Edited by: user8483670 on Jun 6, 2011 1:09 AM -
I lost my i pad while in my tour how to protect my content in i pad
i lost my i pad while in my tour how to protect content in i pad
If the iPad was running iOS 7, the thief/finder will not ever be able to use it.
iCloud: Find My iPhone Activation Lock in iOS 7
http://support.apple.com/kb/HT5818http://support.apple.com/kb/HT5818
Apple (and no one else) can not assist (with serial number or iCloud) in finding a lost or stolen iPad.
Report to police along with serial number. Change all your passwords.
These links may be helpful.
How to Track and Report Stolen iPad
http://www.ipadastic.com/tutorials/how-to-track-and-report-stolen-ipadhttp://www.ipadastic.com/tutorials/how-to-track-and-report-stolen-ipad
Reporting a lost or stolen Apple product
http://support.apple.com/kb/ht2526http://support.apple.com/kb/ht2526
What to do if your iOS device is lost or stolen
http://support.apple.com/kb/HT5668http://support.apple.com/kb/HT5668
iCloud: Locate your device on a map
http://support.apple.com/kb/PH2698http://support.apple.com/kb/PH2698
iCloud: Lost Mode - Lock and Trace
http://support.apple.com/kb/PH2700http://support.apple.com/kb/PH2700
iCloud: Remotely Erase your device
http://support.apple.com/kb/PH2701http://support.apple.com/kb/PH2701
Report Stolen iPad Tips and iPad Theft Prevention
http://www.stolen-property.com/report-stolen-ipad.phphttp://www.stolen-property.com/report-stolen-ipad.php
General steps to follow for a Stolen iPad
http://stolen-ipad.com/http://stolen-ipad.com/
How to recover a lost or stolen iPad
http://ipadhelp.com/ipad-help/how-to-recover-a-lost-or-stolen-ipad/http://ipadhelp.com/ipad-help/how-to-recover-a-lost-or-stolen-ipad/
How to Find a Stolen iPad
http://www.ehow.com/how_7586429_stolen-ipad.htmlhttp://www.ehow.com/how_7586429_stolen-ipad.html
What NOT to do if your iPhone or iPad is lost or stolen
http://www.tomahaiku.com/what-not-to-do-if-your-iphone-or-ipad-lost-or-stolen/http://www.tomahaiku.com/what-not-to-do-if-your-iphone-or-ipad-lost-or-stolen/
Apple Product Lost or Stolen
http://sites.google.com/site/appleclubfhs/support/advice-and-articles/lost-or-sthttp://sites.google.com/site/appleclubfhs/support/advice-and-articles/lost-or-st Len
Oops! iForgot My New iPad On the Plane; Now What?
http://online.wsj.com/article/SB10001424052702303459004577362194012634000.htmlhttp://online.wsj.com/article/SB10001424052702303459004577362194012634000.html
If you don't know your lost/stolen iPad's serial number, use the instructions below. The S/N is also on the iPad's box.
How to Find Your iPad Serial Number
http://www.ipadastic.com/tutorials/how-to-find-your-ipad-serial-numberhttp://www.ipadastic.com/tutorials/how-to-find-your-ipad-serial-number
iOS: How to find the serial number, IMEI, MEID, CDN, and ICCID number
http://support.apple.com/kb/HT4061http://support.apple.com/kb/HT4061
Cheers, Tom -
How can I take my iPhone & iPad backups from my iMac at home with me while travelling using my Macbookair (128Gb SSD) with an ext. HD? I want to continue to back up my devices including those of my wife while travelling without using the cloud and not returing home for several weeks.
Any ideas or solutions?
Thanks for your help.You can use any Mac with a recent copy of iTunes to back up an iPhone or iPad. It doesn't have to be the one you usually synch with, so long as you don't let it try to do a synch.
Just take fresh backups on the MBA. As for how to get the backups onto the external drive, I'll have to leave that to others; I've never tried. -
How to allow Teamviewer while blocking Uncategorized URLs
Hello All,
I would like to allow Teamviewer while blocking Uncategorized URLs.
Uncategorized URLs have been giving me some problems since many unwanted webpages leak trough this category, but when I blocked, Teamviewer stop functioning.
I found that Application Visibility can identified Teamviewer successfully but since there is no "Allow" action for this, I dont know how I can get to make it work.
Thanks!Hector
You have a couple of options:
1. Go to the Cisco Iroport support site, and submit it for categorization https://securityhub.cisco.com/web/submited_urls (requries a login). Your box will get it in a few hours.
2. TeamViewer uses a user-agent string of "DynGate"
Create an Access Policy above the one that's currently blocking the uncategorized stuff (Web Security Manager/Access Policies) . At the bottom, there's a section labled in blue called "Advanced". Click Advanced to open it up, and click "None Selected" next to User Agents. In the Custom box enter "(DynGate)" Under URL Filtering, leave everything to Use Global Settings, except Uncategorized URLs. Set that to Monitor.
You could also create an identity using the user agent string, and then create a similar policy using the identity...
Ken -
How to Protect mod_plsql DAD with SSO using SSL
Hi,
I am not able to set up any DAD with SSO using SSL. I have processed all issues depending on the Note:273379.1 "How to Protect mod_plsql DAD with SSO".
When I am not using ssl, my DAD with SSO will work properly.
But when I am using ssl, my DAD (http://host_name/pls/testsso) will redirect any page to SSO login through http (not through https).
Any ideas?
AS 10.1.2.0.2Did you run ossoreg.jar to update your osso.conf with the SSL entry for SSO ?
Maybe you are looking for
-
TS2972 cannot get home sharing to work appletv
I've completed all troubleshooting steps on apple support but still does not work. Just purchased and connected fine no issues. Then 2 days later just stopped. No workie!
-
Everything on phone went huge how can i sort it
everything on my i phone has went huge all the apps cant get into my phone can someone help
-
Write code for authentication of username and password using struts
write code for authentication of username and password using session using struts with jdbc connection..
-
Editing adobe form output in ECC screen
Hi all, I am creating adobe form in ECC. Then I can change its output in portal page. But I can not change the output in ECC screen. can you help me about this issue? Thank you for your interest,
-
JSPDynPage Multiple Messages in MessageBar?
How do I add multiple messages to a messagebar in a JSPDynpage? I know how to add a single message but not multiple messages. Code example is preferred. Thanks in advance.