HOWTO: Setting up Server-Side Authentication with SSL

Similar Messages

• Configure Sun Directory Server 6.3 with SSL in OIM 9.1.0.2

  Hi,
  I am using OIM 9.1.0.2. i want to Provision User to Directory Server 6.3 with SSL confiuration
  Can anyone tell me the steps for configuring the Certificate import, etc..
  followed SJSDS_904120 doc but there is no info for DSEE 6.3 in it.
  Regards,
  Praveen
  Edited by: Praveen on Feb 16, 2012 9:08 PM

  Well not sure about the exact clicks you need to do but the basic steps are that you export certificates from DS and then import it into the jdk which has OIM running. Look at the doc for SJDS6.3 about setting and exporting certs.
  -Bikash

• Server-side authentication for web services

  I was hoping to use Azure's server-side authentication for a HTML/JS web app. Some things are a bit unclear. For example, if a new user authenticates via Facebook, I want to create an associated record on the server-side and associate extra data with the
  user, irrespective of the service used to log in. If they log in again, I want the client to be able to get this extra data (eg preferences) from the server. On the back-end, I also want to be able to update particular fields of this record that the user cannot
  change themselves. I know how to go about this in a plain Node.js backend, but not sure how some of these basic things map to using Azure's services.

  Once the user logs in, you will have their information available to your server scripts. So one option is to use a custom API (or a Mobile Services Table) to insert/read/update the user data. You would protect this endpoint so that only logged-in users can
  access it, and then access the
  user object to obtain an ID an associate it in a table row. Lookups could be performed by similarly querying for the ID.
  In terms of some fields being restricted, you could remove these from the update request itself.
  Some pointers that might be helpful:
  http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-get-started-data/
  http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-call-custom-api/
  http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-authorize-users-in-scripts/

• Crystal Report LDAP authentication with SSL to Business Objects XI 3.1 SP3

  Hi,
  Here is the issue
  Business Objects XI 3.1 SP3
  Crystal report 2008
  LDAP is configured with SSL and working great within BO.
  In Crystal report 2008, enterprise authentication worked, but not LDAP with SSL, I got "Security plugin error: Failed to set parameters on plugin.
  If I try with LDAP with no SSL, everythingu2019s fine.  Do I have to setup something on the "workstation" side to be able to user LDAP with SSL ?
  *I already tried to disable firewall
  Thanks for your help

  Hi,
  check SAP Notes 1320510 and 1272536
  Hope that helps.
  Regards
  -Seb.

• Graphs not shown in EXCEL, when the reports server is secured with SSL

  We installed a SSL certificate on the reports server to run as https instead of http and the graphs in the reports stopped working for desformat=EXCEL. The graphs in the pdf output run fine.the version we are using is Oracle reports 10g

  Hi,
  I had similar kind of problem and see below for details.
  I am using Vertical bar charts in my RTF Tempalte and output format is EXCEL. When i am prevewing from BI Publisher desktop output it is showing the charts . When i Used same template and running in the server side(i.e oracle applications concurrent manager ) it is not showing the charts in the output. If i run the same template through oracle applications concurrent manager with PDF output it is showing charts in the output.
  Please share your thoughts/experiences/suggesition regarding this.
  If any help appreciated.
  Thanks,
  Dinesh

• Server Side Includes with .irpt pages

  I am intrested in using server side includes within my .irpt pages for example
  <!#INCLUDE FILE="file.inc">
  specifically inside of my applet tags to reference a standard set of parameters that I would like to be passed into my display templates.  Does xMII have a similar representation of server side includes for .irpt pages?

  It might make your head explode, but in a good way...
  Also, you'll need 11.5 or newer to run this. There are so incredibly many opportunities that this might open up for you to deliver not only static, but also dynamic embedded server-side content.
  There are many aspects of xMII that are largely untapped.  A few common ones are the ability of the Runner servlet (which invokes xMII BLS transactions) to stream virtually any type of content back to the requestor (XML, HTML, text, images, PDFs, Excel, whatever).
  The other feature that not too many people use is the ability to use an xMII BLS transaction as a "stylesheet".
  Lastly, there is the little-known "<SERVLET>" tag that can be used in IRPT pages.
  Put all these pieces together, and amazing things can be done.  The example I'm going to show you uses a BLS transaction, but it can also be done with an XSL stylesheet (if the desired included HTML is static).  But let's go for the cool approach...
  Let's assume you have some "stuff", such HTML page content, that you want included in a specific position on your web page.  Let's also assume that this "stuff" resides in a file accessible at http://localhost/MyInclude.html (the file extension doesn't really matter).
  Create a new BLS transaction with no inputs and an output of type String (the name of the output doesn't matter - but in our case, let's assume you name it HTMLOutput).  To workaround a cosmetic bug (which will be fixed in a future patch), you should also create a second output (doesn't matter what name or type) - so add one called "DummyOutput" of type String.  Not worth explaining why - just do it. 
  Next, add either a TextLoader or HTMLLoader action (in the Web group) to your transaction (they both do the same thing, actually - just different icons).  In the Output links tab, assign the StringContent of the loader action to the transaction output.  This basically accomplishes the loading and streaming of your included "stuff".
  Save this transaction.  Let's save it in a folder called CoolStuff, with the name IncludeTest.
  In your IRPT page, add the following code where you want the "stuff" to appear.
    <SERVLET NAME="Illuminator">
         <param name="Stylesheet" value="xacute://CoolStuff/IncludeTest" />
       <param name="OutputParameter" value="HTMLOutput" />
       <param name="Output-Content-Type" value="text/html" />
       <param name="Content-Type" value="text/html" />
    </SERVLET>
  Save the IRPT page, load it, and you're in business!
  You can probably already start to envision to possibilities for adding more sophisticated business logic to create "dynamically" embedded content in your IRPT pages...
  Best regards,
  Rick

• Server-Side Wins with Shared Maps

  We are using shared maps/publication items in our solution. Using this approach, the MGP process composes the set of publications items once for each group of users instead of once for each user. This helps a great deal in reducing MGP-compose times.
  What we are looking to implement however is server-side conflict resolution with shared maps. Oracle does not support this by deafult, so we were told write custom conflict resolution for this to work.
  As it stands now, we have written custom DML for the conflict resolution. However, in the apply-phase we are only given the group-id for the current sync user. What we need, however, is the client-id of the current sync user.
  Using the client-id, we can check to see if the client (and not the entire group) has any dirty records in the out-queue. If there are dirty records, then the server wins and the conflict-records are not applied.

  shared items have the same selection criteria for all users (ie: no data subsetting). Therefore the same data is composed and placed in the out queue for each user that is part of the group.
  I assume you are trying to check if there is a copy of the incoming record waiting to go to the the user, so you can compare the data on update. The problems you may have with this are
  1) data being present in the out queue (or not) depends as much on when the last compose ran, as the fact that the data has changed (can you hand on heart guarantee that the compose will have run if the user sends an update within a half an hour of the server being changed.
  2) the same record (because it is shared) may have been downloaded to a number of different clients. What will you do if they all send back updates?
  normally shared items are used for reference data (ie: static), but if you want to use them in this way it may be better to do your conflict tests against the actual underlying data, rather than what is stored in the MGP temporary tables. This will provide more consistent results as it does not rely on the timing of the compose process, and will be consistent for each user transaction
  You know which publication item is being processed. From mobileadmin.C$all_publications you can pick up the schema name, object name and template query. You can then use this to compare the current server data against the incoming data

• Server Side Includes with Server Behaviors

  Is it possible to include pages that have server behaviors attached to them, or are these behaviors limited to pulling in just plain html from the included pages?
  For example, I want two pages, index.php and login.php.
  I want the login.php page to have all of the user login behaviors/links/fields/buttons/etc. and then Include that on the index.php page. Am I supposed to be able to do this using ADDT server side includes?
  I've been successful using server side includes to include static text on a page, but not dynamic content with behaviors attached. I'm not sure if I'm just have a mistake, or if this won't work in the first place.
  thanks!

  Hi,
  this is generally possible, as the included files sure can have their own server hehaviours -- did that several times, where the "container" page had about no server behaviours embedded, but the included file did.
  ADDT´s server side includes will, loosely said, basically just "dynamically" strip the included document´s "head", but leave other components like server behaviours untouched
  Cheers,
  Günter Schenk
  Adobe Community Expert, Dreamweaver

• Server-side Trust with CryptoLib &/or 3rd party tool

  I have a new installtion:
  > BOE XI 3.1 SP2 (Solaris)
  > SAP Integration Kit
  Intend to enable server-side trust / SNC betw BOE and BW.
  Separately, BASIS just installed/config'd new standard tool (Quest's Vintela) on BW for SSO from SAP GUI clients to BW.  I notice some parms (such as snc/gssapi_lib) now are configured to Quest/Vintela libraries on BW.
  Possible to have both Vintela and CryptoLib co-exist/co-active on BW?  ... or is best approach (even forced / only approach) is to standardize on one? ... likely install Vintela on BOE and use Vintela for BOE-to-BW SNC?
  thx, Clay

  Hi Clay,
  I believe you're right, that they can't co-exist for use as SNC libraries.  I really don't have a complete understanding of how this all works, but I believe they can co-exist if the sapcrytolib is used for RFC that is not using SNC.  Maybe someone else can confirm, deny, or expand on that?
  Even though we (Quest) donu2019t always know the exact configuration options for each application that supports SNC, as a certified SNC interface it should always be possible to get things working in a fully supported manner.  If you would like to work with me on this directly I would be happy to help.  You can find my e-mail address under my business card.
  Thanks!
  Kyle

• Server side redirect with 4.5.1 and Netscape Enterprise Server

            Is it possible to have a servlet running under WL 4.5.1 to perform a server
            side redirect ala CGI?
            Here's my config:
            web server: Netscape Enterprise Server 3.6 on solaris, with weblogic
            plugin
            servlet runner: WL 4.5.1 on different host from ES.
            Here's what I want to happen:
            1) HTTP GET from browser to enterprise server
            2) forwarded by plugin to servlet
            3) servlet logs some activity to an application log file, and sends a
            server side redirect to enterprise server
            4) Enterprise server returns the file identified by the rediect directly
            to the client.
            This is possible with enterprise server and CGI, because the ES CGI code
            checks the return stream from the CGI program for "Location: <some url>". If
            it see's that, it tries to locally resolve that URL as the client had asked
            directly for that URL. I think this would only be possible with WL if the WL
            NSAPI plug in supported a server side redirect feature. Anyone know status
            of that? Or might ES support something like this depending on the order of
            the objects in obj.conf?
            Here's what I've tried in the servlet:
            res.setHeader("Location:", location);
            res.setContentType("magnus-internal/redirect");
            res.setStatus(302);
            This just sends an HTTP tempoary new location to the client for a client
            side redirect. Client side redirect is not desirable because it doubles the
            HTTP traffic.
            Another option would be to read the file I want to redirect to from inside
            the servlet and return it from the servlet, but that is not desirable
            because I want to have ES serve the file - thats it's job, it caches, less
            network traffic (between our servers), etc.
            Server side redirect is very useful feature and not that uncommon for web
            applications, so if WL does not support it now, I will probably put in a new
            feature request.
            Thanks for your help
            Mark Johnson.
            

  Why not just use the proxy servlet to redirect to your netscape server? That
            does it on the server side!
            -russell
            Mark Johnson wrote:
            > I belive that sendRedirect performs a client side rediret, not a server
            > side redirect.
            >
            > Guy Tal <[email protected]> wrote in message
            > news:[email protected]...
            > > public void doGet(HttpServletRequest req, HttpServletResponse res) ...
            > > ...
            > > res.sendRedirect("http://destination");
            > > ...
            > >
            > > Guy
            > >
            > > Mark Johnson <[email protected]> wrote:
            > >
            > > > Is it possible to have a servlet running under WL 4.5.1 to perform a
            > server
            > > > side redirect ala CGI?
            > >
            > > > Here's my config:
            > > > web server: Netscape Enterprise Server 3.6 on solaris, with weblogic
            > > > plugin
            > > > servlet runner: WL 4.5.1 on different host from ES.
            > >
            > > > Here's what I want to happen:
            > > > 1) HTTP GET from browser to enterprise server
            > > > 2) forwarded by plugin to servlet
            > > > 3) servlet logs some activity to an application log file, and sends
            > a
            > > > server side redirect to enterprise server
            > > > 4) Enterprise server returns the file identified by the rediect
            > directly
            > > > to the client.
            > >
            > > > This is possible with enterprise server and CGI, because the ES CGI code
            > > > checks the return stream from the CGI program for "Location: <some
            > url>". If
            > > > it see's that, it tries to locally resolve that URL as the client had
            > asked
            > > > directly for that URL. I think this would only be possible with WL if
            > the WL
            > > > NSAPI plug in supported a server side redirect feature. Anyone know
            > status
            > > > of that? Or might ES support something like this depending on the order
            > of
            > > > the objects in obj.conf?
            > >
            > > > Here's what I've tried in the servlet:
            > > > res.setHeader("Location:", location);
            > > > res.setContentType("magnus-internal/redirect");
            > > > res.setStatus(302);
            > >
            > > > This just sends an HTTP tempoary new location to the client for a client
            > > > side redirect. Client side redirect is not desirable because it doubles
            > the
            > > > HTTP traffic.
            > >
            > > > Another option would be to read the file I want to redirect to from
            > inside
            > > > the servlet and return it from the servlet, but that is not desirable
            > > > because I want to have ES serve the file - thats it's job, it caches,
            > less
            > > > network traffic (between our servers), etc.
            > >
            > > > Server side redirect is very useful feature and not that uncommon for
            > web
            > > > applications, so if WL does not support it now, I will probably put in a
            > new
            > > > feature request.
            > >
            > >
            > > > Thanks for your help
            > >
            > > > Mark Johnson.
            > >
            > >
            > >
            > >
            > >
            > >
            > >
            > >
            Russell Castagnaro
            Chief Mentor
            SyncTank Solutions
            http://www.synctank.com
            Earth is the cradle of mankind; one does not remain in the cradle forever
            -Tsiolkovsky
            

• Application Server 10g installation with SSL

  Hello,
  I'm planning to install the new 10g application server on a Red Hat Linux. I need the infrastructure and the middle tier components to work on SSL. Anybody has installed and configured the 10g with SSL? Is it as difficult and time consuming as in the 9iASR2? Is there any guide to do that?
  thanks.

  Pls refer to "Oracle Application Server 10g Administrator's Guide", Chapter 1.6 for more information on how to configure in SSL mode. By default SSL us not configured in 10g.

• Server side includes with htp package

  I have a few procedures that call the htp package and generate dynamic web pages, however the server side includes are being treated as comments; they are not interpreted correctly and hence are not reading the associated file.
  Has anyone encountered this before and found a solution?

  I have a few procedures that call the htp package and generate dynamic web pages, however the server side includes are being treated as comments; they are not interpreted correctly and hence are not reading the associated file.
  Has anyone encountered this before and found a solution?

• Certificate based authentication with SSL load balancer

  I've been asked to implement certificate-based authentication (CBA)
  on a weblogic cluster serving up web services. I've read through
  Chapter 10 (security) and understand the "Identity Assertion" concept.
  Environment:
  Weblogic 8.1 cluster fronted by a load-balancer that handles SSL and
  uses sticky-sessions.
  Question:
  If the load balancer is used to handle SSL, do I still need to turn
  on SSL on the weblogic cluster in order to use CBA? Is there another
  way to request the client's certificate?
  If the above is yes, what is the minnimal level of SSL? Does it have
  to be two-way?
  If SSL has to be turned on is there any reason to use the load
  balancer's SSL? Is there still a performance benefit?

  I think the simplest and most secure way is to have the servers configured for
  2-way ssl, since this would ensure that the certificate they receive and use for
  authentication has been validated during the ssl handshake. In this case the load
  balancer itself does not need to and cannot do the handshaking, and would need
  to pass the entire SSL connection through to the WLS server (ie: act similar to
  a router)
  Pavel.
  "George Coller" <[email protected]> wrote:
  >
  I've been asked to implement certificate-based authentication (CBA)
  on a weblogic cluster serving up web services. I've read through
  Chapter 10 (security) and understand the "Identity Assertion" concept.
  Environment:
  Weblogic 8.1 cluster fronted by a load-balancer that handles SSL and
  uses sticky-sessions.
  Question:
  If the load balancer is used to handle SSL, do I still need to turn
  on SSL on the weblogic cluster in order to use CBA? Is there another
  way to request the client's certificate?
  If the above is yes, what is the minnimal level of SSL? Does it have
  to be two-way?
  If SSL has to be turned on is there any reason to use the load
  balancer's SSL? Is there still a performance benefit?

• Imapd on personal debian server (uw-imapd) with ssl -- failing account setup

  Hello,
  I have a self-signed SSL uw-imapd server to which I am trying to connect my Pre.  I have already (I believe) passed the self-signed SSL issue by installing the self-signed certificate on my Pre.  I am now gettnig a "Your username or password is not correct" message.  I am wondering whether anyone else is trying to do this and whether there is anything simple anyone has tried or done to get around this.  Does anyone else have experience with this kind of issue?
  Thanks!
  Gene
  Post relates to: Pre p100eww (Sprint)

  I don't know what's happening, and don't see any troubleshooting details for GMail Mail Fetcher posted.
  Contact Google Support?
  You can verify the certificate being presented with the following command-line command:
  openssl s_client -connect yourhost.example.com:995
  995 is POP via SSL/TLS.  Use 993 for IMAP via SSL/TLS.  That'll show what certificate was obtained, and related details.

• ACS Server MAC Authentication with Windows Database

  Has anyone setup an ACS Server 3.2 for MAC authentication using Windows as the authentication. The documentation I found shows how to set it up using the CiscoSecure database. Any help would be appreciated.

  Here is the link for setting up MAC authentication using CisoSecure database. There may not be a solution for my setup, but maybe I'll keep hacking away at it and find a resolution.
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_white_paper09186a00800b3d27.shtml